diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/_meta.json b/sdk/securityinsight/azure-mgmt-securityinsight/_meta.json index 3328f3c83b20..9ce411858d3a 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/_meta.json +++ b/sdk/securityinsight/azure-mgmt-securityinsight/_meta.json @@ -1,11 +1,11 @@ { - "autorest": "3.7.2", + "autorest": "3.8.4", "use": [ - "@autorest/python@5.16.0", - "@autorest/modelerfour@4.19.3" + "@autorest/python@6.1.4", + "@autorest/modelerfour@4.23.5" ], - "commit": "8c2258114e565bb041dcb25a761acb965a4870e7", + "commit": "81544271e72ed5ac6d6cff4a748bb0f41ffe8de9", "repository_url": "https://github.com/Azure/azure-rest-api-specs", - "autorest_command": "autorest specification/securityinsights/resource-manager/readme.md --python --python-sdks-folder=/home/vsts/work/1/azure-sdk-for-python/sdk --python3-only --tag=package-2021-10 --use=@autorest/python@5.16.0 --use=@autorest/modelerfour@4.19.3 --version=3.7.2", + "autorest_command": "autorest specification/securityinsights/resource-manager/readme.md --python --python-sdks-folder=/mnt/vss/_work/1/s/azure-sdk-for-python/sdk --use=@autorest/python@6.1.4 --use=@autorest/modelerfour@4.23.5 --version=3.8.4 --version-tolerant=False", "readme": "specification/securityinsights/resource-manager/readme.md" } \ No newline at end of file diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/__init__.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/__init__.py index ff5c675cf1b3..e4e61752e108 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/__init__.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/__init__.py @@ -17,7 +17,8 @@ except ImportError: _patch_all = [] from ._patch import patch_sdk as _patch_sdk -__all__ = ['SecurityInsights'] + +__all__ = ["SecurityInsights"] __all__.extend([p for p in _patch_all if p not in __all__]) _patch_sdk() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_configuration.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_configuration.py index d75860b3b116..ecbee99313d0 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_configuration.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_configuration.py @@ -25,23 +25,18 @@ class SecurityInsightsConfiguration(Configuration): # pylint: disable=too-many- Note that all parameters used to create this instance are saved as instance attributes. - :param credential: Credential needed for the client to connect to Azure. + :param credential: Credential needed for the client to connect to Azure. Required. :type credential: ~azure.core.credentials.TokenCredential - :param subscription_id: The ID of the target subscription. + :param subscription_id: The ID of the target subscription. Required. :type subscription_id: str - :keyword api_version: Api Version. Default value is "2021-10-01". Note that overriding this - default value may result in unsupported behavior. + :keyword api_version: Api Version. Default value is "2022-09-01-preview". Note that overriding + this default value may result in unsupported behavior. :paramtype api_version: str """ - def __init__( - self, - credential: "TokenCredential", - subscription_id: str, - **kwargs: Any - ) -> None: + def __init__(self, credential: "TokenCredential", subscription_id: str, **kwargs: Any) -> None: super(SecurityInsightsConfiguration, self).__init__(**kwargs) - api_version = kwargs.pop('api_version', "2021-10-01") # type: str + api_version = kwargs.pop("api_version", "2022-09-01-preview") # type: str if credential is None: raise ValueError("Parameter 'credential' must not be None.") @@ -51,23 +46,24 @@ def __init__( self.credential = credential self.subscription_id = subscription_id self.api_version = api_version - self.credential_scopes = kwargs.pop('credential_scopes', ['https://management.azure.com/.default']) - kwargs.setdefault('sdk_moniker', 'mgmt-securityinsight/{}'.format(VERSION)) + self.credential_scopes = kwargs.pop("credential_scopes", ["https://management.azure.com/.default"]) + kwargs.setdefault("sdk_moniker", "mgmt-securityinsight/{}".format(VERSION)) self._configure(**kwargs) def _configure( - self, - **kwargs # type: Any + self, **kwargs # type: Any ): # type: (...) -> None - self.user_agent_policy = kwargs.get('user_agent_policy') or policies.UserAgentPolicy(**kwargs) - self.headers_policy = kwargs.get('headers_policy') or policies.HeadersPolicy(**kwargs) - self.proxy_policy = kwargs.get('proxy_policy') or policies.ProxyPolicy(**kwargs) - self.logging_policy = kwargs.get('logging_policy') or policies.NetworkTraceLoggingPolicy(**kwargs) - self.http_logging_policy = kwargs.get('http_logging_policy') or ARMHttpLoggingPolicy(**kwargs) - self.retry_policy = kwargs.get('retry_policy') or policies.RetryPolicy(**kwargs) - self.custom_hook_policy = kwargs.get('custom_hook_policy') or policies.CustomHookPolicy(**kwargs) - self.redirect_policy = kwargs.get('redirect_policy') or policies.RedirectPolicy(**kwargs) - self.authentication_policy = kwargs.get('authentication_policy') + self.user_agent_policy = kwargs.get("user_agent_policy") or policies.UserAgentPolicy(**kwargs) + self.headers_policy = kwargs.get("headers_policy") or policies.HeadersPolicy(**kwargs) + self.proxy_policy = kwargs.get("proxy_policy") or policies.ProxyPolicy(**kwargs) + self.logging_policy = kwargs.get("logging_policy") or policies.NetworkTraceLoggingPolicy(**kwargs) + self.http_logging_policy = kwargs.get("http_logging_policy") or ARMHttpLoggingPolicy(**kwargs) + self.retry_policy = kwargs.get("retry_policy") or policies.RetryPolicy(**kwargs) + self.custom_hook_policy = kwargs.get("custom_hook_policy") or policies.CustomHookPolicy(**kwargs) + self.redirect_policy = kwargs.get("redirect_policy") or policies.RedirectPolicy(**kwargs) + self.authentication_policy = kwargs.get("authentication_policy") if self.credential and not self.authentication_policy: - self.authentication_policy = ARMChallengeAuthenticationPolicy(self.credential, *self.credential_scopes, **kwargs) + self.authentication_policy = ARMChallengeAuthenticationPolicy( + self.credential, *self.credential_scopes, **kwargs + ) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_patch.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_patch.py index 74e48ecd07cf..f99e77fef986 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_patch.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_patch.py @@ -28,4 +28,4 @@ # This file is used for handwritten extensions to the generated code. Example: # https://github.com/Azure/azure-sdk-for-python/blob/main/doc/dev/customize_code/how-to-patch-sdk-code.md def patch_sdk(): - pass \ No newline at end of file + pass diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_security_insights.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_security_insights.py index 9b7a24691c9e..c5301c13be5b 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_security_insights.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_security_insights.py @@ -9,28 +9,114 @@ from copy import deepcopy from typing import Any, TYPE_CHECKING -from msrest import Deserializer, Serializer - from azure.core.rest import HttpRequest, HttpResponse from azure.mgmt.core import ARMPipelineClient from . import models from ._configuration import SecurityInsightsConfiguration -from .operations import ActionsOperations, AlertRuleTemplatesOperations, AlertRulesOperations, AutomationRulesOperations, BookmarksOperations, DataConnectorsOperations, IncidentCommentsOperations, IncidentRelationsOperations, IncidentsOperations, Operations, SentinelOnboardingStatesOperations, ThreatIntelligenceIndicatorMetricsOperations, ThreatIntelligenceIndicatorOperations, ThreatIntelligenceIndicatorsOperations, WatchlistItemsOperations, WatchlistsOperations +from ._serialization import Deserializer, Serializer +from .operations import ( + ActionsOperations, + AlertRuleTemplatesOperations, + AlertRulesOperations, + AutomationRulesOperations, + BookmarkOperations, + BookmarkRelationsOperations, + BookmarksOperations, + DataConnectorsCheckRequirementsOperations, + DataConnectorsOperations, + DomainWhoisOperations, + EntitiesGetTimelineOperations, + EntitiesOperations, + EntitiesRelationsOperations, + EntityQueriesOperations, + EntityQueryTemplatesOperations, + EntityRelationsOperations, + FileImportsOperations, + IPGeodataOperations, + IncidentCommentsOperations, + IncidentRelationsOperations, + IncidentsOperations, + MetadataOperations, + OfficeConsentsOperations, + Operations, + ProductSettingsOperations, + SecurityMLAnalyticsSettingsOperations, + SentinelOnboardingStatesOperations, + SourceControlOperations, + SourceControlsOperations, + ThreatIntelligenceIndicatorMetricsOperations, + ThreatIntelligenceIndicatorOperations, + ThreatIntelligenceIndicatorsOperations, + WatchlistItemsOperations, + WatchlistsOperations, +) if TYPE_CHECKING: # pylint: disable=unused-import,ungrouped-imports from azure.core.credentials import TokenCredential -class SecurityInsights: # pylint: disable=too-many-instance-attributes + +class SecurityInsights: # pylint: disable=client-accepts-api-version-keyword,too-many-instance-attributes """API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider. + :ivar alert_rules: AlertRulesOperations operations + :vartype alert_rules: azure.mgmt.securityinsight.operations.AlertRulesOperations + :ivar actions: ActionsOperations operations + :vartype actions: azure.mgmt.securityinsight.operations.ActionsOperations + :ivar alert_rule_templates: AlertRuleTemplatesOperations operations + :vartype alert_rule_templates: + azure.mgmt.securityinsight.operations.AlertRuleTemplatesOperations + :ivar automation_rules: AutomationRulesOperations operations + :vartype automation_rules: azure.mgmt.securityinsight.operations.AutomationRulesOperations :ivar incidents: IncidentsOperations operations :vartype incidents: azure.mgmt.securityinsight.operations.IncidentsOperations + :ivar bookmarks: BookmarksOperations operations + :vartype bookmarks: azure.mgmt.securityinsight.operations.BookmarksOperations + :ivar bookmark_relations: BookmarkRelationsOperations operations + :vartype bookmark_relations: azure.mgmt.securityinsight.operations.BookmarkRelationsOperations + :ivar bookmark: BookmarkOperations operations + :vartype bookmark: azure.mgmt.securityinsight.operations.BookmarkOperations + :ivar ip_geodata: IPGeodataOperations operations + :vartype ip_geodata: azure.mgmt.securityinsight.operations.IPGeodataOperations + :ivar domain_whois: DomainWhoisOperations operations + :vartype domain_whois: azure.mgmt.securityinsight.operations.DomainWhoisOperations + :ivar entities: EntitiesOperations operations + :vartype entities: azure.mgmt.securityinsight.operations.EntitiesOperations + :ivar entities_get_timeline: EntitiesGetTimelineOperations operations + :vartype entities_get_timeline: + azure.mgmt.securityinsight.operations.EntitiesGetTimelineOperations + :ivar entities_relations: EntitiesRelationsOperations operations + :vartype entities_relations: azure.mgmt.securityinsight.operations.EntitiesRelationsOperations + :ivar entity_relations: EntityRelationsOperations operations + :vartype entity_relations: azure.mgmt.securityinsight.operations.EntityRelationsOperations + :ivar entity_queries: EntityQueriesOperations operations + :vartype entity_queries: azure.mgmt.securityinsight.operations.EntityQueriesOperations + :ivar entity_query_templates: EntityQueryTemplatesOperations operations + :vartype entity_query_templates: + azure.mgmt.securityinsight.operations.EntityQueryTemplatesOperations + :ivar file_imports: FileImportsOperations operations + :vartype file_imports: azure.mgmt.securityinsight.operations.FileImportsOperations :ivar incident_comments: IncidentCommentsOperations operations :vartype incident_comments: azure.mgmt.securityinsight.operations.IncidentCommentsOperations :ivar incident_relations: IncidentRelationsOperations operations :vartype incident_relations: azure.mgmt.securityinsight.operations.IncidentRelationsOperations + :ivar metadata: MetadataOperations operations + :vartype metadata: azure.mgmt.securityinsight.operations.MetadataOperations + :ivar office_consents: OfficeConsentsOperations operations + :vartype office_consents: azure.mgmt.securityinsight.operations.OfficeConsentsOperations + :ivar sentinel_onboarding_states: SentinelOnboardingStatesOperations operations + :vartype sentinel_onboarding_states: + azure.mgmt.securityinsight.operations.SentinelOnboardingStatesOperations + :ivar security_ml_analytics_settings: SecurityMLAnalyticsSettingsOperations operations + :vartype security_ml_analytics_settings: + azure.mgmt.securityinsight.operations.SecurityMLAnalyticsSettingsOperations + :ivar product_settings: ProductSettingsOperations operations + :vartype product_settings: azure.mgmt.securityinsight.operations.ProductSettingsOperations + :ivar source_control: SourceControlOperations operations + :vartype source_control: azure.mgmt.securityinsight.operations.SourceControlOperations + :ivar source_controls: SourceControlsOperations operations + :vartype source_controls: azure.mgmt.securityinsight.operations.SourceControlsOperations :ivar threat_intelligence_indicator: ThreatIntelligenceIndicatorOperations operations :vartype threat_intelligence_indicator: azure.mgmt.securityinsight.operations.ThreatIntelligenceIndicatorOperations @@ -45,33 +131,24 @@ class SecurityInsights: # pylint: disable=too-many-instance-attributes :vartype watchlists: azure.mgmt.securityinsight.operations.WatchlistsOperations :ivar watchlist_items: WatchlistItemsOperations operations :vartype watchlist_items: azure.mgmt.securityinsight.operations.WatchlistItemsOperations - :ivar operations: Operations operations - :vartype operations: azure.mgmt.securityinsight.operations.Operations - :ivar sentinel_onboarding_states: SentinelOnboardingStatesOperations operations - :vartype sentinel_onboarding_states: - azure.mgmt.securityinsight.operations.SentinelOnboardingStatesOperations - :ivar alert_rules: AlertRulesOperations operations - :vartype alert_rules: azure.mgmt.securityinsight.operations.AlertRulesOperations - :ivar actions: ActionsOperations operations - :vartype actions: azure.mgmt.securityinsight.operations.ActionsOperations - :ivar alert_rule_templates: AlertRuleTemplatesOperations operations - :vartype alert_rule_templates: - azure.mgmt.securityinsight.operations.AlertRuleTemplatesOperations - :ivar bookmarks: BookmarksOperations operations - :vartype bookmarks: azure.mgmt.securityinsight.operations.BookmarksOperations :ivar data_connectors: DataConnectorsOperations operations :vartype data_connectors: azure.mgmt.securityinsight.operations.DataConnectorsOperations - :ivar automation_rules: AutomationRulesOperations operations - :vartype automation_rules: azure.mgmt.securityinsight.operations.AutomationRulesOperations - :param credential: Credential needed for the client to connect to Azure. + :ivar data_connectors_check_requirements: DataConnectorsCheckRequirementsOperations operations + :vartype data_connectors_check_requirements: + azure.mgmt.securityinsight.operations.DataConnectorsCheckRequirementsOperations + :ivar operations: Operations operations + :vartype operations: azure.mgmt.securityinsight.operations.Operations + :param credential: Credential needed for the client to connect to Azure. Required. :type credential: ~azure.core.credentials.TokenCredential - :param subscription_id: The ID of the target subscription. + :param subscription_id: The ID of the target subscription. Required. :type subscription_id: str :param base_url: Service URL. Default value is "https://management.azure.com". :type base_url: str - :keyword api_version: Api Version. Default value is "2021-10-01". Note that overriding this - default value may result in unsupported behavior. + :keyword api_version: Api Version. Default value is "2022-09-01-preview". Note that overriding + this default value may result in unsupported behavior. :paramtype api_version: str + :keyword int polling_interval: Default waiting time between two polls for LRO operations if no + Retry-After header is present. """ def __init__( @@ -88,61 +165,74 @@ def __init__( self._serialize = Serializer(client_models) self._deserialize = Deserializer(client_models) self._serialize.client_side_validation = False - self.incidents = IncidentsOperations( + self.alert_rules = AlertRulesOperations(self._client, self._config, self._serialize, self._deserialize) + self.actions = ActionsOperations(self._client, self._config, self._serialize, self._deserialize) + self.alert_rule_templates = AlertRuleTemplatesOperations( self._client, self._config, self._serialize, self._deserialize ) - self.incident_comments = IncidentCommentsOperations( + self.automation_rules = AutomationRulesOperations( self._client, self._config, self._serialize, self._deserialize ) - self.incident_relations = IncidentRelationsOperations( + self.incidents = IncidentsOperations(self._client, self._config, self._serialize, self._deserialize) + self.bookmarks = BookmarksOperations(self._client, self._config, self._serialize, self._deserialize) + self.bookmark_relations = BookmarkRelationsOperations( self._client, self._config, self._serialize, self._deserialize ) - self.threat_intelligence_indicator = ThreatIntelligenceIndicatorOperations( + self.bookmark = BookmarkOperations(self._client, self._config, self._serialize, self._deserialize) + self.ip_geodata = IPGeodataOperations(self._client, self._config, self._serialize, self._deserialize) + self.domain_whois = DomainWhoisOperations(self._client, self._config, self._serialize, self._deserialize) + self.entities = EntitiesOperations(self._client, self._config, self._serialize, self._deserialize) + self.entities_get_timeline = EntitiesGetTimelineOperations( self._client, self._config, self._serialize, self._deserialize ) - self.threat_intelligence_indicators = ThreatIntelligenceIndicatorsOperations( + self.entities_relations = EntitiesRelationsOperations( self._client, self._config, self._serialize, self._deserialize ) - self.threat_intelligence_indicator_metrics = ThreatIntelligenceIndicatorMetricsOperations( + self.entity_relations = EntityRelationsOperations( self._client, self._config, self._serialize, self._deserialize ) - self.watchlists = WatchlistsOperations( + self.entity_queries = EntityQueriesOperations(self._client, self._config, self._serialize, self._deserialize) + self.entity_query_templates = EntityQueryTemplatesOperations( self._client, self._config, self._serialize, self._deserialize ) - self.watchlist_items = WatchlistItemsOperations( + self.file_imports = FileImportsOperations(self._client, self._config, self._serialize, self._deserialize) + self.incident_comments = IncidentCommentsOperations( self._client, self._config, self._serialize, self._deserialize ) - self.operations = Operations( + self.incident_relations = IncidentRelationsOperations( self._client, self._config, self._serialize, self._deserialize ) + self.metadata = MetadataOperations(self._client, self._config, self._serialize, self._deserialize) + self.office_consents = OfficeConsentsOperations(self._client, self._config, self._serialize, self._deserialize) self.sentinel_onboarding_states = SentinelOnboardingStatesOperations( self._client, self._config, self._serialize, self._deserialize ) - self.alert_rules = AlertRulesOperations( + self.security_ml_analytics_settings = SecurityMLAnalyticsSettingsOperations( self._client, self._config, self._serialize, self._deserialize ) - self.actions = ActionsOperations( + self.product_settings = ProductSettingsOperations( self._client, self._config, self._serialize, self._deserialize ) - self.alert_rule_templates = AlertRuleTemplatesOperations( + self.source_control = SourceControlOperations(self._client, self._config, self._serialize, self._deserialize) + self.source_controls = SourceControlsOperations(self._client, self._config, self._serialize, self._deserialize) + self.threat_intelligence_indicator = ThreatIntelligenceIndicatorOperations( self._client, self._config, self._serialize, self._deserialize ) - self.bookmarks = BookmarksOperations( + self.threat_intelligence_indicators = ThreatIntelligenceIndicatorsOperations( self._client, self._config, self._serialize, self._deserialize ) - self.data_connectors = DataConnectorsOperations( + self.threat_intelligence_indicator_metrics = ThreatIntelligenceIndicatorMetricsOperations( self._client, self._config, self._serialize, self._deserialize ) - self.automation_rules = AutomationRulesOperations( + self.watchlists = WatchlistsOperations(self._client, self._config, self._serialize, self._deserialize) + self.watchlist_items = WatchlistItemsOperations(self._client, self._config, self._serialize, self._deserialize) + self.data_connectors = DataConnectorsOperations(self._client, self._config, self._serialize, self._deserialize) + self.data_connectors_check_requirements = DataConnectorsCheckRequirementsOperations( self._client, self._config, self._serialize, self._deserialize ) + self.operations = Operations(self._client, self._config, self._serialize, self._deserialize) - - def _send_request( - self, - request: HttpRequest, - **kwargs: Any - ) -> HttpResponse: + def _send_request(self, request: HttpRequest, **kwargs: Any) -> HttpResponse: """Runs the network request through the client's chained policies. >>> from azure.core.rest import HttpRequest @@ -151,7 +241,7 @@ def _send_request( >>> response = client._send_request(request) - For more information on this code flow, see https://aka.ms/azsdk/python/protocol/quickstart + For more information on this code flow, see https://aka.ms/azsdk/dpcodegen/python/send_request :param request: The network request you want to make. Required. :type request: ~azure.core.rest.HttpRequest diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_serialization.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_serialization.py new file mode 100644 index 000000000000..7c1dedb5133d --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_serialization.py @@ -0,0 +1,1970 @@ +# -------------------------------------------------------------------------- +# +# Copyright (c) Microsoft Corporation. All rights reserved. +# +# The MIT License (MIT) +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the ""Software""), to +# deal in the Software without restriction, including without limitation the +# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +# sell copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED *AS IS*, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS +# IN THE SOFTWARE. +# +# -------------------------------------------------------------------------- + +# pylint: skip-file + +from base64 import b64decode, b64encode +import calendar +import datetime +import decimal +import email +from enum import Enum +import json +import logging +import re +import sys +import codecs + +try: + from urllib import quote # type: ignore +except ImportError: + from urllib.parse import quote # type: ignore +import xml.etree.ElementTree as ET + +import isodate + +from typing import Dict, Any, cast, TYPE_CHECKING + +from azure.core.exceptions import DeserializationError, SerializationError, raise_with_traceback + +_BOM = codecs.BOM_UTF8.decode(encoding="utf-8") + +if TYPE_CHECKING: + from typing import Optional, Union, AnyStr, IO, Mapping + + +class RawDeserializer: + + # Accept "text" because we're open minded people... + JSON_REGEXP = re.compile(r"^(application|text)/([a-z+.]+\+)?json$") + + # Name used in context + CONTEXT_NAME = "deserialized_data" + + @classmethod + def deserialize_from_text(cls, data, content_type=None): + # type: (Optional[Union[AnyStr, IO]], Optional[str]) -> Any + """Decode data according to content-type. + + Accept a stream of data as well, but will be load at once in memory for now. + + If no content-type, will return the string version (not bytes, not stream) + + :param data: Input, could be bytes or stream (will be decoded with UTF8) or text + :type data: str or bytes or IO + :param str content_type: The content type. + """ + if hasattr(data, "read"): + # Assume a stream + data = cast(IO, data).read() + + if isinstance(data, bytes): + data_as_str = data.decode(encoding="utf-8-sig") + else: + # Explain to mypy the correct type. + data_as_str = cast(str, data) + + # Remove Byte Order Mark if present in string + data_as_str = data_as_str.lstrip(_BOM) + + if content_type is None: + return data + + if cls.JSON_REGEXP.match(content_type): + try: + return json.loads(data_as_str) + except ValueError as err: + raise DeserializationError("JSON is invalid: {}".format(err), err) + elif "xml" in (content_type or []): + try: + + try: + if isinstance(data, unicode): # type: ignore + # If I'm Python 2.7 and unicode XML will scream if I try a "fromstring" on unicode string + data_as_str = data_as_str.encode(encoding="utf-8") # type: ignore + except NameError: + pass + + return ET.fromstring(data_as_str) # nosec + except ET.ParseError: + # It might be because the server has an issue, and returned JSON with + # content-type XML.... + # So let's try a JSON load, and if it's still broken + # let's flow the initial exception + def _json_attemp(data): + try: + return True, json.loads(data) + except ValueError: + return False, None # Don't care about this one + + success, json_result = _json_attemp(data) + if success: + return json_result + # If i'm here, it's not JSON, it's not XML, let's scream + # and raise the last context in this block (the XML exception) + # The function hack is because Py2.7 messes up with exception + # context otherwise. + _LOGGER.critical("Wasn't XML not JSON, failing") + raise_with_traceback(DeserializationError, "XML is invalid") + raise DeserializationError("Cannot deserialize content-type: {}".format(content_type)) + + @classmethod + def deserialize_from_http_generics(cls, body_bytes, headers): + # type: (Optional[Union[AnyStr, IO]], Mapping) -> Any + """Deserialize from HTTP response. + + Use bytes and headers to NOT use any requests/aiohttp or whatever + specific implementation. + Headers will tested for "content-type" + """ + # Try to use content-type from headers if available + content_type = None + if "content-type" in headers: + content_type = headers["content-type"].split(";")[0].strip().lower() + # Ouch, this server did not declare what it sent... + # Let's guess it's JSON... + # Also, since Autorest was considering that an empty body was a valid JSON, + # need that test as well.... + else: + content_type = "application/json" + + if body_bytes: + return cls.deserialize_from_text(body_bytes, content_type) + return None + + +try: + basestring # type: ignore + unicode_str = unicode # type: ignore +except NameError: + basestring = str # type: ignore + unicode_str = str # type: ignore + +_LOGGER = logging.getLogger(__name__) + +try: + _long_type = long # type: ignore +except NameError: + _long_type = int + + +class UTC(datetime.tzinfo): + """Time Zone info for handling UTC""" + + def utcoffset(self, dt): + """UTF offset for UTC is 0.""" + return datetime.timedelta(0) + + def tzname(self, dt): + """Timestamp representation.""" + return "Z" + + def dst(self, dt): + """No daylight saving for UTC.""" + return datetime.timedelta(hours=1) + + +try: + from datetime import timezone as _FixedOffset +except ImportError: # Python 2.7 + + class _FixedOffset(datetime.tzinfo): # type: ignore + """Fixed offset in minutes east from UTC. + Copy/pasted from Python doc + :param datetime.timedelta offset: offset in timedelta format + """ + + def __init__(self, offset): + self.__offset = offset + + def utcoffset(self, dt): + return self.__offset + + def tzname(self, dt): + return str(self.__offset.total_seconds() / 3600) + + def __repr__(self): + return "".format(self.tzname(None)) + + def dst(self, dt): + return datetime.timedelta(0) + + def __getinitargs__(self): + return (self.__offset,) + + +try: + from datetime import timezone + + TZ_UTC = timezone.utc # type: ignore +except ImportError: + TZ_UTC = UTC() # type: ignore + +_FLATTEN = re.compile(r"(? y, + "minimum": lambda x, y: x < y, + "maximum": lambda x, y: x > y, + "minimum_ex": lambda x, y: x <= y, + "maximum_ex": lambda x, y: x >= y, + "min_items": lambda x, y: len(x) < y, + "max_items": lambda x, y: len(x) > y, + "pattern": lambda x, y: not re.match(y, x, re.UNICODE), + "unique": lambda x, y: len(x) != len(set(x)), + "multiple": lambda x, y: x % y != 0, + } + + def __init__(self, classes=None): + self.serialize_type = { + "iso-8601": Serializer.serialize_iso, + "rfc-1123": Serializer.serialize_rfc, + "unix-time": Serializer.serialize_unix, + "duration": Serializer.serialize_duration, + "date": Serializer.serialize_date, + "time": Serializer.serialize_time, + "decimal": Serializer.serialize_decimal, + "long": Serializer.serialize_long, + "bytearray": Serializer.serialize_bytearray, + "base64": Serializer.serialize_base64, + "object": self.serialize_object, + "[]": self.serialize_iter, + "{}": self.serialize_dict, + } + self.dependencies = dict(classes) if classes else {} + self.key_transformer = full_restapi_key_transformer + self.client_side_validation = True + + def _serialize(self, target_obj, data_type=None, **kwargs): + """Serialize data into a string according to type. + + :param target_obj: The data to be serialized. + :param str data_type: The type to be serialized from. + :rtype: str, dict + :raises: SerializationError if serialization fails. + """ + key_transformer = kwargs.get("key_transformer", self.key_transformer) + keep_readonly = kwargs.get("keep_readonly", False) + if target_obj is None: + return None + + attr_name = None + class_name = target_obj.__class__.__name__ + + if data_type: + return self.serialize_data(target_obj, data_type, **kwargs) + + if not hasattr(target_obj, "_attribute_map"): + data_type = type(target_obj).__name__ + if data_type in self.basic_types.values(): + return self.serialize_data(target_obj, data_type, **kwargs) + + # Force "is_xml" kwargs if we detect a XML model + try: + is_xml_model_serialization = kwargs["is_xml"] + except KeyError: + is_xml_model_serialization = kwargs.setdefault("is_xml", target_obj.is_xml_model()) + + serialized = {} + if is_xml_model_serialization: + serialized = target_obj._create_xml_node() + try: + attributes = target_obj._attribute_map + for attr, attr_desc in attributes.items(): + attr_name = attr + if not keep_readonly and target_obj._validation.get(attr_name, {}).get("readonly", False): + continue + + if attr_name == "additional_properties" and attr_desc["key"] == "": + if target_obj.additional_properties is not None: + serialized.update(target_obj.additional_properties) + continue + try: + + orig_attr = getattr(target_obj, attr) + if is_xml_model_serialization: + pass # Don't provide "transformer" for XML for now. Keep "orig_attr" + else: # JSON + keys, orig_attr = key_transformer(attr, attr_desc.copy(), orig_attr) + keys = keys if isinstance(keys, list) else [keys] + + kwargs["serialization_ctxt"] = attr_desc + new_attr = self.serialize_data(orig_attr, attr_desc["type"], **kwargs) + + if is_xml_model_serialization: + xml_desc = attr_desc.get("xml", {}) + xml_name = xml_desc.get("name", attr_desc["key"]) + xml_prefix = xml_desc.get("prefix", None) + xml_ns = xml_desc.get("ns", None) + if xml_desc.get("attr", False): + if xml_ns: + ET.register_namespace(xml_prefix, xml_ns) + xml_name = "{}{}".format(xml_ns, xml_name) + serialized.set(xml_name, new_attr) + continue + if xml_desc.get("text", False): + serialized.text = new_attr + continue + if isinstance(new_attr, list): + serialized.extend(new_attr) + elif isinstance(new_attr, ET.Element): + # If the down XML has no XML/Name, we MUST replace the tag with the local tag. But keeping the namespaces. + if "name" not in getattr(orig_attr, "_xml_map", {}): + splitted_tag = new_attr.tag.split("}") + if len(splitted_tag) == 2: # Namespace + new_attr.tag = "}".join([splitted_tag[0], xml_name]) + else: + new_attr.tag = xml_name + serialized.append(new_attr) + else: # That's a basic type + # Integrate namespace if necessary + local_node = _create_xml_node(xml_name, xml_prefix, xml_ns) + local_node.text = unicode_str(new_attr) + serialized.append(local_node) + else: # JSON + for k in reversed(keys): + unflattened = {k: new_attr} + new_attr = unflattened + + _new_attr = new_attr + _serialized = serialized + for k in keys: + if k not in _serialized: + _serialized.update(_new_attr) + _new_attr = _new_attr[k] + _serialized = _serialized[k] + except ValueError: + continue + + except (AttributeError, KeyError, TypeError) as err: + msg = "Attribute {} in object {} cannot be serialized.\n{}".format(attr_name, class_name, str(target_obj)) + raise_with_traceback(SerializationError, msg, err) + else: + return serialized + + def body(self, data, data_type, **kwargs): + """Serialize data intended for a request body. + + :param data: The data to be serialized. + :param str data_type: The type to be serialized from. + :rtype: dict + :raises: SerializationError if serialization fails. + :raises: ValueError if data is None + """ + + # Just in case this is a dict + internal_data_type = data_type.strip("[]{}") + internal_data_type = self.dependencies.get(internal_data_type, None) + try: + is_xml_model_serialization = kwargs["is_xml"] + except KeyError: + if internal_data_type and issubclass(internal_data_type, Model): + is_xml_model_serialization = kwargs.setdefault("is_xml", internal_data_type.is_xml_model()) + else: + is_xml_model_serialization = False + if internal_data_type and not isinstance(internal_data_type, Enum): + try: + deserializer = Deserializer(self.dependencies) + # Since it's on serialization, it's almost sure that format is not JSON REST + # We're not able to deal with additional properties for now. + deserializer.additional_properties_detection = False + if is_xml_model_serialization: + deserializer.key_extractors = [ + attribute_key_case_insensitive_extractor, + ] + else: + deserializer.key_extractors = [ + rest_key_case_insensitive_extractor, + attribute_key_case_insensitive_extractor, + last_rest_key_case_insensitive_extractor, + ] + data = deserializer._deserialize(data_type, data) + except DeserializationError as err: + raise_with_traceback(SerializationError, "Unable to build a model: " + str(err), err) + + return self._serialize(data, data_type, **kwargs) + + def url(self, name, data, data_type, **kwargs): + """Serialize data intended for a URL path. + + :param data: The data to be serialized. + :param str data_type: The type to be serialized from. + :rtype: str + :raises: TypeError if serialization fails. + :raises: ValueError if data is None + """ + try: + output = self.serialize_data(data, data_type, **kwargs) + if data_type == "bool": + output = json.dumps(output) + + if kwargs.get("skip_quote") is True: + output = str(output) + else: + output = quote(str(output), safe="") + except SerializationError: + raise TypeError("{} must be type {}.".format(name, data_type)) + else: + return output + + def query(self, name, data, data_type, **kwargs): + """Serialize data intended for a URL query. + + :param data: The data to be serialized. + :param str data_type: The type to be serialized from. + :rtype: str + :raises: TypeError if serialization fails. + :raises: ValueError if data is None + """ + try: + # Treat the list aside, since we don't want to encode the div separator + if data_type.startswith("["): + internal_data_type = data_type[1:-1] + data = [self.serialize_data(d, internal_data_type, **kwargs) if d is not None else "" for d in data] + if not kwargs.get("skip_quote", False): + data = [quote(str(d), safe="") for d in data] + return str(self.serialize_iter(data, internal_data_type, **kwargs)) + + # Not a list, regular serialization + output = self.serialize_data(data, data_type, **kwargs) + if data_type == "bool": + output = json.dumps(output) + if kwargs.get("skip_quote") is True: + output = str(output) + else: + output = quote(str(output), safe="") + except SerializationError: + raise TypeError("{} must be type {}.".format(name, data_type)) + else: + return str(output) + + def header(self, name, data, data_type, **kwargs): + """Serialize data intended for a request header. + + :param data: The data to be serialized. + :param str data_type: The type to be serialized from. + :rtype: str + :raises: TypeError if serialization fails. + :raises: ValueError if data is None + """ + try: + if data_type in ["[str]"]: + data = ["" if d is None else d for d in data] + + output = self.serialize_data(data, data_type, **kwargs) + if data_type == "bool": + output = json.dumps(output) + except SerializationError: + raise TypeError("{} must be type {}.".format(name, data_type)) + else: + return str(output) + + def serialize_data(self, data, data_type, **kwargs): + """Serialize generic data according to supplied data type. + + :param data: The data to be serialized. + :param str data_type: The type to be serialized from. + :param bool required: Whether it's essential that the data not be + empty or None + :raises: AttributeError if required data is None. + :raises: ValueError if data is None + :raises: SerializationError if serialization fails. + """ + if data is None: + raise ValueError("No value for given attribute") + + try: + if data_type in self.basic_types.values(): + return self.serialize_basic(data, data_type, **kwargs) + + elif data_type in self.serialize_type: + return self.serialize_type[data_type](data, **kwargs) + + # If dependencies is empty, try with current data class + # It has to be a subclass of Enum anyway + enum_type = self.dependencies.get(data_type, data.__class__) + if issubclass(enum_type, Enum): + return Serializer.serialize_enum(data, enum_obj=enum_type) + + iter_type = data_type[0] + data_type[-1] + if iter_type in self.serialize_type: + return self.serialize_type[iter_type](data, data_type[1:-1], **kwargs) + + except (ValueError, TypeError) as err: + msg = "Unable to serialize value: {!r} as type: {!r}." + raise_with_traceback(SerializationError, msg.format(data, data_type), err) + else: + return self._serialize(data, **kwargs) + + @classmethod + def _get_custom_serializers(cls, data_type, **kwargs): + custom_serializer = kwargs.get("basic_types_serializers", {}).get(data_type) + if custom_serializer: + return custom_serializer + if kwargs.get("is_xml", False): + return cls._xml_basic_types_serializers.get(data_type) + + @classmethod + def serialize_basic(cls, data, data_type, **kwargs): + """Serialize basic builting data type. + Serializes objects to str, int, float or bool. + + Possible kwargs: + - basic_types_serializers dict[str, callable] : If set, use the callable as serializer + - is_xml bool : If set, use xml_basic_types_serializers + + :param data: Object to be serialized. + :param str data_type: Type of object in the iterable. + """ + custom_serializer = cls._get_custom_serializers(data_type, **kwargs) + if custom_serializer: + return custom_serializer(data) + if data_type == "str": + return cls.serialize_unicode(data) + return eval(data_type)(data) # nosec + + @classmethod + def serialize_unicode(cls, data): + """Special handling for serializing unicode strings in Py2. + Encode to UTF-8 if unicode, otherwise handle as a str. + + :param data: Object to be serialized. + :rtype: str + """ + try: # If I received an enum, return its value + return data.value + except AttributeError: + pass + + try: + if isinstance(data, unicode): + # Don't change it, JSON and XML ElementTree are totally able + # to serialize correctly u'' strings + return data + except NameError: + return str(data) + else: + return str(data) + + def serialize_iter(self, data, iter_type, div=None, **kwargs): + """Serialize iterable. + + Supported kwargs: + - serialization_ctxt dict : The current entry of _attribute_map, or same format. + serialization_ctxt['type'] should be same as data_type. + - is_xml bool : If set, serialize as XML + + :param list attr: Object to be serialized. + :param str iter_type: Type of object in the iterable. + :param bool required: Whether the objects in the iterable must + not be None or empty. + :param str div: If set, this str will be used to combine the elements + in the iterable into a combined string. Default is 'None'. + :rtype: list, str + """ + if isinstance(data, str): + raise SerializationError("Refuse str type as a valid iter type.") + + serialization_ctxt = kwargs.get("serialization_ctxt", {}) + is_xml = kwargs.get("is_xml", False) + + serialized = [] + for d in data: + try: + serialized.append(self.serialize_data(d, iter_type, **kwargs)) + except ValueError: + serialized.append(None) + + if div: + serialized = ["" if s is None else str(s) for s in serialized] + serialized = div.join(serialized) + + if "xml" in serialization_ctxt or is_xml: + # XML serialization is more complicated + xml_desc = serialization_ctxt.get("xml", {}) + xml_name = xml_desc.get("name") + if not xml_name: + xml_name = serialization_ctxt["key"] + + # Create a wrap node if necessary (use the fact that Element and list have "append") + is_wrapped = xml_desc.get("wrapped", False) + node_name = xml_desc.get("itemsName", xml_name) + if is_wrapped: + final_result = _create_xml_node(xml_name, xml_desc.get("prefix", None), xml_desc.get("ns", None)) + else: + final_result = [] + # All list elements to "local_node" + for el in serialized: + if isinstance(el, ET.Element): + el_node = el + else: + el_node = _create_xml_node(node_name, xml_desc.get("prefix", None), xml_desc.get("ns", None)) + if el is not None: # Otherwise it writes "None" :-p + el_node.text = str(el) + final_result.append(el_node) + return final_result + return serialized + + def serialize_dict(self, attr, dict_type, **kwargs): + """Serialize a dictionary of objects. + + :param dict attr: Object to be serialized. + :param str dict_type: Type of object in the dictionary. + :param bool required: Whether the objects in the dictionary must + not be None or empty. + :rtype: dict + """ + serialization_ctxt = kwargs.get("serialization_ctxt", {}) + serialized = {} + for key, value in attr.items(): + try: + serialized[self.serialize_unicode(key)] = self.serialize_data(value, dict_type, **kwargs) + except ValueError: + serialized[self.serialize_unicode(key)] = None + + if "xml" in serialization_ctxt: + # XML serialization is more complicated + xml_desc = serialization_ctxt["xml"] + xml_name = xml_desc["name"] + + final_result = _create_xml_node(xml_name, xml_desc.get("prefix", None), xml_desc.get("ns", None)) + for key, value in serialized.items(): + ET.SubElement(final_result, key).text = value + return final_result + + return serialized + + def serialize_object(self, attr, **kwargs): + """Serialize a generic object. + This will be handled as a dictionary. If object passed in is not + a basic type (str, int, float, dict, list) it will simply be + cast to str. + + :param dict attr: Object to be serialized. + :rtype: dict or str + """ + if attr is None: + return None + if isinstance(attr, ET.Element): + return attr + obj_type = type(attr) + if obj_type in self.basic_types: + return self.serialize_basic(attr, self.basic_types[obj_type], **kwargs) + if obj_type is _long_type: + return self.serialize_long(attr) + if obj_type is unicode_str: + return self.serialize_unicode(attr) + if obj_type is datetime.datetime: + return self.serialize_iso(attr) + if obj_type is datetime.date: + return self.serialize_date(attr) + if obj_type is datetime.time: + return self.serialize_time(attr) + if obj_type is datetime.timedelta: + return self.serialize_duration(attr) + if obj_type is decimal.Decimal: + return self.serialize_decimal(attr) + + # If it's a model or I know this dependency, serialize as a Model + elif obj_type in self.dependencies.values() or isinstance(attr, Model): + return self._serialize(attr) + + if obj_type == dict: + serialized = {} + for key, value in attr.items(): + try: + serialized[self.serialize_unicode(key)] = self.serialize_object(value, **kwargs) + except ValueError: + serialized[self.serialize_unicode(key)] = None + return serialized + + if obj_type == list: + serialized = [] + for obj in attr: + try: + serialized.append(self.serialize_object(obj, **kwargs)) + except ValueError: + pass + return serialized + return str(attr) + + @staticmethod + def serialize_enum(attr, enum_obj=None): + try: + result = attr.value + except AttributeError: + result = attr + try: + enum_obj(result) + return result + except ValueError: + for enum_value in enum_obj: + if enum_value.value.lower() == str(attr).lower(): + return enum_value.value + error = "{!r} is not valid value for enum {!r}" + raise SerializationError(error.format(attr, enum_obj)) + + @staticmethod + def serialize_bytearray(attr, **kwargs): + """Serialize bytearray into base-64 string. + + :param attr: Object to be serialized. + :rtype: str + """ + return b64encode(attr).decode() + + @staticmethod + def serialize_base64(attr, **kwargs): + """Serialize str into base-64 string. + + :param attr: Object to be serialized. + :rtype: str + """ + encoded = b64encode(attr).decode("ascii") + return encoded.strip("=").replace("+", "-").replace("/", "_") + + @staticmethod + def serialize_decimal(attr, **kwargs): + """Serialize Decimal object to float. + + :param attr: Object to be serialized. + :rtype: float + """ + return float(attr) + + @staticmethod + def serialize_long(attr, **kwargs): + """Serialize long (Py2) or int (Py3). + + :param attr: Object to be serialized. + :rtype: int/long + """ + return _long_type(attr) + + @staticmethod + def serialize_date(attr, **kwargs): + """Serialize Date object into ISO-8601 formatted string. + + :param Date attr: Object to be serialized. + :rtype: str + """ + if isinstance(attr, str): + attr = isodate.parse_date(attr) + t = "{:04}-{:02}-{:02}".format(attr.year, attr.month, attr.day) + return t + + @staticmethod + def serialize_time(attr, **kwargs): + """Serialize Time object into ISO-8601 formatted string. + + :param datetime.time attr: Object to be serialized. + :rtype: str + """ + if isinstance(attr, str): + attr = isodate.parse_time(attr) + t = "{:02}:{:02}:{:02}".format(attr.hour, attr.minute, attr.second) + if attr.microsecond: + t += ".{:02}".format(attr.microsecond) + return t + + @staticmethod + def serialize_duration(attr, **kwargs): + """Serialize TimeDelta object into ISO-8601 formatted string. + + :param TimeDelta attr: Object to be serialized. + :rtype: str + """ + if isinstance(attr, str): + attr = isodate.parse_duration(attr) + return isodate.duration_isoformat(attr) + + @staticmethod + def serialize_rfc(attr, **kwargs): + """Serialize Datetime object into RFC-1123 formatted string. + + :param Datetime attr: Object to be serialized. + :rtype: str + :raises: TypeError if format invalid. + """ + try: + if not attr.tzinfo: + _LOGGER.warning("Datetime with no tzinfo will be considered UTC.") + utc = attr.utctimetuple() + except AttributeError: + raise TypeError("RFC1123 object must be valid Datetime object.") + + return "{}, {:02} {} {:04} {:02}:{:02}:{:02} GMT".format( + Serializer.days[utc.tm_wday], + utc.tm_mday, + Serializer.months[utc.tm_mon], + utc.tm_year, + utc.tm_hour, + utc.tm_min, + utc.tm_sec, + ) + + @staticmethod + def serialize_iso(attr, **kwargs): + """Serialize Datetime object into ISO-8601 formatted string. + + :param Datetime attr: Object to be serialized. + :rtype: str + :raises: SerializationError if format invalid. + """ + if isinstance(attr, str): + attr = isodate.parse_datetime(attr) + try: + if not attr.tzinfo: + _LOGGER.warning("Datetime with no tzinfo will be considered UTC.") + utc = attr.utctimetuple() + if utc.tm_year > 9999 or utc.tm_year < 1: + raise OverflowError("Hit max or min date") + + microseconds = str(attr.microsecond).rjust(6, "0").rstrip("0").ljust(3, "0") + if microseconds: + microseconds = "." + microseconds + date = "{:04}-{:02}-{:02}T{:02}:{:02}:{:02}".format( + utc.tm_year, utc.tm_mon, utc.tm_mday, utc.tm_hour, utc.tm_min, utc.tm_sec + ) + return date + microseconds + "Z" + except (ValueError, OverflowError) as err: + msg = "Unable to serialize datetime object." + raise_with_traceback(SerializationError, msg, err) + except AttributeError as err: + msg = "ISO-8601 object must be valid Datetime object." + raise_with_traceback(TypeError, msg, err) + + @staticmethod + def serialize_unix(attr, **kwargs): + """Serialize Datetime object into IntTime format. + This is represented as seconds. + + :param Datetime attr: Object to be serialized. + :rtype: int + :raises: SerializationError if format invalid + """ + if isinstance(attr, int): + return attr + try: + if not attr.tzinfo: + _LOGGER.warning("Datetime with no tzinfo will be considered UTC.") + return int(calendar.timegm(attr.utctimetuple())) + except AttributeError: + raise TypeError("Unix time object must be valid Datetime object.") + + +def rest_key_extractor(attr, attr_desc, data): + key = attr_desc["key"] + working_data = data + + while "." in key: + dict_keys = _FLATTEN.split(key) + if len(dict_keys) == 1: + key = _decode_attribute_map_key(dict_keys[0]) + break + working_key = _decode_attribute_map_key(dict_keys[0]) + working_data = working_data.get(working_key, data) + if working_data is None: + # If at any point while following flatten JSON path see None, it means + # that all properties under are None as well + # https://github.com/Azure/msrest-for-python/issues/197 + return None + key = ".".join(dict_keys[1:]) + + return working_data.get(key) + + +def rest_key_case_insensitive_extractor(attr, attr_desc, data): + key = attr_desc["key"] + working_data = data + + while "." in key: + dict_keys = _FLATTEN.split(key) + if len(dict_keys) == 1: + key = _decode_attribute_map_key(dict_keys[0]) + break + working_key = _decode_attribute_map_key(dict_keys[0]) + working_data = attribute_key_case_insensitive_extractor(working_key, None, working_data) + if working_data is None: + # If at any point while following flatten JSON path see None, it means + # that all properties under are None as well + # https://github.com/Azure/msrest-for-python/issues/197 + return None + key = ".".join(dict_keys[1:]) + + if working_data: + return attribute_key_case_insensitive_extractor(key, None, working_data) + + +def last_rest_key_extractor(attr, attr_desc, data): + """Extract the attribute in "data" based on the last part of the JSON path key.""" + key = attr_desc["key"] + dict_keys = _FLATTEN.split(key) + return attribute_key_extractor(dict_keys[-1], None, data) + + +def last_rest_key_case_insensitive_extractor(attr, attr_desc, data): + """Extract the attribute in "data" based on the last part of the JSON path key. + + This is the case insensitive version of "last_rest_key_extractor" + """ + key = attr_desc["key"] + dict_keys = _FLATTEN.split(key) + return attribute_key_case_insensitive_extractor(dict_keys[-1], None, data) + + +def attribute_key_extractor(attr, _, data): + return data.get(attr) + + +def attribute_key_case_insensitive_extractor(attr, _, data): + found_key = None + lower_attr = attr.lower() + for key in data: + if lower_attr == key.lower(): + found_key = key + break + + return data.get(found_key) + + +def _extract_name_from_internal_type(internal_type): + """Given an internal type XML description, extract correct XML name with namespace. + + :param dict internal_type: An model type + :rtype: tuple + :returns: A tuple XML name + namespace dict + """ + internal_type_xml_map = getattr(internal_type, "_xml_map", {}) + xml_name = internal_type_xml_map.get("name", internal_type.__name__) + xml_ns = internal_type_xml_map.get("ns", None) + if xml_ns: + xml_name = "{}{}".format(xml_ns, xml_name) + return xml_name + + +def xml_key_extractor(attr, attr_desc, data): + if isinstance(data, dict): + return None + + # Test if this model is XML ready first + if not isinstance(data, ET.Element): + return None + + xml_desc = attr_desc.get("xml", {}) + xml_name = xml_desc.get("name", attr_desc["key"]) + + # Look for a children + is_iter_type = attr_desc["type"].startswith("[") + is_wrapped = xml_desc.get("wrapped", False) + internal_type = attr_desc.get("internalType", None) + internal_type_xml_map = getattr(internal_type, "_xml_map", {}) + + # Integrate namespace if necessary + xml_ns = xml_desc.get("ns", internal_type_xml_map.get("ns", None)) + if xml_ns: + xml_name = "{}{}".format(xml_ns, xml_name) + + # If it's an attribute, that's simple + if xml_desc.get("attr", False): + return data.get(xml_name) + + # If it's x-ms-text, that's simple too + if xml_desc.get("text", False): + return data.text + + # Scenario where I take the local name: + # - Wrapped node + # - Internal type is an enum (considered basic types) + # - Internal type has no XML/Name node + if is_wrapped or (internal_type and (issubclass(internal_type, Enum) or "name" not in internal_type_xml_map)): + children = data.findall(xml_name) + # If internal type has a local name and it's not a list, I use that name + elif not is_iter_type and internal_type and "name" in internal_type_xml_map: + xml_name = _extract_name_from_internal_type(internal_type) + children = data.findall(xml_name) + # That's an array + else: + if internal_type: # Complex type, ignore itemsName and use the complex type name + items_name = _extract_name_from_internal_type(internal_type) + else: + items_name = xml_desc.get("itemsName", xml_name) + children = data.findall(items_name) + + if len(children) == 0: + if is_iter_type: + if is_wrapped: + return None # is_wrapped no node, we want None + else: + return [] # not wrapped, assume empty list + return None # Assume it's not there, maybe an optional node. + + # If is_iter_type and not wrapped, return all found children + if is_iter_type: + if not is_wrapped: + return children + else: # Iter and wrapped, should have found one node only (the wrap one) + if len(children) != 1: + raise DeserializationError( + "Tried to deserialize an array not wrapped, and found several nodes '{}'. Maybe you should declare this array as wrapped?".format( + xml_name + ) + ) + return list(children[0]) # Might be empty list and that's ok. + + # Here it's not a itertype, we should have found one element only or empty + if len(children) > 1: + raise DeserializationError("Find several XML '{}' where it was not expected".format(xml_name)) + return children[0] + + +class Deserializer(object): + """Response object model deserializer. + + :param dict classes: Class type dictionary for deserializing complex types. + :ivar list key_extractors: Ordered list of extractors to be used by this deserializer. + """ + + basic_types = {str: "str", int: "int", bool: "bool", float: "float"} + + valid_date = re.compile(r"\d{4}[-]\d{2}[-]\d{2}T\d{2}:\d{2}:\d{2}" r"\.?\d*Z?[-+]?[\d{2}]?:?[\d{2}]?") + + def __init__(self, classes=None): + self.deserialize_type = { + "iso-8601": Deserializer.deserialize_iso, + "rfc-1123": Deserializer.deserialize_rfc, + "unix-time": Deserializer.deserialize_unix, + "duration": Deserializer.deserialize_duration, + "date": Deserializer.deserialize_date, + "time": Deserializer.deserialize_time, + "decimal": Deserializer.deserialize_decimal, + "long": Deserializer.deserialize_long, + "bytearray": Deserializer.deserialize_bytearray, + "base64": Deserializer.deserialize_base64, + "object": self.deserialize_object, + "[]": self.deserialize_iter, + "{}": self.deserialize_dict, + } + self.deserialize_expected_types = { + "duration": (isodate.Duration, datetime.timedelta), + "iso-8601": (datetime.datetime), + } + self.dependencies = dict(classes) if classes else {} + self.key_extractors = [rest_key_extractor, xml_key_extractor] + # Additional properties only works if the "rest_key_extractor" is used to + # extract the keys. Making it to work whatever the key extractor is too much + # complicated, with no real scenario for now. + # So adding a flag to disable additional properties detection. This flag should be + # used if your expect the deserialization to NOT come from a JSON REST syntax. + # Otherwise, result are unexpected + self.additional_properties_detection = True + + def __call__(self, target_obj, response_data, content_type=None): + """Call the deserializer to process a REST response. + + :param str target_obj: Target data type to deserialize to. + :param requests.Response response_data: REST response object. + :param str content_type: Swagger "produces" if available. + :raises: DeserializationError if deserialization fails. + :return: Deserialized object. + """ + data = self._unpack_content(response_data, content_type) + return self._deserialize(target_obj, data) + + def _deserialize(self, target_obj, data): + """Call the deserializer on a model. + + Data needs to be already deserialized as JSON or XML ElementTree + + :param str target_obj: Target data type to deserialize to. + :param object data: Object to deserialize. + :raises: DeserializationError if deserialization fails. + :return: Deserialized object. + """ + # This is already a model, go recursive just in case + if hasattr(data, "_attribute_map"): + constants = [name for name, config in getattr(data, "_validation", {}).items() if config.get("constant")] + try: + for attr, mapconfig in data._attribute_map.items(): + if attr in constants: + continue + value = getattr(data, attr) + if value is None: + continue + local_type = mapconfig["type"] + internal_data_type = local_type.strip("[]{}") + if internal_data_type not in self.dependencies or isinstance(internal_data_type, Enum): + continue + setattr(data, attr, self._deserialize(local_type, value)) + return data + except AttributeError: + return + + response, class_name = self._classify_target(target_obj, data) + + if isinstance(response, basestring): + return self.deserialize_data(data, response) + elif isinstance(response, type) and issubclass(response, Enum): + return self.deserialize_enum(data, response) + + if data is None: + return data + try: + attributes = response._attribute_map + d_attrs = {} + for attr, attr_desc in attributes.items(): + # Check empty string. If it's not empty, someone has a real "additionalProperties"... + if attr == "additional_properties" and attr_desc["key"] == "": + continue + raw_value = None + # Enhance attr_desc with some dynamic data + attr_desc = attr_desc.copy() # Do a copy, do not change the real one + internal_data_type = attr_desc["type"].strip("[]{}") + if internal_data_type in self.dependencies: + attr_desc["internalType"] = self.dependencies[internal_data_type] + + for key_extractor in self.key_extractors: + found_value = key_extractor(attr, attr_desc, data) + if found_value is not None: + if raw_value is not None and raw_value != found_value: + msg = ( + "Ignoring extracted value '%s' from %s for key '%s'" + " (duplicate extraction, follow extractors order)" + ) + _LOGGER.warning(msg, found_value, key_extractor, attr) + continue + raw_value = found_value + + value = self.deserialize_data(raw_value, attr_desc["type"]) + d_attrs[attr] = value + except (AttributeError, TypeError, KeyError) as err: + msg = "Unable to deserialize to object: " + class_name + raise_with_traceback(DeserializationError, msg, err) + else: + additional_properties = self._build_additional_properties(attributes, data) + return self._instantiate_model(response, d_attrs, additional_properties) + + def _build_additional_properties(self, attribute_map, data): + if not self.additional_properties_detection: + return None + if "additional_properties" in attribute_map and attribute_map.get("additional_properties", {}).get("key") != "": + # Check empty string. If it's not empty, someone has a real "additionalProperties" + return None + if isinstance(data, ET.Element): + data = {el.tag: el.text for el in data} + + known_keys = { + _decode_attribute_map_key(_FLATTEN.split(desc["key"])[0]) + for desc in attribute_map.values() + if desc["key"] != "" + } + present_keys = set(data.keys()) + missing_keys = present_keys - known_keys + return {key: data[key] for key in missing_keys} + + def _classify_target(self, target, data): + """Check to see whether the deserialization target object can + be classified into a subclass. + Once classification has been determined, initialize object. + + :param str target: The target object type to deserialize to. + :param str/dict data: The response data to deseralize. + """ + if target is None: + return None, None + + if isinstance(target, basestring): + try: + target = self.dependencies[target] + except KeyError: + return target, target + + try: + target = target._classify(data, self.dependencies) + except AttributeError: + pass # Target is not a Model, no classify + return target, target.__class__.__name__ + + def failsafe_deserialize(self, target_obj, data, content_type=None): + """Ignores any errors encountered in deserialization, + and falls back to not deserializing the object. Recommended + for use in error deserialization, as we want to return the + HttpResponseError to users, and not have them deal with + a deserialization error. + + :param str target_obj: The target object type to deserialize to. + :param str/dict data: The response data to deseralize. + :param str content_type: Swagger "produces" if available. + """ + try: + return self(target_obj, data, content_type=content_type) + except: + _LOGGER.debug( + "Ran into a deserialization error. Ignoring since this is failsafe deserialization", exc_info=True + ) + return None + + @staticmethod + def _unpack_content(raw_data, content_type=None): + """Extract the correct structure for deserialization. + + If raw_data is a PipelineResponse, try to extract the result of RawDeserializer. + if we can't, raise. Your Pipeline should have a RawDeserializer. + + If not a pipeline response and raw_data is bytes or string, use content-type + to decode it. If no content-type, try JSON. + + If raw_data is something else, bypass all logic and return it directly. + + :param raw_data: Data to be processed. + :param content_type: How to parse if raw_data is a string/bytes. + :raises JSONDecodeError: If JSON is requested and parsing is impossible. + :raises UnicodeDecodeError: If bytes is not UTF8 + """ + # Assume this is enough to detect a Pipeline Response without importing it + context = getattr(raw_data, "context", {}) + if context: + if RawDeserializer.CONTEXT_NAME in context: + return context[RawDeserializer.CONTEXT_NAME] + raise ValueError("This pipeline didn't have the RawDeserializer policy; can't deserialize") + + # Assume this is enough to recognize universal_http.ClientResponse without importing it + if hasattr(raw_data, "body"): + return RawDeserializer.deserialize_from_http_generics(raw_data.text(), raw_data.headers) + + # Assume this enough to recognize requests.Response without importing it. + if hasattr(raw_data, "_content_consumed"): + return RawDeserializer.deserialize_from_http_generics(raw_data.text, raw_data.headers) + + if isinstance(raw_data, (basestring, bytes)) or hasattr(raw_data, "read"): + return RawDeserializer.deserialize_from_text(raw_data, content_type) + return raw_data + + def _instantiate_model(self, response, attrs, additional_properties=None): + """Instantiate a response model passing in deserialized args. + + :param response: The response model class. + :param d_attrs: The deserialized response attributes. + """ + if callable(response): + subtype = getattr(response, "_subtype_map", {}) + try: + readonly = [k for k, v in response._validation.items() if v.get("readonly")] + const = [k for k, v in response._validation.items() if v.get("constant")] + kwargs = {k: v for k, v in attrs.items() if k not in subtype and k not in readonly + const} + response_obj = response(**kwargs) + for attr in readonly: + setattr(response_obj, attr, attrs.get(attr)) + if additional_properties: + response_obj.additional_properties = additional_properties + return response_obj + except TypeError as err: + msg = "Unable to deserialize {} into model {}. ".format(kwargs, response) + raise DeserializationError(msg + str(err)) + else: + try: + for attr, value in attrs.items(): + setattr(response, attr, value) + return response + except Exception as exp: + msg = "Unable to populate response model. " + msg += "Type: {}, Error: {}".format(type(response), exp) + raise DeserializationError(msg) + + def deserialize_data(self, data, data_type): + """Process data for deserialization according to data type. + + :param str data: The response string to be deserialized. + :param str data_type: The type to deserialize to. + :raises: DeserializationError if deserialization fails. + :return: Deserialized object. + """ + if data is None: + return data + + try: + if not data_type: + return data + if data_type in self.basic_types.values(): + return self.deserialize_basic(data, data_type) + if data_type in self.deserialize_type: + if isinstance(data, self.deserialize_expected_types.get(data_type, tuple())): + return data + + is_a_text_parsing_type = lambda x: x not in ["object", "[]", r"{}"] + if isinstance(data, ET.Element) and is_a_text_parsing_type(data_type) and not data.text: + return None + data_val = self.deserialize_type[data_type](data) + return data_val + + iter_type = data_type[0] + data_type[-1] + if iter_type in self.deserialize_type: + return self.deserialize_type[iter_type](data, data_type[1:-1]) + + obj_type = self.dependencies[data_type] + if issubclass(obj_type, Enum): + if isinstance(data, ET.Element): + data = data.text + return self.deserialize_enum(data, obj_type) + + except (ValueError, TypeError, AttributeError) as err: + msg = "Unable to deserialize response data." + msg += " Data: {}, {}".format(data, data_type) + raise_with_traceback(DeserializationError, msg, err) + else: + return self._deserialize(obj_type, data) + + def deserialize_iter(self, attr, iter_type): + """Deserialize an iterable. + + :param list attr: Iterable to be deserialized. + :param str iter_type: The type of object in the iterable. + :rtype: list + """ + if attr is None: + return None + if isinstance(attr, ET.Element): # If I receive an element here, get the children + attr = list(attr) + if not isinstance(attr, (list, set)): + raise DeserializationError("Cannot deserialize as [{}] an object of type {}".format(iter_type, type(attr))) + return [self.deserialize_data(a, iter_type) for a in attr] + + def deserialize_dict(self, attr, dict_type): + """Deserialize a dictionary. + + :param dict/list attr: Dictionary to be deserialized. Also accepts + a list of key, value pairs. + :param str dict_type: The object type of the items in the dictionary. + :rtype: dict + """ + if isinstance(attr, list): + return {x["key"]: self.deserialize_data(x["value"], dict_type) for x in attr} + + if isinstance(attr, ET.Element): + # Transform value into {"Key": "value"} + attr = {el.tag: el.text for el in attr} + return {k: self.deserialize_data(v, dict_type) for k, v in attr.items()} + + def deserialize_object(self, attr, **kwargs): + """Deserialize a generic object. + This will be handled as a dictionary. + + :param dict attr: Dictionary to be deserialized. + :rtype: dict + :raises: TypeError if non-builtin datatype encountered. + """ + if attr is None: + return None + if isinstance(attr, ET.Element): + # Do no recurse on XML, just return the tree as-is + return attr + if isinstance(attr, basestring): + return self.deserialize_basic(attr, "str") + obj_type = type(attr) + if obj_type in self.basic_types: + return self.deserialize_basic(attr, self.basic_types[obj_type]) + if obj_type is _long_type: + return self.deserialize_long(attr) + + if obj_type == dict: + deserialized = {} + for key, value in attr.items(): + try: + deserialized[key] = self.deserialize_object(value, **kwargs) + except ValueError: + deserialized[key] = None + return deserialized + + if obj_type == list: + deserialized = [] + for obj in attr: + try: + deserialized.append(self.deserialize_object(obj, **kwargs)) + except ValueError: + pass + return deserialized + + else: + error = "Cannot deserialize generic object with type: " + raise TypeError(error + str(obj_type)) + + def deserialize_basic(self, attr, data_type): + """Deserialize basic builtin data type from string. + Will attempt to convert to str, int, float and bool. + This function will also accept '1', '0', 'true' and 'false' as + valid bool values. + + :param str attr: response string to be deserialized. + :param str data_type: deserialization data type. + :rtype: str, int, float or bool + :raises: TypeError if string format is not valid. + """ + # If we're here, data is supposed to be a basic type. + # If it's still an XML node, take the text + if isinstance(attr, ET.Element): + attr = attr.text + if not attr: + if data_type == "str": + # None or '', node is empty string. + return "" + else: + # None or '', node with a strong type is None. + # Don't try to model "empty bool" or "empty int" + return None + + if data_type == "bool": + if attr in [True, False, 1, 0]: + return bool(attr) + elif isinstance(attr, basestring): + if attr.lower() in ["true", "1"]: + return True + elif attr.lower() in ["false", "0"]: + return False + raise TypeError("Invalid boolean value: {}".format(attr)) + + if data_type == "str": + return self.deserialize_unicode(attr) + return eval(data_type)(attr) # nosec + + @staticmethod + def deserialize_unicode(data): + """Preserve unicode objects in Python 2, otherwise return data + as a string. + + :param str data: response string to be deserialized. + :rtype: str or unicode + """ + # We might be here because we have an enum modeled as string, + # and we try to deserialize a partial dict with enum inside + if isinstance(data, Enum): + return data + + # Consider this is real string + try: + if isinstance(data, unicode): + return data + except NameError: + return str(data) + else: + return str(data) + + @staticmethod + def deserialize_enum(data, enum_obj): + """Deserialize string into enum object. + + If the string is not a valid enum value it will be returned as-is + and a warning will be logged. + + :param str data: Response string to be deserialized. If this value is + None or invalid it will be returned as-is. + :param Enum enum_obj: Enum object to deserialize to. + :rtype: Enum + """ + if isinstance(data, enum_obj) or data is None: + return data + if isinstance(data, Enum): + data = data.value + if isinstance(data, int): + # Workaround. We might consider remove it in the future. + # https://github.com/Azure/azure-rest-api-specs/issues/141 + try: + return list(enum_obj.__members__.values())[data] + except IndexError: + error = "{!r} is not a valid index for enum {!r}" + raise DeserializationError(error.format(data, enum_obj)) + try: + return enum_obj(str(data)) + except ValueError: + for enum_value in enum_obj: + if enum_value.value.lower() == str(data).lower(): + return enum_value + # We don't fail anymore for unknown value, we deserialize as a string + _LOGGER.warning("Deserializer is not able to find %s as valid enum in %s", data, enum_obj) + return Deserializer.deserialize_unicode(data) + + @staticmethod + def deserialize_bytearray(attr): + """Deserialize string into bytearray. + + :param str attr: response string to be deserialized. + :rtype: bytearray + :raises: TypeError if string format invalid. + """ + if isinstance(attr, ET.Element): + attr = attr.text + return bytearray(b64decode(attr)) + + @staticmethod + def deserialize_base64(attr): + """Deserialize base64 encoded string into string. + + :param str attr: response string to be deserialized. + :rtype: bytearray + :raises: TypeError if string format invalid. + """ + if isinstance(attr, ET.Element): + attr = attr.text + padding = "=" * (3 - (len(attr) + 3) % 4) + attr = attr + padding + encoded = attr.replace("-", "+").replace("_", "/") + return b64decode(encoded) + + @staticmethod + def deserialize_decimal(attr): + """Deserialize string into Decimal object. + + :param str attr: response string to be deserialized. + :rtype: Decimal + :raises: DeserializationError if string format invalid. + """ + if isinstance(attr, ET.Element): + attr = attr.text + try: + return decimal.Decimal(attr) + except decimal.DecimalException as err: + msg = "Invalid decimal {}".format(attr) + raise_with_traceback(DeserializationError, msg, err) + + @staticmethod + def deserialize_long(attr): + """Deserialize string into long (Py2) or int (Py3). + + :param str attr: response string to be deserialized. + :rtype: long or int + :raises: ValueError if string format invalid. + """ + if isinstance(attr, ET.Element): + attr = attr.text + return _long_type(attr) + + @staticmethod + def deserialize_duration(attr): + """Deserialize ISO-8601 formatted string into TimeDelta object. + + :param str attr: response string to be deserialized. + :rtype: TimeDelta + :raises: DeserializationError if string format invalid. + """ + if isinstance(attr, ET.Element): + attr = attr.text + try: + duration = isodate.parse_duration(attr) + except (ValueError, OverflowError, AttributeError) as err: + msg = "Cannot deserialize duration object." + raise_with_traceback(DeserializationError, msg, err) + else: + return duration + + @staticmethod + def deserialize_date(attr): + """Deserialize ISO-8601 formatted string into Date object. + + :param str attr: response string to be deserialized. + :rtype: Date + :raises: DeserializationError if string format invalid. + """ + if isinstance(attr, ET.Element): + attr = attr.text + if re.search(r"[^\W\d_]", attr, re.I + re.U): + raise DeserializationError("Date must have only digits and -. Received: %s" % attr) + # This must NOT use defaultmonth/defaultday. Using None ensure this raises an exception. + return isodate.parse_date(attr, defaultmonth=None, defaultday=None) + + @staticmethod + def deserialize_time(attr): + """Deserialize ISO-8601 formatted string into time object. + + :param str attr: response string to be deserialized. + :rtype: datetime.time + :raises: DeserializationError if string format invalid. + """ + if isinstance(attr, ET.Element): + attr = attr.text + if re.search(r"[^\W\d_]", attr, re.I + re.U): + raise DeserializationError("Date must have only digits and -. Received: %s" % attr) + return isodate.parse_time(attr) + + @staticmethod + def deserialize_rfc(attr): + """Deserialize RFC-1123 formatted string into Datetime object. + + :param str attr: response string to be deserialized. + :rtype: Datetime + :raises: DeserializationError if string format invalid. + """ + if isinstance(attr, ET.Element): + attr = attr.text + try: + parsed_date = email.utils.parsedate_tz(attr) + date_obj = datetime.datetime( + *parsed_date[:6], tzinfo=_FixedOffset(datetime.timedelta(minutes=(parsed_date[9] or 0) / 60)) + ) + if not date_obj.tzinfo: + date_obj = date_obj.astimezone(tz=TZ_UTC) + except ValueError as err: + msg = "Cannot deserialize to rfc datetime object." + raise_with_traceback(DeserializationError, msg, err) + else: + return date_obj + + @staticmethod + def deserialize_iso(attr): + """Deserialize ISO-8601 formatted string into Datetime object. + + :param str attr: response string to be deserialized. + :rtype: Datetime + :raises: DeserializationError if string format invalid. + """ + if isinstance(attr, ET.Element): + attr = attr.text + try: + attr = attr.upper() + match = Deserializer.valid_date.match(attr) + if not match: + raise ValueError("Invalid datetime string: " + attr) + + check_decimal = attr.split(".") + if len(check_decimal) > 1: + decimal_str = "" + for digit in check_decimal[1]: + if digit.isdigit(): + decimal_str += digit + else: + break + if len(decimal_str) > 6: + attr = attr.replace(decimal_str, decimal_str[0:6]) + + date_obj = isodate.parse_datetime(attr) + test_utc = date_obj.utctimetuple() + if test_utc.tm_year > 9999 or test_utc.tm_year < 1: + raise OverflowError("Hit max or min date") + except (ValueError, OverflowError, AttributeError) as err: + msg = "Cannot deserialize datetime object." + raise_with_traceback(DeserializationError, msg, err) + else: + return date_obj + + @staticmethod + def deserialize_unix(attr): + """Serialize Datetime object into IntTime format. + This is represented as seconds. + + :param int attr: Object to be serialized. + :rtype: Datetime + :raises: DeserializationError if format invalid + """ + if isinstance(attr, ET.Element): + attr = int(attr.text) + try: + date_obj = datetime.datetime.fromtimestamp(attr, TZ_UTC) + except ValueError as err: + msg = "Cannot deserialize to unix datetime object." + raise_with_traceback(DeserializationError, msg, err) + else: + return date_obj diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_vendor.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_vendor.py index 138f663c53a4..9aad73fc743e 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_vendor.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_vendor.py @@ -7,6 +7,7 @@ from azure.core.pipeline.transport import HttpRequest + def _convert_request(request, files=None): data = request.content if not files else None request = HttpRequest(method=request.method, url=request.url, headers=request.headers, data=data) @@ -14,6 +15,7 @@ def _convert_request(request, files=None): request.set_formdata_body(files) return request + def _format_url_section(template, **kwargs): components = template.split("/") while components: @@ -21,7 +23,5 @@ def _format_url_section(template, **kwargs): return template.format(**kwargs) except KeyError as key: formatted_components = template.split("/") - components = [ - c for c in formatted_components if "{}".format(key.args[0]) not in c - ] + components = [c for c in formatted_components if "{}".format(key.args[0]) not in c] template = "/".join(components) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_version.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_version.py index c47f66669f1b..e5754a47ce68 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_version.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/_version.py @@ -6,4 +6,4 @@ # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -VERSION = "1.0.0" +VERSION = "1.0.0b1" diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/__init__.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/__init__.py index 52954b03f5fc..6c57b1fcf3b2 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/__init__.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/__init__.py @@ -14,7 +14,8 @@ except ImportError: _patch_all = [] from ._patch import patch_sdk as _patch_sdk -__all__ = ['SecurityInsights'] + +__all__ = ["SecurityInsights"] __all__.extend([p for p in _patch_all if p not in __all__]) _patch_sdk() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_configuration.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_configuration.py index 67c1e9514543..661bb8ba8f15 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_configuration.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_configuration.py @@ -25,23 +25,18 @@ class SecurityInsightsConfiguration(Configuration): # pylint: disable=too-many- Note that all parameters used to create this instance are saved as instance attributes. - :param credential: Credential needed for the client to connect to Azure. + :param credential: Credential needed for the client to connect to Azure. Required. :type credential: ~azure.core.credentials_async.AsyncTokenCredential - :param subscription_id: The ID of the target subscription. + :param subscription_id: The ID of the target subscription. Required. :type subscription_id: str - :keyword api_version: Api Version. Default value is "2021-10-01". Note that overriding this - default value may result in unsupported behavior. + :keyword api_version: Api Version. Default value is "2022-09-01-preview". Note that overriding + this default value may result in unsupported behavior. :paramtype api_version: str """ - def __init__( - self, - credential: "AsyncTokenCredential", - subscription_id: str, - **kwargs: Any - ) -> None: + def __init__(self, credential: "AsyncTokenCredential", subscription_id: str, **kwargs: Any) -> None: super(SecurityInsightsConfiguration, self).__init__(**kwargs) - api_version = kwargs.pop('api_version', "2021-10-01") # type: str + api_version = kwargs.pop("api_version", "2022-09-01-preview") # type: str if credential is None: raise ValueError("Parameter 'credential' must not be None.") @@ -51,22 +46,21 @@ def __init__( self.credential = credential self.subscription_id = subscription_id self.api_version = api_version - self.credential_scopes = kwargs.pop('credential_scopes', ['https://management.azure.com/.default']) - kwargs.setdefault('sdk_moniker', 'mgmt-securityinsight/{}'.format(VERSION)) + self.credential_scopes = kwargs.pop("credential_scopes", ["https://management.azure.com/.default"]) + kwargs.setdefault("sdk_moniker", "mgmt-securityinsight/{}".format(VERSION)) self._configure(**kwargs) - def _configure( - self, - **kwargs: Any - ) -> None: - self.user_agent_policy = kwargs.get('user_agent_policy') or policies.UserAgentPolicy(**kwargs) - self.headers_policy = kwargs.get('headers_policy') or policies.HeadersPolicy(**kwargs) - self.proxy_policy = kwargs.get('proxy_policy') or policies.ProxyPolicy(**kwargs) - self.logging_policy = kwargs.get('logging_policy') or policies.NetworkTraceLoggingPolicy(**kwargs) - self.http_logging_policy = kwargs.get('http_logging_policy') or ARMHttpLoggingPolicy(**kwargs) - self.retry_policy = kwargs.get('retry_policy') or policies.AsyncRetryPolicy(**kwargs) - self.custom_hook_policy = kwargs.get('custom_hook_policy') or policies.CustomHookPolicy(**kwargs) - self.redirect_policy = kwargs.get('redirect_policy') or policies.AsyncRedirectPolicy(**kwargs) - self.authentication_policy = kwargs.get('authentication_policy') + def _configure(self, **kwargs: Any) -> None: + self.user_agent_policy = kwargs.get("user_agent_policy") or policies.UserAgentPolicy(**kwargs) + self.headers_policy = kwargs.get("headers_policy") or policies.HeadersPolicy(**kwargs) + self.proxy_policy = kwargs.get("proxy_policy") or policies.ProxyPolicy(**kwargs) + self.logging_policy = kwargs.get("logging_policy") or policies.NetworkTraceLoggingPolicy(**kwargs) + self.http_logging_policy = kwargs.get("http_logging_policy") or ARMHttpLoggingPolicy(**kwargs) + self.retry_policy = kwargs.get("retry_policy") or policies.AsyncRetryPolicy(**kwargs) + self.custom_hook_policy = kwargs.get("custom_hook_policy") or policies.CustomHookPolicy(**kwargs) + self.redirect_policy = kwargs.get("redirect_policy") or policies.AsyncRedirectPolicy(**kwargs) + self.authentication_policy = kwargs.get("authentication_policy") if self.credential and not self.authentication_policy: - self.authentication_policy = AsyncARMChallengeAuthenticationPolicy(self.credential, *self.credential_scopes, **kwargs) + self.authentication_policy = AsyncARMChallengeAuthenticationPolicy( + self.credential, *self.credential_scopes, **kwargs + ) diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_patch.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_patch.py index 74e48ecd07cf..f99e77fef986 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_patch.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_patch.py @@ -28,4 +28,4 @@ # This file is used for handwritten extensions to the generated code. Example: # https://github.com/Azure/azure-sdk-for-python/blob/main/doc/dev/customize_code/how-to-patch-sdk-code.md def patch_sdk(): - pass \ No newline at end of file + pass diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_security_insights.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_security_insights.py index 390ccdba0c9b..bb8132adc57e 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_security_insights.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/_security_insights.py @@ -9,30 +9,118 @@ from copy import deepcopy from typing import Any, Awaitable, TYPE_CHECKING -from msrest import Deserializer, Serializer - from azure.core.rest import AsyncHttpResponse, HttpRequest from azure.mgmt.core import AsyncARMPipelineClient from .. import models +from .._serialization import Deserializer, Serializer from ._configuration import SecurityInsightsConfiguration -from .operations import ActionsOperations, AlertRuleTemplatesOperations, AlertRulesOperations, AutomationRulesOperations, BookmarksOperations, DataConnectorsOperations, IncidentCommentsOperations, IncidentRelationsOperations, IncidentsOperations, Operations, SentinelOnboardingStatesOperations, ThreatIntelligenceIndicatorMetricsOperations, ThreatIntelligenceIndicatorOperations, ThreatIntelligenceIndicatorsOperations, WatchlistItemsOperations, WatchlistsOperations +from .operations import ( + ActionsOperations, + AlertRuleTemplatesOperations, + AlertRulesOperations, + AutomationRulesOperations, + BookmarkOperations, + BookmarkRelationsOperations, + BookmarksOperations, + DataConnectorsCheckRequirementsOperations, + DataConnectorsOperations, + DomainWhoisOperations, + EntitiesGetTimelineOperations, + EntitiesOperations, + EntitiesRelationsOperations, + EntityQueriesOperations, + EntityQueryTemplatesOperations, + EntityRelationsOperations, + FileImportsOperations, + IPGeodataOperations, + IncidentCommentsOperations, + IncidentRelationsOperations, + IncidentsOperations, + MetadataOperations, + OfficeConsentsOperations, + Operations, + ProductSettingsOperations, + SecurityMLAnalyticsSettingsOperations, + SentinelOnboardingStatesOperations, + SourceControlOperations, + SourceControlsOperations, + ThreatIntelligenceIndicatorMetricsOperations, + ThreatIntelligenceIndicatorOperations, + ThreatIntelligenceIndicatorsOperations, + WatchlistItemsOperations, + WatchlistsOperations, +) if TYPE_CHECKING: # pylint: disable=unused-import,ungrouped-imports from azure.core.credentials_async import AsyncTokenCredential -class SecurityInsights: # pylint: disable=too-many-instance-attributes + +class SecurityInsights: # pylint: disable=client-accepts-api-version-keyword,too-many-instance-attributes """API spec for Microsoft.SecurityInsights (Azure Security Insights) resource provider. + :ivar alert_rules: AlertRulesOperations operations + :vartype alert_rules: azure.mgmt.securityinsight.aio.operations.AlertRulesOperations + :ivar actions: ActionsOperations operations + :vartype actions: azure.mgmt.securityinsight.aio.operations.ActionsOperations + :ivar alert_rule_templates: AlertRuleTemplatesOperations operations + :vartype alert_rule_templates: + azure.mgmt.securityinsight.aio.operations.AlertRuleTemplatesOperations + :ivar automation_rules: AutomationRulesOperations operations + :vartype automation_rules: azure.mgmt.securityinsight.aio.operations.AutomationRulesOperations :ivar incidents: IncidentsOperations operations :vartype incidents: azure.mgmt.securityinsight.aio.operations.IncidentsOperations + :ivar bookmarks: BookmarksOperations operations + :vartype bookmarks: azure.mgmt.securityinsight.aio.operations.BookmarksOperations + :ivar bookmark_relations: BookmarkRelationsOperations operations + :vartype bookmark_relations: + azure.mgmt.securityinsight.aio.operations.BookmarkRelationsOperations + :ivar bookmark: BookmarkOperations operations + :vartype bookmark: azure.mgmt.securityinsight.aio.operations.BookmarkOperations + :ivar ip_geodata: IPGeodataOperations operations + :vartype ip_geodata: azure.mgmt.securityinsight.aio.operations.IPGeodataOperations + :ivar domain_whois: DomainWhoisOperations operations + :vartype domain_whois: azure.mgmt.securityinsight.aio.operations.DomainWhoisOperations + :ivar entities: EntitiesOperations operations + :vartype entities: azure.mgmt.securityinsight.aio.operations.EntitiesOperations + :ivar entities_get_timeline: EntitiesGetTimelineOperations operations + :vartype entities_get_timeline: + azure.mgmt.securityinsight.aio.operations.EntitiesGetTimelineOperations + :ivar entities_relations: EntitiesRelationsOperations operations + :vartype entities_relations: + azure.mgmt.securityinsight.aio.operations.EntitiesRelationsOperations + :ivar entity_relations: EntityRelationsOperations operations + :vartype entity_relations: azure.mgmt.securityinsight.aio.operations.EntityRelationsOperations + :ivar entity_queries: EntityQueriesOperations operations + :vartype entity_queries: azure.mgmt.securityinsight.aio.operations.EntityQueriesOperations + :ivar entity_query_templates: EntityQueryTemplatesOperations operations + :vartype entity_query_templates: + azure.mgmt.securityinsight.aio.operations.EntityQueryTemplatesOperations + :ivar file_imports: FileImportsOperations operations + :vartype file_imports: azure.mgmt.securityinsight.aio.operations.FileImportsOperations :ivar incident_comments: IncidentCommentsOperations operations :vartype incident_comments: azure.mgmt.securityinsight.aio.operations.IncidentCommentsOperations :ivar incident_relations: IncidentRelationsOperations operations :vartype incident_relations: azure.mgmt.securityinsight.aio.operations.IncidentRelationsOperations + :ivar metadata: MetadataOperations operations + :vartype metadata: azure.mgmt.securityinsight.aio.operations.MetadataOperations + :ivar office_consents: OfficeConsentsOperations operations + :vartype office_consents: azure.mgmt.securityinsight.aio.operations.OfficeConsentsOperations + :ivar sentinel_onboarding_states: SentinelOnboardingStatesOperations operations + :vartype sentinel_onboarding_states: + azure.mgmt.securityinsight.aio.operations.SentinelOnboardingStatesOperations + :ivar security_ml_analytics_settings: SecurityMLAnalyticsSettingsOperations operations + :vartype security_ml_analytics_settings: + azure.mgmt.securityinsight.aio.operations.SecurityMLAnalyticsSettingsOperations + :ivar product_settings: ProductSettingsOperations operations + :vartype product_settings: azure.mgmt.securityinsight.aio.operations.ProductSettingsOperations + :ivar source_control: SourceControlOperations operations + :vartype source_control: azure.mgmt.securityinsight.aio.operations.SourceControlOperations + :ivar source_controls: SourceControlsOperations operations + :vartype source_controls: azure.mgmt.securityinsight.aio.operations.SourceControlsOperations :ivar threat_intelligence_indicator: ThreatIntelligenceIndicatorOperations operations :vartype threat_intelligence_indicator: azure.mgmt.securityinsight.aio.operations.ThreatIntelligenceIndicatorOperations @@ -47,33 +135,24 @@ class SecurityInsights: # pylint: disable=too-many-instance-attributes :vartype watchlists: azure.mgmt.securityinsight.aio.operations.WatchlistsOperations :ivar watchlist_items: WatchlistItemsOperations operations :vartype watchlist_items: azure.mgmt.securityinsight.aio.operations.WatchlistItemsOperations - :ivar operations: Operations operations - :vartype operations: azure.mgmt.securityinsight.aio.operations.Operations - :ivar sentinel_onboarding_states: SentinelOnboardingStatesOperations operations - :vartype sentinel_onboarding_states: - azure.mgmt.securityinsight.aio.operations.SentinelOnboardingStatesOperations - :ivar alert_rules: AlertRulesOperations operations - :vartype alert_rules: azure.mgmt.securityinsight.aio.operations.AlertRulesOperations - :ivar actions: ActionsOperations operations - :vartype actions: azure.mgmt.securityinsight.aio.operations.ActionsOperations - :ivar alert_rule_templates: AlertRuleTemplatesOperations operations - :vartype alert_rule_templates: - azure.mgmt.securityinsight.aio.operations.AlertRuleTemplatesOperations - :ivar bookmarks: BookmarksOperations operations - :vartype bookmarks: azure.mgmt.securityinsight.aio.operations.BookmarksOperations :ivar data_connectors: DataConnectorsOperations operations :vartype data_connectors: azure.mgmt.securityinsight.aio.operations.DataConnectorsOperations - :ivar automation_rules: AutomationRulesOperations operations - :vartype automation_rules: azure.mgmt.securityinsight.aio.operations.AutomationRulesOperations - :param credential: Credential needed for the client to connect to Azure. + :ivar data_connectors_check_requirements: DataConnectorsCheckRequirementsOperations operations + :vartype data_connectors_check_requirements: + azure.mgmt.securityinsight.aio.operations.DataConnectorsCheckRequirementsOperations + :ivar operations: Operations operations + :vartype operations: azure.mgmt.securityinsight.aio.operations.Operations + :param credential: Credential needed for the client to connect to Azure. Required. :type credential: ~azure.core.credentials_async.AsyncTokenCredential - :param subscription_id: The ID of the target subscription. + :param subscription_id: The ID of the target subscription. Required. :type subscription_id: str :param base_url: Service URL. Default value is "https://management.azure.com". :type base_url: str - :keyword api_version: Api Version. Default value is "2021-10-01". Note that overriding this - default value may result in unsupported behavior. + :keyword api_version: Api Version. Default value is "2022-09-01-preview". Note that overriding + this default value may result in unsupported behavior. :paramtype api_version: str + :keyword int polling_interval: Default waiting time between two polls for LRO operations if no + Retry-After header is present. """ def __init__( @@ -90,61 +169,74 @@ def __init__( self._serialize = Serializer(client_models) self._deserialize = Deserializer(client_models) self._serialize.client_side_validation = False - self.incidents = IncidentsOperations( + self.alert_rules = AlertRulesOperations(self._client, self._config, self._serialize, self._deserialize) + self.actions = ActionsOperations(self._client, self._config, self._serialize, self._deserialize) + self.alert_rule_templates = AlertRuleTemplatesOperations( self._client, self._config, self._serialize, self._deserialize ) - self.incident_comments = IncidentCommentsOperations( + self.automation_rules = AutomationRulesOperations( self._client, self._config, self._serialize, self._deserialize ) - self.incident_relations = IncidentRelationsOperations( + self.incidents = IncidentsOperations(self._client, self._config, self._serialize, self._deserialize) + self.bookmarks = BookmarksOperations(self._client, self._config, self._serialize, self._deserialize) + self.bookmark_relations = BookmarkRelationsOperations( self._client, self._config, self._serialize, self._deserialize ) - self.threat_intelligence_indicator = ThreatIntelligenceIndicatorOperations( + self.bookmark = BookmarkOperations(self._client, self._config, self._serialize, self._deserialize) + self.ip_geodata = IPGeodataOperations(self._client, self._config, self._serialize, self._deserialize) + self.domain_whois = DomainWhoisOperations(self._client, self._config, self._serialize, self._deserialize) + self.entities = EntitiesOperations(self._client, self._config, self._serialize, self._deserialize) + self.entities_get_timeline = EntitiesGetTimelineOperations( self._client, self._config, self._serialize, self._deserialize ) - self.threat_intelligence_indicators = ThreatIntelligenceIndicatorsOperations( + self.entities_relations = EntitiesRelationsOperations( self._client, self._config, self._serialize, self._deserialize ) - self.threat_intelligence_indicator_metrics = ThreatIntelligenceIndicatorMetricsOperations( + self.entity_relations = EntityRelationsOperations( self._client, self._config, self._serialize, self._deserialize ) - self.watchlists = WatchlistsOperations( + self.entity_queries = EntityQueriesOperations(self._client, self._config, self._serialize, self._deserialize) + self.entity_query_templates = EntityQueryTemplatesOperations( self._client, self._config, self._serialize, self._deserialize ) - self.watchlist_items = WatchlistItemsOperations( + self.file_imports = FileImportsOperations(self._client, self._config, self._serialize, self._deserialize) + self.incident_comments = IncidentCommentsOperations( self._client, self._config, self._serialize, self._deserialize ) - self.operations = Operations( + self.incident_relations = IncidentRelationsOperations( self._client, self._config, self._serialize, self._deserialize ) + self.metadata = MetadataOperations(self._client, self._config, self._serialize, self._deserialize) + self.office_consents = OfficeConsentsOperations(self._client, self._config, self._serialize, self._deserialize) self.sentinel_onboarding_states = SentinelOnboardingStatesOperations( self._client, self._config, self._serialize, self._deserialize ) - self.alert_rules = AlertRulesOperations( + self.security_ml_analytics_settings = SecurityMLAnalyticsSettingsOperations( self._client, self._config, self._serialize, self._deserialize ) - self.actions = ActionsOperations( + self.product_settings = ProductSettingsOperations( self._client, self._config, self._serialize, self._deserialize ) - self.alert_rule_templates = AlertRuleTemplatesOperations( + self.source_control = SourceControlOperations(self._client, self._config, self._serialize, self._deserialize) + self.source_controls = SourceControlsOperations(self._client, self._config, self._serialize, self._deserialize) + self.threat_intelligence_indicator = ThreatIntelligenceIndicatorOperations( self._client, self._config, self._serialize, self._deserialize ) - self.bookmarks = BookmarksOperations( + self.threat_intelligence_indicators = ThreatIntelligenceIndicatorsOperations( self._client, self._config, self._serialize, self._deserialize ) - self.data_connectors = DataConnectorsOperations( + self.threat_intelligence_indicator_metrics = ThreatIntelligenceIndicatorMetricsOperations( self._client, self._config, self._serialize, self._deserialize ) - self.automation_rules = AutomationRulesOperations( + self.watchlists = WatchlistsOperations(self._client, self._config, self._serialize, self._deserialize) + self.watchlist_items = WatchlistItemsOperations(self._client, self._config, self._serialize, self._deserialize) + self.data_connectors = DataConnectorsOperations(self._client, self._config, self._serialize, self._deserialize) + self.data_connectors_check_requirements = DataConnectorsCheckRequirementsOperations( self._client, self._config, self._serialize, self._deserialize ) + self.operations = Operations(self._client, self._config, self._serialize, self._deserialize) - - def _send_request( - self, - request: HttpRequest, - **kwargs: Any - ) -> Awaitable[AsyncHttpResponse]: + def _send_request(self, request: HttpRequest, **kwargs: Any) -> Awaitable[AsyncHttpResponse]: """Runs the network request through the client's chained policies. >>> from azure.core.rest import HttpRequest @@ -153,7 +245,7 @@ def _send_request( >>> response = await client._send_request(request) - For more information on this code flow, see https://aka.ms/azsdk/python/protocol/quickstart + For more information on this code flow, see https://aka.ms/azsdk/dpcodegen/python/send_request :param request: The network request you want to make. Required. :type request: ~azure.core.rest.HttpRequest diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/__init__.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/__init__.py index 0faea3999df9..918cd7e781bc 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/__init__.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/__init__.py @@ -6,43 +6,80 @@ # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- +from ._alert_rules_operations import AlertRulesOperations +from ._actions_operations import ActionsOperations +from ._alert_rule_templates_operations import AlertRuleTemplatesOperations +from ._automation_rules_operations import AutomationRulesOperations from ._incidents_operations import IncidentsOperations +from ._bookmarks_operations import BookmarksOperations +from ._bookmark_relations_operations import BookmarkRelationsOperations +from ._bookmark_operations import BookmarkOperations +from ._ip_geodata_operations import IPGeodataOperations +from ._domain_whois_operations import DomainWhoisOperations +from ._entities_operations import EntitiesOperations +from ._entities_get_timeline_operations import EntitiesGetTimelineOperations +from ._entities_relations_operations import EntitiesRelationsOperations +from ._entity_relations_operations import EntityRelationsOperations +from ._entity_queries_operations import EntityQueriesOperations +from ._entity_query_templates_operations import EntityQueryTemplatesOperations +from ._file_imports_operations import FileImportsOperations from ._incident_comments_operations import IncidentCommentsOperations from ._incident_relations_operations import IncidentRelationsOperations +from ._metadata_operations import MetadataOperations +from ._office_consents_operations import OfficeConsentsOperations +from ._sentinel_onboarding_states_operations import SentinelOnboardingStatesOperations +from ._security_ml_analytics_settings_operations import SecurityMLAnalyticsSettingsOperations +from ._product_settings_operations import ProductSettingsOperations +from ._source_control_operations import SourceControlOperations +from ._source_controls_operations import SourceControlsOperations from ._threat_intelligence_indicator_operations import ThreatIntelligenceIndicatorOperations from ._threat_intelligence_indicators_operations import ThreatIntelligenceIndicatorsOperations from ._threat_intelligence_indicator_metrics_operations import ThreatIntelligenceIndicatorMetricsOperations from ._watchlists_operations import WatchlistsOperations from ._watchlist_items_operations import WatchlistItemsOperations -from ._operations import Operations -from ._sentinel_onboarding_states_operations import SentinelOnboardingStatesOperations -from ._alert_rules_operations import AlertRulesOperations -from ._actions_operations import ActionsOperations -from ._alert_rule_templates_operations import AlertRuleTemplatesOperations -from ._bookmarks_operations import BookmarksOperations from ._data_connectors_operations import DataConnectorsOperations -from ._automation_rules_operations import AutomationRulesOperations +from ._data_connectors_check_requirements_operations import DataConnectorsCheckRequirementsOperations +from ._operations import Operations from ._patch import __all__ as _patch_all from ._patch import * # type: ignore # pylint: disable=unused-wildcard-import from ._patch import patch_sdk as _patch_sdk + __all__ = [ - 'IncidentsOperations', - 'IncidentCommentsOperations', - 'IncidentRelationsOperations', - 'ThreatIntelligenceIndicatorOperations', - 'ThreatIntelligenceIndicatorsOperations', - 'ThreatIntelligenceIndicatorMetricsOperations', - 'WatchlistsOperations', - 'WatchlistItemsOperations', - 'Operations', - 'SentinelOnboardingStatesOperations', - 'AlertRulesOperations', - 'ActionsOperations', - 'AlertRuleTemplatesOperations', - 'BookmarksOperations', - 'DataConnectorsOperations', - 'AutomationRulesOperations', + "AlertRulesOperations", + "ActionsOperations", + "AlertRuleTemplatesOperations", + "AutomationRulesOperations", + "IncidentsOperations", + "BookmarksOperations", + "BookmarkRelationsOperations", + "BookmarkOperations", + "IPGeodataOperations", + "DomainWhoisOperations", + "EntitiesOperations", + "EntitiesGetTimelineOperations", + "EntitiesRelationsOperations", + "EntityRelationsOperations", + "EntityQueriesOperations", + "EntityQueryTemplatesOperations", + "FileImportsOperations", + "IncidentCommentsOperations", + "IncidentRelationsOperations", + "MetadataOperations", + "OfficeConsentsOperations", + "SentinelOnboardingStatesOperations", + "SecurityMLAnalyticsSettingsOperations", + "ProductSettingsOperations", + "SourceControlOperations", + "SourceControlsOperations", + "ThreatIntelligenceIndicatorOperations", + "ThreatIntelligenceIndicatorsOperations", + "ThreatIntelligenceIndicatorMetricsOperations", + "WatchlistsOperations", + "WatchlistItemsOperations", + "DataConnectorsOperations", + "DataConnectorsCheckRequirementsOperations", + "Operations", ] __all__.extend([p for p in _patch_all if p not in __all__]) -_patch_sdk() \ No newline at end of file +_patch_sdk() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_actions_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_actions_operations.py index 55ed4a9c34f3..c57a477c6b28 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_actions_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_actions_operations.py @@ -6,10 +6,17 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload +from urllib.parse import parse_qs, urljoin, urlparse from azure.core.async_paging import AsyncItemPaged, AsyncList -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) from azure.core.pipeline import PipelineResponse from azure.core.pipeline.transport import AsyncHttpResponse from azure.core.rest import HttpRequest @@ -20,10 +27,17 @@ from ... import models as _models from ..._vendor import _convert_request -from ...operations._actions_operations import build_create_or_update_request, build_delete_request, build_get_request, build_list_by_alert_rule_request -T = TypeVar('T') +from ...operations._actions_operations import ( + build_create_or_update_request, + build_delete_request, + build_get_request, + build_list_by_alert_rule_request, +) + +T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + class ActionsOperations: """ .. warning:: @@ -43,48 +57,44 @@ def __init__(self, *args, **kwargs) -> None: self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - @distributed_trace def list_by_alert_rule( - self, - resource_group_name: str, - workspace_name: str, - rule_id: str, - **kwargs: Any - ) -> AsyncIterable[_models.ActionsList]: + self, resource_group_name: str, workspace_name: str, rule_id: str, **kwargs: Any + ) -> AsyncIterable["_models.ActionResponse"]: """Gets all actions of alert rule. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param rule_id: Alert rule ID. + :param rule_id: Alert rule ID. Required. :type rule_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either ActionsList or the result of cls(response) - :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.ActionsList] - :raises: ~azure.core.exceptions.HttpResponseError + :return: An iterator like instance of either ActionResponse or the result of cls(response) + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.ActionResponse] + :raises ~azure.core.exceptions.HttpResponseError: """ _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.ActionsList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.ActionsList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) def prepare_request(next_link=None): if not next_link: - + request = build_list_by_alert_rule_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, rule_id=rule_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.list_by_alert_rule.metadata['url'], + template_url=self.list_by_alert_rule.metadata["url"], headers=_headers, params=_params, ) @@ -92,17 +102,11 @@ def prepare_request(next_link=None): request.url = self._client.format_url(request.url) # type: ignore else: - - request = build_list_by_alert_rule_request( - subscription_id=self._config.subscription_id, - resource_group_name=resource_group_name, - workspace_name=workspace_name, - rule_id=rule_id, - api_version=api_version, - template_url=next_link, - headers=_headers, - params=_params, - ) + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) request = _convert_request(request) request.url = self._client.format_url(request.url) # type: ignore request.method = "GET" @@ -118,10 +122,8 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) - pipeline_response = await self._client._pipeline.run( # pylint: disable=protected-access - request, - stream=False, - **kwargs + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs ) response = pipeline_response.http_response @@ -131,56 +133,47 @@ async def get_next(next_link=None): return pipeline_response + return AsyncItemPaged(get_next, extract_data) - return AsyncItemPaged( - get_next, extract_data - ) - list_by_alert_rule.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions"} # type: ignore + list_by_alert_rule.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions"} # type: ignore @distributed_trace_async async def get( - self, - resource_group_name: str, - workspace_name: str, - rule_id: str, - action_id: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, rule_id: str, action_id: str, **kwargs: Any ) -> _models.ActionResponse: """Gets the action of alert rule. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param rule_id: Alert rule ID. + :param rule_id: Alert rule ID. Required. :type rule_id: str - :param action_id: Action ID. + :param action_id: Action ID. Required. :type action_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: ActionResponse, or the result of cls(response) + :return: ActionResponse or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.ActionResponse - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.ActionResponse] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.ActionResponse] - request = build_get_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, rule_id=rule_id, action_id=action_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.get.metadata['url'], + template_url=self.get.metadata["url"], headers=_headers, params=_params, ) @@ -188,27 +181,25 @@ async def get( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('ActionResponse', pipeline_response) + deserialized = self._deserialize("ActionResponse", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - get.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}"} # type: ignore - + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}"} # type: ignore - @distributed_trace_async + @overload async def create_or_update( self, resource_group_name: str, @@ -216,49 +207,126 @@ async def create_or_update( rule_id: str, action_id: str, action: _models.ActionRequest, + *, + content_type: str = "application/json", **kwargs: Any ) -> _models.ActionResponse: """Creates or updates the action of alert rule. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param rule_id: Alert rule ID. + :param rule_id: Alert rule ID. Required. :type rule_id: str - :param action_id: Action ID. + :param action_id: Action ID. Required. :type action_id: str - :param action: The action. + :param action: The action. Required. :type action: ~azure.mgmt.securityinsight.models.ActionRequest + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: ActionResponse, or the result of cls(response) + :return: ActionResponse or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.ActionResponse - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + action_id: str, + action: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.ActionResponse: + """Creates or updates the action of alert rule. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param rule_id: Alert rule ID. Required. + :type rule_id: str + :param action_id: Action ID. Required. + :type action_id: str + :param action: The action. Required. + :type action: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ActionResponse or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.ActionResponse + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + action_id: str, + action: Union[_models.ActionRequest, IO], + **kwargs: Any + ) -> _models.ActionResponse: + """Creates or updates the action of alert rule. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param rule_id: Alert rule ID. Required. + :type rule_id: str + :param action_id: Action ID. Required. + :type action_id: str + :param action: The action. Is either a model type or a IO type. Required. + :type action: ~azure.mgmt.securityinsight.models.ActionRequest or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ActionResponse or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.ActionResponse + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', "application/json")) # type: Optional[str] - cls = kwargs.pop('cls', None) # type: ClsType[_models.ActionResponse] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.ActionResponse] - _json = self._serialize.body(action, 'ActionRequest') + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(action, (IO, bytes)): + _content = action + else: + _json = self._serialize.body(action, "ActionRequest") request = build_create_or_update_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, rule_id=rule_id, action_id=action_id, + subscription_id=self._config.subscription_id, api_version=api_version, content_type=content_type, json=_json, - template_url=self.create_or_update.metadata['url'], + content=_content, + template_url=self.create_or_update.metadata["url"], headers=_headers, params=_params, ) @@ -266,10 +334,9 @@ async def create_or_update( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 201]: @@ -277,63 +344,55 @@ async def create_or_update( raise HttpResponseError(response=response, error_format=ARMErrorFormat) if response.status_code == 200: - deserialized = self._deserialize('ActionResponse', pipeline_response) + deserialized = self._deserialize("ActionResponse", pipeline_response) if response.status_code == 201: - deserialized = self._deserialize('ActionResponse', pipeline_response) + deserialized = self._deserialize("ActionResponse", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - create_or_update.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}"} # type: ignore - + create_or_update.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}"} # type: ignore @distributed_trace_async async def delete( # pylint: disable=inconsistent-return-statements - self, - resource_group_name: str, - workspace_name: str, - rule_id: str, - action_id: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, rule_id: str, action_id: str, **kwargs: Any ) -> None: """Delete the action of alert rule. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param rule_id: Alert rule ID. + :param rule_id: Alert rule ID. Required. :type rule_id: str - :param action_id: Action ID. + :param action_id: Action ID. Required. :type action_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: None, or the result of cls(response) + :return: None or the result of cls(response) :rtype: None - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[None] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] - request = build_delete_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, rule_id=rule_id, action_id=action_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.delete.metadata['url'], + template_url=self.delete.metadata["url"], headers=_headers, params=_params, ) @@ -341,10 +400,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 204]: @@ -354,5 +412,4 @@ async def delete( # pylint: disable=inconsistent-return-statements if cls: return cls(pipeline_response, None, {}) - delete.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}"} # type: ignore - + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rule_templates_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rule_templates_operations.py index b5010bd32380..8d876e73e5ce 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rule_templates_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rule_templates_operations.py @@ -7,9 +7,16 @@ # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar +from urllib.parse import parse_qs, urljoin, urlparse from azure.core.async_paging import AsyncItemPaged, AsyncList -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) from azure.core.pipeline import PipelineResponse from azure.core.pipeline.transport import AsyncHttpResponse from azure.core.rest import HttpRequest @@ -21,9 +28,11 @@ from ... import models as _models from ..._vendor import _convert_request from ...operations._alert_rule_templates_operations import build_get_request, build_list_request -T = TypeVar('T') + +T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + class AlertRuleTemplatesOperations: """ .. warning:: @@ -43,46 +52,41 @@ def __init__(self, *args, **kwargs) -> None: self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - @distributed_trace def list( - self, - resource_group_name: str, - workspace_name: str, - **kwargs: Any - ) -> AsyncIterable[_models.AlertRuleTemplatesList]: + self, resource_group_name: str, workspace_name: str, **kwargs: Any + ) -> AsyncIterable["_models.AlertRuleTemplate"]: """Gets all alert rule templates. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either AlertRuleTemplatesList or the result of - cls(response) + :return: An iterator like instance of either AlertRuleTemplate or the result of cls(response) :rtype: - ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.AlertRuleTemplatesList] - :raises: ~azure.core.exceptions.HttpResponseError + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.AlertRuleTemplate] + :raises ~azure.core.exceptions.HttpResponseError: """ _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.AlertRuleTemplatesList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.AlertRuleTemplatesList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) def prepare_request(next_link=None): if not next_link: - + request = build_list_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.list.metadata['url'], + template_url=self.list.metadata["url"], headers=_headers, params=_params, ) @@ -90,16 +94,11 @@ def prepare_request(next_link=None): request.url = self._client.format_url(request.url) # type: ignore else: - - request = build_list_request( - subscription_id=self._config.subscription_id, - resource_group_name=resource_group_name, - workspace_name=workspace_name, - api_version=api_version, - template_url=next_link, - headers=_headers, - params=_params, - ) + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) request = _convert_request(request) request.url = self._client.format_url(request.url) # type: ignore request.method = "GET" @@ -115,10 +114,8 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) - pipeline_response = await self._client._pipeline.run( # pylint: disable=protected-access - request, - stream=False, - **kwargs + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs ) response = pipeline_response.http_response @@ -128,52 +125,44 @@ async def get_next(next_link=None): return pipeline_response + return AsyncItemPaged(get_next, extract_data) - return AsyncItemPaged( - get_next, extract_data - ) - list.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates"} # type: ignore + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates"} # type: ignore @distributed_trace_async async def get( - self, - resource_group_name: str, - workspace_name: str, - alert_rule_template_id: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, alert_rule_template_id: str, **kwargs: Any ) -> _models.AlertRuleTemplate: """Gets the alert rule template. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param alert_rule_template_id: Alert rule template ID. + :param alert_rule_template_id: Alert rule template ID. Required. :type alert_rule_template_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: AlertRuleTemplate, or the result of cls(response) + :return: AlertRuleTemplate or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.AlertRuleTemplate - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.AlertRuleTemplate] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.AlertRuleTemplate] - request = build_get_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, alert_rule_template_id=alert_rule_template_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.get.metadata['url'], + template_url=self.get.metadata["url"], headers=_headers, params=_params, ) @@ -181,22 +170,20 @@ async def get( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('AlertRuleTemplate', pipeline_response) + deserialized = self._deserialize("AlertRuleTemplate", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - get.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates/{alertRuleTemplateId}"} # type: ignore - + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates/{alertRuleTemplateId}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rules_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rules_operations.py index 6bba6b8d4eee..78a6e76ecb79 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rules_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_alert_rules_operations.py @@ -6,10 +6,17 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload +from urllib.parse import parse_qs, urljoin, urlparse from azure.core.async_paging import AsyncItemPaged, AsyncList -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) from azure.core.pipeline import PipelineResponse from azure.core.pipeline.transport import AsyncHttpResponse from azure.core.rest import HttpRequest @@ -20,10 +27,17 @@ from ... import models as _models from ..._vendor import _convert_request -from ...operations._alert_rules_operations import build_create_or_update_request, build_delete_request, build_get_request, build_list_request -T = TypeVar('T') +from ...operations._alert_rules_operations import ( + build_create_or_update_request, + build_delete_request, + build_get_request, + build_list_request, +) + +T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + class AlertRulesOperations: """ .. warning:: @@ -43,45 +57,38 @@ def __init__(self, *args, **kwargs) -> None: self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - @distributed_trace - def list( - self, - resource_group_name: str, - workspace_name: str, - **kwargs: Any - ) -> AsyncIterable[_models.AlertRulesList]: + def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> AsyncIterable["_models.AlertRule"]: """Gets all alert rules. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either AlertRulesList or the result of cls(response) - :rtype: - ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.AlertRulesList] - :raises: ~azure.core.exceptions.HttpResponseError + :return: An iterator like instance of either AlertRule or the result of cls(response) + :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.AlertRule] + :raises ~azure.core.exceptions.HttpResponseError: """ _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.AlertRulesList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.AlertRulesList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) def prepare_request(next_link=None): if not next_link: - + request = build_list_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.list.metadata['url'], + template_url=self.list.metadata["url"], headers=_headers, params=_params, ) @@ -89,16 +96,11 @@ def prepare_request(next_link=None): request.url = self._client.format_url(request.url) # type: ignore else: - - request = build_list_request( - subscription_id=self._config.subscription_id, - resource_group_name=resource_group_name, - workspace_name=workspace_name, - api_version=api_version, - template_url=next_link, - headers=_headers, - params=_params, - ) + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) request = _convert_request(request) request.url = self._client.format_url(request.url) # type: ignore request.method = "GET" @@ -114,10 +116,8 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) - pipeline_response = await self._client._pipeline.run( # pylint: disable=protected-access - request, - stream=False, - **kwargs + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs ) response = pipeline_response.http_response @@ -127,52 +127,44 @@ async def get_next(next_link=None): return pipeline_response + return AsyncItemPaged(get_next, extract_data) - return AsyncItemPaged( - get_next, extract_data - ) - list.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules"} # type: ignore + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules"} # type: ignore @distributed_trace_async async def get( - self, - resource_group_name: str, - workspace_name: str, - rule_id: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, rule_id: str, **kwargs: Any ) -> _models.AlertRule: """Gets the alert rule. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param rule_id: Alert rule ID. + :param rule_id: Alert rule ID. Required. :type rule_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: AlertRule, or the result of cls(response) + :return: AlertRule or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.AlertRule - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.AlertRule] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.AlertRule] - request = build_get_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, rule_id=rule_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.get.metadata['url'], + template_url=self.get.metadata["url"], headers=_headers, params=_params, ) @@ -180,73 +172,142 @@ async def get( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('AlertRule', pipeline_response) + deserialized = self._deserialize("AlertRule", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - get.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}"} # type: ignore - + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}"} # type: ignore - @distributed_trace_async + @overload async def create_or_update( self, resource_group_name: str, workspace_name: str, rule_id: str, alert_rule: _models.AlertRule, + *, + content_type: str = "application/json", **kwargs: Any ) -> _models.AlertRule: """Creates or updates the alert rule. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param rule_id: Alert rule ID. + :param rule_id: Alert rule ID. Required. :type rule_id: str - :param alert_rule: The alert rule. + :param alert_rule: The alert rule. Required. :type alert_rule: ~azure.mgmt.securityinsight.models.AlertRule + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: AlertRule, or the result of cls(response) + :return: AlertRule or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.AlertRule - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + alert_rule: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.AlertRule: + """Creates or updates the alert rule. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param rule_id: Alert rule ID. Required. + :type rule_id: str + :param alert_rule: The alert rule. Required. + :type alert_rule: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: AlertRule or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.AlertRule + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + alert_rule: Union[_models.AlertRule, IO], + **kwargs: Any + ) -> _models.AlertRule: + """Creates or updates the alert rule. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param rule_id: Alert rule ID. Required. + :type rule_id: str + :param alert_rule: The alert rule. Is either a model type or a IO type. Required. + :type alert_rule: ~azure.mgmt.securityinsight.models.AlertRule or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: AlertRule or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.AlertRule + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', "application/json")) # type: Optional[str] - cls = kwargs.pop('cls', None) # type: ClsType[_models.AlertRule] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.AlertRule] - _json = self._serialize.body(alert_rule, 'AlertRule') + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(alert_rule, (IO, bytes)): + _content = alert_rule + else: + _json = self._serialize.body(alert_rule, "AlertRule") request = build_create_or_update_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, rule_id=rule_id, + subscription_id=self._config.subscription_id, api_version=api_version, content_type=content_type, json=_json, - template_url=self.create_or_update.metadata['url'], + content=_content, + template_url=self.create_or_update.metadata["url"], headers=_headers, params=_params, ) @@ -254,10 +315,9 @@ async def create_or_update( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 201]: @@ -265,59 +325,52 @@ async def create_or_update( raise HttpResponseError(response=response, error_format=ARMErrorFormat) if response.status_code == 200: - deserialized = self._deserialize('AlertRule', pipeline_response) + deserialized = self._deserialize("AlertRule", pipeline_response) if response.status_code == 201: - deserialized = self._deserialize('AlertRule', pipeline_response) + deserialized = self._deserialize("AlertRule", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - create_or_update.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}"} # type: ignore - + create_or_update.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}"} # type: ignore @distributed_trace_async async def delete( # pylint: disable=inconsistent-return-statements - self, - resource_group_name: str, - workspace_name: str, - rule_id: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, rule_id: str, **kwargs: Any ) -> None: """Delete the alert rule. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param rule_id: Alert rule ID. + :param rule_id: Alert rule ID. Required. :type rule_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: None, or the result of cls(response) + :return: None or the result of cls(response) :rtype: None - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[None] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] - request = build_delete_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, rule_id=rule_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.delete.metadata['url'], + template_url=self.delete.metadata["url"], headers=_headers, params=_params, ) @@ -325,10 +378,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 204]: @@ -338,5 +390,4 @@ async def delete( # pylint: disable=inconsistent-return-statements if cls: return cls(pipeline_response, None, {}) - delete.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}"} # type: ignore - + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_automation_rules_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_automation_rules_operations.py index 7d787e94cd5a..e1f8045be350 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_automation_rules_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_automation_rules_operations.py @@ -6,10 +6,18 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar +import sys +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload +from urllib.parse import parse_qs, urljoin, urlparse from azure.core.async_paging import AsyncItemPaged, AsyncList -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) from azure.core.pipeline import PipelineResponse from azure.core.pipeline.transport import AsyncHttpResponse from azure.core.rest import HttpRequest @@ -20,10 +28,22 @@ from ... import models as _models from ..._vendor import _convert_request -from ...operations._automation_rules_operations import build_create_or_update_request, build_delete_request, build_get_request, build_list_request -T = TypeVar('T') +from ...operations._automation_rules_operations import ( + build_create_or_update_request, + build_delete_request, + build_get_request, + build_list_request, +) + +if sys.version_info >= (3, 9): + from collections.abc import MutableMapping +else: + from typing import MutableMapping # type: ignore # pylint: disable=ungrouped-imports +JSON = MutableMapping[str, Any] # pylint: disable=unsubscriptable-object +T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + class AutomationRulesOperations: """ .. warning:: @@ -43,47 +63,40 @@ def __init__(self, *args, **kwargs) -> None: self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - @distributed_trace_async async def get( - self, - resource_group_name: str, - workspace_name: str, - automation_rule_id: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, automation_rule_id: str, **kwargs: Any ) -> _models.AutomationRule: """Gets the automation rule. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param automation_rule_id: Automation rule ID. + :param automation_rule_id: Automation rule ID. Required. :type automation_rule_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: AutomationRule, or the result of cls(response) + :return: AutomationRule or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.AutomationRule - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.AutomationRule] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.AutomationRule] - request = build_get_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, automation_rule_id=automation_rule_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.get.metadata['url'], + template_url=self.get.metadata["url"], headers=_headers, params=_params, ) @@ -91,76 +104,146 @@ async def get( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('AutomationRule', pipeline_response) + deserialized = self._deserialize("AutomationRule", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - get.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}"} # type: ignore + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}"} # type: ignore - - @distributed_trace_async + @overload async def create_or_update( self, resource_group_name: str, workspace_name: str, automation_rule_id: str, automation_rule_to_upsert: Optional[_models.AutomationRule] = None, + *, + content_type: str = "application/json", **kwargs: Any ) -> _models.AutomationRule: """Creates or updates the automation rule. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param automation_rule_id: Automation rule ID. + :param automation_rule_id: Automation rule ID. Required. :type automation_rule_id: str :param automation_rule_to_upsert: The automation rule. Default value is None. :type automation_rule_to_upsert: ~azure.mgmt.securityinsight.models.AutomationRule + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: AutomationRule or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.AutomationRule + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + automation_rule_id: str, + automation_rule_to_upsert: Optional[IO] = None, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.AutomationRule: + """Creates or updates the automation rule. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param automation_rule_id: Automation rule ID. Required. + :type automation_rule_id: str + :param automation_rule_to_upsert: The automation rule. Default value is None. + :type automation_rule_to_upsert: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: AutomationRule, or the result of cls(response) + :return: AutomationRule or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.AutomationRule - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + + @distributed_trace_async + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + automation_rule_id: str, + automation_rule_to_upsert: Optional[Union[_models.AutomationRule, IO]] = None, + **kwargs: Any + ) -> _models.AutomationRule: + """Creates or updates the automation rule. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param automation_rule_id: Automation rule ID. Required. + :type automation_rule_id: str + :param automation_rule_to_upsert: The automation rule. Is either a model type or a IO type. + Default value is None. + :type automation_rule_to_upsert: ~azure.mgmt.securityinsight.models.AutomationRule or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: AutomationRule or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.AutomationRule + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', "application/json")) # type: Optional[str] - cls = kwargs.pop('cls', None) # type: ClsType[_models.AutomationRule] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.AutomationRule] - if automation_rule_to_upsert is not None: - _json = self._serialize.body(automation_rule_to_upsert, 'AutomationRule') + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(automation_rule_to_upsert, (IO, bytes)): + _content = automation_rule_to_upsert else: - _json = None + if automation_rule_to_upsert is not None: + _json = self._serialize.body(automation_rule_to_upsert, "AutomationRule") + else: + _json = None request = build_create_or_update_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, automation_rule_id=automation_rule_id, + subscription_id=self._config.subscription_id, api_version=api_version, content_type=content_type, json=_json, - template_url=self.create_or_update.metadata['url'], + content=_content, + template_url=self.create_or_update.metadata["url"], headers=_headers, params=_params, ) @@ -168,10 +251,9 @@ async def create_or_update( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 201]: @@ -179,59 +261,52 @@ async def create_or_update( raise HttpResponseError(response=response, error_format=ARMErrorFormat) if response.status_code == 200: - deserialized = self._deserialize('AutomationRule', pipeline_response) + deserialized = self._deserialize("AutomationRule", pipeline_response) if response.status_code == 201: - deserialized = self._deserialize('AutomationRule', pipeline_response) + deserialized = self._deserialize("AutomationRule", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - create_or_update.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}"} # type: ignore - + create_or_update.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}"} # type: ignore @distributed_trace_async async def delete( - self, - resource_group_name: str, - workspace_name: str, - automation_rule_id: str, - **kwargs: Any - ) -> Any: + self, resource_group_name: str, workspace_name: str, automation_rule_id: str, **kwargs: Any + ) -> JSON: """Delete the automation rule. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param automation_rule_id: Automation rule ID. + :param automation_rule_id: Automation rule ID. Required. :type automation_rule_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: any, or the result of cls(response) - :rtype: any - :raises: ~azure.core.exceptions.HttpResponseError + :return: JSON or the result of cls(response) + :rtype: JSON + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[Any] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[JSON] - request = build_delete_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, automation_rule_id=automation_rule_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.delete.metadata['url'], + template_url=self.delete.metadata["url"], headers=_headers, params=_params, ) @@ -239,10 +314,9 @@ async def delete( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 204]: @@ -250,57 +324,53 @@ async def delete( raise HttpResponseError(response=response, error_format=ARMErrorFormat) if response.status_code == 200: - deserialized = self._deserialize('object', pipeline_response) + deserialized = self._deserialize("object", pipeline_response) if response.status_code == 204: - deserialized = self._deserialize('object', pipeline_response) + deserialized = self._deserialize("object", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - delete.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}"} # type: ignore - + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}"} # type: ignore @distributed_trace def list( - self, - resource_group_name: str, - workspace_name: str, - **kwargs: Any - ) -> AsyncIterable[_models.AutomationRulesList]: + self, resource_group_name: str, workspace_name: str, **kwargs: Any + ) -> AsyncIterable["_models.AutomationRule"]: """Gets all automation rules. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either AutomationRulesList or the result of cls(response) + :return: An iterator like instance of either AutomationRule or the result of cls(response) :rtype: - ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.AutomationRulesList] - :raises: ~azure.core.exceptions.HttpResponseError + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.AutomationRule] + :raises ~azure.core.exceptions.HttpResponseError: """ _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.AutomationRulesList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.AutomationRulesList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) def prepare_request(next_link=None): if not next_link: - + request = build_list_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.list.metadata['url'], + template_url=self.list.metadata["url"], headers=_headers, params=_params, ) @@ -308,16 +378,11 @@ def prepare_request(next_link=None): request.url = self._client.format_url(request.url) # type: ignore else: - - request = build_list_request( - subscription_id=self._config.subscription_id, - resource_group_name=resource_group_name, - workspace_name=workspace_name, - api_version=api_version, - template_url=next_link, - headers=_headers, - params=_params, - ) + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) request = _convert_request(request) request.url = self._client.format_url(request.url) # type: ignore request.method = "GET" @@ -333,10 +398,8 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) - pipeline_response = await self._client._pipeline.run( # pylint: disable=protected-access - request, - stream=False, - **kwargs + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs ) response = pipeline_response.http_response @@ -346,8 +409,6 @@ async def get_next(next_link=None): return pipeline_response + return AsyncItemPaged(get_next, extract_data) - return AsyncItemPaged( - get_next, extract_data - ) - list.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules"} # type: ignore + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmark_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmark_operations.py new file mode 100644 index 000000000000..e88ad0928a90 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmark_operations.py @@ -0,0 +1,196 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._bookmark_operations import build_expand_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class BookmarkOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`bookmark` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @overload + async def expand( + self, + resource_group_name: str, + workspace_name: str, + bookmark_id: str, + parameters: _models.BookmarkExpandParameters, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.BookmarkExpandResponse: + """Expand an bookmark. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param bookmark_id: Bookmark ID. Required. + :type bookmark_id: str + :param parameters: The parameters required to execute an expand operation on the given + bookmark. Required. + :type parameters: ~azure.mgmt.securityinsight.models.BookmarkExpandParameters + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: BookmarkExpandResponse or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.BookmarkExpandResponse + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def expand( + self, + resource_group_name: str, + workspace_name: str, + bookmark_id: str, + parameters: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.BookmarkExpandResponse: + """Expand an bookmark. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param bookmark_id: Bookmark ID. Required. + :type bookmark_id: str + :param parameters: The parameters required to execute an expand operation on the given + bookmark. Required. + :type parameters: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: BookmarkExpandResponse or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.BookmarkExpandResponse + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def expand( + self, + resource_group_name: str, + workspace_name: str, + bookmark_id: str, + parameters: Union[_models.BookmarkExpandParameters, IO], + **kwargs: Any + ) -> _models.BookmarkExpandResponse: + """Expand an bookmark. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param bookmark_id: Bookmark ID. Required. + :type bookmark_id: str + :param parameters: The parameters required to execute an expand operation on the given + bookmark. Is either a model type or a IO type. Required. + :type parameters: ~azure.mgmt.securityinsight.models.BookmarkExpandParameters or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: BookmarkExpandResponse or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.BookmarkExpandResponse + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.BookmarkExpandResponse] + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(parameters, (IO, bytes)): + _content = parameters + else: + _json = self._serialize.body(parameters, "BookmarkExpandParameters") + + request = build_expand_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + bookmark_id=bookmark_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.expand.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("BookmarkExpandResponse", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + expand.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/expand"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmark_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmark_relations_operations.py new file mode 100644 index 000000000000..74bc01c488ee --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmark_relations_operations.py @@ -0,0 +1,438 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._bookmark_relations_operations import ( + build_create_or_update_request, + build_delete_request, + build_get_request, + build_list_request, +) + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class BookmarkRelationsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`bookmark_relations` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + bookmark_id: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> AsyncIterable["_models.Relation"]: + """Gets all bookmark relations. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param bookmark_id: Bookmark ID. Required. + :type bookmark_id: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either Relation or the result of cls(response) + :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.Relation] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.RelationList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + bookmark_id=bookmark_id, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + else: + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("RelationList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations"} # type: ignore + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, bookmark_id: str, relation_name: str, **kwargs: Any + ) -> _models.Relation: + """Gets a bookmark relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param bookmark_id: Bookmark ID. Required. + :type bookmark_id: str + :param relation_name: Relation Name. Required. + :type relation_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Relation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Relation + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.Relation] + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + bookmark_id=bookmark_id, + relation_name=relation_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("Relation", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}"} # type: ignore + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + bookmark_id: str, + relation_name: str, + relation: _models.Relation, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.Relation: + """Creates the bookmark relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param bookmark_id: Bookmark ID. Required. + :type bookmark_id: str + :param relation_name: Relation Name. Required. + :type relation_name: str + :param relation: The relation model. Required. + :type relation: ~azure.mgmt.securityinsight.models.Relation + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Relation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Relation + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + bookmark_id: str, + relation_name: str, + relation: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.Relation: + """Creates the bookmark relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param bookmark_id: Bookmark ID. Required. + :type bookmark_id: str + :param relation_name: Relation Name. Required. + :type relation_name: str + :param relation: The relation model. Required. + :type relation: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Relation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Relation + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + bookmark_id: str, + relation_name: str, + relation: Union[_models.Relation, IO], + **kwargs: Any + ) -> _models.Relation: + """Creates the bookmark relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param bookmark_id: Bookmark ID. Required. + :type bookmark_id: str + :param relation_name: Relation Name. Required. + :type relation_name: str + :param relation: The relation model. Is either a model type or a IO type. Required. + :type relation: ~azure.mgmt.securityinsight.models.Relation or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Relation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Relation + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.Relation] + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(relation, (IO, bytes)): + _content = relation + else: + _json = self._serialize.body(relation, "Relation") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + bookmark_id=bookmark_id, + relation_name=relation_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("Relation", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("Relation", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + create_or_update.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}"} # type: ignore + + @distributed_trace_async + async def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, bookmark_id: str, relation_name: str, **kwargs: Any + ) -> None: + """Delete the bookmark relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param bookmark_id: Bookmark ID. Required. + :type bookmark_id: str + :param relation_name: Relation Name. Required. + :type relation_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + bookmark_id=bookmark_id, + relation_name=relation_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmarks_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmarks_operations.py index 4ae389a44cc0..0aae67427452 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmarks_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_bookmarks_operations.py @@ -6,10 +6,17 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload +from urllib.parse import parse_qs, urljoin, urlparse from azure.core.async_paging import AsyncItemPaged, AsyncList -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) from azure.core.pipeline import PipelineResponse from azure.core.pipeline.transport import AsyncHttpResponse from azure.core.rest import HttpRequest @@ -20,10 +27,17 @@ from ... import models as _models from ..._vendor import _convert_request -from ...operations._bookmarks_operations import build_create_or_update_request, build_delete_request, build_get_request, build_list_request -T = TypeVar('T') +from ...operations._bookmarks_operations import ( + build_create_or_update_request, + build_delete_request, + build_get_request, + build_list_request, +) + +T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + class BookmarksOperations: """ .. warning:: @@ -43,45 +57,38 @@ def __init__(self, *args, **kwargs) -> None: self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - @distributed_trace - def list( - self, - resource_group_name: str, - workspace_name: str, - **kwargs: Any - ) -> AsyncIterable[_models.BookmarkList]: + def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> AsyncIterable["_models.Bookmark"]: """Gets all bookmarks. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either BookmarkList or the result of cls(response) - :rtype: - ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.BookmarkList] - :raises: ~azure.core.exceptions.HttpResponseError + :return: An iterator like instance of either Bookmark or the result of cls(response) + :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.Bookmark] + :raises ~azure.core.exceptions.HttpResponseError: """ _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.BookmarkList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.BookmarkList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) def prepare_request(next_link=None): if not next_link: - + request = build_list_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.list.metadata['url'], + template_url=self.list.metadata["url"], headers=_headers, params=_params, ) @@ -89,16 +96,11 @@ def prepare_request(next_link=None): request.url = self._client.format_url(request.url) # type: ignore else: - - request = build_list_request( - subscription_id=self._config.subscription_id, - resource_group_name=resource_group_name, - workspace_name=workspace_name, - api_version=api_version, - template_url=next_link, - headers=_headers, - params=_params, - ) + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) request = _convert_request(request) request.url = self._client.format_url(request.url) # type: ignore request.method = "GET" @@ -114,10 +116,8 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) - pipeline_response = await self._client._pipeline.run( # pylint: disable=protected-access - request, - stream=False, - **kwargs + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs ) response = pipeline_response.http_response @@ -127,52 +127,44 @@ async def get_next(next_link=None): return pipeline_response + return AsyncItemPaged(get_next, extract_data) - return AsyncItemPaged( - get_next, extract_data - ) - list.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks"} # type: ignore + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks"} # type: ignore @distributed_trace_async async def get( - self, - resource_group_name: str, - workspace_name: str, - bookmark_id: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, bookmark_id: str, **kwargs: Any ) -> _models.Bookmark: """Gets a bookmark. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param bookmark_id: Bookmark ID. + :param bookmark_id: Bookmark ID. Required. :type bookmark_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: Bookmark, or the result of cls(response) + :return: Bookmark or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.Bookmark - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.Bookmark] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.Bookmark] - request = build_get_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, bookmark_id=bookmark_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.get.metadata['url'], + template_url=self.get.metadata["url"], headers=_headers, params=_params, ) @@ -180,73 +172,142 @@ async def get( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('Bookmark', pipeline_response) + deserialized = self._deserialize("Bookmark", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - get.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}"} # type: ignore - + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}"} # type: ignore - @distributed_trace_async + @overload async def create_or_update( self, resource_group_name: str, workspace_name: str, bookmark_id: str, bookmark: _models.Bookmark, + *, + content_type: str = "application/json", **kwargs: Any ) -> _models.Bookmark: """Creates or updates the bookmark. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param bookmark_id: Bookmark ID. + :param bookmark_id: Bookmark ID. Required. :type bookmark_id: str - :param bookmark: The bookmark. + :param bookmark: The bookmark. Required. :type bookmark: ~azure.mgmt.securityinsight.models.Bookmark + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: Bookmark, or the result of cls(response) + :return: Bookmark or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.Bookmark - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + bookmark_id: str, + bookmark: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.Bookmark: + """Creates or updates the bookmark. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param bookmark_id: Bookmark ID. Required. + :type bookmark_id: str + :param bookmark: The bookmark. Required. + :type bookmark: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Bookmark or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Bookmark + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + bookmark_id: str, + bookmark: Union[_models.Bookmark, IO], + **kwargs: Any + ) -> _models.Bookmark: + """Creates or updates the bookmark. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param bookmark_id: Bookmark ID. Required. + :type bookmark_id: str + :param bookmark: The bookmark. Is either a model type or a IO type. Required. + :type bookmark: ~azure.mgmt.securityinsight.models.Bookmark or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Bookmark or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Bookmark + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', "application/json")) # type: Optional[str] - cls = kwargs.pop('cls', None) # type: ClsType[_models.Bookmark] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.Bookmark] - _json = self._serialize.body(bookmark, 'Bookmark') + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(bookmark, (IO, bytes)): + _content = bookmark + else: + _json = self._serialize.body(bookmark, "Bookmark") request = build_create_or_update_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, bookmark_id=bookmark_id, + subscription_id=self._config.subscription_id, api_version=api_version, content_type=content_type, json=_json, - template_url=self.create_or_update.metadata['url'], + content=_content, + template_url=self.create_or_update.metadata["url"], headers=_headers, params=_params, ) @@ -254,10 +315,9 @@ async def create_or_update( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 201]: @@ -265,59 +325,52 @@ async def create_or_update( raise HttpResponseError(response=response, error_format=ARMErrorFormat) if response.status_code == 200: - deserialized = self._deserialize('Bookmark', pipeline_response) + deserialized = self._deserialize("Bookmark", pipeline_response) if response.status_code == 201: - deserialized = self._deserialize('Bookmark', pipeline_response) + deserialized = self._deserialize("Bookmark", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - create_or_update.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}"} # type: ignore - + create_or_update.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}"} # type: ignore @distributed_trace_async async def delete( # pylint: disable=inconsistent-return-statements - self, - resource_group_name: str, - workspace_name: str, - bookmark_id: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, bookmark_id: str, **kwargs: Any ) -> None: """Delete the bookmark. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param bookmark_id: Bookmark ID. + :param bookmark_id: Bookmark ID. Required. :type bookmark_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: None, or the result of cls(response) + :return: None or the result of cls(response) :rtype: None - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[None] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] - request = build_delete_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, bookmark_id=bookmark_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.delete.metadata['url'], + template_url=self.delete.metadata["url"], headers=_headers, params=_params, ) @@ -325,10 +378,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 204]: @@ -338,5 +390,4 @@ async def delete( # pylint: disable=inconsistent-return-statements if cls: return cls(pipeline_response, None, {}) - delete.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}"} # type: ignore - + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connectors_check_requirements_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connectors_check_requirements_operations.py new file mode 100644 index 000000000000..a4aff7b92dc3 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connectors_check_requirements_operations.py @@ -0,0 +1,188 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._data_connectors_check_requirements_operations import build_post_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class DataConnectorsCheckRequirementsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`data_connectors_check_requirements` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @overload + async def post( + self, + resource_group_name: str, + workspace_name: str, + data_connectors_check_requirements: _models.DataConnectorsCheckRequirements, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.DataConnectorRequirementsState: + """Get requirements state for a data connector type. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connectors_check_requirements: The parameters for requirements check message. + Required. + :type data_connectors_check_requirements: + ~azure.mgmt.securityinsight.models.DataConnectorsCheckRequirements + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnectorRequirementsState or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.DataConnectorRequirementsState + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def post( + self, + resource_group_name: str, + workspace_name: str, + data_connectors_check_requirements: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.DataConnectorRequirementsState: + """Get requirements state for a data connector type. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connectors_check_requirements: The parameters for requirements check message. + Required. + :type data_connectors_check_requirements: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnectorRequirementsState or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.DataConnectorRequirementsState + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def post( + self, + resource_group_name: str, + workspace_name: str, + data_connectors_check_requirements: Union[_models.DataConnectorsCheckRequirements, IO], + **kwargs: Any + ) -> _models.DataConnectorRequirementsState: + """Get requirements state for a data connector type. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connectors_check_requirements: The parameters for requirements check message. Is + either a model type or a IO type. Required. + :type data_connectors_check_requirements: + ~azure.mgmt.securityinsight.models.DataConnectorsCheckRequirements or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnectorRequirementsState or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.DataConnectorRequirementsState + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.DataConnectorRequirementsState] + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(data_connectors_check_requirements, (IO, bytes)): + _content = data_connectors_check_requirements + else: + _json = self._serialize.body(data_connectors_check_requirements, "DataConnectorsCheckRequirements") + + request = build_post_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.post.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("DataConnectorRequirementsState", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + post.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorsCheckRequirements"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connectors_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connectors_operations.py index 433de2198a80..3ded35029daf 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connectors_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_data_connectors_operations.py @@ -6,10 +6,17 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload +from urllib.parse import parse_qs, urljoin, urlparse from azure.core.async_paging import AsyncItemPaged, AsyncList -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) from azure.core.pipeline import PipelineResponse from azure.core.pipeline.transport import AsyncHttpResponse from azure.core.rest import HttpRequest @@ -20,10 +27,19 @@ from ... import models as _models from ..._vendor import _convert_request -from ...operations._data_connectors_operations import build_create_or_update_request, build_delete_request, build_get_request, build_list_request -T = TypeVar('T') +from ...operations._data_connectors_operations import ( + build_connect_request, + build_create_or_update_request, + build_delete_request, + build_disconnect_request, + build_get_request, + build_list_request, +) + +T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + class DataConnectorsOperations: """ .. warning:: @@ -43,45 +59,41 @@ def __init__(self, *args, **kwargs) -> None: self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - @distributed_trace def list( - self, - resource_group_name: str, - workspace_name: str, - **kwargs: Any - ) -> AsyncIterable[_models.DataConnectorList]: + self, resource_group_name: str, workspace_name: str, **kwargs: Any + ) -> AsyncIterable["_models.DataConnector"]: """Gets all data connectors. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either DataConnectorList or the result of cls(response) + :return: An iterator like instance of either DataConnector or the result of cls(response) :rtype: - ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.DataConnectorList] - :raises: ~azure.core.exceptions.HttpResponseError + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.DataConnector] + :raises ~azure.core.exceptions.HttpResponseError: """ _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.DataConnectorList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.DataConnectorList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) def prepare_request(next_link=None): if not next_link: - + request = build_list_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.list.metadata['url'], + template_url=self.list.metadata["url"], headers=_headers, params=_params, ) @@ -89,16 +101,11 @@ def prepare_request(next_link=None): request.url = self._client.format_url(request.url) # type: ignore else: - - request = build_list_request( - subscription_id=self._config.subscription_id, - resource_group_name=resource_group_name, - workspace_name=workspace_name, - api_version=api_version, - template_url=next_link, - headers=_headers, - params=_params, - ) + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) request = _convert_request(request) request.url = self._client.format_url(request.url) # type: ignore request.method = "GET" @@ -114,10 +121,8 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) - pipeline_response = await self._client._pipeline.run( # pylint: disable=protected-access - request, - stream=False, - **kwargs + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs ) response = pipeline_response.http_response @@ -127,52 +132,44 @@ async def get_next(next_link=None): return pipeline_response + return AsyncItemPaged(get_next, extract_data) - return AsyncItemPaged( - get_next, extract_data - ) - list.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors"} # type: ignore + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors"} # type: ignore @distributed_trace_async async def get( - self, - resource_group_name: str, - workspace_name: str, - data_connector_id: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, data_connector_id: str, **kwargs: Any ) -> _models.DataConnector: """Gets a data connector. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param data_connector_id: Connector ID. + :param data_connector_id: Connector ID. Required. :type data_connector_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: DataConnector, or the result of cls(response) + :return: DataConnector or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.DataConnector - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.DataConnector] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.DataConnector] - request = build_get_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, data_connector_id=data_connector_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.get.metadata['url'], + template_url=self.get.metadata["url"], headers=_headers, params=_params, ) @@ -180,73 +177,142 @@ async def get( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('DataConnector', pipeline_response) + deserialized = self._deserialize("DataConnector", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - get.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}"} # type: ignore + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}"} # type: ignore - - @distributed_trace_async + @overload async def create_or_update( self, resource_group_name: str, workspace_name: str, data_connector_id: str, data_connector: _models.DataConnector, + *, + content_type: str = "application/json", **kwargs: Any ) -> _models.DataConnector: """Creates or updates the data connector. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param data_connector_id: Connector ID. + :param data_connector_id: Connector ID. Required. :type data_connector_id: str - :param data_connector: The data connector. + :param data_connector: The data connector. Required. :type data_connector: ~azure.mgmt.securityinsight.models.DataConnector + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnector or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.DataConnector + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + data_connector_id: str, + data_connector: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.DataConnector: + """Creates or updates the data connector. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connector_id: Connector ID. Required. + :type data_connector_id: str + :param data_connector: The data connector. Required. + :type data_connector: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: DataConnector, or the result of cls(response) + :return: DataConnector or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.DataConnector - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + + @distributed_trace_async + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + data_connector_id: str, + data_connector: Union[_models.DataConnector, IO], + **kwargs: Any + ) -> _models.DataConnector: + """Creates or updates the data connector. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connector_id: Connector ID. Required. + :type data_connector_id: str + :param data_connector: The data connector. Is either a model type or a IO type. Required. + :type data_connector: ~azure.mgmt.securityinsight.models.DataConnector or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnector or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.DataConnector + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', "application/json")) # type: Optional[str] - cls = kwargs.pop('cls', None) # type: ClsType[_models.DataConnector] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.DataConnector] - _json = self._serialize.body(data_connector, 'DataConnector') + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(data_connector, (IO, bytes)): + _content = data_connector + else: + _json = self._serialize.body(data_connector, "DataConnector") request = build_create_or_update_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, data_connector_id=data_connector_id, + subscription_id=self._config.subscription_id, api_version=api_version, content_type=content_type, json=_json, - template_url=self.create_or_update.metadata['url'], + content=_content, + template_url=self.create_or_update.metadata["url"], headers=_headers, params=_params, ) @@ -254,10 +320,9 @@ async def create_or_update( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 201]: @@ -265,59 +330,191 @@ async def create_or_update( raise HttpResponseError(response=response, error_format=ARMErrorFormat) if response.status_code == 200: - deserialized = self._deserialize('DataConnector', pipeline_response) + deserialized = self._deserialize("DataConnector", pipeline_response) if response.status_code == 201: - deserialized = self._deserialize('DataConnector', pipeline_response) + deserialized = self._deserialize("DataConnector", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - create_or_update.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}"} # type: ignore - + create_or_update.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}"} # type: ignore @distributed_trace_async async def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, data_connector_id: str, **kwargs: Any + ) -> None: + """Delete the data connector. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connector_id: Connector ID. Required. + :type data_connector_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + data_connector_id=data_connector_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}"} # type: ignore + + @overload + async def connect( # pylint: disable=inconsistent-return-statements self, resource_group_name: str, workspace_name: str, data_connector_id: str, + connect_body: _models.DataConnectorConnectBody, + *, + content_type: str = "application/json", **kwargs: Any ) -> None: - """Delete the data connector. + """Connects a data connector. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param data_connector_id: Connector ID. + :param data_connector_id: Connector ID. Required. :type data_connector_id: str + :param connect_body: The data connector. Required. + :type connect_body: ~azure.mgmt.securityinsight.models.DataConnectorConnectBody + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: None, or the result of cls(response) + :return: None or the result of cls(response) :rtype: None - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) - _headers = kwargs.pop("headers", {}) or {} + @overload + async def connect( # pylint: disable=inconsistent-return-statements + self, + resource_group_name: str, + workspace_name: str, + data_connector_id: str, + connect_body: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> None: + """Connects a data connector. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connector_id: Connector ID. Required. + :type data_connector_id: str + :param connect_body: The data connector. Required. + :type connect_body: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def connect( # pylint: disable=inconsistent-return-statements + self, + resource_group_name: str, + workspace_name: str, + data_connector_id: str, + connect_body: Union[_models.DataConnectorConnectBody, IO], + **kwargs: Any + ) -> None: + """Connects a data connector. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connector_id: Connector ID. Required. + :type data_connector_id: str + :param connect_body: The data connector. Is either a model type or a IO type. Required. + :type connect_body: ~azure.mgmt.securityinsight.models.DataConnectorConnectBody or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[None] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[None] - - request = build_delete_request( - subscription_id=self._config.subscription_id, + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(connect_body, (IO, bytes)): + _content = connect_body + else: + _json = self._serialize.body(connect_body, "DataConnectorConnectBody") + + request = build_connect_request( resource_group_name=resource_group_name, workspace_name=workspace_name, data_connector_id=data_connector_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.delete.metadata['url'], + content_type=content_type, + json=_json, + content=_content, + template_url=self.connect.metadata["url"], headers=_headers, params=_params, ) @@ -325,18 +522,71 @@ async def delete( # pylint: disable=inconsistent-return-statements request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response - if response.status_code not in [200, 204]: + if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) if cls: return cls(pipeline_response, None, {}) - delete.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}"} # type: ignore + connect.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}/connect"} # type: ignore + + @distributed_trace_async + async def disconnect( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, data_connector_id: str, **kwargs: Any + ) -> None: + """Disconnect a data connector. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connector_id: Connector ID. Required. + :type data_connector_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] + + request = build_disconnect_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + data_connector_id=data_connector_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.disconnect.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + disconnect.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}/disconnect"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_domain_whois_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_domain_whois_operations.py new file mode 100644 index 000000000000..d112afb31884 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_domain_whois_operations.py @@ -0,0 +1,104 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Optional, TypeVar + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._domain_whois_operations import build_get_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class DomainWhoisOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`domain_whois` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace_async + async def get(self, resource_group_name: str, domain: str, **kwargs: Any) -> _models.EnrichmentDomainWhois: + """Get whois information for a single domain name. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param domain: Domain name to be enriched. Required. + :type domain: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: EnrichmentDomainWhois or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhois + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.EnrichmentDomainWhois] + + request = build_get_request( + resource_group_name=resource_group_name, + subscription_id=self._config.subscription_id, + domain=domain, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("EnrichmentDomainWhois", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/domain/whois/"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_get_timeline_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_get_timeline_operations.py new file mode 100644 index 000000000000..219ee8e2c95a --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_get_timeline_operations.py @@ -0,0 +1,196 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._entities_get_timeline_operations import build_list_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class EntitiesGetTimelineOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`entities_get_timeline` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @overload + async def list( + self, + resource_group_name: str, + workspace_name: str, + entity_id: str, + parameters: _models.EntityTimelineParameters, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.EntityTimelineResponse: + """Timeline for an entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_id: entity ID. Required. + :type entity_id: str + :param parameters: The parameters required to execute an timeline operation on the given + entity. Required. + :type parameters: ~azure.mgmt.securityinsight.models.EntityTimelineParameters + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: EntityTimelineResponse or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.EntityTimelineResponse + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def list( + self, + resource_group_name: str, + workspace_name: str, + entity_id: str, + parameters: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.EntityTimelineResponse: + """Timeline for an entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_id: entity ID. Required. + :type entity_id: str + :param parameters: The parameters required to execute an timeline operation on the given + entity. Required. + :type parameters: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: EntityTimelineResponse or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.EntityTimelineResponse + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def list( + self, + resource_group_name: str, + workspace_name: str, + entity_id: str, + parameters: Union[_models.EntityTimelineParameters, IO], + **kwargs: Any + ) -> _models.EntityTimelineResponse: + """Timeline for an entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_id: entity ID. Required. + :type entity_id: str + :param parameters: The parameters required to execute an timeline operation on the given + entity. Is either a model type or a IO type. Required. + :type parameters: ~azure.mgmt.securityinsight.models.EntityTimelineParameters or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: EntityTimelineResponse or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.EntityTimelineResponse + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.EntityTimelineResponse] + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(parameters, (IO, bytes)): + _content = parameters + else: + _json = self._serialize.body(parameters, "EntityTimelineParameters") + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + entity_id=entity_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("EntityTimelineResponse", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getTimeline"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_operations.py new file mode 100644 index 000000000000..903472d868b9 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_operations.py @@ -0,0 +1,547 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._entities_operations import ( + build_expand_request, + build_get_insights_request, + build_get_request, + build_list_request, + build_queries_request, +) + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class EntitiesOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`entities` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> AsyncIterable["_models.Entity"]: + """Gets all entities. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either Entity or the result of cls(response) + :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.Entity] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.EntityList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + else: + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("EntityList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities"} # type: ignore + + @distributed_trace_async + async def get(self, resource_group_name: str, workspace_name: str, entity_id: str, **kwargs: Any) -> _models.Entity: + """Gets an entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_id: entity ID. Required. + :type entity_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Entity or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Entity + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.Entity] + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + entity_id=entity_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("Entity", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}"} # type: ignore + + @overload + async def expand( + self, + resource_group_name: str, + workspace_name: str, + entity_id: str, + parameters: _models.EntityExpandParameters, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.EntityExpandResponse: + """Expands an entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_id: entity ID. Required. + :type entity_id: str + :param parameters: The parameters required to execute an expand operation on the given entity. + Required. + :type parameters: ~azure.mgmt.securityinsight.models.EntityExpandParameters + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: EntityExpandResponse or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.EntityExpandResponse + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def expand( + self, + resource_group_name: str, + workspace_name: str, + entity_id: str, + parameters: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.EntityExpandResponse: + """Expands an entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_id: entity ID. Required. + :type entity_id: str + :param parameters: The parameters required to execute an expand operation on the given entity. + Required. + :type parameters: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: EntityExpandResponse or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.EntityExpandResponse + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def expand( + self, + resource_group_name: str, + workspace_name: str, + entity_id: str, + parameters: Union[_models.EntityExpandParameters, IO], + **kwargs: Any + ) -> _models.EntityExpandResponse: + """Expands an entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_id: entity ID. Required. + :type entity_id: str + :param parameters: The parameters required to execute an expand operation on the given entity. + Is either a model type or a IO type. Required. + :type parameters: ~azure.mgmt.securityinsight.models.EntityExpandParameters or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: EntityExpandResponse or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.EntityExpandResponse + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.EntityExpandResponse] + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(parameters, (IO, bytes)): + _content = parameters + else: + _json = self._serialize.body(parameters, "EntityExpandParameters") + + request = build_expand_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + entity_id=entity_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.expand.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("EntityExpandResponse", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + expand.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/expand"} # type: ignore + + @distributed_trace_async + async def queries( + self, + resource_group_name: str, + workspace_name: str, + entity_id: str, + kind: Union[str, "_models.EntityItemQueryKind"], + **kwargs: Any + ) -> _models.GetQueriesResponse: + """Get Insights and Activities for an entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_id: entity ID. Required. + :type entity_id: str + :param kind: The Kind parameter for queries. "Insight" Required. + :type kind: str or ~azure.mgmt.securityinsight.models.EntityItemQueryKind + :keyword callable cls: A custom type or function that will be passed the direct response + :return: GetQueriesResponse or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.GetQueriesResponse + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.GetQueriesResponse] + + request = build_queries_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + entity_id=entity_id, + subscription_id=self._config.subscription_id, + kind=kind, + api_version=api_version, + template_url=self.queries.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("GetQueriesResponse", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + queries.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/queries"} # type: ignore + + @overload + async def get_insights( + self, + resource_group_name: str, + workspace_name: str, + entity_id: str, + parameters: _models.EntityGetInsightsParameters, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.EntityGetInsightsResponse: + """Execute Insights for an entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_id: entity ID. Required. + :type entity_id: str + :param parameters: The parameters required to execute insights on the given entity. Required. + :type parameters: ~azure.mgmt.securityinsight.models.EntityGetInsightsParameters + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: EntityGetInsightsResponse or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.EntityGetInsightsResponse + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def get_insights( + self, + resource_group_name: str, + workspace_name: str, + entity_id: str, + parameters: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.EntityGetInsightsResponse: + """Execute Insights for an entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_id: entity ID. Required. + :type entity_id: str + :param parameters: The parameters required to execute insights on the given entity. Required. + :type parameters: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: EntityGetInsightsResponse or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.EntityGetInsightsResponse + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def get_insights( + self, + resource_group_name: str, + workspace_name: str, + entity_id: str, + parameters: Union[_models.EntityGetInsightsParameters, IO], + **kwargs: Any + ) -> _models.EntityGetInsightsResponse: + """Execute Insights for an entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_id: entity ID. Required. + :type entity_id: str + :param parameters: The parameters required to execute insights on the given entity. Is either a + model type or a IO type. Required. + :type parameters: ~azure.mgmt.securityinsight.models.EntityGetInsightsParameters or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: EntityGetInsightsResponse or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.EntityGetInsightsResponse + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.EntityGetInsightsResponse] + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(parameters, (IO, bytes)): + _content = parameters + else: + _json = self._serialize.body(parameters, "EntityGetInsightsParameters") + + request = build_get_insights_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + entity_id=entity_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.get_insights.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("EntityGetInsightsResponse", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get_insights.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getInsights"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_relations_operations.py new file mode 100644 index 000000000000..4c4667eff3dd --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entities_relations_operations.py @@ -0,0 +1,155 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._entities_relations_operations import build_list_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class EntitiesRelationsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`entities_relations` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + entity_id: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> AsyncIterable["_models.Relation"]: + """Gets all relations of an entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_id: entity ID. Required. + :type entity_id: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either Relation or the result of cls(response) + :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.Relation] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.RelationList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + entity_id=entity_id, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + else: + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("RelationList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_queries_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_queries_operations.py new file mode 100644 index 000000000000..16321e6fb6ec --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_queries_operations.py @@ -0,0 +1,404 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._entity_queries_operations import ( + build_create_or_update_request, + build_delete_request, + build_get_request, + build_list_request, +) + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class EntityQueriesOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`entity_queries` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + kind: Optional[Union[str, "_models.Enum13"]] = None, + **kwargs: Any + ) -> AsyncIterable["_models.EntityQuery"]: + """Gets all entity queries. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param kind: The entity query kind we want to fetch. Known values are: "Expansion" and + "Activity". Default value is None. + :type kind: str or ~azure.mgmt.securityinsight.models.Enum13 + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either EntityQuery or the result of cls(response) + :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.EntityQuery] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.EntityQueryList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + kind=kind, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + else: + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("EntityQueryList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries"} # type: ignore + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, entity_query_id: str, **kwargs: Any + ) -> _models.EntityQuery: + """Gets an entity query. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_query_id: entity query ID. Required. + :type entity_query_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: EntityQuery or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.EntityQuery + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.EntityQuery] + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + entity_query_id=entity_query_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("EntityQuery", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}"} # type: ignore + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + entity_query_id: str, + entity_query: _models.CustomEntityQuery, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.EntityQuery: + """Creates or updates the entity query. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_query_id: entity query ID. Required. + :type entity_query_id: str + :param entity_query: The entity query we want to create or update. Required. + :type entity_query: ~azure.mgmt.securityinsight.models.CustomEntityQuery + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: EntityQuery or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.EntityQuery + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + entity_query_id: str, + entity_query: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.EntityQuery: + """Creates or updates the entity query. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_query_id: entity query ID. Required. + :type entity_query_id: str + :param entity_query: The entity query we want to create or update. Required. + :type entity_query: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: EntityQuery or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.EntityQuery + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + entity_query_id: str, + entity_query: Union[_models.CustomEntityQuery, IO], + **kwargs: Any + ) -> _models.EntityQuery: + """Creates or updates the entity query. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_query_id: entity query ID. Required. + :type entity_query_id: str + :param entity_query: The entity query we want to create or update. Is either a model type or a + IO type. Required. + :type entity_query: ~azure.mgmt.securityinsight.models.CustomEntityQuery or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: EntityQuery or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.EntityQuery + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.EntityQuery] + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(entity_query, (IO, bytes)): + _content = entity_query + else: + _json = self._serialize.body(entity_query, "CustomEntityQuery") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + entity_query_id=entity_query_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("EntityQuery", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("EntityQuery", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + create_or_update.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}"} # type: ignore + + @distributed_trace_async + async def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, entity_query_id: str, **kwargs: Any + ) -> None: + """Delete the entity query. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_query_id: entity query ID. Required. + :type entity_query_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + entity_query_id=entity_query_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_query_templates_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_query_templates_operations.py new file mode 100644 index 000000000000..464862afa7f0 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_query_templates_operations.py @@ -0,0 +1,196 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar, Union +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._entity_query_templates_operations import build_get_request, build_list_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class EntityQueryTemplatesOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`entity_query_templates` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + kind: Optional[Union[str, "_models.Enum15"]] = None, + **kwargs: Any + ) -> AsyncIterable["_models.EntityQueryTemplate"]: + """Gets all entity query templates. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param kind: The entity template query kind we want to fetch. "Activity" Default value is None. + :type kind: str or ~azure.mgmt.securityinsight.models.Enum15 + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either EntityQueryTemplate or the result of cls(response) + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.EntityQueryTemplate] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.EntityQueryTemplateList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + kind=kind, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + else: + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("EntityQueryTemplateList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueryTemplates"} # type: ignore + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, entity_query_template_id: str, **kwargs: Any + ) -> _models.EntityQueryTemplate: + """Gets an entity query. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_query_template_id: entity query template ID. Required. + :type entity_query_template_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: EntityQueryTemplate or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.EntityQueryTemplate + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.EntityQueryTemplate] + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + entity_query_template_id=entity_query_template_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("EntityQueryTemplate", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueryTemplates/{entityQueryTemplateId}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_relations_operations.py new file mode 100644 index 000000000000..be469355006b --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_entity_relations_operations.py @@ -0,0 +1,112 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Optional, TypeVar + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._entity_relations_operations import build_get_relation_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class EntityRelationsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`entity_relations` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace_async + async def get_relation( + self, resource_group_name: str, workspace_name: str, entity_id: str, relation_name: str, **kwargs: Any + ) -> _models.Relation: + """Gets an entity relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_id: entity ID. Required. + :type entity_id: str + :param relation_name: Relation Name. Required. + :type relation_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Relation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Relation + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.Relation] + + request = build_get_relation_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + entity_id=entity_id, + relation_name=relation_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get_relation.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("Relation", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get_relation.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations/{relationName}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_file_imports_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_file_imports_operations.py new file mode 100644 index 000000000000..a5b59032587d --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_file_imports_operations.py @@ -0,0 +1,479 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, cast, overload +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.polling import AsyncLROPoller, AsyncNoPolling, AsyncPollingMethod +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat +from azure.mgmt.core.polling.async_arm_polling import AsyncARMPolling + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._file_imports_operations import ( + build_create_request, + build_delete_request, + build_get_request, + build_list_request, +) + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class FileImportsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`file_imports` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> AsyncIterable["_models.FileImport"]: + """Gets all file imports. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either FileImport or the result of cls(response) + :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.FileImport] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.FileImportList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + else: + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("FileImportList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports"} # type: ignore + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, file_import_id: str, **kwargs: Any + ) -> _models.FileImport: + """Gets a file import. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param file_import_id: File import ID. Required. + :type file_import_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: FileImport or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.FileImport + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.FileImport] + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + file_import_id=file_import_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("FileImport", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports/{fileImportId}"} # type: ignore + + @overload + async def create( + self, + resource_group_name: str, + workspace_name: str, + file_import_id: str, + file_import: _models.FileImport, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.FileImport: + """Creates the file import. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param file_import_id: File import ID. Required. + :type file_import_id: str + :param file_import: The file import. Required. + :type file_import: ~azure.mgmt.securityinsight.models.FileImport + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: FileImport or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.FileImport + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def create( + self, + resource_group_name: str, + workspace_name: str, + file_import_id: str, + file_import: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.FileImport: + """Creates the file import. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param file_import_id: File import ID. Required. + :type file_import_id: str + :param file_import: The file import. Required. + :type file_import: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: FileImport or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.FileImport + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def create( + self, + resource_group_name: str, + workspace_name: str, + file_import_id: str, + file_import: Union[_models.FileImport, IO], + **kwargs: Any + ) -> _models.FileImport: + """Creates the file import. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param file_import_id: File import ID. Required. + :type file_import_id: str + :param file_import: The file import. Is either a model type or a IO type. Required. + :type file_import: ~azure.mgmt.securityinsight.models.FileImport or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: FileImport or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.FileImport + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.FileImport] + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(file_import, (IO, bytes)): + _content = file_import + else: + _json = self._serialize.body(file_import, "FileImport") + + request = build_create_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + file_import_id=file_import_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("FileImport", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + create.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports/{fileImportId}"} # type: ignore + + async def _delete_initial( + self, resource_group_name: str, workspace_name: str, file_import_id: str, **kwargs: Any + ) -> Optional[_models.FileImport]: + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[Optional[_models.FileImport]] + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + file_import_id=file_import_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self._delete_initial.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [202, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = None + if response.status_code == 202: + deserialized = self._deserialize("FileImport", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + _delete_initial.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports/{fileImportId}"} # type: ignore + + @distributed_trace_async + async def begin_delete( + self, resource_group_name: str, workspace_name: str, file_import_id: str, **kwargs: Any + ) -> AsyncLROPoller[_models.FileImport]: + """Delete the file import. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param file_import_id: File import ID. Required. + :type file_import_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :keyword str continuation_token: A continuation token to restart a poller from a saved state. + :keyword polling: By default, your polling method will be AsyncARMPolling. Pass in False for + this operation to not poll, or pass in your own initialized polling object for a personal + polling strategy. + :paramtype polling: bool or ~azure.core.polling.AsyncPollingMethod + :keyword int polling_interval: Default waiting time between two polls for LRO operations if no + Retry-After header is present. + :return: An instance of AsyncLROPoller that returns either FileImport or the result of + cls(response) + :rtype: ~azure.core.polling.AsyncLROPoller[~azure.mgmt.securityinsight.models.FileImport] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.FileImport] + polling = kwargs.pop("polling", True) # type: Union[bool, AsyncPollingMethod] + lro_delay = kwargs.pop("polling_interval", self._config.polling_interval) + cont_token = kwargs.pop("continuation_token", None) # type: Optional[str] + if cont_token is None: + raw_result = await self._delete_initial( # type: ignore + resource_group_name=resource_group_name, + workspace_name=workspace_name, + file_import_id=file_import_id, + api_version=api_version, + cls=lambda x, y, z: x, + headers=_headers, + params=_params, + **kwargs + ) + kwargs.pop("error_map", None) + + def get_long_running_output(pipeline_response): + deserialized = self._deserialize("FileImport", pipeline_response) + if cls: + return cls(pipeline_response, deserialized, {}) + return deserialized + + if polling is True: + polling_method = cast( + AsyncPollingMethod, AsyncARMPolling(lro_delay, lro_options={"final-state-via": "location"}, **kwargs) + ) # type: AsyncPollingMethod + elif polling is False: + polling_method = cast(AsyncPollingMethod, AsyncNoPolling()) + else: + polling_method = polling + if cont_token: + return AsyncLROPoller.from_continuation_token( + polling_method=polling_method, + continuation_token=cont_token, + client=self._client, + deserialization_callback=get_long_running_output, + ) + return AsyncLROPoller(self._client, raw_result, get_long_running_output, polling_method) + + begin_delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports/{fileImportId}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_comments_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_comments_operations.py index 3e2b335af7ca..222ad4b34a6b 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_comments_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_comments_operations.py @@ -6,10 +6,17 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload +from urllib.parse import parse_qs, urljoin, urlparse from azure.core.async_paging import AsyncItemPaged, AsyncList -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) from azure.core.pipeline import PipelineResponse from azure.core.pipeline.transport import AsyncHttpResponse from azure.core.rest import HttpRequest @@ -20,10 +27,17 @@ from ... import models as _models from ..._vendor import _convert_request -from ...operations._incident_comments_operations import build_create_or_update_request, build_delete_request, build_get_request, build_list_request -T = TypeVar('T') +from ...operations._incident_comments_operations import ( + build_create_or_update_request, + build_delete_request, + build_get_request, + build_list_request, +) + +T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + class IncidentCommentsOperations: """ .. warning:: @@ -43,7 +57,6 @@ def __init__(self, *args, **kwargs) -> None: self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - @distributed_trace def list( self, @@ -55,14 +68,15 @@ def list( top: Optional[int] = None, skip_token: Optional[str] = None, **kwargs: Any - ) -> AsyncIterable[_models.IncidentCommentList]: - """Gets all comments for a given incident. + ) -> AsyncIterable["_models.IncidentComment"]: + """Gets all incident comments. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param incident_id: Incident ID. + :param incident_id: Incident ID. Required. :type incident_id: str :param filter: Filters the results, based on a Boolean condition. Optional. Default value is None. @@ -77,35 +91,34 @@ def list( Default value is None. :type skip_token: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either IncidentCommentList or the result of cls(response) + :return: An iterator like instance of either IncidentComment or the result of cls(response) :rtype: - ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.IncidentCommentList] - :raises: ~azure.core.exceptions.HttpResponseError + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.IncidentComment] + :raises ~azure.core.exceptions.HttpResponseError: """ _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.IncidentCommentList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.IncidentCommentList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) def prepare_request(next_link=None): if not next_link: - + request = build_list_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, incident_id=incident_id, - api_version=api_version, + subscription_id=self._config.subscription_id, filter=filter, orderby=orderby, top=top, skip_token=skip_token, - template_url=self.list.metadata['url'], + api_version=api_version, + template_url=self.list.metadata["url"], headers=_headers, params=_params, ) @@ -113,21 +126,11 @@ def prepare_request(next_link=None): request.url = self._client.format_url(request.url) # type: ignore else: - - request = build_list_request( - subscription_id=self._config.subscription_id, - resource_group_name=resource_group_name, - workspace_name=workspace_name, - incident_id=incident_id, - api_version=api_version, - filter=filter, - orderby=orderby, - top=top, - skip_token=skip_token, - template_url=next_link, - headers=_headers, - params=_params, - ) + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) request = _convert_request(request) request.url = self._client.format_url(request.url) # type: ignore request.method = "GET" @@ -143,10 +146,8 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) - pipeline_response = await self._client._pipeline.run( # pylint: disable=protected-access - request, - stream=False, - **kwargs + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs ) response = pipeline_response.http_response @@ -156,56 +157,47 @@ async def get_next(next_link=None): return pipeline_response + return AsyncItemPaged(get_next, extract_data) - return AsyncItemPaged( - get_next, extract_data - ) - list.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments"} # type: ignore + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments"} # type: ignore @distributed_trace_async async def get( - self, - resource_group_name: str, - workspace_name: str, - incident_id: str, - incident_comment_id: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, incident_id: str, incident_comment_id: str, **kwargs: Any ) -> _models.IncidentComment: - """Gets a comment for a given incident. + """Gets an incident comment. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param incident_id: Incident ID. + :param incident_id: Incident ID. Required. :type incident_id: str - :param incident_comment_id: Incident comment ID. + :param incident_comment_id: Incident comment ID. Required. :type incident_comment_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: IncidentComment, or the result of cls(response) + :return: IncidentComment or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.IncidentComment - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.IncidentComment] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.IncidentComment] - request = build_get_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, incident_id=incident_id, incident_comment_id=incident_comment_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.get.metadata['url'], + template_url=self.get.metadata["url"], headers=_headers, params=_params, ) @@ -213,27 +205,25 @@ async def get( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('IncidentComment', pipeline_response) + deserialized = self._deserialize("IncidentComment", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - get.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}"} # type: ignore + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}"} # type: ignore - - @distributed_trace_async + @overload async def create_or_update( self, resource_group_name: str, @@ -241,49 +231,126 @@ async def create_or_update( incident_id: str, incident_comment_id: str, incident_comment: _models.IncidentComment, + *, + content_type: str = "application/json", **kwargs: Any ) -> _models.IncidentComment: - """Creates or updates a comment for a given incident. + """Creates or updates the incident comment. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param incident_id: Incident ID. + :param incident_id: Incident ID. Required. :type incident_id: str - :param incident_comment_id: Incident comment ID. + :param incident_comment_id: Incident comment ID. Required. :type incident_comment_id: str - :param incident_comment: The incident comment. + :param incident_comment: The incident comment. Required. :type incident_comment: ~azure.mgmt.securityinsight.models.IncidentComment + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: IncidentComment, or the result of cls(response) + :return: IncidentComment or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.IncidentComment - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + incident_id: str, + incident_comment_id: str, + incident_comment: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.IncidentComment: + """Creates or updates the incident comment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param incident_id: Incident ID. Required. + :type incident_id: str + :param incident_comment_id: Incident comment ID. Required. + :type incident_comment_id: str + :param incident_comment: The incident comment. Required. + :type incident_comment: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: IncidentComment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.IncidentComment + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + incident_id: str, + incident_comment_id: str, + incident_comment: Union[_models.IncidentComment, IO], + **kwargs: Any + ) -> _models.IncidentComment: + """Creates or updates the incident comment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param incident_id: Incident ID. Required. + :type incident_id: str + :param incident_comment_id: Incident comment ID. Required. + :type incident_comment_id: str + :param incident_comment: The incident comment. Is either a model type or a IO type. Required. + :type incident_comment: ~azure.mgmt.securityinsight.models.IncidentComment or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: IncidentComment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.IncidentComment + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', "application/json")) # type: Optional[str] - cls = kwargs.pop('cls', None) # type: ClsType[_models.IncidentComment] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.IncidentComment] - _json = self._serialize.body(incident_comment, 'IncidentComment') + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(incident_comment, (IO, bytes)): + _content = incident_comment + else: + _json = self._serialize.body(incident_comment, "IncidentComment") request = build_create_or_update_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, incident_id=incident_id, incident_comment_id=incident_comment_id, + subscription_id=self._config.subscription_id, api_version=api_version, content_type=content_type, json=_json, - template_url=self.create_or_update.metadata['url'], + content=_content, + template_url=self.create_or_update.metadata["url"], headers=_headers, params=_params, ) @@ -291,10 +358,9 @@ async def create_or_update( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 201]: @@ -302,63 +368,55 @@ async def create_or_update( raise HttpResponseError(response=response, error_format=ARMErrorFormat) if response.status_code == 200: - deserialized = self._deserialize('IncidentComment', pipeline_response) + deserialized = self._deserialize("IncidentComment", pipeline_response) if response.status_code == 201: - deserialized = self._deserialize('IncidentComment', pipeline_response) + deserialized = self._deserialize("IncidentComment", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - create_or_update.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}"} # type: ignore - + create_or_update.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}"} # type: ignore @distributed_trace_async async def delete( # pylint: disable=inconsistent-return-statements - self, - resource_group_name: str, - workspace_name: str, - incident_id: str, - incident_comment_id: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, incident_id: str, incident_comment_id: str, **kwargs: Any ) -> None: - """Deletes a comment for a given incident. + """Delete the incident comment. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param incident_id: Incident ID. + :param incident_id: Incident ID. Required. :type incident_id: str - :param incident_comment_id: Incident comment ID. + :param incident_comment_id: Incident comment ID. Required. :type incident_comment_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: None, or the result of cls(response) + :return: None or the result of cls(response) :rtype: None - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[None] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] - request = build_delete_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, incident_id=incident_id, incident_comment_id=incident_comment_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.delete.metadata['url'], + template_url=self.delete.metadata["url"], headers=_headers, params=_params, ) @@ -366,10 +424,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 204]: @@ -379,5 +436,4 @@ async def delete( # pylint: disable=inconsistent-return-statements if cls: return cls(pipeline_response, None, {}) - delete.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}"} # type: ignore - + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_relations_operations.py index 4039cd064c63..b97d76120623 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_relations_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incident_relations_operations.py @@ -6,10 +6,17 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload +from urllib.parse import parse_qs, urljoin, urlparse from azure.core.async_paging import AsyncItemPaged, AsyncList -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) from azure.core.pipeline import PipelineResponse from azure.core.pipeline.transport import AsyncHttpResponse from azure.core.rest import HttpRequest @@ -20,10 +27,17 @@ from ... import models as _models from ..._vendor import _convert_request -from ...operations._incident_relations_operations import build_create_or_update_request, build_delete_request, build_get_request, build_list_request -T = TypeVar('T') +from ...operations._incident_relations_operations import ( + build_create_or_update_request, + build_delete_request, + build_get_request, + build_list_request, +) + +T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + class IncidentRelationsOperations: """ .. warning:: @@ -43,7 +57,6 @@ def __init__(self, *args, **kwargs) -> None: self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - @distributed_trace def list( self, @@ -55,14 +68,15 @@ def list( top: Optional[int] = None, skip_token: Optional[str] = None, **kwargs: Any - ) -> AsyncIterable[_models.RelationList]: - """Gets all relations for a given incident. + ) -> AsyncIterable["_models.Relation"]: + """Gets all incident relations. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param incident_id: Incident ID. + :param incident_id: Incident ID. Required. :type incident_id: str :param filter: Filters the results, based on a Boolean condition. Optional. Default value is None. @@ -77,35 +91,33 @@ def list( Default value is None. :type skip_token: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either RelationList or the result of cls(response) - :rtype: - ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.RelationList] - :raises: ~azure.core.exceptions.HttpResponseError + :return: An iterator like instance of either Relation or the result of cls(response) + :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.Relation] + :raises ~azure.core.exceptions.HttpResponseError: """ _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.RelationList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.RelationList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) def prepare_request(next_link=None): if not next_link: - + request = build_list_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, incident_id=incident_id, - api_version=api_version, + subscription_id=self._config.subscription_id, filter=filter, orderby=orderby, top=top, skip_token=skip_token, - template_url=self.list.metadata['url'], + api_version=api_version, + template_url=self.list.metadata["url"], headers=_headers, params=_params, ) @@ -113,21 +125,11 @@ def prepare_request(next_link=None): request.url = self._client.format_url(request.url) # type: ignore else: - - request = build_list_request( - subscription_id=self._config.subscription_id, - resource_group_name=resource_group_name, - workspace_name=workspace_name, - incident_id=incident_id, - api_version=api_version, - filter=filter, - orderby=orderby, - top=top, - skip_token=skip_token, - template_url=next_link, - headers=_headers, - params=_params, - ) + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) request = _convert_request(request) request.url = self._client.format_url(request.url) # type: ignore request.method = "GET" @@ -143,10 +145,8 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) - pipeline_response = await self._client._pipeline.run( # pylint: disable=protected-access - request, - stream=False, - **kwargs + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs ) response = pipeline_response.http_response @@ -156,56 +156,47 @@ async def get_next(next_link=None): return pipeline_response + return AsyncItemPaged(get_next, extract_data) - return AsyncItemPaged( - get_next, extract_data - ) - list.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations"} # type: ignore + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations"} # type: ignore @distributed_trace_async async def get( - self, - resource_group_name: str, - workspace_name: str, - incident_id: str, - relation_name: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, incident_id: str, relation_name: str, **kwargs: Any ) -> _models.Relation: - """Gets a relation for a given incident. + """Gets an incident relation. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param incident_id: Incident ID. + :param incident_id: Incident ID. Required. :type incident_id: str - :param relation_name: Relation Name. + :param relation_name: Relation Name. Required. :type relation_name: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: Relation, or the result of cls(response) + :return: Relation or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.Relation - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.Relation] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.Relation] - request = build_get_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, incident_id=incident_id, relation_name=relation_name, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.get.metadata['url'], + template_url=self.get.metadata["url"], headers=_headers, params=_params, ) @@ -213,27 +204,25 @@ async def get( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('Relation', pipeline_response) + deserialized = self._deserialize("Relation", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - get.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}"} # type: ignore + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}"} # type: ignore - - @distributed_trace_async + @overload async def create_or_update( self, resource_group_name: str, @@ -241,49 +230,126 @@ async def create_or_update( incident_id: str, relation_name: str, relation: _models.Relation, + *, + content_type: str = "application/json", **kwargs: Any ) -> _models.Relation: - """Creates or updates a relation for a given incident. + """Creates or updates the incident relation. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param incident_id: Incident ID. + :param incident_id: Incident ID. Required. :type incident_id: str - :param relation_name: Relation Name. + :param relation_name: Relation Name. Required. :type relation_name: str - :param relation: The relation model. + :param relation: The relation model. Required. :type relation: ~azure.mgmt.securityinsight.models.Relation + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: Relation, or the result of cls(response) + :return: Relation or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.Relation - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + incident_id: str, + relation_name: str, + relation: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.Relation: + """Creates or updates the incident relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param incident_id: Incident ID. Required. + :type incident_id: str + :param relation_name: Relation Name. Required. + :type relation_name: str + :param relation: The relation model. Required. + :type relation: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Relation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Relation + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + incident_id: str, + relation_name: str, + relation: Union[_models.Relation, IO], + **kwargs: Any + ) -> _models.Relation: + """Creates or updates the incident relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param incident_id: Incident ID. Required. + :type incident_id: str + :param relation_name: Relation Name. Required. + :type relation_name: str + :param relation: The relation model. Is either a model type or a IO type. Required. + :type relation: ~azure.mgmt.securityinsight.models.Relation or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Relation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Relation + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', "application/json")) # type: Optional[str] - cls = kwargs.pop('cls', None) # type: ClsType[_models.Relation] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.Relation] - _json = self._serialize.body(relation, 'Relation') + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(relation, (IO, bytes)): + _content = relation + else: + _json = self._serialize.body(relation, "Relation") request = build_create_or_update_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, incident_id=incident_id, relation_name=relation_name, + subscription_id=self._config.subscription_id, api_version=api_version, content_type=content_type, json=_json, - template_url=self.create_or_update.metadata['url'], + content=_content, + template_url=self.create_or_update.metadata["url"], headers=_headers, params=_params, ) @@ -291,10 +357,9 @@ async def create_or_update( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 201]: @@ -302,63 +367,55 @@ async def create_or_update( raise HttpResponseError(response=response, error_format=ARMErrorFormat) if response.status_code == 200: - deserialized = self._deserialize('Relation', pipeline_response) + deserialized = self._deserialize("Relation", pipeline_response) if response.status_code == 201: - deserialized = self._deserialize('Relation', pipeline_response) + deserialized = self._deserialize("Relation", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - create_or_update.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}"} # type: ignore - + create_or_update.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}"} # type: ignore @distributed_trace_async async def delete( # pylint: disable=inconsistent-return-statements - self, - resource_group_name: str, - workspace_name: str, - incident_id: str, - relation_name: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, incident_id: str, relation_name: str, **kwargs: Any ) -> None: - """Deletes a relation for a given incident. + """Delete the incident relation. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param incident_id: Incident ID. + :param incident_id: Incident ID. Required. :type incident_id: str - :param relation_name: Relation Name. + :param relation_name: Relation Name. Required. :type relation_name: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: None, or the result of cls(response) + :return: None or the result of cls(response) :rtype: None - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[None] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] - request = build_delete_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, incident_id=incident_id, relation_name=relation_name, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.delete.metadata['url'], + template_url=self.delete.metadata["url"], headers=_headers, params=_params, ) @@ -366,10 +423,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 204]: @@ -379,5 +435,4 @@ async def delete( # pylint: disable=inconsistent-return-statements if cls: return cls(pipeline_response, None, {}) - delete.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}"} # type: ignore - + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incidents_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incidents_operations.py index 83c5a9c9f046..9d220a92dddf 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incidents_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_incidents_operations.py @@ -6,10 +6,18 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar +import sys +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload +from urllib.parse import parse_qs, urljoin, urlparse from azure.core.async_paging import AsyncItemPaged, AsyncList -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) from azure.core.pipeline import PipelineResponse from azure.core.pipeline.transport import AsyncHttpResponse from azure.core.rest import HttpRequest @@ -20,10 +28,27 @@ from ... import models as _models from ..._vendor import _convert_request -from ...operations._incidents_operations import build_create_or_update_request, build_delete_request, build_get_request, build_list_alerts_request, build_list_bookmarks_request, build_list_entities_request, build_list_request -T = TypeVar('T') +from ...operations._incidents_operations import ( + build_create_or_update_request, + build_create_team_request, + build_delete_request, + build_get_request, + build_list_alerts_request, + build_list_bookmarks_request, + build_list_entities_request, + build_list_request, + build_run_playbook_request, +) + +if sys.version_info >= (3, 9): + from collections.abc import MutableMapping +else: + from typing import MutableMapping # type: ignore # pylint: disable=ungrouped-imports +JSON = MutableMapping[str, Any] # pylint: disable=unsubscriptable-object +T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + class IncidentsOperations: """ .. warning:: @@ -43,6 +68,151 @@ def __init__(self, *args, **kwargs) -> None: self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + @overload + async def run_playbook( + self, + resource_group_name: str, + workspace_name: str, + incident_identifier: str, + request_body: Optional[_models.ManualTriggerRequestBody] = None, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> JSON: + """Triggers playbook on a specific incident. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param incident_identifier: Required. + :type incident_identifier: str + :param request_body: Default value is None. + :type request_body: ~azure.mgmt.securityinsight.models.ManualTriggerRequestBody + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: JSON or the result of cls(response) + :rtype: JSON + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def run_playbook( + self, + resource_group_name: str, + workspace_name: str, + incident_identifier: str, + request_body: Optional[IO] = None, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> JSON: + """Triggers playbook on a specific incident. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param incident_identifier: Required. + :type incident_identifier: str + :param request_body: Default value is None. + :type request_body: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: JSON or the result of cls(response) + :rtype: JSON + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def run_playbook( + self, + resource_group_name: str, + workspace_name: str, + incident_identifier: str, + request_body: Optional[Union[_models.ManualTriggerRequestBody, IO]] = None, + **kwargs: Any + ) -> JSON: + """Triggers playbook on a specific incident. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param incident_identifier: Required. + :type incident_identifier: str + :param request_body: Is either a model type or a IO type. Default value is None. + :type request_body: ~azure.mgmt.securityinsight.models.ManualTriggerRequestBody or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: JSON or the result of cls(response) + :rtype: JSON + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[JSON] + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(request_body, (IO, bytes)): + _content = request_body + else: + if request_body is not None: + _json = self._serialize.body(request_body, "ManualTriggerRequestBody") + else: + _json = None + + request = build_run_playbook_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + incident_identifier=incident_identifier, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.run_playbook.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("object", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + run_playbook.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentIdentifier}/runPlaybook"} # type: ignore @distributed_trace def list( @@ -54,12 +224,13 @@ def list( top: Optional[int] = None, skip_token: Optional[str] = None, **kwargs: Any - ) -> AsyncIterable[_models.IncidentList]: + ) -> AsyncIterable["_models.Incident"]: """Gets all incidents. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str :param filter: Filters the results, based on a Boolean condition. Optional. Default value is None. @@ -74,34 +245,32 @@ def list( Default value is None. :type skip_token: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either IncidentList or the result of cls(response) - :rtype: - ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.IncidentList] - :raises: ~azure.core.exceptions.HttpResponseError + :return: An iterator like instance of either Incident or the result of cls(response) + :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.Incident] + :raises ~azure.core.exceptions.HttpResponseError: """ _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.IncidentList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.IncidentList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) def prepare_request(next_link=None): if not next_link: - + request = build_list_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, - api_version=api_version, + subscription_id=self._config.subscription_id, filter=filter, orderby=orderby, top=top, skip_token=skip_token, - template_url=self.list.metadata['url'], + api_version=api_version, + template_url=self.list.metadata["url"], headers=_headers, params=_params, ) @@ -109,20 +278,11 @@ def prepare_request(next_link=None): request.url = self._client.format_url(request.url) # type: ignore else: - - request = build_list_request( - subscription_id=self._config.subscription_id, - resource_group_name=resource_group_name, - workspace_name=workspace_name, - api_version=api_version, - filter=filter, - orderby=orderby, - top=top, - skip_token=skip_token, - template_url=next_link, - headers=_headers, - params=_params, - ) + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) request = _convert_request(request) request.url = self._client.format_url(request.url) # type: ignore request.method = "GET" @@ -138,10 +298,8 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) - pipeline_response = await self._client._pipeline.run( # pylint: disable=protected-access - request, - stream=False, - **kwargs + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs ) response = pipeline_response.http_response @@ -151,52 +309,44 @@ async def get_next(next_link=None): return pipeline_response + return AsyncItemPaged(get_next, extract_data) - return AsyncItemPaged( - get_next, extract_data - ) - list.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents"} # type: ignore + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents"} # type: ignore @distributed_trace_async async def get( - self, - resource_group_name: str, - workspace_name: str, - incident_id: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, incident_id: str, **kwargs: Any ) -> _models.Incident: - """Gets a given incident. + """Gets an incident. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param incident_id: Incident ID. + :param incident_id: Incident ID. Required. :type incident_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: Incident, or the result of cls(response) + :return: Incident or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.Incident - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.Incident] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.Incident] - request = build_get_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, incident_id=incident_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.get.metadata['url'], + template_url=self.get.metadata["url"], headers=_headers, params=_params, ) @@ -204,73 +354,142 @@ async def get( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('Incident', pipeline_response) + deserialized = self._deserialize("Incident", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - get.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}"} # type: ignore - + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}"} # type: ignore - @distributed_trace_async + @overload async def create_or_update( self, resource_group_name: str, workspace_name: str, incident_id: str, incident: _models.Incident, + *, + content_type: str = "application/json", **kwargs: Any ) -> _models.Incident: - """Creates or updates an incident. + """Creates or updates the incident. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param incident_id: Incident ID. + :param incident_id: Incident ID. Required. :type incident_id: str - :param incident: The incident. + :param incident: The incident. Required. :type incident: ~azure.mgmt.securityinsight.models.Incident + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: Incident, or the result of cls(response) + :return: Incident or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.Incident - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + incident_id: str, + incident: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.Incident: + """Creates or updates the incident. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param incident_id: Incident ID. Required. + :type incident_id: str + :param incident: The incident. Required. + :type incident: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Incident or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Incident + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + incident_id: str, + incident: Union[_models.Incident, IO], + **kwargs: Any + ) -> _models.Incident: + """Creates or updates the incident. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param incident_id: Incident ID. Required. + :type incident_id: str + :param incident: The incident. Is either a model type or a IO type. Required. + :type incident: ~azure.mgmt.securityinsight.models.Incident or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Incident or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Incident + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', "application/json")) # type: Optional[str] - cls = kwargs.pop('cls', None) # type: ClsType[_models.Incident] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.Incident] - _json = self._serialize.body(incident, 'Incident') + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(incident, (IO, bytes)): + _content = incident + else: + _json = self._serialize.body(incident, "Incident") request = build_create_or_update_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, incident_id=incident_id, + subscription_id=self._config.subscription_id, api_version=api_version, content_type=content_type, json=_json, - template_url=self.create_or_update.metadata['url'], + content=_content, + template_url=self.create_or_update.metadata["url"], headers=_headers, params=_params, ) @@ -278,10 +497,9 @@ async def create_or_update( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 201]: @@ -289,59 +507,52 @@ async def create_or_update( raise HttpResponseError(response=response, error_format=ARMErrorFormat) if response.status_code == 200: - deserialized = self._deserialize('Incident', pipeline_response) + deserialized = self._deserialize("Incident", pipeline_response) if response.status_code == 201: - deserialized = self._deserialize('Incident', pipeline_response) + deserialized = self._deserialize("Incident", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - create_or_update.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}"} # type: ignore - + create_or_update.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}"} # type: ignore @distributed_trace_async async def delete( # pylint: disable=inconsistent-return-statements - self, - resource_group_name: str, - workspace_name: str, - incident_id: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, incident_id: str, **kwargs: Any ) -> None: - """Deletes a given incident. + """Delete the incident. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param incident_id: Incident ID. + :param incident_id: Incident ID. Required. :type incident_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: None, or the result of cls(response) + :return: None or the result of cls(response) :rtype: None - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[None] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] - request = build_delete_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, incident_id=incident_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.delete.metadata['url'], + template_url=self.delete.metadata["url"], headers=_headers, params=_params, ) @@ -349,10 +560,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 204]: @@ -362,49 +572,188 @@ async def delete( # pylint: disable=inconsistent-return-statements if cls: return cls(pipeline_response, None, {}) - delete.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}"} # type: ignore + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}"} # type: ignore + @overload + async def create_team( + self, + resource_group_name: str, + workspace_name: str, + incident_id: str, + team_properties: _models.TeamProperties, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.TeamInformation: + """Creates a Microsoft team to investigate the incident by sharing information and insights + between participants. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param incident_id: Incident ID. Required. + :type incident_id: str + :param team_properties: Team properties. Required. + :type team_properties: ~azure.mgmt.securityinsight.models.TeamProperties + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: TeamInformation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.TeamInformation + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def create_team( + self, + resource_group_name: str, + workspace_name: str, + incident_id: str, + team_properties: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.TeamInformation: + """Creates a Microsoft team to investigate the incident by sharing information and insights + between participants. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param incident_id: Incident ID. Required. + :type incident_id: str + :param team_properties: Team properties. Required. + :type team_properties: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: TeamInformation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.TeamInformation + :raises ~azure.core.exceptions.HttpResponseError: + """ @distributed_trace_async - async def list_alerts( + async def create_team( self, resource_group_name: str, workspace_name: str, incident_id: str, + team_properties: Union[_models.TeamProperties, IO], **kwargs: Any + ) -> _models.TeamInformation: + """Creates a Microsoft team to investigate the incident by sharing information and insights + between participants. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param incident_id: Incident ID. Required. + :type incident_id: str + :param team_properties: Team properties. Is either a model type or a IO type. Required. + :type team_properties: ~azure.mgmt.securityinsight.models.TeamProperties or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: TeamInformation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.TeamInformation + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.TeamInformation] + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(team_properties, (IO, bytes)): + _content = team_properties + else: + _json = self._serialize.body(team_properties, "TeamProperties") + + request = build_create_team_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + incident_id=incident_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_team.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("TeamInformation", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + create_team.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/createTeam"} # type: ignore + + @distributed_trace_async + async def list_alerts( + self, resource_group_name: str, workspace_name: str, incident_id: str, **kwargs: Any ) -> _models.IncidentAlertList: - """Gets all alerts for an incident. + """Gets all incident alerts. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param incident_id: Incident ID. + :param incident_id: Incident ID. Required. :type incident_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: IncidentAlertList, or the result of cls(response) + :return: IncidentAlertList or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.IncidentAlertList - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.IncidentAlertList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.IncidentAlertList] - request = build_list_alerts_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, incident_id=incident_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.list_alerts.metadata['url'], + template_url=self.list_alerts.metadata["url"], headers=_headers, params=_params, ) @@ -412,66 +761,58 @@ async def list_alerts( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('IncidentAlertList', pipeline_response) + deserialized = self._deserialize("IncidentAlertList", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - list_alerts.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/alerts"} # type: ignore - + list_alerts.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/alerts"} # type: ignore @distributed_trace_async async def list_bookmarks( - self, - resource_group_name: str, - workspace_name: str, - incident_id: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, incident_id: str, **kwargs: Any ) -> _models.IncidentBookmarkList: - """Gets all bookmarks for an incident. + """Gets all incident bookmarks. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param incident_id: Incident ID. + :param incident_id: Incident ID. Required. :type incident_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: IncidentBookmarkList, or the result of cls(response) + :return: IncidentBookmarkList or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.IncidentBookmarkList - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.IncidentBookmarkList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.IncidentBookmarkList] - request = build_list_bookmarks_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, incident_id=incident_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.list_bookmarks.metadata['url'], + template_url=self.list_bookmarks.metadata["url"], headers=_headers, params=_params, ) @@ -479,66 +820,58 @@ async def list_bookmarks( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('IncidentBookmarkList', pipeline_response) + deserialized = self._deserialize("IncidentBookmarkList", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - list_bookmarks.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/bookmarks"} # type: ignore - + list_bookmarks.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/bookmarks"} # type: ignore @distributed_trace_async async def list_entities( - self, - resource_group_name: str, - workspace_name: str, - incident_id: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, incident_id: str, **kwargs: Any ) -> _models.IncidentEntitiesResponse: - """Gets all entities for an incident. + """Gets all incident related entities. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param incident_id: Incident ID. + :param incident_id: Incident ID. Required. :type incident_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: IncidentEntitiesResponse, or the result of cls(response) + :return: IncidentEntitiesResponse or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.IncidentEntitiesResponse - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.IncidentEntitiesResponse] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.IncidentEntitiesResponse] - request = build_list_entities_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, incident_id=incident_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.list_entities.metadata['url'], + template_url=self.list_entities.metadata["url"], headers=_headers, params=_params, ) @@ -546,22 +879,20 @@ async def list_entities( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('IncidentEntitiesResponse', pipeline_response) + deserialized = self._deserialize("IncidentEntitiesResponse", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - list_entities.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/entities"} # type: ignore - + list_entities.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/entities"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_ip_geodata_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_ip_geodata_operations.py new file mode 100644 index 000000000000..08b134d440e3 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_ip_geodata_operations.py @@ -0,0 +1,104 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Optional, TypeVar + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._ip_geodata_operations import build_get_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class IPGeodataOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`ip_geodata` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace_async + async def get(self, resource_group_name: str, ip_address: str, **kwargs: Any) -> _models.EnrichmentIpGeodata: + """Get geodata for a single IP address. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param ip_address: IP address (v4 or v6) to be enriched. Required. + :type ip_address: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: EnrichmentIpGeodata or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.EnrichmentIpGeodata + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.EnrichmentIpGeodata] + + request = build_get_request( + resource_group_name=resource_group_name, + subscription_id=self._config.subscription_id, + ip_address=ip_address, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("EnrichmentIpGeodata", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/ip/geodata/"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_metadata_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_metadata_operations.py new file mode 100644 index 000000000000..7eb2d7fea9fd --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_metadata_operations.py @@ -0,0 +1,561 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._metadata_operations import ( + build_create_request, + build_delete_request, + build_get_request, + build_list_request, + build_update_request, +) + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class MetadataOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`metadata` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip: Optional[int] = None, + **kwargs: Any + ) -> AsyncIterable["_models.MetadataModel"]: + """List of all metadata. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip: Used to skip n elements in the OData query (offset). Returns a nextLink to the + next page of results if there are any left. Default value is None. + :type skip: int + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either MetadataModel or the result of cls(response) + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.MetadataModel] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.MetadataList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + top=top, + skip=skip, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + else: + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("MetadataList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata"} # type: ignore + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, metadata_name: str, **kwargs: Any + ) -> _models.MetadataModel: + """Get a Metadata. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param metadata_name: The Metadata name. Required. + :type metadata_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: MetadataModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.MetadataModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.MetadataModel] + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + metadata_name=metadata_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("MetadataModel", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}"} # type: ignore + + @distributed_trace_async + async def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, metadata_name: str, **kwargs: Any + ) -> None: + """Delete a Metadata. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param metadata_name: The Metadata name. Required. + :type metadata_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + metadata_name=metadata_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}"} # type: ignore + + @overload + async def create( + self, + resource_group_name: str, + workspace_name: str, + metadata_name: str, + metadata: _models.MetadataModel, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.MetadataModel: + """Create a Metadata. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param metadata_name: The Metadata name. Required. + :type metadata_name: str + :param metadata: Metadata resource. Required. + :type metadata: ~azure.mgmt.securityinsight.models.MetadataModel + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: MetadataModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.MetadataModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def create( + self, + resource_group_name: str, + workspace_name: str, + metadata_name: str, + metadata: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.MetadataModel: + """Create a Metadata. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param metadata_name: The Metadata name. Required. + :type metadata_name: str + :param metadata: Metadata resource. Required. + :type metadata: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: MetadataModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.MetadataModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def create( + self, + resource_group_name: str, + workspace_name: str, + metadata_name: str, + metadata: Union[_models.MetadataModel, IO], + **kwargs: Any + ) -> _models.MetadataModel: + """Create a Metadata. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param metadata_name: The Metadata name. Required. + :type metadata_name: str + :param metadata: Metadata resource. Is either a model type or a IO type. Required. + :type metadata: ~azure.mgmt.securityinsight.models.MetadataModel or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: MetadataModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.MetadataModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.MetadataModel] + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(metadata, (IO, bytes)): + _content = metadata + else: + _json = self._serialize.body(metadata, "MetadataModel") + + request = build_create_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + metadata_name=metadata_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("MetadataModel", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("MetadataModel", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + create.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}"} # type: ignore + + @overload + async def update( + self, + resource_group_name: str, + workspace_name: str, + metadata_name: str, + metadata_patch: _models.MetadataPatch, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.MetadataModel: + """Update an existing Metadata. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param metadata_name: The Metadata name. Required. + :type metadata_name: str + :param metadata_patch: Partial metadata request. Required. + :type metadata_patch: ~azure.mgmt.securityinsight.models.MetadataPatch + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: MetadataModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.MetadataModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def update( + self, + resource_group_name: str, + workspace_name: str, + metadata_name: str, + metadata_patch: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.MetadataModel: + """Update an existing Metadata. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param metadata_name: The Metadata name. Required. + :type metadata_name: str + :param metadata_patch: Partial metadata request. Required. + :type metadata_patch: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: MetadataModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.MetadataModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def update( + self, + resource_group_name: str, + workspace_name: str, + metadata_name: str, + metadata_patch: Union[_models.MetadataPatch, IO], + **kwargs: Any + ) -> _models.MetadataModel: + """Update an existing Metadata. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param metadata_name: The Metadata name. Required. + :type metadata_name: str + :param metadata_patch: Partial metadata request. Is either a model type or a IO type. Required. + :type metadata_patch: ~azure.mgmt.securityinsight.models.MetadataPatch or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: MetadataModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.MetadataModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.MetadataModel] + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(metadata_patch, (IO, bytes)): + _content = metadata_patch + else: + _json = self._serialize.body(metadata_patch, "MetadataPatch") + + request = build_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + metadata_name=metadata_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("MetadataModel", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + update.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_office_consents_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_office_consents_operations.py new file mode 100644 index 000000000000..20918552add6 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_office_consents_operations.py @@ -0,0 +1,244 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._office_consents_operations import build_delete_request, build_get_request, build_list_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class OfficeConsentsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`office_consents` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, resource_group_name: str, workspace_name: str, **kwargs: Any + ) -> AsyncIterable["_models.OfficeConsent"]: + """Gets all office365 consents. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either OfficeConsent or the result of cls(response) + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.OfficeConsent] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.OfficeConsentList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + else: + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("OfficeConsentList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents"} # type: ignore + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, consent_id: str, **kwargs: Any + ) -> _models.OfficeConsent: + """Gets an office365 consent. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param consent_id: consent ID. Required. + :type consent_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: OfficeConsent or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.OfficeConsent + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.OfficeConsent] + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + consent_id=consent_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("OfficeConsent", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents/{consentId}"} # type: ignore + + @distributed_trace_async + async def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, consent_id: str, **kwargs: Any + ) -> None: + """Delete the office365 consent. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param consent_id: consent ID. Required. + :type consent_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + consent_id=consent_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents/{consentId}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_operations.py index 7b3c60bcfa15..e35e11142e01 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_operations.py @@ -7,9 +7,16 @@ # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar +from urllib.parse import parse_qs, urljoin, urlparse from azure.core.async_paging import AsyncItemPaged, AsyncList -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) from azure.core.pipeline import PipelineResponse from azure.core.pipeline.transport import AsyncHttpResponse from azure.core.rest import HttpRequest @@ -20,9 +27,11 @@ from ... import models as _models from ..._vendor import _convert_request from ...operations._operations import build_list_request -T = TypeVar('T') + +T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + class Operations: """ .. warning:: @@ -42,36 +51,30 @@ def __init__(self, *args, **kwargs) -> None: self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - @distributed_trace - def list( - self, - **kwargs: Any - ) -> AsyncIterable[_models.OperationsList]: + def list(self, **kwargs: Any) -> AsyncIterable["_models.Operation"]: """Lists all operations available Azure Security Insights Resource Provider. :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either OperationsList or the result of cls(response) - :rtype: - ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.OperationsList] - :raises: ~azure.core.exceptions.HttpResponseError + :return: An iterator like instance of either Operation or the result of cls(response) + :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.Operation] + :raises ~azure.core.exceptions.HttpResponseError: """ _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.OperationsList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.OperationsList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) def prepare_request(next_link=None): if not next_link: - + request = build_list_request( api_version=api_version, - template_url=self.list.metadata['url'], + template_url=self.list.metadata["url"], headers=_headers, params=_params, ) @@ -79,13 +82,11 @@ def prepare_request(next_link=None): request.url = self._client.format_url(request.url) # type: ignore else: - - request = build_list_request( - api_version=api_version, - template_url=next_link, - headers=_headers, - params=_params, - ) + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) request = _convert_request(request) request.url = self._client.format_url(request.url) # type: ignore request.method = "GET" @@ -101,10 +102,8 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) - pipeline_response = await self._client._pipeline.run( # pylint: disable=protected-access - request, - stream=False, - **kwargs + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs ) response = pipeline_response.http_response @@ -114,8 +113,6 @@ async def get_next(next_link=None): return pipeline_response + return AsyncItemPaged(get_next, extract_data) - return AsyncItemPaged( - get_next, extract_data - ) - list.metadata = {'url': "/providers/Microsoft.SecurityInsights/operations"} # type: ignore + list.metadata = {"url": "/providers/Microsoft.SecurityInsights/operations"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_patch.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_patch.py index 0ad201a8c586..f7dd32510333 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_patch.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_patch.py @@ -10,6 +10,7 @@ __all__: List[str] = [] # Add all objects you want publicly available to users at this package level + def patch_sdk(): """Do not remove from this file. diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_settings_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_settings_operations.py new file mode 100644 index 000000000000..66cbabcbb463 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_product_settings_operations.py @@ -0,0 +1,371 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._product_settings_operations import ( + build_delete_request, + build_get_request, + build_list_request, + build_update_request, +) + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class ProductSettingsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`product_settings` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace_async + async def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _models.SettingList: + """List of all the settings. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: SettingList or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.SettingList + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.SettingList] + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("SettingList", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings"} # type: ignore + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, settings_name: str, **kwargs: Any + ) -> _models.Settings: + """Gets a setting. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param settings_name: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba. + Required. + :type settings_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Settings or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Settings + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.Settings] + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + settings_name=settings_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("Settings", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}"} # type: ignore + + @distributed_trace_async + async def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, settings_name: str, **kwargs: Any + ) -> None: + """Delete setting of the product. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param settings_name: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba. + Required. + :type settings_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + settings_name=settings_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}"} # type: ignore + + @overload + async def update( + self, + resource_group_name: str, + workspace_name: str, + settings_name: str, + settings: _models.Settings, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.Settings: + """Updates setting. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param settings_name: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba. + Required. + :type settings_name: str + :param settings: The setting. Required. + :type settings: ~azure.mgmt.securityinsight.models.Settings + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Settings or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Settings + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def update( + self, + resource_group_name: str, + workspace_name: str, + settings_name: str, + settings: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.Settings: + """Updates setting. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param settings_name: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba. + Required. + :type settings_name: str + :param settings: The setting. Required. + :type settings: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Settings or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Settings + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def update( + self, + resource_group_name: str, + workspace_name: str, + settings_name: str, + settings: Union[_models.Settings, IO], + **kwargs: Any + ) -> _models.Settings: + """Updates setting. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param settings_name: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba. + Required. + :type settings_name: str + :param settings: The setting. Is either a model type or a IO type. Required. + :type settings: ~azure.mgmt.securityinsight.models.Settings or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Settings or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Settings + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.Settings] + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(settings, (IO, bytes)): + _content = settings + else: + _json = self._serialize.body(settings, "Settings") + + request = build_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + settings_name=settings_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("Settings", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + update.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_security_ml_analytics_settings_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_security_ml_analytics_settings_operations.py new file mode 100644 index 000000000000..193e8d5c8619 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_security_ml_analytics_settings_operations.py @@ -0,0 +1,400 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._security_ml_analytics_settings_operations import ( + build_create_or_update_request, + build_delete_request, + build_get_request, + build_list_request, +) + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class SecurityMLAnalyticsSettingsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`security_ml_analytics_settings` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, resource_group_name: str, workspace_name: str, **kwargs: Any + ) -> AsyncIterable["_models.SecurityMLAnalyticsSetting"]: + """Gets all Security ML Analytics Settings. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either SecurityMLAnalyticsSetting or the result of + cls(response) + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSetting] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.SecurityMLAnalyticsSettingsList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + else: + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("SecurityMLAnalyticsSettingsList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings"} # type: ignore + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, settings_resource_name: str, **kwargs: Any + ) -> _models.SecurityMLAnalyticsSetting: + """Gets the Security ML Analytics Settings. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param settings_resource_name: Security ML Analytics Settings resource name. Required. + :type settings_resource_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: SecurityMLAnalyticsSetting or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSetting + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.SecurityMLAnalyticsSetting] + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + settings_resource_name=settings_resource_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("SecurityMLAnalyticsSetting", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName}"} # type: ignore + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + settings_resource_name: str, + security_ml_analytics_setting: _models.SecurityMLAnalyticsSetting, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.SecurityMLAnalyticsSetting: + """Creates or updates the Security ML Analytics Settings. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param settings_resource_name: Security ML Analytics Settings resource name. Required. + :type settings_resource_name: str + :param security_ml_analytics_setting: The security ML Analytics setting. Required. + :type security_ml_analytics_setting: + ~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSetting + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: SecurityMLAnalyticsSetting or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSetting + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + settings_resource_name: str, + security_ml_analytics_setting: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.SecurityMLAnalyticsSetting: + """Creates or updates the Security ML Analytics Settings. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param settings_resource_name: Security ML Analytics Settings resource name. Required. + :type settings_resource_name: str + :param security_ml_analytics_setting: The security ML Analytics setting. Required. + :type security_ml_analytics_setting: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: SecurityMLAnalyticsSetting or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSetting + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + settings_resource_name: str, + security_ml_analytics_setting: Union[_models.SecurityMLAnalyticsSetting, IO], + **kwargs: Any + ) -> _models.SecurityMLAnalyticsSetting: + """Creates or updates the Security ML Analytics Settings. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param settings_resource_name: Security ML Analytics Settings resource name. Required. + :type settings_resource_name: str + :param security_ml_analytics_setting: The security ML Analytics setting. Is either a model type + or a IO type. Required. + :type security_ml_analytics_setting: + ~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSetting or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: SecurityMLAnalyticsSetting or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSetting + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.SecurityMLAnalyticsSetting] + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(security_ml_analytics_setting, (IO, bytes)): + _content = security_ml_analytics_setting + else: + _json = self._serialize.body(security_ml_analytics_setting, "SecurityMLAnalyticsSetting") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + settings_resource_name=settings_resource_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("SecurityMLAnalyticsSetting", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("SecurityMLAnalyticsSetting", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + create_or_update.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName}"} # type: ignore + + @distributed_trace_async + async def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, settings_resource_name: str, **kwargs: Any + ) -> None: + """Delete the Security ML Analytics Settings. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param settings_resource_name: Security ML Analytics Settings resource name. Required. + :type settings_resource_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + settings_resource_name=settings_resource_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_sentinel_onboarding_states_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_sentinel_onboarding_states_operations.py index ec3846a96812..55a89015b509 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_sentinel_onboarding_states_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_sentinel_onboarding_states_operations.py @@ -6,9 +6,15 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -from typing import Any, Callable, Dict, Optional, TypeVar - -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) from azure.core.pipeline import PipelineResponse from azure.core.pipeline.transport import AsyncHttpResponse from azure.core.rest import HttpRequest @@ -18,10 +24,17 @@ from ... import models as _models from ..._vendor import _convert_request -from ...operations._sentinel_onboarding_states_operations import build_create_request, build_delete_request, build_get_request, build_list_request -T = TypeVar('T') +from ...operations._sentinel_onboarding_states_operations import ( + build_create_request, + build_delete_request, + build_get_request, + build_list_request, +) + +T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + class SentinelOnboardingStatesOperations: """ .. warning:: @@ -41,47 +54,41 @@ def __init__(self, *args, **kwargs) -> None: self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - @distributed_trace_async async def get( - self, - resource_group_name: str, - workspace_name: str, - sentinel_onboarding_state_name: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, sentinel_onboarding_state_name: str, **kwargs: Any ) -> _models.SentinelOnboardingState: """Get Sentinel onboarding state. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str :param sentinel_onboarding_state_name: The Sentinel onboarding state name. Supports - default. + Required. :type sentinel_onboarding_state_name: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: SentinelOnboardingState, or the result of cls(response) + :return: SentinelOnboardingState or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.SentinelOnboardingState - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.SentinelOnboardingState] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.SentinelOnboardingState] - request = build_get_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, sentinel_onboarding_state_name=sentinel_onboarding_state_name, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.get.metadata['url'], + template_url=self.get.metadata["url"], headers=_headers, params=_params, ) @@ -89,78 +96,153 @@ async def get( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('SentinelOnboardingState', pipeline_response) + deserialized = self._deserialize("SentinelOnboardingState", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - get.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}"} # type: ignore - + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}"} # type: ignore - @distributed_trace_async + @overload async def create( self, resource_group_name: str, workspace_name: str, sentinel_onboarding_state_name: str, sentinel_onboarding_state_parameter: Optional[_models.SentinelOnboardingState] = None, + *, + content_type: str = "application/json", **kwargs: Any ) -> _models.SentinelOnboardingState: """Create Sentinel onboarding state. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str :param sentinel_onboarding_state_name: The Sentinel onboarding state name. Supports - default. + Required. :type sentinel_onboarding_state_name: str :param sentinel_onboarding_state_parameter: The Sentinel onboarding state parameter. Default value is None. :type sentinel_onboarding_state_parameter: ~azure.mgmt.securityinsight.models.SentinelOnboardingState + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: SentinelOnboardingState or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.SentinelOnboardingState + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def create( + self, + resource_group_name: str, + workspace_name: str, + sentinel_onboarding_state_name: str, + sentinel_onboarding_state_parameter: Optional[IO] = None, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.SentinelOnboardingState: + """Create Sentinel onboarding state. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param sentinel_onboarding_state_name: The Sentinel onboarding state name. Supports - default. + Required. + :type sentinel_onboarding_state_name: str + :param sentinel_onboarding_state_parameter: The Sentinel onboarding state parameter. Default + value is None. + :type sentinel_onboarding_state_parameter: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: SentinelOnboardingState or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.SentinelOnboardingState + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def create( + self, + resource_group_name: str, + workspace_name: str, + sentinel_onboarding_state_name: str, + sentinel_onboarding_state_parameter: Optional[Union[_models.SentinelOnboardingState, IO]] = None, + **kwargs: Any + ) -> _models.SentinelOnboardingState: + """Create Sentinel onboarding state. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param sentinel_onboarding_state_name: The Sentinel onboarding state name. Supports - default. + Required. + :type sentinel_onboarding_state_name: str + :param sentinel_onboarding_state_parameter: The Sentinel onboarding state parameter. Is either + a model type or a IO type. Default value is None. + :type sentinel_onboarding_state_parameter: + ~azure.mgmt.securityinsight.models.SentinelOnboardingState or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: SentinelOnboardingState, or the result of cls(response) + :return: SentinelOnboardingState or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.SentinelOnboardingState - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', "application/json")) # type: Optional[str] - cls = kwargs.pop('cls', None) # type: ClsType[_models.SentinelOnboardingState] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.SentinelOnboardingState] - if sentinel_onboarding_state_parameter is not None: - _json = self._serialize.body(sentinel_onboarding_state_parameter, 'SentinelOnboardingState') + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(sentinel_onboarding_state_parameter, (IO, bytes)): + _content = sentinel_onboarding_state_parameter else: - _json = None + if sentinel_onboarding_state_parameter is not None: + _json = self._serialize.body(sentinel_onboarding_state_parameter, "SentinelOnboardingState") + else: + _json = None request = build_create_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, sentinel_onboarding_state_name=sentinel_onboarding_state_name, + subscription_id=self._config.subscription_id, api_version=api_version, content_type=content_type, json=_json, - template_url=self.create.metadata['url'], + content=_content, + template_url=self.create.metadata["url"], headers=_headers, params=_params, ) @@ -168,10 +250,9 @@ async def create( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 201]: @@ -179,59 +260,53 @@ async def create( raise HttpResponseError(response=response, error_format=ARMErrorFormat) if response.status_code == 200: - deserialized = self._deserialize('SentinelOnboardingState', pipeline_response) + deserialized = self._deserialize("SentinelOnboardingState", pipeline_response) if response.status_code == 201: - deserialized = self._deserialize('SentinelOnboardingState', pipeline_response) + deserialized = self._deserialize("SentinelOnboardingState", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - create.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}"} # type: ignore - + create.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}"} # type: ignore @distributed_trace_async async def delete( # pylint: disable=inconsistent-return-statements - self, - resource_group_name: str, - workspace_name: str, - sentinel_onboarding_state_name: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, sentinel_onboarding_state_name: str, **kwargs: Any ) -> None: """Delete Sentinel onboarding state. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str :param sentinel_onboarding_state_name: The Sentinel onboarding state name. Supports - default. + Required. :type sentinel_onboarding_state_name: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: None, or the result of cls(response) + :return: None or the result of cls(response) :rtype: None - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[None] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] - request = build_delete_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, sentinel_onboarding_state_name=sentinel_onboarding_state_name, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.delete.metadata['url'], + template_url=self.delete.metadata["url"], headers=_headers, params=_params, ) @@ -239,10 +314,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 204]: @@ -252,45 +326,39 @@ async def delete( # pylint: disable=inconsistent-return-statements if cls: return cls(pipeline_response, None, {}) - delete.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}"} # type: ignore - + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}"} # type: ignore @distributed_trace_async async def list( - self, - resource_group_name: str, - workspace_name: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, **kwargs: Any ) -> _models.SentinelOnboardingStatesList: """Gets all Sentinel onboarding states. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: SentinelOnboardingStatesList, or the result of cls(response) + :return: SentinelOnboardingStatesList or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.SentinelOnboardingStatesList - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.SentinelOnboardingStatesList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.SentinelOnboardingStatesList] - request = build_list_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.list.metadata['url'], + template_url=self.list.metadata["url"], headers=_headers, params=_params, ) @@ -298,22 +366,20 @@ async def list( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('SentinelOnboardingStatesList', pipeline_response) + deserialized = self._deserialize("SentinelOnboardingStatesList", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - list.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates"} # type: ignore - + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_source_control_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_source_control_operations.py new file mode 100644 index 000000000000..42e3b57e6896 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_source_control_operations.py @@ -0,0 +1,134 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar, Union +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._source_control_operations import build_list_repositories_request + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class SourceControlOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`source_control` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list_repositories( + self, resource_group_name: str, workspace_name: str, repo_type: Union[str, "_models.RepoType"], **kwargs: Any + ) -> AsyncIterable["_models.Repo"]: + """Gets a list of repositories metadata. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param repo_type: The repo type. Known values are: "Github" and "DevOps". Required. + :type repo_type: str or ~azure.mgmt.securityinsight.models.RepoType + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either Repo or the result of cls(response) + :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.Repo] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", "application/json")) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.RepoList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + _json = self._serialize.body(repo_type, "str") + + request = build_list_repositories_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + template_url=self.list_repositories.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + else: + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("RepoList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list_repositories.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/listRepositories"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_source_controls_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_source_controls_operations.py new file mode 100644 index 000000000000..dd2276c229e6 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_source_controls_operations.py @@ -0,0 +1,396 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.async_paging import AsyncItemPaged, AsyncList +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import AsyncHttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.tracing.decorator_async import distributed_trace_async +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from ... import models as _models +from ..._vendor import _convert_request +from ...operations._source_controls_operations import ( + build_create_request, + build_delete_request, + build_get_request, + build_list_request, +) + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + + +class SourceControlsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.aio.SecurityInsights`'s + :attr:`source_controls` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs) -> None: + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, resource_group_name: str, workspace_name: str, **kwargs: Any + ) -> AsyncIterable["_models.SourceControl"]: + """Gets all source controls, without source control items. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either SourceControl or the result of cls(response) + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.SourceControl] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.SourceControlList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + else: + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + request.method = "GET" + return request + + async def extract_data(pipeline_response): + deserialized = self._deserialize("SourceControlList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, AsyncList(list_of_elem) + + async def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return AsyncItemPaged(get_next, extract_data) + + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols"} # type: ignore + + @distributed_trace_async + async def get( + self, resource_group_name: str, workspace_name: str, source_control_id: str, **kwargs: Any + ) -> _models.SourceControl: + """Gets a source control byt its identifier. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param source_control_id: Source control Id. Required. + :type source_control_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: SourceControl or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.SourceControl + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.SourceControl] + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + source_control_id=source_control_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("SourceControl", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}"} # type: ignore + + @distributed_trace_async + async def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, source_control_id: str, **kwargs: Any + ) -> None: + """Delete a source control. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param source_control_id: Source control Id. Required. + :type source_control_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + source_control_id=source_control_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}"} # type: ignore + + @overload + async def create( + self, + resource_group_name: str, + workspace_name: str, + source_control_id: str, + source_control: _models.SourceControl, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.SourceControl: + """Creates a source control. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param source_control_id: Source control Id. Required. + :type source_control_id: str + :param source_control: The SourceControl. Required. + :type source_control: ~azure.mgmt.securityinsight.models.SourceControl + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: SourceControl or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.SourceControl + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def create( + self, + resource_group_name: str, + workspace_name: str, + source_control_id: str, + source_control: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.SourceControl: + """Creates a source control. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param source_control_id: Source control Id. Required. + :type source_control_id: str + :param source_control: The SourceControl. Required. + :type source_control: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: SourceControl or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.SourceControl + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def create( + self, + resource_group_name: str, + workspace_name: str, + source_control_id: str, + source_control: Union[_models.SourceControl, IO], + **kwargs: Any + ) -> _models.SourceControl: + """Creates a source control. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param source_control_id: Source control Id. Required. + :type source_control_id: str + :param source_control: The SourceControl. Is either a model type or a IO type. Required. + :type source_control: ~azure.mgmt.securityinsight.models.SourceControl or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: SourceControl or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.SourceControl + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.SourceControl] + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(source_control, (IO, bytes)): + _content = source_control + else: + _json = self._serialize.body(source_control, "SourceControl") + + request = build_create_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + source_control_id=source_control_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("SourceControl", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("SourceControl", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + create.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicator_metrics_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicator_metrics_operations.py index 65ea68c9a442..0390a84e50a7 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicator_metrics_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicator_metrics_operations.py @@ -8,7 +8,13 @@ # -------------------------------------------------------------------------- from typing import Any, Callable, Dict, Optional, TypeVar -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) from azure.core.pipeline import PipelineResponse from azure.core.pipeline.transport import AsyncHttpResponse from azure.core.rest import HttpRequest @@ -19,9 +25,11 @@ from ... import models as _models from ..._vendor import _convert_request from ...operations._threat_intelligence_indicator_metrics_operations import build_list_request -T = TypeVar('T') + +T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + class ThreatIntelligenceIndicatorMetricsOperations: """ .. warning:: @@ -41,43 +49,37 @@ def __init__(self, *args, **kwargs) -> None: self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - @distributed_trace_async async def list( - self, - resource_group_name: str, - workspace_name: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, **kwargs: Any ) -> _models.ThreatIntelligenceMetricsList: """Get threat intelligence indicators metrics (Indicators counts by Type, Threat Type, Source). :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: ThreatIntelligenceMetricsList, or the result of cls(response) + :return: ThreatIntelligenceMetricsList or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricsList - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.ThreatIntelligenceMetricsList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.ThreatIntelligenceMetricsList] - request = build_list_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.list.metadata['url'], + template_url=self.list.metadata["url"], headers=_headers, params=_params, ) @@ -85,22 +87,20 @@ async def list( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('ThreatIntelligenceMetricsList', pipeline_response) + deserialized = self._deserialize("ThreatIntelligenceMetricsList", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - list.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/metrics"} # type: ignore - + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/metrics"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicator_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicator_operations.py index 84afbc1b1fce..87455fcb8a95 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicator_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicator_operations.py @@ -6,10 +6,17 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload +from urllib.parse import parse_qs, urljoin, urlparse from azure.core.async_paging import AsyncItemPaged, AsyncList -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) from azure.core.pipeline import PipelineResponse from azure.core.pipeline.transport import AsyncHttpResponse from azure.core.rest import HttpRequest @@ -20,10 +27,20 @@ from ... import models as _models from ..._vendor import _convert_request -from ...operations._threat_intelligence_indicator_operations import build_append_tags_request, build_create_indicator_request, build_create_request, build_delete_request, build_get_request, build_query_indicators_request, build_replace_tags_request -T = TypeVar('T') +from ...operations._threat_intelligence_indicator_operations import ( + build_append_tags_request, + build_create_indicator_request, + build_create_request, + build_delete_request, + build_get_request, + build_query_indicators_request, + build_replace_tags_request, +) + +T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + class ThreatIntelligenceIndicatorOperations: """ .. warning:: @@ -43,52 +60,119 @@ def __init__(self, *args, **kwargs) -> None: self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace_async + @overload async def create_indicator( self, resource_group_name: str, workspace_name: str, threat_intelligence_properties: _models.ThreatIntelligenceIndicatorModel, + *, + content_type: str = "application/json", **kwargs: Any ) -> _models.ThreatIntelligenceInformation: """Create a new threat intelligence indicator. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str :param threat_intelligence_properties: Properties of threat intelligence indicators to create - and update. + and update. Required. :type threat_intelligence_properties: ~azure.mgmt.securityinsight.models.ThreatIntelligenceIndicatorModel + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ThreatIntelligenceInformation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def create_indicator( + self, + resource_group_name: str, + workspace_name: str, + threat_intelligence_properties: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.ThreatIntelligenceInformation: + """Create a new threat intelligence indicator. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param threat_intelligence_properties: Properties of threat intelligence indicators to create + and update. Required. + :type threat_intelligence_properties: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ThreatIntelligenceInformation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def create_indicator( + self, + resource_group_name: str, + workspace_name: str, + threat_intelligence_properties: Union[_models.ThreatIntelligenceIndicatorModel, IO], + **kwargs: Any + ) -> _models.ThreatIntelligenceInformation: + """Create a new threat intelligence indicator. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param threat_intelligence_properties: Properties of threat intelligence indicators to create + and update. Is either a model type or a IO type. Required. + :type threat_intelligence_properties: + ~azure.mgmt.securityinsight.models.ThreatIntelligenceIndicatorModel or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: ThreatIntelligenceInformation, or the result of cls(response) + :return: ThreatIntelligenceInformation or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', "application/json")) # type: Optional[str] - cls = kwargs.pop('cls', None) # type: ClsType[_models.ThreatIntelligenceInformation] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.ThreatIntelligenceInformation] - _json = self._serialize.body(threat_intelligence_properties, 'ThreatIntelligenceIndicatorModel') + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(threat_intelligence_properties, (IO, bytes)): + _content = threat_intelligence_properties + else: + _json = self._serialize.body(threat_intelligence_properties, "ThreatIntelligenceIndicatorModel") request = build_create_indicator_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, + subscription_id=self._config.subscription_id, api_version=api_version, content_type=content_type, json=_json, - template_url=self.create_indicator.metadata['url'], + content=_content, + template_url=self.create_indicator.metadata["url"], headers=_headers, params=_params, ) @@ -96,10 +180,9 @@ async def create_indicator( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 201]: @@ -107,59 +190,52 @@ async def create_indicator( raise HttpResponseError(response=response, error_format=ARMErrorFormat) if response.status_code == 200: - deserialized = self._deserialize('ThreatIntelligenceInformation', pipeline_response) + deserialized = self._deserialize("ThreatIntelligenceInformation", pipeline_response) if response.status_code == 201: - deserialized = self._deserialize('ThreatIntelligenceInformation', pipeline_response) + deserialized = self._deserialize("ThreatIntelligenceInformation", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - create_indicator.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/createIndicator"} # type: ignore - + create_indicator.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/createIndicator"} # type: ignore @distributed_trace_async async def get( - self, - resource_group_name: str, - workspace_name: str, - name: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, name: str, **kwargs: Any ) -> _models.ThreatIntelligenceInformation: """View a threat intelligence indicator by name. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param name: Threat intelligence indicator name field. + :param name: Threat intelligence indicator name field. Required. :type name: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: ThreatIntelligenceInformation, or the result of cls(response) + :return: ThreatIntelligenceInformation or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.ThreatIntelligenceInformation] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.ThreatIntelligenceInformation] - request = build_get_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, name=name, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.get.metadata['url'], + template_url=self.get.metadata["url"], headers=_headers, params=_params, ) @@ -167,75 +243,147 @@ async def get( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('ThreatIntelligenceInformation', pipeline_response) + deserialized = self._deserialize("ThreatIntelligenceInformation", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - get.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}"} # type: ignore + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}"} # type: ignore - - @distributed_trace_async + @overload async def create( self, resource_group_name: str, workspace_name: str, name: str, threat_intelligence_properties: _models.ThreatIntelligenceIndicatorModel, + *, + content_type: str = "application/json", **kwargs: Any ) -> _models.ThreatIntelligenceInformation: """Update a threat Intelligence indicator. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param name: Threat intelligence indicator name field. + :param name: Threat intelligence indicator name field. Required. :type name: str :param threat_intelligence_properties: Properties of threat intelligence indicators to create - and update. + and update. Required. :type threat_intelligence_properties: ~azure.mgmt.securityinsight.models.ThreatIntelligenceIndicatorModel + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: ThreatIntelligenceInformation, or the result of cls(response) + :return: ThreatIntelligenceInformation or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + + @overload + async def create( + self, + resource_group_name: str, + workspace_name: str, + name: str, + threat_intelligence_properties: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.ThreatIntelligenceInformation: + """Update a threat Intelligence indicator. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param name: Threat intelligence indicator name field. Required. + :type name: str + :param threat_intelligence_properties: Properties of threat intelligence indicators to create + and update. Required. + :type threat_intelligence_properties: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ThreatIntelligenceInformation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def create( + self, + resource_group_name: str, + workspace_name: str, + name: str, + threat_intelligence_properties: Union[_models.ThreatIntelligenceIndicatorModel, IO], + **kwargs: Any + ) -> _models.ThreatIntelligenceInformation: + """Update a threat Intelligence indicator. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param name: Threat intelligence indicator name field. Required. + :type name: str + :param threat_intelligence_properties: Properties of threat intelligence indicators to create + and update. Is either a model type or a IO type. Required. + :type threat_intelligence_properties: + ~azure.mgmt.securityinsight.models.ThreatIntelligenceIndicatorModel or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ThreatIntelligenceInformation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', "application/json")) # type: Optional[str] - cls = kwargs.pop('cls', None) # type: ClsType[_models.ThreatIntelligenceInformation] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.ThreatIntelligenceInformation] - _json = self._serialize.body(threat_intelligence_properties, 'ThreatIntelligenceIndicatorModel') + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(threat_intelligence_properties, (IO, bytes)): + _content = threat_intelligence_properties + else: + _json = self._serialize.body(threat_intelligence_properties, "ThreatIntelligenceIndicatorModel") request = build_create_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, name=name, + subscription_id=self._config.subscription_id, api_version=api_version, content_type=content_type, json=_json, - template_url=self.create.metadata['url'], + content=_content, + template_url=self.create.metadata["url"], headers=_headers, params=_params, ) @@ -243,10 +391,9 @@ async def create( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 201]: @@ -254,59 +401,52 @@ async def create( raise HttpResponseError(response=response, error_format=ARMErrorFormat) if response.status_code == 200: - deserialized = self._deserialize('ThreatIntelligenceInformation', pipeline_response) + deserialized = self._deserialize("ThreatIntelligenceInformation", pipeline_response) if response.status_code == 201: - deserialized = self._deserialize('ThreatIntelligenceInformation', pipeline_response) + deserialized = self._deserialize("ThreatIntelligenceInformation", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - create.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}"} # type: ignore - + create.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}"} # type: ignore @distributed_trace_async async def delete( # pylint: disable=inconsistent-return-statements - self, - resource_group_name: str, - workspace_name: str, - name: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, name: str, **kwargs: Any ) -> None: """Delete a threat intelligence indicator. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param name: Threat intelligence indicator name field. + :param name: Threat intelligence indicator name field. Required. :type name: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: None, or the result of cls(response) + :return: None or the result of cls(response) :rtype: None - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[None] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] - request = build_delete_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, name=name, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.delete.metadata['url'], + template_url=self.delete.metadata["url"], headers=_headers, params=_params, ) @@ -314,10 +454,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 204]: @@ -327,57 +466,129 @@ async def delete( # pylint: disable=inconsistent-return-statements if cls: return cls(pipeline_response, None, {}) - delete.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}"} # type: ignore - + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}"} # type: ignore - @distributed_trace + @overload def query_indicators( self, resource_group_name: str, workspace_name: str, threat_intelligence_filtering_criteria: _models.ThreatIntelligenceFilteringCriteria, + *, + content_type: str = "application/json", **kwargs: Any - ) -> AsyncIterable[_models.ThreatIntelligenceInformationList]: + ) -> AsyncIterable["_models.ThreatIntelligenceInformation"]: """Query threat intelligence indicators as per filtering criteria. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str :param threat_intelligence_filtering_criteria: Filtering criteria for querying threat - intelligence indicators. + intelligence indicators. Required. :type threat_intelligence_filtering_criteria: ~azure.mgmt.securityinsight.models.ThreatIntelligenceFilteringCriteria + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either ThreatIntelligenceInformation or the result of + cls(response) + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation] + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def query_indicators( + self, + resource_group_name: str, + workspace_name: str, + threat_intelligence_filtering_criteria: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> AsyncIterable["_models.ThreatIntelligenceInformation"]: + """Query threat intelligence indicators as per filtering criteria. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param threat_intelligence_filtering_criteria: Filtering criteria for querying threat + intelligence indicators. Required. + :type threat_intelligence_filtering_criteria: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either ThreatIntelligenceInformationList or the result of + :return: An iterator like instance of either ThreatIntelligenceInformation or the result of cls(response) :rtype: - ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.ThreatIntelligenceInformationList] - :raises: ~azure.core.exceptions.HttpResponseError + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation] + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def query_indicators( + self, + resource_group_name: str, + workspace_name: str, + threat_intelligence_filtering_criteria: Union[_models.ThreatIntelligenceFilteringCriteria, IO], + **kwargs: Any + ) -> AsyncIterable["_models.ThreatIntelligenceInformation"]: + """Query threat intelligence indicators as per filtering criteria. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param threat_intelligence_filtering_criteria: Filtering criteria for querying threat + intelligence indicators. Is either a model type or a IO type. Required. + :type threat_intelligence_filtering_criteria: + ~azure.mgmt.securityinsight.models.ThreatIntelligenceFilteringCriteria or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either ThreatIntelligenceInformation or the result of + cls(response) + :rtype: + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation] + :raises ~azure.core.exceptions.HttpResponseError: """ _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', "application/json")) # type: Optional[str] - cls = kwargs.pop('cls', None) # type: ClsType[_models.ThreatIntelligenceInformationList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.ThreatIntelligenceInformationList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(threat_intelligence_filtering_criteria, (IO, bytes)): + _content = threat_intelligence_filtering_criteria + else: + _json = self._serialize.body(threat_intelligence_filtering_criteria, "ThreatIntelligenceFilteringCriteria") - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) def prepare_request(next_link=None): if not next_link: - _json = self._serialize.body(threat_intelligence_filtering_criteria, 'ThreatIntelligenceFilteringCriteria') - + request = build_query_indicators_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, + subscription_id=self._config.subscription_id, api_version=api_version, content_type=content_type, json=_json, - template_url=self.query_indicators.metadata['url'], + content=_content, + template_url=self.query_indicators.metadata["url"], headers=_headers, params=_params, ) @@ -385,19 +596,11 @@ def prepare_request(next_link=None): request.url = self._client.format_url(request.url) # type: ignore else: - _json = self._serialize.body(threat_intelligence_filtering_criteria, 'ThreatIntelligenceFilteringCriteria') - - request = build_query_indicators_request( - subscription_id=self._config.subscription_id, - resource_group_name=resource_group_name, - workspace_name=workspace_name, - api_version=api_version, - content_type=content_type, - json=_json, - template_url=next_link, - headers=_headers, - params=_params, - ) + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) request = _convert_request(request) request.url = self._client.format_url(request.url) # type: ignore request.method = "GET" @@ -413,10 +616,8 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) - pipeline_response = await self._client._pipeline.run( # pylint: disable=protected-access - request, - stream=False, - **kwargs + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs ) response = pipeline_response.http_response @@ -426,60 +627,133 @@ async def get_next(next_link=None): return pipeline_response + return AsyncItemPaged(get_next, extract_data) - return AsyncItemPaged( - get_next, extract_data - ) - query_indicators.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/queryIndicators"} # type: ignore + query_indicators.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/queryIndicators"} # type: ignore - @distributed_trace_async + @overload async def append_tags( # pylint: disable=inconsistent-return-statements self, resource_group_name: str, workspace_name: str, name: str, threat_intelligence_append_tags: _models.ThreatIntelligenceAppendTags, + *, + content_type: str = "application/json", **kwargs: Any ) -> None: """Append tags to a threat intelligence indicator. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param name: Threat intelligence indicator name field. + :param name: Threat intelligence indicator name field. Required. :type name: str :param threat_intelligence_append_tags: The threat intelligence append tags request body. + Required. :type threat_intelligence_append_tags: ~azure.mgmt.securityinsight.models.ThreatIntelligenceAppendTags + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def append_tags( # pylint: disable=inconsistent-return-statements + self, + resource_group_name: str, + workspace_name: str, + name: str, + threat_intelligence_append_tags: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> None: + """Append tags to a threat intelligence indicator. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param name: Threat intelligence indicator name field. Required. + :type name: str + :param threat_intelligence_append_tags: The threat intelligence append tags request body. + Required. + :type threat_intelligence_append_tags: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def append_tags( # pylint: disable=inconsistent-return-statements + self, + resource_group_name: str, + workspace_name: str, + name: str, + threat_intelligence_append_tags: Union[_models.ThreatIntelligenceAppendTags, IO], + **kwargs: Any + ) -> None: + """Append tags to a threat intelligence indicator. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param name: Threat intelligence indicator name field. Required. + :type name: str + :param threat_intelligence_append_tags: The threat intelligence append tags request body. Is + either a model type or a IO type. Required. + :type threat_intelligence_append_tags: + ~azure.mgmt.securityinsight.models.ThreatIntelligenceAppendTags or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: None, or the result of cls(response) + :return: None or the result of cls(response) :rtype: None - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', "application/json")) # type: Optional[str] - cls = kwargs.pop('cls', None) # type: ClsType[None] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[None] - _json = self._serialize.body(threat_intelligence_append_tags, 'ThreatIntelligenceAppendTags') + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(threat_intelligence_append_tags, (IO, bytes)): + _content = threat_intelligence_append_tags + else: + _json = self._serialize.body(threat_intelligence_append_tags, "ThreatIntelligenceAppendTags") request = build_append_tags_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, name=name, + subscription_id=self._config.subscription_id, api_version=api_version, content_type=content_type, json=_json, - template_url=self.append_tags.metadata['url'], + content=_content, + template_url=self.append_tags.metadata["url"], headers=_headers, params=_params, ) @@ -487,10 +761,9 @@ async def append_tags( # pylint: disable=inconsistent-return-statements request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: @@ -500,58 +773,131 @@ async def append_tags( # pylint: disable=inconsistent-return-statements if cls: return cls(pipeline_response, None, {}) - append_tags.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/appendTags"} # type: ignore + append_tags.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/appendTags"} # type: ignore - - @distributed_trace_async + @overload async def replace_tags( self, resource_group_name: str, workspace_name: str, name: str, threat_intelligence_replace_tags: _models.ThreatIntelligenceIndicatorModel, + *, + content_type: str = "application/json", **kwargs: Any ) -> _models.ThreatIntelligenceInformation: """Replace tags added to a threat intelligence indicator. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param name: Threat intelligence indicator name field. + :param name: Threat intelligence indicator name field. Required. :type name: str :param threat_intelligence_replace_tags: Tags in the threat intelligence indicator to be - replaced. + replaced. Required. :type threat_intelligence_replace_tags: ~azure.mgmt.securityinsight.models.ThreatIntelligenceIndicatorModel + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: ThreatIntelligenceInformation, or the result of cls(response) + :return: ThreatIntelligenceInformation or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + + @overload + async def replace_tags( + self, + resource_group_name: str, + workspace_name: str, + name: str, + threat_intelligence_replace_tags: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.ThreatIntelligenceInformation: + """Replace tags added to a threat intelligence indicator. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param name: Threat intelligence indicator name field. Required. + :type name: str + :param threat_intelligence_replace_tags: Tags in the threat intelligence indicator to be + replaced. Required. + :type threat_intelligence_replace_tags: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ThreatIntelligenceInformation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def replace_tags( + self, + resource_group_name: str, + workspace_name: str, + name: str, + threat_intelligence_replace_tags: Union[_models.ThreatIntelligenceIndicatorModel, IO], + **kwargs: Any + ) -> _models.ThreatIntelligenceInformation: + """Replace tags added to a threat intelligence indicator. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param name: Threat intelligence indicator name field. Required. + :type name: str + :param threat_intelligence_replace_tags: Tags in the threat intelligence indicator to be + replaced. Is either a model type or a IO type. Required. + :type threat_intelligence_replace_tags: + ~azure.mgmt.securityinsight.models.ThreatIntelligenceIndicatorModel or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ThreatIntelligenceInformation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', "application/json")) # type: Optional[str] - cls = kwargs.pop('cls', None) # type: ClsType[_models.ThreatIntelligenceInformation] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.ThreatIntelligenceInformation] - _json = self._serialize.body(threat_intelligence_replace_tags, 'ThreatIntelligenceIndicatorModel') + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(threat_intelligence_replace_tags, (IO, bytes)): + _content = threat_intelligence_replace_tags + else: + _json = self._serialize.body(threat_intelligence_replace_tags, "ThreatIntelligenceIndicatorModel") request = build_replace_tags_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, name=name, + subscription_id=self._config.subscription_id, api_version=api_version, content_type=content_type, json=_json, - template_url=self.replace_tags.metadata['url'], + content=_content, + template_url=self.replace_tags.metadata["url"], headers=_headers, params=_params, ) @@ -559,22 +905,20 @@ async def replace_tags( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('ThreatIntelligenceInformation', pipeline_response) + deserialized = self._deserialize("ThreatIntelligenceInformation", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - replace_tags.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/replaceTags"} # type: ignore - + replace_tags.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/replaceTags"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicators_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicators_operations.py index 18623eb91abb..3ca0a87a8725 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicators_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_threat_intelligence_indicators_operations.py @@ -7,9 +7,16 @@ # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar +from urllib.parse import parse_qs, urljoin, urlparse from azure.core.async_paging import AsyncItemPaged, AsyncList -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) from azure.core.pipeline import PipelineResponse from azure.core.pipeline.transport import AsyncHttpResponse from azure.core.rest import HttpRequest @@ -20,9 +27,11 @@ from ... import models as _models from ..._vendor import _convert_request from ...operations._threat_intelligence_indicators_operations import build_list_request -T = TypeVar('T') + +T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + class ThreatIntelligenceIndicatorsOperations: """ .. warning:: @@ -42,27 +51,29 @@ def __init__(self, *args, **kwargs) -> None: self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - @distributed_trace def list( self, resource_group_name: str, workspace_name: str, filter: Optional[str] = None, + orderby: Optional[str] = None, top: Optional[int] = None, skip_token: Optional[str] = None, - orderby: Optional[str] = None, **kwargs: Any - ) -> AsyncIterable[_models.ThreatIntelligenceInformationList]: + ) -> AsyncIterable["_models.ThreatIntelligenceInformation"]: """Get all threat intelligence indicators. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str :param filter: Filters the results, based on a Boolean condition. Optional. Default value is None. :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str :param top: Returns only the first n results. Optional. Default value is None. :type top: int :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If @@ -70,38 +81,35 @@ def list( a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. Default value is None. :type skip_token: str - :param orderby: Sorts the results. Optional. Default value is None. - :type orderby: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either ThreatIntelligenceInformationList or the result of + :return: An iterator like instance of either ThreatIntelligenceInformation or the result of cls(response) :rtype: - ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.ThreatIntelligenceInformationList] - :raises: ~azure.core.exceptions.HttpResponseError + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation] + :raises ~azure.core.exceptions.HttpResponseError: """ _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.ThreatIntelligenceInformationList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.ThreatIntelligenceInformationList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) def prepare_request(next_link=None): if not next_link: - + request = build_list_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, - api_version=api_version, + subscription_id=self._config.subscription_id, filter=filter, + orderby=orderby, top=top, skip_token=skip_token, - orderby=orderby, - template_url=self.list.metadata['url'], + api_version=api_version, + template_url=self.list.metadata["url"], headers=_headers, params=_params, ) @@ -109,20 +117,11 @@ def prepare_request(next_link=None): request.url = self._client.format_url(request.url) # type: ignore else: - - request = build_list_request( - subscription_id=self._config.subscription_id, - resource_group_name=resource_group_name, - workspace_name=workspace_name, - api_version=api_version, - filter=filter, - top=top, - skip_token=skip_token, - orderby=orderby, - template_url=next_link, - headers=_headers, - params=_params, - ) + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) request = _convert_request(request) request.url = self._client.format_url(request.url) # type: ignore request.method = "GET" @@ -138,10 +137,8 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) - pipeline_response = await self._client._pipeline.run( # pylint: disable=protected-access - request, - stream=False, - **kwargs + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs ) response = pipeline_response.http_response @@ -151,8 +148,6 @@ async def get_next(next_link=None): return pipeline_response + return AsyncItemPaged(get_next, extract_data) - return AsyncItemPaged( - get_next, extract_data - ) - list.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators"} # type: ignore + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_watchlist_items_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_watchlist_items_operations.py index aafb0ac78ae4..2a96d7f3b7e3 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_watchlist_items_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_watchlist_items_operations.py @@ -6,10 +6,17 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload +from urllib.parse import parse_qs, urljoin, urlparse from azure.core.async_paging import AsyncItemPaged, AsyncList -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) from azure.core.pipeline import PipelineResponse from azure.core.pipeline.transport import AsyncHttpResponse from azure.core.rest import HttpRequest @@ -20,10 +27,17 @@ from ... import models as _models from ..._vendor import _convert_request -from ...operations._watchlist_items_operations import build_create_or_update_request, build_delete_request, build_get_request, build_list_request -T = TypeVar('T') +from ...operations._watchlist_items_operations import ( + build_create_or_update_request, + build_delete_request, + build_get_request, + build_list_request, +) + +T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + class WatchlistItemsOperations: """ .. warning:: @@ -43,7 +57,6 @@ def __init__(self, *args, **kwargs) -> None: self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - @distributed_trace def list( self, @@ -52,14 +65,15 @@ def list( watchlist_alias: str, skip_token: Optional[str] = None, **kwargs: Any - ) -> AsyncIterable[_models.WatchlistItemList]: - """Get all watchlist Items. + ) -> AsyncIterable["_models.WatchlistItem"]: + """Gets all watchlist Items. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: The watchlist alias. + :param watchlist_alias: Watchlist Alias. Required. :type watchlist_alias: str :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include @@ -67,32 +81,31 @@ def list( Default value is None. :type skip_token: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either WatchlistItemList or the result of cls(response) + :return: An iterator like instance of either WatchlistItem or the result of cls(response) :rtype: - ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.WatchlistItemList] - :raises: ~azure.core.exceptions.HttpResponseError + ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.WatchlistItem] + :raises ~azure.core.exceptions.HttpResponseError: """ _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.WatchlistItemList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.WatchlistItemList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) def prepare_request(next_link=None): if not next_link: - + request = build_list_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, watchlist_alias=watchlist_alias, - api_version=api_version, + subscription_id=self._config.subscription_id, skip_token=skip_token, - template_url=self.list.metadata['url'], + api_version=api_version, + template_url=self.list.metadata["url"], headers=_headers, params=_params, ) @@ -100,18 +113,11 @@ def prepare_request(next_link=None): request.url = self._client.format_url(request.url) # type: ignore else: - - request = build_list_request( - subscription_id=self._config.subscription_id, - resource_group_name=resource_group_name, - workspace_name=workspace_name, - watchlist_alias=watchlist_alias, - api_version=api_version, - skip_token=skip_token, - template_url=next_link, - headers=_headers, - params=_params, - ) + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) request = _convert_request(request) request.url = self._client.format_url(request.url) # type: ignore request.method = "GET" @@ -127,10 +133,8 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) - pipeline_response = await self._client._pipeline.run( # pylint: disable=protected-access - request, - stream=False, - **kwargs + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs ) response = pipeline_response.http_response @@ -140,56 +144,47 @@ async def get_next(next_link=None): return pipeline_response + return AsyncItemPaged(get_next, extract_data) - return AsyncItemPaged( - get_next, extract_data - ) - list.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems"} # type: ignore + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems"} # type: ignore @distributed_trace_async async def get( - self, - resource_group_name: str, - workspace_name: str, - watchlist_alias: str, - watchlist_item_id: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, watchlist_alias: str, watchlist_item_id: str, **kwargs: Any ) -> _models.WatchlistItem: - """Get a watchlist item. + """Gets a watchlist, without its watchlist items. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: The watchlist alias. + :param watchlist_alias: Watchlist Alias. Required. :type watchlist_alias: str - :param watchlist_item_id: The watchlist item id (GUID). + :param watchlist_item_id: Watchlist Item Id (GUID). Required. :type watchlist_item_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: WatchlistItem, or the result of cls(response) + :return: WatchlistItem or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.WatchlistItem - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.WatchlistItem] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.WatchlistItem] - request = build_get_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, watchlist_alias=watchlist_alias, watchlist_item_id=watchlist_item_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.get.metadata['url'], + template_url=self.get.metadata["url"], headers=_headers, params=_params, ) @@ -197,70 +192,61 @@ async def get( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('WatchlistItem', pipeline_response) + deserialized = self._deserialize("WatchlistItem", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - get.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}"} # type: ignore - + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}"} # type: ignore @distributed_trace_async async def delete( # pylint: disable=inconsistent-return-statements - self, - resource_group_name: str, - workspace_name: str, - watchlist_alias: str, - watchlist_item_id: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, watchlist_alias: str, watchlist_item_id: str, **kwargs: Any ) -> None: """Delete a watchlist item. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: The watchlist alias. + :param watchlist_alias: Watchlist Alias. Required. :type watchlist_alias: str - :param watchlist_item_id: The watchlist item id (GUID). + :param watchlist_item_id: Watchlist Item Id (GUID). Required. :type watchlist_item_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: None, or the result of cls(response) + :return: None or the result of cls(response) :rtype: None - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[None] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] - request = build_delete_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, watchlist_alias=watchlist_alias, watchlist_item_id=watchlist_item_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.delete.metadata['url'], + template_url=self.delete.metadata["url"], headers=_headers, params=_params, ) @@ -268,10 +254,9 @@ async def delete( # pylint: disable=inconsistent-return-statements request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 204]: @@ -281,10 +266,9 @@ async def delete( # pylint: disable=inconsistent-return-statements if cls: return cls(pipeline_response, None, {}) - delete.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}"} # type: ignore - + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}"} # type: ignore - @distributed_trace_async + @overload async def create_or_update( self, resource_group_name: str, @@ -292,49 +276,126 @@ async def create_or_update( watchlist_alias: str, watchlist_item_id: str, watchlist_item: _models.WatchlistItem, + *, + content_type: str = "application/json", **kwargs: Any ) -> _models.WatchlistItem: - """Create or update a watchlist item. + """Creates or updates a watchlist item. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: The watchlist alias. + :param watchlist_alias: Watchlist Alias. Required. :type watchlist_alias: str - :param watchlist_item_id: The watchlist item id (GUID). + :param watchlist_item_id: Watchlist Item Id (GUID). Required. :type watchlist_item_id: str - :param watchlist_item: The watchlist item. + :param watchlist_item: The watchlist item. Required. :type watchlist_item: ~azure.mgmt.securityinsight.models.WatchlistItem + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WatchlistItem or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WatchlistItem + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + watchlist_alias: str, + watchlist_item_id: str, + watchlist_item: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.WatchlistItem: + """Creates or updates a watchlist item. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param watchlist_alias: Watchlist Alias. Required. + :type watchlist_alias: str + :param watchlist_item_id: Watchlist Item Id (GUID). Required. + :type watchlist_item_id: str + :param watchlist_item: The watchlist item. Required. + :type watchlist_item: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: WatchlistItem, or the result of cls(response) + :return: WatchlistItem or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.WatchlistItem - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + + @distributed_trace_async + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + watchlist_alias: str, + watchlist_item_id: str, + watchlist_item: Union[_models.WatchlistItem, IO], + **kwargs: Any + ) -> _models.WatchlistItem: + """Creates or updates a watchlist item. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param watchlist_alias: Watchlist Alias. Required. + :type watchlist_alias: str + :param watchlist_item_id: Watchlist Item Id (GUID). Required. + :type watchlist_item_id: str + :param watchlist_item: The watchlist item. Is either a model type or a IO type. Required. + :type watchlist_item: ~azure.mgmt.securityinsight.models.WatchlistItem or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WatchlistItem or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WatchlistItem + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', "application/json")) # type: Optional[str] - cls = kwargs.pop('cls', None) # type: ClsType[_models.WatchlistItem] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.WatchlistItem] - _json = self._serialize.body(watchlist_item, 'WatchlistItem') + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(watchlist_item, (IO, bytes)): + _content = watchlist_item + else: + _json = self._serialize.body(watchlist_item, "WatchlistItem") request = build_create_or_update_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, watchlist_alias=watchlist_alias, watchlist_item_id=watchlist_item_id, + subscription_id=self._config.subscription_id, api_version=api_version, content_type=content_type, json=_json, - template_url=self.create_or_update.metadata['url'], + content=_content, + template_url=self.create_or_update.metadata["url"], headers=_headers, params=_params, ) @@ -342,10 +403,9 @@ async def create_or_update( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 201]: @@ -353,15 +413,14 @@ async def create_or_update( raise HttpResponseError(response=response, error_format=ARMErrorFormat) if response.status_code == 200: - deserialized = self._deserialize('WatchlistItem', pipeline_response) + deserialized = self._deserialize("WatchlistItem", pipeline_response) if response.status_code == 201: - deserialized = self._deserialize('WatchlistItem', pipeline_response) + deserialized = self._deserialize("WatchlistItem", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - create_or_update.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}"} # type: ignore - + create_or_update.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_watchlists_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_watchlists_operations.py index e71b8c00ec10..cbde06c0651d 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_watchlists_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/aio/operations/_watchlists_operations.py @@ -6,10 +6,17 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -from typing import Any, AsyncIterable, Callable, Dict, Optional, TypeVar +from typing import Any, AsyncIterable, Callable, Dict, IO, Optional, TypeVar, Union, overload +from urllib.parse import parse_qs, urljoin, urlparse from azure.core.async_paging import AsyncItemPaged, AsyncList -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) from azure.core.pipeline import PipelineResponse from azure.core.pipeline.transport import AsyncHttpResponse from azure.core.rest import HttpRequest @@ -20,10 +27,17 @@ from ... import models as _models from ..._vendor import _convert_request -from ...operations._watchlists_operations import build_create_or_update_request, build_delete_request, build_get_request, build_list_request -T = TypeVar('T') +from ...operations._watchlists_operations import ( + build_create_or_update_request, + build_delete_request, + build_get_request, + build_list_request, +) + +T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, AsyncHttpResponse], T, Dict[str, Any]], Any]] + class WatchlistsOperations: """ .. warning:: @@ -43,20 +57,16 @@ def __init__(self, *args, **kwargs) -> None: self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - @distributed_trace def list( - self, - resource_group_name: str, - workspace_name: str, - skip_token: Optional[str] = None, - **kwargs: Any - ) -> AsyncIterable[_models.WatchlistList]: - """Get all watchlists, without watchlist items. + self, resource_group_name: str, workspace_name: str, skip_token: Optional[str] = None, **kwargs: Any + ) -> AsyncIterable["_models.Watchlist"]: + """Gets all watchlists, without watchlist items. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include @@ -64,31 +74,29 @@ def list( Default value is None. :type skip_token: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either WatchlistList or the result of cls(response) - :rtype: - ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.WatchlistList] - :raises: ~azure.core.exceptions.HttpResponseError + :return: An iterator like instance of either Watchlist or the result of cls(response) + :rtype: ~azure.core.async_paging.AsyncItemPaged[~azure.mgmt.securityinsight.models.Watchlist] + :raises ~azure.core.exceptions.HttpResponseError: """ _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.WatchlistList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.WatchlistList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) def prepare_request(next_link=None): if not next_link: - + request = build_list_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, - api_version=api_version, + subscription_id=self._config.subscription_id, skip_token=skip_token, - template_url=self.list.metadata['url'], + api_version=api_version, + template_url=self.list.metadata["url"], headers=_headers, params=_params, ) @@ -96,17 +104,11 @@ def prepare_request(next_link=None): request.url = self._client.format_url(request.url) # type: ignore else: - - request = build_list_request( - subscription_id=self._config.subscription_id, - resource_group_name=resource_group_name, - workspace_name=workspace_name, - api_version=api_version, - skip_token=skip_token, - template_url=next_link, - headers=_headers, - params=_params, - ) + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) request = _convert_request(request) request.url = self._client.format_url(request.url) # type: ignore request.method = "GET" @@ -122,10 +124,8 @@ async def extract_data(pipeline_response): async def get_next(next_link=None): request = prepare_request(next_link) - pipeline_response = await self._client._pipeline.run( # pylint: disable=protected-access - request, - stream=False, - **kwargs + pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs ) response = pipeline_response.http_response @@ -135,52 +135,44 @@ async def get_next(next_link=None): return pipeline_response + return AsyncItemPaged(get_next, extract_data) - return AsyncItemPaged( - get_next, extract_data - ) - list.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists"} # type: ignore + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists"} # type: ignore @distributed_trace_async async def get( - self, - resource_group_name: str, - workspace_name: str, - watchlist_alias: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, watchlist_alias: str, **kwargs: Any ) -> _models.Watchlist: - """Get a watchlist, without its watchlist items. + """Gets a watchlist, without its watchlist items. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: The watchlist alias. + :param watchlist_alias: Watchlist Alias. Required. :type watchlist_alias: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: Watchlist, or the result of cls(response) + :return: Watchlist or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.Watchlist - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.Watchlist] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.Watchlist] - request = build_get_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, watchlist_alias=watchlist_alias, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.get.metadata['url'], + template_url=self.get.metadata["url"], headers=_headers, params=_params, ) @@ -188,66 +180,58 @@ async def get( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('Watchlist', pipeline_response) + deserialized = self._deserialize("Watchlist", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - get.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}"} # type: ignore - + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}"} # type: ignore @distributed_trace_async async def delete( # pylint: disable=inconsistent-return-statements - self, - resource_group_name: str, - workspace_name: str, - watchlist_alias: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, watchlist_alias: str, **kwargs: Any ) -> None: """Delete a watchlist. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: The watchlist alias. + :param watchlist_alias: Watchlist Alias. Required. :type watchlist_alias: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: None, or the result of cls(response) + :return: None or the result of cls(response) :rtype: None - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[None] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] - request = build_delete_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, watchlist_alias=watchlist_alias, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.delete.metadata['url'], + template_url=self.delete.metadata["url"], headers=_headers, params=_params, ) @@ -255,71 +239,159 @@ async def delete( # pylint: disable=inconsistent-return-statements request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 204]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - if cls: - return cls(pipeline_response, None, {}) + response_headers = {} + if response.status_code == 200: + response_headers["Azure-AsyncOperation"] = self._deserialize( + "str", response.headers.get("Azure-AsyncOperation") + ) - delete.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}"} # type: ignore + if cls: + return cls(pipeline_response, None, response_headers) + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}"} # type: ignore - @distributed_trace_async + @overload async def create_or_update( self, resource_group_name: str, workspace_name: str, watchlist_alias: str, watchlist: _models.Watchlist, + *, + content_type: str = "application/json", **kwargs: Any ) -> _models.Watchlist: """Create or update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv - content type). To create a Watchlist and its Items, we should call this endpoint with - rawContent and contentType properties. + content type). To create a Watchlist and its Items, we should call this endpoint with either + rawContent or a valid SAR URI and contentType properties. The rawContent is mainly used for + small watchlist (content size below 3.8 MB). The SAS URI enables the creation of large + watchlist, where the content size can go up to 500 MB. The status of processing such large file + can be polled through the URL returned in Azure-AsyncOperation header. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: The watchlist alias. + :param watchlist_alias: Watchlist Alias. Required. :type watchlist_alias: str - :param watchlist: The watchlist. + :param watchlist: The watchlist. Required. :type watchlist: ~azure.mgmt.securityinsight.models.Watchlist + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: Watchlist, or the result of cls(response) + :return: Watchlist or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.Watchlist - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + + @overload + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + watchlist_alias: str, + watchlist: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.Watchlist: + """Create or update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv + content type). To create a Watchlist and its Items, we should call this endpoint with either + rawContent or a valid SAR URI and contentType properties. The rawContent is mainly used for + small watchlist (content size below 3.8 MB). The SAS URI enables the creation of large + watchlist, where the content size can go up to 500 MB. The status of processing such large file + can be polled through the URL returned in Azure-AsyncOperation header. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param watchlist_alias: Watchlist Alias. Required. + :type watchlist_alias: str + :param watchlist: The watchlist. Required. + :type watchlist: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Watchlist or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Watchlist + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace_async + async def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + watchlist_alias: str, + watchlist: Union[_models.Watchlist, IO], + **kwargs: Any + ) -> _models.Watchlist: + """Create or update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv + content type). To create a Watchlist and its Items, we should call this endpoint with either + rawContent or a valid SAR URI and contentType properties. The rawContent is mainly used for + small watchlist (content size below 3.8 MB). The SAS URI enables the creation of large + watchlist, where the content size can go up to 500 MB. The status of processing such large file + can be polled through the URL returned in Azure-AsyncOperation header. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param watchlist_alias: Watchlist Alias. Required. + :type watchlist_alias: str + :param watchlist: The watchlist. Is either a model type or a IO type. Required. + :type watchlist: ~azure.mgmt.securityinsight.models.Watchlist or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Watchlist or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Watchlist + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', "application/json")) # type: Optional[str] - cls = kwargs.pop('cls', None) # type: ClsType[_models.Watchlist] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.Watchlist] - _json = self._serialize.body(watchlist, 'Watchlist') + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(watchlist, (IO, bytes)): + _content = watchlist + else: + _json = self._serialize.body(watchlist, "Watchlist") request = build_create_or_update_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, watchlist_alias=watchlist_alias, + subscription_id=self._config.subscription_id, api_version=api_version, content_type=content_type, json=_json, - template_url=self.create_or_update.metadata['url'], + content=_content, + template_url=self.create_or_update.metadata["url"], headers=_headers, params=_params, ) @@ -327,26 +399,29 @@ async def create_or_update( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = await self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 201]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) + response_headers = {} if response.status_code == 200: - deserialized = self._deserialize('Watchlist', pipeline_response) + deserialized = self._deserialize("Watchlist", pipeline_response) if response.status_code == 201: - deserialized = self._deserialize('Watchlist', pipeline_response) + response_headers["Azure-AsyncOperation"] = self._deserialize( + "str", response.headers.get("Azure-AsyncOperation") + ) + + deserialized = self._deserialize("Watchlist", pipeline_response) if cls: - return cls(pipeline_response, deserialized, {}) + return cls(pipeline_response, deserialized, response_headers) return deserialized - create_or_update.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}"} # type: ignore - + create_or_update.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py index 69a7d77dd9b7..a16c2475d064 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/__init__.py @@ -6,8 +6,15 @@ # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- +from ._models_py3 import AADCheckRequirements +from ._models_py3 import AADCheckRequirementsProperties from ._models_py3 import AADDataConnector +from ._models_py3 import AADDataConnectorProperties +from ._models_py3 import AATPCheckRequirements +from ._models_py3 import AATPCheckRequirementsProperties from ._models_py3 import AATPDataConnector +from ._models_py3 import AATPDataConnectorProperties +from ._models_py3 import ASCCheckRequirements from ._models_py3 import ASCDataConnector from ._models_py3 import ASCDataConnectorProperties from ._models_py3 import AccountEntity @@ -18,51 +25,158 @@ from ._models_py3 import ActionResponse from ._models_py3 import ActionResponseProperties from ._models_py3 import ActionsList +from ._models_py3 import ActivityCustomEntityQuery +from ._models_py3 import ActivityEntityQueriesPropertiesQueryDefinitions +from ._models_py3 import ActivityEntityQuery +from ._models_py3 import ActivityEntityQueryTemplate +from ._models_py3 import ActivityEntityQueryTemplatePropertiesQueryDefinitions +from ._models_py3 import ActivityTimelineItem from ._models_py3 import AlertDetailsOverride from ._models_py3 import AlertRule from ._models_py3 import AlertRuleTemplate from ._models_py3 import AlertRuleTemplateDataSource +from ._models_py3 import AlertRuleTemplatePropertiesBase +from ._models_py3 import AlertRuleTemplateWithMitreProperties from ._models_py3 import AlertRuleTemplatesList from ._models_py3 import AlertRulesList from ._models_py3 import AlertsDataTypeOfDataConnector +from ._models_py3 import Anomalies +from ._models_py3 import AnomalySecurityMLAnalyticsSettings +from ._models_py3 import AnomalyTimelineItem from ._models_py3 import AutomationRule from ._models_py3 import AutomationRuleAction +from ._models_py3 import AutomationRuleBooleanCondition from ._models_py3 import AutomationRuleCondition from ._models_py3 import AutomationRuleModifyPropertiesAction +from ._models_py3 import AutomationRulePropertyArrayChangedValuesCondition +from ._models_py3 import AutomationRulePropertyArrayValuesCondition +from ._models_py3 import AutomationRulePropertyValuesChangedCondition from ._models_py3 import AutomationRulePropertyValuesCondition from ._models_py3 import AutomationRuleRunPlaybookAction from ._models_py3 import AutomationRuleTriggeringLogic from ._models_py3 import AutomationRulesList +from ._models_py3 import Availability +from ._models_py3 import AwsCloudTrailCheckRequirements from ._models_py3 import AwsCloudTrailDataConnector from ._models_py3 import AwsCloudTrailDataConnectorDataTypes from ._models_py3 import AwsCloudTrailDataConnectorDataTypesLogs +from ._models_py3 import AwsS3CheckRequirements +from ._models_py3 import AwsS3DataConnector +from ._models_py3 import AwsS3DataConnectorDataTypes +from ._models_py3 import AwsS3DataConnectorDataTypesLogs +from ._models_py3 import AzureDevOpsResourceInfo from ._models_py3 import AzureResourceEntity from ._models_py3 import AzureResourceEntityProperties from ._models_py3 import Bookmark +from ._models_py3 import BookmarkEntityMappings +from ._models_py3 import BookmarkExpandParameters +from ._models_py3 import BookmarkExpandResponse +from ._models_py3 import BookmarkExpandResponseValue from ._models_py3 import BookmarkList +from ._models_py3 import BookmarkTimelineItem +from ._models_py3 import BooleanConditionProperties from ._models_py3 import ClientInfo from ._models_py3 import CloudApplicationEntity from ._models_py3 import CloudApplicationEntityProperties from ._models_py3 import CloudErrorBody +from ._models_py3 import CodelessApiPollingDataConnector +from ._models_py3 import CodelessConnectorPollingAuthProperties +from ._models_py3 import CodelessConnectorPollingConfigProperties +from ._models_py3 import CodelessConnectorPollingPagingProperties +from ._models_py3 import CodelessConnectorPollingRequestProperties +from ._models_py3 import CodelessConnectorPollingResponseProperties +from ._models_py3 import CodelessUiConnectorConfigProperties +from ._models_py3 import CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem +from ._models_py3 import CodelessUiConnectorConfigPropertiesDataTypesItem +from ._models_py3 import CodelessUiConnectorConfigPropertiesGraphQueriesItem +from ._models_py3 import CodelessUiConnectorConfigPropertiesInstructionStepsItem +from ._models_py3 import CodelessUiConnectorConfigPropertiesSampleQueriesItem +from ._models_py3 import CodelessUiDataConnector +from ._models_py3 import ConnectedEntity +from ._models_py3 import ConnectivityCriteria +from ._models_py3 import ConnectorInstructionModelBase +from ._models_py3 import ContentPathMap +from ._models_py3 import CustomEntityQuery +from ._models_py3 import Customs +from ._models_py3 import CustomsPermission from ._models_py3 import DataConnector +from ._models_py3 import DataConnectorConnectBody from ._models_py3 import DataConnectorDataTypeCommon from ._models_py3 import DataConnectorList +from ._models_py3 import DataConnectorRequirementsState from ._models_py3 import DataConnectorTenantId from ._models_py3 import DataConnectorWithAlertsProperties +from ._models_py3 import DataConnectorsCheckRequirements +from ._models_py3 import DataTypeDefinitions +from ._models_py3 import Deployment +from ._models_py3 import DeploymentInfo from ._models_py3 import DnsEntity from ._models_py3 import DnsEntityProperties +from ._models_py3 import Dynamics365CheckRequirements +from ._models_py3 import Dynamics365CheckRequirementsProperties +from ._models_py3 import Dynamics365DataConnector +from ._models_py3 import Dynamics365DataConnectorDataTypes +from ._models_py3 import Dynamics365DataConnectorDataTypesDynamics365CdsActivities +from ._models_py3 import Dynamics365DataConnectorProperties +from ._models_py3 import EnrichmentDomainWhois +from ._models_py3 import EnrichmentDomainWhoisContact +from ._models_py3 import EnrichmentDomainWhoisContacts +from ._models_py3 import EnrichmentDomainWhoisDetails +from ._models_py3 import EnrichmentDomainWhoisRegistrarDetails +from ._models_py3 import EnrichmentIpGeodata from ._models_py3 import Entity +from ._models_py3 import EntityAnalytics from ._models_py3 import EntityCommonProperties +from ._models_py3 import EntityEdges +from ._models_py3 import EntityExpandParameters +from ._models_py3 import EntityExpandResponse +from ._models_py3 import EntityExpandResponseValue +from ._models_py3 import EntityFieldMapping +from ._models_py3 import EntityGetInsightsParameters +from ._models_py3 import EntityGetInsightsResponse +from ._models_py3 import EntityInsightItem +from ._models_py3 import EntityInsightItemQueryTimeInterval +from ._models_py3 import EntityList from ._models_py3 import EntityMapping +from ._models_py3 import EntityQuery +from ._models_py3 import EntityQueryItem +from ._models_py3 import EntityQueryItemProperties +from ._models_py3 import EntityQueryItemPropertiesDataTypesItem +from ._models_py3 import EntityQueryList +from ._models_py3 import EntityQueryTemplate +from ._models_py3 import EntityQueryTemplateList +from ._models_py3 import EntityTimelineItem +from ._models_py3 import EntityTimelineParameters +from ._models_py3 import EntityTimelineResponse from ._models_py3 import EventGroupingSettings +from ._models_py3 import ExpansionEntityQuery +from ._models_py3 import ExpansionResultAggregation +from ._models_py3 import ExpansionResultsMetadata +from ._models_py3 import EyesOn from ._models_py3 import FieldMapping from ._models_py3 import FileEntity from ._models_py3 import FileEntityProperties from ._models_py3 import FileHashEntity from ._models_py3 import FileHashEntityProperties +from ._models_py3 import FileImport +from ._models_py3 import FileImportList +from ._models_py3 import FileMetadata from ._models_py3 import FusionAlertRule from ._models_py3 import FusionAlertRuleTemplate +from ._models_py3 import FusionScenarioExclusionPattern +from ._models_py3 import FusionSourceSettings +from ._models_py3 import FusionSourceSubTypeSetting +from ._models_py3 import FusionSubTypeSeverityFilter +from ._models_py3 import FusionSubTypeSeverityFiltersItem +from ._models_py3 import FusionTemplateSourceSetting +from ._models_py3 import FusionTemplateSourceSubType +from ._models_py3 import FusionTemplateSubTypeSeverityFilter from ._models_py3 import GeoLocation +from ._models_py3 import GetInsightsErrorKind +from ._models_py3 import GetInsightsResultsMetadata +from ._models_py3 import GetQueriesResponse +from ._models_py3 import GitHubResourceInfo +from ._models_py3 import GraphQueries from ._models_py3 import GroupingConfiguration from ._models_py3 import HostEntity from ._models_py3 import HostEntityProperties @@ -81,15 +195,52 @@ from ._models_py3 import IncidentLabel from ._models_py3 import IncidentList from ._models_py3 import IncidentOwnerInfo -from ._models_py3 import IncidentOwnerInfoAutoGenerated from ._models_py3 import IncidentPropertiesAction +from ._models_py3 import InsightQueryItem +from ._models_py3 import InsightQueryItemProperties +from ._models_py3 import InsightQueryItemPropertiesAdditionalQuery +from ._models_py3 import InsightQueryItemPropertiesDefaultTimeRange +from ._models_py3 import InsightQueryItemPropertiesReferenceTimeRange +from ._models_py3 import InsightQueryItemPropertiesTableQuery +from ._models_py3 import InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem +from ._models_py3 import InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem +from ._models_py3 import InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem +from ._models_py3 import InsightsTableResult +from ._models_py3 import InsightsTableResultColumnsItem +from ._models_py3 import InstructionSteps +from ._models_py3 import InstructionStepsInstructionsItem +from ._models_py3 import IoTCheckRequirements +from ._models_py3 import IoTDataConnector +from ._models_py3 import IoTDataConnectorProperties from ._models_py3 import IoTDeviceEntity from ._models_py3 import IoTDeviceEntityProperties from ._models_py3 import IpEntity from ._models_py3 import IpEntityProperties +from ._models_py3 import LastDataReceivedDataType +from ._models_py3 import MCASCheckRequirements +from ._models_py3 import MCASCheckRequirementsProperties from ._models_py3 import MCASDataConnector from ._models_py3 import MCASDataConnectorDataTypes +from ._models_py3 import MCASDataConnectorProperties +from ._models_py3 import MDATPCheckRequirements +from ._models_py3 import MDATPCheckRequirementsProperties from ._models_py3 import MDATPDataConnector +from ._models_py3 import MDATPDataConnectorProperties +from ._models_py3 import MLBehaviorAnalyticsAlertRule +from ._models_py3 import MLBehaviorAnalyticsAlertRuleTemplate +from ._models_py3 import MLBehaviorAnalyticsAlertRuleTemplateProperties +from ._models_py3 import MSTICheckRequirements +from ._models_py3 import MSTICheckRequirementsProperties +from ._models_py3 import MSTIDataConnector +from ._models_py3 import MSTIDataConnectorDataTypes +from ._models_py3 import MSTIDataConnectorDataTypesBingSafetyPhishingURL +from ._models_py3 import MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed +from ._models_py3 import MSTIDataConnectorProperties +from ._models_py3 import MTPCheckRequirementsProperties +from ._models_py3 import MTPDataConnector +from ._models_py3 import MTPDataConnectorDataTypes +from ._models_py3 import MTPDataConnectorDataTypesIncidents +from ._models_py3 import MTPDataConnectorProperties from ._models_py3 import MailClusterEntity from ._models_py3 import MailClusterEntityProperties from ._models_py3 import MailMessageEntity @@ -98,30 +249,83 @@ from ._models_py3 import MailboxEntityProperties from ._models_py3 import MalwareEntity from ._models_py3 import MalwareEntityProperties +from ._models_py3 import ManualTriggerRequestBody +from ._models_py3 import MetadataAuthor +from ._models_py3 import MetadataCategories +from ._models_py3 import MetadataDependencies +from ._models_py3 import MetadataList +from ._models_py3 import MetadataModel +from ._models_py3 import MetadataPatch +from ._models_py3 import MetadataSource +from ._models_py3 import MetadataSupport from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRule from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRuleCommonProperties from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRuleProperties from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRuleTemplate +from ._models_py3 import MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties +from ._models_py3 import MtpCheckRequirements +from ._models_py3 import NicEntity +from ._models_py3 import NicEntityProperties +from ._models_py3 import NrtAlertRule +from ._models_py3 import NrtAlertRuleTemplate +from ._models_py3 import NrtAlertRuleTemplateProperties +from ._models_py3 import Office365ProjectCheckRequirements +from ._models_py3 import Office365ProjectCheckRequirementsProperties +from ._models_py3 import Office365ProjectConnectorDataTypes +from ._models_py3 import Office365ProjectConnectorDataTypesLogs +from ._models_py3 import Office365ProjectDataConnector +from ._models_py3 import Office365ProjectDataConnectorProperties +from ._models_py3 import OfficeATPCheckRequirements +from ._models_py3 import OfficeATPCheckRequirementsProperties +from ._models_py3 import OfficeATPDataConnector +from ._models_py3 import OfficeATPDataConnectorProperties +from ._models_py3 import OfficeConsent +from ._models_py3 import OfficeConsentList from ._models_py3 import OfficeDataConnector from ._models_py3 import OfficeDataConnectorDataTypes from ._models_py3 import OfficeDataConnectorDataTypesExchange from ._models_py3 import OfficeDataConnectorDataTypesSharePoint from ._models_py3 import OfficeDataConnectorDataTypesTeams +from ._models_py3 import OfficeDataConnectorProperties +from ._models_py3 import OfficeIRMCheckRequirements +from ._models_py3 import OfficeIRMCheckRequirementsProperties +from ._models_py3 import OfficeIRMDataConnector +from ._models_py3 import OfficeIRMDataConnectorProperties +from ._models_py3 import OfficePowerBICheckRequirements +from ._models_py3 import OfficePowerBICheckRequirementsProperties +from ._models_py3 import OfficePowerBIConnectorDataTypes +from ._models_py3 import OfficePowerBIConnectorDataTypesLogs +from ._models_py3 import OfficePowerBIDataConnector +from ._models_py3 import OfficePowerBIDataConnectorProperties from ._models_py3 import Operation from ._models_py3 import OperationDisplay from ._models_py3 import OperationsList +from ._models_py3 import Permissions +from ._models_py3 import PermissionsCustomsItem +from ._models_py3 import PermissionsResourceProviderItem from ._models_py3 import PlaybookActionProperties from ._models_py3 import ProcessEntity from ._models_py3 import ProcessEntityProperties +from ._models_py3 import PropertyArrayChangedConditionProperties +from ._models_py3 import PropertyArrayConditionProperties +from ._models_py3 import PropertyChangedConditionProperties from ._models_py3 import PropertyConditionProperties +from ._models_py3 import QueryBasedAlertRuleTemplateProperties from ._models_py3 import RegistryKeyEntity from ._models_py3 import RegistryKeyEntityProperties from ._models_py3 import RegistryValueEntity from ._models_py3 import RegistryValueEntityProperties from ._models_py3 import Relation from ._models_py3 import RelationList +from ._models_py3 import Repo +from ._models_py3 import RepoList +from ._models_py3 import Repository +from ._models_py3 import RepositoryResourceInfo +from ._models_py3 import RequiredPermissions from ._models_py3 import Resource +from ._models_py3 import ResourceProvider from ._models_py3 import ResourceWithEtag +from ._models_py3 import SampleQueries from ._models_py3 import ScheduledAlertRule from ._models_py3 import ScheduledAlertRuleCommonProperties from ._models_py3 import ScheduledAlertRuleProperties @@ -129,17 +333,33 @@ from ._models_py3 import SecurityAlert from ._models_py3 import SecurityAlertProperties from ._models_py3 import SecurityAlertPropertiesConfidenceReasonsItem +from ._models_py3 import SecurityAlertTimelineItem from ._models_py3 import SecurityGroupEntity from ._models_py3 import SecurityGroupEntityProperties +from ._models_py3 import SecurityMLAnalyticsSetting +from ._models_py3 import SecurityMLAnalyticsSettingsDataSource +from ._models_py3 import SecurityMLAnalyticsSettingsList from ._models_py3 import SentinelOnboardingState from ._models_py3 import SentinelOnboardingStatesList +from ._models_py3 import SettingList +from ._models_py3 import Settings +from ._models_py3 import SourceControl +from ._models_py3 import SourceControlList from ._models_py3 import SubmissionMailEntity from ._models_py3 import SubmissionMailEntityProperties from ._models_py3 import SystemData +from ._models_py3 import TICheckRequirements +from ._models_py3 import TICheckRequirementsProperties from ._models_py3 import TIDataConnector from ._models_py3 import TIDataConnectorDataTypes from ._models_py3 import TIDataConnectorDataTypesIndicators +from ._models_py3 import TIDataConnectorProperties +from ._models_py3 import TeamInformation +from ._models_py3 import TeamProperties from ._models_py3 import ThreatIntelligence +from ._models_py3 import ThreatIntelligenceAlertRule +from ._models_py3 import ThreatIntelligenceAlertRuleTemplate +from ._models_py3 import ThreatIntelligenceAlertRuleTemplateProperties from ._models_py3 import ThreatIntelligenceAppendTags from ._models_py3 import ThreatIntelligenceExternalReference from ._models_py3 import ThreatIntelligenceFilteringCriteria @@ -156,260 +376,594 @@ from ._models_py3 import ThreatIntelligenceParsedPattern from ._models_py3 import ThreatIntelligenceParsedPatternTypeValue from ._models_py3 import ThreatIntelligenceSortingCriteria +from ._models_py3 import TiTaxiiCheckRequirements +from ._models_py3 import TiTaxiiCheckRequirementsProperties +from ._models_py3 import TiTaxiiDataConnector +from ._models_py3 import TiTaxiiDataConnectorDataTypes +from ._models_py3 import TiTaxiiDataConnectorDataTypesTaxiiClient +from ._models_py3 import TiTaxiiDataConnectorProperties +from ._models_py3 import TimelineAggregation +from ._models_py3 import TimelineError +from ._models_py3 import TimelineResultsMetadata +from ._models_py3 import Ueba from ._models_py3 import UrlEntity from ._models_py3 import UrlEntityProperties from ._models_py3 import UserInfo +from ._models_py3 import ValidationError from ._models_py3 import Watchlist from ._models_py3 import WatchlistItem from ._models_py3 import WatchlistItemList from ._models_py3 import WatchlistList +from ._models_py3 import Webhook - -from ._security_insights_enums import ( - ActionType, - AlertDetail, - AlertRuleKind, - AlertSeverity, - AlertStatus, - AntispamMailDirection, - AttackTactic, - AutomationRulePropertyConditionSupportedOperator, - AutomationRulePropertyConditionSupportedProperty, - ConditionType, - ConfidenceLevel, - ConfidenceScoreStatus, - CreatedByType, - DataConnectorKind, - DataTypeState, - DeliveryAction, - DeliveryLocation, - ElevationToken, - EntityKindEnum, - EntityMappingType, - EventGroupingAggregationKind, - FileHashAlgorithm, - IncidentClassification, - IncidentClassificationReason, - IncidentLabelType, - IncidentSeverity, - IncidentStatus, - KillChainIntent, - MatchingMethod, - MicrosoftSecurityProductName, - OSFamily, - OwnerType, - RegistryHive, - RegistryValueKind, - Source, - TemplateStatus, - ThreatIntelligenceResourceInnerKind, - ThreatIntelligenceSortingOrder, - TriggerOperator, - TriggersOn, - TriggersWhen, -) +from ._security_insights_enums import ActionType +from ._security_insights_enums import AlertDetail +from ._security_insights_enums import AlertRuleKind +from ._security_insights_enums import AlertSeverity +from ._security_insights_enums import AlertStatus +from ._security_insights_enums import AntispamMailDirection +from ._security_insights_enums import AttackTactic +from ._security_insights_enums import AutomationRuleBooleanConditionSupportedOperator +from ._security_insights_enums import AutomationRulePropertyArrayChangedConditionSupportedArrayType +from ._security_insights_enums import AutomationRulePropertyArrayChangedConditionSupportedChangeType +from ._security_insights_enums import AutomationRulePropertyArrayConditionSupportedArrayConditionType +from ._security_insights_enums import AutomationRulePropertyArrayConditionSupportedArrayType +from ._security_insights_enums import AutomationRulePropertyChangedConditionSupportedChangedType +from ._security_insights_enums import AutomationRulePropertyChangedConditionSupportedPropertyType +from ._security_insights_enums import AutomationRulePropertyConditionSupportedOperator +from ._security_insights_enums import AutomationRulePropertyConditionSupportedProperty +from ._security_insights_enums import ConditionType +from ._security_insights_enums import ConfidenceLevel +from ._security_insights_enums import ConfidenceScoreStatus +from ._security_insights_enums import ConnectAuthKind +from ._security_insights_enums import ConnectivityType +from ._security_insights_enums import ContentType +from ._security_insights_enums import CreatedByType +from ._security_insights_enums import CustomEntityQueryKind +from ._security_insights_enums import DataConnectorAuthorizationState +from ._security_insights_enums import DataConnectorKind +from ._security_insights_enums import DataConnectorLicenseState +from ._security_insights_enums import DataTypeState +from ._security_insights_enums import DeleteStatus +from ._security_insights_enums import DeliveryAction +from ._security_insights_enums import DeliveryLocation +from ._security_insights_enums import DeploymentFetchStatus +from ._security_insights_enums import DeploymentResult +from ._security_insights_enums import DeploymentState +from ._security_insights_enums import DeviceImportance +from ._security_insights_enums import ElevationToken +from ._security_insights_enums import EntityItemQueryKind +from ._security_insights_enums import EntityKind +from ._security_insights_enums import EntityMappingType +from ._security_insights_enums import EntityProviders +from ._security_insights_enums import EntityQueryKind +from ._security_insights_enums import EntityQueryTemplateKind +from ._security_insights_enums import EntityTimelineKind +from ._security_insights_enums import EntityType +from ._security_insights_enums import Enum13 +from ._security_insights_enums import Enum15 +from ._security_insights_enums import EventGroupingAggregationKind +from ._security_insights_enums import FileFormat +from ._security_insights_enums import FileHashAlgorithm +from ._security_insights_enums import FileImportContentType +from ._security_insights_enums import FileImportState +from ._security_insights_enums import GetInsightsError +from ._security_insights_enums import IncidentClassification +from ._security_insights_enums import IncidentClassificationReason +from ._security_insights_enums import IncidentLabelType +from ._security_insights_enums import IncidentSeverity +from ._security_insights_enums import IncidentStatus +from ._security_insights_enums import IngestionMode +from ._security_insights_enums import KillChainIntent +from ._security_insights_enums import Kind +from ._security_insights_enums import MatchingMethod +from ._security_insights_enums import MicrosoftSecurityProductName +from ._security_insights_enums import OSFamily +from ._security_insights_enums import Operator +from ._security_insights_enums import OutputType +from ._security_insights_enums import OwnerType +from ._security_insights_enums import PermissionProviderScope +from ._security_insights_enums import PollingFrequency +from ._security_insights_enums import ProviderName +from ._security_insights_enums import RegistryHive +from ._security_insights_enums import RegistryValueKind +from ._security_insights_enums import RepoType +from ._security_insights_enums import SecurityMLAnalyticsSettingsKind +from ._security_insights_enums import SettingKind +from ._security_insights_enums import SettingType +from ._security_insights_enums import SettingsStatus +from ._security_insights_enums import SourceKind +from ._security_insights_enums import SourceType +from ._security_insights_enums import SupportTier +from ._security_insights_enums import TemplateStatus +from ._security_insights_enums import ThreatIntelligenceResourceKindEnum +from ._security_insights_enums import ThreatIntelligenceSortingCriteriaEnum +from ._security_insights_enums import TriggerOperator +from ._security_insights_enums import TriggersOn +from ._security_insights_enums import TriggersWhen +from ._security_insights_enums import UebaDataSources +from ._security_insights_enums import Version from ._patch import __all__ as _patch_all from ._patch import * # type: ignore # pylint: disable=unused-wildcard-import from ._patch import patch_sdk as _patch_sdk + __all__ = [ - 'AADDataConnector', - 'AATPDataConnector', - 'ASCDataConnector', - 'ASCDataConnectorProperties', - 'AccountEntity', - 'AccountEntityProperties', - 'ActionPropertiesBase', - 'ActionRequest', - 'ActionRequestProperties', - 'ActionResponse', - 'ActionResponseProperties', - 'ActionsList', - 'AlertDetailsOverride', - 'AlertRule', - 'AlertRuleTemplate', - 'AlertRuleTemplateDataSource', - 'AlertRuleTemplatesList', - 'AlertRulesList', - 'AlertsDataTypeOfDataConnector', - 'AutomationRule', - 'AutomationRuleAction', - 'AutomationRuleCondition', - 'AutomationRuleModifyPropertiesAction', - 'AutomationRulePropertyValuesCondition', - 'AutomationRuleRunPlaybookAction', - 'AutomationRuleTriggeringLogic', - 'AutomationRulesList', - 'AwsCloudTrailDataConnector', - 'AwsCloudTrailDataConnectorDataTypes', - 'AwsCloudTrailDataConnectorDataTypesLogs', - 'AzureResourceEntity', - 'AzureResourceEntityProperties', - 'Bookmark', - 'BookmarkList', - 'ClientInfo', - 'CloudApplicationEntity', - 'CloudApplicationEntityProperties', - 'CloudErrorBody', - 'DataConnector', - 'DataConnectorDataTypeCommon', - 'DataConnectorList', - 'DataConnectorTenantId', - 'DataConnectorWithAlertsProperties', - 'DnsEntity', - 'DnsEntityProperties', - 'Entity', - 'EntityCommonProperties', - 'EntityMapping', - 'EventGroupingSettings', - 'FieldMapping', - 'FileEntity', - 'FileEntityProperties', - 'FileHashEntity', - 'FileHashEntityProperties', - 'FusionAlertRule', - 'FusionAlertRuleTemplate', - 'GeoLocation', - 'GroupingConfiguration', - 'HostEntity', - 'HostEntityProperties', - 'HuntingBookmark', - 'HuntingBookmarkProperties', - 'Incident', - 'IncidentAdditionalData', - 'IncidentAlertList', - 'IncidentBookmarkList', - 'IncidentComment', - 'IncidentCommentList', - 'IncidentConfiguration', - 'IncidentEntitiesResponse', - 'IncidentEntitiesResultsMetadata', - 'IncidentInfo', - 'IncidentLabel', - 'IncidentList', - 'IncidentOwnerInfo', - 'IncidentOwnerInfoAutoGenerated', - 'IncidentPropertiesAction', - 'IoTDeviceEntity', - 'IoTDeviceEntityProperties', - 'IpEntity', - 'IpEntityProperties', - 'MCASDataConnector', - 'MCASDataConnectorDataTypes', - 'MDATPDataConnector', - 'MailClusterEntity', - 'MailClusterEntityProperties', - 'MailMessageEntity', - 'MailMessageEntityProperties', - 'MailboxEntity', - 'MailboxEntityProperties', - 'MalwareEntity', - 'MalwareEntityProperties', - 'MicrosoftSecurityIncidentCreationAlertRule', - 'MicrosoftSecurityIncidentCreationAlertRuleCommonProperties', - 'MicrosoftSecurityIncidentCreationAlertRuleProperties', - 'MicrosoftSecurityIncidentCreationAlertRuleTemplate', - 'OfficeDataConnector', - 'OfficeDataConnectorDataTypes', - 'OfficeDataConnectorDataTypesExchange', - 'OfficeDataConnectorDataTypesSharePoint', - 'OfficeDataConnectorDataTypesTeams', - 'Operation', - 'OperationDisplay', - 'OperationsList', - 'PlaybookActionProperties', - 'ProcessEntity', - 'ProcessEntityProperties', - 'PropertyConditionProperties', - 'RegistryKeyEntity', - 'RegistryKeyEntityProperties', - 'RegistryValueEntity', - 'RegistryValueEntityProperties', - 'Relation', - 'RelationList', - 'Resource', - 'ResourceWithEtag', - 'ScheduledAlertRule', - 'ScheduledAlertRuleCommonProperties', - 'ScheduledAlertRuleProperties', - 'ScheduledAlertRuleTemplate', - 'SecurityAlert', - 'SecurityAlertProperties', - 'SecurityAlertPropertiesConfidenceReasonsItem', - 'SecurityGroupEntity', - 'SecurityGroupEntityProperties', - 'SentinelOnboardingState', - 'SentinelOnboardingStatesList', - 'SubmissionMailEntity', - 'SubmissionMailEntityProperties', - 'SystemData', - 'TIDataConnector', - 'TIDataConnectorDataTypes', - 'TIDataConnectorDataTypesIndicators', - 'ThreatIntelligence', - 'ThreatIntelligenceAppendTags', - 'ThreatIntelligenceExternalReference', - 'ThreatIntelligenceFilteringCriteria', - 'ThreatIntelligenceGranularMarkingModel', - 'ThreatIntelligenceIndicatorModel', - 'ThreatIntelligenceIndicatorProperties', - 'ThreatIntelligenceInformation', - 'ThreatIntelligenceInformationList', - 'ThreatIntelligenceKillChainPhase', - 'ThreatIntelligenceMetric', - 'ThreatIntelligenceMetricEntity', - 'ThreatIntelligenceMetrics', - 'ThreatIntelligenceMetricsList', - 'ThreatIntelligenceParsedPattern', - 'ThreatIntelligenceParsedPatternTypeValue', - 'ThreatIntelligenceSortingCriteria', - 'UrlEntity', - 'UrlEntityProperties', - 'UserInfo', - 'Watchlist', - 'WatchlistItem', - 'WatchlistItemList', - 'WatchlistList', - 'ActionType', - 'AlertDetail', - 'AlertRuleKind', - 'AlertSeverity', - 'AlertStatus', - 'AntispamMailDirection', - 'AttackTactic', - 'AutomationRulePropertyConditionSupportedOperator', - 'AutomationRulePropertyConditionSupportedProperty', - 'ConditionType', - 'ConfidenceLevel', - 'ConfidenceScoreStatus', - 'CreatedByType', - 'DataConnectorKind', - 'DataTypeState', - 'DeliveryAction', - 'DeliveryLocation', - 'ElevationToken', - 'EntityKindEnum', - 'EntityMappingType', - 'EventGroupingAggregationKind', - 'FileHashAlgorithm', - 'IncidentClassification', - 'IncidentClassificationReason', - 'IncidentLabelType', - 'IncidentSeverity', - 'IncidentStatus', - 'KillChainIntent', - 'MatchingMethod', - 'MicrosoftSecurityProductName', - 'OSFamily', - 'OwnerType', - 'RegistryHive', - 'RegistryValueKind', - 'Source', - 'TemplateStatus', - 'ThreatIntelligenceResourceInnerKind', - 'ThreatIntelligenceSortingOrder', - 'TriggerOperator', - 'TriggersOn', - 'TriggersWhen', + "AADCheckRequirements", + "AADCheckRequirementsProperties", + "AADDataConnector", + "AADDataConnectorProperties", + "AATPCheckRequirements", + "AATPCheckRequirementsProperties", + "AATPDataConnector", + "AATPDataConnectorProperties", + "ASCCheckRequirements", + "ASCDataConnector", + "ASCDataConnectorProperties", + "AccountEntity", + "AccountEntityProperties", + "ActionPropertiesBase", + "ActionRequest", + "ActionRequestProperties", + "ActionResponse", + "ActionResponseProperties", + "ActionsList", + "ActivityCustomEntityQuery", + "ActivityEntityQueriesPropertiesQueryDefinitions", + "ActivityEntityQuery", + "ActivityEntityQueryTemplate", + "ActivityEntityQueryTemplatePropertiesQueryDefinitions", + "ActivityTimelineItem", + "AlertDetailsOverride", + "AlertRule", + "AlertRuleTemplate", + "AlertRuleTemplateDataSource", + "AlertRuleTemplatePropertiesBase", + "AlertRuleTemplateWithMitreProperties", + "AlertRuleTemplatesList", + "AlertRulesList", + "AlertsDataTypeOfDataConnector", + "Anomalies", + "AnomalySecurityMLAnalyticsSettings", + "AnomalyTimelineItem", + "AutomationRule", + "AutomationRuleAction", + "AutomationRuleBooleanCondition", + "AutomationRuleCondition", + "AutomationRuleModifyPropertiesAction", + "AutomationRulePropertyArrayChangedValuesCondition", + "AutomationRulePropertyArrayValuesCondition", + "AutomationRulePropertyValuesChangedCondition", + "AutomationRulePropertyValuesCondition", + "AutomationRuleRunPlaybookAction", + "AutomationRuleTriggeringLogic", + "AutomationRulesList", + "Availability", + "AwsCloudTrailCheckRequirements", + "AwsCloudTrailDataConnector", + "AwsCloudTrailDataConnectorDataTypes", + "AwsCloudTrailDataConnectorDataTypesLogs", + "AwsS3CheckRequirements", + "AwsS3DataConnector", + "AwsS3DataConnectorDataTypes", + "AwsS3DataConnectorDataTypesLogs", + "AzureDevOpsResourceInfo", + "AzureResourceEntity", + "AzureResourceEntityProperties", + "Bookmark", + "BookmarkEntityMappings", + "BookmarkExpandParameters", + "BookmarkExpandResponse", + "BookmarkExpandResponseValue", + "BookmarkList", + "BookmarkTimelineItem", + "BooleanConditionProperties", + "ClientInfo", + "CloudApplicationEntity", + "CloudApplicationEntityProperties", + "CloudErrorBody", + "CodelessApiPollingDataConnector", + "CodelessConnectorPollingAuthProperties", + "CodelessConnectorPollingConfigProperties", + "CodelessConnectorPollingPagingProperties", + "CodelessConnectorPollingRequestProperties", + "CodelessConnectorPollingResponseProperties", + "CodelessUiConnectorConfigProperties", + "CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem", + "CodelessUiConnectorConfigPropertiesDataTypesItem", + "CodelessUiConnectorConfigPropertiesGraphQueriesItem", + "CodelessUiConnectorConfigPropertiesInstructionStepsItem", + "CodelessUiConnectorConfigPropertiesSampleQueriesItem", + "CodelessUiDataConnector", + "ConnectedEntity", + "ConnectivityCriteria", + "ConnectorInstructionModelBase", + "ContentPathMap", + "CustomEntityQuery", + "Customs", + "CustomsPermission", + "DataConnector", + "DataConnectorConnectBody", + "DataConnectorDataTypeCommon", + "DataConnectorList", + "DataConnectorRequirementsState", + "DataConnectorTenantId", + "DataConnectorWithAlertsProperties", + "DataConnectorsCheckRequirements", + "DataTypeDefinitions", + "Deployment", + "DeploymentInfo", + "DnsEntity", + "DnsEntityProperties", + "Dynamics365CheckRequirements", + "Dynamics365CheckRequirementsProperties", + "Dynamics365DataConnector", + "Dynamics365DataConnectorDataTypes", + "Dynamics365DataConnectorDataTypesDynamics365CdsActivities", + "Dynamics365DataConnectorProperties", + "EnrichmentDomainWhois", + "EnrichmentDomainWhoisContact", + "EnrichmentDomainWhoisContacts", + "EnrichmentDomainWhoisDetails", + "EnrichmentDomainWhoisRegistrarDetails", + "EnrichmentIpGeodata", + "Entity", + "EntityAnalytics", + "EntityCommonProperties", + "EntityEdges", + "EntityExpandParameters", + "EntityExpandResponse", + "EntityExpandResponseValue", + "EntityFieldMapping", + "EntityGetInsightsParameters", + "EntityGetInsightsResponse", + "EntityInsightItem", + "EntityInsightItemQueryTimeInterval", + "EntityList", + "EntityMapping", + "EntityQuery", + "EntityQueryItem", + "EntityQueryItemProperties", + "EntityQueryItemPropertiesDataTypesItem", + "EntityQueryList", + "EntityQueryTemplate", + "EntityQueryTemplateList", + "EntityTimelineItem", + "EntityTimelineParameters", + "EntityTimelineResponse", + "EventGroupingSettings", + "ExpansionEntityQuery", + "ExpansionResultAggregation", + "ExpansionResultsMetadata", + "EyesOn", + "FieldMapping", + "FileEntity", + "FileEntityProperties", + "FileHashEntity", + "FileHashEntityProperties", + "FileImport", + "FileImportList", + "FileMetadata", + "FusionAlertRule", + "FusionAlertRuleTemplate", + "FusionScenarioExclusionPattern", + "FusionSourceSettings", + "FusionSourceSubTypeSetting", + "FusionSubTypeSeverityFilter", + "FusionSubTypeSeverityFiltersItem", + "FusionTemplateSourceSetting", + "FusionTemplateSourceSubType", + "FusionTemplateSubTypeSeverityFilter", + "GeoLocation", + "GetInsightsErrorKind", + "GetInsightsResultsMetadata", + "GetQueriesResponse", + "GitHubResourceInfo", + "GraphQueries", + "GroupingConfiguration", + "HostEntity", + "HostEntityProperties", + "HuntingBookmark", + "HuntingBookmarkProperties", + "Incident", + "IncidentAdditionalData", + "IncidentAlertList", + "IncidentBookmarkList", + "IncidentComment", + "IncidentCommentList", + "IncidentConfiguration", + "IncidentEntitiesResponse", + "IncidentEntitiesResultsMetadata", + "IncidentInfo", + "IncidentLabel", + "IncidentList", + "IncidentOwnerInfo", + "IncidentPropertiesAction", + "InsightQueryItem", + "InsightQueryItemProperties", + "InsightQueryItemPropertiesAdditionalQuery", + "InsightQueryItemPropertiesDefaultTimeRange", + "InsightQueryItemPropertiesReferenceTimeRange", + "InsightQueryItemPropertiesTableQuery", + "InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem", + "InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem", + "InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem", + "InsightsTableResult", + "InsightsTableResultColumnsItem", + "InstructionSteps", + "InstructionStepsInstructionsItem", + "IoTCheckRequirements", + "IoTDataConnector", + "IoTDataConnectorProperties", + "IoTDeviceEntity", + "IoTDeviceEntityProperties", + "IpEntity", + "IpEntityProperties", + "LastDataReceivedDataType", + "MCASCheckRequirements", + "MCASCheckRequirementsProperties", + "MCASDataConnector", + "MCASDataConnectorDataTypes", + "MCASDataConnectorProperties", + "MDATPCheckRequirements", + "MDATPCheckRequirementsProperties", + "MDATPDataConnector", + "MDATPDataConnectorProperties", + "MLBehaviorAnalyticsAlertRule", + "MLBehaviorAnalyticsAlertRuleTemplate", + "MLBehaviorAnalyticsAlertRuleTemplateProperties", + "MSTICheckRequirements", + "MSTICheckRequirementsProperties", + "MSTIDataConnector", + "MSTIDataConnectorDataTypes", + "MSTIDataConnectorDataTypesBingSafetyPhishingURL", + "MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed", + "MSTIDataConnectorProperties", + "MTPCheckRequirementsProperties", + "MTPDataConnector", + "MTPDataConnectorDataTypes", + "MTPDataConnectorDataTypesIncidents", + "MTPDataConnectorProperties", + "MailClusterEntity", + "MailClusterEntityProperties", + "MailMessageEntity", + "MailMessageEntityProperties", + "MailboxEntity", + "MailboxEntityProperties", + "MalwareEntity", + "MalwareEntityProperties", + "ManualTriggerRequestBody", + "MetadataAuthor", + "MetadataCategories", + "MetadataDependencies", + "MetadataList", + "MetadataModel", + "MetadataPatch", + "MetadataSource", + "MetadataSupport", + "MicrosoftSecurityIncidentCreationAlertRule", + "MicrosoftSecurityIncidentCreationAlertRuleCommonProperties", + "MicrosoftSecurityIncidentCreationAlertRuleProperties", + "MicrosoftSecurityIncidentCreationAlertRuleTemplate", + "MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties", + "MtpCheckRequirements", + "NicEntity", + "NicEntityProperties", + "NrtAlertRule", + "NrtAlertRuleTemplate", + "NrtAlertRuleTemplateProperties", + "Office365ProjectCheckRequirements", + "Office365ProjectCheckRequirementsProperties", + "Office365ProjectConnectorDataTypes", + "Office365ProjectConnectorDataTypesLogs", + "Office365ProjectDataConnector", + "Office365ProjectDataConnectorProperties", + "OfficeATPCheckRequirements", + "OfficeATPCheckRequirementsProperties", + "OfficeATPDataConnector", + "OfficeATPDataConnectorProperties", + "OfficeConsent", + "OfficeConsentList", + "OfficeDataConnector", + "OfficeDataConnectorDataTypes", + "OfficeDataConnectorDataTypesExchange", + "OfficeDataConnectorDataTypesSharePoint", + "OfficeDataConnectorDataTypesTeams", + "OfficeDataConnectorProperties", + "OfficeIRMCheckRequirements", + "OfficeIRMCheckRequirementsProperties", + "OfficeIRMDataConnector", + "OfficeIRMDataConnectorProperties", + "OfficePowerBICheckRequirements", + "OfficePowerBICheckRequirementsProperties", + "OfficePowerBIConnectorDataTypes", + "OfficePowerBIConnectorDataTypesLogs", + "OfficePowerBIDataConnector", + "OfficePowerBIDataConnectorProperties", + "Operation", + "OperationDisplay", + "OperationsList", + "Permissions", + "PermissionsCustomsItem", + "PermissionsResourceProviderItem", + "PlaybookActionProperties", + "ProcessEntity", + "ProcessEntityProperties", + "PropertyArrayChangedConditionProperties", + "PropertyArrayConditionProperties", + "PropertyChangedConditionProperties", + "PropertyConditionProperties", + "QueryBasedAlertRuleTemplateProperties", + "RegistryKeyEntity", + "RegistryKeyEntityProperties", + "RegistryValueEntity", + "RegistryValueEntityProperties", + "Relation", + "RelationList", + "Repo", + "RepoList", + "Repository", + "RepositoryResourceInfo", + "RequiredPermissions", + "Resource", + "ResourceProvider", + "ResourceWithEtag", + "SampleQueries", + "ScheduledAlertRule", + "ScheduledAlertRuleCommonProperties", + "ScheduledAlertRuleProperties", + "ScheduledAlertRuleTemplate", + "SecurityAlert", + "SecurityAlertProperties", + "SecurityAlertPropertiesConfidenceReasonsItem", + "SecurityAlertTimelineItem", + "SecurityGroupEntity", + "SecurityGroupEntityProperties", + "SecurityMLAnalyticsSetting", + "SecurityMLAnalyticsSettingsDataSource", + "SecurityMLAnalyticsSettingsList", + "SentinelOnboardingState", + "SentinelOnboardingStatesList", + "SettingList", + "Settings", + "SourceControl", + "SourceControlList", + "SubmissionMailEntity", + "SubmissionMailEntityProperties", + "SystemData", + "TICheckRequirements", + "TICheckRequirementsProperties", + "TIDataConnector", + "TIDataConnectorDataTypes", + "TIDataConnectorDataTypesIndicators", + "TIDataConnectorProperties", + "TeamInformation", + "TeamProperties", + "ThreatIntelligence", + "ThreatIntelligenceAlertRule", + "ThreatIntelligenceAlertRuleTemplate", + "ThreatIntelligenceAlertRuleTemplateProperties", + "ThreatIntelligenceAppendTags", + "ThreatIntelligenceExternalReference", + "ThreatIntelligenceFilteringCriteria", + "ThreatIntelligenceGranularMarkingModel", + "ThreatIntelligenceIndicatorModel", + "ThreatIntelligenceIndicatorProperties", + "ThreatIntelligenceInformation", + "ThreatIntelligenceInformationList", + "ThreatIntelligenceKillChainPhase", + "ThreatIntelligenceMetric", + "ThreatIntelligenceMetricEntity", + "ThreatIntelligenceMetrics", + "ThreatIntelligenceMetricsList", + "ThreatIntelligenceParsedPattern", + "ThreatIntelligenceParsedPatternTypeValue", + "ThreatIntelligenceSortingCriteria", + "TiTaxiiCheckRequirements", + "TiTaxiiCheckRequirementsProperties", + "TiTaxiiDataConnector", + "TiTaxiiDataConnectorDataTypes", + "TiTaxiiDataConnectorDataTypesTaxiiClient", + "TiTaxiiDataConnectorProperties", + "TimelineAggregation", + "TimelineError", + "TimelineResultsMetadata", + "Ueba", + "UrlEntity", + "UrlEntityProperties", + "UserInfo", + "ValidationError", + "Watchlist", + "WatchlistItem", + "WatchlistItemList", + "WatchlistList", + "Webhook", + "ActionType", + "AlertDetail", + "AlertRuleKind", + "AlertSeverity", + "AlertStatus", + "AntispamMailDirection", + "AttackTactic", + "AutomationRuleBooleanConditionSupportedOperator", + "AutomationRulePropertyArrayChangedConditionSupportedArrayType", + "AutomationRulePropertyArrayChangedConditionSupportedChangeType", + "AutomationRulePropertyArrayConditionSupportedArrayConditionType", + "AutomationRulePropertyArrayConditionSupportedArrayType", + "AutomationRulePropertyChangedConditionSupportedChangedType", + "AutomationRulePropertyChangedConditionSupportedPropertyType", + "AutomationRulePropertyConditionSupportedOperator", + "AutomationRulePropertyConditionSupportedProperty", + "ConditionType", + "ConfidenceLevel", + "ConfidenceScoreStatus", + "ConnectAuthKind", + "ConnectivityType", + "ContentType", + "CreatedByType", + "CustomEntityQueryKind", + "DataConnectorAuthorizationState", + "DataConnectorKind", + "DataConnectorLicenseState", + "DataTypeState", + "DeleteStatus", + "DeliveryAction", + "DeliveryLocation", + "DeploymentFetchStatus", + "DeploymentResult", + "DeploymentState", + "DeviceImportance", + "ElevationToken", + "EntityItemQueryKind", + "EntityKind", + "EntityMappingType", + "EntityProviders", + "EntityQueryKind", + "EntityQueryTemplateKind", + "EntityTimelineKind", + "EntityType", + "Enum13", + "Enum15", + "EventGroupingAggregationKind", + "FileFormat", + "FileHashAlgorithm", + "FileImportContentType", + "FileImportState", + "GetInsightsError", + "IncidentClassification", + "IncidentClassificationReason", + "IncidentLabelType", + "IncidentSeverity", + "IncidentStatus", + "IngestionMode", + "KillChainIntent", + "Kind", + "MatchingMethod", + "MicrosoftSecurityProductName", + "OSFamily", + "Operator", + "OutputType", + "OwnerType", + "PermissionProviderScope", + "PollingFrequency", + "ProviderName", + "RegistryHive", + "RegistryValueKind", + "RepoType", + "SecurityMLAnalyticsSettingsKind", + "SettingKind", + "SettingType", + "SettingsStatus", + "SourceKind", + "SourceType", + "SupportTier", + "TemplateStatus", + "ThreatIntelligenceResourceKindEnum", + "ThreatIntelligenceSortingCriteriaEnum", + "TriggerOperator", + "TriggersOn", + "TriggersWhen", + "UebaDataSources", + "Version", ] __all__.extend([p for p in _patch_all if p not in __all__]) -_patch_sdk() \ No newline at end of file +_patch_sdk() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_models_py3.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_models_py3.py index 5a6d645cea28..42608a38422a 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_models_py3.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_models_py3.py @@ -1,4 +1,5 @@ # coding=utf-8 +# pylint: disable=too-many-lines # -------------------------------------------------------------------------- # Copyright (c) Microsoft Corporation. All rights reserved. # Licensed under the MIT License. See License.txt in the project root for license information. @@ -7,16 +8,168 @@ # -------------------------------------------------------------------------- import datetime +import sys from typing import Any, Dict, List, Optional, TYPE_CHECKING, Union -import msrest.serialization +from .. import _serialization if TYPE_CHECKING: # pylint: disable=unused-import,ungrouped-imports - import __init__ as _models + from .. import models as _models +if sys.version_info >= (3, 9): + from collections.abc import MutableMapping +else: + from typing import MutableMapping # type: ignore # pylint: disable=ungrouped-imports +JSON = MutableMapping[str, Any] # pylint: disable=unsubscriptable-object -class Resource(msrest.serialization.Model): +class DataConnectorsCheckRequirements(_serialization.Model): + """Data connector requirements properties. + + You probably want to use the sub-classes and not this class directly. Known sub-classes are: + AwsCloudTrailCheckRequirements, AwsS3CheckRequirements, AADCheckRequirements, + AATPCheckRequirements, ASCCheckRequirements, Dynamics365CheckRequirements, + IoTCheckRequirements, MCASCheckRequirements, MDATPCheckRequirements, MSTICheckRequirements, + MtpCheckRequirements, Office365ProjectCheckRequirements, OfficeATPCheckRequirements, + OfficeIRMCheckRequirements, OfficePowerBICheckRequirements, TICheckRequirements, + TiTaxiiCheckRequirements + + All required parameters must be populated in order to send to Azure. + + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + """ + + _validation = { + "kind": {"required": True}, + } + + _attribute_map = { + "kind": {"key": "kind", "type": "str"}, + } + + _subtype_map = { + "kind": { + "AmazonWebServicesCloudTrail": "AwsCloudTrailCheckRequirements", + "AmazonWebServicesS3": "AwsS3CheckRequirements", + "AzureActiveDirectory": "AADCheckRequirements", + "AzureAdvancedThreatProtection": "AATPCheckRequirements", + "AzureSecurityCenter": "ASCCheckRequirements", + "Dynamics365": "Dynamics365CheckRequirements", + "IOT": "IoTCheckRequirements", + "MicrosoftCloudAppSecurity": "MCASCheckRequirements", + "MicrosoftDefenderAdvancedThreatProtection": "MDATPCheckRequirements", + "MicrosoftThreatIntelligence": "MSTICheckRequirements", + "MicrosoftThreatProtection": "MtpCheckRequirements", + "Office365Project": "Office365ProjectCheckRequirements", + "OfficeATP": "OfficeATPCheckRequirements", + "OfficeIRM": "OfficeIRMCheckRequirements", + "OfficePowerBI": "OfficePowerBICheckRequirements", + "ThreatIntelligence": "TICheckRequirements", + "ThreatIntelligenceTaxii": "TiTaxiiCheckRequirements", + } + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.kind = None # type: Optional[str] + + +class AADCheckRequirements(DataConnectorsCheckRequirements): + """Represents AAD (Azure Active Directory) requirements check request. + + All required parameters must be populated in order to send to Azure. + + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + """ + + _validation = { + "kind": {"required": True}, + } + + _attribute_map = { + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + """ + super().__init__(**kwargs) + self.kind = "AzureActiveDirectory" # type: str + self.tenant_id = tenant_id + + +class DataConnectorTenantId(_serialization.Model): + """Properties data connector on tenant level. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + """ + + _validation = { + "tenant_id": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: str, **kwargs): + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + """ + super().__init__(**kwargs) + self.tenant_id = tenant_id + + +class AADCheckRequirementsProperties(DataConnectorTenantId): + """AAD (Azure Active Directory) requirements check properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + """ + + _validation = { + "tenant_id": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: str, **kwargs): + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + """ + super().__init__(tenant_id=tenant_id, **kwargs) + + +class Resource(_serialization.Model): """Common fields that are returned in the response for all Azure Resource Manager resources. Variables are only populated by the server, and will be ignored when sending a request. @@ -35,26 +188,22 @@ class Resource(msrest.serialization.Model): """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, } - def __init__( - self, - **kwargs - ): - """ - """ - super(Resource, self).__init__(**kwargs) + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) self.id = None self.name = None self.type = None @@ -82,39 +231,39 @@ class ResourceWithEtag(Resource): """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'etag': {'key': 'etag', 'type': 'str'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, } - def __init__( - self, - *, - etag: Optional[str] = None, - **kwargs - ): + def __init__(self, *, etag: Optional[str] = None, **kwargs): """ :keyword etag: Etag of the azure resource. :paramtype etag: str """ - super(ResourceWithEtag, self).__init__(**kwargs) + super().__init__(**kwargs) self.etag = etag class DataConnector(ResourceWithEtag): """Data connector. - You probably want to use the sub-classes and not this class directly. Known - sub-classes are: AwsCloudTrailDataConnector, AADDataConnector, AATPDataConnector, ASCDataConnector, MCASDataConnector, MDATPDataConnector, OfficeDataConnector, TIDataConnector. + You probably want to use the sub-classes and not this class directly. Known sub-classes are: + CodelessApiPollingDataConnector, AwsCloudTrailDataConnector, AwsS3DataConnector, + AADDataConnector, AATPDataConnector, ASCDataConnector, Dynamics365DataConnector, + CodelessUiDataConnector, IoTDataConnector, MCASDataConnector, MDATPDataConnector, + MSTIDataConnector, MTPDataConnector, OfficeDataConnector, Office365ProjectDataConnector, + OfficeATPDataConnector, OfficeIRMDataConnector, OfficePowerBIDataConnector, TIDataConnector, + TiTaxiiDataConnector Variables are only populated by the server, and will be ignored when sending a request. @@ -133,46 +282,65 @@ class DataConnector(ResourceWithEtag): :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar kind: Required. The data connector kind.Constant filled by server. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "Office365", "AmazonWebServicesCloudTrail", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection". + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'etag': {'key': 'etag', 'type': 'str'}, - 'kind': {'key': 'kind', 'type': 'str'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, } _subtype_map = { - 'kind': {'AmazonWebServicesCloudTrail': 'AwsCloudTrailDataConnector', 'AzureActiveDirectory': 'AADDataConnector', 'AzureAdvancedThreatProtection': 'AATPDataConnector', 'AzureSecurityCenter': 'ASCDataConnector', 'MicrosoftCloudAppSecurity': 'MCASDataConnector', 'MicrosoftDefenderAdvancedThreatProtection': 'MDATPDataConnector', 'Office365': 'OfficeDataConnector', 'ThreatIntelligence': 'TIDataConnector'} - } - - def __init__( - self, - *, - etag: Optional[str] = None, - **kwargs - ): + "kind": { + "APIPolling": "CodelessApiPollingDataConnector", + "AmazonWebServicesCloudTrail": "AwsCloudTrailDataConnector", + "AmazonWebServicesS3": "AwsS3DataConnector", + "AzureActiveDirectory": "AADDataConnector", + "AzureAdvancedThreatProtection": "AATPDataConnector", + "AzureSecurityCenter": "ASCDataConnector", + "Dynamics365": "Dynamics365DataConnector", + "GenericUI": "CodelessUiDataConnector", + "IOT": "IoTDataConnector", + "MicrosoftCloudAppSecurity": "MCASDataConnector", + "MicrosoftDefenderAdvancedThreatProtection": "MDATPDataConnector", + "MicrosoftThreatIntelligence": "MSTIDataConnector", + "MicrosoftThreatProtection": "MTPDataConnector", + "Office365": "OfficeDataConnector", + "Office365Project": "Office365ProjectDataConnector", + "OfficeATP": "OfficeATPDataConnector", + "OfficeIRM": "OfficeIRMDataConnector", + "OfficePowerBI": "OfficePowerBIDataConnector", + "ThreatIntelligence": "TIDataConnector", + "ThreatIntelligenceTaxii": "TiTaxiiDataConnector", + } + } + + def __init__(self, *, etag: Optional[str] = None, **kwargs): """ :keyword etag: Etag of the azure resource. :paramtype etag: str """ - super(DataConnector, self).__init__(etag=etag, **kwargs) - self.kind = 'DataConnector' # type: str + super().__init__(etag=etag, **kwargs) + self.kind = None # type: Optional[str] class AADDataConnector(DataConnector): @@ -195,10 +363,13 @@ class AADDataConnector(DataConnector): :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar kind: Required. The data connector kind.Constant filled by server. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "Office365", "AmazonWebServicesCloudTrail", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection". + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar tenant_id: The tenant id to connect to, and get the data from. :vartype tenant_id: str @@ -207,22 +378,22 @@ class AADDataConnector(DataConnector): """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'etag': {'key': 'etag', 'type': 'str'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, - 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "AlertsDataTypeOfDataConnector"}, } def __init__( @@ -241,12 +412,127 @@ def __init__( :keyword data_types: The available data types for the connector. :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector """ - super(AADDataConnector, self).__init__(etag=etag, **kwargs) - self.kind = 'AzureActiveDirectory' # type: str + super().__init__(etag=etag, **kwargs) + self.kind = "AzureActiveDirectory" # type: str self.tenant_id = tenant_id self.data_types = data_types +class DataConnectorWithAlertsProperties(_serialization.Model): + """Data connector properties. + + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + + _attribute_map = { + "data_types": {"key": "dataTypes", "type": "AlertsDataTypeOfDataConnector"}, + } + + def __init__(self, *, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs): + """ + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + super().__init__(**kwargs) + self.data_types = data_types + + +class AADDataConnectorProperties(DataConnectorTenantId, DataConnectorWithAlertsProperties): + """AAD (Azure Active Directory) data connector properties. + + All required parameters must be populated in order to send to Azure. + + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + """ + + _validation = { + "tenant_id": {"required": True}, + } + + _attribute_map = { + "data_types": {"key": "dataTypes", "type": "AlertsDataTypeOfDataConnector"}, + "tenant_id": {"key": "tenantId", "type": "str"}, + } + + def __init__( + self, *, tenant_id: str, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs + ): + """ + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + """ + super().__init__(tenant_id=tenant_id, data_types=data_types, **kwargs) + self.data_types = data_types + self.tenant_id = tenant_id + + +class AATPCheckRequirements(DataConnectorsCheckRequirements): + """Represents AATP (Azure Advanced Threat Protection) requirements check request. + + All required parameters must be populated in order to send to Azure. + + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + """ + + _validation = { + "kind": {"required": True}, + } + + _attribute_map = { + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + """ + super().__init__(**kwargs) + self.kind = "AzureAdvancedThreatProtection" # type: str + self.tenant_id = tenant_id + + +class AATPCheckRequirementsProperties(DataConnectorTenantId): + """AATP (Azure Advanced Threat Protection) requirements check properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + """ + + _validation = { + "tenant_id": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: str, **kwargs): + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + """ + super().__init__(tenant_id=tenant_id, **kwargs) + + class AATPDataConnector(DataConnector): """Represents AATP (Azure Advanced Threat Protection) data connector. @@ -267,10 +553,13 @@ class AATPDataConnector(DataConnector): :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar kind: Required. The data connector kind.Constant filled by server. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "Office365", "AmazonWebServicesCloudTrail", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection". + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar tenant_id: The tenant id to connect to, and get the data from. :vartype tenant_id: str @@ -279,22 +568,22 @@ class AATPDataConnector(DataConnector): """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'etag': {'key': 'etag', 'type': 'str'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, - 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "AlertsDataTypeOfDataConnector"}, } def __init__( @@ -313,17 +602,54 @@ def __init__( :keyword data_types: The available data types for the connector. :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector """ - super(AATPDataConnector, self).__init__(etag=etag, **kwargs) - self.kind = 'AzureAdvancedThreatProtection' # type: str + super().__init__(etag=etag, **kwargs) + self.kind = "AzureAdvancedThreatProtection" # type: str self.tenant_id = tenant_id self.data_types = data_types +class AATPDataConnectorProperties(DataConnectorTenantId, DataConnectorWithAlertsProperties): + """AATP (Azure Advanced Threat Protection) data connector properties. + + All required parameters must be populated in order to send to Azure. + + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + """ + + _validation = { + "tenant_id": {"required": True}, + } + + _attribute_map = { + "data_types": {"key": "dataTypes", "type": "AlertsDataTypeOfDataConnector"}, + "tenant_id": {"key": "tenantId", "type": "str"}, + } + + def __init__( + self, *, tenant_id: str, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs + ): + """ + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + """ + super().__init__(tenant_id=tenant_id, data_types=data_types, **kwargs) + self.data_types = data_types + self.tenant_id = tenant_id + + class Entity(Resource): """Specific entity. - You probably want to use the sub-classes and not this class directly. Known - sub-classes are: AccountEntity, AzureResourceEntity, HuntingBookmark, CloudApplicationEntity, DnsEntity, FileEntity, FileHashEntity, HostEntity, IoTDeviceEntity, IpEntity, MailClusterEntity, MailMessageEntity, MailboxEntity, MalwareEntity, ProcessEntity, RegistryKeyEntity, RegistryValueEntity, SecurityAlert, SecurityGroupEntity, SubmissionMailEntity, UrlEntity. + You probably want to use the sub-classes and not this class directly. Known sub-classes are: + AccountEntity, AzureResourceEntity, HuntingBookmark, CloudApplicationEntity, DnsEntity, + FileEntity, FileHashEntity, HostEntity, IoTDeviceEntity, IpEntity, MailClusterEntity, + MailMessageEntity, MailboxEntity, MalwareEntity, NicEntity, ProcessEntity, RegistryKeyEntity, + RegistryValueEntity, SecurityAlert, SecurityGroupEntity, SubmissionMailEntity, UrlEntity Variables are only populated by the server, and will be ignored when sending a request. @@ -340,45 +666,63 @@ class Entity(Resource): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: Required. The kind of the entity.Constant filled by server. Known values are: - "Account", "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", - "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", - "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", - "SubmissionMail". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'kind': {'key': 'kind', 'type': 'str'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, } _subtype_map = { - 'kind': {'Account': 'AccountEntity', 'AzureResource': 'AzureResourceEntity', 'Bookmark': 'HuntingBookmark', 'CloudApplication': 'CloudApplicationEntity', 'DnsResolution': 'DnsEntity', 'File': 'FileEntity', 'FileHash': 'FileHashEntity', 'Host': 'HostEntity', 'IoTDevice': 'IoTDeviceEntity', 'Ip': 'IpEntity', 'MailCluster': 'MailClusterEntity', 'MailMessage': 'MailMessageEntity', 'Mailbox': 'MailboxEntity', 'Malware': 'MalwareEntity', 'Process': 'ProcessEntity', 'RegistryKey': 'RegistryKeyEntity', 'RegistryValue': 'RegistryValueEntity', 'SecurityAlert': 'SecurityAlert', 'SecurityGroup': 'SecurityGroupEntity', 'SubmissionMail': 'SubmissionMailEntity', 'Url': 'UrlEntity'} - } - - def __init__( - self, - **kwargs - ): - """ - """ - super(Entity, self).__init__(**kwargs) - self.kind = 'Entity' # type: str - - -class AccountEntity(Entity): + "kind": { + "Account": "AccountEntity", + "AzureResource": "AzureResourceEntity", + "Bookmark": "HuntingBookmark", + "CloudApplication": "CloudApplicationEntity", + "DnsResolution": "DnsEntity", + "File": "FileEntity", + "FileHash": "FileHashEntity", + "Host": "HostEntity", + "IoTDevice": "IoTDeviceEntity", + "Ip": "IpEntity", + "MailCluster": "MailClusterEntity", + "MailMessage": "MailMessageEntity", + "Mailbox": "MailboxEntity", + "Malware": "MalwareEntity", + "Nic": "NicEntity", + "Process": "ProcessEntity", + "RegistryKey": "RegistryKeyEntity", + "RegistryValue": "RegistryValueEntity", + "SecurityAlert": "SecurityAlert", + "SecurityGroup": "SecurityGroupEntity", + "SubmissionMail": "SubmissionMailEntity", + "Url": "UrlEntity", + } + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.kind = None # type: Optional[str] + + +class AccountEntity(Entity): # pylint: disable=too-many-instance-attributes """Represents an account entity. Variables are only populated by the server, and will be ignored when sending a request. @@ -396,15 +740,14 @@ class AccountEntity(Entity): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: Required. The kind of the entity.Constant filled by server. Known values are: - "Account", "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", - "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", - "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", - "SubmissionMail". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str @@ -440,57 +783,53 @@ class AccountEntity(Entity): """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'aad_tenant_id': {'readonly': True}, - 'aad_user_id': {'readonly': True}, - 'account_name': {'readonly': True}, - 'display_name': {'readonly': True}, - 'host_entity_id': {'readonly': True}, - 'is_domain_joined': {'readonly': True}, - 'nt_domain': {'readonly': True}, - 'object_guid': {'readonly': True}, - 'puid': {'readonly': True}, - 'sid': {'readonly': True}, - 'upn_suffix': {'readonly': True}, - 'dns_domain': {'readonly': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "aad_tenant_id": {"readonly": True}, + "aad_user_id": {"readonly": True}, + "account_name": {"readonly": True}, + "display_name": {"readonly": True}, + "host_entity_id": {"readonly": True}, + "is_domain_joined": {"readonly": True}, + "nt_domain": {"readonly": True}, + "object_guid": {"readonly": True}, + "puid": {"readonly": True}, + "sid": {"readonly": True}, + "upn_suffix": {"readonly": True}, + "dns_domain": {"readonly": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, - 'aad_tenant_id': {'key': 'properties.aadTenantId', 'type': 'str'}, - 'aad_user_id': {'key': 'properties.aadUserId', 'type': 'str'}, - 'account_name': {'key': 'properties.accountName', 'type': 'str'}, - 'display_name': {'key': 'properties.displayName', 'type': 'str'}, - 'host_entity_id': {'key': 'properties.hostEntityId', 'type': 'str'}, - 'is_domain_joined': {'key': 'properties.isDomainJoined', 'type': 'bool'}, - 'nt_domain': {'key': 'properties.ntDomain', 'type': 'str'}, - 'object_guid': {'key': 'properties.objectGuid', 'type': 'str'}, - 'puid': {'key': 'properties.puid', 'type': 'str'}, - 'sid': {'key': 'properties.sid', 'type': 'str'}, - 'upn_suffix': {'key': 'properties.upnSuffix', 'type': 'str'}, - 'dns_domain': {'key': 'properties.dnsDomain', 'type': 'str'}, - } - - def __init__( - self, - **kwargs - ): - """ - """ - super(AccountEntity, self).__init__(**kwargs) - self.kind = 'Account' # type: str + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "aad_tenant_id": {"key": "properties.aadTenantId", "type": "str"}, + "aad_user_id": {"key": "properties.aadUserId", "type": "str"}, + "account_name": {"key": "properties.accountName", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "host_entity_id": {"key": "properties.hostEntityId", "type": "str"}, + "is_domain_joined": {"key": "properties.isDomainJoined", "type": "bool"}, + "nt_domain": {"key": "properties.ntDomain", "type": "str"}, + "object_guid": {"key": "properties.objectGuid", "type": "str"}, + "puid": {"key": "properties.puid", "type": "str"}, + "sid": {"key": "properties.sid", "type": "str"}, + "upn_suffix": {"key": "properties.upnSuffix", "type": "str"}, + "dns_domain": {"key": "properties.dnsDomain", "type": "str"}, + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.kind = "Account" # type: str self.additional_data = None self.friendly_name = None self.aad_tenant_id = None @@ -507,48 +846,44 @@ def __init__( self.dns_domain = None -class EntityCommonProperties(msrest.serialization.Model): +class EntityCommonProperties(_serialization.Model): """Entity common property bag. Variables are only populated by the server, and will be ignored when sending a request. :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str """ _validation = { - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, } _attribute_map = { - 'additional_data': {'key': 'additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'friendlyName', 'type': 'str'}, + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, } - def __init__( - self, - **kwargs - ): - """ - """ - super(EntityCommonProperties, self).__init__(**kwargs) + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) self.additional_data = None self.friendly_name = None -class AccountEntityProperties(EntityCommonProperties): +class AccountEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes """Account entity property bag. Variables are only populated by the server, and will be ignored when sending a request. :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str @@ -584,46 +919,42 @@ class AccountEntityProperties(EntityCommonProperties): """ _validation = { - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'aad_tenant_id': {'readonly': True}, - 'aad_user_id': {'readonly': True}, - 'account_name': {'readonly': True}, - 'display_name': {'readonly': True}, - 'host_entity_id': {'readonly': True}, - 'is_domain_joined': {'readonly': True}, - 'nt_domain': {'readonly': True}, - 'object_guid': {'readonly': True}, - 'puid': {'readonly': True}, - 'sid': {'readonly': True}, - 'upn_suffix': {'readonly': True}, - 'dns_domain': {'readonly': True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "aad_tenant_id": {"readonly": True}, + "aad_user_id": {"readonly": True}, + "account_name": {"readonly": True}, + "display_name": {"readonly": True}, + "host_entity_id": {"readonly": True}, + "is_domain_joined": {"readonly": True}, + "nt_domain": {"readonly": True}, + "object_guid": {"readonly": True}, + "puid": {"readonly": True}, + "sid": {"readonly": True}, + "upn_suffix": {"readonly": True}, + "dns_domain": {"readonly": True}, } _attribute_map = { - 'additional_data': {'key': 'additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'friendlyName', 'type': 'str'}, - 'aad_tenant_id': {'key': 'aadTenantId', 'type': 'str'}, - 'aad_user_id': {'key': 'aadUserId', 'type': 'str'}, - 'account_name': {'key': 'accountName', 'type': 'str'}, - 'display_name': {'key': 'displayName', 'type': 'str'}, - 'host_entity_id': {'key': 'hostEntityId', 'type': 'str'}, - 'is_domain_joined': {'key': 'isDomainJoined', 'type': 'bool'}, - 'nt_domain': {'key': 'ntDomain', 'type': 'str'}, - 'object_guid': {'key': 'objectGuid', 'type': 'str'}, - 'puid': {'key': 'puid', 'type': 'str'}, - 'sid': {'key': 'sid', 'type': 'str'}, - 'upn_suffix': {'key': 'upnSuffix', 'type': 'str'}, - 'dns_domain': {'key': 'dnsDomain', 'type': 'str'}, - } - - def __init__( - self, - **kwargs - ): - """ - """ - super(AccountEntityProperties, self).__init__(**kwargs) + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "aad_tenant_id": {"key": "aadTenantId", "type": "str"}, + "aad_user_id": {"key": "aadUserId", "type": "str"}, + "account_name": {"key": "accountName", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "host_entity_id": {"key": "hostEntityId", "type": "str"}, + "is_domain_joined": {"key": "isDomainJoined", "type": "bool"}, + "nt_domain": {"key": "ntDomain", "type": "str"}, + "object_guid": {"key": "objectGuid", "type": "str"}, + "puid": {"key": "puid", "type": "str"}, + "sid": {"key": "sid", "type": "str"}, + "upn_suffix": {"key": "upnSuffix", "type": "str"}, + "dns_domain": {"key": "dnsDomain", "type": "str"}, + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) self.aad_tenant_id = None self.aad_user_id = None self.account_name = None @@ -638,36 +969,33 @@ def __init__( self.dns_domain = None -class ActionPropertiesBase(msrest.serialization.Model): +class ActionPropertiesBase(_serialization.Model): """Action property bag base. All required parameters must be populated in order to send to Azure. - :ivar logic_app_resource_id: Required. Logic App Resource Id, + :ivar logic_app_resource_id: Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. + Required. :vartype logic_app_resource_id: str """ _validation = { - 'logic_app_resource_id': {'required': True}, + "logic_app_resource_id": {"required": True}, } _attribute_map = { - 'logic_app_resource_id': {'key': 'logicAppResourceId', 'type': 'str'}, + "logic_app_resource_id": {"key": "logicAppResourceId", "type": "str"}, } - def __init__( - self, - *, - logic_app_resource_id: str, - **kwargs - ): + def __init__(self, *, logic_app_resource_id: str, **kwargs): """ - :keyword logic_app_resource_id: Required. Logic App Resource Id, + :keyword logic_app_resource_id: Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. + Required. :paramtype logic_app_resource_id: str """ - super(ActionPropertiesBase, self).__init__(**kwargs) + super().__init__(**kwargs) self.logic_app_resource_id = logic_app_resource_id @@ -697,20 +1025,20 @@ class ActionRequest(ResourceWithEtag): """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'etag': {'key': 'etag', 'type': 'str'}, - 'logic_app_resource_id': {'key': 'properties.logicAppResourceId', 'type': 'str'}, - 'trigger_uri': {'key': 'properties.triggerUri', 'type': 'str'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "logic_app_resource_id": {"key": "properties.logicAppResourceId", "type": "str"}, + "trigger_uri": {"key": "properties.triggerUri", "type": "str"}, } def __init__( @@ -730,7 +1058,7 @@ def __init__( :keyword trigger_uri: Logic App Callback URL for this specific workflow. :paramtype trigger_uri: str """ - super(ActionRequest, self).__init__(etag=etag, **kwargs) + super().__init__(etag=etag, **kwargs) self.logic_app_resource_id = logic_app_resource_id self.trigger_uri = trigger_uri @@ -740,42 +1068,38 @@ class ActionRequestProperties(ActionPropertiesBase): All required parameters must be populated in order to send to Azure. - :ivar logic_app_resource_id: Required. Logic App Resource Id, + :ivar logic_app_resource_id: Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. + Required. :vartype logic_app_resource_id: str - :ivar trigger_uri: Required. Logic App Callback URL for this specific workflow. + :ivar trigger_uri: Logic App Callback URL for this specific workflow. Required. :vartype trigger_uri: str """ _validation = { - 'logic_app_resource_id': {'required': True}, - 'trigger_uri': {'required': True}, + "logic_app_resource_id": {"required": True}, + "trigger_uri": {"required": True}, } _attribute_map = { - 'logic_app_resource_id': {'key': 'logicAppResourceId', 'type': 'str'}, - 'trigger_uri': {'key': 'triggerUri', 'type': 'str'}, + "logic_app_resource_id": {"key": "logicAppResourceId", "type": "str"}, + "trigger_uri": {"key": "triggerUri", "type": "str"}, } - def __init__( - self, - *, - logic_app_resource_id: str, - trigger_uri: str, - **kwargs - ): + def __init__(self, *, logic_app_resource_id: str, trigger_uri: str, **kwargs): """ - :keyword logic_app_resource_id: Required. Logic App Resource Id, + :keyword logic_app_resource_id: Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. + Required. :paramtype logic_app_resource_id: str - :keyword trigger_uri: Required. Logic App Callback URL for this specific workflow. + :keyword trigger_uri: Logic App Callback URL for this specific workflow. Required. :paramtype trigger_uri: str """ - super(ActionRequestProperties, self).__init__(logic_app_resource_id=logic_app_resource_id, **kwargs) + super().__init__(logic_app_resource_id=logic_app_resource_id, **kwargs) self.trigger_uri = trigger_uri -class ActionResponse(Resource): +class ActionResponse(ResourceWithEtag): """Action for alert rule. Variables are only populated by the server, and will be ignored when sending a request. @@ -791,7 +1115,7 @@ class ActionResponse(Resource): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the action. + :ivar etag: Etag of the azure resource. :vartype etag: str :ivar logic_app_resource_id: Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. @@ -801,20 +1125,20 @@ class ActionResponse(Resource): """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'etag': {'key': 'etag', 'type': 'str'}, - 'logic_app_resource_id': {'key': 'properties.logicAppResourceId', 'type': 'str'}, - 'workflow_id': {'key': 'properties.workflowId', 'type': 'str'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "logic_app_resource_id": {"key": "properties.logicAppResourceId", "type": "str"}, + "workflow_id": {"key": "properties.workflowId", "type": "str"}, } def __init__( @@ -826,7 +1150,7 @@ def __init__( **kwargs ): """ - :keyword etag: Etag of the action. + :keyword etag: Etag of the azure resource. :paramtype etag: str :keyword logic_app_resource_id: Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. @@ -834,8 +1158,7 @@ def __init__( :keyword workflow_id: The name of the logic app's workflow. :paramtype workflow_id: str """ - super(ActionResponse, self).__init__(**kwargs) - self.etag = etag + super().__init__(etag=etag, **kwargs) self.logic_app_resource_id = logic_app_resource_id self.workflow_id = workflow_id @@ -845,41 +1168,37 @@ class ActionResponseProperties(ActionPropertiesBase): All required parameters must be populated in order to send to Azure. - :ivar logic_app_resource_id: Required. Logic App Resource Id, + :ivar logic_app_resource_id: Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. + Required. :vartype logic_app_resource_id: str :ivar workflow_id: The name of the logic app's workflow. :vartype workflow_id: str """ _validation = { - 'logic_app_resource_id': {'required': True}, + "logic_app_resource_id": {"required": True}, } _attribute_map = { - 'logic_app_resource_id': {'key': 'logicAppResourceId', 'type': 'str'}, - 'workflow_id': {'key': 'workflowId', 'type': 'str'}, + "logic_app_resource_id": {"key": "logicAppResourceId", "type": "str"}, + "workflow_id": {"key": "workflowId", "type": "str"}, } - def __init__( - self, - *, - logic_app_resource_id: str, - workflow_id: Optional[str] = None, - **kwargs - ): + def __init__(self, *, logic_app_resource_id: str, workflow_id: Optional[str] = None, **kwargs): """ - :keyword logic_app_resource_id: Required. Logic App Resource Id, + :keyword logic_app_resource_id: Logic App Resource Id, /subscriptions/{my-subscription}/resourceGroups/{my-resource-group}/providers/Microsoft.Logic/workflows/{my-workflow-id}. + Required. :paramtype logic_app_resource_id: str :keyword workflow_id: The name of the logic app's workflow. :paramtype workflow_id: str """ - super(ActionResponseProperties, self).__init__(logic_app_resource_id=logic_app_resource_id, **kwargs) + super().__init__(logic_app_resource_id=logic_app_resource_id, **kwargs) self.workflow_id = workflow_id -class ActionsList(msrest.serialization.Model): +class ActionsList(_serialization.Model): """List all the actions. Variables are only populated by the server, and will be ignored when sending a request. @@ -888,90 +1207,87 @@ class ActionsList(msrest.serialization.Model): :ivar next_link: URL to fetch the next set of actions. :vartype next_link: str - :ivar value: Required. Array of actions. + :ivar value: Array of actions. Required. :vartype value: list[~azure.mgmt.securityinsight.models.ActionResponse] """ _validation = { - 'next_link': {'readonly': True}, - 'value': {'required': True}, + "next_link": {"readonly": True}, + "value": {"required": True}, } _attribute_map = { - 'next_link': {'key': 'nextLink', 'type': 'str'}, - 'value': {'key': 'value', 'type': '[ActionResponse]'}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[ActionResponse]"}, } - def __init__( - self, - *, - value: List["_models.ActionResponse"], - **kwargs - ): + def __init__(self, *, value: List["_models.ActionResponse"], **kwargs): """ - :keyword value: Required. Array of actions. + :keyword value: Array of actions. Required. :paramtype value: list[~azure.mgmt.securityinsight.models.ActionResponse] """ - super(ActionsList, self).__init__(**kwargs) + super().__init__(**kwargs) self.next_link = None self.value = value -class AlertDetailsOverride(msrest.serialization.Model): - """Settings for how to dynamically override alert static details. +class CustomEntityQuery(ResourceWithEtag): + """Specific entity query that supports put requests. - :ivar alert_display_name_format: the format containing columns name(s) to override the alert - name. - :vartype alert_display_name_format: str - :ivar alert_description_format: the format containing columns name(s) to override the alert - description. - :vartype alert_description_format: str - :ivar alert_tactics_column_name: the column name to take the alert tactics from. - :vartype alert_tactics_column_name: str - :ivar alert_severity_column_name: the column name to take the alert severity from. - :vartype alert_severity_column_name: str + You probably want to use the sub-classes and not this class directly. Known sub-classes are: + ActivityCustomEntityQuery + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: the entity query kind. Required. "Activity" + :vartype kind: str or ~azure.mgmt.securityinsight.models.CustomEntityQueryKind """ + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + } + _attribute_map = { - 'alert_display_name_format': {'key': 'alertDisplayNameFormat', 'type': 'str'}, - 'alert_description_format': {'key': 'alertDescriptionFormat', 'type': 'str'}, - 'alert_tactics_column_name': {'key': 'alertTacticsColumnName', 'type': 'str'}, - 'alert_severity_column_name': {'key': 'alertSeverityColumnName', 'type': 'str'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, } - def __init__( - self, - *, - alert_display_name_format: Optional[str] = None, - alert_description_format: Optional[str] = None, - alert_tactics_column_name: Optional[str] = None, - alert_severity_column_name: Optional[str] = None, - **kwargs - ): + _subtype_map = {"kind": {"Activity": "ActivityCustomEntityQuery"}} + + def __init__(self, *, etag: Optional[str] = None, **kwargs): """ - :keyword alert_display_name_format: the format containing columns name(s) to override the alert - name. - :paramtype alert_display_name_format: str - :keyword alert_description_format: the format containing columns name(s) to override the alert - description. - :paramtype alert_description_format: str - :keyword alert_tactics_column_name: the column name to take the alert tactics from. - :paramtype alert_tactics_column_name: str - :keyword alert_severity_column_name: the column name to take the alert severity from. - :paramtype alert_severity_column_name: str + :keyword etag: Etag of the azure resource. + :paramtype etag: str """ - super(AlertDetailsOverride, self).__init__(**kwargs) - self.alert_display_name_format = alert_display_name_format - self.alert_description_format = alert_description_format - self.alert_tactics_column_name = alert_tactics_column_name - self.alert_severity_column_name = alert_severity_column_name - + super().__init__(etag=etag, **kwargs) + self.kind = None # type: Optional[str] -class AlertRule(ResourceWithEtag): - """Alert rule. - You probably want to use the sub-classes and not this class directly. Known - sub-classes are: FusionAlertRule, MicrosoftSecurityIncidentCreationAlertRule, ScheduledAlertRule. +class ActivityCustomEntityQuery(CustomEntityQuery): # pylint: disable=too-many-instance-attributes + """Represents Activity entity query. Variables are only populated by the server, and will be ignored when sending a request. @@ -990,89 +1306,154 @@ class AlertRule(ResourceWithEtag): :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar kind: Required. The alert rule kind.Constant filled by server. Known values are: - "Scheduled", "MicrosoftSecurityIncidentCreation", "Fusion". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar kind: the entity query kind. Required. "Activity" + :vartype kind: str or ~azure.mgmt.securityinsight.models.CustomEntityQueryKind + :ivar title: The entity query title. + :vartype title: str + :ivar content: The entity query content to display in timeline. + :vartype content: str + :ivar description: The entity query description. + :vartype description: str + :ivar query_definitions: The Activity query definitions. + :vartype query_definitions: + ~azure.mgmt.securityinsight.models.ActivityEntityQueriesPropertiesQueryDefinitions + :ivar input_entity_type: The type of the query's source entity. Known values are: "Account", + "Host", "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", + "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", + "SecurityAlert", "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", + and "Nic". + :vartype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType + :ivar required_input_fields_sets: List of the fields of the source entity that are required to + run the query. + :vartype required_input_fields_sets: list[list[str]] + :ivar entities_filter: The query applied only to entities matching to all filters. + :vartype entities_filter: dict[str, list[str]] + :ivar template_name: The template id this activity was created from. + :vartype template_name: str + :ivar enabled: Determines whether this activity is enabled or disabled. + :vartype enabled: bool + :ivar created_time_utc: The time the activity was created. + :vartype created_time_utc: ~datetime.datetime + :ivar last_modified_time_utc: The last time the activity was updated. + :vartype last_modified_time_utc: ~datetime.datetime """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "created_time_utc": {"readonly": True}, + "last_modified_time_utc": {"readonly": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'etag': {'key': 'etag', 'type': 'str'}, - 'kind': {'key': 'kind', 'type': 'str'}, - } - - _subtype_map = { - 'kind': {'Fusion': 'FusionAlertRule', 'MicrosoftSecurityIncidentCreation': 'MicrosoftSecurityIncidentCreationAlertRule', 'Scheduled': 'ScheduledAlertRule'} + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "title": {"key": "properties.title", "type": "str"}, + "content": {"key": "properties.content", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "query_definitions": { + "key": "properties.queryDefinitions", + "type": "ActivityEntityQueriesPropertiesQueryDefinitions", + }, + "input_entity_type": {"key": "properties.inputEntityType", "type": "str"}, + "required_input_fields_sets": {"key": "properties.requiredInputFieldsSets", "type": "[[str]]"}, + "entities_filter": {"key": "properties.entitiesFilter", "type": "{[str]}"}, + "template_name": {"key": "properties.templateName", "type": "str"}, + "enabled": {"key": "properties.enabled", "type": "bool"}, + "created_time_utc": {"key": "properties.createdTimeUtc", "type": "iso-8601"}, + "last_modified_time_utc": {"key": "properties.lastModifiedTimeUtc", "type": "iso-8601"}, } def __init__( self, *, etag: Optional[str] = None, + title: Optional[str] = None, + content: Optional[str] = None, + description: Optional[str] = None, + query_definitions: Optional["_models.ActivityEntityQueriesPropertiesQueryDefinitions"] = None, + input_entity_type: Optional[Union[str, "_models.EntityType"]] = None, + required_input_fields_sets: Optional[List[List[str]]] = None, + entities_filter: Optional[Dict[str, List[str]]] = None, + template_name: Optional[str] = None, + enabled: Optional[bool] = None, **kwargs ): """ :keyword etag: Etag of the azure resource. :paramtype etag: str + :keyword title: The entity query title. + :paramtype title: str + :keyword content: The entity query content to display in timeline. + :paramtype content: str + :keyword description: The entity query description. + :paramtype description: str + :keyword query_definitions: The Activity query definitions. + :paramtype query_definitions: + ~azure.mgmt.securityinsight.models.ActivityEntityQueriesPropertiesQueryDefinitions + :keyword input_entity_type: The type of the query's source entity. Known values are: "Account", + "Host", "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", + "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", + "SecurityAlert", "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", + and "Nic". + :paramtype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType + :keyword required_input_fields_sets: List of the fields of the source entity that are required + to run the query. + :paramtype required_input_fields_sets: list[list[str]] + :keyword entities_filter: The query applied only to entities matching to all filters. + :paramtype entities_filter: dict[str, list[str]] + :keyword template_name: The template id this activity was created from. + :paramtype template_name: str + :keyword enabled: Determines whether this activity is enabled or disabled. + :paramtype enabled: bool """ - super(AlertRule, self).__init__(etag=etag, **kwargs) - self.kind = 'AlertRule' # type: str - - -class AlertRulesList(msrest.serialization.Model): - """List all the alert rules. + super().__init__(etag=etag, **kwargs) + self.kind = "Activity" # type: str + self.title = title + self.content = content + self.description = description + self.query_definitions = query_definitions + self.input_entity_type = input_entity_type + self.required_input_fields_sets = required_input_fields_sets + self.entities_filter = entities_filter + self.template_name = template_name + self.enabled = enabled + self.created_time_utc = None + self.last_modified_time_utc = None - Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. +class ActivityEntityQueriesPropertiesQueryDefinitions(_serialization.Model): + """The Activity query definitions. - :ivar next_link: URL to fetch the next set of alert rules. - :vartype next_link: str - :ivar value: Required. Array of alert rules. - :vartype value: list[~azure.mgmt.securityinsight.models.AlertRule] + :ivar query: The Activity query to run on a given entity. + :vartype query: str """ - _validation = { - 'next_link': {'readonly': True}, - 'value': {'required': True}, - } - _attribute_map = { - 'next_link': {'key': 'nextLink', 'type': 'str'}, - 'value': {'key': 'value', 'type': '[AlertRule]'}, + "query": {"key": "query", "type": "str"}, } - def __init__( - self, - *, - value: List["_models.AlertRule"], - **kwargs - ): + def __init__(self, *, query: Optional[str] = None, **kwargs): """ - :keyword value: Required. Array of alert rules. - :paramtype value: list[~azure.mgmt.securityinsight.models.AlertRule] + :keyword query: The Activity query to run on a given entity. + :paramtype query: str """ - super(AlertRulesList, self).__init__(**kwargs) - self.next_link = None - self.value = value + super().__init__(**kwargs) + self.query = query -class AlertRuleTemplate(Resource): - """Alert rule template. +class EntityQuery(ResourceWithEtag): + """Specific entity query. - You probably want to use the sub-classes and not this class directly. Known - sub-classes are: FusionAlertRuleTemplate, MicrosoftSecurityIncidentCreationAlertRuleTemplate, ScheduledAlertRuleTemplate. + You probably want to use the sub-classes and not this class directly. Known sub-classes are: + ActivityEntityQuery, ExpansionEntityQuery Variables are only populated by the server, and will be ignored when sending a request. @@ -1089,138 +1470,236 @@ class AlertRuleTemplate(Resource): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: Required. The alert rule kind.Constant filled by server. Known values are: - "Scheduled", "MicrosoftSecurityIncidentCreation", "Fusion". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: the entity query kind. Required. Known values are: "Expansion", "Insight", and + "Activity". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityQueryKind """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'kind': {'key': 'kind', 'type': 'str'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, } - _subtype_map = { - 'kind': {'Fusion': 'FusionAlertRuleTemplate', 'MicrosoftSecurityIncidentCreation': 'MicrosoftSecurityIncidentCreationAlertRuleTemplate', 'Scheduled': 'ScheduledAlertRuleTemplate'} - } + _subtype_map = {"kind": {"Activity": "ActivityEntityQuery", "Expansion": "ExpansionEntityQuery"}} - def __init__( - self, - **kwargs - ): + def __init__(self, *, etag: Optional[str] = None, **kwargs): """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str """ - super(AlertRuleTemplate, self).__init__(**kwargs) - self.kind = 'AlertRuleTemplate' # type: str + super().__init__(etag=etag, **kwargs) + self.kind = None # type: Optional[str] -class AlertRuleTemplateDataSource(msrest.serialization.Model): - """alert rule template data sources. +class ActivityEntityQuery(EntityQuery): # pylint: disable=too-many-instance-attributes + """Represents Activity entity query. - :ivar connector_id: The connector id that provides the following data types. - :vartype connector_id: str - :ivar data_types: The data types used by the alert rule template. - :vartype data_types: list[str] + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: the entity query kind. Required. Known values are: "Expansion", "Insight", and + "Activity". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityQueryKind + :ivar title: The entity query title. + :vartype title: str + :ivar content: The entity query content to display in timeline. + :vartype content: str + :ivar description: The entity query description. + :vartype description: str + :ivar query_definitions: The Activity query definitions. + :vartype query_definitions: + ~azure.mgmt.securityinsight.models.ActivityEntityQueriesPropertiesQueryDefinitions + :ivar input_entity_type: The type of the query's source entity. Known values are: "Account", + "Host", "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", + "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", + "SecurityAlert", "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", + and "Nic". + :vartype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType + :ivar required_input_fields_sets: List of the fields of the source entity that are required to + run the query. + :vartype required_input_fields_sets: list[list[str]] + :ivar entities_filter: The query applied only to entities matching to all filters. + :vartype entities_filter: dict[str, list[str]] + :ivar template_name: The template id this activity was created from. + :vartype template_name: str + :ivar enabled: Determines whether this activity is enabled or disabled. + :vartype enabled: bool + :ivar created_time_utc: The time the activity was created. + :vartype created_time_utc: ~datetime.datetime + :ivar last_modified_time_utc: The last time the activity was updated. + :vartype last_modified_time_utc: ~datetime.datetime """ + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "created_time_utc": {"readonly": True}, + "last_modified_time_utc": {"readonly": True}, + } + _attribute_map = { - 'connector_id': {'key': 'connectorId', 'type': 'str'}, - 'data_types': {'key': 'dataTypes', 'type': '[str]'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "title": {"key": "properties.title", "type": "str"}, + "content": {"key": "properties.content", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "query_definitions": { + "key": "properties.queryDefinitions", + "type": "ActivityEntityQueriesPropertiesQueryDefinitions", + }, + "input_entity_type": {"key": "properties.inputEntityType", "type": "str"}, + "required_input_fields_sets": {"key": "properties.requiredInputFieldsSets", "type": "[[str]]"}, + "entities_filter": {"key": "properties.entitiesFilter", "type": "{[str]}"}, + "template_name": {"key": "properties.templateName", "type": "str"}, + "enabled": {"key": "properties.enabled", "type": "bool"}, + "created_time_utc": {"key": "properties.createdTimeUtc", "type": "iso-8601"}, + "last_modified_time_utc": {"key": "properties.lastModifiedTimeUtc", "type": "iso-8601"}, } def __init__( self, *, - connector_id: Optional[str] = None, - data_types: Optional[List[str]] = None, + etag: Optional[str] = None, + title: Optional[str] = None, + content: Optional[str] = None, + description: Optional[str] = None, + query_definitions: Optional["_models.ActivityEntityQueriesPropertiesQueryDefinitions"] = None, + input_entity_type: Optional[Union[str, "_models.EntityType"]] = None, + required_input_fields_sets: Optional[List[List[str]]] = None, + entities_filter: Optional[Dict[str, List[str]]] = None, + template_name: Optional[str] = None, + enabled: Optional[bool] = None, **kwargs ): """ - :keyword connector_id: The connector id that provides the following data types. - :paramtype connector_id: str - :keyword data_types: The data types used by the alert rule template. - :paramtype data_types: list[str] + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword title: The entity query title. + :paramtype title: str + :keyword content: The entity query content to display in timeline. + :paramtype content: str + :keyword description: The entity query description. + :paramtype description: str + :keyword query_definitions: The Activity query definitions. + :paramtype query_definitions: + ~azure.mgmt.securityinsight.models.ActivityEntityQueriesPropertiesQueryDefinitions + :keyword input_entity_type: The type of the query's source entity. Known values are: "Account", + "Host", "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", + "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", + "SecurityAlert", "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", + and "Nic". + :paramtype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType + :keyword required_input_fields_sets: List of the fields of the source entity that are required + to run the query. + :paramtype required_input_fields_sets: list[list[str]] + :keyword entities_filter: The query applied only to entities matching to all filters. + :paramtype entities_filter: dict[str, list[str]] + :keyword template_name: The template id this activity was created from. + :paramtype template_name: str + :keyword enabled: Determines whether this activity is enabled or disabled. + :paramtype enabled: bool """ - super(AlertRuleTemplateDataSource, self).__init__(**kwargs) - self.connector_id = connector_id - self.data_types = data_types + super().__init__(etag=etag, **kwargs) + self.kind = "Activity" # type: str + self.title = title + self.content = content + self.description = description + self.query_definitions = query_definitions + self.input_entity_type = input_entity_type + self.required_input_fields_sets = required_input_fields_sets + self.entities_filter = entities_filter + self.template_name = template_name + self.enabled = enabled + self.created_time_utc = None + self.last_modified_time_utc = None -class AlertRuleTemplatesList(msrest.serialization.Model): - """List all the alert rule templates. +class EntityQueryTemplate(Resource): + """Specific entity query template. + + You probably want to use the sub-classes and not this class directly. Known sub-classes are: + ActivityEntityQueryTemplate Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar next_link: URL to fetch the next set of alert rule templates. - :vartype next_link: str - :ivar value: Required. Array of alert rule templates. - :vartype value: list[~azure.mgmt.securityinsight.models.AlertRuleTemplate] + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: the entity query template kind. Required. "Activity" + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityQueryTemplateKind """ _validation = { - 'next_link': {'readonly': True}, - 'value': {'required': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, } _attribute_map = { - 'next_link': {'key': 'nextLink', 'type': 'str'}, - 'value': {'key': 'value', 'type': '[AlertRuleTemplate]'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, } - def __init__( - self, - *, - value: List["_models.AlertRuleTemplate"], - **kwargs - ): - """ - :keyword value: Required. Array of alert rule templates. - :paramtype value: list[~azure.mgmt.securityinsight.models.AlertRuleTemplate] - """ - super(AlertRuleTemplatesList, self).__init__(**kwargs) - self.next_link = None - self.value = value - - -class AlertsDataTypeOfDataConnector(msrest.serialization.Model): - """Alerts data type for data connectors. - - :ivar alerts: Alerts data type connection. - :vartype alerts: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon - """ - - _attribute_map = { - 'alerts': {'key': 'alerts', 'type': 'DataConnectorDataTypeCommon'}, - } + _subtype_map = {"kind": {"Activity": "ActivityEntityQueryTemplate"}} - def __init__( - self, - *, - alerts: Optional["_models.DataConnectorDataTypeCommon"] = None, - **kwargs - ): - """ - :keyword alerts: Alerts data type connection. - :paramtype alerts: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon - """ - super(AlertsDataTypeOfDataConnector, self).__init__(**kwargs) - self.alerts = alerts + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.kind = None # type: Optional[str] -class ASCDataConnector(DataConnector): - """Represents ASC (Azure Security Center) data connector. +class ActivityEntityQueryTemplate(EntityQueryTemplate): # pylint: disable=too-many-instance-attributes + """Represents Activity entity query. Variables are only populated by the server, and will be ignored when sending a request. @@ -1237,118 +1716,315 @@ class ASCDataConnector(DataConnector): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: Required. The data connector kind.Constant filled by server. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "Office365", "AmazonWebServicesCloudTrail", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :ivar subscription_id: The subscription id to connect to, and get the data from. - :vartype subscription_id: str + :ivar kind: the entity query template kind. Required. "Activity" + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityQueryTemplateKind + :ivar title: The entity query title. + :vartype title: str + :ivar content: The entity query content to display in timeline. + :vartype content: str + :ivar description: The entity query description. + :vartype description: str + :ivar query_definitions: The Activity query definitions. + :vartype query_definitions: + ~azure.mgmt.securityinsight.models.ActivityEntityQueryTemplatePropertiesQueryDefinitions + :ivar data_types: List of required data types for the given entity query template. + :vartype data_types: list[~azure.mgmt.securityinsight.models.DataTypeDefinitions] + :ivar input_entity_type: The type of the query's source entity. Known values are: "Account", + "Host", "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", + "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", + "SecurityAlert", "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", + and "Nic". + :vartype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType + :ivar required_input_fields_sets: List of the fields of the source entity that are required to + run the query. + :vartype required_input_fields_sets: list[list[str]] + :ivar entities_filter: The query applied only to entities matching to all filters. + :vartype entities_filter: dict[str, list[str]] """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'etag': {'key': 'etag', 'type': 'str'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, - 'subscription_id': {'key': 'properties.subscriptionId', 'type': 'str'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "title": {"key": "properties.title", "type": "str"}, + "content": {"key": "properties.content", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "query_definitions": { + "key": "properties.queryDefinitions", + "type": "ActivityEntityQueryTemplatePropertiesQueryDefinitions", + }, + "data_types": {"key": "properties.dataTypes", "type": "[DataTypeDefinitions]"}, + "input_entity_type": {"key": "properties.inputEntityType", "type": "str"}, + "required_input_fields_sets": {"key": "properties.requiredInputFieldsSets", "type": "[[str]]"}, + "entities_filter": {"key": "properties.entitiesFilter", "type": "{[str]}"}, } def __init__( self, *, - etag: Optional[str] = None, - data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, - subscription_id: Optional[str] = None, + title: Optional[str] = None, + content: Optional[str] = None, + description: Optional[str] = None, + query_definitions: Optional["_models.ActivityEntityQueryTemplatePropertiesQueryDefinitions"] = None, + data_types: Optional[List["_models.DataTypeDefinitions"]] = None, + input_entity_type: Optional[Union[str, "_models.EntityType"]] = None, + required_input_fields_sets: Optional[List[List[str]]] = None, + entities_filter: Optional[Dict[str, List[str]]] = None, **kwargs ): """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :keyword subscription_id: The subscription id to connect to, and get the data from. - :paramtype subscription_id: str - """ - super(ASCDataConnector, self).__init__(etag=etag, **kwargs) - self.kind = 'AzureSecurityCenter' # type: str + :keyword title: The entity query title. + :paramtype title: str + :keyword content: The entity query content to display in timeline. + :paramtype content: str + :keyword description: The entity query description. + :paramtype description: str + :keyword query_definitions: The Activity query definitions. + :paramtype query_definitions: + ~azure.mgmt.securityinsight.models.ActivityEntityQueryTemplatePropertiesQueryDefinitions + :keyword data_types: List of required data types for the given entity query template. + :paramtype data_types: list[~azure.mgmt.securityinsight.models.DataTypeDefinitions] + :keyword input_entity_type: The type of the query's source entity. Known values are: "Account", + "Host", "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", + "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", + "SecurityAlert", "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", + and "Nic". + :paramtype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType + :keyword required_input_fields_sets: List of the fields of the source entity that are required + to run the query. + :paramtype required_input_fields_sets: list[list[str]] + :keyword entities_filter: The query applied only to entities matching to all filters. + :paramtype entities_filter: dict[str, list[str]] + """ + super().__init__(**kwargs) + self.kind = "Activity" # type: str + self.title = title + self.content = content + self.description = description + self.query_definitions = query_definitions self.data_types = data_types - self.subscription_id = subscription_id + self.input_entity_type = input_entity_type + self.required_input_fields_sets = required_input_fields_sets + self.entities_filter = entities_filter -class DataConnectorWithAlertsProperties(msrest.serialization.Model): - """Data connector properties. +class ActivityEntityQueryTemplatePropertiesQueryDefinitions(_serialization.Model): + """The Activity query definitions. - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :ivar query: The Activity query to run on a given entity. + :vartype query: str + :ivar summarize_by: The dimensions we want to summarize the timeline results on, this is comma + separated list. + :vartype summarize_by: str """ _attribute_map = { - 'data_types': {'key': 'dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + "query": {"key": "query", "type": "str"}, + "summarize_by": {"key": "summarizeBy", "type": "str"}, } - def __init__( - self, - *, - data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, - **kwargs - ): + def __init__(self, *, query: Optional[str] = None, summarize_by: Optional[str] = None, **kwargs): """ - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :keyword query: The Activity query to run on a given entity. + :paramtype query: str + :keyword summarize_by: The dimensions we want to summarize the timeline results on, this is + comma separated list. + :paramtype summarize_by: str """ - super(DataConnectorWithAlertsProperties, self).__init__(**kwargs) - self.data_types = data_types + super().__init__(**kwargs) + self.query = query + self.summarize_by = summarize_by -class ASCDataConnectorProperties(DataConnectorWithAlertsProperties): - """ASC (Azure Security Center) data connector properties. +class EntityTimelineItem(_serialization.Model): + """Entity timeline Item. - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :ivar subscription_id: The subscription id to connect to, and get the data from. - :vartype subscription_id: str + You probably want to use the sub-classes and not this class directly. Known sub-classes are: + ActivityTimelineItem, AnomalyTimelineItem, BookmarkTimelineItem, SecurityAlertTimelineItem + + All required parameters must be populated in order to send to Azure. + + :ivar kind: The entity query kind type. Required. Known values are: "Activity", "Bookmark", + "SecurityAlert", and "Anomaly". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityTimelineKind + """ + + _validation = { + "kind": {"required": True}, + } + + _attribute_map = { + "kind": {"key": "kind", "type": "str"}, + } + + _subtype_map = { + "kind": { + "Activity": "ActivityTimelineItem", + "Anomaly": "AnomalyTimelineItem", + "Bookmark": "BookmarkTimelineItem", + "SecurityAlert": "SecurityAlertTimelineItem", + } + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.kind = None # type: Optional[str] + + +class ActivityTimelineItem(EntityTimelineItem): + """Represents Activity timeline item. + + All required parameters must be populated in order to send to Azure. + + :ivar kind: The entity query kind type. Required. Known values are: "Activity", "Bookmark", + "SecurityAlert", and "Anomaly". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityTimelineKind + :ivar query_id: The activity query id. Required. + :vartype query_id: str + :ivar bucket_start_time_utc: The grouping bucket start time. Required. + :vartype bucket_start_time_utc: ~datetime.datetime + :ivar bucket_end_time_utc: The grouping bucket end time. Required. + :vartype bucket_end_time_utc: ~datetime.datetime + :ivar first_activity_time_utc: The time of the first activity in the grouping bucket. Required. + :vartype first_activity_time_utc: ~datetime.datetime + :ivar last_activity_time_utc: The time of the last activity in the grouping bucket. Required. + :vartype last_activity_time_utc: ~datetime.datetime + :ivar content: The activity timeline content. Required. + :vartype content: str + :ivar title: The activity timeline title. Required. + :vartype title: str """ + _validation = { + "kind": {"required": True}, + "query_id": {"required": True}, + "bucket_start_time_utc": {"required": True}, + "bucket_end_time_utc": {"required": True}, + "first_activity_time_utc": {"required": True}, + "last_activity_time_utc": {"required": True}, + "content": {"required": True}, + "title": {"required": True}, + } + _attribute_map = { - 'data_types': {'key': 'dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, - 'subscription_id': {'key': 'subscriptionId', 'type': 'str'}, + "kind": {"key": "kind", "type": "str"}, + "query_id": {"key": "queryId", "type": "str"}, + "bucket_start_time_utc": {"key": "bucketStartTimeUTC", "type": "iso-8601"}, + "bucket_end_time_utc": {"key": "bucketEndTimeUTC", "type": "iso-8601"}, + "first_activity_time_utc": {"key": "firstActivityTimeUTC", "type": "iso-8601"}, + "last_activity_time_utc": {"key": "lastActivityTimeUTC", "type": "iso-8601"}, + "content": {"key": "content", "type": "str"}, + "title": {"key": "title", "type": "str"}, } def __init__( self, *, - data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, - subscription_id: Optional[str] = None, + query_id: str, + bucket_start_time_utc: datetime.datetime, + bucket_end_time_utc: datetime.datetime, + first_activity_time_utc: datetime.datetime, + last_activity_time_utc: datetime.datetime, + content: str, + title: str, **kwargs ): """ - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector - :keyword subscription_id: The subscription id to connect to, and get the data from. - :paramtype subscription_id: str + :keyword query_id: The activity query id. Required. + :paramtype query_id: str + :keyword bucket_start_time_utc: The grouping bucket start time. Required. + :paramtype bucket_start_time_utc: ~datetime.datetime + :keyword bucket_end_time_utc: The grouping bucket end time. Required. + :paramtype bucket_end_time_utc: ~datetime.datetime + :keyword first_activity_time_utc: The time of the first activity in the grouping bucket. + Required. + :paramtype first_activity_time_utc: ~datetime.datetime + :keyword last_activity_time_utc: The time of the last activity in the grouping bucket. + Required. + :paramtype last_activity_time_utc: ~datetime.datetime + :keyword content: The activity timeline content. Required. + :paramtype content: str + :keyword title: The activity timeline title. Required. + :paramtype title: str """ - super(ASCDataConnectorProperties, self).__init__(data_types=data_types, **kwargs) - self.subscription_id = subscription_id + super().__init__(**kwargs) + self.kind = "Activity" # type: str + self.query_id = query_id + self.bucket_start_time_utc = bucket_start_time_utc + self.bucket_end_time_utc = bucket_end_time_utc + self.first_activity_time_utc = first_activity_time_utc + self.last_activity_time_utc = last_activity_time_utc + self.content = content + self.title = title -class AutomationRule(ResourceWithEtag): - """AutomationRule. +class AlertDetailsOverride(_serialization.Model): + """Settings for how to dynamically override alert static details. + + :ivar alert_display_name_format: the format containing columns name(s) to override the alert + name. + :vartype alert_display_name_format: str + :ivar alert_description_format: the format containing columns name(s) to override the alert + description. + :vartype alert_description_format: str + :ivar alert_tactics_column_name: the column name to take the alert tactics from. + :vartype alert_tactics_column_name: str + :ivar alert_severity_column_name: the column name to take the alert severity from. + :vartype alert_severity_column_name: str + """ + + _attribute_map = { + "alert_display_name_format": {"key": "alertDisplayNameFormat", "type": "str"}, + "alert_description_format": {"key": "alertDescriptionFormat", "type": "str"}, + "alert_tactics_column_name": {"key": "alertTacticsColumnName", "type": "str"}, + "alert_severity_column_name": {"key": "alertSeverityColumnName", "type": "str"}, + } + + def __init__( + self, + *, + alert_display_name_format: Optional[str] = None, + alert_description_format: Optional[str] = None, + alert_tactics_column_name: Optional[str] = None, + alert_severity_column_name: Optional[str] = None, + **kwargs + ): + """ + :keyword alert_display_name_format: the format containing columns name(s) to override the alert + name. + :paramtype alert_display_name_format: str + :keyword alert_description_format: the format containing columns name(s) to override the alert + description. + :paramtype alert_description_format: str + :keyword alert_tactics_column_name: the column name to take the alert tactics from. + :paramtype alert_tactics_column_name: str + :keyword alert_severity_column_name: the column name to take the alert severity from. + :paramtype alert_severity_column_name: str + """ + super().__init__(**kwargs) + self.alert_display_name_format = alert_display_name_format + self.alert_description_format = alert_description_format + self.alert_tactics_column_name = alert_tactics_column_name + self.alert_severity_column_name = alert_severity_column_name + + +class AlertRule(ResourceWithEtag): + """Alert rule. + + You probably want to use the sub-classes and not this class directly. Known sub-classes are: + FusionAlertRule, MLBehaviorAnalyticsAlertRule, MicrosoftSecurityIncidentCreationAlertRule, + NrtAlertRule, ScheduledAlertRule, ThreatIntelligenceAlertRule Variables are only populated by the server, and will be ignored when sending a request. @@ -1367,423 +2043,396 @@ class AutomationRule(ResourceWithEtag): :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar display_name: Required. The display name of the automation rule. - :vartype display_name: str - :ivar order: Required. The order of execution of the automation rule. - :vartype order: int - :ivar triggering_logic: Required. Describes automation rule triggering logic. - :vartype triggering_logic: ~azure.mgmt.securityinsight.models.AutomationRuleTriggeringLogic - :ivar actions: Required. The actions to execute when the automation rule is triggered. - :vartype actions: list[~azure.mgmt.securityinsight.models.AutomationRuleAction] - :ivar last_modified_time_utc: The last time the automation rule was updated. - :vartype last_modified_time_utc: ~datetime.datetime - :ivar created_time_utc: The time the automation rule was created. - :vartype created_time_utc: ~datetime.datetime - :ivar last_modified_by: Information on the client (user or application) that made some action. - :vartype last_modified_by: ~azure.mgmt.securityinsight.models.ClientInfo - :ivar created_by: Information on the client (user or application) that made some action. - :vartype created_by: ~azure.mgmt.securityinsight.models.ClientInfo + :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and + "NRT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'display_name': {'required': True, 'max_length': 500, 'min_length': 0}, - 'order': {'required': True, 'maximum': 1000, 'minimum': 1}, - 'triggering_logic': {'required': True}, - 'actions': {'required': True, 'max_items': 20, 'min_items': 0}, - 'last_modified_time_utc': {'readonly': True}, - 'created_time_utc': {'readonly': True}, - 'last_modified_by': {'readonly': True}, - 'created_by': {'readonly': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'etag': {'key': 'etag', 'type': 'str'}, - 'display_name': {'key': 'properties.displayName', 'type': 'str'}, - 'order': {'key': 'properties.order', 'type': 'int'}, - 'triggering_logic': {'key': 'properties.triggeringLogic', 'type': 'AutomationRuleTriggeringLogic'}, - 'actions': {'key': 'properties.actions', 'type': '[AutomationRuleAction]'}, - 'last_modified_time_utc': {'key': 'properties.lastModifiedTimeUtc', 'type': 'iso-8601'}, - 'created_time_utc': {'key': 'properties.createdTimeUtc', 'type': 'iso-8601'}, - 'last_modified_by': {'key': 'properties.lastModifiedBy', 'type': 'ClientInfo'}, - 'created_by': {'key': 'properties.createdBy', 'type': 'ClientInfo'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, } - def __init__( - self, - *, - display_name: str, - order: int, - triggering_logic: "_models.AutomationRuleTriggeringLogic", - actions: List["_models.AutomationRuleAction"], - etag: Optional[str] = None, - **kwargs - ): + _subtype_map = { + "kind": { + "Fusion": "FusionAlertRule", + "MLBehaviorAnalytics": "MLBehaviorAnalyticsAlertRule", + "MicrosoftSecurityIncidentCreation": "MicrosoftSecurityIncidentCreationAlertRule", + "NRT": "NrtAlertRule", + "Scheduled": "ScheduledAlertRule", + "ThreatIntelligence": "ThreatIntelligenceAlertRule", + } + } + + def __init__(self, *, etag: Optional[str] = None, **kwargs): """ :keyword etag: Etag of the azure resource. :paramtype etag: str - :keyword display_name: Required. The display name of the automation rule. - :paramtype display_name: str - :keyword order: Required. The order of execution of the automation rule. - :paramtype order: int - :keyword triggering_logic: Required. Describes automation rule triggering logic. - :paramtype triggering_logic: ~azure.mgmt.securityinsight.models.AutomationRuleTriggeringLogic - :keyword actions: Required. The actions to execute when the automation rule is triggered. - :paramtype actions: list[~azure.mgmt.securityinsight.models.AutomationRuleAction] """ - super(AutomationRule, self).__init__(etag=etag, **kwargs) - self.display_name = display_name - self.order = order - self.triggering_logic = triggering_logic - self.actions = actions - self.last_modified_time_utc = None - self.created_time_utc = None - self.last_modified_by = None - self.created_by = None + super().__init__(etag=etag, **kwargs) + self.kind = None # type: Optional[str] -class AutomationRuleAction(msrest.serialization.Model): - """Describes an automation rule action. +class AlertRulesList(_serialization.Model): + """List all the alert rules. - You probably want to use the sub-classes and not this class directly. Known - sub-classes are: AutomationRuleModifyPropertiesAction, AutomationRuleRunPlaybookAction. + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar order: Required. - :vartype order: int - :ivar action_type: Required. The type of the automation rule action.Constant filled by server. - Known values are: "ModifyProperties", "RunPlaybook". - :vartype action_type: str or ~azure.mgmt.securityinsight.models.ActionType + :ivar next_link: URL to fetch the next set of alert rules. + :vartype next_link: str + :ivar value: Array of alert rules. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.AlertRule] """ _validation = { - 'order': {'required': True}, - 'action_type': {'required': True}, + "next_link": {"readonly": True}, + "value": {"required": True}, } _attribute_map = { - 'order': {'key': 'order', 'type': 'int'}, - 'action_type': {'key': 'actionType', 'type': 'str'}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[AlertRule]"}, } - _subtype_map = { - 'action_type': {'ModifyProperties': 'AutomationRuleModifyPropertiesAction', 'RunPlaybook': 'AutomationRuleRunPlaybookAction'} - } - - def __init__( - self, - *, - order: int, - **kwargs - ): + def __init__(self, *, value: List["_models.AlertRule"], **kwargs): """ - :keyword order: Required. - :paramtype order: int + :keyword value: Array of alert rules. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.AlertRule] """ - super(AutomationRuleAction, self).__init__(**kwargs) - self.order = order - self.action_type = None # type: Optional[str] + super().__init__(**kwargs) + self.next_link = None + self.value = value -class AutomationRuleCondition(msrest.serialization.Model): - """Describes an automation rule condition. +class AlertRuleTemplate(Resource): + """Alert rule template. + + You probably want to use the sub-classes and not this class directly. Known sub-classes are: + FusionAlertRuleTemplate, MLBehaviorAnalyticsAlertRuleTemplate, + MicrosoftSecurityIncidentCreationAlertRuleTemplate, NrtAlertRuleTemplate, + ScheduledAlertRuleTemplate, ThreatIntelligenceAlertRuleTemplate - You probably want to use the sub-classes and not this class directly. Known - sub-classes are: PropertyConditionProperties. + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar condition_type: Required. Constant filled by server. Known values are: "Property". - :vartype condition_type: str or ~azure.mgmt.securityinsight.models.ConditionType + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and + "NRT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind """ _validation = { - 'condition_type': {'required': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, } _attribute_map = { - 'condition_type': {'key': 'conditionType', 'type': 'str'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, } _subtype_map = { - 'condition_type': {'Property': 'PropertyConditionProperties'} + "kind": { + "Fusion": "FusionAlertRuleTemplate", + "MLBehaviorAnalytics": "MLBehaviorAnalyticsAlertRuleTemplate", + "MicrosoftSecurityIncidentCreation": "MicrosoftSecurityIncidentCreationAlertRuleTemplate", + "NRT": "NrtAlertRuleTemplate", + "Scheduled": "ScheduledAlertRuleTemplate", + "ThreatIntelligence": "ThreatIntelligenceAlertRuleTemplate", + } } - def __init__( - self, - **kwargs - ): + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.kind = None # type: Optional[str] + + +class AlertRuleTemplateDataSource(_serialization.Model): + """alert rule template data sources. + + :ivar connector_id: The connector id that provides the following data types. + :vartype connector_id: str + :ivar data_types: The data types used by the alert rule template. + :vartype data_types: list[str] + """ + + _attribute_map = { + "connector_id": {"key": "connectorId", "type": "str"}, + "data_types": {"key": "dataTypes", "type": "[str]"}, + } + + def __init__(self, *, connector_id: Optional[str] = None, data_types: Optional[List[str]] = None, **kwargs): """ + :keyword connector_id: The connector id that provides the following data types. + :paramtype connector_id: str + :keyword data_types: The data types used by the alert rule template. + :paramtype data_types: list[str] """ - super(AutomationRuleCondition, self).__init__(**kwargs) - self.condition_type = None # type: Optional[str] + super().__init__(**kwargs) + self.connector_id = connector_id + self.data_types = data_types -class AutomationRuleModifyPropertiesAction(AutomationRuleAction): - """Describes an automation rule action to modify an object's properties. +class AlertRuleTemplatePropertiesBase(_serialization.Model): + """Base alert rule template property bag. - All required parameters must be populated in order to send to Azure. + Variables are only populated by the server, and will be ignored when sending a request. - :ivar order: Required. - :vartype order: int - :ivar action_type: Required. The type of the automation rule action.Constant filled by server. - Known values are: "ModifyProperties", "RunPlaybook". - :vartype action_type: str or ~azure.mgmt.securityinsight.models.ActionType - :ivar action_configuration: - :vartype action_configuration: ~azure.mgmt.securityinsight.models.IncidentPropertiesAction + :ivar alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :vartype alert_rules_created_by_template_count: int + :ivar last_updated_date_utc: The last time that this alert rule template has been updated. + :vartype last_updated_date_utc: ~datetime.datetime + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :ivar description: The description of the alert rule template. + :vartype description: str + :ivar display_name: The display name for alert rule template. + :vartype display_name: str + :ivar required_data_connectors: The required data sources for this template. + :vartype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :ivar status: The alert rule template status. Known values are: "Installed", "Available", and + "NotAvailable". + :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus """ _validation = { - 'order': {'required': True}, - 'action_type': {'required': True}, + "last_updated_date_utc": {"readonly": True}, + "created_date_utc": {"readonly": True}, } _attribute_map = { - 'order': {'key': 'order', 'type': 'int'}, - 'action_type': {'key': 'actionType', 'type': 'str'}, - 'action_configuration': {'key': 'actionConfiguration', 'type': 'IncidentPropertiesAction'}, + "alert_rules_created_by_template_count": {"key": "alertRulesCreatedByTemplateCount", "type": "int"}, + "last_updated_date_utc": {"key": "lastUpdatedDateUTC", "type": "iso-8601"}, + "created_date_utc": {"key": "createdDateUTC", "type": "iso-8601"}, + "description": {"key": "description", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "required_data_connectors": {"key": "requiredDataConnectors", "type": "[AlertRuleTemplateDataSource]"}, + "status": {"key": "status", "type": "str"}, } def __init__( self, *, - order: int, - action_configuration: Optional["_models.IncidentPropertiesAction"] = None, + alert_rules_created_by_template_count: Optional[int] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "_models.TemplateStatus"]] = None, **kwargs ): """ - :keyword order: Required. - :paramtype order: int - :keyword action_configuration: - :paramtype action_configuration: ~azure.mgmt.securityinsight.models.IncidentPropertiesAction + :keyword alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :paramtype alert_rules_created_by_template_count: int + :keyword description: The description of the alert rule template. + :paramtype description: str + :keyword display_name: The display name for alert rule template. + :paramtype display_name: str + :keyword required_data_connectors: The required data sources for this template. + :paramtype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :keyword status: The alert rule template status. Known values are: "Installed", "Available", + and "NotAvailable". + :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus """ - super(AutomationRuleModifyPropertiesAction, self).__init__(order=order, **kwargs) - self.action_type = 'ModifyProperties' # type: str - self.action_configuration = action_configuration + super().__init__(**kwargs) + self.alert_rules_created_by_template_count = alert_rules_created_by_template_count + self.last_updated_date_utc = None + self.created_date_utc = None + self.description = description + self.display_name = display_name + self.required_data_connectors = required_data_connectors + self.status = status -class AutomationRulePropertyValuesCondition(msrest.serialization.Model): - """AutomationRulePropertyValuesCondition. +class AlertRuleTemplatesList(_serialization.Model): + """List all the alert rule templates. - :ivar property_name: The property to evaluate in an automation rule property condition. Known - values are: "IncidentTitle", "IncidentDescription", "IncidentSeverity", "IncidentStatus", - "IncidentRelatedAnalyticRuleIds", "IncidentTactics", "IncidentLabel", "IncidentProviderName", - "AccountAadTenantId", "AccountAadUserId", "AccountName", "AccountNTDomain", "AccountPUID", - "AccountSid", "AccountObjectGuid", "AccountUPNSuffix", "AlertProductNames", - "AzureResourceResourceId", "AzureResourceSubscriptionId", "CloudApplicationAppId", - "CloudApplicationAppName", "DNSDomainName", "FileDirectory", "FileName", "FileHashValue", - "HostAzureID", "HostName", "HostNetBiosName", "HostNTDomain", "HostOSVersion", "IoTDeviceId", - "IoTDeviceName", "IoTDeviceType", "IoTDeviceVendor", "IoTDeviceModel", - "IoTDeviceOperatingSystem", "IPAddress", "MailboxDisplayName", "MailboxPrimaryAddress", - "MailboxUPN", "MailMessageDeliveryAction", "MailMessageDeliveryLocation", - "MailMessageRecipient", "MailMessageSenderIP", "MailMessageSubject", "MailMessageP1Sender", - "MailMessageP2Sender", "MalwareCategory", "MalwareName", "ProcessCommandLine", "ProcessId", - "RegistryKey", "RegistryValueData", "Url". - :vartype property_name: str or - ~azure.mgmt.securityinsight.models.AutomationRulePropertyConditionSupportedProperty - :ivar operator: Known values are: "Equals", "NotEquals", "Contains", "NotContains", - "StartsWith", "NotStartsWith", "EndsWith", "NotEndsWith". - :vartype operator: str or - ~azure.mgmt.securityinsight.models.AutomationRulePropertyConditionSupportedOperator - :ivar property_values: - :vartype property_values: list[str] - """ - - _attribute_map = { - 'property_name': {'key': 'propertyName', 'type': 'str'}, - 'operator': {'key': 'operator', 'type': 'str'}, - 'property_values': {'key': 'propertyValues', 'type': '[str]'}, - } - - def __init__( - self, - *, - property_name: Optional[Union[str, "_models.AutomationRulePropertyConditionSupportedProperty"]] = None, - operator: Optional[Union[str, "_models.AutomationRulePropertyConditionSupportedOperator"]] = None, - property_values: Optional[List[str]] = None, - **kwargs - ): - """ - :keyword property_name: The property to evaluate in an automation rule property condition. - Known values are: "IncidentTitle", "IncidentDescription", "IncidentSeverity", "IncidentStatus", - "IncidentRelatedAnalyticRuleIds", "IncidentTactics", "IncidentLabel", "IncidentProviderName", - "AccountAadTenantId", "AccountAadUserId", "AccountName", "AccountNTDomain", "AccountPUID", - "AccountSid", "AccountObjectGuid", "AccountUPNSuffix", "AlertProductNames", - "AzureResourceResourceId", "AzureResourceSubscriptionId", "CloudApplicationAppId", - "CloudApplicationAppName", "DNSDomainName", "FileDirectory", "FileName", "FileHashValue", - "HostAzureID", "HostName", "HostNetBiosName", "HostNTDomain", "HostOSVersion", "IoTDeviceId", - "IoTDeviceName", "IoTDeviceType", "IoTDeviceVendor", "IoTDeviceModel", - "IoTDeviceOperatingSystem", "IPAddress", "MailboxDisplayName", "MailboxPrimaryAddress", - "MailboxUPN", "MailMessageDeliveryAction", "MailMessageDeliveryLocation", - "MailMessageRecipient", "MailMessageSenderIP", "MailMessageSubject", "MailMessageP1Sender", - "MailMessageP2Sender", "MalwareCategory", "MalwareName", "ProcessCommandLine", "ProcessId", - "RegistryKey", "RegistryValueData", "Url". - :paramtype property_name: str or - ~azure.mgmt.securityinsight.models.AutomationRulePropertyConditionSupportedProperty - :keyword operator: Known values are: "Equals", "NotEquals", "Contains", "NotContains", - "StartsWith", "NotStartsWith", "EndsWith", "NotEndsWith". - :paramtype operator: str or - ~azure.mgmt.securityinsight.models.AutomationRulePropertyConditionSupportedOperator - :keyword property_values: - :paramtype property_values: list[str] - """ - super(AutomationRulePropertyValuesCondition, self).__init__(**kwargs) - self.property_name = property_name - self.operator = operator - self.property_values = property_values - - -class AutomationRuleRunPlaybookAction(AutomationRuleAction): - """Describes an automation rule action to run a playbook. + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar order: Required. - :vartype order: int - :ivar action_type: Required. The type of the automation rule action.Constant filled by server. - Known values are: "ModifyProperties", "RunPlaybook". - :vartype action_type: str or ~azure.mgmt.securityinsight.models.ActionType - :ivar action_configuration: - :vartype action_configuration: ~azure.mgmt.securityinsight.models.PlaybookActionProperties + :ivar next_link: URL to fetch the next set of alert rule templates. + :vartype next_link: str + :ivar value: Array of alert rule templates. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.AlertRuleTemplate] """ _validation = { - 'order': {'required': True}, - 'action_type': {'required': True}, + "next_link": {"readonly": True}, + "value": {"required": True}, } _attribute_map = { - 'order': {'key': 'order', 'type': 'int'}, - 'action_type': {'key': 'actionType', 'type': 'str'}, - 'action_configuration': {'key': 'actionConfiguration', 'type': 'PlaybookActionProperties'}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[AlertRuleTemplate]"}, } - def __init__( - self, - *, - order: int, - action_configuration: Optional["_models.PlaybookActionProperties"] = None, - **kwargs - ): + def __init__(self, *, value: List["_models.AlertRuleTemplate"], **kwargs): """ - :keyword order: Required. - :paramtype order: int - :keyword action_configuration: - :paramtype action_configuration: ~azure.mgmt.securityinsight.models.PlaybookActionProperties + :keyword value: Array of alert rule templates. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.AlertRuleTemplate] """ - super(AutomationRuleRunPlaybookAction, self).__init__(order=order, **kwargs) - self.action_type = 'RunPlaybook' # type: str - self.action_configuration = action_configuration + super().__init__(**kwargs) + self.next_link = None + self.value = value -class AutomationRulesList(msrest.serialization.Model): - """AutomationRulesList. +class AlertRuleTemplateWithMitreProperties(AlertRuleTemplatePropertiesBase): + """Alert rule template with MITRE property bag. - :ivar value: - :vartype value: list[~azure.mgmt.securityinsight.models.AutomationRule] - :ivar next_link: - :vartype next_link: str + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :vartype alert_rules_created_by_template_count: int + :ivar last_updated_date_utc: The last time that this alert rule template has been updated. + :vartype last_updated_date_utc: ~datetime.datetime + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :ivar description: The description of the alert rule template. + :vartype description: str + :ivar display_name: The display name for alert rule template. + :vartype display_name: str + :ivar required_data_connectors: The required data sources for this template. + :vartype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :ivar status: The alert rule template status. Known values are: "Installed", "Available", and + "NotAvailable". + :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :ivar tactics: The tactics of the alert rule. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule. + :vartype techniques: list[str] """ + _validation = { + "last_updated_date_utc": {"readonly": True}, + "created_date_utc": {"readonly": True}, + } + _attribute_map = { - 'value': {'key': 'value', 'type': '[AutomationRule]'}, - 'next_link': {'key': 'nextLink', 'type': 'str'}, + "alert_rules_created_by_template_count": {"key": "alertRulesCreatedByTemplateCount", "type": "int"}, + "last_updated_date_utc": {"key": "lastUpdatedDateUTC", "type": "iso-8601"}, + "created_date_utc": {"key": "createdDateUTC", "type": "iso-8601"}, + "description": {"key": "description", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "required_data_connectors": {"key": "requiredDataConnectors", "type": "[AlertRuleTemplateDataSource]"}, + "status": {"key": "status", "type": "str"}, + "tactics": {"key": "tactics", "type": "[str]"}, + "techniques": {"key": "techniques", "type": "[str]"}, } def __init__( self, *, - value: Optional[List["_models.AutomationRule"]] = None, - next_link: Optional[str] = None, + alert_rules_created_by_template_count: Optional[int] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "_models.TemplateStatus"]] = None, + tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, + techniques: Optional[List[str]] = None, **kwargs ): """ - :keyword value: - :paramtype value: list[~azure.mgmt.securityinsight.models.AutomationRule] - :keyword next_link: - :paramtype next_link: str - """ - super(AutomationRulesList, self).__init__(**kwargs) - self.value = value - self.next_link = next_link + :keyword alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :paramtype alert_rules_created_by_template_count: int + :keyword description: The description of the alert rule template. + :paramtype description: str + :keyword display_name: The display name for alert rule template. + :paramtype display_name: str + :keyword required_data_connectors: The required data sources for this template. + :paramtype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :keyword status: The alert rule template status. Known values are: "Installed", "Available", + and "NotAvailable". + :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :keyword tactics: The tactics of the alert rule. + :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :keyword techniques: The techniques of the alert rule. + :paramtype techniques: list[str] + """ + super().__init__( + alert_rules_created_by_template_count=alert_rules_created_by_template_count, + description=description, + display_name=display_name, + required_data_connectors=required_data_connectors, + status=status, + **kwargs + ) + self.tactics = tactics + self.techniques = techniques -class AutomationRuleTriggeringLogic(msrest.serialization.Model): - """Describes automation rule triggering logic. +class AlertsDataTypeOfDataConnector(_serialization.Model): + """Alerts data type for data connectors. All required parameters must be populated in order to send to Azure. - :ivar is_enabled: Required. Determines whether the automation rule is enabled or disabled. - :vartype is_enabled: bool - :ivar expiration_time_utc: Determines when the automation rule should automatically expire and - be disabled. - :vartype expiration_time_utc: ~datetime.datetime - :ivar triggers_on: Required. Known values are: "Incidents". - :vartype triggers_on: str or ~azure.mgmt.securityinsight.models.TriggersOn - :ivar triggers_when: Required. Known values are: "Created". - :vartype triggers_when: str or ~azure.mgmt.securityinsight.models.TriggersWhen - :ivar conditions: The conditions to evaluate to determine if the automation rule should be - triggered on a given object. - :vartype conditions: list[~azure.mgmt.securityinsight.models.AutomationRuleCondition] + :ivar alerts: Alerts data type connection. Required. + :vartype alerts: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon """ _validation = { - 'is_enabled': {'required': True}, - 'triggers_on': {'required': True}, - 'triggers_when': {'required': True}, - 'conditions': {'max_items': 50, 'min_items': 0}, + "alerts": {"required": True}, } _attribute_map = { - 'is_enabled': {'key': 'isEnabled', 'type': 'bool'}, - 'expiration_time_utc': {'key': 'expirationTimeUtc', 'type': 'iso-8601'}, - 'triggers_on': {'key': 'triggersOn', 'type': 'str'}, - 'triggers_when': {'key': 'triggersWhen', 'type': 'str'}, - 'conditions': {'key': 'conditions', 'type': '[AutomationRuleCondition]'}, + "alerts": {"key": "alerts", "type": "DataConnectorDataTypeCommon"}, } - def __init__( - self, - *, - is_enabled: bool, - triggers_on: Union[str, "_models.TriggersOn"], - triggers_when: Union[str, "_models.TriggersWhen"], - expiration_time_utc: Optional[datetime.datetime] = None, - conditions: Optional[List["_models.AutomationRuleCondition"]] = None, - **kwargs - ): + def __init__(self, *, alerts: "_models.DataConnectorDataTypeCommon", **kwargs): """ - :keyword is_enabled: Required. Determines whether the automation rule is enabled or disabled. - :paramtype is_enabled: bool - :keyword expiration_time_utc: Determines when the automation rule should automatically expire - and be disabled. - :paramtype expiration_time_utc: ~datetime.datetime - :keyword triggers_on: Required. Known values are: "Incidents". - :paramtype triggers_on: str or ~azure.mgmt.securityinsight.models.TriggersOn - :keyword triggers_when: Required. Known values are: "Created". - :paramtype triggers_when: str or ~azure.mgmt.securityinsight.models.TriggersWhen - :keyword conditions: The conditions to evaluate to determine if the automation rule should be - triggered on a given object. - :paramtype conditions: list[~azure.mgmt.securityinsight.models.AutomationRuleCondition] + :keyword alerts: Alerts data type connection. Required. + :paramtype alerts: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon """ - super(AutomationRuleTriggeringLogic, self).__init__(**kwargs) - self.is_enabled = is_enabled - self.expiration_time_utc = expiration_time_utc - self.triggers_on = triggers_on - self.triggers_when = triggers_when - self.conditions = conditions + super().__init__(**kwargs) + self.alerts = alerts -class AwsCloudTrailDataConnector(DataConnector): - """Represents Amazon Web Services CloudTrail data connector. +class Settings(ResourceWithEtag): + """The Setting. + + You probably want to use the sub-classes and not this class directly. Known sub-classes are: + Anomalies, EntityAnalytics, EyesOn, Ueba Variables are only populated by the server, and will be ignored when sending a request. @@ -1802,140 +2451,102 @@ class AwsCloudTrailDataConnector(DataConnector): :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar kind: Required. The data connector kind.Constant filled by server. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "Office365", "AmazonWebServicesCloudTrail", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar aws_role_arn: The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access - the Aws account. - :vartype aws_role_arn: str - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.AwsCloudTrailDataConnectorDataTypes + :ivar kind: The kind of the setting. Required. Known values are: "Anomalies", "EyesOn", + "EntityAnalytics", and "Ueba". + :vartype kind: str or ~azure.mgmt.securityinsight.models.SettingKind """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'etag': {'key': 'etag', 'type': 'str'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'aws_role_arn': {'key': 'properties.awsRoleArn', 'type': 'str'}, - 'data_types': {'key': 'properties.dataTypes', 'type': 'AwsCloudTrailDataConnectorDataTypes'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, } - def __init__( - self, - *, - etag: Optional[str] = None, - aws_role_arn: Optional[str] = None, - data_types: Optional["_models.AwsCloudTrailDataConnectorDataTypes"] = None, - **kwargs - ): + _subtype_map = { + "kind": {"Anomalies": "Anomalies", "EntityAnalytics": "EntityAnalytics", "EyesOn": "EyesOn", "Ueba": "Ueba"} + } + + def __init__(self, *, etag: Optional[str] = None, **kwargs): """ :keyword etag: Etag of the azure resource. :paramtype etag: str - :keyword aws_role_arn: The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access - the Aws account. - :paramtype aws_role_arn: str - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.AwsCloudTrailDataConnectorDataTypes """ - super(AwsCloudTrailDataConnector, self).__init__(etag=etag, **kwargs) - self.kind = 'AmazonWebServicesCloudTrail' # type: str - self.aws_role_arn = aws_role_arn - self.data_types = data_types - - -class AwsCloudTrailDataConnectorDataTypes(msrest.serialization.Model): - """The available data types for Amazon Web Services CloudTrail data connector. - - :ivar logs: Logs data type. - :vartype logs: ~azure.mgmt.securityinsight.models.AwsCloudTrailDataConnectorDataTypesLogs - """ + super().__init__(etag=etag, **kwargs) + self.kind = None # type: Optional[str] - _attribute_map = { - 'logs': {'key': 'logs', 'type': 'AwsCloudTrailDataConnectorDataTypesLogs'}, - } - def __init__( - self, - *, - logs: Optional["_models.AwsCloudTrailDataConnectorDataTypesLogs"] = None, - **kwargs - ): - """ - :keyword logs: Logs data type. - :paramtype logs: ~azure.mgmt.securityinsight.models.AwsCloudTrailDataConnectorDataTypesLogs - """ - super(AwsCloudTrailDataConnectorDataTypes, self).__init__(**kwargs) - self.logs = logs +class Anomalies(Settings): + """Settings with single toggle. + Variables are only populated by the server, and will be ignored when sending a request. -class DataConnectorDataTypeCommon(msrest.serialization.Model): - """Common field for data type in data connectors. + All required parameters must be populated in order to send to Azure. - :ivar state: Describe whether this data type connection is enabled or not. Known values are: - "Enabled", "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The kind of the setting. Required. Known values are: "Anomalies", "EyesOn", + "EntityAnalytics", and "Ueba". + :vartype kind: str or ~azure.mgmt.securityinsight.models.SettingKind + :ivar is_enabled: Determines whether the setting is enable or disabled. + :vartype is_enabled: bool """ - _attribute_map = { - 'state': {'key': 'state', 'type': 'str'}, + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "is_enabled": {"readonly": True}, } - def __init__( - self, - *, - state: Optional[Union[str, "_models.DataTypeState"]] = None, - **kwargs - ): - """ - :keyword state: Describe whether this data type connection is enabled or not. Known values are: - "Enabled", "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - """ - super(DataConnectorDataTypeCommon, self).__init__(**kwargs) - self.state = state - - -class AwsCloudTrailDataConnectorDataTypesLogs(DataConnectorDataTypeCommon): - """Logs data type. - - :ivar state: Describe whether this data type connection is enabled or not. Known values are: - "Enabled", "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState - """ - _attribute_map = { - 'state': {'key': 'state', 'type': 'str'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "is_enabled": {"key": "properties.isEnabled", "type": "bool"}, } - def __init__( - self, - *, - state: Optional[Union[str, "_models.DataTypeState"]] = None, - **kwargs - ): + def __init__(self, *, etag: Optional[str] = None, **kwargs): """ - :keyword state: Describe whether this data type connection is enabled or not. Known values are: - "Enabled", "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :keyword etag: Etag of the azure resource. + :paramtype etag: str """ - super(AwsCloudTrailDataConnectorDataTypesLogs, self).__init__(state=state, **kwargs) + super().__init__(etag=etag, **kwargs) + self.kind = "Anomalies" # type: str + self.is_enabled = None -class AzureResourceEntity(Entity): - """Represents an azure resource entity. +class SecurityMLAnalyticsSetting(ResourceWithEtag): + """Security ML Analytics Setting. + + You probably want to use the sub-classes and not this class directly. Known sub-classes are: + AnomalySecurityMLAnalyticsSettings Variables are only populated by the server, and will be ignored when sending a request. @@ -1952,109 +2563,47 @@ class AzureResourceEntity(Entity): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: Required. The kind of the entity.Constant filled by server. Known values are: - "Account", "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", - "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", - "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", - "SubmissionMail". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar resource_id: The azure resource id of the resource. - :vartype resource_id: str - :ivar subscription_id: The subscription id of the resource. - :vartype subscription_id: str + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The kind of security ML Analytics Settings. Required. "Anomaly" + :vartype kind: str or ~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSettingsKind """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'resource_id': {'readonly': True}, - 'subscription_id': {'readonly': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, - 'resource_id': {'key': 'properties.resourceId', 'type': 'str'}, - 'subscription_id': {'key': 'properties.subscriptionId', 'type': 'str'}, - } - - def __init__( - self, - **kwargs - ): - """ - """ - super(AzureResourceEntity, self).__init__(**kwargs) - self.kind = 'AzureResource' # type: str - self.additional_data = None - self.friendly_name = None - self.resource_id = None - self.subscription_id = None - - -class AzureResourceEntityProperties(EntityCommonProperties): - """AzureResource entity property bag. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar resource_id: The azure resource id of the resource. - :vartype resource_id: str - :ivar subscription_id: The subscription id of the resource. - :vartype subscription_id: str - """ - - _validation = { - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'resource_id': {'readonly': True}, - 'subscription_id': {'readonly': True}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, } - _attribute_map = { - 'additional_data': {'key': 'additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'friendlyName', 'type': 'str'}, - 'resource_id': {'key': 'resourceId', 'type': 'str'}, - 'subscription_id': {'key': 'subscriptionId', 'type': 'str'}, - } + _subtype_map = {"kind": {"Anomaly": "AnomalySecurityMLAnalyticsSettings"}} - def __init__( - self, - **kwargs - ): + def __init__(self, *, etag: Optional[str] = None, **kwargs): """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str """ - super(AzureResourceEntityProperties, self).__init__(**kwargs) - self.resource_id = None - self.subscription_id = None + super().__init__(etag=etag, **kwargs) + self.kind = None # type: Optional[str] -class Bookmark(ResourceWithEtag): - """Represents a bookmark in Azure Security Insights. +class AnomalySecurityMLAnalyticsSettings(SecurityMLAnalyticsSetting): # pylint: disable=too-many-instance-attributes + """Represents Anomaly Security ML Analytics Settings. Variables are only populated by the server, and will be ignored when sending a request. + All required parameters must be populated in order to send to Azure. + :ivar id: Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. :vartype id: str @@ -2068,213 +2617,301 @@ class Bookmark(ResourceWithEtag): :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar created: The time the bookmark was created. - :vartype created: ~datetime.datetime - :ivar created_by: Describes a user that created the bookmark. - :vartype created_by: ~azure.mgmt.securityinsight.models.UserInfo - :ivar display_name: The display name of the bookmark. + :ivar kind: The kind of security ML Analytics Settings. Required. "Anomaly" + :vartype kind: str or ~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSettingsKind + :ivar description: The description of the SecurityMLAnalyticsSettings. + :vartype description: str + :ivar display_name: The display name for settings created by this SecurityMLAnalyticsSettings. :vartype display_name: str - :ivar labels: List of labels relevant to this bookmark. - :vartype labels: list[str] - :ivar notes: The notes of the bookmark. - :vartype notes: str - :ivar query: The query of the bookmark. - :vartype query: str - :ivar query_result: The query result of the bookmark. - :vartype query_result: str - :ivar updated: The last time the bookmark was updated. - :vartype updated: ~datetime.datetime - :ivar updated_by: Describes a user that updated the bookmark. - :vartype updated_by: ~azure.mgmt.securityinsight.models.UserInfo - :ivar event_time: The bookmark event time. - :vartype event_time: ~datetime.datetime - :ivar query_start_time: The start time for the query. - :vartype query_start_time: ~datetime.datetime - :ivar query_end_time: The end time for the query. - :vartype query_end_time: ~datetime.datetime - :ivar incident_info: Describes an incident that relates to bookmark. - :vartype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo + :ivar enabled: Determines whether this settings is enabled or disabled. + :vartype enabled: bool + :ivar last_modified_utc: The last time that this SecurityMLAnalyticsSettings has been modified. + :vartype last_modified_utc: ~datetime.datetime + :ivar required_data_connectors: The required data sources for this SecurityMLAnalyticsSettings. + :vartype required_data_connectors: + list[~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSettingsDataSource] + :ivar tactics: The tactics of the SecurityMLAnalyticsSettings. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the SecurityMLAnalyticsSettings. + :vartype techniques: list[str] + :ivar anomaly_version: The anomaly version of the AnomalySecurityMLAnalyticsSettings. + :vartype anomaly_version: str + :ivar customizable_observations: The customizable observations of the + AnomalySecurityMLAnalyticsSettings. + :vartype customizable_observations: JSON + :ivar frequency: The frequency that this SecurityMLAnalyticsSettings will be run. + :vartype frequency: ~datetime.timedelta + :ivar settings_status: The anomaly SecurityMLAnalyticsSettings status. Known values are: + "Production" and "Flighting". + :vartype settings_status: str or ~azure.mgmt.securityinsight.models.SettingsStatus + :ivar is_default_settings: Determines whether this anomaly security ml analytics settings is a + default settings. + :vartype is_default_settings: bool + :ivar anomaly_settings_version: The anomaly settings version of the Anomaly security ml + analytics settings that dictates whether job version gets updated or not. + :vartype anomaly_settings_version: int + :ivar settings_definition_id: The anomaly settings definition Id. + :vartype settings_definition_id: str """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "last_modified_utc": {"readonly": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'etag': {'key': 'etag', 'type': 'str'}, - 'created': {'key': 'properties.created', 'type': 'iso-8601'}, - 'created_by': {'key': 'properties.createdBy', 'type': 'UserInfo'}, - 'display_name': {'key': 'properties.displayName', 'type': 'str'}, - 'labels': {'key': 'properties.labels', 'type': '[str]'}, - 'notes': {'key': 'properties.notes', 'type': 'str'}, - 'query': {'key': 'properties.query', 'type': 'str'}, - 'query_result': {'key': 'properties.queryResult', 'type': 'str'}, - 'updated': {'key': 'properties.updated', 'type': 'iso-8601'}, - 'updated_by': {'key': 'properties.updatedBy', 'type': 'UserInfo'}, - 'event_time': {'key': 'properties.eventTime', 'type': 'iso-8601'}, - 'query_start_time': {'key': 'properties.queryStartTime', 'type': 'iso-8601'}, - 'query_end_time': {'key': 'properties.queryEndTime', 'type': 'iso-8601'}, - 'incident_info': {'key': 'properties.incidentInfo', 'type': 'IncidentInfo'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "enabled": {"key": "properties.enabled", "type": "bool"}, + "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, + "required_data_connectors": { + "key": "properties.requiredDataConnectors", + "type": "[SecurityMLAnalyticsSettingsDataSource]", + }, + "tactics": {"key": "properties.tactics", "type": "[str]"}, + "techniques": {"key": "properties.techniques", "type": "[str]"}, + "anomaly_version": {"key": "properties.anomalyVersion", "type": "str"}, + "customizable_observations": {"key": "properties.customizableObservations", "type": "object"}, + "frequency": {"key": "properties.frequency", "type": "duration"}, + "settings_status": {"key": "properties.settingsStatus", "type": "str"}, + "is_default_settings": {"key": "properties.isDefaultSettings", "type": "bool"}, + "anomaly_settings_version": {"key": "properties.anomalySettingsVersion", "type": "int"}, + "settings_definition_id": {"key": "properties.settingsDefinitionId", "type": "str"}, } def __init__( self, *, etag: Optional[str] = None, - created: Optional[datetime.datetime] = None, - created_by: Optional["_models.UserInfo"] = None, + description: Optional[str] = None, display_name: Optional[str] = None, - labels: Optional[List[str]] = None, - notes: Optional[str] = None, - query: Optional[str] = None, - query_result: Optional[str] = None, - updated: Optional[datetime.datetime] = None, - updated_by: Optional["_models.UserInfo"] = None, - event_time: Optional[datetime.datetime] = None, - query_start_time: Optional[datetime.datetime] = None, - query_end_time: Optional[datetime.datetime] = None, - incident_info: Optional["_models.IncidentInfo"] = None, + enabled: Optional[bool] = None, + required_data_connectors: Optional[List["_models.SecurityMLAnalyticsSettingsDataSource"]] = None, + tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, + techniques: Optional[List[str]] = None, + anomaly_version: Optional[str] = None, + customizable_observations: Optional[JSON] = None, + frequency: Optional[datetime.timedelta] = None, + settings_status: Optional[Union[str, "_models.SettingsStatus"]] = None, + is_default_settings: Optional[bool] = None, + anomaly_settings_version: Optional[int] = None, + settings_definition_id: Optional[str] = None, **kwargs ): """ :keyword etag: Etag of the azure resource. :paramtype etag: str - :keyword created: The time the bookmark was created. - :paramtype created: ~datetime.datetime - :keyword created_by: Describes a user that created the bookmark. - :paramtype created_by: ~azure.mgmt.securityinsight.models.UserInfo - :keyword display_name: The display name of the bookmark. + :keyword description: The description of the SecurityMLAnalyticsSettings. + :paramtype description: str + :keyword display_name: The display name for settings created by this + SecurityMLAnalyticsSettings. :paramtype display_name: str - :keyword labels: List of labels relevant to this bookmark. - :paramtype labels: list[str] - :keyword notes: The notes of the bookmark. - :paramtype notes: str - :keyword query: The query of the bookmark. - :paramtype query: str - :keyword query_result: The query result of the bookmark. - :paramtype query_result: str - :keyword updated: The last time the bookmark was updated. - :paramtype updated: ~datetime.datetime - :keyword updated_by: Describes a user that updated the bookmark. - :paramtype updated_by: ~azure.mgmt.securityinsight.models.UserInfo - :keyword event_time: The bookmark event time. - :paramtype event_time: ~datetime.datetime - :keyword query_start_time: The start time for the query. - :paramtype query_start_time: ~datetime.datetime - :keyword query_end_time: The end time for the query. - :paramtype query_end_time: ~datetime.datetime - :keyword incident_info: Describes an incident that relates to bookmark. - :paramtype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo - """ - super(Bookmark, self).__init__(etag=etag, **kwargs) - self.created = created - self.created_by = created_by + :keyword enabled: Determines whether this settings is enabled or disabled. + :paramtype enabled: bool + :keyword required_data_connectors: The required data sources for this + SecurityMLAnalyticsSettings. + :paramtype required_data_connectors: + list[~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSettingsDataSource] + :keyword tactics: The tactics of the SecurityMLAnalyticsSettings. + :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :keyword techniques: The techniques of the SecurityMLAnalyticsSettings. + :paramtype techniques: list[str] + :keyword anomaly_version: The anomaly version of the AnomalySecurityMLAnalyticsSettings. + :paramtype anomaly_version: str + :keyword customizable_observations: The customizable observations of the + AnomalySecurityMLAnalyticsSettings. + :paramtype customizable_observations: JSON + :keyword frequency: The frequency that this SecurityMLAnalyticsSettings will be run. + :paramtype frequency: ~datetime.timedelta + :keyword settings_status: The anomaly SecurityMLAnalyticsSettings status. Known values are: + "Production" and "Flighting". + :paramtype settings_status: str or ~azure.mgmt.securityinsight.models.SettingsStatus + :keyword is_default_settings: Determines whether this anomaly security ml analytics settings is + a default settings. + :paramtype is_default_settings: bool + :keyword anomaly_settings_version: The anomaly settings version of the Anomaly security ml + analytics settings that dictates whether job version gets updated or not. + :paramtype anomaly_settings_version: int + :keyword settings_definition_id: The anomaly settings definition Id. + :paramtype settings_definition_id: str + """ + super().__init__(etag=etag, **kwargs) + self.kind = "Anomaly" # type: str + self.description = description self.display_name = display_name - self.labels = labels - self.notes = notes - self.query = query - self.query_result = query_result - self.updated = updated - self.updated_by = updated_by - self.event_time = event_time - self.query_start_time = query_start_time - self.query_end_time = query_end_time - self.incident_info = incident_info - + self.enabled = enabled + self.last_modified_utc = None + self.required_data_connectors = required_data_connectors + self.tactics = tactics + self.techniques = techniques + self.anomaly_version = anomaly_version + self.customizable_observations = customizable_observations + self.frequency = frequency + self.settings_status = settings_status + self.is_default_settings = is_default_settings + self.anomaly_settings_version = anomaly_settings_version + self.settings_definition_id = settings_definition_id -class BookmarkList(msrest.serialization.Model): - """List all the bookmarks. - Variables are only populated by the server, and will be ignored when sending a request. +class AnomalyTimelineItem(EntityTimelineItem): # pylint: disable=too-many-instance-attributes + """Represents anomaly timeline item. All required parameters must be populated in order to send to Azure. - :ivar next_link: URL to fetch the next set of cases. - :vartype next_link: str - :ivar value: Required. Array of bookmarks. - :vartype value: list[~azure.mgmt.securityinsight.models.Bookmark] + :ivar kind: The entity query kind type. Required. Known values are: "Activity", "Bookmark", + "SecurityAlert", and "Anomaly". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityTimelineKind + :ivar azure_resource_id: The anomaly azure resource id. Required. + :vartype azure_resource_id: str + :ivar product_name: The anomaly product name. + :vartype product_name: str + :ivar description: The anomaly description. + :vartype description: str + :ivar display_name: The anomaly name. Required. + :vartype display_name: str + :ivar end_time_utc: The anomaly end time. Required. + :vartype end_time_utc: ~datetime.datetime + :ivar start_time_utc: The anomaly start time. Required. + :vartype start_time_utc: ~datetime.datetime + :ivar time_generated: The anomaly generated time. Required. + :vartype time_generated: ~datetime.datetime + :ivar vendor: The name of the anomaly vendor. + :vartype vendor: str + :ivar intent: The intent of the anomaly. + :vartype intent: str + :ivar techniques: The techniques of the anomaly. + :vartype techniques: list[str] + :ivar reasons: The reasons that cause the anomaly. + :vartype reasons: list[str] """ _validation = { - 'next_link': {'readonly': True}, - 'value': {'required': True}, + "kind": {"required": True}, + "azure_resource_id": {"required": True}, + "display_name": {"required": True}, + "end_time_utc": {"required": True}, + "start_time_utc": {"required": True}, + "time_generated": {"required": True}, } _attribute_map = { - 'next_link': {'key': 'nextLink', 'type': 'str'}, - 'value': {'key': 'value', 'type': '[Bookmark]'}, + "kind": {"key": "kind", "type": "str"}, + "azure_resource_id": {"key": "azureResourceId", "type": "str"}, + "product_name": {"key": "productName", "type": "str"}, + "description": {"key": "description", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "end_time_utc": {"key": "endTimeUtc", "type": "iso-8601"}, + "start_time_utc": {"key": "startTimeUtc", "type": "iso-8601"}, + "time_generated": {"key": "timeGenerated", "type": "iso-8601"}, + "vendor": {"key": "vendor", "type": "str"}, + "intent": {"key": "intent", "type": "str"}, + "techniques": {"key": "techniques", "type": "[str]"}, + "reasons": {"key": "reasons", "type": "[str]"}, } def __init__( self, *, - value: List["_models.Bookmark"], + azure_resource_id: str, + display_name: str, + end_time_utc: datetime.datetime, + start_time_utc: datetime.datetime, + time_generated: datetime.datetime, + product_name: Optional[str] = None, + description: Optional[str] = None, + vendor: Optional[str] = None, + intent: Optional[str] = None, + techniques: Optional[List[str]] = None, + reasons: Optional[List[str]] = None, **kwargs ): """ - :keyword value: Required. Array of bookmarks. - :paramtype value: list[~azure.mgmt.securityinsight.models.Bookmark] - """ - super(BookmarkList, self).__init__(**kwargs) - self.next_link = None - self.value = value + :keyword azure_resource_id: The anomaly azure resource id. Required. + :paramtype azure_resource_id: str + :keyword product_name: The anomaly product name. + :paramtype product_name: str + :keyword description: The anomaly description. + :paramtype description: str + :keyword display_name: The anomaly name. Required. + :paramtype display_name: str + :keyword end_time_utc: The anomaly end time. Required. + :paramtype end_time_utc: ~datetime.datetime + :keyword start_time_utc: The anomaly start time. Required. + :paramtype start_time_utc: ~datetime.datetime + :keyword time_generated: The anomaly generated time. Required. + :paramtype time_generated: ~datetime.datetime + :keyword vendor: The name of the anomaly vendor. + :paramtype vendor: str + :keyword intent: The intent of the anomaly. + :paramtype intent: str + :keyword techniques: The techniques of the anomaly. + :paramtype techniques: list[str] + :keyword reasons: The reasons that cause the anomaly. + :paramtype reasons: list[str] + """ + super().__init__(**kwargs) + self.kind = "Anomaly" # type: str + self.azure_resource_id = azure_resource_id + self.product_name = product_name + self.description = description + self.display_name = display_name + self.end_time_utc = end_time_utc + self.start_time_utc = start_time_utc + self.time_generated = time_generated + self.vendor = vendor + self.intent = intent + self.techniques = techniques + self.reasons = reasons -class ClientInfo(msrest.serialization.Model): - """Information on the client (user or application) that made some action. +class ASCCheckRequirements(DataConnectorsCheckRequirements): + """Represents ASC (Azure Security Center) requirements check request. - :ivar email: The email of the client. - :vartype email: str - :ivar name: The name of the client. - :vartype name: str - :ivar object_id: The object id of the client. - :vartype object_id: str - :ivar user_principal_name: The user principal name of the client. - :vartype user_principal_name: str + All required parameters must be populated in order to send to Azure. + + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar subscription_id: The subscription id to connect to, and get the data from. + :vartype subscription_id: str """ + _validation = { + "kind": {"required": True}, + } + _attribute_map = { - 'email': {'key': 'email', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'object_id': {'key': 'objectId', 'type': 'str'}, - 'user_principal_name': {'key': 'userPrincipalName', 'type': 'str'}, + "kind": {"key": "kind", "type": "str"}, + "subscription_id": {"key": "properties.subscriptionId", "type": "str"}, } - def __init__( - self, - *, - email: Optional[str] = None, - name: Optional[str] = None, - object_id: Optional[str] = None, - user_principal_name: Optional[str] = None, - **kwargs - ): + def __init__(self, *, subscription_id: Optional[str] = None, **kwargs): """ - :keyword email: The email of the client. - :paramtype email: str - :keyword name: The name of the client. - :paramtype name: str - :keyword object_id: The object id of the client. - :paramtype object_id: str - :keyword user_principal_name: The user principal name of the client. - :paramtype user_principal_name: str + :keyword subscription_id: The subscription id to connect to, and get the data from. + :paramtype subscription_id: str """ - super(ClientInfo, self).__init__(**kwargs) - self.email = email - self.name = name - self.object_id = object_id - self.user_principal_name = user_principal_name + super().__init__(**kwargs) + self.kind = "AzureSecurityCenter" # type: str + self.subscription_id = subscription_id -class CloudApplicationEntity(Entity): - """Represents a cloud application entity. +class ASCDataConnector(DataConnector): + """Represents ASC (Azure Security Center) data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -2291,704 +2928,765 @@ class CloudApplicationEntity(Entity): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: Required. The kind of the entity.Constant filled by server. Known values are: - "Account", "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", - "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", - "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", - "SubmissionMail". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar app_id: The technical identifier of the application. - :vartype app_id: int - :ivar app_name: The name of the related cloud application. - :vartype app_name: str - :ivar instance_name: The user defined instance name of the cloud application. It is often used - to distinguish between several applications of the same type that a customer has. - :vartype instance_name: str + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :ivar subscription_id: The subscription id to connect to, and get the data from. + :vartype subscription_id: str """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'app_id': {'readonly': True}, - 'app_name': {'readonly': True}, - 'instance_name': {'readonly': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, - 'app_id': {'key': 'properties.appId', 'type': 'int'}, - 'app_name': {'key': 'properties.appName', 'type': 'str'}, - 'instance_name': {'key': 'properties.instanceName', 'type': 'str'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "AlertsDataTypeOfDataConnector"}, + "subscription_id": {"key": "properties.subscriptionId", "type": "str"}, } def __init__( self, + *, + etag: Optional[str] = None, + data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, + subscription_id: Optional[str] = None, **kwargs ): """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :keyword subscription_id: The subscription id to connect to, and get the data from. + :paramtype subscription_id: str """ - super(CloudApplicationEntity, self).__init__(**kwargs) - self.kind = 'CloudApplication' # type: str - self.additional_data = None - self.friendly_name = None - self.app_id = None - self.app_name = None - self.instance_name = None - + super().__init__(etag=etag, **kwargs) + self.kind = "AzureSecurityCenter" # type: str + self.data_types = data_types + self.subscription_id = subscription_id -class CloudApplicationEntityProperties(EntityCommonProperties): - """CloudApplication entity property bag. - Variables are only populated by the server, and will be ignored when sending a request. +class ASCDataConnectorProperties(DataConnectorWithAlertsProperties): + """ASC (Azure Security Center) data connector properties. - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar app_id: The technical identifier of the application. - :vartype app_id: int - :ivar app_name: The name of the related cloud application. - :vartype app_name: str - :ivar instance_name: The user defined instance name of the cloud application. It is often used - to distinguish between several applications of the same type that a customer has. - :vartype instance_name: str + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :ivar subscription_id: The subscription id to connect to, and get the data from. + :vartype subscription_id: str """ - _validation = { - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'app_id': {'readonly': True}, - 'app_name': {'readonly': True}, - 'instance_name': {'readonly': True}, - } - _attribute_map = { - 'additional_data': {'key': 'additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'friendlyName', 'type': 'str'}, - 'app_id': {'key': 'appId', 'type': 'int'}, - 'app_name': {'key': 'appName', 'type': 'str'}, - 'instance_name': {'key': 'instanceName', 'type': 'str'}, + "data_types": {"key": "dataTypes", "type": "AlertsDataTypeOfDataConnector"}, + "subscription_id": {"key": "subscriptionId", "type": "str"}, } def __init__( self, + *, + data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, + subscription_id: Optional[str] = None, **kwargs ): """ + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :keyword subscription_id: The subscription id to connect to, and get the data from. + :paramtype subscription_id: str """ - super(CloudApplicationEntityProperties, self).__init__(**kwargs) - self.app_id = None - self.app_name = None - self.instance_name = None + super().__init__(data_types=data_types, **kwargs) + self.subscription_id = subscription_id -class CloudErrorBody(msrest.serialization.Model): - """Error details. +class AutomationRule(ResourceWithEtag): # pylint: disable=too-many-instance-attributes + """AutomationRule. Variables are only populated by the server, and will be ignored when sending a request. - :ivar code: An identifier for the error. Codes are invariant and are intended to be consumed - programmatically. - :vartype code: str - :ivar message: A message describing the error, intended to be suitable for display in a user - interface. - :vartype message: str + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar display_name: The display name of the automation rule. Required. + :vartype display_name: str + :ivar order: The order of execution of the automation rule. Required. + :vartype order: int + :ivar triggering_logic: Describes automation rule triggering logic. Required. + :vartype triggering_logic: ~azure.mgmt.securityinsight.models.AutomationRuleTriggeringLogic + :ivar actions: The actions to execute when the automation rule is triggered. Required. + :vartype actions: list[~azure.mgmt.securityinsight.models.AutomationRuleAction] + :ivar last_modified_time_utc: The last time the automation rule was updated. + :vartype last_modified_time_utc: ~datetime.datetime + :ivar created_time_utc: The time the automation rule was created. + :vartype created_time_utc: ~datetime.datetime + :ivar last_modified_by: Information on the client (user or application) that made some action. + :vartype last_modified_by: ~azure.mgmt.securityinsight.models.ClientInfo + :ivar created_by: Information on the client (user or application) that made some action. + :vartype created_by: ~azure.mgmt.securityinsight.models.ClientInfo """ _validation = { - 'code': {'readonly': True}, - 'message': {'readonly': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "display_name": {"required": True, "max_length": 500}, + "order": {"required": True, "maximum": 1000, "minimum": 1}, + "triggering_logic": {"required": True}, + "actions": {"required": True, "max_items": 20, "min_items": 0}, + "last_modified_time_utc": {"readonly": True}, + "created_time_utc": {"readonly": True}, + "last_modified_by": {"readonly": True}, + "created_by": {"readonly": True}, } _attribute_map = { - 'code': {'key': 'code', 'type': 'str'}, - 'message': {'key': 'message', 'type': 'str'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "order": {"key": "properties.order", "type": "int"}, + "triggering_logic": {"key": "properties.triggeringLogic", "type": "AutomationRuleTriggeringLogic"}, + "actions": {"key": "properties.actions", "type": "[AutomationRuleAction]"}, + "last_modified_time_utc": {"key": "properties.lastModifiedTimeUtc", "type": "iso-8601"}, + "created_time_utc": {"key": "properties.createdTimeUtc", "type": "iso-8601"}, + "last_modified_by": {"key": "properties.lastModifiedBy", "type": "ClientInfo"}, + "created_by": {"key": "properties.createdBy", "type": "ClientInfo"}, } def __init__( self, + *, + display_name: str, + order: int, + triggering_logic: "_models.AutomationRuleTriggeringLogic", + actions: List["_models.AutomationRuleAction"], + etag: Optional[str] = None, **kwargs ): """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword display_name: The display name of the automation rule. Required. + :paramtype display_name: str + :keyword order: The order of execution of the automation rule. Required. + :paramtype order: int + :keyword triggering_logic: Describes automation rule triggering logic. Required. + :paramtype triggering_logic: ~azure.mgmt.securityinsight.models.AutomationRuleTriggeringLogic + :keyword actions: The actions to execute when the automation rule is triggered. Required. + :paramtype actions: list[~azure.mgmt.securityinsight.models.AutomationRuleAction] """ - super(CloudErrorBody, self).__init__(**kwargs) - self.code = None - self.message = None + super().__init__(etag=etag, **kwargs) + self.display_name = display_name + self.order = order + self.triggering_logic = triggering_logic + self.actions = actions + self.last_modified_time_utc = None + self.created_time_utc = None + self.last_modified_by = None + self.created_by = None -class DataConnectorList(msrest.serialization.Model): - """List all the data connectors. +class AutomationRuleAction(_serialization.Model): + """Describes an automation rule action. - Variables are only populated by the server, and will be ignored when sending a request. + You probably want to use the sub-classes and not this class directly. Known sub-classes are: + AutomationRuleModifyPropertiesAction, AutomationRuleRunPlaybookAction All required parameters must be populated in order to send to Azure. - :ivar next_link: URL to fetch the next set of data connectors. - :vartype next_link: str - :ivar value: Required. Array of data connectors. - :vartype value: list[~azure.mgmt.securityinsight.models.DataConnector] + :ivar order: Required. + :vartype order: int + :ivar action_type: The type of the automation rule action. Required. Known values are: + "ModifyProperties" and "RunPlaybook". + :vartype action_type: str or ~azure.mgmt.securityinsight.models.ActionType """ _validation = { - 'next_link': {'readonly': True}, - 'value': {'required': True}, + "order": {"required": True}, + "action_type": {"required": True}, } _attribute_map = { - 'next_link': {'key': 'nextLink', 'type': 'str'}, - 'value': {'key': 'value', 'type': '[DataConnector]'}, + "order": {"key": "order", "type": "int"}, + "action_type": {"key": "actionType", "type": "str"}, } - def __init__( - self, - *, - value: List["_models.DataConnector"], - **kwargs - ): + _subtype_map = { + "action_type": { + "ModifyProperties": "AutomationRuleModifyPropertiesAction", + "RunPlaybook": "AutomationRuleRunPlaybookAction", + } + } + + def __init__(self, *, order: int, **kwargs): """ - :keyword value: Required. Array of data connectors. - :paramtype value: list[~azure.mgmt.securityinsight.models.DataConnector] + :keyword order: Required. + :paramtype order: int """ - super(DataConnectorList, self).__init__(**kwargs) - self.next_link = None - self.value = value + super().__init__(**kwargs) + self.order = order + self.action_type = None # type: Optional[str] -class DataConnectorTenantId(msrest.serialization.Model): - """Properties data connector on tenant level. +class AutomationRuleBooleanCondition(_serialization.Model): + """AutomationRuleBooleanCondition. - :ivar tenant_id: The tenant id to connect to, and get the data from. - :vartype tenant_id: str + :ivar operator: Known values are: "And" and "Or". + :vartype operator: str or + ~azure.mgmt.securityinsight.models.AutomationRuleBooleanConditionSupportedOperator + :ivar inner_conditions: + :vartype inner_conditions: list[~azure.mgmt.securityinsight.models.AutomationRuleCondition] """ + _validation = { + "inner_conditions": {"max_items": 10, "min_items": 2}, + } + _attribute_map = { - 'tenant_id': {'key': 'tenantId', 'type': 'str'}, + "operator": {"key": "operator", "type": "str"}, + "inner_conditions": {"key": "innerConditions", "type": "[AutomationRuleCondition]"}, } def __init__( self, *, - tenant_id: Optional[str] = None, + operator: Optional[Union[str, "_models.AutomationRuleBooleanConditionSupportedOperator"]] = None, + inner_conditions: Optional[List["_models.AutomationRuleCondition"]] = None, **kwargs ): """ - :keyword tenant_id: The tenant id to connect to, and get the data from. - :paramtype tenant_id: str + :keyword operator: Known values are: "And" and "Or". + :paramtype operator: str or + ~azure.mgmt.securityinsight.models.AutomationRuleBooleanConditionSupportedOperator + :keyword inner_conditions: + :paramtype inner_conditions: list[~azure.mgmt.securityinsight.models.AutomationRuleCondition] """ - super(DataConnectorTenantId, self).__init__(**kwargs) - self.tenant_id = tenant_id + super().__init__(**kwargs) + self.operator = operator + self.inner_conditions = inner_conditions -class DnsEntity(Entity): - """Represents a dns entity. +class AutomationRuleCondition(_serialization.Model): + """Describes an automation rule condition. - Variables are only populated by the server, and will be ignored when sending a request. + You probably want to use the sub-classes and not this class directly. Known sub-classes are: + BooleanConditionProperties, PropertyConditionProperties, PropertyArrayConditionProperties, + PropertyArrayChangedConditionProperties, PropertyChangedConditionProperties All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: Required. The kind of the entity.Constant filled by server. Known values are: - "Account", "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", - "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", - "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", - "SubmissionMail". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar dns_server_ip_entity_id: An ip entity id for the dns server resolving the request. - :vartype dns_server_ip_entity_id: str - :ivar domain_name: The name of the dns record associated with the alert. - :vartype domain_name: str - :ivar host_ip_address_entity_id: An ip entity id for the dns request client. - :vartype host_ip_address_entity_id: str - :ivar ip_address_entity_ids: Ip entity identifiers for the resolved ip address. - :vartype ip_address_entity_ids: list[str] + :ivar condition_type: Required. Known values are: "Property", "PropertyArray", + "PropertyChanged", "PropertyArrayChanged", and "Boolean". + :vartype condition_type: str or ~azure.mgmt.securityinsight.models.ConditionType """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'dns_server_ip_entity_id': {'readonly': True}, - 'domain_name': {'readonly': True}, - 'host_ip_address_entity_id': {'readonly': True}, - 'ip_address_entity_ids': {'readonly': True}, + "condition_type": {"required": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, - 'dns_server_ip_entity_id': {'key': 'properties.dnsServerIpEntityId', 'type': 'str'}, - 'domain_name': {'key': 'properties.domainName', 'type': 'str'}, - 'host_ip_address_entity_id': {'key': 'properties.hostIpAddressEntityId', 'type': 'str'}, - 'ip_address_entity_ids': {'key': 'properties.ipAddressEntityIds', 'type': '[str]'}, + "condition_type": {"key": "conditionType", "type": "str"}, } - def __init__( - self, - **kwargs - ): - """ - """ - super(DnsEntity, self).__init__(**kwargs) - self.kind = 'DnsResolution' # type: str - self.additional_data = None - self.friendly_name = None - self.dns_server_ip_entity_id = None - self.domain_name = None - self.host_ip_address_entity_id = None - self.ip_address_entity_ids = None + _subtype_map = { + "condition_type": { + "Boolean": "BooleanConditionProperties", + "Property": "PropertyConditionProperties", + "PropertyArray": "PropertyArrayConditionProperties", + "PropertyArrayChanged": "PropertyArrayChangedConditionProperties", + "PropertyChanged": "PropertyChangedConditionProperties", + } + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.condition_type = None # type: Optional[str] -class DnsEntityProperties(EntityCommonProperties): - """Dns entity property bag. +class AutomationRuleModifyPropertiesAction(AutomationRuleAction): + """Describes an automation rule action to modify an object's properties. - Variables are only populated by the server, and will be ignored when sending a request. + All required parameters must be populated in order to send to Azure. - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar dns_server_ip_entity_id: An ip entity id for the dns server resolving the request. - :vartype dns_server_ip_entity_id: str - :ivar domain_name: The name of the dns record associated with the alert. - :vartype domain_name: str - :ivar host_ip_address_entity_id: An ip entity id for the dns request client. - :vartype host_ip_address_entity_id: str - :ivar ip_address_entity_ids: Ip entity identifiers for the resolved ip address. - :vartype ip_address_entity_ids: list[str] + :ivar order: Required. + :vartype order: int + :ivar action_type: The type of the automation rule action. Required. Known values are: + "ModifyProperties" and "RunPlaybook". + :vartype action_type: str or ~azure.mgmt.securityinsight.models.ActionType + :ivar action_configuration: + :vartype action_configuration: ~azure.mgmt.securityinsight.models.IncidentPropertiesAction """ _validation = { - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'dns_server_ip_entity_id': {'readonly': True}, - 'domain_name': {'readonly': True}, - 'host_ip_address_entity_id': {'readonly': True}, - 'ip_address_entity_ids': {'readonly': True}, + "order": {"required": True}, + "action_type": {"required": True}, } _attribute_map = { - 'additional_data': {'key': 'additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'friendlyName', 'type': 'str'}, - 'dns_server_ip_entity_id': {'key': 'dnsServerIpEntityId', 'type': 'str'}, - 'domain_name': {'key': 'domainName', 'type': 'str'}, - 'host_ip_address_entity_id': {'key': 'hostIpAddressEntityId', 'type': 'str'}, - 'ip_address_entity_ids': {'key': 'ipAddressEntityIds', 'type': '[str]'}, + "order": {"key": "order", "type": "int"}, + "action_type": {"key": "actionType", "type": "str"}, + "action_configuration": {"key": "actionConfiguration", "type": "IncidentPropertiesAction"}, } def __init__( - self, - **kwargs + self, *, order: int, action_configuration: Optional["_models.IncidentPropertiesAction"] = None, **kwargs ): """ + :keyword order: Required. + :paramtype order: int + :keyword action_configuration: + :paramtype action_configuration: ~azure.mgmt.securityinsight.models.IncidentPropertiesAction """ - super(DnsEntityProperties, self).__init__(**kwargs) - self.dns_server_ip_entity_id = None - self.domain_name = None - self.host_ip_address_entity_id = None - self.ip_address_entity_ids = None + super().__init__(order=order, **kwargs) + self.action_type = "ModifyProperties" # type: str + self.action_configuration = action_configuration -class EntityMapping(msrest.serialization.Model): - """Single entity mapping for the alert rule. +class AutomationRulePropertyArrayChangedValuesCondition(_serialization.Model): + """AutomationRulePropertyArrayChangedValuesCondition. - :ivar entity_type: The V3 type of the mapped entity. Known values are: "Account", "Host", "IP", - "Malware", "File", "Process", "CloudApplication", "DNS", "AzureResource", "FileHash", - "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "Mailbox", "MailCluster", - "MailMessage", "SubmissionMail". - :vartype entity_type: str or ~azure.mgmt.securityinsight.models.EntityMappingType - :ivar field_mappings: array of field mappings for the given entity mapping. - :vartype field_mappings: list[~azure.mgmt.securityinsight.models.FieldMapping] + :ivar array_type: Known values are: "Alerts", "Labels", "Tactics", and "Comments". + :vartype array_type: str or + ~azure.mgmt.securityinsight.models.AutomationRulePropertyArrayChangedConditionSupportedArrayType + :ivar change_type: "Added" + :vartype change_type: str or + ~azure.mgmt.securityinsight.models.AutomationRulePropertyArrayChangedConditionSupportedChangeType """ _attribute_map = { - 'entity_type': {'key': 'entityType', 'type': 'str'}, - 'field_mappings': {'key': 'fieldMappings', 'type': '[FieldMapping]'}, + "array_type": {"key": "arrayType", "type": "str"}, + "change_type": {"key": "changeType", "type": "str"}, } def __init__( self, *, - entity_type: Optional[Union[str, "_models.EntityMappingType"]] = None, - field_mappings: Optional[List["_models.FieldMapping"]] = None, + array_type: Optional[ + Union[str, "_models.AutomationRulePropertyArrayChangedConditionSupportedArrayType"] + ] = None, + change_type: Optional[ + Union[str, "_models.AutomationRulePropertyArrayChangedConditionSupportedChangeType"] + ] = None, **kwargs ): """ - :keyword entity_type: The V3 type of the mapped entity. Known values are: "Account", "Host", - "IP", "Malware", "File", "Process", "CloudApplication", "DNS", "AzureResource", "FileHash", - "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "Mailbox", "MailCluster", - "MailMessage", "SubmissionMail". - :paramtype entity_type: str or ~azure.mgmt.securityinsight.models.EntityMappingType - :keyword field_mappings: array of field mappings for the given entity mapping. - :paramtype field_mappings: list[~azure.mgmt.securityinsight.models.FieldMapping] - """ - super(EntityMapping, self).__init__(**kwargs) - self.entity_type = entity_type - self.field_mappings = field_mappings - - -class EventGroupingSettings(msrest.serialization.Model): - """Event grouping settings property bag. - - :ivar aggregation_kind: The event grouping aggregation kinds. Known values are: "SingleAlert", - "AlertPerResult". - :vartype aggregation_kind: str or - ~azure.mgmt.securityinsight.models.EventGroupingAggregationKind + :keyword array_type: Known values are: "Alerts", "Labels", "Tactics", and "Comments". + :paramtype array_type: str or + ~azure.mgmt.securityinsight.models.AutomationRulePropertyArrayChangedConditionSupportedArrayType + :keyword change_type: "Added" + :paramtype change_type: str or + ~azure.mgmt.securityinsight.models.AutomationRulePropertyArrayChangedConditionSupportedChangeType + """ + super().__init__(**kwargs) + self.array_type = array_type + self.change_type = change_type + + +class AutomationRulePropertyArrayValuesCondition(_serialization.Model): + """AutomationRulePropertyArrayValuesCondition. + + :ivar array_type: Known values are: "CustomDetails" and "CustomDetailValues". + :vartype array_type: str or + ~azure.mgmt.securityinsight.models.AutomationRulePropertyArrayConditionSupportedArrayType + :ivar array_condition_type: "AnyItem" + :vartype array_condition_type: str or + ~azure.mgmt.securityinsight.models.AutomationRulePropertyArrayConditionSupportedArrayConditionType + :ivar item_conditions: + :vartype item_conditions: list[~azure.mgmt.securityinsight.models.AutomationRuleCondition] """ + _validation = { + "item_conditions": {"max_items": 10, "min_items": 0}, + } + _attribute_map = { - 'aggregation_kind': {'key': 'aggregationKind', 'type': 'str'}, + "array_type": {"key": "arrayType", "type": "str"}, + "array_condition_type": {"key": "arrayConditionType", "type": "str"}, + "item_conditions": {"key": "itemConditions", "type": "[AutomationRuleCondition]"}, } def __init__( self, *, - aggregation_kind: Optional[Union[str, "_models.EventGroupingAggregationKind"]] = None, + array_type: Optional[Union[str, "_models.AutomationRulePropertyArrayConditionSupportedArrayType"]] = None, + array_condition_type: Optional[ + Union[str, "_models.AutomationRulePropertyArrayConditionSupportedArrayConditionType"] + ] = None, + item_conditions: Optional[List["_models.AutomationRuleCondition"]] = None, **kwargs ): """ - :keyword aggregation_kind: The event grouping aggregation kinds. Known values are: - "SingleAlert", "AlertPerResult". - :paramtype aggregation_kind: str or - ~azure.mgmt.securityinsight.models.EventGroupingAggregationKind + :keyword array_type: Known values are: "CustomDetails" and "CustomDetailValues". + :paramtype array_type: str or + ~azure.mgmt.securityinsight.models.AutomationRulePropertyArrayConditionSupportedArrayType + :keyword array_condition_type: "AnyItem" + :paramtype array_condition_type: str or + ~azure.mgmt.securityinsight.models.AutomationRulePropertyArrayConditionSupportedArrayConditionType + :keyword item_conditions: + :paramtype item_conditions: list[~azure.mgmt.securityinsight.models.AutomationRuleCondition] """ - super(EventGroupingSettings, self).__init__(**kwargs) - self.aggregation_kind = aggregation_kind + super().__init__(**kwargs) + self.array_type = array_type + self.array_condition_type = array_condition_type + self.item_conditions = item_conditions -class FieldMapping(msrest.serialization.Model): - """A single field mapping of the mapped entity. +class AutomationRulePropertyValuesChangedCondition(_serialization.Model): + """AutomationRulePropertyValuesChangedCondition. - :ivar identifier: the V3 identifier of the entity. - :vartype identifier: str - :ivar column_name: the column name to be mapped to the identifier. - :vartype column_name: str + :ivar property_name: Known values are: "IncidentSeverity", "IncidentStatus", and + "IncidentOwner". + :vartype property_name: str or + ~azure.mgmt.securityinsight.models.AutomationRulePropertyChangedConditionSupportedPropertyType + :ivar change_type: Known values are: "ChangedFrom" and "ChangedTo". + :vartype change_type: str or + ~azure.mgmt.securityinsight.models.AutomationRulePropertyChangedConditionSupportedChangedType + :ivar operator: Known values are: "Equals", "NotEquals", "Contains", "NotContains", + "StartsWith", "NotStartsWith", "EndsWith", and "NotEndsWith". + :vartype operator: str or + ~azure.mgmt.securityinsight.models.AutomationRulePropertyConditionSupportedOperator + :ivar property_values: + :vartype property_values: list[str] """ _attribute_map = { - 'identifier': {'key': 'identifier', 'type': 'str'}, - 'column_name': {'key': 'columnName', 'type': 'str'}, + "property_name": {"key": "propertyName", "type": "str"}, + "change_type": {"key": "changeType", "type": "str"}, + "operator": {"key": "operator", "type": "str"}, + "property_values": {"key": "propertyValues", "type": "[str]"}, } def __init__( self, *, - identifier: Optional[str] = None, - column_name: Optional[str] = None, + property_name: Optional[ + Union[str, "_models.AutomationRulePropertyChangedConditionSupportedPropertyType"] + ] = None, + change_type: Optional[Union[str, "_models.AutomationRulePropertyChangedConditionSupportedChangedType"]] = None, + operator: Optional[Union[str, "_models.AutomationRulePropertyConditionSupportedOperator"]] = None, + property_values: Optional[List[str]] = None, **kwargs ): """ - :keyword identifier: the V3 identifier of the entity. - :paramtype identifier: str - :keyword column_name: the column name to be mapped to the identifier. - :paramtype column_name: str + :keyword property_name: Known values are: "IncidentSeverity", "IncidentStatus", and + "IncidentOwner". + :paramtype property_name: str or + ~azure.mgmt.securityinsight.models.AutomationRulePropertyChangedConditionSupportedPropertyType + :keyword change_type: Known values are: "ChangedFrom" and "ChangedTo". + :paramtype change_type: str or + ~azure.mgmt.securityinsight.models.AutomationRulePropertyChangedConditionSupportedChangedType + :keyword operator: Known values are: "Equals", "NotEquals", "Contains", "NotContains", + "StartsWith", "NotStartsWith", "EndsWith", and "NotEndsWith". + :paramtype operator: str or + ~azure.mgmt.securityinsight.models.AutomationRulePropertyConditionSupportedOperator + :keyword property_values: + :paramtype property_values: list[str] """ - super(FieldMapping, self).__init__(**kwargs) - self.identifier = identifier - self.column_name = column_name - - -class FileEntity(Entity): - """Represents a file entity. + super().__init__(**kwargs) + self.property_name = property_name + self.change_type = change_type + self.operator = operator + self.property_values = property_values - Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. +class AutomationRulePropertyValuesCondition(_serialization.Model): + """AutomationRulePropertyValuesCondition. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: Required. The kind of the entity.Constant filled by server. Known values are: - "Account", "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", - "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", - "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", - "SubmissionMail". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar directory: The full path to the file. - :vartype directory: str - :ivar file_hash_entity_ids: The file hash entity identifiers associated with this file. - :vartype file_hash_entity_ids: list[str] - :ivar file_name: The file name without path (some alerts might not include path). - :vartype file_name: str - :ivar host_entity_id: The Host entity id which the file belongs to. - :vartype host_entity_id: str + :ivar property_name: The property to evaluate in an automation rule property condition. Known + values are: "IncidentTitle", "IncidentDescription", "IncidentSeverity", "IncidentStatus", + "IncidentRelatedAnalyticRuleIds", "IncidentTactics", "IncidentLabel", "IncidentProviderName", + "IncidentUpdatedBySource", "IncidentCustomDetailsKey", "IncidentCustomDetailsValue", + "AccountAadTenantId", "AccountAadUserId", "AccountName", "AccountNTDomain", "AccountPUID", + "AccountSid", "AccountObjectGuid", "AccountUPNSuffix", "AlertProductNames", + "AlertAnalyticRuleIds", "AzureResourceResourceId", "AzureResourceSubscriptionId", + "CloudApplicationAppId", "CloudApplicationAppName", "DNSDomainName", "FileDirectory", + "FileName", "FileHashValue", "HostAzureID", "HostName", "HostNetBiosName", "HostNTDomain", + "HostOSVersion", "IoTDeviceId", "IoTDeviceName", "IoTDeviceType", "IoTDeviceVendor", + "IoTDeviceModel", "IoTDeviceOperatingSystem", "IPAddress", "MailboxDisplayName", + "MailboxPrimaryAddress", "MailboxUPN", "MailMessageDeliveryAction", + "MailMessageDeliveryLocation", "MailMessageRecipient", "MailMessageSenderIP", + "MailMessageSubject", "MailMessageP1Sender", "MailMessageP2Sender", "MalwareCategory", + "MalwareName", "ProcessCommandLine", "ProcessId", "RegistryKey", "RegistryValueData", and + "Url". + :vartype property_name: str or + ~azure.mgmt.securityinsight.models.AutomationRulePropertyConditionSupportedProperty + :ivar operator: Known values are: "Equals", "NotEquals", "Contains", "NotContains", + "StartsWith", "NotStartsWith", "EndsWith", and "NotEndsWith". + :vartype operator: str or + ~azure.mgmt.securityinsight.models.AutomationRulePropertyConditionSupportedOperator + :ivar property_values: + :vartype property_values: list[str] """ - _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'directory': {'readonly': True}, - 'file_hash_entity_ids': {'readonly': True}, - 'file_name': {'readonly': True}, - 'host_entity_id': {'readonly': True}, - } - _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, - 'directory': {'key': 'properties.directory', 'type': 'str'}, - 'file_hash_entity_ids': {'key': 'properties.fileHashEntityIds', 'type': '[str]'}, - 'file_name': {'key': 'properties.fileName', 'type': 'str'}, - 'host_entity_id': {'key': 'properties.hostEntityId', 'type': 'str'}, + "property_name": {"key": "propertyName", "type": "str"}, + "operator": {"key": "operator", "type": "str"}, + "property_values": {"key": "propertyValues", "type": "[str]"}, } def __init__( self, + *, + property_name: Optional[Union[str, "_models.AutomationRulePropertyConditionSupportedProperty"]] = None, + operator: Optional[Union[str, "_models.AutomationRulePropertyConditionSupportedOperator"]] = None, + property_values: Optional[List[str]] = None, **kwargs ): """ + :keyword property_name: The property to evaluate in an automation rule property condition. + Known values are: "IncidentTitle", "IncidentDescription", "IncidentSeverity", "IncidentStatus", + "IncidentRelatedAnalyticRuleIds", "IncidentTactics", "IncidentLabel", "IncidentProviderName", + "IncidentUpdatedBySource", "IncidentCustomDetailsKey", "IncidentCustomDetailsValue", + "AccountAadTenantId", "AccountAadUserId", "AccountName", "AccountNTDomain", "AccountPUID", + "AccountSid", "AccountObjectGuid", "AccountUPNSuffix", "AlertProductNames", + "AlertAnalyticRuleIds", "AzureResourceResourceId", "AzureResourceSubscriptionId", + "CloudApplicationAppId", "CloudApplicationAppName", "DNSDomainName", "FileDirectory", + "FileName", "FileHashValue", "HostAzureID", "HostName", "HostNetBiosName", "HostNTDomain", + "HostOSVersion", "IoTDeviceId", "IoTDeviceName", "IoTDeviceType", "IoTDeviceVendor", + "IoTDeviceModel", "IoTDeviceOperatingSystem", "IPAddress", "MailboxDisplayName", + "MailboxPrimaryAddress", "MailboxUPN", "MailMessageDeliveryAction", + "MailMessageDeliveryLocation", "MailMessageRecipient", "MailMessageSenderIP", + "MailMessageSubject", "MailMessageP1Sender", "MailMessageP2Sender", "MalwareCategory", + "MalwareName", "ProcessCommandLine", "ProcessId", "RegistryKey", "RegistryValueData", and + "Url". + :paramtype property_name: str or + ~azure.mgmt.securityinsight.models.AutomationRulePropertyConditionSupportedProperty + :keyword operator: Known values are: "Equals", "NotEquals", "Contains", "NotContains", + "StartsWith", "NotStartsWith", "EndsWith", and "NotEndsWith". + :paramtype operator: str or + ~azure.mgmt.securityinsight.models.AutomationRulePropertyConditionSupportedOperator + :keyword property_values: + :paramtype property_values: list[str] """ - super(FileEntity, self).__init__(**kwargs) - self.kind = 'File' # type: str - self.additional_data = None - self.friendly_name = None - self.directory = None - self.file_hash_entity_ids = None - self.file_name = None - self.host_entity_id = None + super().__init__(**kwargs) + self.property_name = property_name + self.operator = operator + self.property_values = property_values -class FileEntityProperties(EntityCommonProperties): - """File entity property bag. +class AutomationRuleRunPlaybookAction(AutomationRuleAction): + """Describes an automation rule action to run a playbook. - Variables are only populated by the server, and will be ignored when sending a request. + All required parameters must be populated in order to send to Azure. - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar directory: The full path to the file. - :vartype directory: str - :ivar file_hash_entity_ids: The file hash entity identifiers associated with this file. - :vartype file_hash_entity_ids: list[str] - :ivar file_name: The file name without path (some alerts might not include path). - :vartype file_name: str - :ivar host_entity_id: The Host entity id which the file belongs to. - :vartype host_entity_id: str + :ivar order: Required. + :vartype order: int + :ivar action_type: The type of the automation rule action. Required. Known values are: + "ModifyProperties" and "RunPlaybook". + :vartype action_type: str or ~azure.mgmt.securityinsight.models.ActionType + :ivar action_configuration: + :vartype action_configuration: ~azure.mgmt.securityinsight.models.PlaybookActionProperties """ _validation = { - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'directory': {'readonly': True}, - 'file_hash_entity_ids': {'readonly': True}, - 'file_name': {'readonly': True}, - 'host_entity_id': {'readonly': True}, + "order": {"required": True}, + "action_type": {"required": True}, } _attribute_map = { - 'additional_data': {'key': 'additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'friendlyName', 'type': 'str'}, - 'directory': {'key': 'directory', 'type': 'str'}, - 'file_hash_entity_ids': {'key': 'fileHashEntityIds', 'type': '[str]'}, - 'file_name': {'key': 'fileName', 'type': 'str'}, - 'host_entity_id': {'key': 'hostEntityId', 'type': 'str'}, + "order": {"key": "order", "type": "int"}, + "action_type": {"key": "actionType", "type": "str"}, + "action_configuration": {"key": "actionConfiguration", "type": "PlaybookActionProperties"}, } def __init__( - self, - **kwargs + self, *, order: int, action_configuration: Optional["_models.PlaybookActionProperties"] = None, **kwargs ): """ + :keyword order: Required. + :paramtype order: int + :keyword action_configuration: + :paramtype action_configuration: ~azure.mgmt.securityinsight.models.PlaybookActionProperties """ - super(FileEntityProperties, self).__init__(**kwargs) - self.directory = None - self.file_hash_entity_ids = None - self.file_name = None - self.host_entity_id = None + super().__init__(order=order, **kwargs) + self.action_type = "RunPlaybook" # type: str + self.action_configuration = action_configuration -class FileHashEntity(Entity): - """Represents a file hash entity. +class AutomationRulesList(_serialization.Model): + """AutomationRulesList. - Variables are only populated by the server, and will be ignored when sending a request. + :ivar value: + :vartype value: list[~azure.mgmt.securityinsight.models.AutomationRule] + :ivar next_link: + :vartype next_link: str + """ + + _attribute_map = { + "value": {"key": "value", "type": "[AutomationRule]"}, + "next_link": {"key": "nextLink", "type": "str"}, + } + + def __init__( + self, *, value: Optional[List["_models.AutomationRule"]] = None, next_link: Optional[str] = None, **kwargs + ): + """ + :keyword value: + :paramtype value: list[~azure.mgmt.securityinsight.models.AutomationRule] + :keyword next_link: + :paramtype next_link: str + """ + super().__init__(**kwargs) + self.value = value + self.next_link = next_link + + +class AutomationRuleTriggeringLogic(_serialization.Model): + """Describes automation rule triggering logic. All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: Required. The kind of the entity.Constant filled by server. Known values are: - "Account", "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", - "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", - "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", - "SubmissionMail". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar algorithm: The hash algorithm type. Known values are: "Unknown", "MD5", "SHA1", "SHA256", - "SHA256AC". - :vartype algorithm: str or ~azure.mgmt.securityinsight.models.FileHashAlgorithm - :ivar hash_value: The file hash value. - :vartype hash_value: str + :ivar is_enabled: Determines whether the automation rule is enabled or disabled. Required. + :vartype is_enabled: bool + :ivar expiration_time_utc: Determines when the automation rule should automatically expire and + be disabled. + :vartype expiration_time_utc: ~datetime.datetime + :ivar triggers_on: Required. Known values are: "Incidents" and "Alerts". + :vartype triggers_on: str or ~azure.mgmt.securityinsight.models.TriggersOn + :ivar triggers_when: Required. Known values are: "Created" and "Updated". + :vartype triggers_when: str or ~azure.mgmt.securityinsight.models.TriggersWhen + :ivar conditions: The conditions to evaluate to determine if the automation rule should be + triggered on a given object. + :vartype conditions: list[~azure.mgmt.securityinsight.models.AutomationRuleCondition] """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'algorithm': {'readonly': True}, - 'hash_value': {'readonly': True}, + "is_enabled": {"required": True}, + "triggers_on": {"required": True}, + "triggers_when": {"required": True}, + "conditions": {"max_items": 50, "min_items": 0}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, - 'algorithm': {'key': 'properties.algorithm', 'type': 'str'}, - 'hash_value': {'key': 'properties.hashValue', 'type': 'str'}, + "is_enabled": {"key": "isEnabled", "type": "bool"}, + "expiration_time_utc": {"key": "expirationTimeUtc", "type": "iso-8601"}, + "triggers_on": {"key": "triggersOn", "type": "str"}, + "triggers_when": {"key": "triggersWhen", "type": "str"}, + "conditions": {"key": "conditions", "type": "[AutomationRuleCondition]"}, } def __init__( self, + *, + is_enabled: bool, + triggers_on: Union[str, "_models.TriggersOn"], + triggers_when: Union[str, "_models.TriggersWhen"], + expiration_time_utc: Optional[datetime.datetime] = None, + conditions: Optional[List["_models.AutomationRuleCondition"]] = None, **kwargs ): """ + :keyword is_enabled: Determines whether the automation rule is enabled or disabled. Required. + :paramtype is_enabled: bool + :keyword expiration_time_utc: Determines when the automation rule should automatically expire + and be disabled. + :paramtype expiration_time_utc: ~datetime.datetime + :keyword triggers_on: Required. Known values are: "Incidents" and "Alerts". + :paramtype triggers_on: str or ~azure.mgmt.securityinsight.models.TriggersOn + :keyword triggers_when: Required. Known values are: "Created" and "Updated". + :paramtype triggers_when: str or ~azure.mgmt.securityinsight.models.TriggersWhen + :keyword conditions: The conditions to evaluate to determine if the automation rule should be + triggered on a given object. + :paramtype conditions: list[~azure.mgmt.securityinsight.models.AutomationRuleCondition] """ - super(FileHashEntity, self).__init__(**kwargs) - self.kind = 'FileHash' # type: str - self.additional_data = None - self.friendly_name = None - self.algorithm = None - self.hash_value = None + super().__init__(**kwargs) + self.is_enabled = is_enabled + self.expiration_time_utc = expiration_time_utc + self.triggers_on = triggers_on + self.triggers_when = triggers_when + self.conditions = conditions -class FileHashEntityProperties(EntityCommonProperties): - """FileHash entity property bag. +class Availability(_serialization.Model): + """Connector Availability Status. - Variables are only populated by the server, and will be ignored when sending a request. + :ivar status: The connector Availability Status. Default value is 1. + :vartype status: int + :ivar is_preview: Set connector as preview. + :vartype is_preview: bool + """ - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar algorithm: The hash algorithm type. Known values are: "Unknown", "MD5", "SHA1", "SHA256", - "SHA256AC". - :vartype algorithm: str or ~azure.mgmt.securityinsight.models.FileHashAlgorithm - :ivar hash_value: The file hash value. - :vartype hash_value: str + _attribute_map = { + "status": {"key": "status", "type": "int"}, + "is_preview": {"key": "isPreview", "type": "bool"}, + } + + def __init__(self, *, status: Optional[int] = None, is_preview: Optional[bool] = None, **kwargs): + """ + :keyword status: The connector Availability Status. Default value is 1. + :paramtype status: int + :keyword is_preview: Set connector as preview. + :paramtype is_preview: bool + """ + super().__init__(**kwargs) + self.status = status + self.is_preview = is_preview + + +class AwsCloudTrailCheckRequirements(DataConnectorsCheckRequirements): + """Amazon Web Services CloudTrail requirements check request. + + All required parameters must be populated in order to send to Azure. + + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind """ _validation = { - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'algorithm': {'readonly': True}, - 'hash_value': {'readonly': True}, + "kind": {"required": True}, } _attribute_map = { - 'additional_data': {'key': 'additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'friendlyName', 'type': 'str'}, - 'algorithm': {'key': 'algorithm', 'type': 'str'}, - 'hash_value': {'key': 'hashValue', 'type': 'str'}, + "kind": {"key": "kind", "type": "str"}, } - def __init__( - self, - **kwargs - ): - """ - """ - super(FileHashEntityProperties, self).__init__(**kwargs) - self.algorithm = None - self.hash_value = None + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.kind = "AmazonWebServicesCloudTrail" # type: str -class FusionAlertRule(AlertRule): - """Represents Fusion alert rule. +class AwsCloudTrailDataConnector(DataConnector): + """Represents Amazon Web Services CloudTrail data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -3007,85 +3705,175 @@ class FusionAlertRule(AlertRule): :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar kind: Required. The alert rule kind.Constant filled by server. Known values are: - "Scheduled", "MicrosoftSecurityIncidentCreation", "Fusion". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind - :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. - :vartype alert_rule_template_name: str - :ivar description: The description of the alert rule. - :vartype description: str - :ivar display_name: The display name for alerts created by this alert rule. - :vartype display_name: str - :ivar enabled: Determines whether this alert rule is enabled or disabled. - :vartype enabled: bool - :ivar last_modified_utc: The last time that this alert has been modified. - :vartype last_modified_utc: ~datetime.datetime - :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :ivar tactics: The tactics of the alert rule. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar aws_role_arn: The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access + the Aws account. + :vartype aws_role_arn: str + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.AwsCloudTrailDataConnectorDataTypes """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, - 'description': {'readonly': True}, - 'display_name': {'readonly': True}, - 'last_modified_utc': {'readonly': True}, - 'severity': {'readonly': True}, - 'tactics': {'readonly': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'etag': {'key': 'etag', 'type': 'str'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'alert_rule_template_name': {'key': 'properties.alertRuleTemplateName', 'type': 'str'}, - 'description': {'key': 'properties.description', 'type': 'str'}, - 'display_name': {'key': 'properties.displayName', 'type': 'str'}, - 'enabled': {'key': 'properties.enabled', 'type': 'bool'}, - 'last_modified_utc': {'key': 'properties.lastModifiedUtc', 'type': 'iso-8601'}, - 'severity': {'key': 'properties.severity', 'type': 'str'}, - 'tactics': {'key': 'properties.tactics', 'type': '[str]'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "aws_role_arn": {"key": "properties.awsRoleArn", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "AwsCloudTrailDataConnectorDataTypes"}, } def __init__( self, *, etag: Optional[str] = None, - alert_rule_template_name: Optional[str] = None, - enabled: Optional[bool] = None, + aws_role_arn: Optional[str] = None, + data_types: Optional["_models.AwsCloudTrailDataConnectorDataTypes"] = None, **kwargs ): """ :keyword etag: Etag of the azure resource. :paramtype etag: str - :keyword alert_rule_template_name: The Name of the alert rule template used to create this - rule. - :paramtype alert_rule_template_name: str - :keyword enabled: Determines whether this alert rule is enabled or disabled. - :paramtype enabled: bool - """ - super(FusionAlertRule, self).__init__(etag=etag, **kwargs) - self.kind = 'Fusion' # type: str - self.alert_rule_template_name = alert_rule_template_name - self.description = None - self.display_name = None - self.enabled = enabled - self.last_modified_utc = None - self.severity = None - self.tactics = None + :keyword aws_role_arn: The Aws Role Arn (with CloudTrailReadOnly policy) that is used to access + the Aws account. + :paramtype aws_role_arn: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.AwsCloudTrailDataConnectorDataTypes + """ + super().__init__(etag=etag, **kwargs) + self.kind = "AmazonWebServicesCloudTrail" # type: str + self.aws_role_arn = aws_role_arn + self.data_types = data_types -class FusionAlertRuleTemplate(AlertRuleTemplate): - """Represents Fusion alert rule template. +class AwsCloudTrailDataConnectorDataTypes(_serialization.Model): + """The available data types for Amazon Web Services CloudTrail data connector. + + All required parameters must be populated in order to send to Azure. + + :ivar logs: Logs data type. Required. + :vartype logs: ~azure.mgmt.securityinsight.models.AwsCloudTrailDataConnectorDataTypesLogs + """ + + _validation = { + "logs": {"required": True}, + } + + _attribute_map = { + "logs": {"key": "logs", "type": "AwsCloudTrailDataConnectorDataTypesLogs"}, + } + + def __init__(self, *, logs: "_models.AwsCloudTrailDataConnectorDataTypesLogs", **kwargs): + """ + :keyword logs: Logs data type. Required. + :paramtype logs: ~azure.mgmt.securityinsight.models.AwsCloudTrailDataConnectorDataTypesLogs + """ + super().__init__(**kwargs) + self.logs = logs + + +class DataConnectorDataTypeCommon(_serialization.Model): + """Common field for data type in data connectors. + + All required parameters must be populated in order to send to Azure. + + :ivar state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _validation = { + "state": {"required": True}, + } + + _attribute_map = { + "state": {"key": "state", "type": "str"}, + } + + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): + """ + :keyword state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + super().__init__(**kwargs) + self.state = state + + +class AwsCloudTrailDataConnectorDataTypesLogs(DataConnectorDataTypeCommon): + """Logs data type. + + All required parameters must be populated in order to send to Azure. + + :ivar state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _validation = { + "state": {"required": True}, + } + + _attribute_map = { + "state": {"key": "state", "type": "str"}, + } + + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): + """ + :keyword state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + super().__init__(state=state, **kwargs) + + +class AwsS3CheckRequirements(DataConnectorsCheckRequirements): + """Amazon Web Services S3 requirements check request. + + All required parameters must be populated in order to send to Azure. + + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + """ + + _validation = { + "kind": {"required": True}, + } + + _attribute_map = { + "kind": {"key": "kind", "type": "str"}, + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.kind = "AmazonWebServicesS3" # type: str + + +class AwsS3DataConnector(DataConnector): + """Represents Amazon Web Services S3 data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -3102,257 +3890,158 @@ class FusionAlertRuleTemplate(AlertRuleTemplate): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: Required. The alert rule kind.Constant filled by server. Known values are: - "Scheduled", "MicrosoftSecurityIncidentCreation", "Fusion". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind - :ivar alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :vartype alert_rules_created_by_template_count: int - :ivar created_date_utc: The time that this alert rule template has been added. - :vartype created_date_utc: ~datetime.datetime - :ivar last_updated_date_utc: The time that this alert rule template was last updated. - :vartype last_updated_date_utc: ~datetime.datetime - :ivar description: The description of the alert rule template. - :vartype description: str - :ivar display_name: The display name for alert rule template. - :vartype display_name: str - :ivar required_data_connectors: The required data connectors for this template. - :vartype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :ivar status: The alert rule template status. Known values are: "Installed", "Available", - "NotAvailable". - :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :ivar tactics: The tactics of the alert rule template. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar destination_table: The logs destination table name in LogAnalytics. + :vartype destination_table: str + :ivar sqs_urls: The AWS sqs urls for the connector. + :vartype sqs_urls: list[str] + :ivar role_arn: The Aws Role Arn that is used to access the Aws account. + :vartype role_arn: str + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.AwsS3DataConnectorDataTypes """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, - 'created_date_utc': {'readonly': True}, - 'last_updated_date_utc': {'readonly': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'alert_rules_created_by_template_count': {'key': 'properties.alertRulesCreatedByTemplateCount', 'type': 'int'}, - 'created_date_utc': {'key': 'properties.createdDateUTC', 'type': 'iso-8601'}, - 'last_updated_date_utc': {'key': 'properties.lastUpdatedDateUTC', 'type': 'iso-8601'}, - 'description': {'key': 'properties.description', 'type': 'str'}, - 'display_name': {'key': 'properties.displayName', 'type': 'str'}, - 'required_data_connectors': {'key': 'properties.requiredDataConnectors', 'type': '[AlertRuleTemplateDataSource]'}, - 'status': {'key': 'properties.status', 'type': 'str'}, - 'severity': {'key': 'properties.severity', 'type': 'str'}, - 'tactics': {'key': 'properties.tactics', 'type': '[str]'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "destination_table": {"key": "properties.destinationTable", "type": "str"}, + "sqs_urls": {"key": "properties.sqsUrls", "type": "[str]"}, + "role_arn": {"key": "properties.roleArn", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "AwsS3DataConnectorDataTypes"}, } def __init__( self, *, - alert_rules_created_by_template_count: Optional[int] = None, - description: Optional[str] = None, - display_name: Optional[str] = None, - required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, - status: Optional[Union[str, "_models.TemplateStatus"]] = None, - severity: Optional[Union[str, "_models.AlertSeverity"]] = None, - tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, + etag: Optional[str] = None, + destination_table: Optional[str] = None, + sqs_urls: Optional[List[str]] = None, + role_arn: Optional[str] = None, + data_types: Optional["_models.AwsS3DataConnectorDataTypes"] = None, **kwargs ): """ - :keyword alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :paramtype alert_rules_created_by_template_count: int - :keyword description: The description of the alert rule template. - :paramtype description: str - :keyword display_name: The display name for alert rule template. - :paramtype display_name: str - :keyword required_data_connectors: The required data connectors for this template. - :paramtype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :keyword status: The alert rule template status. Known values are: "Installed", "Available", - "NotAvailable". - :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :keyword severity: The severity for alerts created by this alert rule. Known values are: - "High", "Medium", "Low", "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity - :keyword tactics: The tactics of the alert rule template. - :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword destination_table: The logs destination table name in LogAnalytics. + :paramtype destination_table: str + :keyword sqs_urls: The AWS sqs urls for the connector. + :paramtype sqs_urls: list[str] + :keyword role_arn: The Aws Role Arn that is used to access the Aws account. + :paramtype role_arn: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.AwsS3DataConnectorDataTypes """ - super(FusionAlertRuleTemplate, self).__init__(**kwargs) - self.kind = 'Fusion' # type: str - self.alert_rules_created_by_template_count = alert_rules_created_by_template_count - self.created_date_utc = None - self.last_updated_date_utc = None - self.description = description - self.display_name = display_name - self.required_data_connectors = required_data_connectors - self.status = status - self.severity = severity - self.tactics = tactics + super().__init__(etag=etag, **kwargs) + self.kind = "AmazonWebServicesS3" # type: str + self.destination_table = destination_table + self.sqs_urls = sqs_urls + self.role_arn = role_arn + self.data_types = data_types -class GeoLocation(msrest.serialization.Model): - """The geo-location context attached to the ip entity. +class AwsS3DataConnectorDataTypes(_serialization.Model): + """The available data types for Amazon Web Services S3 data connector. - Variables are only populated by the server, and will be ignored when sending a request. + All required parameters must be populated in order to send to Azure. - :ivar asn: Autonomous System Number. - :vartype asn: int - :ivar city: City name. - :vartype city: str - :ivar country_code: The country code according to ISO 3166 format. - :vartype country_code: str - :ivar country_name: Country name according to ISO 3166 Alpha 2: the lowercase of the English - Short Name. - :vartype country_name: str - :ivar latitude: The longitude of the identified location, expressed as a floating point number - with range of -180 to 180, with positive numbers representing East and negative numbers - representing West. Latitude and longitude are derived from the city or postal code. - :vartype latitude: float - :ivar longitude: The latitude of the identified location, expressed as a floating point number - with range of - 90 to 90, with positive numbers representing North and negative numbers - representing South. Latitude and longitude are derived from the city or postal code. - :vartype longitude: float - :ivar state: State name. - :vartype state: str + :ivar logs: Logs data type. Required. + :vartype logs: ~azure.mgmt.securityinsight.models.AwsS3DataConnectorDataTypesLogs """ _validation = { - 'asn': {'readonly': True}, - 'city': {'readonly': True}, - 'country_code': {'readonly': True}, - 'country_name': {'readonly': True}, - 'latitude': {'readonly': True}, - 'longitude': {'readonly': True}, - 'state': {'readonly': True}, + "logs": {"required": True}, } _attribute_map = { - 'asn': {'key': 'asn', 'type': 'int'}, - 'city': {'key': 'city', 'type': 'str'}, - 'country_code': {'key': 'countryCode', 'type': 'str'}, - 'country_name': {'key': 'countryName', 'type': 'str'}, - 'latitude': {'key': 'latitude', 'type': 'float'}, - 'longitude': {'key': 'longitude', 'type': 'float'}, - 'state': {'key': 'state', 'type': 'str'}, + "logs": {"key": "logs", "type": "AwsS3DataConnectorDataTypesLogs"}, } - def __init__( - self, - **kwargs - ): + def __init__(self, *, logs: "_models.AwsS3DataConnectorDataTypesLogs", **kwargs): """ + :keyword logs: Logs data type. Required. + :paramtype logs: ~azure.mgmt.securityinsight.models.AwsS3DataConnectorDataTypesLogs """ - super(GeoLocation, self).__init__(**kwargs) - self.asn = None - self.city = None - self.country_code = None - self.country_name = None - self.latitude = None - self.longitude = None - self.state = None + super().__init__(**kwargs) + self.logs = logs -class GroupingConfiguration(msrest.serialization.Model): - """Grouping configuration property bag. +class AwsS3DataConnectorDataTypesLogs(DataConnectorDataTypeCommon): + """Logs data type. All required parameters must be populated in order to send to Azure. - :ivar enabled: Required. Grouping enabled. - :vartype enabled: bool - :ivar reopen_closed_incident: Required. Re-open closed matching incidents. - :vartype reopen_closed_incident: bool - :ivar lookback_duration: Required. Limit the group to alerts created within the lookback - duration (in ISO 8601 duration format). - :vartype lookback_duration: ~datetime.timedelta - :ivar matching_method: Required. Grouping matching method. When method is Selected at least one - of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty. - Known values are: "AllEntities", "AnyAlert", "Selected". - :vartype matching_method: str or ~azure.mgmt.securityinsight.models.MatchingMethod - :ivar group_by_entities: A list of entity types to group by (when matchingMethod is Selected). - Only entities defined in the current alert rule may be used. - :vartype group_by_entities: list[str or ~azure.mgmt.securityinsight.models.EntityMappingType] - :ivar group_by_alert_details: A list of alert details to group by (when matchingMethod is - Selected). - :vartype group_by_alert_details: list[str or ~azure.mgmt.securityinsight.models.AlertDetail] - :ivar group_by_custom_details: A list of custom details keys to group by (when matchingMethod - is Selected). Only keys defined in the current alert rule may be used. - :vartype group_by_custom_details: list[str] + :ivar state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState """ _validation = { - 'enabled': {'required': True}, - 'reopen_closed_incident': {'required': True}, - 'lookback_duration': {'required': True}, - 'matching_method': {'required': True}, + "state": {"required": True}, } _attribute_map = { - 'enabled': {'key': 'enabled', 'type': 'bool'}, - 'reopen_closed_incident': {'key': 'reopenClosedIncident', 'type': 'bool'}, - 'lookback_duration': {'key': 'lookbackDuration', 'type': 'duration'}, - 'matching_method': {'key': 'matchingMethod', 'type': 'str'}, - 'group_by_entities': {'key': 'groupByEntities', 'type': '[str]'}, - 'group_by_alert_details': {'key': 'groupByAlertDetails', 'type': '[str]'}, - 'group_by_custom_details': {'key': 'groupByCustomDetails', 'type': '[str]'}, + "state": {"key": "state", "type": "str"}, } - def __init__( - self, - *, - enabled: bool, - reopen_closed_incident: bool, - lookback_duration: datetime.timedelta, - matching_method: Union[str, "_models.MatchingMethod"], - group_by_entities: Optional[List[Union[str, "_models.EntityMappingType"]]] = None, - group_by_alert_details: Optional[List[Union[str, "_models.AlertDetail"]]] = None, - group_by_custom_details: Optional[List[str]] = None, - **kwargs - ): + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): """ - :keyword enabled: Required. Grouping enabled. - :paramtype enabled: bool - :keyword reopen_closed_incident: Required. Re-open closed matching incidents. - :paramtype reopen_closed_incident: bool - :keyword lookback_duration: Required. Limit the group to alerts created within the lookback - duration (in ISO 8601 duration format). - :paramtype lookback_duration: ~datetime.timedelta - :keyword matching_method: Required. Grouping matching method. When method is Selected at least - one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not - empty. Known values are: "AllEntities", "AnyAlert", "Selected". - :paramtype matching_method: str or ~azure.mgmt.securityinsight.models.MatchingMethod - :keyword group_by_entities: A list of entity types to group by (when matchingMethod is - Selected). Only entities defined in the current alert rule may be used. - :paramtype group_by_entities: list[str or ~azure.mgmt.securityinsight.models.EntityMappingType] - :keyword group_by_alert_details: A list of alert details to group by (when matchingMethod is - Selected). - :paramtype group_by_alert_details: list[str or ~azure.mgmt.securityinsight.models.AlertDetail] - :keyword group_by_custom_details: A list of custom details keys to group by (when - matchingMethod is Selected). Only keys defined in the current alert rule may be used. - :paramtype group_by_custom_details: list[str] + :keyword state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState """ - super(GroupingConfiguration, self).__init__(**kwargs) - self.enabled = enabled - self.reopen_closed_incident = reopen_closed_incident - self.lookback_duration = lookback_duration - self.matching_method = matching_method - self.group_by_entities = group_by_entities - self.group_by_alert_details = group_by_alert_details - self.group_by_custom_details = group_by_custom_details + super().__init__(state=state, **kwargs) -class HostEntity(Entity): - """Represents a host entity. +class AzureDevOpsResourceInfo(_serialization.Model): + """Resources created in Azure DevOps repository. + + :ivar pipeline_id: Id of the pipeline created for the source-control. + :vartype pipeline_id: str + :ivar service_connection_id: Id of the service-connection created for the source-control. + :vartype service_connection_id: str + """ + + _attribute_map = { + "pipeline_id": {"key": "pipelineId", "type": "str"}, + "service_connection_id": {"key": "serviceConnectionId", "type": "str"}, + } + + def __init__(self, *, pipeline_id: Optional[str] = None, service_connection_id: Optional[str] = None, **kwargs): + """ + :keyword pipeline_id: Id of the pipeline created for the source-control. + :paramtype pipeline_id: str + :keyword service_connection_id: Id of the service-connection created for the source-control. + :paramtype service_connection_id: str + """ + super().__init__(**kwargs) + self.pipeline_id = pipeline_id + self.service_connection_id = service_connection_id + + +class AzureResourceEntity(Entity): + """Represents an azure resource entity. Variables are only populated by the server, and will be ignored when sending a request. @@ -3369,197 +4058,100 @@ class HostEntity(Entity): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: Required. The kind of the entity.Constant filled by server. Known values are: - "Account", "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", - "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", - "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", - "SubmissionMail". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str - :ivar azure_id: The azure resource id of the VM. - :vartype azure_id: str - :ivar dns_domain: The DNS domain that this host belongs to. Should contain the compete DNS - suffix for the domain. - :vartype dns_domain: str - :ivar host_name: The hostname without the domain suffix. - :vartype host_name: str - :ivar is_domain_joined: Determines whether this host belongs to a domain. - :vartype is_domain_joined: bool - :ivar net_bios_name: The host name (pre-windows2000). - :vartype net_bios_name: str - :ivar nt_domain: The NT domain that this host belongs to. - :vartype nt_domain: str - :ivar oms_agent_id: The OMS agent id, if the host has OMS agent installed. - :vartype oms_agent_id: str - :ivar os_family: The operating system type. Known values are: "Linux", "Windows", "Android", - "IOS", "Unknown". - :vartype os_family: str or ~azure.mgmt.securityinsight.models.OSFamily - :ivar os_version: A free text representation of the operating system. This field is meant to - hold specific versions the are more fine grained than OSFamily or future values not supported - by OSFamily enumeration. - :vartype os_version: str + :ivar resource_id: The azure resource id of the resource. + :vartype resource_id: str + :ivar subscription_id: The subscription id of the resource. + :vartype subscription_id: str """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'azure_id': {'readonly': True}, - 'dns_domain': {'readonly': True}, - 'host_name': {'readonly': True}, - 'is_domain_joined': {'readonly': True}, - 'net_bios_name': {'readonly': True}, - 'nt_domain': {'readonly': True}, - 'oms_agent_id': {'readonly': True}, - 'os_version': {'readonly': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "resource_id": {"readonly": True}, + "subscription_id": {"readonly": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, - 'azure_id': {'key': 'properties.azureID', 'type': 'str'}, - 'dns_domain': {'key': 'properties.dnsDomain', 'type': 'str'}, - 'host_name': {'key': 'properties.hostName', 'type': 'str'}, - 'is_domain_joined': {'key': 'properties.isDomainJoined', 'type': 'bool'}, - 'net_bios_name': {'key': 'properties.netBiosName', 'type': 'str'}, - 'nt_domain': {'key': 'properties.ntDomain', 'type': 'str'}, - 'oms_agent_id': {'key': 'properties.omsAgentID', 'type': 'str'}, - 'os_family': {'key': 'properties.osFamily', 'type': 'str'}, - 'os_version': {'key': 'properties.osVersion', 'type': 'str'}, - } - - def __init__( - self, - *, - os_family: Optional[Union[str, "_models.OSFamily"]] = None, - **kwargs - ): - """ - :keyword os_family: The operating system type. Known values are: "Linux", "Windows", "Android", - "IOS", "Unknown". - :paramtype os_family: str or ~azure.mgmt.securityinsight.models.OSFamily - """ - super(HostEntity, self).__init__(**kwargs) - self.kind = 'Host' # type: str + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "resource_id": {"key": "properties.resourceId", "type": "str"}, + "subscription_id": {"key": "properties.subscriptionId", "type": "str"}, + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.kind = "AzureResource" # type: str self.additional_data = None self.friendly_name = None - self.azure_id = None - self.dns_domain = None - self.host_name = None - self.is_domain_joined = None - self.net_bios_name = None - self.nt_domain = None - self.oms_agent_id = None - self.os_family = os_family - self.os_version = None + self.resource_id = None + self.subscription_id = None -class HostEntityProperties(EntityCommonProperties): - """Host entity property bag. +class AzureResourceEntityProperties(EntityCommonProperties): + """AzureResource entity property bag. Variables are only populated by the server, and will be ignored when sending a request. :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str - :ivar azure_id: The azure resource id of the VM. - :vartype azure_id: str - :ivar dns_domain: The DNS domain that this host belongs to. Should contain the compete DNS - suffix for the domain. - :vartype dns_domain: str - :ivar host_name: The hostname without the domain suffix. - :vartype host_name: str - :ivar is_domain_joined: Determines whether this host belongs to a domain. - :vartype is_domain_joined: bool - :ivar net_bios_name: The host name (pre-windows2000). - :vartype net_bios_name: str - :ivar nt_domain: The NT domain that this host belongs to. - :vartype nt_domain: str - :ivar oms_agent_id: The OMS agent id, if the host has OMS agent installed. - :vartype oms_agent_id: str - :ivar os_family: The operating system type. Known values are: "Linux", "Windows", "Android", - "IOS", "Unknown". - :vartype os_family: str or ~azure.mgmt.securityinsight.models.OSFamily - :ivar os_version: A free text representation of the operating system. This field is meant to - hold specific versions the are more fine grained than OSFamily or future values not supported - by OSFamily enumeration. - :vartype os_version: str + :ivar resource_id: The azure resource id of the resource. + :vartype resource_id: str + :ivar subscription_id: The subscription id of the resource. + :vartype subscription_id: str """ _validation = { - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'azure_id': {'readonly': True}, - 'dns_domain': {'readonly': True}, - 'host_name': {'readonly': True}, - 'is_domain_joined': {'readonly': True}, - 'net_bios_name': {'readonly': True}, - 'nt_domain': {'readonly': True}, - 'oms_agent_id': {'readonly': True}, - 'os_version': {'readonly': True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "resource_id": {"readonly": True}, + "subscription_id": {"readonly": True}, } _attribute_map = { - 'additional_data': {'key': 'additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'friendlyName', 'type': 'str'}, - 'azure_id': {'key': 'azureID', 'type': 'str'}, - 'dns_domain': {'key': 'dnsDomain', 'type': 'str'}, - 'host_name': {'key': 'hostName', 'type': 'str'}, - 'is_domain_joined': {'key': 'isDomainJoined', 'type': 'bool'}, - 'net_bios_name': {'key': 'netBiosName', 'type': 'str'}, - 'nt_domain': {'key': 'ntDomain', 'type': 'str'}, - 'oms_agent_id': {'key': 'omsAgentID', 'type': 'str'}, - 'os_family': {'key': 'osFamily', 'type': 'str'}, - 'os_version': {'key': 'osVersion', 'type': 'str'}, + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "resource_id": {"key": "resourceId", "type": "str"}, + "subscription_id": {"key": "subscriptionId", "type": "str"}, } - def __init__( - self, - *, - os_family: Optional[Union[str, "_models.OSFamily"]] = None, - **kwargs - ): - """ - :keyword os_family: The operating system type. Known values are: "Linux", "Windows", "Android", - "IOS", "Unknown". - :paramtype os_family: str or ~azure.mgmt.securityinsight.models.OSFamily - """ - super(HostEntityProperties, self).__init__(**kwargs) - self.azure_id = None - self.dns_domain = None - self.host_name = None - self.is_domain_joined = None - self.net_bios_name = None - self.nt_domain = None - self.oms_agent_id = None - self.os_family = os_family - self.os_version = None + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.resource_id = None + self.subscription_id = None -class HuntingBookmark(Entity): - """Represents a Hunting bookmark entity. +class Bookmark(ResourceWithEtag): # pylint: disable=too-many-instance-attributes + """Represents a bookmark in Azure Security Insights. Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. :vartype id: str @@ -3571,26 +4163,14 @@ class HuntingBookmark(Entity): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: Required. The kind of the entity.Constant filled by server. Known values are: - "Account", "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", - "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", - "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", - "SubmissionMail". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str + :ivar etag: Etag of the azure resource. + :vartype etag: str :ivar created: The time the bookmark was created. :vartype created: ~datetime.datetime :ivar created_by: Describes a user that created the bookmark. :vartype created_by: ~azure.mgmt.securityinsight.models.UserInfo :ivar display_name: The display name of the bookmark. :vartype display_name: str - :ivar event_time: The time of the event. - :vartype event_time: ~datetime.datetime :ivar labels: List of labels relevant to this bookmark. :vartype labels: list[str] :ivar notes: The notes of the bookmark. @@ -3603,66 +4183,84 @@ class HuntingBookmark(Entity): :vartype updated: ~datetime.datetime :ivar updated_by: Describes a user that updated the bookmark. :vartype updated_by: ~azure.mgmt.securityinsight.models.UserInfo + :ivar event_time: The bookmark event time. + :vartype event_time: ~datetime.datetime + :ivar query_start_time: The start time for the query. + :vartype query_start_time: ~datetime.datetime + :ivar query_end_time: The end time for the query. + :vartype query_end_time: ~datetime.datetime :ivar incident_info: Describes an incident that relates to bookmark. :vartype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo + :ivar entity_mappings: Describes the entity mappings of the bookmark. + :vartype entity_mappings: list[~azure.mgmt.securityinsight.models.BookmarkEntityMappings] + :ivar tactics: A list of relevant mitre attacks. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: A list of relevant mitre techniques. + :vartype techniques: list[str] """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, - 'created': {'key': 'properties.created', 'type': 'iso-8601'}, - 'created_by': {'key': 'properties.createdBy', 'type': 'UserInfo'}, - 'display_name': {'key': 'properties.displayName', 'type': 'str'}, - 'event_time': {'key': 'properties.eventTime', 'type': 'iso-8601'}, - 'labels': {'key': 'properties.labels', 'type': '[str]'}, - 'notes': {'key': 'properties.notes', 'type': 'str'}, - 'query': {'key': 'properties.query', 'type': 'str'}, - 'query_result': {'key': 'properties.queryResult', 'type': 'str'}, - 'updated': {'key': 'properties.updated', 'type': 'iso-8601'}, - 'updated_by': {'key': 'properties.updatedBy', 'type': 'UserInfo'}, - 'incident_info': {'key': 'properties.incidentInfo', 'type': 'IncidentInfo'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "created": {"key": "properties.created", "type": "iso-8601"}, + "created_by": {"key": "properties.createdBy", "type": "UserInfo"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "labels": {"key": "properties.labels", "type": "[str]"}, + "notes": {"key": "properties.notes", "type": "str"}, + "query": {"key": "properties.query", "type": "str"}, + "query_result": {"key": "properties.queryResult", "type": "str"}, + "updated": {"key": "properties.updated", "type": "iso-8601"}, + "updated_by": {"key": "properties.updatedBy", "type": "UserInfo"}, + "event_time": {"key": "properties.eventTime", "type": "iso-8601"}, + "query_start_time": {"key": "properties.queryStartTime", "type": "iso-8601"}, + "query_end_time": {"key": "properties.queryEndTime", "type": "iso-8601"}, + "incident_info": {"key": "properties.incidentInfo", "type": "IncidentInfo"}, + "entity_mappings": {"key": "properties.entityMappings", "type": "[BookmarkEntityMappings]"}, + "tactics": {"key": "properties.tactics", "type": "[str]"}, + "techniques": {"key": "properties.techniques", "type": "[str]"}, } def __init__( self, *, + etag: Optional[str] = None, created: Optional[datetime.datetime] = None, created_by: Optional["_models.UserInfo"] = None, display_name: Optional[str] = None, - event_time: Optional[datetime.datetime] = None, labels: Optional[List[str]] = None, notes: Optional[str] = None, query: Optional[str] = None, query_result: Optional[str] = None, updated: Optional[datetime.datetime] = None, updated_by: Optional["_models.UserInfo"] = None, + event_time: Optional[datetime.datetime] = None, + query_start_time: Optional[datetime.datetime] = None, + query_end_time: Optional[datetime.datetime] = None, incident_info: Optional["_models.IncidentInfo"] = None, + entity_mappings: Optional[List["_models.BookmarkEntityMappings"]] = None, + tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, + techniques: Optional[List[str]] = None, **kwargs ): """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str :keyword created: The time the bookmark was created. :paramtype created: ~datetime.datetime :keyword created_by: Describes a user that created the bookmark. :paramtype created_by: ~azure.mgmt.securityinsight.models.UserInfo :keyword display_name: The display name of the bookmark. :paramtype display_name: str - :keyword event_time: The time of the event. - :paramtype event_time: ~datetime.datetime :keyword labels: List of labels relevant to this bookmark. :paramtype labels: list[str] :keyword notes: The notes of the bookmark. @@ -3675,420 +4273,384 @@ def __init__( :paramtype updated: ~datetime.datetime :keyword updated_by: Describes a user that updated the bookmark. :paramtype updated_by: ~azure.mgmt.securityinsight.models.UserInfo + :keyword event_time: The bookmark event time. + :paramtype event_time: ~datetime.datetime + :keyword query_start_time: The start time for the query. + :paramtype query_start_time: ~datetime.datetime + :keyword query_end_time: The end time for the query. + :paramtype query_end_time: ~datetime.datetime :keyword incident_info: Describes an incident that relates to bookmark. :paramtype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo + :keyword entity_mappings: Describes the entity mappings of the bookmark. + :paramtype entity_mappings: list[~azure.mgmt.securityinsight.models.BookmarkEntityMappings] + :keyword tactics: A list of relevant mitre attacks. + :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :keyword techniques: A list of relevant mitre techniques. + :paramtype techniques: list[str] """ - super(HuntingBookmark, self).__init__(**kwargs) - self.kind = 'Bookmark' # type: str - self.additional_data = None - self.friendly_name = None + super().__init__(etag=etag, **kwargs) self.created = created self.created_by = created_by self.display_name = display_name - self.event_time = event_time self.labels = labels self.notes = notes self.query = query self.query_result = query_result self.updated = updated self.updated_by = updated_by + self.event_time = event_time + self.query_start_time = query_start_time + self.query_end_time = query_end_time self.incident_info = incident_info + self.entity_mappings = entity_mappings + self.tactics = tactics + self.techniques = techniques -class HuntingBookmarkProperties(EntityCommonProperties): - """Describes bookmark properties. +class BookmarkEntityMappings(_serialization.Model): + """Describes the entity mappings of a single entity. - Variables are only populated by the server, and will be ignored when sending a request. + :ivar entity_type: The entity type. + :vartype entity_type: str + :ivar field_mappings: Array of fields mapping for that entity type. + :vartype field_mappings: list[~azure.mgmt.securityinsight.models.EntityFieldMapping] + """ - All required parameters must be populated in order to send to Azure. + _attribute_map = { + "entity_type": {"key": "entityType", "type": "str"}, + "field_mappings": {"key": "fieldMappings", "type": "[EntityFieldMapping]"}, + } - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar created: The time the bookmark was created. - :vartype created: ~datetime.datetime - :ivar created_by: Describes a user that created the bookmark. - :vartype created_by: ~azure.mgmt.securityinsight.models.UserInfo - :ivar display_name: Required. The display name of the bookmark. - :vartype display_name: str - :ivar event_time: The time of the event. - :vartype event_time: ~datetime.datetime - :ivar labels: List of labels relevant to this bookmark. - :vartype labels: list[str] - :ivar notes: The notes of the bookmark. - :vartype notes: str - :ivar query: Required. The query of the bookmark. - :vartype query: str - :ivar query_result: The query result of the bookmark. - :vartype query_result: str - :ivar updated: The last time the bookmark was updated. - :vartype updated: ~datetime.datetime - :ivar updated_by: Describes a user that updated the bookmark. - :vartype updated_by: ~azure.mgmt.securityinsight.models.UserInfo - :ivar incident_info: Describes an incident that relates to bookmark. - :vartype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo + def __init__( + self, + *, + entity_type: Optional[str] = None, + field_mappings: Optional[List["_models.EntityFieldMapping"]] = None, + **kwargs + ): + """ + :keyword entity_type: The entity type. + :paramtype entity_type: str + :keyword field_mappings: Array of fields mapping for that entity type. + :paramtype field_mappings: list[~azure.mgmt.securityinsight.models.EntityFieldMapping] + """ + super().__init__(**kwargs) + self.entity_type = entity_type + self.field_mappings = field_mappings + + +class BookmarkExpandParameters(_serialization.Model): + """The parameters required to execute an expand operation on the given bookmark. + + :ivar end_time: The end date filter, so the only expansion results returned are before this + date. + :vartype end_time: ~datetime.datetime + :ivar expansion_id: The Id of the expansion to perform. + :vartype expansion_id: str + :ivar start_time: The start date filter, so the only expansion results returned are after this + date. + :vartype start_time: ~datetime.datetime """ - _validation = { - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'display_name': {'required': True}, - 'query': {'required': True}, + _attribute_map = { + "end_time": {"key": "endTime", "type": "iso-8601"}, + "expansion_id": {"key": "expansionId", "type": "str"}, + "start_time": {"key": "startTime", "type": "iso-8601"}, } + def __init__( + self, + *, + end_time: Optional[datetime.datetime] = None, + expansion_id: Optional[str] = None, + start_time: Optional[datetime.datetime] = None, + **kwargs + ): + """ + :keyword end_time: The end date filter, so the only expansion results returned are before this + date. + :paramtype end_time: ~datetime.datetime + :keyword expansion_id: The Id of the expansion to perform. + :paramtype expansion_id: str + :keyword start_time: The start date filter, so the only expansion results returned are after + this date. + :paramtype start_time: ~datetime.datetime + """ + super().__init__(**kwargs) + self.end_time = end_time + self.expansion_id = expansion_id + self.start_time = start_time + + +class BookmarkExpandResponse(_serialization.Model): + """The entity expansion result operation response. + + :ivar meta_data: The metadata from the expansion operation results. + :vartype meta_data: ~azure.mgmt.securityinsight.models.ExpansionResultsMetadata + :ivar value: The expansion result values. + :vartype value: ~azure.mgmt.securityinsight.models.BookmarkExpandResponseValue + """ + _attribute_map = { - 'additional_data': {'key': 'additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'friendlyName', 'type': 'str'}, - 'created': {'key': 'created', 'type': 'iso-8601'}, - 'created_by': {'key': 'createdBy', 'type': 'UserInfo'}, - 'display_name': {'key': 'displayName', 'type': 'str'}, - 'event_time': {'key': 'eventTime', 'type': 'iso-8601'}, - 'labels': {'key': 'labels', 'type': '[str]'}, - 'notes': {'key': 'notes', 'type': 'str'}, - 'query': {'key': 'query', 'type': 'str'}, - 'query_result': {'key': 'queryResult', 'type': 'str'}, - 'updated': {'key': 'updated', 'type': 'iso-8601'}, - 'updated_by': {'key': 'updatedBy', 'type': 'UserInfo'}, - 'incident_info': {'key': 'incidentInfo', 'type': 'IncidentInfo'}, + "meta_data": {"key": "metaData", "type": "ExpansionResultsMetadata"}, + "value": {"key": "value", "type": "BookmarkExpandResponseValue"}, } def __init__( self, *, - display_name: str, - query: str, - created: Optional[datetime.datetime] = None, - created_by: Optional["_models.UserInfo"] = None, - event_time: Optional[datetime.datetime] = None, - labels: Optional[List[str]] = None, - notes: Optional[str] = None, - query_result: Optional[str] = None, - updated: Optional[datetime.datetime] = None, - updated_by: Optional["_models.UserInfo"] = None, - incident_info: Optional["_models.IncidentInfo"] = None, + meta_data: Optional["_models.ExpansionResultsMetadata"] = None, + value: Optional["_models.BookmarkExpandResponseValue"] = None, **kwargs ): """ - :keyword created: The time the bookmark was created. - :paramtype created: ~datetime.datetime - :keyword created_by: Describes a user that created the bookmark. - :paramtype created_by: ~azure.mgmt.securityinsight.models.UserInfo - :keyword display_name: Required. The display name of the bookmark. - :paramtype display_name: str - :keyword event_time: The time of the event. - :paramtype event_time: ~datetime.datetime - :keyword labels: List of labels relevant to this bookmark. - :paramtype labels: list[str] - :keyword notes: The notes of the bookmark. - :paramtype notes: str - :keyword query: Required. The query of the bookmark. - :paramtype query: str - :keyword query_result: The query result of the bookmark. - :paramtype query_result: str - :keyword updated: The last time the bookmark was updated. - :paramtype updated: ~datetime.datetime - :keyword updated_by: Describes a user that updated the bookmark. - :paramtype updated_by: ~azure.mgmt.securityinsight.models.UserInfo - :keyword incident_info: Describes an incident that relates to bookmark. - :paramtype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo + :keyword meta_data: The metadata from the expansion operation results. + :paramtype meta_data: ~azure.mgmt.securityinsight.models.ExpansionResultsMetadata + :keyword value: The expansion result values. + :paramtype value: ~azure.mgmt.securityinsight.models.BookmarkExpandResponseValue """ - super(HuntingBookmarkProperties, self).__init__(**kwargs) - self.created = created - self.created_by = created_by - self.display_name = display_name - self.event_time = event_time - self.labels = labels - self.notes = notes - self.query = query - self.query_result = query_result - self.updated = updated - self.updated_by = updated_by - self.incident_info = incident_info + super().__init__(**kwargs) + self.meta_data = meta_data + self.value = value -class Incident(ResourceWithEtag): - """Represents an incident in Azure Security Insights. +class BookmarkExpandResponseValue(_serialization.Model): + """The expansion result values. + + :ivar entities: Array of the expansion result entities. + :vartype entities: list[~azure.mgmt.securityinsight.models.Entity] + :ivar edges: Array of expansion result connected entities. + :vartype edges: list[~azure.mgmt.securityinsight.models.ConnectedEntity] + """ + + _attribute_map = { + "entities": {"key": "entities", "type": "[Entity]"}, + "edges": {"key": "edges", "type": "[ConnectedEntity]"}, + } + + def __init__( + self, + *, + entities: Optional[List["_models.Entity"]] = None, + edges: Optional[List["_models.ConnectedEntity"]] = None, + **kwargs + ): + """ + :keyword entities: Array of the expansion result entities. + :paramtype entities: list[~azure.mgmt.securityinsight.models.Entity] + :keyword edges: Array of expansion result connected entities. + :paramtype edges: list[~azure.mgmt.securityinsight.models.ConnectedEntity] + """ + super().__init__(**kwargs) + self.entities = entities + self.edges = edges + + +class BookmarkList(_serialization.Model): + """List all the bookmarks. Variables are only populated by the server, and will be ignored when sending a request. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar additional_data: Additional data on the incident. - :vartype additional_data: ~azure.mgmt.securityinsight.models.IncidentAdditionalData - :ivar classification: The reason the incident was closed. Known values are: "Undetermined", - "TruePositive", "BenignPositive", "FalsePositive". - :vartype classification: str or ~azure.mgmt.securityinsight.models.IncidentClassification - :ivar classification_comment: Describes the reason the incident was closed. - :vartype classification_comment: str - :ivar classification_reason: The classification reason the incident was closed with. Known - values are: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", - "InaccurateData". - :vartype classification_reason: str or - ~azure.mgmt.securityinsight.models.IncidentClassificationReason - :ivar created_time_utc: The time the incident was created. - :vartype created_time_utc: ~datetime.datetime - :ivar description: The description of the incident. - :vartype description: str - :ivar first_activity_time_utc: The time of the first activity in the incident. - :vartype first_activity_time_utc: ~datetime.datetime - :ivar incident_url: The deep-link url to the incident in Azure portal. - :vartype incident_url: str - :ivar incident_number: A sequential number. - :vartype incident_number: int - :ivar labels: List of labels relevant to this incident. - :vartype labels: list[~azure.mgmt.securityinsight.models.IncidentLabel] - :ivar last_activity_time_utc: The time of the last activity in the incident. - :vartype last_activity_time_utc: ~datetime.datetime - :ivar last_modified_time_utc: The last time the incident was updated. - :vartype last_modified_time_utc: ~datetime.datetime - :ivar owner: Describes a user that the incident is assigned to. - :vartype owner: ~azure.mgmt.securityinsight.models.IncidentOwnerInfo - :ivar related_analytic_rule_ids: List of resource ids of Analytic rules related to the - incident. - :vartype related_analytic_rule_ids: list[str] - :ivar severity: The severity of the incident. Known values are: "High", "Medium", "Low", - "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity - :ivar status: The status of the incident. Known values are: "New", "Active", "Closed". - :vartype status: str or ~azure.mgmt.securityinsight.models.IncidentStatus - :ivar title: The title of the incident. - :vartype title: str + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of bookmarks. + :vartype next_link: str + :ivar value: Array of bookmarks. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.Bookmark] """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'additional_data': {'readonly': True}, - 'created_time_utc': {'readonly': True}, - 'incident_url': {'readonly': True}, - 'incident_number': {'readonly': True}, - 'last_modified_time_utc': {'readonly': True}, - 'related_analytic_rule_ids': {'readonly': True}, + "next_link": {"readonly": True}, + "value": {"required": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'etag': {'key': 'etag', 'type': 'str'}, - 'additional_data': {'key': 'properties.additionalData', 'type': 'IncidentAdditionalData'}, - 'classification': {'key': 'properties.classification', 'type': 'str'}, - 'classification_comment': {'key': 'properties.classificationComment', 'type': 'str'}, - 'classification_reason': {'key': 'properties.classificationReason', 'type': 'str'}, - 'created_time_utc': {'key': 'properties.createdTimeUtc', 'type': 'iso-8601'}, - 'description': {'key': 'properties.description', 'type': 'str'}, - 'first_activity_time_utc': {'key': 'properties.firstActivityTimeUtc', 'type': 'iso-8601'}, - 'incident_url': {'key': 'properties.incidentUrl', 'type': 'str'}, - 'incident_number': {'key': 'properties.incidentNumber', 'type': 'int'}, - 'labels': {'key': 'properties.labels', 'type': '[IncidentLabel]'}, - 'last_activity_time_utc': {'key': 'properties.lastActivityTimeUtc', 'type': 'iso-8601'}, - 'last_modified_time_utc': {'key': 'properties.lastModifiedTimeUtc', 'type': 'iso-8601'}, - 'owner': {'key': 'properties.owner', 'type': 'IncidentOwnerInfo'}, - 'related_analytic_rule_ids': {'key': 'properties.relatedAnalyticRuleIds', 'type': '[str]'}, - 'severity': {'key': 'properties.severity', 'type': 'str'}, - 'status': {'key': 'properties.status', 'type': 'str'}, - 'title': {'key': 'properties.title', 'type': 'str'}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[Bookmark]"}, } - def __init__( - self, - *, - etag: Optional[str] = None, - classification: Optional[Union[str, "_models.IncidentClassification"]] = None, - classification_comment: Optional[str] = None, - classification_reason: Optional[Union[str, "_models.IncidentClassificationReason"]] = None, - description: Optional[str] = None, - first_activity_time_utc: Optional[datetime.datetime] = None, - labels: Optional[List["_models.IncidentLabel"]] = None, - last_activity_time_utc: Optional[datetime.datetime] = None, - owner: Optional["_models.IncidentOwnerInfo"] = None, - severity: Optional[Union[str, "_models.IncidentSeverity"]] = None, - status: Optional[Union[str, "_models.IncidentStatus"]] = None, - title: Optional[str] = None, - **kwargs - ): + def __init__(self, *, value: List["_models.Bookmark"], **kwargs): """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword classification: The reason the incident was closed. Known values are: "Undetermined", - "TruePositive", "BenignPositive", "FalsePositive". - :paramtype classification: str or ~azure.mgmt.securityinsight.models.IncidentClassification - :keyword classification_comment: Describes the reason the incident was closed. - :paramtype classification_comment: str - :keyword classification_reason: The classification reason the incident was closed with. Known - values are: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", - "InaccurateData". - :paramtype classification_reason: str or - ~azure.mgmt.securityinsight.models.IncidentClassificationReason - :keyword description: The description of the incident. - :paramtype description: str - :keyword first_activity_time_utc: The time of the first activity in the incident. - :paramtype first_activity_time_utc: ~datetime.datetime - :keyword labels: List of labels relevant to this incident. - :paramtype labels: list[~azure.mgmt.securityinsight.models.IncidentLabel] - :keyword last_activity_time_utc: The time of the last activity in the incident. - :paramtype last_activity_time_utc: ~datetime.datetime - :keyword owner: Describes a user that the incident is assigned to. - :paramtype owner: ~azure.mgmt.securityinsight.models.IncidentOwnerInfo - :keyword severity: The severity of the incident. Known values are: "High", "Medium", "Low", - "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity - :keyword status: The status of the incident. Known values are: "New", "Active", "Closed". - :paramtype status: str or ~azure.mgmt.securityinsight.models.IncidentStatus - :keyword title: The title of the incident. - :paramtype title: str + :keyword value: Array of bookmarks. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.Bookmark] """ - super(Incident, self).__init__(etag=etag, **kwargs) - self.additional_data = None - self.classification = classification - self.classification_comment = classification_comment - self.classification_reason = classification_reason - self.created_time_utc = None - self.description = description - self.first_activity_time_utc = first_activity_time_utc - self.incident_url = None - self.incident_number = None - self.labels = labels - self.last_activity_time_utc = last_activity_time_utc - self.last_modified_time_utc = None - self.owner = owner - self.related_analytic_rule_ids = None - self.severity = severity - self.status = status - self.title = title + super().__init__(**kwargs) + self.next_link = None + self.value = value -class IncidentAdditionalData(msrest.serialization.Model): - """Incident additional data property bag. +class BookmarkTimelineItem(EntityTimelineItem): + """Represents bookmark timeline item. - Variables are only populated by the server, and will be ignored when sending a request. + All required parameters must be populated in order to send to Azure. - :ivar alerts_count: The number of alerts in the incident. - :vartype alerts_count: int - :ivar bookmarks_count: The number of bookmarks in the incident. - :vartype bookmarks_count: int - :ivar comments_count: The number of comments in the incident. - :vartype comments_count: int - :ivar alert_product_names: List of product names of alerts in the incident. - :vartype alert_product_names: list[str] - :ivar tactics: The tactics associated with incident. - :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar kind: The entity query kind type. Required. Known values are: "Activity", "Bookmark", + "SecurityAlert", and "Anomaly". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityTimelineKind + :ivar azure_resource_id: The bookmark azure resource id. Required. + :vartype azure_resource_id: str + :ivar display_name: The bookmark display name. + :vartype display_name: str + :ivar notes: The notes of the bookmark. + :vartype notes: str + :ivar end_time_utc: The bookmark end time. + :vartype end_time_utc: ~datetime.datetime + :ivar start_time_utc: The bookmark start time. + :vartype start_time_utc: ~datetime.datetime + :ivar event_time: The bookmark event time. + :vartype event_time: ~datetime.datetime + :ivar created_by: Describes a user that created the bookmark. + :vartype created_by: ~azure.mgmt.securityinsight.models.UserInfo + :ivar labels: List of labels relevant to this bookmark. + :vartype labels: list[str] """ _validation = { - 'alerts_count': {'readonly': True}, - 'bookmarks_count': {'readonly': True}, - 'comments_count': {'readonly': True}, - 'alert_product_names': {'readonly': True}, - 'tactics': {'readonly': True}, + "kind": {"required": True}, + "azure_resource_id": {"required": True}, } _attribute_map = { - 'alerts_count': {'key': 'alertsCount', 'type': 'int'}, - 'bookmarks_count': {'key': 'bookmarksCount', 'type': 'int'}, - 'comments_count': {'key': 'commentsCount', 'type': 'int'}, - 'alert_product_names': {'key': 'alertProductNames', 'type': '[str]'}, - 'tactics': {'key': 'tactics', 'type': '[str]'}, + "kind": {"key": "kind", "type": "str"}, + "azure_resource_id": {"key": "azureResourceId", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "notes": {"key": "notes", "type": "str"}, + "end_time_utc": {"key": "endTimeUtc", "type": "iso-8601"}, + "start_time_utc": {"key": "startTimeUtc", "type": "iso-8601"}, + "event_time": {"key": "eventTime", "type": "iso-8601"}, + "created_by": {"key": "createdBy", "type": "UserInfo"}, + "labels": {"key": "labels", "type": "[str]"}, } def __init__( self, + *, + azure_resource_id: str, + display_name: Optional[str] = None, + notes: Optional[str] = None, + end_time_utc: Optional[datetime.datetime] = None, + start_time_utc: Optional[datetime.datetime] = None, + event_time: Optional[datetime.datetime] = None, + created_by: Optional["_models.UserInfo"] = None, + labels: Optional[List[str]] = None, **kwargs ): """ + :keyword azure_resource_id: The bookmark azure resource id. Required. + :paramtype azure_resource_id: str + :keyword display_name: The bookmark display name. + :paramtype display_name: str + :keyword notes: The notes of the bookmark. + :paramtype notes: str + :keyword end_time_utc: The bookmark end time. + :paramtype end_time_utc: ~datetime.datetime + :keyword start_time_utc: The bookmark start time. + :paramtype start_time_utc: ~datetime.datetime + :keyword event_time: The bookmark event time. + :paramtype event_time: ~datetime.datetime + :keyword created_by: Describes a user that created the bookmark. + :paramtype created_by: ~azure.mgmt.securityinsight.models.UserInfo + :keyword labels: List of labels relevant to this bookmark. + :paramtype labels: list[str] """ - super(IncidentAdditionalData, self).__init__(**kwargs) - self.alerts_count = None - self.bookmarks_count = None - self.comments_count = None - self.alert_product_names = None - self.tactics = None + super().__init__(**kwargs) + self.kind = "Bookmark" # type: str + self.azure_resource_id = azure_resource_id + self.display_name = display_name + self.notes = notes + self.end_time_utc = end_time_utc + self.start_time_utc = start_time_utc + self.event_time = event_time + self.created_by = created_by + self.labels = labels -class IncidentAlertList(msrest.serialization.Model): - """List of incident alerts. +class BooleanConditionProperties(AutomationRuleCondition): + """Describes an automation rule condition that applies a boolean operator (e.g AND, OR) to conditions. All required parameters must be populated in order to send to Azure. - :ivar value: Required. Array of incident alerts. - :vartype value: list[~azure.mgmt.securityinsight.models.SecurityAlert] + :ivar condition_type: Required. Known values are: "Property", "PropertyArray", + "PropertyChanged", "PropertyArrayChanged", and "Boolean". + :vartype condition_type: str or ~azure.mgmt.securityinsight.models.ConditionType + :ivar condition_properties: + :vartype condition_properties: + ~azure.mgmt.securityinsight.models.AutomationRuleBooleanCondition """ _validation = { - 'value': {'required': True}, + "condition_type": {"required": True}, } _attribute_map = { - 'value': {'key': 'value', 'type': '[SecurityAlert]'}, + "condition_type": {"key": "conditionType", "type": "str"}, + "condition_properties": {"key": "conditionProperties", "type": "AutomationRuleBooleanCondition"}, } - def __init__( - self, - *, - value: List["_models.SecurityAlert"], - **kwargs - ): + def __init__(self, *, condition_properties: Optional["_models.AutomationRuleBooleanCondition"] = None, **kwargs): """ - :keyword value: Required. Array of incident alerts. - :paramtype value: list[~azure.mgmt.securityinsight.models.SecurityAlert] + :keyword condition_properties: + :paramtype condition_properties: + ~azure.mgmt.securityinsight.models.AutomationRuleBooleanCondition """ - super(IncidentAlertList, self).__init__(**kwargs) - self.value = value - + super().__init__(**kwargs) + self.condition_type = "Boolean" # type: str + self.condition_properties = condition_properties -class IncidentBookmarkList(msrest.serialization.Model): - """List of incident bookmarks. - All required parameters must be populated in order to send to Azure. +class ClientInfo(_serialization.Model): + """Information on the client (user or application) that made some action. - :ivar value: Required. Array of incident bookmarks. - :vartype value: list[~azure.mgmt.securityinsight.models.HuntingBookmark] + :ivar email: The email of the client. + :vartype email: str + :ivar name: The name of the client. + :vartype name: str + :ivar object_id: The object id of the client. + :vartype object_id: str + :ivar user_principal_name: The user principal name of the client. + :vartype user_principal_name: str """ - _validation = { - 'value': {'required': True}, - } - _attribute_map = { - 'value': {'key': 'value', 'type': '[HuntingBookmark]'}, + "email": {"key": "email", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "object_id": {"key": "objectId", "type": "str"}, + "user_principal_name": {"key": "userPrincipalName", "type": "str"}, } def __init__( self, *, - value: List["_models.HuntingBookmark"], + email: Optional[str] = None, + name: Optional[str] = None, + object_id: Optional[str] = None, + user_principal_name: Optional[str] = None, **kwargs ): """ - :keyword value: Required. Array of incident bookmarks. - :paramtype value: list[~azure.mgmt.securityinsight.models.HuntingBookmark] + :keyword email: The email of the client. + :paramtype email: str + :keyword name: The name of the client. + :paramtype name: str + :keyword object_id: The object id of the client. + :paramtype object_id: str + :keyword user_principal_name: The user principal name of the client. + :paramtype user_principal_name: str """ - super(IncidentBookmarkList, self).__init__(**kwargs) - self.value = value + super().__init__(**kwargs) + self.email = email + self.name = name + self.object_id = object_id + self.user_principal_name = user_principal_name -class IncidentComment(ResourceWithEtag): - """Represents an incident comment. +class CloudApplicationEntity(Entity): + """Represents a cloud application entity. Variables are only populated by the server, and will be ignored when sending a request. + All required parameters must be populated in order to send to Azure. + :ivar id: Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. :vartype id: str @@ -4100,918 +4662,1645 @@ class IncidentComment(ResourceWithEtag): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar created_time_utc: The time the comment was created. - :vartype created_time_utc: ~datetime.datetime - :ivar last_modified_time_utc: The time the comment was updated. - :vartype last_modified_time_utc: ~datetime.datetime - :ivar message: The comment message. - :vartype message: str - :ivar author: Describes the client that created the comment. - :vartype author: ~azure.mgmt.securityinsight.models.ClientInfo + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar app_id: The technical identifier of the application. + :vartype app_id: int + :ivar app_name: The name of the related cloud application. + :vartype app_name: str + :ivar instance_name: The user defined instance name of the cloud application. It is often used + to distinguish between several applications of the same type that a customer has. + :vartype instance_name: str """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'created_time_utc': {'readonly': True}, - 'last_modified_time_utc': {'readonly': True}, - 'author': {'readonly': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "app_id": {"readonly": True}, + "app_name": {"readonly": True}, + "instance_name": {"readonly": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'etag': {'key': 'etag', 'type': 'str'}, - 'created_time_utc': {'key': 'properties.createdTimeUtc', 'type': 'iso-8601'}, - 'last_modified_time_utc': {'key': 'properties.lastModifiedTimeUtc', 'type': 'iso-8601'}, - 'message': {'key': 'properties.message', 'type': 'str'}, - 'author': {'key': 'properties.author', 'type': 'ClientInfo'}, - } + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "app_id": {"key": "properties.appId", "type": "int"}, + "app_name": {"key": "properties.appName", "type": "str"}, + "instance_name": {"key": "properties.instanceName", "type": "str"}, + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.kind = "CloudApplication" # type: str + self.additional_data = None + self.friendly_name = None + self.app_id = None + self.app_name = None + self.instance_name = None - def __init__( - self, - *, - etag: Optional[str] = None, - message: Optional[str] = None, - **kwargs - ): - """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword message: The comment message. - :paramtype message: str - """ - super(IncidentComment, self).__init__(etag=etag, **kwargs) - self.created_time_utc = None - self.last_modified_time_utc = None - self.message = message - self.author = None +class CloudApplicationEntityProperties(EntityCommonProperties): + """CloudApplication entity property bag. + + Variables are only populated by the server, and will be ignored when sending a request. -class IncidentCommentList(msrest.serialization.Model): - """List of incident comments. + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar app_id: The technical identifier of the application. + :vartype app_id: int + :ivar app_name: The name of the related cloud application. + :vartype app_name: str + :ivar instance_name: The user defined instance name of the cloud application. It is often used + to distinguish between several applications of the same type that a customer has. + :vartype instance_name: str + """ + + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "app_id": {"readonly": True}, + "app_name": {"readonly": True}, + "instance_name": {"readonly": True}, + } + + _attribute_map = { + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "app_id": {"key": "appId", "type": "int"}, + "app_name": {"key": "appName", "type": "str"}, + "instance_name": {"key": "instanceName", "type": "str"}, + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.app_id = None + self.app_name = None + self.instance_name = None + + +class CloudErrorBody(_serialization.Model): + """Error details. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar code: An identifier for the error. Codes are invariant and are intended to be consumed + programmatically. + :vartype code: str + :ivar message: A message describing the error, intended to be suitable for display in a user + interface. + :vartype message: str + """ + + _validation = { + "code": {"readonly": True}, + "message": {"readonly": True}, + } + + _attribute_map = { + "code": {"key": "code", "type": "str"}, + "message": {"key": "message", "type": "str"}, + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.code = None + self.message = None + + +class CodelessApiPollingDataConnector(DataConnector): + """Represents Codeless API Polling data connector. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar next_link: URL to fetch the next set of comments. - :vartype next_link: str - :ivar value: Required. Array of comments. - :vartype value: list[~azure.mgmt.securityinsight.models.IncidentComment] + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar connector_ui_config: Config to describe the instructions blade. + :vartype connector_ui_config: + ~azure.mgmt.securityinsight.models.CodelessUiConnectorConfigProperties + :ivar polling_config: Config to describe the polling instructions. + :vartype polling_config: + ~azure.mgmt.securityinsight.models.CodelessConnectorPollingConfigProperties """ _validation = { - 'next_link': {'readonly': True}, - 'value': {'required': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, } _attribute_map = { - 'next_link': {'key': 'nextLink', 'type': 'str'}, - 'value': {'key': 'value', 'type': '[IncidentComment]'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "connector_ui_config": {"key": "properties.connectorUiConfig", "type": "CodelessUiConnectorConfigProperties"}, + "polling_config": {"key": "properties.pollingConfig", "type": "CodelessConnectorPollingConfigProperties"}, } def __init__( self, *, - value: List["_models.IncidentComment"], + etag: Optional[str] = None, + connector_ui_config: Optional["_models.CodelessUiConnectorConfigProperties"] = None, + polling_config: Optional["_models.CodelessConnectorPollingConfigProperties"] = None, **kwargs ): """ - :keyword value: Required. Array of comments. - :paramtype value: list[~azure.mgmt.securityinsight.models.IncidentComment] + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword connector_ui_config: Config to describe the instructions blade. + :paramtype connector_ui_config: + ~azure.mgmt.securityinsight.models.CodelessUiConnectorConfigProperties + :keyword polling_config: Config to describe the polling instructions. + :paramtype polling_config: + ~azure.mgmt.securityinsight.models.CodelessConnectorPollingConfigProperties """ - super(IncidentCommentList, self).__init__(**kwargs) - self.next_link = None - self.value = value + super().__init__(etag=etag, **kwargs) + self.kind = "APIPolling" # type: str + self.connector_ui_config = connector_ui_config + self.polling_config = polling_config -class IncidentConfiguration(msrest.serialization.Model): - """Incident Configuration property bag. +class CodelessConnectorPollingAuthProperties(_serialization.Model): # pylint: disable=too-many-instance-attributes + """Describe the authentication properties needed to successfully authenticate with the server. All required parameters must be populated in order to send to Azure. - :ivar create_incident: Required. Create incidents from alerts triggered by this analytics rule. - :vartype create_incident: bool - :ivar grouping_configuration: Set how the alerts that are triggered by this analytics rule, are - grouped into incidents. - :vartype grouping_configuration: ~azure.mgmt.securityinsight.models.GroupingConfiguration + :ivar auth_type: The authentication type. Required. + :vartype auth_type: str + :ivar api_key_name: The header name which the token is sent with. + :vartype api_key_name: str + :ivar api_key_identifier: A prefix send in the header before the actual token. + :vartype api_key_identifier: str + :ivar is_api_key_in_post_payload: Marks if the key should sent in header. + :vartype is_api_key_in_post_payload: str + :ivar flow_name: Describes the flow name, for example 'AuthCode' for Oauth 2.0. + :vartype flow_name: str + :ivar token_endpoint: The endpoint used to issue a token, used in Oauth 2.0 flow. + :vartype token_endpoint: str + :ivar authorization_endpoint: The endpoint used to authorize the user, used in Oauth 2.0 flow. + :vartype authorization_endpoint: str + :ivar authorization_endpoint_query_parameters: The query parameters used in authorization + request, used in Oauth 2.0 flow. + :vartype authorization_endpoint_query_parameters: JSON + :ivar redirection_endpoint: The redirect endpoint where we will get the authorization code, + used in Oauth 2.0 flow. + :vartype redirection_endpoint: str + :ivar token_endpoint_headers: The query headers used in token request, used in Oauth 2.0 flow. + :vartype token_endpoint_headers: JSON + :ivar token_endpoint_query_parameters: The query parameters used in token request, used in + Oauth 2.0 flow. + :vartype token_endpoint_query_parameters: JSON + :ivar is_client_secret_in_header: Marks if we should send the client secret in header or + payload, used in Oauth 2.0 flow. + :vartype is_client_secret_in_header: bool + :ivar scope: The OAuth token scope. + :vartype scope: str """ _validation = { - 'create_incident': {'required': True}, + "auth_type": {"required": True}, } _attribute_map = { - 'create_incident': {'key': 'createIncident', 'type': 'bool'}, - 'grouping_configuration': {'key': 'groupingConfiguration', 'type': 'GroupingConfiguration'}, + "auth_type": {"key": "authType", "type": "str"}, + "api_key_name": {"key": "apiKeyName", "type": "str"}, + "api_key_identifier": {"key": "apiKeyIdentifier", "type": "str"}, + "is_api_key_in_post_payload": {"key": "isApiKeyInPostPayload", "type": "str"}, + "flow_name": {"key": "flowName", "type": "str"}, + "token_endpoint": {"key": "tokenEndpoint", "type": "str"}, + "authorization_endpoint": {"key": "authorizationEndpoint", "type": "str"}, + "authorization_endpoint_query_parameters": {"key": "authorizationEndpointQueryParameters", "type": "object"}, + "redirection_endpoint": {"key": "redirectionEndpoint", "type": "str"}, + "token_endpoint_headers": {"key": "tokenEndpointHeaders", "type": "object"}, + "token_endpoint_query_parameters": {"key": "tokenEndpointQueryParameters", "type": "object"}, + "is_client_secret_in_header": {"key": "isClientSecretInHeader", "type": "bool"}, + "scope": {"key": "scope", "type": "str"}, } def __init__( self, *, - create_incident: bool, - grouping_configuration: Optional["_models.GroupingConfiguration"] = None, + auth_type: str, + api_key_name: Optional[str] = None, + api_key_identifier: Optional[str] = None, + is_api_key_in_post_payload: Optional[str] = None, + flow_name: Optional[str] = None, + token_endpoint: Optional[str] = None, + authorization_endpoint: Optional[str] = None, + authorization_endpoint_query_parameters: Optional[JSON] = None, + redirection_endpoint: Optional[str] = None, + token_endpoint_headers: Optional[JSON] = None, + token_endpoint_query_parameters: Optional[JSON] = None, + is_client_secret_in_header: Optional[bool] = None, + scope: Optional[str] = None, **kwargs ): """ - :keyword create_incident: Required. Create incidents from alerts triggered by this analytics - rule. - :paramtype create_incident: bool - :keyword grouping_configuration: Set how the alerts that are triggered by this analytics rule, - are grouped into incidents. - :paramtype grouping_configuration: ~azure.mgmt.securityinsight.models.GroupingConfiguration - """ - super(IncidentConfiguration, self).__init__(**kwargs) - self.create_incident = create_incident - self.grouping_configuration = grouping_configuration + :keyword auth_type: The authentication type. Required. + :paramtype auth_type: str + :keyword api_key_name: The header name which the token is sent with. + :paramtype api_key_name: str + :keyword api_key_identifier: A prefix send in the header before the actual token. + :paramtype api_key_identifier: str + :keyword is_api_key_in_post_payload: Marks if the key should sent in header. + :paramtype is_api_key_in_post_payload: str + :keyword flow_name: Describes the flow name, for example 'AuthCode' for Oauth 2.0. + :paramtype flow_name: str + :keyword token_endpoint: The endpoint used to issue a token, used in Oauth 2.0 flow. + :paramtype token_endpoint: str + :keyword authorization_endpoint: The endpoint used to authorize the user, used in Oauth 2.0 + flow. + :paramtype authorization_endpoint: str + :keyword authorization_endpoint_query_parameters: The query parameters used in authorization + request, used in Oauth 2.0 flow. + :paramtype authorization_endpoint_query_parameters: JSON + :keyword redirection_endpoint: The redirect endpoint where we will get the authorization code, + used in Oauth 2.0 flow. + :paramtype redirection_endpoint: str + :keyword token_endpoint_headers: The query headers used in token request, used in Oauth 2.0 + flow. + :paramtype token_endpoint_headers: JSON + :keyword token_endpoint_query_parameters: The query parameters used in token request, used in + Oauth 2.0 flow. + :paramtype token_endpoint_query_parameters: JSON + :keyword is_client_secret_in_header: Marks if we should send the client secret in header or + payload, used in Oauth 2.0 flow. + :paramtype is_client_secret_in_header: bool + :keyword scope: The OAuth token scope. + :paramtype scope: str + """ + super().__init__(**kwargs) + self.auth_type = auth_type + self.api_key_name = api_key_name + self.api_key_identifier = api_key_identifier + self.is_api_key_in_post_payload = is_api_key_in_post_payload + self.flow_name = flow_name + self.token_endpoint = token_endpoint + self.authorization_endpoint = authorization_endpoint + self.authorization_endpoint_query_parameters = authorization_endpoint_query_parameters + self.redirection_endpoint = redirection_endpoint + self.token_endpoint_headers = token_endpoint_headers + self.token_endpoint_query_parameters = token_endpoint_query_parameters + self.is_client_secret_in_header = is_client_secret_in_header + self.scope = scope + + +class CodelessConnectorPollingConfigProperties(_serialization.Model): + """Config to describe the polling config for API poller connector. + All required parameters must be populated in order to send to Azure. -class IncidentEntitiesResponse(msrest.serialization.Model): - """The incident related entities response. - - :ivar entities: Array of the incident related entities. - :vartype entities: list[~azure.mgmt.securityinsight.models.Entity] - :ivar meta_data: The metadata from the incident related entities results. - :vartype meta_data: list[~azure.mgmt.securityinsight.models.IncidentEntitiesResultsMetadata] + :ivar is_active: The poller active status. + :vartype is_active: bool + :ivar auth: Describe the authentication type of the poller. Required. + :vartype auth: ~azure.mgmt.securityinsight.models.CodelessConnectorPollingAuthProperties + :ivar request: Describe the poll request config parameters of the poller. Required. + :vartype request: ~azure.mgmt.securityinsight.models.CodelessConnectorPollingRequestProperties + :ivar paging: Describe the poll request paging config of the poller. + :vartype paging: ~azure.mgmt.securityinsight.models.CodelessConnectorPollingPagingProperties + :ivar response: Describe the response config parameters of the poller. + :vartype response: + ~azure.mgmt.securityinsight.models.CodelessConnectorPollingResponseProperties """ + _validation = { + "auth": {"required": True}, + "request": {"required": True}, + } + _attribute_map = { - 'entities': {'key': 'entities', 'type': '[Entity]'}, - 'meta_data': {'key': 'metaData', 'type': '[IncidentEntitiesResultsMetadata]'}, + "is_active": {"key": "isActive", "type": "bool"}, + "auth": {"key": "auth", "type": "CodelessConnectorPollingAuthProperties"}, + "request": {"key": "request", "type": "CodelessConnectorPollingRequestProperties"}, + "paging": {"key": "paging", "type": "CodelessConnectorPollingPagingProperties"}, + "response": {"key": "response", "type": "CodelessConnectorPollingResponseProperties"}, } def __init__( self, *, - entities: Optional[List["_models.Entity"]] = None, - meta_data: Optional[List["_models.IncidentEntitiesResultsMetadata"]] = None, + auth: "_models.CodelessConnectorPollingAuthProperties", + request: "_models.CodelessConnectorPollingRequestProperties", + is_active: Optional[bool] = None, + paging: Optional["_models.CodelessConnectorPollingPagingProperties"] = None, + response: Optional["_models.CodelessConnectorPollingResponseProperties"] = None, **kwargs ): """ - :keyword entities: Array of the incident related entities. - :paramtype entities: list[~azure.mgmt.securityinsight.models.Entity] - :keyword meta_data: The metadata from the incident related entities results. - :paramtype meta_data: list[~azure.mgmt.securityinsight.models.IncidentEntitiesResultsMetadata] - """ - super(IncidentEntitiesResponse, self).__init__(**kwargs) - self.entities = entities - self.meta_data = meta_data - - -class IncidentEntitiesResultsMetadata(msrest.serialization.Model): - """Information of a specific aggregation in the incident related entities result. + :keyword is_active: The poller active status. + :paramtype is_active: bool + :keyword auth: Describe the authentication type of the poller. Required. + :paramtype auth: ~azure.mgmt.securityinsight.models.CodelessConnectorPollingAuthProperties + :keyword request: Describe the poll request config parameters of the poller. Required. + :paramtype request: + ~azure.mgmt.securityinsight.models.CodelessConnectorPollingRequestProperties + :keyword paging: Describe the poll request paging config of the poller. + :paramtype paging: ~azure.mgmt.securityinsight.models.CodelessConnectorPollingPagingProperties + :keyword response: Describe the response config parameters of the poller. + :paramtype response: + ~azure.mgmt.securityinsight.models.CodelessConnectorPollingResponseProperties + """ + super().__init__(**kwargs) + self.is_active = is_active + self.auth = auth + self.request = request + self.paging = paging + self.response = response + + +class CodelessConnectorPollingPagingProperties(_serialization.Model): + """Describe the properties needed to make a pagination call. All required parameters must be populated in order to send to Azure. - :ivar count: Required. Total number of aggregations of the given kind in the incident related - entities result. - :vartype count: int - :ivar entity_kind: Required. The kind of the aggregated entity. Known values are: "Account", - "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", - "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", - "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail". - :vartype entity_kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar paging_type: Describes the type. could be 'None', 'PageToken', 'PageCount', 'TimeStamp'. + Required. + :vartype paging_type: str + :ivar next_page_para_name: Defines the name of a next page attribute. + :vartype next_page_para_name: str + :ivar next_page_token_json_path: Defines the path to a next page token JSON. + :vartype next_page_token_json_path: str + :ivar page_count_attribute_path: Defines the path to a page count attribute. + :vartype page_count_attribute_path: str + :ivar page_total_count_attribute_path: Defines the path to a page total count attribute. + :vartype page_total_count_attribute_path: str + :ivar page_time_stamp_attribute_path: Defines the path to a paging time stamp attribute. + :vartype page_time_stamp_attribute_path: str + :ivar search_the_latest_time_stamp_from_events_list: Determines whether to search for the + latest time stamp in the events list. + :vartype search_the_latest_time_stamp_from_events_list: str + :ivar page_size_para_name: Defines the name of the page size parameter. + :vartype page_size_para_name: str + :ivar page_size: Defines the paging size. + :vartype page_size: int """ _validation = { - 'count': {'required': True}, - 'entity_kind': {'required': True}, + "paging_type": {"required": True}, } _attribute_map = { - 'count': {'key': 'count', 'type': 'int'}, - 'entity_kind': {'key': 'entityKind', 'type': 'str'}, + "paging_type": {"key": "pagingType", "type": "str"}, + "next_page_para_name": {"key": "nextPageParaName", "type": "str"}, + "next_page_token_json_path": {"key": "nextPageTokenJsonPath", "type": "str"}, + "page_count_attribute_path": {"key": "pageCountAttributePath", "type": "str"}, + "page_total_count_attribute_path": {"key": "pageTotalCountAttributePath", "type": "str"}, + "page_time_stamp_attribute_path": {"key": "pageTimeStampAttributePath", "type": "str"}, + "search_the_latest_time_stamp_from_events_list": { + "key": "searchTheLatestTimeStampFromEventsList", + "type": "str", + }, + "page_size_para_name": {"key": "pageSizeParaName", "type": "str"}, + "page_size": {"key": "pageSize", "type": "int"}, } def __init__( self, *, - count: int, - entity_kind: Union[str, "_models.EntityKindEnum"], + paging_type: str, + next_page_para_name: Optional[str] = None, + next_page_token_json_path: Optional[str] = None, + page_count_attribute_path: Optional[str] = None, + page_total_count_attribute_path: Optional[str] = None, + page_time_stamp_attribute_path: Optional[str] = None, + search_the_latest_time_stamp_from_events_list: Optional[str] = None, + page_size_para_name: Optional[str] = None, + page_size: Optional[int] = None, **kwargs ): """ - :keyword count: Required. Total number of aggregations of the given kind in the incident - related entities result. - :paramtype count: int - :keyword entity_kind: Required. The kind of the aggregated entity. Known values are: "Account", - "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", - "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", - "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail". - :paramtype entity_kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :keyword paging_type: Describes the type. could be 'None', 'PageToken', 'PageCount', + 'TimeStamp'. Required. + :paramtype paging_type: str + :keyword next_page_para_name: Defines the name of a next page attribute. + :paramtype next_page_para_name: str + :keyword next_page_token_json_path: Defines the path to a next page token JSON. + :paramtype next_page_token_json_path: str + :keyword page_count_attribute_path: Defines the path to a page count attribute. + :paramtype page_count_attribute_path: str + :keyword page_total_count_attribute_path: Defines the path to a page total count attribute. + :paramtype page_total_count_attribute_path: str + :keyword page_time_stamp_attribute_path: Defines the path to a paging time stamp attribute. + :paramtype page_time_stamp_attribute_path: str + :keyword search_the_latest_time_stamp_from_events_list: Determines whether to search for the + latest time stamp in the events list. + :paramtype search_the_latest_time_stamp_from_events_list: str + :keyword page_size_para_name: Defines the name of the page size parameter. + :paramtype page_size_para_name: str + :keyword page_size: Defines the paging size. + :paramtype page_size: int """ - super(IncidentEntitiesResultsMetadata, self).__init__(**kwargs) - self.count = count - self.entity_kind = entity_kind + super().__init__(**kwargs) + self.paging_type = paging_type + self.next_page_para_name = next_page_para_name + self.next_page_token_json_path = next_page_token_json_path + self.page_count_attribute_path = page_count_attribute_path + self.page_total_count_attribute_path = page_total_count_attribute_path + self.page_time_stamp_attribute_path = page_time_stamp_attribute_path + self.search_the_latest_time_stamp_from_events_list = search_the_latest_time_stamp_from_events_list + self.page_size_para_name = page_size_para_name + self.page_size = page_size -class IncidentInfo(msrest.serialization.Model): - """Describes related incident information for the bookmark. +class CodelessConnectorPollingRequestProperties(_serialization.Model): # pylint: disable=too-many-instance-attributes + """Describe the request properties needed to successfully pull from the server. - :ivar incident_id: Incident Id. - :vartype incident_id: str - :ivar severity: The severity of the incident. Known values are: "High", "Medium", "Low", - "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity - :ivar title: The title of the incident. - :vartype title: str - :ivar relation_name: Relation Name. - :vartype relation_name: str + All required parameters must be populated in order to send to Azure. + + :ivar api_endpoint: Describe the endpoint we should pull the data from. Required. + :vartype api_endpoint: str + :ivar rate_limit_qps: Defines the rate limit QPS. + :vartype rate_limit_qps: int + :ivar query_window_in_min: The window interval we will use the pull the data. Required. + :vartype query_window_in_min: int + :ivar http_method: The http method type we will use in the poll request, GET or POST. Required. + :vartype http_method: str + :ivar query_time_format: The time format will be used the query events in a specific window. + Required. + :vartype query_time_format: str + :ivar retry_count: Describe the amount of time we should try and poll the data in case of + failure. + :vartype retry_count: int + :ivar timeout_in_seconds: The number of seconds we will consider as a request timeout. + :vartype timeout_in_seconds: int + :ivar headers: Describe the headers sent in the poll request. + :vartype headers: JSON + :ivar query_parameters: Describe the query parameters sent in the poll request. + :vartype query_parameters: JSON + :ivar query_parameters_template: For advanced scenarios for example user name/password embedded + in nested JSON payload. + :vartype query_parameters_template: str + :ivar start_time_attribute_name: This will be used the query events from a start of the time + window. + :vartype start_time_attribute_name: str + :ivar end_time_attribute_name: This will be used the query events from the end of the time + window. + :vartype end_time_attribute_name: str """ + _validation = { + "api_endpoint": {"required": True}, + "query_window_in_min": {"required": True}, + "http_method": {"required": True}, + "query_time_format": {"required": True}, + } + _attribute_map = { - 'incident_id': {'key': 'incidentId', 'type': 'str'}, - 'severity': {'key': 'severity', 'type': 'str'}, - 'title': {'key': 'title', 'type': 'str'}, - 'relation_name': {'key': 'relationName', 'type': 'str'}, + "api_endpoint": {"key": "apiEndpoint", "type": "str"}, + "rate_limit_qps": {"key": "rateLimitQps", "type": "int"}, + "query_window_in_min": {"key": "queryWindowInMin", "type": "int"}, + "http_method": {"key": "httpMethod", "type": "str"}, + "query_time_format": {"key": "queryTimeFormat", "type": "str"}, + "retry_count": {"key": "retryCount", "type": "int"}, + "timeout_in_seconds": {"key": "timeoutInSeconds", "type": "int"}, + "headers": {"key": "headers", "type": "object"}, + "query_parameters": {"key": "queryParameters", "type": "object"}, + "query_parameters_template": {"key": "queryParametersTemplate", "type": "str"}, + "start_time_attribute_name": {"key": "startTimeAttributeName", "type": "str"}, + "end_time_attribute_name": {"key": "endTimeAttributeName", "type": "str"}, } def __init__( self, *, - incident_id: Optional[str] = None, - severity: Optional[Union[str, "_models.IncidentSeverity"]] = None, - title: Optional[str] = None, - relation_name: Optional[str] = None, + api_endpoint: str, + query_window_in_min: int, + http_method: str, + query_time_format: str, + rate_limit_qps: Optional[int] = None, + retry_count: Optional[int] = None, + timeout_in_seconds: Optional[int] = None, + headers: Optional[JSON] = None, + query_parameters: Optional[JSON] = None, + query_parameters_template: Optional[str] = None, + start_time_attribute_name: Optional[str] = None, + end_time_attribute_name: Optional[str] = None, **kwargs ): """ - :keyword incident_id: Incident Id. - :paramtype incident_id: str - :keyword severity: The severity of the incident. Known values are: "High", "Medium", "Low", - "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity - :keyword title: The title of the incident. - :paramtype title: str - :keyword relation_name: Relation Name. - :paramtype relation_name: str - """ - super(IncidentInfo, self).__init__(**kwargs) - self.incident_id = incident_id - self.severity = severity - self.title = title - self.relation_name = relation_name - - -class IncidentLabel(msrest.serialization.Model): - """Represents an incident label. - - Variables are only populated by the server, and will be ignored when sending a request. + :keyword api_endpoint: Describe the endpoint we should pull the data from. Required. + :paramtype api_endpoint: str + :keyword rate_limit_qps: Defines the rate limit QPS. + :paramtype rate_limit_qps: int + :keyword query_window_in_min: The window interval we will use the pull the data. Required. + :paramtype query_window_in_min: int + :keyword http_method: The http method type we will use in the poll request, GET or POST. + Required. + :paramtype http_method: str + :keyword query_time_format: The time format will be used the query events in a specific window. + Required. + :paramtype query_time_format: str + :keyword retry_count: Describe the amount of time we should try and poll the data in case of + failure. + :paramtype retry_count: int + :keyword timeout_in_seconds: The number of seconds we will consider as a request timeout. + :paramtype timeout_in_seconds: int + :keyword headers: Describe the headers sent in the poll request. + :paramtype headers: JSON + :keyword query_parameters: Describe the query parameters sent in the poll request. + :paramtype query_parameters: JSON + :keyword query_parameters_template: For advanced scenarios for example user name/password + embedded in nested JSON payload. + :paramtype query_parameters_template: str + :keyword start_time_attribute_name: This will be used the query events from a start of the time + window. + :paramtype start_time_attribute_name: str + :keyword end_time_attribute_name: This will be used the query events from the end of the time + window. + :paramtype end_time_attribute_name: str + """ + super().__init__(**kwargs) + self.api_endpoint = api_endpoint + self.rate_limit_qps = rate_limit_qps + self.query_window_in_min = query_window_in_min + self.http_method = http_method + self.query_time_format = query_time_format + self.retry_count = retry_count + self.timeout_in_seconds = timeout_in_seconds + self.headers = headers + self.query_parameters = query_parameters + self.query_parameters_template = query_parameters_template + self.start_time_attribute_name = start_time_attribute_name + self.end_time_attribute_name = end_time_attribute_name + + +class CodelessConnectorPollingResponseProperties(_serialization.Model): + """Describes the response from the external server. All required parameters must be populated in order to send to Azure. - :ivar label_name: Required. The name of the label. - :vartype label_name: str - :ivar label_type: The type of the label. Known values are: "User", "AutoAssigned". - :vartype label_type: str or ~azure.mgmt.securityinsight.models.IncidentLabelType + :ivar events_json_paths: Describes the path we should extract the data in the response. + Required. + :vartype events_json_paths: list[str] + :ivar success_status_json_path: Describes the path we should extract the status code in the + response. + :vartype success_status_json_path: str + :ivar success_status_value: Describes the path we should extract the status value in the + response. + :vartype success_status_value: str + :ivar is_gzip_compressed: Describes if the data in the response is Gzip. + :vartype is_gzip_compressed: bool """ _validation = { - 'label_name': {'required': True}, - 'label_type': {'readonly': True}, + "events_json_paths": {"required": True}, } _attribute_map = { - 'label_name': {'key': 'labelName', 'type': 'str'}, - 'label_type': {'key': 'labelType', 'type': 'str'}, + "events_json_paths": {"key": "eventsJsonPaths", "type": "[str]"}, + "success_status_json_path": {"key": "successStatusJsonPath", "type": "str"}, + "success_status_value": {"key": "successStatusValue", "type": "str"}, + "is_gzip_compressed": {"key": "isGzipCompressed", "type": "bool"}, } def __init__( self, *, - label_name: str, + events_json_paths: List[str], + success_status_json_path: Optional[str] = None, + success_status_value: Optional[str] = None, + is_gzip_compressed: Optional[bool] = None, **kwargs ): """ - :keyword label_name: Required. The name of the label. - :paramtype label_name: str + :keyword events_json_paths: Describes the path we should extract the data in the response. + Required. + :paramtype events_json_paths: list[str] + :keyword success_status_json_path: Describes the path we should extract the status code in the + response. + :paramtype success_status_json_path: str + :keyword success_status_value: Describes the path we should extract the status value in the + response. + :paramtype success_status_value: str + :keyword is_gzip_compressed: Describes if the data in the response is Gzip. + :paramtype is_gzip_compressed: bool """ - super(IncidentLabel, self).__init__(**kwargs) - self.label_name = label_name - self.label_type = None + super().__init__(**kwargs) + self.events_json_paths = events_json_paths + self.success_status_json_path = success_status_json_path + self.success_status_value = success_status_value + self.is_gzip_compressed = is_gzip_compressed -class IncidentList(msrest.serialization.Model): - """List all the incidents. - - Variables are only populated by the server, and will be ignored when sending a request. +class CodelessUiConnectorConfigProperties(_serialization.Model): # pylint: disable=too-many-instance-attributes + """Config to describe the instructions blade. All required parameters must be populated in order to send to Azure. - :ivar next_link: URL to fetch the next set of incidents. - :vartype next_link: str - :ivar value: Required. Array of incidents. - :vartype value: list[~azure.mgmt.securityinsight.models.Incident] + :ivar title: Connector blade title. Required. + :vartype title: str + :ivar publisher: Connector publisher name. Required. + :vartype publisher: str + :ivar description_markdown: Connector description. Required. + :vartype description_markdown: str + :ivar custom_image: An optional custom image to be used when displaying the connector within + Azure Sentinel's connector's gallery. + :vartype custom_image: str + :ivar graph_queries_table_name: Name of the table the connector will insert the data to. + Required. + :vartype graph_queries_table_name: str + :ivar graph_queries: The graph query to show the current data status. Required. + :vartype graph_queries: + list[~azure.mgmt.securityinsight.models.CodelessUiConnectorConfigPropertiesGraphQueriesItem] + :ivar sample_queries: The sample queries for the connector. Required. + :vartype sample_queries: + list[~azure.mgmt.securityinsight.models.CodelessUiConnectorConfigPropertiesSampleQueriesItem] + :ivar data_types: Data types to check for last data received. Required. + :vartype data_types: + list[~azure.mgmt.securityinsight.models.CodelessUiConnectorConfigPropertiesDataTypesItem] + :ivar connectivity_criteria: Define the way the connector check connectivity. Required. + :vartype connectivity_criteria: + list[~azure.mgmt.securityinsight.models.CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem] + :ivar availability: Connector Availability Status. Required. + :vartype availability: ~azure.mgmt.securityinsight.models.Availability + :ivar permissions: Permissions required for the connector. Required. + :vartype permissions: ~azure.mgmt.securityinsight.models.Permissions + :ivar instruction_steps: Instruction steps to enable the connector. Required. + :vartype instruction_steps: + list[~azure.mgmt.securityinsight.models.CodelessUiConnectorConfigPropertiesInstructionStepsItem] """ _validation = { - 'next_link': {'readonly': True}, - 'value': {'required': True}, + "title": {"required": True}, + "publisher": {"required": True}, + "description_markdown": {"required": True}, + "graph_queries_table_name": {"required": True}, + "graph_queries": {"required": True}, + "sample_queries": {"required": True}, + "data_types": {"required": True}, + "connectivity_criteria": {"required": True}, + "availability": {"required": True}, + "permissions": {"required": True}, + "instruction_steps": {"required": True}, } _attribute_map = { - 'next_link': {'key': 'nextLink', 'type': 'str'}, - 'value': {'key': 'value', 'type': '[Incident]'}, + "title": {"key": "title", "type": "str"}, + "publisher": {"key": "publisher", "type": "str"}, + "description_markdown": {"key": "descriptionMarkdown", "type": "str"}, + "custom_image": {"key": "customImage", "type": "str"}, + "graph_queries_table_name": {"key": "graphQueriesTableName", "type": "str"}, + "graph_queries": {"key": "graphQueries", "type": "[CodelessUiConnectorConfigPropertiesGraphQueriesItem]"}, + "sample_queries": {"key": "sampleQueries", "type": "[CodelessUiConnectorConfigPropertiesSampleQueriesItem]"}, + "data_types": {"key": "dataTypes", "type": "[CodelessUiConnectorConfigPropertiesDataTypesItem]"}, + "connectivity_criteria": { + "key": "connectivityCriteria", + "type": "[CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem]", + }, + "availability": {"key": "availability", "type": "Availability"}, + "permissions": {"key": "permissions", "type": "Permissions"}, + "instruction_steps": { + "key": "instructionSteps", + "type": "[CodelessUiConnectorConfigPropertiesInstructionStepsItem]", + }, } def __init__( self, *, - value: List["_models.Incident"], + title: str, + publisher: str, + description_markdown: str, + graph_queries_table_name: str, + graph_queries: List["_models.CodelessUiConnectorConfigPropertiesGraphQueriesItem"], + sample_queries: List["_models.CodelessUiConnectorConfigPropertiesSampleQueriesItem"], + data_types: List["_models.CodelessUiConnectorConfigPropertiesDataTypesItem"], + connectivity_criteria: List["_models.CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem"], + availability: "_models.Availability", + permissions: "_models.Permissions", + instruction_steps: List["_models.CodelessUiConnectorConfigPropertiesInstructionStepsItem"], + custom_image: Optional[str] = None, **kwargs ): """ - :keyword value: Required. Array of incidents. - :paramtype value: list[~azure.mgmt.securityinsight.models.Incident] - """ - super(IncidentList, self).__init__(**kwargs) - self.next_link = None - self.value = value + :keyword title: Connector blade title. Required. + :paramtype title: str + :keyword publisher: Connector publisher name. Required. + :paramtype publisher: str + :keyword description_markdown: Connector description. Required. + :paramtype description_markdown: str + :keyword custom_image: An optional custom image to be used when displaying the connector within + Azure Sentinel's connector's gallery. + :paramtype custom_image: str + :keyword graph_queries_table_name: Name of the table the connector will insert the data to. + Required. + :paramtype graph_queries_table_name: str + :keyword graph_queries: The graph query to show the current data status. Required. + :paramtype graph_queries: + list[~azure.mgmt.securityinsight.models.CodelessUiConnectorConfigPropertiesGraphQueriesItem] + :keyword sample_queries: The sample queries for the connector. Required. + :paramtype sample_queries: + list[~azure.mgmt.securityinsight.models.CodelessUiConnectorConfigPropertiesSampleQueriesItem] + :keyword data_types: Data types to check for last data received. Required. + :paramtype data_types: + list[~azure.mgmt.securityinsight.models.CodelessUiConnectorConfigPropertiesDataTypesItem] + :keyword connectivity_criteria: Define the way the connector check connectivity. Required. + :paramtype connectivity_criteria: + list[~azure.mgmt.securityinsight.models.CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem] + :keyword availability: Connector Availability Status. Required. + :paramtype availability: ~azure.mgmt.securityinsight.models.Availability + :keyword permissions: Permissions required for the connector. Required. + :paramtype permissions: ~azure.mgmt.securityinsight.models.Permissions + :keyword instruction_steps: Instruction steps to enable the connector. Required. + :paramtype instruction_steps: + list[~azure.mgmt.securityinsight.models.CodelessUiConnectorConfigPropertiesInstructionStepsItem] + """ + super().__init__(**kwargs) + self.title = title + self.publisher = publisher + self.description_markdown = description_markdown + self.custom_image = custom_image + self.graph_queries_table_name = graph_queries_table_name + self.graph_queries = graph_queries + self.sample_queries = sample_queries + self.data_types = data_types + self.connectivity_criteria = connectivity_criteria + self.availability = availability + self.permissions = permissions + self.instruction_steps = instruction_steps -class IncidentOwnerInfo(msrest.serialization.Model): - """Information on the user an incident is assigned to. +class ConnectivityCriteria(_serialization.Model): + """Setting for the connector check connectivity. - :ivar email: The email of the user the incident is assigned to. - :vartype email: str - :ivar assigned_to: The name of the user the incident is assigned to. - :vartype assigned_to: str - :ivar object_id: The object id of the user the incident is assigned to. - :vartype object_id: str - :ivar user_principal_name: The user principal name of the user the incident is assigned to. - :vartype user_principal_name: str + :ivar type: type of connectivity. "IsConnectedQuery" + :vartype type: str or ~azure.mgmt.securityinsight.models.ConnectivityType + :ivar value: Queries for checking connectivity. + :vartype value: list[str] """ _attribute_map = { - 'email': {'key': 'email', 'type': 'str'}, - 'assigned_to': {'key': 'assignedTo', 'type': 'str'}, - 'object_id': {'key': 'objectId', 'type': 'str'}, - 'user_principal_name': {'key': 'userPrincipalName', 'type': 'str'}, + "type": {"key": "type", "type": "str"}, + "value": {"key": "value", "type": "[str]"}, } def __init__( self, *, - email: Optional[str] = None, - assigned_to: Optional[str] = None, - object_id: Optional[str] = None, - user_principal_name: Optional[str] = None, + type: Optional[Union[str, "_models.ConnectivityType"]] = None, + value: Optional[List[str]] = None, **kwargs ): """ - :keyword email: The email of the user the incident is assigned to. - :paramtype email: str - :keyword assigned_to: The name of the user the incident is assigned to. - :paramtype assigned_to: str - :keyword object_id: The object id of the user the incident is assigned to. - :paramtype object_id: str - :keyword user_principal_name: The user principal name of the user the incident is assigned to. - :paramtype user_principal_name: str + :keyword type: type of connectivity. "IsConnectedQuery" + :paramtype type: str or ~azure.mgmt.securityinsight.models.ConnectivityType + :keyword value: Queries for checking connectivity. + :paramtype value: list[str] """ - super(IncidentOwnerInfo, self).__init__(**kwargs) - self.email = email - self.assigned_to = assigned_to - self.object_id = object_id - self.user_principal_name = user_principal_name + super().__init__(**kwargs) + self.type = type + self.value = value -class IncidentOwnerInfoAutoGenerated(msrest.serialization.Model): - """Information on the user an incident is assigned to. +class CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem(ConnectivityCriteria): + """CodelessUiConnectorConfigPropertiesConnectivityCriteriaItem. - :ivar email: The email of the user the incident is assigned to. - :vartype email: str - :ivar assigned_to: The name of the user the incident is assigned to. - :vartype assigned_to: str - :ivar object_id: The object id of the user the incident is assigned to. - :vartype object_id: str - :ivar user_principal_name: The user principal name of the user the incident is assigned to. - :vartype user_principal_name: str - :ivar owner_type: The type of the owner the incident is assigned to. Known values are: - "Unknown", "User", "Group". - :vartype owner_type: str or ~azure.mgmt.securityinsight.models.OwnerType + :ivar type: type of connectivity. "IsConnectedQuery" + :vartype type: str or ~azure.mgmt.securityinsight.models.ConnectivityType + :ivar value: Queries for checking connectivity. + :vartype value: list[str] """ _attribute_map = { - 'email': {'key': 'email', 'type': 'str'}, - 'assigned_to': {'key': 'assignedTo', 'type': 'str'}, - 'object_id': {'key': 'objectId', 'type': 'str'}, - 'user_principal_name': {'key': 'userPrincipalName', 'type': 'str'}, - 'owner_type': {'key': 'ownerType', 'type': 'str'}, + "type": {"key": "type", "type": "str"}, + "value": {"key": "value", "type": "[str]"}, } def __init__( self, *, - email: Optional[str] = None, - assigned_to: Optional[str] = None, - object_id: Optional[str] = None, - user_principal_name: Optional[str] = None, - owner_type: Optional[Union[str, "_models.OwnerType"]] = None, + type: Optional[Union[str, "_models.ConnectivityType"]] = None, + value: Optional[List[str]] = None, **kwargs ): """ - :keyword email: The email of the user the incident is assigned to. - :paramtype email: str - :keyword assigned_to: The name of the user the incident is assigned to. - :paramtype assigned_to: str - :keyword object_id: The object id of the user the incident is assigned to. - :paramtype object_id: str - :keyword user_principal_name: The user principal name of the user the incident is assigned to. - :paramtype user_principal_name: str - :keyword owner_type: The type of the owner the incident is assigned to. Known values are: - "Unknown", "User", "Group". - :paramtype owner_type: str or ~azure.mgmt.securityinsight.models.OwnerType + :keyword type: type of connectivity. "IsConnectedQuery" + :paramtype type: str or ~azure.mgmt.securityinsight.models.ConnectivityType + :keyword value: Queries for checking connectivity. + :paramtype value: list[str] """ - super(IncidentOwnerInfoAutoGenerated, self).__init__(**kwargs) - self.email = email - self.assigned_to = assigned_to - self.object_id = object_id - self.user_principal_name = user_principal_name - self.owner_type = owner_type + super().__init__(type=type, value=value, **kwargs) -class IncidentPropertiesAction(msrest.serialization.Model): - """IncidentPropertiesAction. +class LastDataReceivedDataType(_serialization.Model): + """Data type for last data received. - :ivar severity: The severity of the incident. Known values are: "High", "Medium", "Low", - "Informational". - :vartype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity - :ivar status: The status of the incident. Known values are: "New", "Active", "Closed". - :vartype status: str or ~azure.mgmt.securityinsight.models.IncidentStatus - :ivar classification: The reason the incident was closed. Known values are: "Undetermined", - "TruePositive", "BenignPositive", "FalsePositive". - :vartype classification: str or ~azure.mgmt.securityinsight.models.IncidentClassification - :ivar classification_reason: The classification reason the incident was closed with. Known - values are: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", - "InaccurateData". - :vartype classification_reason: str or - ~azure.mgmt.securityinsight.models.IncidentClassificationReason - :ivar classification_comment: Describes the reason the incident was closed. - :vartype classification_comment: str - :ivar owner: Information on the user an incident is assigned to. - :vartype owner: ~azure.mgmt.securityinsight.models.IncidentOwnerInfoAutoGenerated - :ivar labels: List of labels to add to the incident. - :vartype labels: list[~azure.mgmt.securityinsight.models.IncidentLabel] + :ivar name: Name of the data type to show in the graph. can be use with + {{graphQueriesTableName}} placeholder. + :vartype name: str + :ivar last_data_received_query: Query for indicate last data received. + :vartype last_data_received_query: str """ _attribute_map = { - 'severity': {'key': 'severity', 'type': 'str'}, - 'status': {'key': 'status', 'type': 'str'}, - 'classification': {'key': 'classification', 'type': 'str'}, - 'classification_reason': {'key': 'classificationReason', 'type': 'str'}, - 'classification_comment': {'key': 'classificationComment', 'type': 'str'}, - 'owner': {'key': 'owner', 'type': 'IncidentOwnerInfoAutoGenerated'}, - 'labels': {'key': 'labels', 'type': '[IncidentLabel]'}, + "name": {"key": "name", "type": "str"}, + "last_data_received_query": {"key": "lastDataReceivedQuery", "type": "str"}, } - def __init__( - self, - *, - severity: Optional[Union[str, "_models.IncidentSeverity"]] = None, - status: Optional[Union[str, "_models.IncidentStatus"]] = None, - classification: Optional[Union[str, "_models.IncidentClassification"]] = None, - classification_reason: Optional[Union[str, "_models.IncidentClassificationReason"]] = None, - classification_comment: Optional[str] = None, - owner: Optional["_models.IncidentOwnerInfoAutoGenerated"] = None, - labels: Optional[List["_models.IncidentLabel"]] = None, - **kwargs - ): + def __init__(self, *, name: Optional[str] = None, last_data_received_query: Optional[str] = None, **kwargs): """ - :keyword severity: The severity of the incident. Known values are: "High", "Medium", "Low", - "Informational". - :paramtype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity - :keyword status: The status of the incident. Known values are: "New", "Active", "Closed". - :paramtype status: str or ~azure.mgmt.securityinsight.models.IncidentStatus - :keyword classification: The reason the incident was closed. Known values are: "Undetermined", - "TruePositive", "BenignPositive", "FalsePositive". - :paramtype classification: str or ~azure.mgmt.securityinsight.models.IncidentClassification - :keyword classification_reason: The classification reason the incident was closed with. Known - values are: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", - "InaccurateData". - :paramtype classification_reason: str or - ~azure.mgmt.securityinsight.models.IncidentClassificationReason - :keyword classification_comment: Describes the reason the incident was closed. - :paramtype classification_comment: str - :keyword owner: Information on the user an incident is assigned to. - :paramtype owner: ~azure.mgmt.securityinsight.models.IncidentOwnerInfoAutoGenerated - :keyword labels: List of labels to add to the incident. - :paramtype labels: list[~azure.mgmt.securityinsight.models.IncidentLabel] + :keyword name: Name of the data type to show in the graph. can be use with + {{graphQueriesTableName}} placeholder. + :paramtype name: str + :keyword last_data_received_query: Query for indicate last data received. + :paramtype last_data_received_query: str """ - super(IncidentPropertiesAction, self).__init__(**kwargs) - self.severity = severity - self.status = status - self.classification = classification - self.classification_reason = classification_reason - self.classification_comment = classification_comment - self.owner = owner - self.labels = labels - - -class IoTDeviceEntity(Entity): - """Represents an IoT device entity. + super().__init__(**kwargs) + self.name = name + self.last_data_received_query = last_data_received_query - Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. +class CodelessUiConnectorConfigPropertiesDataTypesItem(LastDataReceivedDataType): + """CodelessUiConnectorConfigPropertiesDataTypesItem. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. + :ivar name: Name of the data type to show in the graph. can be use with + {{graphQueriesTableName}} placeholder. :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: Required. The kind of the entity.Constant filled by server. Known values are: - "Account", "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", - "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", - "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", - "SubmissionMail". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar device_id: The ID of the IoT Device in the IoT Hub. - :vartype device_id: str - :ivar device_name: The friendly name of the device. - :vartype device_name: str - :ivar source: The source of the device. - :vartype source: str - :ivar iot_security_agent_id: The ID of the security agent running on the device. - :vartype iot_security_agent_id: str - :ivar device_type: The type of the device. - :vartype device_type: str - :ivar vendor: The vendor of the device. - :vartype vendor: str - :ivar edge_id: The ID of the edge device. - :vartype edge_id: str - :ivar mac_address: The MAC address of the device. - :vartype mac_address: str - :ivar model: The model of the device. - :vartype model: str - :ivar serial_number: The serial number of the device. - :vartype serial_number: str - :ivar firmware_version: The firmware version of the device. - :vartype firmware_version: str - :ivar operating_system: The operating system of the device. - :vartype operating_system: str - :ivar iot_hub_entity_id: The AzureResource entity id of the IoT Hub. - :vartype iot_hub_entity_id: str - :ivar host_entity_id: The Host entity id of this device. - :vartype host_entity_id: str - :ivar ip_address_entity_id: The IP entity if of this device. - :vartype ip_address_entity_id: str - :ivar threat_intelligence: A list of TI contexts attached to the IoTDevice entity. - :vartype threat_intelligence: list[~azure.mgmt.securityinsight.models.ThreatIntelligence] - :ivar protocols: A list of protocols of the IoTDevice entity. - :vartype protocols: list[str] + :ivar last_data_received_query: Query for indicate last data received. + :vartype last_data_received_query: str """ - _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'device_id': {'readonly': True}, - 'device_name': {'readonly': True}, - 'source': {'readonly': True}, - 'iot_security_agent_id': {'readonly': True}, - 'device_type': {'readonly': True}, - 'vendor': {'readonly': True}, - 'edge_id': {'readonly': True}, - 'mac_address': {'readonly': True}, - 'model': {'readonly': True}, - 'serial_number': {'readonly': True}, - 'firmware_version': {'readonly': True}, - 'operating_system': {'readonly': True}, - 'iot_hub_entity_id': {'readonly': True}, - 'host_entity_id': {'readonly': True}, - 'ip_address_entity_id': {'readonly': True}, - 'threat_intelligence': {'readonly': True}, - 'protocols': {'readonly': True}, - } - - _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, - 'device_id': {'key': 'properties.deviceId', 'type': 'str'}, - 'device_name': {'key': 'properties.deviceName', 'type': 'str'}, - 'source': {'key': 'properties.source', 'type': 'str'}, - 'iot_security_agent_id': {'key': 'properties.iotSecurityAgentId', 'type': 'str'}, - 'device_type': {'key': 'properties.deviceType', 'type': 'str'}, - 'vendor': {'key': 'properties.vendor', 'type': 'str'}, - 'edge_id': {'key': 'properties.edgeId', 'type': 'str'}, - 'mac_address': {'key': 'properties.macAddress', 'type': 'str'}, - 'model': {'key': 'properties.model', 'type': 'str'}, - 'serial_number': {'key': 'properties.serialNumber', 'type': 'str'}, - 'firmware_version': {'key': 'properties.firmwareVersion', 'type': 'str'}, - 'operating_system': {'key': 'properties.operatingSystem', 'type': 'str'}, - 'iot_hub_entity_id': {'key': 'properties.iotHubEntityId', 'type': 'str'}, - 'host_entity_id': {'key': 'properties.hostEntityId', 'type': 'str'}, - 'ip_address_entity_id': {'key': 'properties.ipAddressEntityId', 'type': 'str'}, - 'threat_intelligence': {'key': 'properties.threatIntelligence', 'type': '[ThreatIntelligence]'}, - 'protocols': {'key': 'properties.protocols', 'type': '[str]'}, - } - - def __init__( - self, - **kwargs - ): - """ - """ - super(IoTDeviceEntity, self).__init__(**kwargs) - self.kind = 'IoTDevice' # type: str - self.additional_data = None - self.friendly_name = None - self.device_id = None - self.device_name = None - self.source = None - self.iot_security_agent_id = None - self.device_type = None - self.vendor = None - self.edge_id = None - self.mac_address = None - self.model = None - self.serial_number = None - self.firmware_version = None - self.operating_system = None - self.iot_hub_entity_id = None - self.host_entity_id = None - self.ip_address_entity_id = None - self.threat_intelligence = None - self.protocols = None + _attribute_map = { + "name": {"key": "name", "type": "str"}, + "last_data_received_query": {"key": "lastDataReceivedQuery", "type": "str"}, + } + def __init__(self, *, name: Optional[str] = None, last_data_received_query: Optional[str] = None, **kwargs): + """ + :keyword name: Name of the data type to show in the graph. can be use with + {{graphQueriesTableName}} placeholder. + :paramtype name: str + :keyword last_data_received_query: Query for indicate last data received. + :paramtype last_data_received_query: str + """ + super().__init__(name=name, last_data_received_query=last_data_received_query, **kwargs) -class IoTDeviceEntityProperties(EntityCommonProperties): - """IoTDevice entity property bag. - Variables are only populated by the server, and will be ignored when sending a request. +class GraphQueries(_serialization.Model): + """The graph query to show the current data status. - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar device_id: The ID of the IoT Device in the IoT Hub. - :vartype device_id: str - :ivar device_name: The friendly name of the device. - :vartype device_name: str - :ivar source: The source of the device. - :vartype source: str - :ivar iot_security_agent_id: The ID of the security agent running on the device. - :vartype iot_security_agent_id: str - :ivar device_type: The type of the device. - :vartype device_type: str - :ivar vendor: The vendor of the device. - :vartype vendor: str - :ivar edge_id: The ID of the edge device. - :vartype edge_id: str - :ivar mac_address: The MAC address of the device. - :vartype mac_address: str - :ivar model: The model of the device. - :vartype model: str - :ivar serial_number: The serial number of the device. - :vartype serial_number: str - :ivar firmware_version: The firmware version of the device. - :vartype firmware_version: str - :ivar operating_system: The operating system of the device. - :vartype operating_system: str - :ivar iot_hub_entity_id: The AzureResource entity id of the IoT Hub. - :vartype iot_hub_entity_id: str - :ivar host_entity_id: The Host entity id of this device. - :vartype host_entity_id: str - :ivar ip_address_entity_id: The IP entity if of this device. - :vartype ip_address_entity_id: str - :ivar threat_intelligence: A list of TI contexts attached to the IoTDevice entity. - :vartype threat_intelligence: list[~azure.mgmt.securityinsight.models.ThreatIntelligence] - :ivar protocols: A list of protocols of the IoTDevice entity. - :vartype protocols: list[str] + :ivar metric_name: the metric that the query is checking. + :vartype metric_name: str + :ivar legend: The legend for the graph. + :vartype legend: str + :ivar base_query: The base query for the graph. + :vartype base_query: str """ - _validation = { - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'device_id': {'readonly': True}, - 'device_name': {'readonly': True}, - 'source': {'readonly': True}, - 'iot_security_agent_id': {'readonly': True}, - 'device_type': {'readonly': True}, - 'vendor': {'readonly': True}, - 'edge_id': {'readonly': True}, - 'mac_address': {'readonly': True}, - 'model': {'readonly': True}, - 'serial_number': {'readonly': True}, - 'firmware_version': {'readonly': True}, - 'operating_system': {'readonly': True}, - 'iot_hub_entity_id': {'readonly': True}, - 'host_entity_id': {'readonly': True}, - 'ip_address_entity_id': {'readonly': True}, - 'threat_intelligence': {'readonly': True}, - 'protocols': {'readonly': True}, - } - _attribute_map = { - 'additional_data': {'key': 'additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'friendlyName', 'type': 'str'}, - 'device_id': {'key': 'deviceId', 'type': 'str'}, - 'device_name': {'key': 'deviceName', 'type': 'str'}, - 'source': {'key': 'source', 'type': 'str'}, - 'iot_security_agent_id': {'key': 'iotSecurityAgentId', 'type': 'str'}, - 'device_type': {'key': 'deviceType', 'type': 'str'}, - 'vendor': {'key': 'vendor', 'type': 'str'}, - 'edge_id': {'key': 'edgeId', 'type': 'str'}, - 'mac_address': {'key': 'macAddress', 'type': 'str'}, - 'model': {'key': 'model', 'type': 'str'}, - 'serial_number': {'key': 'serialNumber', 'type': 'str'}, - 'firmware_version': {'key': 'firmwareVersion', 'type': 'str'}, - 'operating_system': {'key': 'operatingSystem', 'type': 'str'}, - 'iot_hub_entity_id': {'key': 'iotHubEntityId', 'type': 'str'}, - 'host_entity_id': {'key': 'hostEntityId', 'type': 'str'}, - 'ip_address_entity_id': {'key': 'ipAddressEntityId', 'type': 'str'}, - 'threat_intelligence': {'key': 'threatIntelligence', 'type': '[ThreatIntelligence]'}, - 'protocols': {'key': 'protocols', 'type': '[str]'}, + "metric_name": {"key": "metricName", "type": "str"}, + "legend": {"key": "legend", "type": "str"}, + "base_query": {"key": "baseQuery", "type": "str"}, } def __init__( self, + *, + metric_name: Optional[str] = None, + legend: Optional[str] = None, + base_query: Optional[str] = None, **kwargs ): """ + :keyword metric_name: the metric that the query is checking. + :paramtype metric_name: str + :keyword legend: The legend for the graph. + :paramtype legend: str + :keyword base_query: The base query for the graph. + :paramtype base_query: str """ - super(IoTDeviceEntityProperties, self).__init__(**kwargs) - self.device_id = None - self.device_name = None - self.source = None - self.iot_security_agent_id = None - self.device_type = None - self.vendor = None - self.edge_id = None - self.mac_address = None - self.model = None - self.serial_number = None - self.firmware_version = None - self.operating_system = None - self.iot_hub_entity_id = None - self.host_entity_id = None - self.ip_address_entity_id = None - self.threat_intelligence = None - self.protocols = None - - -class IpEntity(Entity): - """Represents an ip entity. + super().__init__(**kwargs) + self.metric_name = metric_name + self.legend = legend + self.base_query = base_query - Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. +class CodelessUiConnectorConfigPropertiesGraphQueriesItem(GraphQueries): + """CodelessUiConnectorConfigPropertiesGraphQueriesItem. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: Required. The kind of the entity.Constant filled by server. Known values are: - "Account", "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", - "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", - "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", - "SubmissionMail". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar address: The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6). - :vartype address: str - :ivar location: The geo-location context attached to the ip entity. - :vartype location: ~azure.mgmt.securityinsight.models.GeoLocation - :ivar threat_intelligence: A list of TI contexts attached to the ip entity. - :vartype threat_intelligence: list[~azure.mgmt.securityinsight.models.ThreatIntelligence] + :ivar metric_name: the metric that the query is checking. + :vartype metric_name: str + :ivar legend: The legend for the graph. + :vartype legend: str + :ivar base_query: The base query for the graph. + :vartype base_query: str """ - _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'address': {'readonly': True}, - 'location': {'readonly': True}, - 'threat_intelligence': {'readonly': True}, - } - _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, - 'address': {'key': 'properties.address', 'type': 'str'}, - 'location': {'key': 'properties.location', 'type': 'GeoLocation'}, - 'threat_intelligence': {'key': 'properties.threatIntelligence', 'type': '[ThreatIntelligence]'}, + "metric_name": {"key": "metricName", "type": "str"}, + "legend": {"key": "legend", "type": "str"}, + "base_query": {"key": "baseQuery", "type": "str"}, } def __init__( self, + *, + metric_name: Optional[str] = None, + legend: Optional[str] = None, + base_query: Optional[str] = None, **kwargs ): """ + :keyword metric_name: the metric that the query is checking. + :paramtype metric_name: str + :keyword legend: The legend for the graph. + :paramtype legend: str + :keyword base_query: The base query for the graph. + :paramtype base_query: str """ - super(IpEntity, self).__init__(**kwargs) - self.kind = 'Ip' # type: str - self.additional_data = None - self.friendly_name = None - self.address = None - self.location = None - self.threat_intelligence = None + super().__init__(metric_name=metric_name, legend=legend, base_query=base_query, **kwargs) -class IpEntityProperties(EntityCommonProperties): - """Ip entity property bag. - - Variables are only populated by the server, and will be ignored when sending a request. +class InstructionSteps(_serialization.Model): + """Instruction steps to enable the connector. - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar address: The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6). - :vartype address: str - :ivar location: The geo-location context attached to the ip entity. - :vartype location: ~azure.mgmt.securityinsight.models.GeoLocation - :ivar threat_intelligence: A list of TI contexts attached to the ip entity. - :vartype threat_intelligence: list[~azure.mgmt.securityinsight.models.ThreatIntelligence] + :ivar title: Instruction step title. + :vartype title: str + :ivar description: Instruction step description. + :vartype description: str + :ivar instructions: Instruction step details. + :vartype instructions: + list[~azure.mgmt.securityinsight.models.InstructionStepsInstructionsItem] """ - _validation = { - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'address': {'readonly': True}, - 'location': {'readonly': True}, - 'threat_intelligence': {'readonly': True}, - } - _attribute_map = { - 'additional_data': {'key': 'additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'friendlyName', 'type': 'str'}, - 'address': {'key': 'address', 'type': 'str'}, - 'location': {'key': 'location', 'type': 'GeoLocation'}, - 'threat_intelligence': {'key': 'threatIntelligence', 'type': '[ThreatIntelligence]'}, + "title": {"key": "title", "type": "str"}, + "description": {"key": "description", "type": "str"}, + "instructions": {"key": "instructions", "type": "[InstructionStepsInstructionsItem]"}, } def __init__( self, + *, + title: Optional[str] = None, + description: Optional[str] = None, + instructions: Optional[List["_models.InstructionStepsInstructionsItem"]] = None, **kwargs ): """ + :keyword title: Instruction step title. + :paramtype title: str + :keyword description: Instruction step description. + :paramtype description: str + :keyword instructions: Instruction step details. + :paramtype instructions: + list[~azure.mgmt.securityinsight.models.InstructionStepsInstructionsItem] """ - super(IpEntityProperties, self).__init__(**kwargs) - self.address = None - self.location = None - self.threat_intelligence = None + super().__init__(**kwargs) + self.title = title + self.description = description + self.instructions = instructions -class MailboxEntity(Entity): - """Represents a mailbox entity. +class CodelessUiConnectorConfigPropertiesInstructionStepsItem(InstructionSteps): + """CodelessUiConnectorConfigPropertiesInstructionStepsItem. - Variables are only populated by the server, and will be ignored when sending a request. + :ivar title: Instruction step title. + :vartype title: str + :ivar description: Instruction step description. + :vartype description: str + :ivar instructions: Instruction step details. + :vartype instructions: + list[~azure.mgmt.securityinsight.models.InstructionStepsInstructionsItem] + """ - All required parameters must be populated in order to send to Azure. + _attribute_map = { + "title": {"key": "title", "type": "str"}, + "description": {"key": "description", "type": "str"}, + "instructions": {"key": "instructions", "type": "[InstructionStepsInstructionsItem]"}, + } + + def __init__( + self, + *, + title: Optional[str] = None, + description: Optional[str] = None, + instructions: Optional[List["_models.InstructionStepsInstructionsItem"]] = None, + **kwargs + ): + """ + :keyword title: Instruction step title. + :paramtype title: str + :keyword description: Instruction step description. + :paramtype description: str + :keyword instructions: Instruction step details. + :paramtype instructions: + list[~azure.mgmt.securityinsight.models.InstructionStepsInstructionsItem] + """ + super().__init__(title=title, description=description, instructions=instructions, **kwargs) + + +class SampleQueries(_serialization.Model): + """The sample queries for the connector. + + :ivar description: The sample query description. + :vartype description: str + :ivar query: the sample query. + :vartype query: str + """ + + _attribute_map = { + "description": {"key": "description", "type": "str"}, + "query": {"key": "query", "type": "str"}, + } + + def __init__(self, *, description: Optional[str] = None, query: Optional[str] = None, **kwargs): + """ + :keyword description: The sample query description. + :paramtype description: str + :keyword query: the sample query. + :paramtype query: str + """ + super().__init__(**kwargs) + self.description = description + self.query = query + + +class CodelessUiConnectorConfigPropertiesSampleQueriesItem(SampleQueries): + """CodelessUiConnectorConfigPropertiesSampleQueriesItem. + + :ivar description: The sample query description. + :vartype description: str + :ivar query: the sample query. + :vartype query: str + """ + + _attribute_map = { + "description": {"key": "description", "type": "str"}, + "query": {"key": "query", "type": "str"}, + } + + def __init__(self, *, description: Optional[str] = None, query: Optional[str] = None, **kwargs): + """ + :keyword description: The sample query description. + :paramtype description: str + :keyword query: the sample query. + :paramtype query: str + """ + super().__init__(description=description, query=query, **kwargs) + + +class CodelessUiDataConnector(DataConnector): + """Represents Codeless UI data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar connector_ui_config: Config to describe the instructions blade. + :vartype connector_ui_config: + ~azure.mgmt.securityinsight.models.CodelessUiConnectorConfigProperties + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "connector_ui_config": {"key": "properties.connectorUiConfig", "type": "CodelessUiConnectorConfigProperties"}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + connector_ui_config: Optional["_models.CodelessUiConnectorConfigProperties"] = None, + **kwargs + ): + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword connector_ui_config: Config to describe the instructions blade. + :paramtype connector_ui_config: + ~azure.mgmt.securityinsight.models.CodelessUiConnectorConfigProperties + """ + super().__init__(etag=etag, **kwargs) + self.kind = "GenericUI" # type: str + self.connector_ui_config = connector_ui_config + + +class ConnectedEntity(_serialization.Model): + """Expansion result connected entities. + + :ivar target_entity_id: Entity Id of the connected entity. + :vartype target_entity_id: str + :ivar additional_data: key-value pairs for a connected entity mapping. + :vartype additional_data: JSON + """ + + _attribute_map = { + "target_entity_id": {"key": "targetEntityId", "type": "str"}, + "additional_data": {"key": "additionalData", "type": "object"}, + } + + def __init__(self, *, target_entity_id: Optional[str] = None, additional_data: Optional[JSON] = None, **kwargs): + """ + :keyword target_entity_id: Entity Id of the connected entity. + :paramtype target_entity_id: str + :keyword additional_data: key-value pairs for a connected entity mapping. + :paramtype additional_data: JSON + """ + super().__init__(**kwargs) + self.target_entity_id = target_entity_id + self.additional_data = additional_data + + +class ConnectorInstructionModelBase(_serialization.Model): + """Instruction step details. + + All required parameters must be populated in order to send to Azure. + + :ivar parameters: The parameters for the setting. + :vartype parameters: JSON + :ivar type: The kind of the setting. Required. Known values are: "CopyableLabel", + "InstructionStepsGroup", and "InfoMessage". + :vartype type: str or ~azure.mgmt.securityinsight.models.SettingType + """ + + _validation = { + "type": {"required": True}, + } + + _attribute_map = { + "parameters": {"key": "parameters", "type": "object"}, + "type": {"key": "type", "type": "str"}, + } + + def __init__(self, *, type: Union[str, "_models.SettingType"], parameters: Optional[JSON] = None, **kwargs): + """ + :keyword parameters: The parameters for the setting. + :paramtype parameters: JSON + :keyword type: The kind of the setting. Required. Known values are: "CopyableLabel", + "InstructionStepsGroup", and "InfoMessage". + :paramtype type: str or ~azure.mgmt.securityinsight.models.SettingType + """ + super().__init__(**kwargs) + self.parameters = parameters + self.type = type + + +class ContentPathMap(_serialization.Model): + """The mapping of content type to a repo path. + + :ivar content_type: Content type. Known values are: "AnalyticRule" and "Workbook". + :vartype content_type: str or ~azure.mgmt.securityinsight.models.ContentType + :ivar path: The path to the content. + :vartype path: str + """ + + _attribute_map = { + "content_type": {"key": "contentType", "type": "str"}, + "path": {"key": "path", "type": "str"}, + } + + def __init__( + self, *, content_type: Optional[Union[str, "_models.ContentType"]] = None, path: Optional[str] = None, **kwargs + ): + """ + :keyword content_type: Content type. Known values are: "AnalyticRule" and "Workbook". + :paramtype content_type: str or ~azure.mgmt.securityinsight.models.ContentType + :keyword path: The path to the content. + :paramtype path: str + """ + super().__init__(**kwargs) + self.content_type = content_type + self.path = path + + +class CustomsPermission(_serialization.Model): + """Customs permissions required for the connector. + + :ivar name: Customs permissions name. + :vartype name: str + :ivar description: Customs permissions description. + :vartype description: str + """ + + _attribute_map = { + "name": {"key": "name", "type": "str"}, + "description": {"key": "description", "type": "str"}, + } + + def __init__(self, *, name: Optional[str] = None, description: Optional[str] = None, **kwargs): + """ + :keyword name: Customs permissions name. + :paramtype name: str + :keyword description: Customs permissions description. + :paramtype description: str + """ + super().__init__(**kwargs) + self.name = name + self.description = description + + +class Customs(CustomsPermission): + """Customs permissions required for the connector. + + :ivar name: Customs permissions name. + :vartype name: str + :ivar description: Customs permissions description. + :vartype description: str + """ + + _attribute_map = { + "name": {"key": "name", "type": "str"}, + "description": {"key": "description", "type": "str"}, + } + + def __init__(self, *, name: Optional[str] = None, description: Optional[str] = None, **kwargs): + """ + :keyword name: Customs permissions name. + :paramtype name: str + :keyword description: Customs permissions description. + :paramtype description: str + """ + super().__init__(name=name, description=description, **kwargs) + + +class DataConnectorConnectBody(_serialization.Model): # pylint: disable=too-many-instance-attributes + """Represents Codeless API Polling data connector. + + :ivar kind: The authentication kind used to poll the data. Known values are: "Basic", "OAuth2", + and "APIKey". + :vartype kind: str or ~azure.mgmt.securityinsight.models.ConnectAuthKind + :ivar api_key: The API key of the audit server. + :vartype api_key: str + :ivar data_collection_endpoint: Used in v2 logs connector. Represents the data collection + ingestion endpoint in log analytics. + :vartype data_collection_endpoint: str + :ivar data_collection_rule_immutable_id: Used in v2 logs connector. The data collection rule + immutable id, the rule defines the transformation and data destination. + :vartype data_collection_rule_immutable_id: str + :ivar output_stream: Used in v2 logs connector. The stream we are sending the data to, this is + the name of the streamDeclarations defined in the DCR. + :vartype output_stream: str + :ivar client_secret: The client secret of the OAuth 2.0 application. + :vartype client_secret: str + :ivar client_id: The client id of the OAuth 2.0 application. + :vartype client_id: str + :ivar authorization_code: The authorization code used in OAuth 2.0 code flow to issue a token. + :vartype authorization_code: str + :ivar user_name: The user name in the audit log server. + :vartype user_name: str + :ivar password: The user password in the audit log server. + :vartype password: str + :ivar request_config_user_input_values: + :vartype request_config_user_input_values: list[JSON] + """ + + _attribute_map = { + "kind": {"key": "kind", "type": "str"}, + "api_key": {"key": "apiKey", "type": "str"}, + "data_collection_endpoint": {"key": "dataCollectionEndpoint", "type": "str"}, + "data_collection_rule_immutable_id": {"key": "dataCollectionRuleImmutableId", "type": "str"}, + "output_stream": {"key": "outputStream", "type": "str"}, + "client_secret": {"key": "clientSecret", "type": "str"}, + "client_id": {"key": "clientId", "type": "str"}, + "authorization_code": {"key": "authorizationCode", "type": "str"}, + "user_name": {"key": "userName", "type": "str"}, + "password": {"key": "password", "type": "str"}, + "request_config_user_input_values": {"key": "requestConfigUserInputValues", "type": "[object]"}, + } + + def __init__( + self, + *, + kind: Optional[Union[str, "_models.ConnectAuthKind"]] = None, + api_key: Optional[str] = None, + data_collection_endpoint: Optional[str] = None, + data_collection_rule_immutable_id: Optional[str] = None, + output_stream: Optional[str] = None, + client_secret: Optional[str] = None, + client_id: Optional[str] = None, + authorization_code: Optional[str] = None, + user_name: Optional[str] = None, + password: Optional[str] = None, + request_config_user_input_values: Optional[List[JSON]] = None, + **kwargs + ): + """ + :keyword kind: The authentication kind used to poll the data. Known values are: "Basic", + "OAuth2", and "APIKey". + :paramtype kind: str or ~azure.mgmt.securityinsight.models.ConnectAuthKind + :keyword api_key: The API key of the audit server. + :paramtype api_key: str + :keyword data_collection_endpoint: Used in v2 logs connector. Represents the data collection + ingestion endpoint in log analytics. + :paramtype data_collection_endpoint: str + :keyword data_collection_rule_immutable_id: Used in v2 logs connector. The data collection rule + immutable id, the rule defines the transformation and data destination. + :paramtype data_collection_rule_immutable_id: str + :keyword output_stream: Used in v2 logs connector. The stream we are sending the data to, this + is the name of the streamDeclarations defined in the DCR. + :paramtype output_stream: str + :keyword client_secret: The client secret of the OAuth 2.0 application. + :paramtype client_secret: str + :keyword client_id: The client id of the OAuth 2.0 application. + :paramtype client_id: str + :keyword authorization_code: The authorization code used in OAuth 2.0 code flow to issue a + token. + :paramtype authorization_code: str + :keyword user_name: The user name in the audit log server. + :paramtype user_name: str + :keyword password: The user password in the audit log server. + :paramtype password: str + :keyword request_config_user_input_values: + :paramtype request_config_user_input_values: list[JSON] + """ + super().__init__(**kwargs) + self.kind = kind + self.api_key = api_key + self.data_collection_endpoint = data_collection_endpoint + self.data_collection_rule_immutable_id = data_collection_rule_immutable_id + self.output_stream = output_stream + self.client_secret = client_secret + self.client_id = client_id + self.authorization_code = authorization_code + self.user_name = user_name + self.password = password + self.request_config_user_input_values = request_config_user_input_values + + +class DataConnectorList(_serialization.Model): + """List all the data connectors. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of data connectors. + :vartype next_link: str + :ivar value: Array of data connectors. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.DataConnector] + """ + + _validation = { + "next_link": {"readonly": True}, + "value": {"required": True}, + } + + _attribute_map = { + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[DataConnector]"}, + } + + def __init__(self, *, value: List["_models.DataConnector"], **kwargs): + """ + :keyword value: Array of data connectors. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.DataConnector] + """ + super().__init__(**kwargs) + self.next_link = None + self.value = value + + +class DataConnectorRequirementsState(_serialization.Model): + """Data connector requirements status. + + :ivar authorization_state: Authorization state for this connector. Known values are: "Valid" + and "Invalid". + :vartype authorization_state: str or + ~azure.mgmt.securityinsight.models.DataConnectorAuthorizationState + :ivar license_state: License state for this connector. Known values are: "Valid", "Invalid", + and "Unknown". + :vartype license_state: str or ~azure.mgmt.securityinsight.models.DataConnectorLicenseState + """ + + _attribute_map = { + "authorization_state": {"key": "authorizationState", "type": "str"}, + "license_state": {"key": "licenseState", "type": "str"}, + } + + def __init__( + self, + *, + authorization_state: Optional[Union[str, "_models.DataConnectorAuthorizationState"]] = None, + license_state: Optional[Union[str, "_models.DataConnectorLicenseState"]] = None, + **kwargs + ): + """ + :keyword authorization_state: Authorization state for this connector. Known values are: "Valid" + and "Invalid". + :paramtype authorization_state: str or + ~azure.mgmt.securityinsight.models.DataConnectorAuthorizationState + :keyword license_state: License state for this connector. Known values are: "Valid", "Invalid", + and "Unknown". + :paramtype license_state: str or ~azure.mgmt.securityinsight.models.DataConnectorLicenseState + """ + super().__init__(**kwargs) + self.authorization_state = authorization_state + self.license_state = license_state + + +class DataTypeDefinitions(_serialization.Model): + """The data type definition. + + :ivar data_type: The data type name. + :vartype data_type: str + """ + + _attribute_map = { + "data_type": {"key": "dataType", "type": "str"}, + } + + def __init__(self, *, data_type: Optional[str] = None, **kwargs): + """ + :keyword data_type: The data type name. + :paramtype data_type: str + """ + super().__init__(**kwargs) + self.data_type = data_type + + +class Deployment(_serialization.Model): + """Description about a deployment. + + :ivar deployment_id: Deployment identifier. + :vartype deployment_id: str + :ivar deployment_state: Current status of the deployment. Known values are: "In_Progress", + "Completed", "Queued", and "Canceling". + :vartype deployment_state: str or ~azure.mgmt.securityinsight.models.DeploymentState + :ivar deployment_result: The outcome of the deployment. Known values are: "Success", + "Canceled", and "Failed". + :vartype deployment_result: str or ~azure.mgmt.securityinsight.models.DeploymentResult + :ivar deployment_time: The time when the deployment finished. + :vartype deployment_time: ~datetime.datetime + :ivar deployment_logs_url: Url to access repository action logs. + :vartype deployment_logs_url: str + """ + + _attribute_map = { + "deployment_id": {"key": "deploymentId", "type": "str"}, + "deployment_state": {"key": "deploymentState", "type": "str"}, + "deployment_result": {"key": "deploymentResult", "type": "str"}, + "deployment_time": {"key": "deploymentTime", "type": "iso-8601"}, + "deployment_logs_url": {"key": "deploymentLogsUrl", "type": "str"}, + } + + def __init__( + self, + *, + deployment_id: Optional[str] = None, + deployment_state: Optional[Union[str, "_models.DeploymentState"]] = None, + deployment_result: Optional[Union[str, "_models.DeploymentResult"]] = None, + deployment_time: Optional[datetime.datetime] = None, + deployment_logs_url: Optional[str] = None, + **kwargs + ): + """ + :keyword deployment_id: Deployment identifier. + :paramtype deployment_id: str + :keyword deployment_state: Current status of the deployment. Known values are: "In_Progress", + "Completed", "Queued", and "Canceling". + :paramtype deployment_state: str or ~azure.mgmt.securityinsight.models.DeploymentState + :keyword deployment_result: The outcome of the deployment. Known values are: "Success", + "Canceled", and "Failed". + :paramtype deployment_result: str or ~azure.mgmt.securityinsight.models.DeploymentResult + :keyword deployment_time: The time when the deployment finished. + :paramtype deployment_time: ~datetime.datetime + :keyword deployment_logs_url: Url to access repository action logs. + :paramtype deployment_logs_url: str + """ + super().__init__(**kwargs) + self.deployment_id = deployment_id + self.deployment_state = deployment_state + self.deployment_result = deployment_result + self.deployment_time = deployment_time + self.deployment_logs_url = deployment_logs_url + + +class DeploymentInfo(_serialization.Model): + """Information regarding a deployment. + + :ivar deployment_fetch_status: Status while fetching the last deployment. Known values are: + "Success", "Unauthorized", and "NotFound". + :vartype deployment_fetch_status: str or + ~azure.mgmt.securityinsight.models.DeploymentFetchStatus + :ivar deployment: Deployment information. + :vartype deployment: ~azure.mgmt.securityinsight.models.Deployment + :ivar message: Additional details about the deployment that can be shown to the user. + :vartype message: str + """ + + _attribute_map = { + "deployment_fetch_status": {"key": "deploymentFetchStatus", "type": "str"}, + "deployment": {"key": "deployment", "type": "Deployment"}, + "message": {"key": "message", "type": "str"}, + } + + def __init__( + self, + *, + deployment_fetch_status: Optional[Union[str, "_models.DeploymentFetchStatus"]] = None, + deployment: Optional["_models.Deployment"] = None, + message: Optional[str] = None, + **kwargs + ): + """ + :keyword deployment_fetch_status: Status while fetching the last deployment. Known values are: + "Success", "Unauthorized", and "NotFound". + :paramtype deployment_fetch_status: str or + ~azure.mgmt.securityinsight.models.DeploymentFetchStatus + :keyword deployment: Deployment information. + :paramtype deployment: ~azure.mgmt.securityinsight.models.Deployment + :keyword message: Additional details about the deployment that can be shown to the user. + :paramtype message: str + """ + super().__init__(**kwargs) + self.deployment_fetch_status = deployment_fetch_status + self.deployment = deployment + self.message = message + + +class DnsEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents a dns entity. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. :ivar id: Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. @@ -5024,128 +6313,9701 @@ class MailboxEntity(Entity): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: Required. The kind of the entity.Constant filled by server. Known values are: - "Account", "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", - "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", - "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", - "SubmissionMail". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str - :ivar mailbox_primary_address: The mailbox's primary address. - :vartype mailbox_primary_address: str - :ivar display_name: The mailbox's display name. - :vartype display_name: str - :ivar upn: The mailbox's UPN. - :vartype upn: str - :ivar external_directory_object_id: The AzureAD identifier of mailbox. Similar to AadUserId in - account entity but this property is specific to mailbox object on office side. - :vartype external_directory_object_id: str + :ivar dns_server_ip_entity_id: An ip entity id for the dns server resolving the request. + :vartype dns_server_ip_entity_id: str + :ivar domain_name: The name of the dns record associated with the alert. + :vartype domain_name: str + :ivar host_ip_address_entity_id: An ip entity id for the dns request client. + :vartype host_ip_address_entity_id: str + :ivar ip_address_entity_ids: Ip entity identifiers for the resolved ip address. + :vartype ip_address_entity_ids: list[str] + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "dns_server_ip_entity_id": {"readonly": True}, + "domain_name": {"readonly": True}, + "host_ip_address_entity_id": {"readonly": True}, + "ip_address_entity_ids": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "dns_server_ip_entity_id": {"key": "properties.dnsServerIpEntityId", "type": "str"}, + "domain_name": {"key": "properties.domainName", "type": "str"}, + "host_ip_address_entity_id": {"key": "properties.hostIpAddressEntityId", "type": "str"}, + "ip_address_entity_ids": {"key": "properties.ipAddressEntityIds", "type": "[str]"}, + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.kind = "DnsResolution" # type: str + self.additional_data = None + self.friendly_name = None + self.dns_server_ip_entity_id = None + self.domain_name = None + self.host_ip_address_entity_id = None + self.ip_address_entity_ids = None + + +class DnsEntityProperties(EntityCommonProperties): + """Dns entity property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar dns_server_ip_entity_id: An ip entity id for the dns server resolving the request. + :vartype dns_server_ip_entity_id: str + :ivar domain_name: The name of the dns record associated with the alert. + :vartype domain_name: str + :ivar host_ip_address_entity_id: An ip entity id for the dns request client. + :vartype host_ip_address_entity_id: str + :ivar ip_address_entity_ids: Ip entity identifiers for the resolved ip address. + :vartype ip_address_entity_ids: list[str] + """ + + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "dns_server_ip_entity_id": {"readonly": True}, + "domain_name": {"readonly": True}, + "host_ip_address_entity_id": {"readonly": True}, + "ip_address_entity_ids": {"readonly": True}, + } + + _attribute_map = { + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "dns_server_ip_entity_id": {"key": "dnsServerIpEntityId", "type": "str"}, + "domain_name": {"key": "domainName", "type": "str"}, + "host_ip_address_entity_id": {"key": "hostIpAddressEntityId", "type": "str"}, + "ip_address_entity_ids": {"key": "ipAddressEntityIds", "type": "[str]"}, + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.dns_server_ip_entity_id = None + self.domain_name = None + self.host_ip_address_entity_id = None + self.ip_address_entity_ids = None + + +class Dynamics365CheckRequirements(DataConnectorsCheckRequirements): + """Represents Dynamics365 requirements check request. + + All required parameters must be populated in order to send to Azure. + + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + """ + + _validation = { + "kind": {"required": True}, + } + + _attribute_map = { + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + """ + super().__init__(**kwargs) + self.kind = "Dynamics365" # type: str + self.tenant_id = tenant_id + + +class Dynamics365CheckRequirementsProperties(DataConnectorTenantId): + """Dynamics365 requirements check properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + """ + + _validation = { + "tenant_id": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: str, **kwargs): + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + """ + super().__init__(tenant_id=tenant_id, **kwargs) + + +class Dynamics365DataConnector(DataConnector): + """Represents Dynamics365 data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypes + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "Dynamics365DataConnectorDataTypes"}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + tenant_id: Optional[str] = None, + data_types: Optional["_models.Dynamics365DataConnectorDataTypes"] = None, + **kwargs + ): + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypes + """ + super().__init__(etag=etag, **kwargs) + self.kind = "Dynamics365" # type: str + self.tenant_id = tenant_id + self.data_types = data_types + + +class Dynamics365DataConnectorDataTypes(_serialization.Model): + """The available data types for Dynamics365 data connector. + + All required parameters must be populated in order to send to Azure. + + :ivar dynamics365_cds_activities: Common Data Service data type connection. Required. + :vartype dynamics365_cds_activities: + ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypesDynamics365CdsActivities + """ + + _validation = { + "dynamics365_cds_activities": {"required": True}, + } + + _attribute_map = { + "dynamics365_cds_activities": { + "key": "dynamics365CdsActivities", + "type": "Dynamics365DataConnectorDataTypesDynamics365CdsActivities", + }, + } + + def __init__( + self, + *, + dynamics365_cds_activities: "_models.Dynamics365DataConnectorDataTypesDynamics365CdsActivities", + **kwargs + ): + """ + :keyword dynamics365_cds_activities: Common Data Service data type connection. Required. + :paramtype dynamics365_cds_activities: + ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypesDynamics365CdsActivities + """ + super().__init__(**kwargs) + self.dynamics365_cds_activities = dynamics365_cds_activities + + +class Dynamics365DataConnectorDataTypesDynamics365CdsActivities(DataConnectorDataTypeCommon): + """Common Data Service data type connection. + + All required parameters must be populated in order to send to Azure. + + :ivar state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _validation = { + "state": {"required": True}, + } + + _attribute_map = { + "state": {"key": "state", "type": "str"}, + } + + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): + """ + :keyword state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + super().__init__(state=state, **kwargs) + + +class Dynamics365DataConnectorProperties(DataConnectorTenantId): + """Dynamics365 data connector properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. Required. + :vartype data_types: ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypes + """ + + _validation = { + "tenant_id": {"required": True}, + "data_types": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + "data_types": {"key": "dataTypes", "type": "Dynamics365DataConnectorDataTypes"}, + } + + def __init__(self, *, tenant_id: str, data_types: "_models.Dynamics365DataConnectorDataTypes", **kwargs): + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. Required. + :paramtype data_types: ~azure.mgmt.securityinsight.models.Dynamics365DataConnectorDataTypes + """ + super().__init__(tenant_id=tenant_id, **kwargs) + self.data_types = data_types + + +class EnrichmentDomainWhois(_serialization.Model): + """Whois information for a given domain and associated metadata. + + :ivar domain: The domain for this whois record. + :vartype domain: str + :ivar server: The hostname of this registrar's whois server. + :vartype server: str + :ivar created: The timestamp at which this record was created. + :vartype created: ~datetime.datetime + :ivar updated: The timestamp at which this record was last updated. + :vartype updated: ~datetime.datetime + :ivar expires: The timestamp at which this record will expire. + :vartype expires: ~datetime.datetime + :ivar parsed_whois: The whois record for a given domain. + :vartype parsed_whois: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisDetails + """ + + _attribute_map = { + "domain": {"key": "domain", "type": "str"}, + "server": {"key": "server", "type": "str"}, + "created": {"key": "created", "type": "iso-8601"}, + "updated": {"key": "updated", "type": "iso-8601"}, + "expires": {"key": "expires", "type": "iso-8601"}, + "parsed_whois": {"key": "parsedWhois", "type": "EnrichmentDomainWhoisDetails"}, + } + + def __init__( + self, + *, + domain: Optional[str] = None, + server: Optional[str] = None, + created: Optional[datetime.datetime] = None, + updated: Optional[datetime.datetime] = None, + expires: Optional[datetime.datetime] = None, + parsed_whois: Optional["_models.EnrichmentDomainWhoisDetails"] = None, + **kwargs + ): + """ + :keyword domain: The domain for this whois record. + :paramtype domain: str + :keyword server: The hostname of this registrar's whois server. + :paramtype server: str + :keyword created: The timestamp at which this record was created. + :paramtype created: ~datetime.datetime + :keyword updated: The timestamp at which this record was last updated. + :paramtype updated: ~datetime.datetime + :keyword expires: The timestamp at which this record will expire. + :paramtype expires: ~datetime.datetime + :keyword parsed_whois: The whois record for a given domain. + :paramtype parsed_whois: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisDetails + """ + super().__init__(**kwargs) + self.domain = domain + self.server = server + self.created = created + self.updated = updated + self.expires = expires + self.parsed_whois = parsed_whois + + +class EnrichmentDomainWhoisContact(_serialization.Model): + """An individual contact associated with this domain. + + :ivar name: The name of this contact. + :vartype name: str + :ivar org: The organization for this contact. + :vartype org: str + :ivar street: A list describing the street address for this contact. + :vartype street: list[str] + :ivar city: The city for this contact. + :vartype city: str + :ivar state: The state for this contact. + :vartype state: str + :ivar postal: The postal code for this contact. + :vartype postal: str + :ivar country: The country for this contact. + :vartype country: str + :ivar phone: The phone number for this contact. + :vartype phone: str + :ivar fax: The fax number for this contact. + :vartype fax: str + :ivar email: The email address for this contact. + :vartype email: str + """ + + _attribute_map = { + "name": {"key": "name", "type": "str"}, + "org": {"key": "org", "type": "str"}, + "street": {"key": "street", "type": "[str]"}, + "city": {"key": "city", "type": "str"}, + "state": {"key": "state", "type": "str"}, + "postal": {"key": "postal", "type": "str"}, + "country": {"key": "country", "type": "str"}, + "phone": {"key": "phone", "type": "str"}, + "fax": {"key": "fax", "type": "str"}, + "email": {"key": "email", "type": "str"}, + } + + def __init__( + self, + *, + name: Optional[str] = None, + org: Optional[str] = None, + street: Optional[List[str]] = None, + city: Optional[str] = None, + state: Optional[str] = None, + postal: Optional[str] = None, + country: Optional[str] = None, + phone: Optional[str] = None, + fax: Optional[str] = None, + email: Optional[str] = None, + **kwargs + ): + """ + :keyword name: The name of this contact. + :paramtype name: str + :keyword org: The organization for this contact. + :paramtype org: str + :keyword street: A list describing the street address for this contact. + :paramtype street: list[str] + :keyword city: The city for this contact. + :paramtype city: str + :keyword state: The state for this contact. + :paramtype state: str + :keyword postal: The postal code for this contact. + :paramtype postal: str + :keyword country: The country for this contact. + :paramtype country: str + :keyword phone: The phone number for this contact. + :paramtype phone: str + :keyword fax: The fax number for this contact. + :paramtype fax: str + :keyword email: The email address for this contact. + :paramtype email: str + """ + super().__init__(**kwargs) + self.name = name + self.org = org + self.street = street + self.city = city + self.state = state + self.postal = postal + self.country = country + self.phone = phone + self.fax = fax + self.email = email + + +class EnrichmentDomainWhoisContacts(_serialization.Model): + """The set of contacts associated with this domain. + + :ivar admin: The admin contact for this whois record. + :vartype admin: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact + :ivar billing: The billing contact for this whois record. + :vartype billing: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact + :ivar registrant: The registrant contact for this whois record. + :vartype registrant: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact + :ivar tech: The technical contact for this whois record. + :vartype tech: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact + """ + + _attribute_map = { + "admin": {"key": "admin", "type": "EnrichmentDomainWhoisContact"}, + "billing": {"key": "billing", "type": "EnrichmentDomainWhoisContact"}, + "registrant": {"key": "registrant", "type": "EnrichmentDomainWhoisContact"}, + "tech": {"key": "tech", "type": "EnrichmentDomainWhoisContact"}, + } + + def __init__( + self, + *, + admin: Optional["_models.EnrichmentDomainWhoisContact"] = None, + billing: Optional["_models.EnrichmentDomainWhoisContact"] = None, + registrant: Optional["_models.EnrichmentDomainWhoisContact"] = None, + tech: Optional["_models.EnrichmentDomainWhoisContact"] = None, + **kwargs + ): + """ + :keyword admin: The admin contact for this whois record. + :paramtype admin: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact + :keyword billing: The billing contact for this whois record. + :paramtype billing: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact + :keyword registrant: The registrant contact for this whois record. + :paramtype registrant: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact + :keyword tech: The technical contact for this whois record. + :paramtype tech: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContact + """ + super().__init__(**kwargs) + self.admin = admin + self.billing = billing + self.registrant = registrant + self.tech = tech + + +class EnrichmentDomainWhoisDetails(_serialization.Model): + """The whois record for a given domain. + + :ivar registrar: The registrar associated with this domain. + :vartype registrar: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisRegistrarDetails + :ivar contacts: The set of contacts associated with this domain. + :vartype contacts: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContacts + :ivar name_servers: A list of name servers associated with this domain. + :vartype name_servers: list[str] + :ivar statuses: The set of status flags for this whois record. + :vartype statuses: list[str] + """ + + _attribute_map = { + "registrar": {"key": "registrar", "type": "EnrichmentDomainWhoisRegistrarDetails"}, + "contacts": {"key": "contacts", "type": "EnrichmentDomainWhoisContacts"}, + "name_servers": {"key": "nameServers", "type": "[str]"}, + "statuses": {"key": "statuses", "type": "[str]"}, + } + + def __init__( + self, + *, + registrar: Optional["_models.EnrichmentDomainWhoisRegistrarDetails"] = None, + contacts: Optional["_models.EnrichmentDomainWhoisContacts"] = None, + name_servers: Optional[List[str]] = None, + statuses: Optional[List[str]] = None, + **kwargs + ): + """ + :keyword registrar: The registrar associated with this domain. + :paramtype registrar: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisRegistrarDetails + :keyword contacts: The set of contacts associated with this domain. + :paramtype contacts: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhoisContacts + :keyword name_servers: A list of name servers associated with this domain. + :paramtype name_servers: list[str] + :keyword statuses: The set of status flags for this whois record. + :paramtype statuses: list[str] + """ + super().__init__(**kwargs) + self.registrar = registrar + self.contacts = contacts + self.name_servers = name_servers + self.statuses = statuses + + +class EnrichmentDomainWhoisRegistrarDetails(_serialization.Model): + """The registrar associated with this domain. + + :ivar name: The name of this registrar. + :vartype name: str + :ivar abuse_contact_email: This registrar's abuse contact email. + :vartype abuse_contact_email: str + :ivar abuse_contact_phone: This registrar's abuse contact phone number. + :vartype abuse_contact_phone: str + :ivar iana_id: This registrar's Internet Assigned Numbers Authority id. + :vartype iana_id: str + :ivar url: This registrar's URL. + :vartype url: str + :ivar whois_server: The hostname of this registrar's whois server. + :vartype whois_server: str + """ + + _attribute_map = { + "name": {"key": "name", "type": "str"}, + "abuse_contact_email": {"key": "abuseContactEmail", "type": "str"}, + "abuse_contact_phone": {"key": "abuseContactPhone", "type": "str"}, + "iana_id": {"key": "ianaId", "type": "str"}, + "url": {"key": "url", "type": "str"}, + "whois_server": {"key": "whoisServer", "type": "str"}, + } + + def __init__( + self, + *, + name: Optional[str] = None, + abuse_contact_email: Optional[str] = None, + abuse_contact_phone: Optional[str] = None, + iana_id: Optional[str] = None, + url: Optional[str] = None, + whois_server: Optional[str] = None, + **kwargs + ): + """ + :keyword name: The name of this registrar. + :paramtype name: str + :keyword abuse_contact_email: This registrar's abuse contact email. + :paramtype abuse_contact_email: str + :keyword abuse_contact_phone: This registrar's abuse contact phone number. + :paramtype abuse_contact_phone: str + :keyword iana_id: This registrar's Internet Assigned Numbers Authority id. + :paramtype iana_id: str + :keyword url: This registrar's URL. + :paramtype url: str + :keyword whois_server: The hostname of this registrar's whois server. + :paramtype whois_server: str + """ + super().__init__(**kwargs) + self.name = name + self.abuse_contact_email = abuse_contact_email + self.abuse_contact_phone = abuse_contact_phone + self.iana_id = iana_id + self.url = url + self.whois_server = whois_server + + +class EnrichmentIpGeodata(_serialization.Model): # pylint: disable=too-many-instance-attributes + """Geodata information for a given IP address. + + :ivar asn: The autonomous system number associated with this IP address. + :vartype asn: str + :ivar carrier: The name of the carrier for this IP address. + :vartype carrier: str + :ivar city: The city this IP address is located in. + :vartype city: str + :ivar city_cf: A numeric rating of confidence that the value in the 'city' field is correct, on + a scale of 0-100. + :vartype city_cf: int + :ivar continent: The continent this IP address is located on. + :vartype continent: str + :ivar country: The county this IP address is located in. + :vartype country: str + :ivar country_cf: A numeric rating of confidence that the value in the 'country' field is + correct on a scale of 0-100. + :vartype country_cf: int + :ivar ip_addr: The dotted-decimal or colon-separated string representation of the IP address. + :vartype ip_addr: str + :ivar ip_routing_type: A description of the connection type of this IP address. + :vartype ip_routing_type: str + :ivar latitude: The latitude of this IP address. + :vartype latitude: str + :ivar longitude: The longitude of this IP address. + :vartype longitude: str + :ivar organization: The name of the organization for this IP address. + :vartype organization: str + :ivar organization_type: The type of the organization for this IP address. + :vartype organization_type: str + :ivar region: The geographic region this IP address is located in. + :vartype region: str + :ivar state: The state this IP address is located in. + :vartype state: str + :ivar state_cf: A numeric rating of confidence that the value in the 'state' field is correct + on a scale of 0-100. + :vartype state_cf: int + :ivar state_code: The abbreviated name for the state this IP address is located in. + :vartype state_code: str + """ + + _attribute_map = { + "asn": {"key": "asn", "type": "str"}, + "carrier": {"key": "carrier", "type": "str"}, + "city": {"key": "city", "type": "str"}, + "city_cf": {"key": "cityCf", "type": "int"}, + "continent": {"key": "continent", "type": "str"}, + "country": {"key": "country", "type": "str"}, + "country_cf": {"key": "countryCf", "type": "int"}, + "ip_addr": {"key": "ipAddr", "type": "str"}, + "ip_routing_type": {"key": "ipRoutingType", "type": "str"}, + "latitude": {"key": "latitude", "type": "str"}, + "longitude": {"key": "longitude", "type": "str"}, + "organization": {"key": "organization", "type": "str"}, + "organization_type": {"key": "organizationType", "type": "str"}, + "region": {"key": "region", "type": "str"}, + "state": {"key": "state", "type": "str"}, + "state_cf": {"key": "stateCf", "type": "int"}, + "state_code": {"key": "stateCode", "type": "str"}, + } + + def __init__( + self, + *, + asn: Optional[str] = None, + carrier: Optional[str] = None, + city: Optional[str] = None, + city_cf: Optional[int] = None, + continent: Optional[str] = None, + country: Optional[str] = None, + country_cf: Optional[int] = None, + ip_addr: Optional[str] = None, + ip_routing_type: Optional[str] = None, + latitude: Optional[str] = None, + longitude: Optional[str] = None, + organization: Optional[str] = None, + organization_type: Optional[str] = None, + region: Optional[str] = None, + state: Optional[str] = None, + state_cf: Optional[int] = None, + state_code: Optional[str] = None, + **kwargs + ): + """ + :keyword asn: The autonomous system number associated with this IP address. + :paramtype asn: str + :keyword carrier: The name of the carrier for this IP address. + :paramtype carrier: str + :keyword city: The city this IP address is located in. + :paramtype city: str + :keyword city_cf: A numeric rating of confidence that the value in the 'city' field is correct, + on a scale of 0-100. + :paramtype city_cf: int + :keyword continent: The continent this IP address is located on. + :paramtype continent: str + :keyword country: The county this IP address is located in. + :paramtype country: str + :keyword country_cf: A numeric rating of confidence that the value in the 'country' field is + correct on a scale of 0-100. + :paramtype country_cf: int + :keyword ip_addr: The dotted-decimal or colon-separated string representation of the IP + address. + :paramtype ip_addr: str + :keyword ip_routing_type: A description of the connection type of this IP address. + :paramtype ip_routing_type: str + :keyword latitude: The latitude of this IP address. + :paramtype latitude: str + :keyword longitude: The longitude of this IP address. + :paramtype longitude: str + :keyword organization: The name of the organization for this IP address. + :paramtype organization: str + :keyword organization_type: The type of the organization for this IP address. + :paramtype organization_type: str + :keyword region: The geographic region this IP address is located in. + :paramtype region: str + :keyword state: The state this IP address is located in. + :paramtype state: str + :keyword state_cf: A numeric rating of confidence that the value in the 'state' field is + correct on a scale of 0-100. + :paramtype state_cf: int + :keyword state_code: The abbreviated name for the state this IP address is located in. + :paramtype state_code: str + """ + super().__init__(**kwargs) + self.asn = asn + self.carrier = carrier + self.city = city + self.city_cf = city_cf + self.continent = continent + self.country = country + self.country_cf = country_cf + self.ip_addr = ip_addr + self.ip_routing_type = ip_routing_type + self.latitude = latitude + self.longitude = longitude + self.organization = organization + self.organization_type = organization_type + self.region = region + self.state = state + self.state_cf = state_cf + self.state_code = state_code + + +class EntityAnalytics(Settings): + """Settings with single toggle. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The kind of the setting. Required. Known values are: "Anomalies", "EyesOn", + "EntityAnalytics", and "Ueba". + :vartype kind: str or ~azure.mgmt.securityinsight.models.SettingKind + :ivar entity_providers: The relevant entity providers that are synced. + :vartype entity_providers: list[str or ~azure.mgmt.securityinsight.models.EntityProviders] + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "entity_providers": {"key": "properties.entityProviders", "type": "[str]"}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + entity_providers: Optional[List[Union[str, "_models.EntityProviders"]]] = None, + **kwargs + ): + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword entity_providers: The relevant entity providers that are synced. + :paramtype entity_providers: list[str or ~azure.mgmt.securityinsight.models.EntityProviders] + """ + super().__init__(etag=etag, **kwargs) + self.kind = "EntityAnalytics" # type: str + self.entity_providers = entity_providers + + +class EntityEdges(_serialization.Model): + """The edge that connects the entity to the other entity. + + :ivar target_entity_id: The target entity Id. + :vartype target_entity_id: str + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + """ + + _attribute_map = { + "target_entity_id": {"key": "targetEntityId", "type": "str"}, + "additional_data": {"key": "additionalData", "type": "{object}"}, + } + + def __init__( + self, *, target_entity_id: Optional[str] = None, additional_data: Optional[Dict[str, JSON]] = None, **kwargs + ): + """ + :keyword target_entity_id: The target entity Id. + :paramtype target_entity_id: str + :keyword additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :paramtype additional_data: dict[str, JSON] + """ + super().__init__(**kwargs) + self.target_entity_id = target_entity_id + self.additional_data = additional_data + + +class EntityExpandParameters(_serialization.Model): + """The parameters required to execute an expand operation on the given entity. + + :ivar end_time: The end date filter, so the only expansion results returned are before this + date. + :vartype end_time: ~datetime.datetime + :ivar expansion_id: The Id of the expansion to perform. + :vartype expansion_id: str + :ivar start_time: The start date filter, so the only expansion results returned are after this + date. + :vartype start_time: ~datetime.datetime + """ + + _attribute_map = { + "end_time": {"key": "endTime", "type": "iso-8601"}, + "expansion_id": {"key": "expansionId", "type": "str"}, + "start_time": {"key": "startTime", "type": "iso-8601"}, + } + + def __init__( + self, + *, + end_time: Optional[datetime.datetime] = None, + expansion_id: Optional[str] = None, + start_time: Optional[datetime.datetime] = None, + **kwargs + ): + """ + :keyword end_time: The end date filter, so the only expansion results returned are before this + date. + :paramtype end_time: ~datetime.datetime + :keyword expansion_id: The Id of the expansion to perform. + :paramtype expansion_id: str + :keyword start_time: The start date filter, so the only expansion results returned are after + this date. + :paramtype start_time: ~datetime.datetime + """ + super().__init__(**kwargs) + self.end_time = end_time + self.expansion_id = expansion_id + self.start_time = start_time + + +class EntityExpandResponse(_serialization.Model): + """The entity expansion result operation response. + + :ivar meta_data: The metadata from the expansion operation results. + :vartype meta_data: ~azure.mgmt.securityinsight.models.ExpansionResultsMetadata + :ivar value: The expansion result values. + :vartype value: ~azure.mgmt.securityinsight.models.EntityExpandResponseValue + """ + + _attribute_map = { + "meta_data": {"key": "metaData", "type": "ExpansionResultsMetadata"}, + "value": {"key": "value", "type": "EntityExpandResponseValue"}, + } + + def __init__( + self, + *, + meta_data: Optional["_models.ExpansionResultsMetadata"] = None, + value: Optional["_models.EntityExpandResponseValue"] = None, + **kwargs + ): + """ + :keyword meta_data: The metadata from the expansion operation results. + :paramtype meta_data: ~azure.mgmt.securityinsight.models.ExpansionResultsMetadata + :keyword value: The expansion result values. + :paramtype value: ~azure.mgmt.securityinsight.models.EntityExpandResponseValue + """ + super().__init__(**kwargs) + self.meta_data = meta_data + self.value = value + + +class EntityExpandResponseValue(_serialization.Model): + """The expansion result values. + + :ivar entities: Array of the expansion result entities. + :vartype entities: list[~azure.mgmt.securityinsight.models.Entity] + :ivar edges: Array of edges that connects the entity to the list of entities. + :vartype edges: list[~azure.mgmt.securityinsight.models.EntityEdges] + """ + + _attribute_map = { + "entities": {"key": "entities", "type": "[Entity]"}, + "edges": {"key": "edges", "type": "[EntityEdges]"}, + } + + def __init__( + self, + *, + entities: Optional[List["_models.Entity"]] = None, + edges: Optional[List["_models.EntityEdges"]] = None, + **kwargs + ): + """ + :keyword entities: Array of the expansion result entities. + :paramtype entities: list[~azure.mgmt.securityinsight.models.Entity] + :keyword edges: Array of edges that connects the entity to the list of entities. + :paramtype edges: list[~azure.mgmt.securityinsight.models.EntityEdges] + """ + super().__init__(**kwargs) + self.entities = entities + self.edges = edges + + +class EntityFieldMapping(_serialization.Model): + """Map identifiers of a single entity. + + :ivar identifier: Alert V3 identifier. + :vartype identifier: str + :ivar value: The value of the identifier. + :vartype value: str + """ + + _attribute_map = { + "identifier": {"key": "identifier", "type": "str"}, + "value": {"key": "value", "type": "str"}, + } + + def __init__(self, *, identifier: Optional[str] = None, value: Optional[str] = None, **kwargs): + """ + :keyword identifier: Alert V3 identifier. + :paramtype identifier: str + :keyword value: The value of the identifier. + :paramtype value: str + """ + super().__init__(**kwargs) + self.identifier = identifier + self.value = value + + +class EntityGetInsightsParameters(_serialization.Model): + """The parameters required to execute insights operation on the given entity. + + All required parameters must be populated in order to send to Azure. + + :ivar start_time: The start timeline date, so the results returned are after this date. + Required. + :vartype start_time: ~datetime.datetime + :ivar end_time: The end timeline date, so the results returned are before this date. Required. + :vartype end_time: ~datetime.datetime + :ivar add_default_extended_time_range: Indicates if query time range should be extended with + default time range of the query. Default value is false. + :vartype add_default_extended_time_range: bool + :ivar insight_query_ids: List of Insights Query Id. If empty, default value is all insights of + this entity. + :vartype insight_query_ids: list[str] + """ + + _validation = { + "start_time": {"required": True}, + "end_time": {"required": True}, + } + + _attribute_map = { + "start_time": {"key": "startTime", "type": "iso-8601"}, + "end_time": {"key": "endTime", "type": "iso-8601"}, + "add_default_extended_time_range": {"key": "addDefaultExtendedTimeRange", "type": "bool"}, + "insight_query_ids": {"key": "insightQueryIds", "type": "[str]"}, + } + + def __init__( + self, + *, + start_time: datetime.datetime, + end_time: datetime.datetime, + add_default_extended_time_range: Optional[bool] = None, + insight_query_ids: Optional[List[str]] = None, + **kwargs + ): + """ + :keyword start_time: The start timeline date, so the results returned are after this date. + Required. + :paramtype start_time: ~datetime.datetime + :keyword end_time: The end timeline date, so the results returned are before this date. + Required. + :paramtype end_time: ~datetime.datetime + :keyword add_default_extended_time_range: Indicates if query time range should be extended with + default time range of the query. Default value is false. + :paramtype add_default_extended_time_range: bool + :keyword insight_query_ids: List of Insights Query Id. If empty, default value is all insights + of this entity. + :paramtype insight_query_ids: list[str] + """ + super().__init__(**kwargs) + self.start_time = start_time + self.end_time = end_time + self.add_default_extended_time_range = add_default_extended_time_range + self.insight_query_ids = insight_query_ids + + +class EntityGetInsightsResponse(_serialization.Model): + """The Get Insights result operation response. + + :ivar meta_data: The metadata from the get insights operation results. + :vartype meta_data: ~azure.mgmt.securityinsight.models.GetInsightsResultsMetadata + :ivar value: The insights result values. + :vartype value: list[~azure.mgmt.securityinsight.models.EntityInsightItem] + """ + + _attribute_map = { + "meta_data": {"key": "metaData", "type": "GetInsightsResultsMetadata"}, + "value": {"key": "value", "type": "[EntityInsightItem]"}, + } + + def __init__( + self, + *, + meta_data: Optional["_models.GetInsightsResultsMetadata"] = None, + value: Optional[List["_models.EntityInsightItem"]] = None, + **kwargs + ): + """ + :keyword meta_data: The metadata from the get insights operation results. + :paramtype meta_data: ~azure.mgmt.securityinsight.models.GetInsightsResultsMetadata + :keyword value: The insights result values. + :paramtype value: list[~azure.mgmt.securityinsight.models.EntityInsightItem] + """ + super().__init__(**kwargs) + self.meta_data = meta_data + self.value = value + + +class EntityInsightItem(_serialization.Model): + """Entity insight Item. + + :ivar query_id: The query id of the insight. + :vartype query_id: str + :ivar query_time_interval: The Time interval that the query actually executed on. + :vartype query_time_interval: + ~azure.mgmt.securityinsight.models.EntityInsightItemQueryTimeInterval + :ivar table_query_results: Query results for table insights query. + :vartype table_query_results: ~azure.mgmt.securityinsight.models.InsightsTableResult + :ivar chart_query_results: Query results for table insights query. + :vartype chart_query_results: list[~azure.mgmt.securityinsight.models.InsightsTableResult] + """ + + _attribute_map = { + "query_id": {"key": "queryId", "type": "str"}, + "query_time_interval": {"key": "queryTimeInterval", "type": "EntityInsightItemQueryTimeInterval"}, + "table_query_results": {"key": "tableQueryResults", "type": "InsightsTableResult"}, + "chart_query_results": {"key": "chartQueryResults", "type": "[InsightsTableResult]"}, + } + + def __init__( + self, + *, + query_id: Optional[str] = None, + query_time_interval: Optional["_models.EntityInsightItemQueryTimeInterval"] = None, + table_query_results: Optional["_models.InsightsTableResult"] = None, + chart_query_results: Optional[List["_models.InsightsTableResult"]] = None, + **kwargs + ): + """ + :keyword query_id: The query id of the insight. + :paramtype query_id: str + :keyword query_time_interval: The Time interval that the query actually executed on. + :paramtype query_time_interval: + ~azure.mgmt.securityinsight.models.EntityInsightItemQueryTimeInterval + :keyword table_query_results: Query results for table insights query. + :paramtype table_query_results: ~azure.mgmt.securityinsight.models.InsightsTableResult + :keyword chart_query_results: Query results for table insights query. + :paramtype chart_query_results: list[~azure.mgmt.securityinsight.models.InsightsTableResult] + """ + super().__init__(**kwargs) + self.query_id = query_id + self.query_time_interval = query_time_interval + self.table_query_results = table_query_results + self.chart_query_results = chart_query_results + + +class EntityInsightItemQueryTimeInterval(_serialization.Model): + """The Time interval that the query actually executed on. + + :ivar start_time: Insight query start time. + :vartype start_time: ~datetime.datetime + :ivar end_time: Insight query end time. + :vartype end_time: ~datetime.datetime + """ + + _attribute_map = { + "start_time": {"key": "startTime", "type": "iso-8601"}, + "end_time": {"key": "endTime", "type": "iso-8601"}, + } + + def __init__( + self, *, start_time: Optional[datetime.datetime] = None, end_time: Optional[datetime.datetime] = None, **kwargs + ): + """ + :keyword start_time: Insight query start time. + :paramtype start_time: ~datetime.datetime + :keyword end_time: Insight query end time. + :paramtype end_time: ~datetime.datetime + """ + super().__init__(**kwargs) + self.start_time = start_time + self.end_time = end_time + + +class EntityList(_serialization.Model): + """List of all the entities. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of entities. + :vartype next_link: str + :ivar value: Array of entities. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.Entity] + """ + + _validation = { + "next_link": {"readonly": True}, + "value": {"required": True}, + } + + _attribute_map = { + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[Entity]"}, + } + + def __init__(self, *, value: List["_models.Entity"], **kwargs): + """ + :keyword value: Array of entities. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.Entity] + """ + super().__init__(**kwargs) + self.next_link = None + self.value = value + + +class EntityMapping(_serialization.Model): + """Single entity mapping for the alert rule. + + :ivar entity_type: The V3 type of the mapped entity. Known values are: "Account", "Host", "IP", + "Malware", "File", "Process", "CloudApplication", "DNS", "AzureResource", "FileHash", + "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "Mailbox", "MailCluster", + "MailMessage", and "SubmissionMail". + :vartype entity_type: str or ~azure.mgmt.securityinsight.models.EntityMappingType + :ivar field_mappings: array of field mappings for the given entity mapping. + :vartype field_mappings: list[~azure.mgmt.securityinsight.models.FieldMapping] + """ + + _attribute_map = { + "entity_type": {"key": "entityType", "type": "str"}, + "field_mappings": {"key": "fieldMappings", "type": "[FieldMapping]"}, + } + + def __init__( + self, + *, + entity_type: Optional[Union[str, "_models.EntityMappingType"]] = None, + field_mappings: Optional[List["_models.FieldMapping"]] = None, + **kwargs + ): + """ + :keyword entity_type: The V3 type of the mapped entity. Known values are: "Account", "Host", + "IP", "Malware", "File", "Process", "CloudApplication", "DNS", "AzureResource", "FileHash", + "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "Mailbox", "MailCluster", + "MailMessage", and "SubmissionMail". + :paramtype entity_type: str or ~azure.mgmt.securityinsight.models.EntityMappingType + :keyword field_mappings: array of field mappings for the given entity mapping. + :paramtype field_mappings: list[~azure.mgmt.securityinsight.models.FieldMapping] + """ + super().__init__(**kwargs) + self.entity_type = entity_type + self.field_mappings = field_mappings + + +class EntityQueryItem(_serialization.Model): + """An abstract Query item for entity. + + You probably want to use the sub-classes and not this class directly. Known sub-classes are: + InsightQueryItem + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Query Template ARM ID. + :vartype id: str + :ivar name: Query Template ARM Name. + :vartype name: str + :ivar type: ARM Type. + :vartype type: str + :ivar kind: The kind of the entity query. Required. Known values are: "Expansion", "Insight", + and "Activity". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityQueryKind + """ + + _validation = { + "id": {"readonly": True}, + "kind": {"required": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + } + + _subtype_map = {"kind": {"Insight": "InsightQueryItem"}} + + def __init__(self, *, name: Optional[str] = None, type: Optional[str] = None, **kwargs): + """ + :keyword name: Query Template ARM Name. + :paramtype name: str + :keyword type: ARM Type. + :paramtype type: str + """ + super().__init__(**kwargs) + self.id = None + self.name = name + self.type = type + self.kind = None # type: Optional[str] + + +class EntityQueryItemProperties(_serialization.Model): + """An properties abstract Query item for entity. + + :ivar data_types: Data types for template. + :vartype data_types: + list[~azure.mgmt.securityinsight.models.EntityQueryItemPropertiesDataTypesItem] + :ivar input_entity_type: The type of the entity. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", "SecurityAlert", + "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType + :ivar required_input_fields_sets: Data types for template. + :vartype required_input_fields_sets: list[list[str]] + :ivar entities_filter: The query applied only to entities matching to all filters. + :vartype entities_filter: JSON + """ + + _attribute_map = { + "data_types": {"key": "dataTypes", "type": "[EntityQueryItemPropertiesDataTypesItem]"}, + "input_entity_type": {"key": "inputEntityType", "type": "str"}, + "required_input_fields_sets": {"key": "requiredInputFieldsSets", "type": "[[str]]"}, + "entities_filter": {"key": "entitiesFilter", "type": "object"}, + } + + def __init__( + self, + *, + data_types: Optional[List["_models.EntityQueryItemPropertiesDataTypesItem"]] = None, + input_entity_type: Optional[Union[str, "_models.EntityType"]] = None, + required_input_fields_sets: Optional[List[List[str]]] = None, + entities_filter: Optional[JSON] = None, + **kwargs + ): + """ + :keyword data_types: Data types for template. + :paramtype data_types: + list[~azure.mgmt.securityinsight.models.EntityQueryItemPropertiesDataTypesItem] + :keyword input_entity_type: The type of the entity. Known values are: "Account", "Host", + "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", "SecurityAlert", + "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :paramtype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType + :keyword required_input_fields_sets: Data types for template. + :paramtype required_input_fields_sets: list[list[str]] + :keyword entities_filter: The query applied only to entities matching to all filters. + :paramtype entities_filter: JSON + """ + super().__init__(**kwargs) + self.data_types = data_types + self.input_entity_type = input_entity_type + self.required_input_fields_sets = required_input_fields_sets + self.entities_filter = entities_filter + + +class EntityQueryItemPropertiesDataTypesItem(_serialization.Model): + """EntityQueryItemPropertiesDataTypesItem. + + :ivar data_type: Data type name. + :vartype data_type: str + """ + + _attribute_map = { + "data_type": {"key": "dataType", "type": "str"}, + } + + def __init__(self, *, data_type: Optional[str] = None, **kwargs): + """ + :keyword data_type: Data type name. + :paramtype data_type: str + """ + super().__init__(**kwargs) + self.data_type = data_type + + +class EntityQueryList(_serialization.Model): + """List of all the entity queries. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of entity queries. + :vartype next_link: str + :ivar value: Array of entity queries. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.EntityQuery] + """ + + _validation = { + "next_link": {"readonly": True}, + "value": {"required": True}, + } + + _attribute_map = { + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[EntityQuery]"}, + } + + def __init__(self, *, value: List["_models.EntityQuery"], **kwargs): + """ + :keyword value: Array of entity queries. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.EntityQuery] + """ + super().__init__(**kwargs) + self.next_link = None + self.value = value + + +class EntityQueryTemplateList(_serialization.Model): + """List of all the entity query templates. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of entity query templates. + :vartype next_link: str + :ivar value: Array of entity query templates. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.EntityQueryTemplate] + """ + + _validation = { + "next_link": {"readonly": True}, + "value": {"required": True}, + } + + _attribute_map = { + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[EntityQueryTemplate]"}, + } + + def __init__(self, *, value: List["_models.EntityQueryTemplate"], **kwargs): + """ + :keyword value: Array of entity query templates. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.EntityQueryTemplate] + """ + super().__init__(**kwargs) + self.next_link = None + self.value = value + + +class EntityTimelineParameters(_serialization.Model): + """The parameters required to execute s timeline operation on the given entity. + + All required parameters must be populated in order to send to Azure. + + :ivar kinds: Array of timeline Item kinds. + :vartype kinds: list[str or ~azure.mgmt.securityinsight.models.EntityTimelineKind] + :ivar start_time: The start timeline date, so the results returned are after this date. + Required. + :vartype start_time: ~datetime.datetime + :ivar end_time: The end timeline date, so the results returned are before this date. Required. + :vartype end_time: ~datetime.datetime + :ivar number_of_bucket: The number of bucket for timeline queries aggregation. + :vartype number_of_bucket: int + """ + + _validation = { + "start_time": {"required": True}, + "end_time": {"required": True}, + } + + _attribute_map = { + "kinds": {"key": "kinds", "type": "[str]"}, + "start_time": {"key": "startTime", "type": "iso-8601"}, + "end_time": {"key": "endTime", "type": "iso-8601"}, + "number_of_bucket": {"key": "numberOfBucket", "type": "int"}, + } + + def __init__( + self, + *, + start_time: datetime.datetime, + end_time: datetime.datetime, + kinds: Optional[List[Union[str, "_models.EntityTimelineKind"]]] = None, + number_of_bucket: Optional[int] = None, + **kwargs + ): + """ + :keyword kinds: Array of timeline Item kinds. + :paramtype kinds: list[str or ~azure.mgmt.securityinsight.models.EntityTimelineKind] + :keyword start_time: The start timeline date, so the results returned are after this date. + Required. + :paramtype start_time: ~datetime.datetime + :keyword end_time: The end timeline date, so the results returned are before this date. + Required. + :paramtype end_time: ~datetime.datetime + :keyword number_of_bucket: The number of bucket for timeline queries aggregation. + :paramtype number_of_bucket: int + """ + super().__init__(**kwargs) + self.kinds = kinds + self.start_time = start_time + self.end_time = end_time + self.number_of_bucket = number_of_bucket + + +class EntityTimelineResponse(_serialization.Model): + """The entity timeline result operation response. + + :ivar meta_data: The metadata from the timeline operation results. + :vartype meta_data: ~azure.mgmt.securityinsight.models.TimelineResultsMetadata + :ivar value: The timeline result values. + :vartype value: list[~azure.mgmt.securityinsight.models.EntityTimelineItem] + """ + + _attribute_map = { + "meta_data": {"key": "metaData", "type": "TimelineResultsMetadata"}, + "value": {"key": "value", "type": "[EntityTimelineItem]"}, + } + + def __init__( + self, + *, + meta_data: Optional["_models.TimelineResultsMetadata"] = None, + value: Optional[List["_models.EntityTimelineItem"]] = None, + **kwargs + ): + """ + :keyword meta_data: The metadata from the timeline operation results. + :paramtype meta_data: ~azure.mgmt.securityinsight.models.TimelineResultsMetadata + :keyword value: The timeline result values. + :paramtype value: list[~azure.mgmt.securityinsight.models.EntityTimelineItem] + """ + super().__init__(**kwargs) + self.meta_data = meta_data + self.value = value + + +class EventGroupingSettings(_serialization.Model): + """Event grouping settings property bag. + + :ivar aggregation_kind: The event grouping aggregation kinds. Known values are: "SingleAlert" + and "AlertPerResult". + :vartype aggregation_kind: str or + ~azure.mgmt.securityinsight.models.EventGroupingAggregationKind + """ + + _attribute_map = { + "aggregation_kind": {"key": "aggregationKind", "type": "str"}, + } + + def __init__( + self, *, aggregation_kind: Optional[Union[str, "_models.EventGroupingAggregationKind"]] = None, **kwargs + ): + """ + :keyword aggregation_kind: The event grouping aggregation kinds. Known values are: + "SingleAlert" and "AlertPerResult". + :paramtype aggregation_kind: str or + ~azure.mgmt.securityinsight.models.EventGroupingAggregationKind + """ + super().__init__(**kwargs) + self.aggregation_kind = aggregation_kind + + +class ExpansionEntityQuery(EntityQuery): # pylint: disable=too-many-instance-attributes + """Represents Expansion entity query. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: the entity query kind. Required. Known values are: "Expansion", "Insight", and + "Activity". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityQueryKind + :ivar data_sources: List of the data sources that are required to run the query. + :vartype data_sources: list[str] + :ivar display_name: The query display name. + :vartype display_name: str + :ivar input_entity_type: The type of the query's source entity. Known values are: "Account", + "Host", "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", + "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", + "SecurityAlert", "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", + and "Nic". + :vartype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType + :ivar input_fields: List of the fields of the source entity that are required to run the query. + :vartype input_fields: list[str] + :ivar output_entity_types: List of the desired output types to be constructed from the result. + :vartype output_entity_types: list[str or ~azure.mgmt.securityinsight.models.EntityType] + :ivar query_template: The template query string to be parsed and formatted. + :vartype query_template: str + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "data_sources": {"key": "properties.dataSources", "type": "[str]"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "input_entity_type": {"key": "properties.inputEntityType", "type": "str"}, + "input_fields": {"key": "properties.inputFields", "type": "[str]"}, + "output_entity_types": {"key": "properties.outputEntityTypes", "type": "[str]"}, + "query_template": {"key": "properties.queryTemplate", "type": "str"}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + data_sources: Optional[List[str]] = None, + display_name: Optional[str] = None, + input_entity_type: Optional[Union[str, "_models.EntityType"]] = None, + input_fields: Optional[List[str]] = None, + output_entity_types: Optional[List[Union[str, "_models.EntityType"]]] = None, + query_template: Optional[str] = None, + **kwargs + ): + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword data_sources: List of the data sources that are required to run the query. + :paramtype data_sources: list[str] + :keyword display_name: The query display name. + :paramtype display_name: str + :keyword input_entity_type: The type of the query's source entity. Known values are: "Account", + "Host", "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", + "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", + "SecurityAlert", "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", + and "Nic". + :paramtype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType + :keyword input_fields: List of the fields of the source entity that are required to run the + query. + :paramtype input_fields: list[str] + :keyword output_entity_types: List of the desired output types to be constructed from the + result. + :paramtype output_entity_types: list[str or ~azure.mgmt.securityinsight.models.EntityType] + :keyword query_template: The template query string to be parsed and formatted. + :paramtype query_template: str + """ + super().__init__(etag=etag, **kwargs) + self.kind = "Expansion" # type: str + self.data_sources = data_sources + self.display_name = display_name + self.input_entity_type = input_entity_type + self.input_fields = input_fields + self.output_entity_types = output_entity_types + self.query_template = query_template + + +class ExpansionResultAggregation(_serialization.Model): + """Information of a specific aggregation in the expansion result. + + All required parameters must be populated in order to send to Azure. + + :ivar aggregation_type: The common type of the aggregation. (for e.g. entity field name). + :vartype aggregation_type: str + :ivar count: Total number of aggregations of the given kind (and aggregationType if given) in + the expansion result. Required. + :vartype count: int + :ivar display_name: The display name of the aggregation by type. + :vartype display_name: str + :ivar entity_kind: The kind of the aggregated entity. Required. Known values are: "Account", + "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", + "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", + "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and + "Nic". + :vartype entity_kind: str or ~azure.mgmt.securityinsight.models.EntityKind + """ + + _validation = { + "count": {"required": True}, + "entity_kind": {"required": True}, + } + + _attribute_map = { + "aggregation_type": {"key": "aggregationType", "type": "str"}, + "count": {"key": "count", "type": "int"}, + "display_name": {"key": "displayName", "type": "str"}, + "entity_kind": {"key": "entityKind", "type": "str"}, + } + + def __init__( + self, + *, + count: int, + entity_kind: Union[str, "_models.EntityKind"], + aggregation_type: Optional[str] = None, + display_name: Optional[str] = None, + **kwargs + ): + """ + :keyword aggregation_type: The common type of the aggregation. (for e.g. entity field name). + :paramtype aggregation_type: str + :keyword count: Total number of aggregations of the given kind (and aggregationType if given) + in the expansion result. Required. + :paramtype count: int + :keyword display_name: The display name of the aggregation by type. + :paramtype display_name: str + :keyword entity_kind: The kind of the aggregated entity. Required. Known values are: "Account", + "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", + "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", + "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and + "Nic". + :paramtype entity_kind: str or ~azure.mgmt.securityinsight.models.EntityKind + """ + super().__init__(**kwargs) + self.aggregation_type = aggregation_type + self.count = count + self.display_name = display_name + self.entity_kind = entity_kind + + +class ExpansionResultsMetadata(_serialization.Model): + """Expansion result metadata. + + :ivar aggregations: Information of the aggregated nodes in the expansion result. + :vartype aggregations: list[~azure.mgmt.securityinsight.models.ExpansionResultAggregation] + """ + + _attribute_map = { + "aggregations": {"key": "aggregations", "type": "[ExpansionResultAggregation]"}, + } + + def __init__(self, *, aggregations: Optional[List["_models.ExpansionResultAggregation"]] = None, **kwargs): + """ + :keyword aggregations: Information of the aggregated nodes in the expansion result. + :paramtype aggregations: list[~azure.mgmt.securityinsight.models.ExpansionResultAggregation] + """ + super().__init__(**kwargs) + self.aggregations = aggregations + + +class EyesOn(Settings): + """Settings with single toggle. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The kind of the setting. Required. Known values are: "Anomalies", "EyesOn", + "EntityAnalytics", and "Ueba". + :vartype kind: str or ~azure.mgmt.securityinsight.models.SettingKind + :ivar is_enabled: Determines whether the setting is enable or disabled. + :vartype is_enabled: bool + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "is_enabled": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "is_enabled": {"key": "properties.isEnabled", "type": "bool"}, + } + + def __init__(self, *, etag: Optional[str] = None, **kwargs): + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + """ + super().__init__(etag=etag, **kwargs) + self.kind = "EyesOn" # type: str + self.is_enabled = None + + +class FieldMapping(_serialization.Model): + """A single field mapping of the mapped entity. + + :ivar identifier: the V3 identifier of the entity. + :vartype identifier: str + :ivar column_name: the column name to be mapped to the identifier. + :vartype column_name: str + """ + + _attribute_map = { + "identifier": {"key": "identifier", "type": "str"}, + "column_name": {"key": "columnName", "type": "str"}, + } + + def __init__(self, *, identifier: Optional[str] = None, column_name: Optional[str] = None, **kwargs): + """ + :keyword identifier: the V3 identifier of the entity. + :paramtype identifier: str + :keyword column_name: the column name to be mapped to the identifier. + :paramtype column_name: str + """ + super().__init__(**kwargs) + self.identifier = identifier + self.column_name = column_name + + +class FileEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents a file entity. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar directory: The full path to the file. + :vartype directory: str + :ivar file_hash_entity_ids: The file hash entity identifiers associated with this file. + :vartype file_hash_entity_ids: list[str] + :ivar file_name: The file name without path (some alerts might not include path). + :vartype file_name: str + :ivar host_entity_id: The Host entity id which the file belongs to. + :vartype host_entity_id: str + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "directory": {"readonly": True}, + "file_hash_entity_ids": {"readonly": True}, + "file_name": {"readonly": True}, + "host_entity_id": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "directory": {"key": "properties.directory", "type": "str"}, + "file_hash_entity_ids": {"key": "properties.fileHashEntityIds", "type": "[str]"}, + "file_name": {"key": "properties.fileName", "type": "str"}, + "host_entity_id": {"key": "properties.hostEntityId", "type": "str"}, + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.kind = "File" # type: str + self.additional_data = None + self.friendly_name = None + self.directory = None + self.file_hash_entity_ids = None + self.file_name = None + self.host_entity_id = None + + +class FileEntityProperties(EntityCommonProperties): + """File entity property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar directory: The full path to the file. + :vartype directory: str + :ivar file_hash_entity_ids: The file hash entity identifiers associated with this file. + :vartype file_hash_entity_ids: list[str] + :ivar file_name: The file name without path (some alerts might not include path). + :vartype file_name: str + :ivar host_entity_id: The Host entity id which the file belongs to. + :vartype host_entity_id: str + """ + + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "directory": {"readonly": True}, + "file_hash_entity_ids": {"readonly": True}, + "file_name": {"readonly": True}, + "host_entity_id": {"readonly": True}, + } + + _attribute_map = { + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "directory": {"key": "directory", "type": "str"}, + "file_hash_entity_ids": {"key": "fileHashEntityIds", "type": "[str]"}, + "file_name": {"key": "fileName", "type": "str"}, + "host_entity_id": {"key": "hostEntityId", "type": "str"}, + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.directory = None + self.file_hash_entity_ids = None + self.file_name = None + self.host_entity_id = None + + +class FileHashEntity(Entity): + """Represents a file hash entity. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar algorithm: The hash algorithm type. Known values are: "Unknown", "MD5", "SHA1", "SHA256", + and "SHA256AC". + :vartype algorithm: str or ~azure.mgmt.securityinsight.models.FileHashAlgorithm + :ivar hash_value: The file hash value. + :vartype hash_value: str + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "algorithm": {"readonly": True}, + "hash_value": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "algorithm": {"key": "properties.algorithm", "type": "str"}, + "hash_value": {"key": "properties.hashValue", "type": "str"}, + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.kind = "FileHash" # type: str + self.additional_data = None + self.friendly_name = None + self.algorithm = None + self.hash_value = None + + +class FileHashEntityProperties(EntityCommonProperties): + """FileHash entity property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar algorithm: The hash algorithm type. Known values are: "Unknown", "MD5", "SHA1", "SHA256", + and "SHA256AC". + :vartype algorithm: str or ~azure.mgmt.securityinsight.models.FileHashAlgorithm + :ivar hash_value: The file hash value. + :vartype hash_value: str + """ + + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "algorithm": {"readonly": True}, + "hash_value": {"readonly": True}, + } + + _attribute_map = { + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "algorithm": {"key": "algorithm", "type": "str"}, + "hash_value": {"key": "hashValue", "type": "str"}, + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.algorithm = None + self.hash_value = None + + +class FileImport(Resource): # pylint: disable=too-many-instance-attributes + """Represents a file import in Azure Security Insights. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar ingestion_mode: Describes how to ingest the records in the file. Known values are: + "IngestOnlyIfAllAreValid", "IngestAnyValidRecords", and "Unspecified". + :vartype ingestion_mode: str or ~azure.mgmt.securityinsight.models.IngestionMode + :ivar content_type: The content type of this file. Known values are: "BasicIndicator", + "StixIndicator", and "Unspecified". + :vartype content_type: str or ~azure.mgmt.securityinsight.models.FileImportContentType + :ivar created_time_utc: The time the file was imported. + :vartype created_time_utc: ~datetime.datetime + :ivar error_file: Represents the error file (if the import was ingested with errors or failed + the validation). + :vartype error_file: ~azure.mgmt.securityinsight.models.FileMetadata + :ivar errors_preview: An ordered list of some of the errors that were encountered during + validation. + :vartype errors_preview: list[~azure.mgmt.securityinsight.models.ValidationError] + :ivar import_file: Represents the imported file. + :vartype import_file: ~azure.mgmt.securityinsight.models.FileMetadata + :ivar ingested_record_count: The number of records that have been successfully ingested. + :vartype ingested_record_count: int + :ivar source: The source for the data in the file. + :vartype source: str + :ivar state: The state of the file import. Known values are: "FatalError", "Ingested", + "IngestedWithErrors", "InProgress", "Invalid", "WaitingForUpload", and "Unspecified". + :vartype state: str or ~azure.mgmt.securityinsight.models.FileImportState + :ivar total_record_count: The number of records in the file. + :vartype total_record_count: int + :ivar valid_record_count: The number of records that have passed validation. + :vartype valid_record_count: int + :ivar files_valid_until_time_utc: The time the files associated with this import are deleted + from the storage account. + :vartype files_valid_until_time_utc: ~datetime.datetime + :ivar import_valid_until_time_utc: The time the file import record is soft deleted from the + database and history. + :vartype import_valid_until_time_utc: ~datetime.datetime + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "created_time_utc": {"readonly": True}, + "error_file": {"readonly": True}, + "errors_preview": {"readonly": True}, + "ingested_record_count": {"readonly": True}, + "state": {"readonly": True}, + "total_record_count": {"readonly": True}, + "valid_record_count": {"readonly": True}, + "files_valid_until_time_utc": {"readonly": True}, + "import_valid_until_time_utc": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "ingestion_mode": {"key": "properties.ingestionMode", "type": "str"}, + "content_type": {"key": "properties.contentType", "type": "str"}, + "created_time_utc": {"key": "properties.createdTimeUTC", "type": "iso-8601"}, + "error_file": {"key": "properties.errorFile", "type": "FileMetadata"}, + "errors_preview": {"key": "properties.errorsPreview", "type": "[ValidationError]"}, + "import_file": {"key": "properties.importFile", "type": "FileMetadata"}, + "ingested_record_count": {"key": "properties.ingestedRecordCount", "type": "int"}, + "source": {"key": "properties.source", "type": "str"}, + "state": {"key": "properties.state", "type": "str"}, + "total_record_count": {"key": "properties.totalRecordCount", "type": "int"}, + "valid_record_count": {"key": "properties.validRecordCount", "type": "int"}, + "files_valid_until_time_utc": {"key": "properties.filesValidUntilTimeUTC", "type": "iso-8601"}, + "import_valid_until_time_utc": {"key": "properties.importValidUntilTimeUTC", "type": "iso-8601"}, + } + + def __init__( + self, + *, + ingestion_mode: Optional[Union[str, "_models.IngestionMode"]] = None, + content_type: Optional[Union[str, "_models.FileImportContentType"]] = None, + import_file: Optional["_models.FileMetadata"] = None, + source: Optional[str] = None, + **kwargs + ): + """ + :keyword ingestion_mode: Describes how to ingest the records in the file. Known values are: + "IngestOnlyIfAllAreValid", "IngestAnyValidRecords", and "Unspecified". + :paramtype ingestion_mode: str or ~azure.mgmt.securityinsight.models.IngestionMode + :keyword content_type: The content type of this file. Known values are: "BasicIndicator", + "StixIndicator", and "Unspecified". + :paramtype content_type: str or ~azure.mgmt.securityinsight.models.FileImportContentType + :keyword import_file: Represents the imported file. + :paramtype import_file: ~azure.mgmt.securityinsight.models.FileMetadata + :keyword source: The source for the data in the file. + :paramtype source: str + """ + super().__init__(**kwargs) + self.ingestion_mode = ingestion_mode + self.content_type = content_type + self.created_time_utc = None + self.error_file = None + self.errors_preview = None + self.import_file = import_file + self.ingested_record_count = None + self.source = source + self.state = None + self.total_record_count = None + self.valid_record_count = None + self.files_valid_until_time_utc = None + self.import_valid_until_time_utc = None + + +class FileImportList(_serialization.Model): + """List all the file imports. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of file imports. + :vartype next_link: str + :ivar value: Array of file imports. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.FileImport] + """ + + _validation = { + "next_link": {"readonly": True}, + "value": {"required": True}, + } + + _attribute_map = { + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[FileImport]"}, + } + + def __init__(self, *, value: List["_models.FileImport"], **kwargs): + """ + :keyword value: Array of file imports. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.FileImport] + """ + super().__init__(**kwargs) + self.next_link = None + self.value = value + + +class FileMetadata(_serialization.Model): + """Represents a file. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar file_format: The format of the file. Known values are: "CSV", "JSON", and "Unspecified". + :vartype file_format: str or ~azure.mgmt.securityinsight.models.FileFormat + :ivar file_name: The name of the file. + :vartype file_name: str + :ivar file_size: The size of the file. + :vartype file_size: int + :ivar file_content_uri: A URI with a valid SAS token to allow uploading / downloading the file. + :vartype file_content_uri: str + :ivar delete_status: Indicates whether the file was deleted from the storage account. Known + values are: "Deleted", "NotDeleted", and "Unspecified". + :vartype delete_status: str or ~azure.mgmt.securityinsight.models.DeleteStatus + """ + + _validation = { + "file_content_uri": {"readonly": True}, + "delete_status": {"readonly": True}, + } + + _attribute_map = { + "file_format": {"key": "fileFormat", "type": "str"}, + "file_name": {"key": "fileName", "type": "str"}, + "file_size": {"key": "fileSize", "type": "int"}, + "file_content_uri": {"key": "fileContentUri", "type": "str"}, + "delete_status": {"key": "deleteStatus", "type": "str"}, + } + + def __init__( + self, + *, + file_format: Optional[Union[str, "_models.FileFormat"]] = None, + file_name: Optional[str] = None, + file_size: Optional[int] = None, + **kwargs + ): + """ + :keyword file_format: The format of the file. Known values are: "CSV", "JSON", and + "Unspecified". + :paramtype file_format: str or ~azure.mgmt.securityinsight.models.FileFormat + :keyword file_name: The name of the file. + :paramtype file_name: str + :keyword file_size: The size of the file. + :paramtype file_size: int + """ + super().__init__(**kwargs) + self.file_format = file_format + self.file_name = file_name + self.file_size = file_size + self.file_content_uri = None + self.delete_status = None + + +class FusionAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes + """Represents Fusion alert rule. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and + "NRT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. + :vartype alert_rule_template_name: str + :ivar description: The description of the alert rule. + :vartype description: str + :ivar display_name: The display name for alerts created by this alert rule. + :vartype display_name: str + :ivar enabled: Determines whether this alert rule is enabled or disabled. + :vartype enabled: bool + :ivar source_settings: Configuration for all supported source signals in fusion detection. + :vartype source_settings: list[~azure.mgmt.securityinsight.models.FusionSourceSettings] + :ivar scenario_exclusion_patterns: Configuration to exclude scenarios in fusion detection. + :vartype scenario_exclusion_patterns: + list[~azure.mgmt.securityinsight.models.FusionScenarioExclusionPattern] + :ivar last_modified_utc: The last time that this alert has been modified. + :vartype last_modified_utc: ~datetime.datetime + :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", + "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar tactics: The tactics of the alert rule. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule. + :vartype techniques: list[str] + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "description": {"readonly": True}, + "display_name": {"readonly": True}, + "last_modified_utc": {"readonly": True}, + "severity": {"readonly": True}, + "tactics": {"readonly": True}, + "techniques": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "alert_rule_template_name": {"key": "properties.alertRuleTemplateName", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "enabled": {"key": "properties.enabled", "type": "bool"}, + "source_settings": {"key": "properties.sourceSettings", "type": "[FusionSourceSettings]"}, + "scenario_exclusion_patterns": { + "key": "properties.scenarioExclusionPatterns", + "type": "[FusionScenarioExclusionPattern]", + }, + "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, + "severity": {"key": "properties.severity", "type": "str"}, + "tactics": {"key": "properties.tactics", "type": "[str]"}, + "techniques": {"key": "properties.techniques", "type": "[str]"}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + alert_rule_template_name: Optional[str] = None, + enabled: Optional[bool] = None, + source_settings: Optional[List["_models.FusionSourceSettings"]] = None, + scenario_exclusion_patterns: Optional[List["_models.FusionScenarioExclusionPattern"]] = None, + **kwargs + ): + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword alert_rule_template_name: The Name of the alert rule template used to create this + rule. + :paramtype alert_rule_template_name: str + :keyword enabled: Determines whether this alert rule is enabled or disabled. + :paramtype enabled: bool + :keyword source_settings: Configuration for all supported source signals in fusion detection. + :paramtype source_settings: list[~azure.mgmt.securityinsight.models.FusionSourceSettings] + :keyword scenario_exclusion_patterns: Configuration to exclude scenarios in fusion detection. + :paramtype scenario_exclusion_patterns: + list[~azure.mgmt.securityinsight.models.FusionScenarioExclusionPattern] + """ + super().__init__(etag=etag, **kwargs) + self.kind = "Fusion" # type: str + self.alert_rule_template_name = alert_rule_template_name + self.description = None + self.display_name = None + self.enabled = enabled + self.source_settings = source_settings + self.scenario_exclusion_patterns = scenario_exclusion_patterns + self.last_modified_utc = None + self.severity = None + self.tactics = None + self.techniques = None + + +class FusionAlertRuleTemplate(AlertRuleTemplate): # pylint: disable=too-many-instance-attributes + """Represents Fusion alert rule template. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and + "NRT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :vartype alert_rules_created_by_template_count: int + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :ivar last_updated_date_utc: The time that this alert rule template was last updated. + :vartype last_updated_date_utc: ~datetime.datetime + :ivar description: The description of the alert rule template. + :vartype description: str + :ivar display_name: The display name for alert rule template. + :vartype display_name: str + :ivar required_data_connectors: The required data connectors for this template. + :vartype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :ivar status: The alert rule template status. Known values are: "Installed", "Available", and + "NotAvailable". + :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", + "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar tactics: The tactics of the alert rule template. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule. + :vartype techniques: list[str] + :ivar source_settings: All supported source signal configurations consumed in fusion detection. + :vartype source_settings: list[~azure.mgmt.securityinsight.models.FusionTemplateSourceSetting] + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "created_date_utc": {"readonly": True}, + "last_updated_date_utc": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "alert_rules_created_by_template_count": {"key": "properties.alertRulesCreatedByTemplateCount", "type": "int"}, + "created_date_utc": {"key": "properties.createdDateUTC", "type": "iso-8601"}, + "last_updated_date_utc": {"key": "properties.lastUpdatedDateUTC", "type": "iso-8601"}, + "description": {"key": "properties.description", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "required_data_connectors": { + "key": "properties.requiredDataConnectors", + "type": "[AlertRuleTemplateDataSource]", + }, + "status": {"key": "properties.status", "type": "str"}, + "severity": {"key": "properties.severity", "type": "str"}, + "tactics": {"key": "properties.tactics", "type": "[str]"}, + "techniques": {"key": "properties.techniques", "type": "[str]"}, + "source_settings": {"key": "properties.sourceSettings", "type": "[FusionTemplateSourceSetting]"}, + } + + def __init__( + self, + *, + alert_rules_created_by_template_count: Optional[int] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "_models.TemplateStatus"]] = None, + severity: Optional[Union[str, "_models.AlertSeverity"]] = None, + tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, + techniques: Optional[List[str]] = None, + source_settings: Optional[List["_models.FusionTemplateSourceSetting"]] = None, + **kwargs + ): + """ + :keyword alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :paramtype alert_rules_created_by_template_count: int + :keyword description: The description of the alert rule template. + :paramtype description: str + :keyword display_name: The display name for alert rule template. + :paramtype display_name: str + :keyword required_data_connectors: The required data connectors for this template. + :paramtype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :keyword status: The alert rule template status. Known values are: "Installed", "Available", + and "NotAvailable". + :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :keyword severity: The severity for alerts created by this alert rule. Known values are: + "High", "Medium", "Low", and "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :keyword tactics: The tactics of the alert rule template. + :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :keyword techniques: The techniques of the alert rule. + :paramtype techniques: list[str] + :keyword source_settings: All supported source signal configurations consumed in fusion + detection. + :paramtype source_settings: + list[~azure.mgmt.securityinsight.models.FusionTemplateSourceSetting] + """ + super().__init__(**kwargs) + self.kind = "Fusion" # type: str + self.alert_rules_created_by_template_count = alert_rules_created_by_template_count + self.created_date_utc = None + self.last_updated_date_utc = None + self.description = description + self.display_name = display_name + self.required_data_connectors = required_data_connectors + self.status = status + self.severity = severity + self.tactics = tactics + self.techniques = techniques + self.source_settings = source_settings + + +class FusionScenarioExclusionPattern(_serialization.Model): + """Represents a Fusion scenario exclusion patterns in Fusion detection. + + All required parameters must be populated in order to send to Azure. + + :ivar exclusion_pattern: Scenario exclusion pattern. Required. + :vartype exclusion_pattern: str + :ivar date_added_in_utc: DateTime when scenario exclusion pattern is added in UTC. Required. + :vartype date_added_in_utc: str + """ + + _validation = { + "exclusion_pattern": {"required": True}, + "date_added_in_utc": {"required": True}, + } + + _attribute_map = { + "exclusion_pattern": {"key": "exclusionPattern", "type": "str"}, + "date_added_in_utc": {"key": "dateAddedInUTC", "type": "str"}, + } + + def __init__(self, *, exclusion_pattern: str, date_added_in_utc: str, **kwargs): + """ + :keyword exclusion_pattern: Scenario exclusion pattern. Required. + :paramtype exclusion_pattern: str + :keyword date_added_in_utc: DateTime when scenario exclusion pattern is added in UTC. Required. + :paramtype date_added_in_utc: str + """ + super().__init__(**kwargs) + self.exclusion_pattern = exclusion_pattern + self.date_added_in_utc = date_added_in_utc + + +class FusionSourceSettings(_serialization.Model): + """Represents a supported source signal configuration in Fusion detection. + + All required parameters must be populated in order to send to Azure. + + :ivar enabled: Determines whether this source signal is enabled or disabled in Fusion + detection. Required. + :vartype enabled: bool + :ivar source_name: Name of the Fusion source signal. Refer to Fusion alert rule template for + supported values. Required. + :vartype source_name: str + :ivar source_sub_types: Configuration for all source subtypes under this source signal consumed + in fusion detection. + :vartype source_sub_types: list[~azure.mgmt.securityinsight.models.FusionSourceSubTypeSetting] + """ + + _validation = { + "enabled": {"required": True}, + "source_name": {"required": True}, + } + + _attribute_map = { + "enabled": {"key": "enabled", "type": "bool"}, + "source_name": {"key": "sourceName", "type": "str"}, + "source_sub_types": {"key": "sourceSubTypes", "type": "[FusionSourceSubTypeSetting]"}, + } + + def __init__( + self, + *, + enabled: bool, + source_name: str, + source_sub_types: Optional[List["_models.FusionSourceSubTypeSetting"]] = None, + **kwargs + ): + """ + :keyword enabled: Determines whether this source signal is enabled or disabled in Fusion + detection. Required. + :paramtype enabled: bool + :keyword source_name: Name of the Fusion source signal. Refer to Fusion alert rule template for + supported values. Required. + :paramtype source_name: str + :keyword source_sub_types: Configuration for all source subtypes under this source signal + consumed in fusion detection. + :paramtype source_sub_types: + list[~azure.mgmt.securityinsight.models.FusionSourceSubTypeSetting] + """ + super().__init__(**kwargs) + self.enabled = enabled + self.source_name = source_name + self.source_sub_types = source_sub_types + + +class FusionSourceSubTypeSetting(_serialization.Model): + """Represents a supported source subtype configuration under a source signal in Fusion detection. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar enabled: Determines whether this source subtype under source signal is enabled or + disabled in Fusion detection. Required. + :vartype enabled: bool + :ivar source_sub_type_name: The Name of the source subtype under a given source signal in + Fusion detection. Refer to Fusion alert rule template for supported values. Required. + :vartype source_sub_type_name: str + :ivar source_sub_type_display_name: The display name of source subtype under a source signal + consumed in Fusion detection. + :vartype source_sub_type_display_name: str + :ivar severity_filters: Severity configuration for a source subtype consumed in fusion + detection. Required. + :vartype severity_filters: ~azure.mgmt.securityinsight.models.FusionSubTypeSeverityFilter + """ + + _validation = { + "enabled": {"required": True}, + "source_sub_type_name": {"required": True}, + "source_sub_type_display_name": {"readonly": True}, + "severity_filters": {"required": True}, + } + + _attribute_map = { + "enabled": {"key": "enabled", "type": "bool"}, + "source_sub_type_name": {"key": "sourceSubTypeName", "type": "str"}, + "source_sub_type_display_name": {"key": "sourceSubTypeDisplayName", "type": "str"}, + "severity_filters": {"key": "severityFilters", "type": "FusionSubTypeSeverityFilter"}, + } + + def __init__( + self, + *, + enabled: bool, + source_sub_type_name: str, + severity_filters: "_models.FusionSubTypeSeverityFilter", + **kwargs + ): + """ + :keyword enabled: Determines whether this source subtype under source signal is enabled or + disabled in Fusion detection. Required. + :paramtype enabled: bool + :keyword source_sub_type_name: The Name of the source subtype under a given source signal in + Fusion detection. Refer to Fusion alert rule template for supported values. Required. + :paramtype source_sub_type_name: str + :keyword severity_filters: Severity configuration for a source subtype consumed in fusion + detection. Required. + :paramtype severity_filters: ~azure.mgmt.securityinsight.models.FusionSubTypeSeverityFilter + """ + super().__init__(**kwargs) + self.enabled = enabled + self.source_sub_type_name = source_sub_type_name + self.source_sub_type_display_name = None + self.severity_filters = severity_filters + + +class FusionSubTypeSeverityFilter(_serialization.Model): + """Represents severity configuration for a source subtype consumed in Fusion detection. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar is_supported: Determines whether this source subtype supports severity configuration or + not. + :vartype is_supported: bool + :ivar filters: Individual Severity configuration settings for a given source subtype consumed + in Fusion detection. + :vartype filters: list[~azure.mgmt.securityinsight.models.FusionSubTypeSeverityFiltersItem] + """ + + _validation = { + "is_supported": {"readonly": True}, + } + + _attribute_map = { + "is_supported": {"key": "isSupported", "type": "bool"}, + "filters": {"key": "filters", "type": "[FusionSubTypeSeverityFiltersItem]"}, + } + + def __init__(self, *, filters: Optional[List["_models.FusionSubTypeSeverityFiltersItem"]] = None, **kwargs): + """ + :keyword filters: Individual Severity configuration settings for a given source subtype + consumed in Fusion detection. + :paramtype filters: list[~azure.mgmt.securityinsight.models.FusionSubTypeSeverityFiltersItem] + """ + super().__init__(**kwargs) + self.is_supported = None + self.filters = filters + + +class FusionSubTypeSeverityFiltersItem(_serialization.Model): + """Represents a Severity filter setting for a given source subtype consumed in Fusion detection. + + All required parameters must be populated in order to send to Azure. + + :ivar severity: The Severity for a given source subtype consumed in Fusion detection. Required. + Known values are: "High", "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar enabled: Determines whether this severity is enabled or disabled for this source subtype + consumed in Fusion detection. Required. + :vartype enabled: bool + """ + + _validation = { + "severity": {"required": True}, + "enabled": {"required": True}, + } + + _attribute_map = { + "severity": {"key": "severity", "type": "str"}, + "enabled": {"key": "enabled", "type": "bool"}, + } + + def __init__(self, *, severity: Union[str, "_models.AlertSeverity"], enabled: bool, **kwargs): + """ + :keyword severity: The Severity for a given source subtype consumed in Fusion detection. + Required. Known values are: "High", "Medium", "Low", and "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :keyword enabled: Determines whether this severity is enabled or disabled for this source + subtype consumed in Fusion detection. Required. + :paramtype enabled: bool + """ + super().__init__(**kwargs) + self.severity = severity + self.enabled = enabled + + +class FusionTemplateSourceSetting(_serialization.Model): + """Represents a source signal consumed in Fusion detection. + + All required parameters must be populated in order to send to Azure. + + :ivar source_name: The name of a source signal consumed in Fusion detection. Required. + :vartype source_name: str + :ivar source_sub_types: All supported source subtypes under this source signal consumed in + fusion detection. + :vartype source_sub_types: list[~azure.mgmt.securityinsight.models.FusionTemplateSourceSubType] + """ + + _validation = { + "source_name": {"required": True}, + } + + _attribute_map = { + "source_name": {"key": "sourceName", "type": "str"}, + "source_sub_types": {"key": "sourceSubTypes", "type": "[FusionTemplateSourceSubType]"}, + } + + def __init__( + self, + *, + source_name: str, + source_sub_types: Optional[List["_models.FusionTemplateSourceSubType"]] = None, + **kwargs + ): + """ + :keyword source_name: The name of a source signal consumed in Fusion detection. Required. + :paramtype source_name: str + :keyword source_sub_types: All supported source subtypes under this source signal consumed in + fusion detection. + :paramtype source_sub_types: + list[~azure.mgmt.securityinsight.models.FusionTemplateSourceSubType] + """ + super().__init__(**kwargs) + self.source_name = source_name + self.source_sub_types = source_sub_types + + +class FusionTemplateSourceSubType(_serialization.Model): + """Represents a source subtype under a source signal consumed in Fusion detection. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar source_sub_type_name: The name of source subtype under a source signal consumed in Fusion + detection. Required. + :vartype source_sub_type_name: str + :ivar source_sub_type_display_name: The display name of source subtype under a source signal + consumed in Fusion detection. + :vartype source_sub_type_display_name: str + :ivar severity_filter: Severity configuration available for a source subtype consumed in fusion + detection. Required. + :vartype severity_filter: + ~azure.mgmt.securityinsight.models.FusionTemplateSubTypeSeverityFilter + """ + + _validation = { + "source_sub_type_name": {"required": True}, + "source_sub_type_display_name": {"readonly": True}, + "severity_filter": {"required": True}, + } + + _attribute_map = { + "source_sub_type_name": {"key": "sourceSubTypeName", "type": "str"}, + "source_sub_type_display_name": {"key": "sourceSubTypeDisplayName", "type": "str"}, + "severity_filter": {"key": "severityFilter", "type": "FusionTemplateSubTypeSeverityFilter"}, + } + + def __init__( + self, *, source_sub_type_name: str, severity_filter: "_models.FusionTemplateSubTypeSeverityFilter", **kwargs + ): + """ + :keyword source_sub_type_name: The name of source subtype under a source signal consumed in + Fusion detection. Required. + :paramtype source_sub_type_name: str + :keyword severity_filter: Severity configuration available for a source subtype consumed in + fusion detection. Required. + :paramtype severity_filter: + ~azure.mgmt.securityinsight.models.FusionTemplateSubTypeSeverityFilter + """ + super().__init__(**kwargs) + self.source_sub_type_name = source_sub_type_name + self.source_sub_type_display_name = None + self.severity_filter = severity_filter + + +class FusionTemplateSubTypeSeverityFilter(_serialization.Model): + """Represents severity configurations available for a source subtype consumed in Fusion detection. + + All required parameters must be populated in order to send to Azure. + + :ivar is_supported: Determines whether severity configuration is supported for this source + subtype consumed in Fusion detection. Required. + :vartype is_supported: bool + :ivar severity_filters: List of all supported severities for this source subtype consumed in + Fusion detection. + :vartype severity_filters: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + """ + + _validation = { + "is_supported": {"required": True}, + } + + _attribute_map = { + "is_supported": {"key": "isSupported", "type": "bool"}, + "severity_filters": {"key": "severityFilters", "type": "[str]"}, + } + + def __init__( + self, + *, + is_supported: bool, + severity_filters: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, + **kwargs + ): + """ + :keyword is_supported: Determines whether severity configuration is supported for this source + subtype consumed in Fusion detection. Required. + :paramtype is_supported: bool + :keyword severity_filters: List of all supported severities for this source subtype consumed in + Fusion detection. + :paramtype severity_filters: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + """ + super().__init__(**kwargs) + self.is_supported = is_supported + self.severity_filters = severity_filters + + +class GeoLocation(_serialization.Model): + """The geo-location context attached to the ip entity. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar asn: Autonomous System Number. + :vartype asn: int + :ivar city: City name. + :vartype city: str + :ivar country_code: The country code according to ISO 3166 format. + :vartype country_code: str + :ivar country_name: Country name according to ISO 3166 Alpha 2: the lowercase of the English + Short Name. + :vartype country_name: str + :ivar latitude: The longitude of the identified location, expressed as a floating point number + with range of -180 to 180, with positive numbers representing East and negative numbers + representing West. Latitude and longitude are derived from the city or postal code. + :vartype latitude: float + :ivar longitude: The latitude of the identified location, expressed as a floating point number + with range of - 90 to 90, with positive numbers representing North and negative numbers + representing South. Latitude and longitude are derived from the city or postal code. + :vartype longitude: float + :ivar state: State name. + :vartype state: str + """ + + _validation = { + "asn": {"readonly": True}, + "city": {"readonly": True}, + "country_code": {"readonly": True}, + "country_name": {"readonly": True}, + "latitude": {"readonly": True}, + "longitude": {"readonly": True}, + "state": {"readonly": True}, + } + + _attribute_map = { + "asn": {"key": "asn", "type": "int"}, + "city": {"key": "city", "type": "str"}, + "country_code": {"key": "countryCode", "type": "str"}, + "country_name": {"key": "countryName", "type": "str"}, + "latitude": {"key": "latitude", "type": "float"}, + "longitude": {"key": "longitude", "type": "float"}, + "state": {"key": "state", "type": "str"}, + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.asn = None + self.city = None + self.country_code = None + self.country_name = None + self.latitude = None + self.longitude = None + self.state = None + + +class GetInsightsErrorKind(_serialization.Model): + """GetInsights Query Errors. + + All required parameters must be populated in order to send to Azure. + + :ivar kind: the query kind. Required. "Insight" + :vartype kind: str or ~azure.mgmt.securityinsight.models.GetInsightsError + :ivar query_id: the query id. + :vartype query_id: str + :ivar error_message: the error message. Required. + :vartype error_message: str + """ + + _validation = { + "kind": {"required": True}, + "error_message": {"required": True}, + } + + _attribute_map = { + "kind": {"key": "kind", "type": "str"}, + "query_id": {"key": "queryId", "type": "str"}, + "error_message": {"key": "errorMessage", "type": "str"}, + } + + def __init__( + self, + *, + kind: Union[str, "_models.GetInsightsError"], + error_message: str, + query_id: Optional[str] = None, + **kwargs + ): + """ + :keyword kind: the query kind. Required. "Insight" + :paramtype kind: str or ~azure.mgmt.securityinsight.models.GetInsightsError + :keyword query_id: the query id. + :paramtype query_id: str + :keyword error_message: the error message. Required. + :paramtype error_message: str + """ + super().__init__(**kwargs) + self.kind = kind + self.query_id = query_id + self.error_message = error_message + + +class GetInsightsResultsMetadata(_serialization.Model): + """Get Insights result metadata. + + All required parameters must be populated in order to send to Azure. + + :ivar total_count: the total items found for the insights request. Required. + :vartype total_count: int + :ivar errors: information about the failed queries. + :vartype errors: list[~azure.mgmt.securityinsight.models.GetInsightsErrorKind] + """ + + _validation = { + "total_count": {"required": True}, + } + + _attribute_map = { + "total_count": {"key": "totalCount", "type": "int"}, + "errors": {"key": "errors", "type": "[GetInsightsErrorKind]"}, + } + + def __init__(self, *, total_count: int, errors: Optional[List["_models.GetInsightsErrorKind"]] = None, **kwargs): + """ + :keyword total_count: the total items found for the insights request. Required. + :paramtype total_count: int + :keyword errors: information about the failed queries. + :paramtype errors: list[~azure.mgmt.securityinsight.models.GetInsightsErrorKind] + """ + super().__init__(**kwargs) + self.total_count = total_count + self.errors = errors + + +class GetQueriesResponse(_serialization.Model): + """Retrieve queries for entity result operation response. + + :ivar value: The query result values. + :vartype value: list[~azure.mgmt.securityinsight.models.EntityQueryItem] + """ + + _attribute_map = { + "value": {"key": "value", "type": "[EntityQueryItem]"}, + } + + def __init__(self, *, value: Optional[List["_models.EntityQueryItem"]] = None, **kwargs): + """ + :keyword value: The query result values. + :paramtype value: list[~azure.mgmt.securityinsight.models.EntityQueryItem] + """ + super().__init__(**kwargs) + self.value = value + + +class GitHubResourceInfo(_serialization.Model): + """Resources created in GitHub repository. + + :ivar app_installation_id: GitHub application installation id. + :vartype app_installation_id: str + """ + + _attribute_map = { + "app_installation_id": {"key": "appInstallationId", "type": "str"}, + } + + def __init__(self, *, app_installation_id: Optional[str] = None, **kwargs): + """ + :keyword app_installation_id: GitHub application installation id. + :paramtype app_installation_id: str + """ + super().__init__(**kwargs) + self.app_installation_id = app_installation_id + + +class GroupingConfiguration(_serialization.Model): + """Grouping configuration property bag. + + All required parameters must be populated in order to send to Azure. + + :ivar enabled: Grouping enabled. Required. + :vartype enabled: bool + :ivar reopen_closed_incident: Re-open closed matching incidents. Required. + :vartype reopen_closed_incident: bool + :ivar lookback_duration: Limit the group to alerts created within the lookback duration (in ISO + 8601 duration format). Required. + :vartype lookback_duration: ~datetime.timedelta + :ivar matching_method: Grouping matching method. When method is Selected at least one of + groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty. + Required. Known values are: "AllEntities", "AnyAlert", and "Selected". + :vartype matching_method: str or ~azure.mgmt.securityinsight.models.MatchingMethod + :ivar group_by_entities: A list of entity types to group by (when matchingMethod is Selected). + Only entities defined in the current alert rule may be used. + :vartype group_by_entities: list[str or ~azure.mgmt.securityinsight.models.EntityMappingType] + :ivar group_by_alert_details: A list of alert details to group by (when matchingMethod is + Selected). + :vartype group_by_alert_details: list[str or ~azure.mgmt.securityinsight.models.AlertDetail] + :ivar group_by_custom_details: A list of custom details keys to group by (when matchingMethod + is Selected). Only keys defined in the current alert rule may be used. + :vartype group_by_custom_details: list[str] + """ + + _validation = { + "enabled": {"required": True}, + "reopen_closed_incident": {"required": True}, + "lookback_duration": {"required": True}, + "matching_method": {"required": True}, + } + + _attribute_map = { + "enabled": {"key": "enabled", "type": "bool"}, + "reopen_closed_incident": {"key": "reopenClosedIncident", "type": "bool"}, + "lookback_duration": {"key": "lookbackDuration", "type": "duration"}, + "matching_method": {"key": "matchingMethod", "type": "str"}, + "group_by_entities": {"key": "groupByEntities", "type": "[str]"}, + "group_by_alert_details": {"key": "groupByAlertDetails", "type": "[str]"}, + "group_by_custom_details": {"key": "groupByCustomDetails", "type": "[str]"}, + } + + def __init__( + self, + *, + enabled: bool, + reopen_closed_incident: bool, + lookback_duration: datetime.timedelta, + matching_method: Union[str, "_models.MatchingMethod"], + group_by_entities: Optional[List[Union[str, "_models.EntityMappingType"]]] = None, + group_by_alert_details: Optional[List[Union[str, "_models.AlertDetail"]]] = None, + group_by_custom_details: Optional[List[str]] = None, + **kwargs + ): + """ + :keyword enabled: Grouping enabled. Required. + :paramtype enabled: bool + :keyword reopen_closed_incident: Re-open closed matching incidents. Required. + :paramtype reopen_closed_incident: bool + :keyword lookback_duration: Limit the group to alerts created within the lookback duration (in + ISO 8601 duration format). Required. + :paramtype lookback_duration: ~datetime.timedelta + :keyword matching_method: Grouping matching method. When method is Selected at least one of + groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty. + Required. Known values are: "AllEntities", "AnyAlert", and "Selected". + :paramtype matching_method: str or ~azure.mgmt.securityinsight.models.MatchingMethod + :keyword group_by_entities: A list of entity types to group by (when matchingMethod is + Selected). Only entities defined in the current alert rule may be used. + :paramtype group_by_entities: list[str or ~azure.mgmt.securityinsight.models.EntityMappingType] + :keyword group_by_alert_details: A list of alert details to group by (when matchingMethod is + Selected). + :paramtype group_by_alert_details: list[str or ~azure.mgmt.securityinsight.models.AlertDetail] + :keyword group_by_custom_details: A list of custom details keys to group by (when + matchingMethod is Selected). Only keys defined in the current alert rule may be used. + :paramtype group_by_custom_details: list[str] + """ + super().__init__(**kwargs) + self.enabled = enabled + self.reopen_closed_incident = reopen_closed_incident + self.lookback_duration = lookback_duration + self.matching_method = matching_method + self.group_by_entities = group_by_entities + self.group_by_alert_details = group_by_alert_details + self.group_by_custom_details = group_by_custom_details + + +class HostEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents a host entity. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar azure_id: The azure resource id of the VM. + :vartype azure_id: str + :ivar dns_domain: The DNS domain that this host belongs to. Should contain the compete DNS + suffix for the domain. + :vartype dns_domain: str + :ivar host_name: The hostname without the domain suffix. + :vartype host_name: str + :ivar is_domain_joined: Determines whether this host belongs to a domain. + :vartype is_domain_joined: bool + :ivar net_bios_name: The host name (pre-windows2000). + :vartype net_bios_name: str + :ivar nt_domain: The NT domain that this host belongs to. + :vartype nt_domain: str + :ivar oms_agent_id: The OMS agent id, if the host has OMS agent installed. + :vartype oms_agent_id: str + :ivar os_family: The operating system type. Known values are: "Linux", "Windows", "Android", + "IOS", and "Unknown". + :vartype os_family: str or ~azure.mgmt.securityinsight.models.OSFamily + :ivar os_version: A free text representation of the operating system. This field is meant to + hold specific versions the are more fine grained than OSFamily or future values not supported + by OSFamily enumeration. + :vartype os_version: str + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "azure_id": {"readonly": True}, + "dns_domain": {"readonly": True}, + "host_name": {"readonly": True}, + "is_domain_joined": {"readonly": True}, + "net_bios_name": {"readonly": True}, + "nt_domain": {"readonly": True}, + "oms_agent_id": {"readonly": True}, + "os_version": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "azure_id": {"key": "properties.azureID", "type": "str"}, + "dns_domain": {"key": "properties.dnsDomain", "type": "str"}, + "host_name": {"key": "properties.hostName", "type": "str"}, + "is_domain_joined": {"key": "properties.isDomainJoined", "type": "bool"}, + "net_bios_name": {"key": "properties.netBiosName", "type": "str"}, + "nt_domain": {"key": "properties.ntDomain", "type": "str"}, + "oms_agent_id": {"key": "properties.omsAgentID", "type": "str"}, + "os_family": {"key": "properties.osFamily", "type": "str"}, + "os_version": {"key": "properties.osVersion", "type": "str"}, + } + + def __init__(self, *, os_family: Optional[Union[str, "_models.OSFamily"]] = None, **kwargs): + """ + :keyword os_family: The operating system type. Known values are: "Linux", "Windows", "Android", + "IOS", and "Unknown". + :paramtype os_family: str or ~azure.mgmt.securityinsight.models.OSFamily + """ + super().__init__(**kwargs) + self.kind = "Host" # type: str + self.additional_data = None + self.friendly_name = None + self.azure_id = None + self.dns_domain = None + self.host_name = None + self.is_domain_joined = None + self.net_bios_name = None + self.nt_domain = None + self.oms_agent_id = None + self.os_family = os_family + self.os_version = None + + +class HostEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes + """Host entity property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar azure_id: The azure resource id of the VM. + :vartype azure_id: str + :ivar dns_domain: The DNS domain that this host belongs to. Should contain the compete DNS + suffix for the domain. + :vartype dns_domain: str + :ivar host_name: The hostname without the domain suffix. + :vartype host_name: str + :ivar is_domain_joined: Determines whether this host belongs to a domain. + :vartype is_domain_joined: bool + :ivar net_bios_name: The host name (pre-windows2000). + :vartype net_bios_name: str + :ivar nt_domain: The NT domain that this host belongs to. + :vartype nt_domain: str + :ivar oms_agent_id: The OMS agent id, if the host has OMS agent installed. + :vartype oms_agent_id: str + :ivar os_family: The operating system type. Known values are: "Linux", "Windows", "Android", + "IOS", and "Unknown". + :vartype os_family: str or ~azure.mgmt.securityinsight.models.OSFamily + :ivar os_version: A free text representation of the operating system. This field is meant to + hold specific versions the are more fine grained than OSFamily or future values not supported + by OSFamily enumeration. + :vartype os_version: str + """ + + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "azure_id": {"readonly": True}, + "dns_domain": {"readonly": True}, + "host_name": {"readonly": True}, + "is_domain_joined": {"readonly": True}, + "net_bios_name": {"readonly": True}, + "nt_domain": {"readonly": True}, + "oms_agent_id": {"readonly": True}, + "os_version": {"readonly": True}, + } + + _attribute_map = { + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "azure_id": {"key": "azureID", "type": "str"}, + "dns_domain": {"key": "dnsDomain", "type": "str"}, + "host_name": {"key": "hostName", "type": "str"}, + "is_domain_joined": {"key": "isDomainJoined", "type": "bool"}, + "net_bios_name": {"key": "netBiosName", "type": "str"}, + "nt_domain": {"key": "ntDomain", "type": "str"}, + "oms_agent_id": {"key": "omsAgentID", "type": "str"}, + "os_family": {"key": "osFamily", "type": "str"}, + "os_version": {"key": "osVersion", "type": "str"}, + } + + def __init__(self, *, os_family: Optional[Union[str, "_models.OSFamily"]] = None, **kwargs): + """ + :keyword os_family: The operating system type. Known values are: "Linux", "Windows", "Android", + "IOS", and "Unknown". + :paramtype os_family: str or ~azure.mgmt.securityinsight.models.OSFamily + """ + super().__init__(**kwargs) + self.azure_id = None + self.dns_domain = None + self.host_name = None + self.is_domain_joined = None + self.net_bios_name = None + self.nt_domain = None + self.oms_agent_id = None + self.os_family = os_family + self.os_version = None + + +class HuntingBookmark(Entity): # pylint: disable=too-many-instance-attributes + """Represents a Hunting bookmark entity. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar created: The time the bookmark was created. + :vartype created: ~datetime.datetime + :ivar created_by: Describes a user that created the bookmark. + :vartype created_by: ~azure.mgmt.securityinsight.models.UserInfo + :ivar display_name: The display name of the bookmark. + :vartype display_name: str + :ivar event_time: The time of the event. + :vartype event_time: ~datetime.datetime + :ivar labels: List of labels relevant to this bookmark. + :vartype labels: list[str] + :ivar notes: The notes of the bookmark. + :vartype notes: str + :ivar query: The query of the bookmark. + :vartype query: str + :ivar query_result: The query result of the bookmark. + :vartype query_result: str + :ivar updated: The last time the bookmark was updated. + :vartype updated: ~datetime.datetime + :ivar updated_by: Describes a user that updated the bookmark. + :vartype updated_by: ~azure.mgmt.securityinsight.models.UserInfo + :ivar incident_info: Describes an incident that relates to bookmark. + :vartype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "created": {"key": "properties.created", "type": "iso-8601"}, + "created_by": {"key": "properties.createdBy", "type": "UserInfo"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "event_time": {"key": "properties.eventTime", "type": "iso-8601"}, + "labels": {"key": "properties.labels", "type": "[str]"}, + "notes": {"key": "properties.notes", "type": "str"}, + "query": {"key": "properties.query", "type": "str"}, + "query_result": {"key": "properties.queryResult", "type": "str"}, + "updated": {"key": "properties.updated", "type": "iso-8601"}, + "updated_by": {"key": "properties.updatedBy", "type": "UserInfo"}, + "incident_info": {"key": "properties.incidentInfo", "type": "IncidentInfo"}, + } + + def __init__( + self, + *, + created: Optional[datetime.datetime] = None, + created_by: Optional["_models.UserInfo"] = None, + display_name: Optional[str] = None, + event_time: Optional[datetime.datetime] = None, + labels: Optional[List[str]] = None, + notes: Optional[str] = None, + query: Optional[str] = None, + query_result: Optional[str] = None, + updated: Optional[datetime.datetime] = None, + updated_by: Optional["_models.UserInfo"] = None, + incident_info: Optional["_models.IncidentInfo"] = None, + **kwargs + ): + """ + :keyword created: The time the bookmark was created. + :paramtype created: ~datetime.datetime + :keyword created_by: Describes a user that created the bookmark. + :paramtype created_by: ~azure.mgmt.securityinsight.models.UserInfo + :keyword display_name: The display name of the bookmark. + :paramtype display_name: str + :keyword event_time: The time of the event. + :paramtype event_time: ~datetime.datetime + :keyword labels: List of labels relevant to this bookmark. + :paramtype labels: list[str] + :keyword notes: The notes of the bookmark. + :paramtype notes: str + :keyword query: The query of the bookmark. + :paramtype query: str + :keyword query_result: The query result of the bookmark. + :paramtype query_result: str + :keyword updated: The last time the bookmark was updated. + :paramtype updated: ~datetime.datetime + :keyword updated_by: Describes a user that updated the bookmark. + :paramtype updated_by: ~azure.mgmt.securityinsight.models.UserInfo + :keyword incident_info: Describes an incident that relates to bookmark. + :paramtype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo + """ + super().__init__(**kwargs) + self.kind = "Bookmark" # type: str + self.additional_data = None + self.friendly_name = None + self.created = created + self.created_by = created_by + self.display_name = display_name + self.event_time = event_time + self.labels = labels + self.notes = notes + self.query = query + self.query_result = query_result + self.updated = updated + self.updated_by = updated_by + self.incident_info = incident_info + + +class HuntingBookmarkProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes + """Describes bookmark properties. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar created: The time the bookmark was created. + :vartype created: ~datetime.datetime + :ivar created_by: Describes a user that created the bookmark. + :vartype created_by: ~azure.mgmt.securityinsight.models.UserInfo + :ivar display_name: The display name of the bookmark. Required. + :vartype display_name: str + :ivar event_time: The time of the event. + :vartype event_time: ~datetime.datetime + :ivar labels: List of labels relevant to this bookmark. + :vartype labels: list[str] + :ivar notes: The notes of the bookmark. + :vartype notes: str + :ivar query: The query of the bookmark. Required. + :vartype query: str + :ivar query_result: The query result of the bookmark. + :vartype query_result: str + :ivar updated: The last time the bookmark was updated. + :vartype updated: ~datetime.datetime + :ivar updated_by: Describes a user that updated the bookmark. + :vartype updated_by: ~azure.mgmt.securityinsight.models.UserInfo + :ivar incident_info: Describes an incident that relates to bookmark. + :vartype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo + """ + + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "display_name": {"required": True}, + "query": {"required": True}, + } + + _attribute_map = { + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "created": {"key": "created", "type": "iso-8601"}, + "created_by": {"key": "createdBy", "type": "UserInfo"}, + "display_name": {"key": "displayName", "type": "str"}, + "event_time": {"key": "eventTime", "type": "iso-8601"}, + "labels": {"key": "labels", "type": "[str]"}, + "notes": {"key": "notes", "type": "str"}, + "query": {"key": "query", "type": "str"}, + "query_result": {"key": "queryResult", "type": "str"}, + "updated": {"key": "updated", "type": "iso-8601"}, + "updated_by": {"key": "updatedBy", "type": "UserInfo"}, + "incident_info": {"key": "incidentInfo", "type": "IncidentInfo"}, + } + + def __init__( + self, + *, + display_name: str, + query: str, + created: Optional[datetime.datetime] = None, + created_by: Optional["_models.UserInfo"] = None, + event_time: Optional[datetime.datetime] = None, + labels: Optional[List[str]] = None, + notes: Optional[str] = None, + query_result: Optional[str] = None, + updated: Optional[datetime.datetime] = None, + updated_by: Optional["_models.UserInfo"] = None, + incident_info: Optional["_models.IncidentInfo"] = None, + **kwargs + ): + """ + :keyword created: The time the bookmark was created. + :paramtype created: ~datetime.datetime + :keyword created_by: Describes a user that created the bookmark. + :paramtype created_by: ~azure.mgmt.securityinsight.models.UserInfo + :keyword display_name: The display name of the bookmark. Required. + :paramtype display_name: str + :keyword event_time: The time of the event. + :paramtype event_time: ~datetime.datetime + :keyword labels: List of labels relevant to this bookmark. + :paramtype labels: list[str] + :keyword notes: The notes of the bookmark. + :paramtype notes: str + :keyword query: The query of the bookmark. Required. + :paramtype query: str + :keyword query_result: The query result of the bookmark. + :paramtype query_result: str + :keyword updated: The last time the bookmark was updated. + :paramtype updated: ~datetime.datetime + :keyword updated_by: Describes a user that updated the bookmark. + :paramtype updated_by: ~azure.mgmt.securityinsight.models.UserInfo + :keyword incident_info: Describes an incident that relates to bookmark. + :paramtype incident_info: ~azure.mgmt.securityinsight.models.IncidentInfo + """ + super().__init__(**kwargs) + self.created = created + self.created_by = created_by + self.display_name = display_name + self.event_time = event_time + self.labels = labels + self.notes = notes + self.query = query + self.query_result = query_result + self.updated = updated + self.updated_by = updated_by + self.incident_info = incident_info + + +class Incident(ResourceWithEtag): # pylint: disable=too-many-instance-attributes + """Represents an incident in Azure Security Insights. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar additional_data: Additional data on the incident. + :vartype additional_data: ~azure.mgmt.securityinsight.models.IncidentAdditionalData + :ivar classification: The reason the incident was closed. Known values are: "Undetermined", + "TruePositive", "BenignPositive", and "FalsePositive". + :vartype classification: str or ~azure.mgmt.securityinsight.models.IncidentClassification + :ivar classification_comment: Describes the reason the incident was closed. + :vartype classification_comment: str + :ivar classification_reason: The classification reason the incident was closed with. Known + values are: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", and + "InaccurateData". + :vartype classification_reason: str or + ~azure.mgmt.securityinsight.models.IncidentClassificationReason + :ivar created_time_utc: The time the incident was created. + :vartype created_time_utc: ~datetime.datetime + :ivar description: The description of the incident. + :vartype description: str + :ivar first_activity_time_utc: The time of the first activity in the incident. + :vartype first_activity_time_utc: ~datetime.datetime + :ivar incident_url: The deep-link url to the incident in Azure portal. + :vartype incident_url: str + :ivar incident_number: A sequential number. + :vartype incident_number: int + :ivar labels: List of labels relevant to this incident. + :vartype labels: list[~azure.mgmt.securityinsight.models.IncidentLabel] + :ivar provider_name: The name of the source provider that generated the incident. + :vartype provider_name: str + :ivar provider_incident_id: The incident ID assigned by the incident provider. + :vartype provider_incident_id: str + :ivar last_activity_time_utc: The time of the last activity in the incident. + :vartype last_activity_time_utc: ~datetime.datetime + :ivar last_modified_time_utc: The last time the incident was updated. + :vartype last_modified_time_utc: ~datetime.datetime + :ivar owner: Describes a user that the incident is assigned to. + :vartype owner: ~azure.mgmt.securityinsight.models.IncidentOwnerInfo + :ivar related_analytic_rule_ids: List of resource ids of Analytic rules related to the + incident. + :vartype related_analytic_rule_ids: list[str] + :ivar severity: The severity of the incident. Known values are: "High", "Medium", "Low", and + "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity + :ivar status: The status of the incident. Known values are: "New", "Active", and "Closed". + :vartype status: str or ~azure.mgmt.securityinsight.models.IncidentStatus + :ivar team_information: Describes a team for the incident. + :vartype team_information: ~azure.mgmt.securityinsight.models.TeamInformation + :ivar title: The title of the incident. + :vartype title: str + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "additional_data": {"readonly": True}, + "created_time_utc": {"readonly": True}, + "incident_url": {"readonly": True}, + "incident_number": {"readonly": True}, + "last_modified_time_utc": {"readonly": True}, + "related_analytic_rule_ids": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "IncidentAdditionalData"}, + "classification": {"key": "properties.classification", "type": "str"}, + "classification_comment": {"key": "properties.classificationComment", "type": "str"}, + "classification_reason": {"key": "properties.classificationReason", "type": "str"}, + "created_time_utc": {"key": "properties.createdTimeUtc", "type": "iso-8601"}, + "description": {"key": "properties.description", "type": "str"}, + "first_activity_time_utc": {"key": "properties.firstActivityTimeUtc", "type": "iso-8601"}, + "incident_url": {"key": "properties.incidentUrl", "type": "str"}, + "incident_number": {"key": "properties.incidentNumber", "type": "int"}, + "labels": {"key": "properties.labels", "type": "[IncidentLabel]"}, + "provider_name": {"key": "properties.providerName", "type": "str"}, + "provider_incident_id": {"key": "properties.providerIncidentId", "type": "str"}, + "last_activity_time_utc": {"key": "properties.lastActivityTimeUtc", "type": "iso-8601"}, + "last_modified_time_utc": {"key": "properties.lastModifiedTimeUtc", "type": "iso-8601"}, + "owner": {"key": "properties.owner", "type": "IncidentOwnerInfo"}, + "related_analytic_rule_ids": {"key": "properties.relatedAnalyticRuleIds", "type": "[str]"}, + "severity": {"key": "properties.severity", "type": "str"}, + "status": {"key": "properties.status", "type": "str"}, + "team_information": {"key": "properties.teamInformation", "type": "TeamInformation"}, + "title": {"key": "properties.title", "type": "str"}, + } + + def __init__( # pylint: disable=too-many-locals + self, + *, + etag: Optional[str] = None, + classification: Optional[Union[str, "_models.IncidentClassification"]] = None, + classification_comment: Optional[str] = None, + classification_reason: Optional[Union[str, "_models.IncidentClassificationReason"]] = None, + description: Optional[str] = None, + first_activity_time_utc: Optional[datetime.datetime] = None, + labels: Optional[List["_models.IncidentLabel"]] = None, + provider_name: Optional[str] = None, + provider_incident_id: Optional[str] = None, + last_activity_time_utc: Optional[datetime.datetime] = None, + owner: Optional["_models.IncidentOwnerInfo"] = None, + severity: Optional[Union[str, "_models.IncidentSeverity"]] = None, + status: Optional[Union[str, "_models.IncidentStatus"]] = None, + team_information: Optional["_models.TeamInformation"] = None, + title: Optional[str] = None, + **kwargs + ): + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword classification: The reason the incident was closed. Known values are: "Undetermined", + "TruePositive", "BenignPositive", and "FalsePositive". + :paramtype classification: str or ~azure.mgmt.securityinsight.models.IncidentClassification + :keyword classification_comment: Describes the reason the incident was closed. + :paramtype classification_comment: str + :keyword classification_reason: The classification reason the incident was closed with. Known + values are: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", and + "InaccurateData". + :paramtype classification_reason: str or + ~azure.mgmt.securityinsight.models.IncidentClassificationReason + :keyword description: The description of the incident. + :paramtype description: str + :keyword first_activity_time_utc: The time of the first activity in the incident. + :paramtype first_activity_time_utc: ~datetime.datetime + :keyword labels: List of labels relevant to this incident. + :paramtype labels: list[~azure.mgmt.securityinsight.models.IncidentLabel] + :keyword provider_name: The name of the source provider that generated the incident. + :paramtype provider_name: str + :keyword provider_incident_id: The incident ID assigned by the incident provider. + :paramtype provider_incident_id: str + :keyword last_activity_time_utc: The time of the last activity in the incident. + :paramtype last_activity_time_utc: ~datetime.datetime + :keyword owner: Describes a user that the incident is assigned to. + :paramtype owner: ~azure.mgmt.securityinsight.models.IncidentOwnerInfo + :keyword severity: The severity of the incident. Known values are: "High", "Medium", "Low", and + "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity + :keyword status: The status of the incident. Known values are: "New", "Active", and "Closed". + :paramtype status: str or ~azure.mgmt.securityinsight.models.IncidentStatus + :keyword team_information: Describes a team for the incident. + :paramtype team_information: ~azure.mgmt.securityinsight.models.TeamInformation + :keyword title: The title of the incident. + :paramtype title: str + """ + super().__init__(etag=etag, **kwargs) + self.additional_data = None + self.classification = classification + self.classification_comment = classification_comment + self.classification_reason = classification_reason + self.created_time_utc = None + self.description = description + self.first_activity_time_utc = first_activity_time_utc + self.incident_url = None + self.incident_number = None + self.labels = labels + self.provider_name = provider_name + self.provider_incident_id = provider_incident_id + self.last_activity_time_utc = last_activity_time_utc + self.last_modified_time_utc = None + self.owner = owner + self.related_analytic_rule_ids = None + self.severity = severity + self.status = status + self.team_information = team_information + self.title = title + + +class IncidentAdditionalData(_serialization.Model): + """Incident additional data property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar alerts_count: The number of alerts in the incident. + :vartype alerts_count: int + :ivar bookmarks_count: The number of bookmarks in the incident. + :vartype bookmarks_count: int + :ivar comments_count: The number of comments in the incident. + :vartype comments_count: int + :ivar alert_product_names: List of product names of alerts in the incident. + :vartype alert_product_names: list[str] + :ivar provider_incident_url: The provider incident url to the incident in Microsoft 365 + Defender portal. + :vartype provider_incident_url: str + :ivar tactics: The tactics associated with incident. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques associated with incident's tactics'. + :vartype techniques: list[str] + """ + + _validation = { + "alerts_count": {"readonly": True}, + "bookmarks_count": {"readonly": True}, + "comments_count": {"readonly": True}, + "alert_product_names": {"readonly": True}, + "provider_incident_url": {"readonly": True}, + "tactics": {"readonly": True}, + "techniques": {"readonly": True}, + } + + _attribute_map = { + "alerts_count": {"key": "alertsCount", "type": "int"}, + "bookmarks_count": {"key": "bookmarksCount", "type": "int"}, + "comments_count": {"key": "commentsCount", "type": "int"}, + "alert_product_names": {"key": "alertProductNames", "type": "[str]"}, + "provider_incident_url": {"key": "providerIncidentUrl", "type": "str"}, + "tactics": {"key": "tactics", "type": "[str]"}, + "techniques": {"key": "techniques", "type": "[str]"}, + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.alerts_count = None + self.bookmarks_count = None + self.comments_count = None + self.alert_product_names = None + self.provider_incident_url = None + self.tactics = None + self.techniques = None + + +class IncidentAlertList(_serialization.Model): + """List of incident alerts. + + All required parameters must be populated in order to send to Azure. + + :ivar value: Array of incident alerts. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.SecurityAlert] + """ + + _validation = { + "value": {"required": True}, + } + + _attribute_map = { + "value": {"key": "value", "type": "[SecurityAlert]"}, + } + + def __init__(self, *, value: List["_models.SecurityAlert"], **kwargs): + """ + :keyword value: Array of incident alerts. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.SecurityAlert] + """ + super().__init__(**kwargs) + self.value = value + + +class IncidentBookmarkList(_serialization.Model): + """List of incident bookmarks. + + All required parameters must be populated in order to send to Azure. + + :ivar value: Array of incident bookmarks. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.HuntingBookmark] + """ + + _validation = { + "value": {"required": True}, + } + + _attribute_map = { + "value": {"key": "value", "type": "[HuntingBookmark]"}, + } + + def __init__(self, *, value: List["_models.HuntingBookmark"], **kwargs): + """ + :keyword value: Array of incident bookmarks. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.HuntingBookmark] + """ + super().__init__(**kwargs) + self.value = value + + +class IncidentComment(ResourceWithEtag): + """Represents an incident comment. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar created_time_utc: The time the comment was created. + :vartype created_time_utc: ~datetime.datetime + :ivar last_modified_time_utc: The time the comment was updated. + :vartype last_modified_time_utc: ~datetime.datetime + :ivar message: The comment message. + :vartype message: str + :ivar author: Describes the client that created the comment. + :vartype author: ~azure.mgmt.securityinsight.models.ClientInfo + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "created_time_utc": {"readonly": True}, + "last_modified_time_utc": {"readonly": True}, + "author": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "created_time_utc": {"key": "properties.createdTimeUtc", "type": "iso-8601"}, + "last_modified_time_utc": {"key": "properties.lastModifiedTimeUtc", "type": "iso-8601"}, + "message": {"key": "properties.message", "type": "str"}, + "author": {"key": "properties.author", "type": "ClientInfo"}, + } + + def __init__(self, *, etag: Optional[str] = None, message: Optional[str] = None, **kwargs): + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword message: The comment message. + :paramtype message: str + """ + super().__init__(etag=etag, **kwargs) + self.created_time_utc = None + self.last_modified_time_utc = None + self.message = message + self.author = None + + +class IncidentCommentList(_serialization.Model): + """List of incident comments. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of comments. + :vartype next_link: str + :ivar value: Array of comments. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.IncidentComment] + """ + + _validation = { + "next_link": {"readonly": True}, + "value": {"required": True}, + } + + _attribute_map = { + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[IncidentComment]"}, + } + + def __init__(self, *, value: List["_models.IncidentComment"], **kwargs): + """ + :keyword value: Array of comments. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.IncidentComment] + """ + super().__init__(**kwargs) + self.next_link = None + self.value = value + + +class IncidentConfiguration(_serialization.Model): + """Incident Configuration property bag. + + All required parameters must be populated in order to send to Azure. + + :ivar create_incident: Create incidents from alerts triggered by this analytics rule. Required. + :vartype create_incident: bool + :ivar grouping_configuration: Set how the alerts that are triggered by this analytics rule, are + grouped into incidents. + :vartype grouping_configuration: ~azure.mgmt.securityinsight.models.GroupingConfiguration + """ + + _validation = { + "create_incident": {"required": True}, + } + + _attribute_map = { + "create_incident": {"key": "createIncident", "type": "bool"}, + "grouping_configuration": {"key": "groupingConfiguration", "type": "GroupingConfiguration"}, + } + + def __init__( + self, + *, + create_incident: bool, + grouping_configuration: Optional["_models.GroupingConfiguration"] = None, + **kwargs + ): + """ + :keyword create_incident: Create incidents from alerts triggered by this analytics rule. + Required. + :paramtype create_incident: bool + :keyword grouping_configuration: Set how the alerts that are triggered by this analytics rule, + are grouped into incidents. + :paramtype grouping_configuration: ~azure.mgmt.securityinsight.models.GroupingConfiguration + """ + super().__init__(**kwargs) + self.create_incident = create_incident + self.grouping_configuration = grouping_configuration + + +class IncidentEntitiesResponse(_serialization.Model): + """The incident related entities response. + + :ivar entities: Array of the incident related entities. + :vartype entities: list[~azure.mgmt.securityinsight.models.Entity] + :ivar meta_data: The metadata from the incident related entities results. + :vartype meta_data: list[~azure.mgmt.securityinsight.models.IncidentEntitiesResultsMetadata] + """ + + _attribute_map = { + "entities": {"key": "entities", "type": "[Entity]"}, + "meta_data": {"key": "metaData", "type": "[IncidentEntitiesResultsMetadata]"}, + } + + def __init__( + self, + *, + entities: Optional[List["_models.Entity"]] = None, + meta_data: Optional[List["_models.IncidentEntitiesResultsMetadata"]] = None, + **kwargs + ): + """ + :keyword entities: Array of the incident related entities. + :paramtype entities: list[~azure.mgmt.securityinsight.models.Entity] + :keyword meta_data: The metadata from the incident related entities results. + :paramtype meta_data: list[~azure.mgmt.securityinsight.models.IncidentEntitiesResultsMetadata] + """ + super().__init__(**kwargs) + self.entities = entities + self.meta_data = meta_data + + +class IncidentEntitiesResultsMetadata(_serialization.Model): + """Information of a specific aggregation in the incident related entities result. + + All required parameters must be populated in order to send to Azure. + + :ivar count: Total number of aggregations of the given kind in the incident related entities + result. Required. + :vartype count: int + :ivar entity_kind: The kind of the aggregated entity. Required. Known values are: "Account", + "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", + "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", + "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and + "Nic". + :vartype entity_kind: str or ~azure.mgmt.securityinsight.models.EntityKind + """ + + _validation = { + "count": {"required": True}, + "entity_kind": {"required": True}, + } + + _attribute_map = { + "count": {"key": "count", "type": "int"}, + "entity_kind": {"key": "entityKind", "type": "str"}, + } + + def __init__(self, *, count: int, entity_kind: Union[str, "_models.EntityKind"], **kwargs): + """ + :keyword count: Total number of aggregations of the given kind in the incident related entities + result. Required. + :paramtype count: int + :keyword entity_kind: The kind of the aggregated entity. Required. Known values are: "Account", + "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", + "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", + "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and + "Nic". + :paramtype entity_kind: str or ~azure.mgmt.securityinsight.models.EntityKind + """ + super().__init__(**kwargs) + self.count = count + self.entity_kind = entity_kind + + +class IncidentInfo(_serialization.Model): + """Describes related incident information for the bookmark. + + :ivar incident_id: Incident Id. + :vartype incident_id: str + :ivar severity: The severity of the incident. Known values are: "High", "Medium", "Low", and + "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity + :ivar title: The title of the incident. + :vartype title: str + :ivar relation_name: Relation Name. + :vartype relation_name: str + """ + + _attribute_map = { + "incident_id": {"key": "incidentId", "type": "str"}, + "severity": {"key": "severity", "type": "str"}, + "title": {"key": "title", "type": "str"}, + "relation_name": {"key": "relationName", "type": "str"}, + } + + def __init__( + self, + *, + incident_id: Optional[str] = None, + severity: Optional[Union[str, "_models.IncidentSeverity"]] = None, + title: Optional[str] = None, + relation_name: Optional[str] = None, + **kwargs + ): + """ + :keyword incident_id: Incident Id. + :paramtype incident_id: str + :keyword severity: The severity of the incident. Known values are: "High", "Medium", "Low", and + "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity + :keyword title: The title of the incident. + :paramtype title: str + :keyword relation_name: Relation Name. + :paramtype relation_name: str + """ + super().__init__(**kwargs) + self.incident_id = incident_id + self.severity = severity + self.title = title + self.relation_name = relation_name + + +class IncidentLabel(_serialization.Model): + """Represents an incident label. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar label_name: The name of the label. Required. + :vartype label_name: str + :ivar label_type: The type of the label. Known values are: "User" and "AutoAssigned". + :vartype label_type: str or ~azure.mgmt.securityinsight.models.IncidentLabelType + """ + + _validation = { + "label_name": {"required": True}, + "label_type": {"readonly": True}, + } + + _attribute_map = { + "label_name": {"key": "labelName", "type": "str"}, + "label_type": {"key": "labelType", "type": "str"}, + } + + def __init__(self, *, label_name: str, **kwargs): + """ + :keyword label_name: The name of the label. Required. + :paramtype label_name: str + """ + super().__init__(**kwargs) + self.label_name = label_name + self.label_type = None + + +class IncidentList(_serialization.Model): + """List all the incidents. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of incidents. + :vartype next_link: str + :ivar value: Array of incidents. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.Incident] + """ + + _validation = { + "next_link": {"readonly": True}, + "value": {"required": True}, + } + + _attribute_map = { + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[Incident]"}, + } + + def __init__(self, *, value: List["_models.Incident"], **kwargs): + """ + :keyword value: Array of incidents. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.Incident] + """ + super().__init__(**kwargs) + self.next_link = None + self.value = value + + +class IncidentOwnerInfo(_serialization.Model): + """Information on the user an incident is assigned to. + + :ivar email: The email of the user the incident is assigned to. + :vartype email: str + :ivar assigned_to: The name of the user the incident is assigned to. + :vartype assigned_to: str + :ivar object_id: The object id of the user the incident is assigned to. + :vartype object_id: str + :ivar user_principal_name: The user principal name of the user the incident is assigned to. + :vartype user_principal_name: str + :ivar owner_type: The type of the owner the incident is assigned to. Known values are: + "Unknown", "User", and "Group". + :vartype owner_type: str or ~azure.mgmt.securityinsight.models.OwnerType + """ + + _attribute_map = { + "email": {"key": "email", "type": "str"}, + "assigned_to": {"key": "assignedTo", "type": "str"}, + "object_id": {"key": "objectId", "type": "str"}, + "user_principal_name": {"key": "userPrincipalName", "type": "str"}, + "owner_type": {"key": "ownerType", "type": "str"}, + } + + def __init__( + self, + *, + email: Optional[str] = None, + assigned_to: Optional[str] = None, + object_id: Optional[str] = None, + user_principal_name: Optional[str] = None, + owner_type: Optional[Union[str, "_models.OwnerType"]] = None, + **kwargs + ): + """ + :keyword email: The email of the user the incident is assigned to. + :paramtype email: str + :keyword assigned_to: The name of the user the incident is assigned to. + :paramtype assigned_to: str + :keyword object_id: The object id of the user the incident is assigned to. + :paramtype object_id: str + :keyword user_principal_name: The user principal name of the user the incident is assigned to. + :paramtype user_principal_name: str + :keyword owner_type: The type of the owner the incident is assigned to. Known values are: + "Unknown", "User", and "Group". + :paramtype owner_type: str or ~azure.mgmt.securityinsight.models.OwnerType + """ + super().__init__(**kwargs) + self.email = email + self.assigned_to = assigned_to + self.object_id = object_id + self.user_principal_name = user_principal_name + self.owner_type = owner_type + + +class IncidentPropertiesAction(_serialization.Model): + """IncidentPropertiesAction. + + :ivar severity: The severity of the incident. Known values are: "High", "Medium", "Low", and + "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity + :ivar status: The status of the incident. Known values are: "New", "Active", and "Closed". + :vartype status: str or ~azure.mgmt.securityinsight.models.IncidentStatus + :ivar classification: The reason the incident was closed. Known values are: "Undetermined", + "TruePositive", "BenignPositive", and "FalsePositive". + :vartype classification: str or ~azure.mgmt.securityinsight.models.IncidentClassification + :ivar classification_reason: The classification reason the incident was closed with. Known + values are: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", and + "InaccurateData". + :vartype classification_reason: str or + ~azure.mgmt.securityinsight.models.IncidentClassificationReason + :ivar classification_comment: Describes the reason the incident was closed. + :vartype classification_comment: str + :ivar owner: Information on the user an incident is assigned to. + :vartype owner: ~azure.mgmt.securityinsight.models.IncidentOwnerInfo + :ivar labels: List of labels to add to the incident. + :vartype labels: list[~azure.mgmt.securityinsight.models.IncidentLabel] + """ + + _attribute_map = { + "severity": {"key": "severity", "type": "str"}, + "status": {"key": "status", "type": "str"}, + "classification": {"key": "classification", "type": "str"}, + "classification_reason": {"key": "classificationReason", "type": "str"}, + "classification_comment": {"key": "classificationComment", "type": "str"}, + "owner": {"key": "owner", "type": "IncidentOwnerInfo"}, + "labels": {"key": "labels", "type": "[IncidentLabel]"}, + } + + def __init__( + self, + *, + severity: Optional[Union[str, "_models.IncidentSeverity"]] = None, + status: Optional[Union[str, "_models.IncidentStatus"]] = None, + classification: Optional[Union[str, "_models.IncidentClassification"]] = None, + classification_reason: Optional[Union[str, "_models.IncidentClassificationReason"]] = None, + classification_comment: Optional[str] = None, + owner: Optional["_models.IncidentOwnerInfo"] = None, + labels: Optional[List["_models.IncidentLabel"]] = None, + **kwargs + ): + """ + :keyword severity: The severity of the incident. Known values are: "High", "Medium", "Low", and + "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.IncidentSeverity + :keyword status: The status of the incident. Known values are: "New", "Active", and "Closed". + :paramtype status: str or ~azure.mgmt.securityinsight.models.IncidentStatus + :keyword classification: The reason the incident was closed. Known values are: "Undetermined", + "TruePositive", "BenignPositive", and "FalsePositive". + :paramtype classification: str or ~azure.mgmt.securityinsight.models.IncidentClassification + :keyword classification_reason: The classification reason the incident was closed with. Known + values are: "SuspiciousActivity", "SuspiciousButExpected", "IncorrectAlertLogic", and + "InaccurateData". + :paramtype classification_reason: str or + ~azure.mgmt.securityinsight.models.IncidentClassificationReason + :keyword classification_comment: Describes the reason the incident was closed. + :paramtype classification_comment: str + :keyword owner: Information on the user an incident is assigned to. + :paramtype owner: ~azure.mgmt.securityinsight.models.IncidentOwnerInfo + :keyword labels: List of labels to add to the incident. + :paramtype labels: list[~azure.mgmt.securityinsight.models.IncidentLabel] + """ + super().__init__(**kwargs) + self.severity = severity + self.status = status + self.classification = classification + self.classification_reason = classification_reason + self.classification_comment = classification_comment + self.owner = owner + self.labels = labels + + +class InsightQueryItem(EntityQueryItem): + """Represents Insight Query. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Query Template ARM ID. + :vartype id: str + :ivar name: Query Template ARM Name. + :vartype name: str + :ivar type: ARM Type. + :vartype type: str + :ivar kind: The kind of the entity query. Required. Known values are: "Expansion", "Insight", + and "Activity". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityQueryKind + :ivar properties: Properties bag for InsightQueryItem. + :vartype properties: ~azure.mgmt.securityinsight.models.InsightQueryItemProperties + """ + + _validation = { + "id": {"readonly": True}, + "kind": {"required": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "properties": {"key": "properties", "type": "InsightQueryItemProperties"}, + } + + def __init__( + self, + *, + name: Optional[str] = None, + type: Optional[str] = None, + properties: Optional["_models.InsightQueryItemProperties"] = None, + **kwargs + ): + """ + :keyword name: Query Template ARM Name. + :paramtype name: str + :keyword type: ARM Type. + :paramtype type: str + :keyword properties: Properties bag for InsightQueryItem. + :paramtype properties: ~azure.mgmt.securityinsight.models.InsightQueryItemProperties + """ + super().__init__(name=name, type=type, **kwargs) + self.kind = "Insight" # type: str + self.properties = properties + + +class InsightQueryItemProperties(EntityQueryItemProperties): # pylint: disable=too-many-instance-attributes + """Represents Insight Query. + + :ivar data_types: Data types for template. + :vartype data_types: + list[~azure.mgmt.securityinsight.models.EntityQueryItemPropertiesDataTypesItem] + :ivar input_entity_type: The type of the entity. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", "SecurityAlert", + "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType + :ivar required_input_fields_sets: Data types for template. + :vartype required_input_fields_sets: list[list[str]] + :ivar entities_filter: The query applied only to entities matching to all filters. + :vartype entities_filter: JSON + :ivar display_name: The insight display name. + :vartype display_name: str + :ivar description: The insight description. + :vartype description: str + :ivar base_query: The base query of the insight. + :vartype base_query: str + :ivar table_query: The insight table query. + :vartype table_query: ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQuery + :ivar chart_query: The insight chart query. + :vartype chart_query: JSON + :ivar additional_query: The activity query definitions. + :vartype additional_query: + ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesAdditionalQuery + :ivar default_time_range: The insight chart query. + :vartype default_time_range: + ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesDefaultTimeRange + :ivar reference_time_range: The insight chart query. + :vartype reference_time_range: + ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesReferenceTimeRange + """ + + _attribute_map = { + "data_types": {"key": "dataTypes", "type": "[EntityQueryItemPropertiesDataTypesItem]"}, + "input_entity_type": {"key": "inputEntityType", "type": "str"}, + "required_input_fields_sets": {"key": "requiredInputFieldsSets", "type": "[[str]]"}, + "entities_filter": {"key": "entitiesFilter", "type": "object"}, + "display_name": {"key": "displayName", "type": "str"}, + "description": {"key": "description", "type": "str"}, + "base_query": {"key": "baseQuery", "type": "str"}, + "table_query": {"key": "tableQuery", "type": "InsightQueryItemPropertiesTableQuery"}, + "chart_query": {"key": "chartQuery", "type": "object"}, + "additional_query": {"key": "additionalQuery", "type": "InsightQueryItemPropertiesAdditionalQuery"}, + "default_time_range": {"key": "defaultTimeRange", "type": "InsightQueryItemPropertiesDefaultTimeRange"}, + "reference_time_range": {"key": "referenceTimeRange", "type": "InsightQueryItemPropertiesReferenceTimeRange"}, + } + + def __init__( + self, + *, + data_types: Optional[List["_models.EntityQueryItemPropertiesDataTypesItem"]] = None, + input_entity_type: Optional[Union[str, "_models.EntityType"]] = None, + required_input_fields_sets: Optional[List[List[str]]] = None, + entities_filter: Optional[JSON] = None, + display_name: Optional[str] = None, + description: Optional[str] = None, + base_query: Optional[str] = None, + table_query: Optional["_models.InsightQueryItemPropertiesTableQuery"] = None, + chart_query: Optional[JSON] = None, + additional_query: Optional["_models.InsightQueryItemPropertiesAdditionalQuery"] = None, + default_time_range: Optional["_models.InsightQueryItemPropertiesDefaultTimeRange"] = None, + reference_time_range: Optional["_models.InsightQueryItemPropertiesReferenceTimeRange"] = None, + **kwargs + ): + """ + :keyword data_types: Data types for template. + :paramtype data_types: + list[~azure.mgmt.securityinsight.models.EntityQueryItemPropertiesDataTypesItem] + :keyword input_entity_type: The type of the entity. Known values are: "Account", "Host", + "File", "AzureResource", "CloudApplication", "DNS", "FileHash", "IP", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "URL", "IoTDevice", "SecurityAlert", + "HuntingBookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :paramtype input_entity_type: str or ~azure.mgmt.securityinsight.models.EntityType + :keyword required_input_fields_sets: Data types for template. + :paramtype required_input_fields_sets: list[list[str]] + :keyword entities_filter: The query applied only to entities matching to all filters. + :paramtype entities_filter: JSON + :keyword display_name: The insight display name. + :paramtype display_name: str + :keyword description: The insight description. + :paramtype description: str + :keyword base_query: The base query of the insight. + :paramtype base_query: str + :keyword table_query: The insight table query. + :paramtype table_query: ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQuery + :keyword chart_query: The insight chart query. + :paramtype chart_query: JSON + :keyword additional_query: The activity query definitions. + :paramtype additional_query: + ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesAdditionalQuery + :keyword default_time_range: The insight chart query. + :paramtype default_time_range: + ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesDefaultTimeRange + :keyword reference_time_range: The insight chart query. + :paramtype reference_time_range: + ~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesReferenceTimeRange + """ + super().__init__( + data_types=data_types, + input_entity_type=input_entity_type, + required_input_fields_sets=required_input_fields_sets, + entities_filter=entities_filter, + **kwargs + ) + self.display_name = display_name + self.description = description + self.base_query = base_query + self.table_query = table_query + self.chart_query = chart_query + self.additional_query = additional_query + self.default_time_range = default_time_range + self.reference_time_range = reference_time_range + + +class InsightQueryItemPropertiesAdditionalQuery(_serialization.Model): + """The activity query definitions. + + :ivar query: The insight query. + :vartype query: str + :ivar text: The insight text. + :vartype text: str + """ + + _attribute_map = { + "query": {"key": "query", "type": "str"}, + "text": {"key": "text", "type": "str"}, + } + + def __init__(self, *, query: Optional[str] = None, text: Optional[str] = None, **kwargs): + """ + :keyword query: The insight query. + :paramtype query: str + :keyword text: The insight text. + :paramtype text: str + """ + super().__init__(**kwargs) + self.query = query + self.text = text + + +class InsightQueryItemPropertiesDefaultTimeRange(_serialization.Model): + """The insight chart query. + + :ivar before_range: The padding for the start time of the query. + :vartype before_range: str + :ivar after_range: The padding for the end time of the query. + :vartype after_range: str + """ + + _attribute_map = { + "before_range": {"key": "beforeRange", "type": "str"}, + "after_range": {"key": "afterRange", "type": "str"}, + } + + def __init__(self, *, before_range: Optional[str] = None, after_range: Optional[str] = None, **kwargs): + """ + :keyword before_range: The padding for the start time of the query. + :paramtype before_range: str + :keyword after_range: The padding for the end time of the query. + :paramtype after_range: str + """ + super().__init__(**kwargs) + self.before_range = before_range + self.after_range = after_range + + +class InsightQueryItemPropertiesReferenceTimeRange(_serialization.Model): + """The insight chart query. + + :ivar before_range: Additional query time for looking back. + :vartype before_range: str + """ + + _attribute_map = { + "before_range": {"key": "beforeRange", "type": "str"}, + } + + def __init__(self, *, before_range: Optional[str] = None, **kwargs): + """ + :keyword before_range: Additional query time for looking back. + :paramtype before_range: str + """ + super().__init__(**kwargs) + self.before_range = before_range + + +class InsightQueryItemPropertiesTableQuery(_serialization.Model): + """The insight table query. + + :ivar columns_definitions: List of insight column definitions. + :vartype columns_definitions: + list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem] + :ivar queries_definitions: List of insight queries definitions. + :vartype queries_definitions: + list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem] + """ + + _attribute_map = { + "columns_definitions": { + "key": "columnsDefinitions", + "type": "[InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem]", + }, + "queries_definitions": { + "key": "queriesDefinitions", + "type": "[InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem]", + }, + } + + def __init__( + self, + *, + columns_definitions: Optional[ + List["_models.InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem"] + ] = None, + queries_definitions: Optional[ + List["_models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem"] + ] = None, + **kwargs + ): + """ + :keyword columns_definitions: List of insight column definitions. + :paramtype columns_definitions: + list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem] + :keyword queries_definitions: List of insight queries definitions. + :paramtype queries_definitions: + list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem] + """ + super().__init__(**kwargs) + self.columns_definitions = columns_definitions + self.queries_definitions = queries_definitions + + +class InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem(_serialization.Model): + """InsightQueryItemPropertiesTableQueryColumnsDefinitionsItem. + + :ivar header: Insight column header. + :vartype header: str + :ivar output_type: Insights Column type. Known values are: "Number", "String", "Date", and + "Entity". + :vartype output_type: str or ~azure.mgmt.securityinsight.models.OutputType + :ivar support_deep_link: Is query supports deep-link. + :vartype support_deep_link: bool + """ + + _attribute_map = { + "header": {"key": "header", "type": "str"}, + "output_type": {"key": "outputType", "type": "str"}, + "support_deep_link": {"key": "supportDeepLink", "type": "bool"}, + } + + def __init__( + self, + *, + header: Optional[str] = None, + output_type: Optional[Union[str, "_models.OutputType"]] = None, + support_deep_link: Optional[bool] = None, + **kwargs + ): + """ + :keyword header: Insight column header. + :paramtype header: str + :keyword output_type: Insights Column type. Known values are: "Number", "String", "Date", and + "Entity". + :paramtype output_type: str or ~azure.mgmt.securityinsight.models.OutputType + :keyword support_deep_link: Is query supports deep-link. + :paramtype support_deep_link: bool + """ + super().__init__(**kwargs) + self.header = header + self.output_type = output_type + self.support_deep_link = support_deep_link + + +class InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem(_serialization.Model): + """InsightQueryItemPropertiesTableQueryQueriesDefinitionsItem. + + :ivar filter: Insight column header. + :vartype filter: str + :ivar summarize: Insight column header. + :vartype summarize: str + :ivar project: Insight column header. + :vartype project: str + :ivar link_columns_definitions: Insight column header. + :vartype link_columns_definitions: + list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem] + """ + + _attribute_map = { + "filter": {"key": "filter", "type": "str"}, + "summarize": {"key": "summarize", "type": "str"}, + "project": {"key": "project", "type": "str"}, + "link_columns_definitions": { + "key": "linkColumnsDefinitions", + "type": "[InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem]", + }, + } + + def __init__( + self, + *, + filter: Optional[str] = None, # pylint: disable=redefined-builtin + summarize: Optional[str] = None, + project: Optional[str] = None, + link_columns_definitions: Optional[ + List["_models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem"] + ] = None, + **kwargs + ): + """ + :keyword filter: Insight column header. + :paramtype filter: str + :keyword summarize: Insight column header. + :paramtype summarize: str + :keyword project: Insight column header. + :paramtype project: str + :keyword link_columns_definitions: Insight column header. + :paramtype link_columns_definitions: + list[~azure.mgmt.securityinsight.models.InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem] + """ + super().__init__(**kwargs) + self.filter = filter + self.summarize = summarize + self.project = project + self.link_columns_definitions = link_columns_definitions + + +class InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem(_serialization.Model): + """InsightQueryItemPropertiesTableQueryQueriesDefinitionsPropertiesItemsItem. + + :ivar projected_name: Insight Link Definition Projected Name. + :vartype projected_name: str + :ivar query: Insight Link Definition Query. + :vartype query: str + """ + + _attribute_map = { + "projected_name": {"key": "projectedName", "type": "str"}, + "query": {"key": "Query", "type": "str"}, + } + + def __init__(self, *, projected_name: Optional[str] = None, query: Optional[str] = None, **kwargs): + """ + :keyword projected_name: Insight Link Definition Projected Name. + :paramtype projected_name: str + :keyword query: Insight Link Definition Query. + :paramtype query: str + """ + super().__init__(**kwargs) + self.projected_name = projected_name + self.query = query + + +class InsightsTableResult(_serialization.Model): + """Query results for table insights query. + + :ivar columns: Columns Metadata of the table. + :vartype columns: list[~azure.mgmt.securityinsight.models.InsightsTableResultColumnsItem] + :ivar rows: Rows data of the table. + :vartype rows: list[list[str]] + """ + + _attribute_map = { + "columns": {"key": "columns", "type": "[InsightsTableResultColumnsItem]"}, + "rows": {"key": "rows", "type": "[[str]]"}, + } + + def __init__( + self, + *, + columns: Optional[List["_models.InsightsTableResultColumnsItem"]] = None, + rows: Optional[List[List[str]]] = None, + **kwargs + ): + """ + :keyword columns: Columns Metadata of the table. + :paramtype columns: list[~azure.mgmt.securityinsight.models.InsightsTableResultColumnsItem] + :keyword rows: Rows data of the table. + :paramtype rows: list[list[str]] + """ + super().__init__(**kwargs) + self.columns = columns + self.rows = rows + + +class InsightsTableResultColumnsItem(_serialization.Model): + """InsightsTableResultColumnsItem. + + :ivar type: the type of the colum. + :vartype type: str + :ivar name: the name of the colum. + :vartype name: str + """ + + _attribute_map = { + "type": {"key": "type", "type": "str"}, + "name": {"key": "name", "type": "str"}, + } + + def __init__(self, *, type: Optional[str] = None, name: Optional[str] = None, **kwargs): + """ + :keyword type: the type of the colum. + :paramtype type: str + :keyword name: the name of the colum. + :paramtype name: str + """ + super().__init__(**kwargs) + self.type = type + self.name = name + + +class InstructionStepsInstructionsItem(ConnectorInstructionModelBase): + """InstructionStepsInstructionsItem. + + All required parameters must be populated in order to send to Azure. + + :ivar parameters: The parameters for the setting. + :vartype parameters: JSON + :ivar type: The kind of the setting. Required. Known values are: "CopyableLabel", + "InstructionStepsGroup", and "InfoMessage". + :vartype type: str or ~azure.mgmt.securityinsight.models.SettingType + """ + + _validation = { + "type": {"required": True}, + } + + _attribute_map = { + "parameters": {"key": "parameters", "type": "object"}, + "type": {"key": "type", "type": "str"}, + } + + def __init__(self, *, type: Union[str, "_models.SettingType"], parameters: Optional[JSON] = None, **kwargs): + """ + :keyword parameters: The parameters for the setting. + :paramtype parameters: JSON + :keyword type: The kind of the setting. Required. Known values are: "CopyableLabel", + "InstructionStepsGroup", and "InfoMessage". + :paramtype type: str or ~azure.mgmt.securityinsight.models.SettingType + """ + super().__init__(parameters=parameters, type=type, **kwargs) + + +class IoTCheckRequirements(DataConnectorsCheckRequirements): + """Represents IoT requirements check request. + + All required parameters must be populated in order to send to Azure. + + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar subscription_id: The subscription id to connect to, and get the data from. + :vartype subscription_id: str + """ + + _validation = { + "kind": {"required": True}, + } + + _attribute_map = { + "kind": {"key": "kind", "type": "str"}, + "subscription_id": {"key": "properties.subscriptionId", "type": "str"}, + } + + def __init__(self, *, subscription_id: Optional[str] = None, **kwargs): + """ + :keyword subscription_id: The subscription id to connect to, and get the data from. + :paramtype subscription_id: str + """ + super().__init__(**kwargs) + self.kind = "IOT" # type: str + self.subscription_id = subscription_id + + +class IoTDataConnector(DataConnector): + """Represents IoT data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :ivar subscription_id: The subscription id to connect to, and get the data from. + :vartype subscription_id: str + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "AlertsDataTypeOfDataConnector"}, + "subscription_id": {"key": "properties.subscriptionId", "type": "str"}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, + subscription_id: Optional[str] = None, + **kwargs + ): + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :keyword subscription_id: The subscription id to connect to, and get the data from. + :paramtype subscription_id: str + """ + super().__init__(etag=etag, **kwargs) + self.kind = "IOT" # type: str + self.data_types = data_types + self.subscription_id = subscription_id + + +class IoTDataConnectorProperties(DataConnectorWithAlertsProperties): + """IoT data connector properties. + + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :ivar subscription_id: The subscription id to connect to, and get the data from. + :vartype subscription_id: str + """ + + _attribute_map = { + "data_types": {"key": "dataTypes", "type": "AlertsDataTypeOfDataConnector"}, + "subscription_id": {"key": "subscriptionId", "type": "str"}, + } + + def __init__( + self, + *, + data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, + subscription_id: Optional[str] = None, + **kwargs + ): + """ + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :keyword subscription_id: The subscription id to connect to, and get the data from. + :paramtype subscription_id: str + """ + super().__init__(data_types=data_types, **kwargs) + self.subscription_id = subscription_id + + +class IoTDeviceEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents an IoT device entity. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar device_id: The ID of the IoT Device in the IoT Hub. + :vartype device_id: str + :ivar device_name: The friendly name of the device. + :vartype device_name: str + :ivar source: The source of the device. + :vartype source: str + :ivar iot_security_agent_id: The ID of the security agent running on the device. + :vartype iot_security_agent_id: str + :ivar device_type: The type of the device. + :vartype device_type: str + :ivar vendor: The vendor of the device. + :vartype vendor: str + :ivar edge_id: The ID of the edge device. + :vartype edge_id: str + :ivar mac_address: The MAC address of the device. + :vartype mac_address: str + :ivar model: The model of the device. + :vartype model: str + :ivar serial_number: The serial number of the device. + :vartype serial_number: str + :ivar firmware_version: The firmware version of the device. + :vartype firmware_version: str + :ivar operating_system: The operating system of the device. + :vartype operating_system: str + :ivar iot_hub_entity_id: The AzureResource entity id of the IoT Hub. + :vartype iot_hub_entity_id: str + :ivar host_entity_id: The Host entity id of this device. + :vartype host_entity_id: str + :ivar ip_address_entity_id: The IP entity if of this device. + :vartype ip_address_entity_id: str + :ivar threat_intelligence: A list of TI contexts attached to the IoTDevice entity. + :vartype threat_intelligence: list[~azure.mgmt.securityinsight.models.ThreatIntelligence] + :ivar protocols: A list of protocols of the IoTDevice entity. + :vartype protocols: list[str] + :ivar owners: A list of owners of the IoTDevice entity. + :vartype owners: list[str] + :ivar nic_entity_ids: A list of Nic entity ids of the IoTDevice entity. + :vartype nic_entity_ids: list[str] + :ivar site: The site of the device. + :vartype site: str + :ivar zone: The zone location of the device within a site. + :vartype zone: str + :ivar sensor: The sensor the device is monitored by. + :vartype sensor: str + :ivar device_sub_type: The subType of the device ('PLC', 'HMI', 'EWS', etc.). + :vartype device_sub_type: str + :ivar importance: Device importance, determines if the device classified as 'crown jewel'. + Known values are: "Unknown", "Low", "Normal", and "High". + :vartype importance: str or ~azure.mgmt.securityinsight.models.DeviceImportance + :ivar purdue_layer: The Purdue Layer of the device. + :vartype purdue_layer: str + :ivar is_authorized: Determines whether the device classified as authorized device. + :vartype is_authorized: bool + :ivar is_programming: Determines whether the device classified as programming device. + :vartype is_programming: bool + :ivar is_scanner: Is the device classified as a scanner device. + :vartype is_scanner: bool + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "device_id": {"readonly": True}, + "device_name": {"readonly": True}, + "source": {"readonly": True}, + "iot_security_agent_id": {"readonly": True}, + "device_type": {"readonly": True}, + "vendor": {"readonly": True}, + "edge_id": {"readonly": True}, + "mac_address": {"readonly": True}, + "model": {"readonly": True}, + "serial_number": {"readonly": True}, + "firmware_version": {"readonly": True}, + "operating_system": {"readonly": True}, + "iot_hub_entity_id": {"readonly": True}, + "host_entity_id": {"readonly": True}, + "ip_address_entity_id": {"readonly": True}, + "threat_intelligence": {"readonly": True}, + "protocols": {"readonly": True}, + "owners": {"readonly": True}, + "nic_entity_ids": {"readonly": True}, + "site": {"readonly": True}, + "zone": {"readonly": True}, + "sensor": {"readonly": True}, + "device_sub_type": {"readonly": True}, + "purdue_layer": {"readonly": True}, + "is_authorized": {"readonly": True}, + "is_programming": {"readonly": True}, + "is_scanner": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "device_id": {"key": "properties.deviceId", "type": "str"}, + "device_name": {"key": "properties.deviceName", "type": "str"}, + "source": {"key": "properties.source", "type": "str"}, + "iot_security_agent_id": {"key": "properties.iotSecurityAgentId", "type": "str"}, + "device_type": {"key": "properties.deviceType", "type": "str"}, + "vendor": {"key": "properties.vendor", "type": "str"}, + "edge_id": {"key": "properties.edgeId", "type": "str"}, + "mac_address": {"key": "properties.macAddress", "type": "str"}, + "model": {"key": "properties.model", "type": "str"}, + "serial_number": {"key": "properties.serialNumber", "type": "str"}, + "firmware_version": {"key": "properties.firmwareVersion", "type": "str"}, + "operating_system": {"key": "properties.operatingSystem", "type": "str"}, + "iot_hub_entity_id": {"key": "properties.iotHubEntityId", "type": "str"}, + "host_entity_id": {"key": "properties.hostEntityId", "type": "str"}, + "ip_address_entity_id": {"key": "properties.ipAddressEntityId", "type": "str"}, + "threat_intelligence": {"key": "properties.threatIntelligence", "type": "[ThreatIntelligence]"}, + "protocols": {"key": "properties.protocols", "type": "[str]"}, + "owners": {"key": "properties.owners", "type": "[str]"}, + "nic_entity_ids": {"key": "properties.nicEntityIds", "type": "[str]"}, + "site": {"key": "properties.site", "type": "str"}, + "zone": {"key": "properties.zone", "type": "str"}, + "sensor": {"key": "properties.sensor", "type": "str"}, + "device_sub_type": {"key": "properties.deviceSubType", "type": "str"}, + "importance": {"key": "properties.importance", "type": "str"}, + "purdue_layer": {"key": "properties.purdueLayer", "type": "str"}, + "is_authorized": {"key": "properties.isAuthorized", "type": "bool"}, + "is_programming": {"key": "properties.isProgramming", "type": "bool"}, + "is_scanner": {"key": "properties.isScanner", "type": "bool"}, + } + + def __init__( # pylint: disable=too-many-locals + self, *, importance: Optional[Union[str, "_models.DeviceImportance"]] = None, **kwargs + ): + """ + :keyword importance: Device importance, determines if the device classified as 'crown jewel'. + Known values are: "Unknown", "Low", "Normal", and "High". + :paramtype importance: str or ~azure.mgmt.securityinsight.models.DeviceImportance + """ + super().__init__(**kwargs) + self.kind = "IoTDevice" # type: str + self.additional_data = None + self.friendly_name = None + self.device_id = None + self.device_name = None + self.source = None + self.iot_security_agent_id = None + self.device_type = None + self.vendor = None + self.edge_id = None + self.mac_address = None + self.model = None + self.serial_number = None + self.firmware_version = None + self.operating_system = None + self.iot_hub_entity_id = None + self.host_entity_id = None + self.ip_address_entity_id = None + self.threat_intelligence = None + self.protocols = None + self.owners = None + self.nic_entity_ids = None + self.site = None + self.zone = None + self.sensor = None + self.device_sub_type = None + self.importance = importance + self.purdue_layer = None + self.is_authorized = None + self.is_programming = None + self.is_scanner = None + + +class IoTDeviceEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes + """IoTDevice entity property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar device_id: The ID of the IoT Device in the IoT Hub. + :vartype device_id: str + :ivar device_name: The friendly name of the device. + :vartype device_name: str + :ivar source: The source of the device. + :vartype source: str + :ivar iot_security_agent_id: The ID of the security agent running on the device. + :vartype iot_security_agent_id: str + :ivar device_type: The type of the device. + :vartype device_type: str + :ivar vendor: The vendor of the device. + :vartype vendor: str + :ivar edge_id: The ID of the edge device. + :vartype edge_id: str + :ivar mac_address: The MAC address of the device. + :vartype mac_address: str + :ivar model: The model of the device. + :vartype model: str + :ivar serial_number: The serial number of the device. + :vartype serial_number: str + :ivar firmware_version: The firmware version of the device. + :vartype firmware_version: str + :ivar operating_system: The operating system of the device. + :vartype operating_system: str + :ivar iot_hub_entity_id: The AzureResource entity id of the IoT Hub. + :vartype iot_hub_entity_id: str + :ivar host_entity_id: The Host entity id of this device. + :vartype host_entity_id: str + :ivar ip_address_entity_id: The IP entity if of this device. + :vartype ip_address_entity_id: str + :ivar threat_intelligence: A list of TI contexts attached to the IoTDevice entity. + :vartype threat_intelligence: list[~azure.mgmt.securityinsight.models.ThreatIntelligence] + :ivar protocols: A list of protocols of the IoTDevice entity. + :vartype protocols: list[str] + :ivar owners: A list of owners of the IoTDevice entity. + :vartype owners: list[str] + :ivar nic_entity_ids: A list of Nic entity ids of the IoTDevice entity. + :vartype nic_entity_ids: list[str] + :ivar site: The site of the device. + :vartype site: str + :ivar zone: The zone location of the device within a site. + :vartype zone: str + :ivar sensor: The sensor the device is monitored by. + :vartype sensor: str + :ivar device_sub_type: The subType of the device ('PLC', 'HMI', 'EWS', etc.). + :vartype device_sub_type: str + :ivar importance: Device importance, determines if the device classified as 'crown jewel'. + Known values are: "Unknown", "Low", "Normal", and "High". + :vartype importance: str or ~azure.mgmt.securityinsight.models.DeviceImportance + :ivar purdue_layer: The Purdue Layer of the device. + :vartype purdue_layer: str + :ivar is_authorized: Determines whether the device classified as authorized device. + :vartype is_authorized: bool + :ivar is_programming: Determines whether the device classified as programming device. + :vartype is_programming: bool + :ivar is_scanner: Is the device classified as a scanner device. + :vartype is_scanner: bool + """ + + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "device_id": {"readonly": True}, + "device_name": {"readonly": True}, + "source": {"readonly": True}, + "iot_security_agent_id": {"readonly": True}, + "device_type": {"readonly": True}, + "vendor": {"readonly": True}, + "edge_id": {"readonly": True}, + "mac_address": {"readonly": True}, + "model": {"readonly": True}, + "serial_number": {"readonly": True}, + "firmware_version": {"readonly": True}, + "operating_system": {"readonly": True}, + "iot_hub_entity_id": {"readonly": True}, + "host_entity_id": {"readonly": True}, + "ip_address_entity_id": {"readonly": True}, + "threat_intelligence": {"readonly": True}, + "protocols": {"readonly": True}, + "owners": {"readonly": True}, + "nic_entity_ids": {"readonly": True}, + "site": {"readonly": True}, + "zone": {"readonly": True}, + "sensor": {"readonly": True}, + "device_sub_type": {"readonly": True}, + "purdue_layer": {"readonly": True}, + "is_authorized": {"readonly": True}, + "is_programming": {"readonly": True}, + "is_scanner": {"readonly": True}, + } + + _attribute_map = { + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "device_id": {"key": "deviceId", "type": "str"}, + "device_name": {"key": "deviceName", "type": "str"}, + "source": {"key": "source", "type": "str"}, + "iot_security_agent_id": {"key": "iotSecurityAgentId", "type": "str"}, + "device_type": {"key": "deviceType", "type": "str"}, + "vendor": {"key": "vendor", "type": "str"}, + "edge_id": {"key": "edgeId", "type": "str"}, + "mac_address": {"key": "macAddress", "type": "str"}, + "model": {"key": "model", "type": "str"}, + "serial_number": {"key": "serialNumber", "type": "str"}, + "firmware_version": {"key": "firmwareVersion", "type": "str"}, + "operating_system": {"key": "operatingSystem", "type": "str"}, + "iot_hub_entity_id": {"key": "iotHubEntityId", "type": "str"}, + "host_entity_id": {"key": "hostEntityId", "type": "str"}, + "ip_address_entity_id": {"key": "ipAddressEntityId", "type": "str"}, + "threat_intelligence": {"key": "threatIntelligence", "type": "[ThreatIntelligence]"}, + "protocols": {"key": "protocols", "type": "[str]"}, + "owners": {"key": "owners", "type": "[str]"}, + "nic_entity_ids": {"key": "nicEntityIds", "type": "[str]"}, + "site": {"key": "site", "type": "str"}, + "zone": {"key": "zone", "type": "str"}, + "sensor": {"key": "sensor", "type": "str"}, + "device_sub_type": {"key": "deviceSubType", "type": "str"}, + "importance": {"key": "importance", "type": "str"}, + "purdue_layer": {"key": "purdueLayer", "type": "str"}, + "is_authorized": {"key": "isAuthorized", "type": "bool"}, + "is_programming": {"key": "isProgramming", "type": "bool"}, + "is_scanner": {"key": "isScanner", "type": "bool"}, + } + + def __init__( # pylint: disable=too-many-locals + self, *, importance: Optional[Union[str, "_models.DeviceImportance"]] = None, **kwargs + ): + """ + :keyword importance: Device importance, determines if the device classified as 'crown jewel'. + Known values are: "Unknown", "Low", "Normal", and "High". + :paramtype importance: str or ~azure.mgmt.securityinsight.models.DeviceImportance + """ + super().__init__(**kwargs) + self.device_id = None + self.device_name = None + self.source = None + self.iot_security_agent_id = None + self.device_type = None + self.vendor = None + self.edge_id = None + self.mac_address = None + self.model = None + self.serial_number = None + self.firmware_version = None + self.operating_system = None + self.iot_hub_entity_id = None + self.host_entity_id = None + self.ip_address_entity_id = None + self.threat_intelligence = None + self.protocols = None + self.owners = None + self.nic_entity_ids = None + self.site = None + self.zone = None + self.sensor = None + self.device_sub_type = None + self.importance = importance + self.purdue_layer = None + self.is_authorized = None + self.is_programming = None + self.is_scanner = None + + +class IpEntity(Entity): + """Represents an ip entity. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar address: The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6). + :vartype address: str + :ivar location: The geo-location context attached to the ip entity. + :vartype location: ~azure.mgmt.securityinsight.models.GeoLocation + :ivar threat_intelligence: A list of TI contexts attached to the ip entity. + :vartype threat_intelligence: list[~azure.mgmt.securityinsight.models.ThreatIntelligence] + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "address": {"readonly": True}, + "location": {"readonly": True}, + "threat_intelligence": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "address": {"key": "properties.address", "type": "str"}, + "location": {"key": "properties.location", "type": "GeoLocation"}, + "threat_intelligence": {"key": "properties.threatIntelligence", "type": "[ThreatIntelligence]"}, + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.kind = "Ip" # type: str + self.additional_data = None + self.friendly_name = None + self.address = None + self.location = None + self.threat_intelligence = None + + +class IpEntityProperties(EntityCommonProperties): + """Ip entity property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar address: The IP address as string, e.g. 127.0.0.1 (either in Ipv4 or Ipv6). + :vartype address: str + :ivar location: The geo-location context attached to the ip entity. + :vartype location: ~azure.mgmt.securityinsight.models.GeoLocation + :ivar threat_intelligence: A list of TI contexts attached to the ip entity. + :vartype threat_intelligence: list[~azure.mgmt.securityinsight.models.ThreatIntelligence] + """ + + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "address": {"readonly": True}, + "location": {"readonly": True}, + "threat_intelligence": {"readonly": True}, + } + + _attribute_map = { + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "address": {"key": "address", "type": "str"}, + "location": {"key": "location", "type": "GeoLocation"}, + "threat_intelligence": {"key": "threatIntelligence", "type": "[ThreatIntelligence]"}, + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.address = None + self.location = None + self.threat_intelligence = None + + +class MailboxEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents a mailbox entity. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar mailbox_primary_address: The mailbox's primary address. + :vartype mailbox_primary_address: str + :ivar display_name: The mailbox's display name. + :vartype display_name: str + :ivar upn: The mailbox's UPN. + :vartype upn: str + :ivar external_directory_object_id: The AzureAD identifier of mailbox. Similar to AadUserId in + account entity but this property is specific to mailbox object on office side. + :vartype external_directory_object_id: str + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "mailbox_primary_address": {"readonly": True}, + "display_name": {"readonly": True}, + "upn": {"readonly": True}, + "external_directory_object_id": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "mailbox_primary_address": {"key": "properties.mailboxPrimaryAddress", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "upn": {"key": "properties.upn", "type": "str"}, + "external_directory_object_id": {"key": "properties.externalDirectoryObjectId", "type": "str"}, + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.kind = "Mailbox" # type: str + self.additional_data = None + self.friendly_name = None + self.mailbox_primary_address = None + self.display_name = None + self.upn = None + self.external_directory_object_id = None + + +class MailboxEntityProperties(EntityCommonProperties): + """Mailbox entity property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar mailbox_primary_address: The mailbox's primary address. + :vartype mailbox_primary_address: str + :ivar display_name: The mailbox's display name. + :vartype display_name: str + :ivar upn: The mailbox's UPN. + :vartype upn: str + :ivar external_directory_object_id: The AzureAD identifier of mailbox. Similar to AadUserId in + account entity but this property is specific to mailbox object on office side. + :vartype external_directory_object_id: str + """ + + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "mailbox_primary_address": {"readonly": True}, + "display_name": {"readonly": True}, + "upn": {"readonly": True}, + "external_directory_object_id": {"readonly": True}, + } + + _attribute_map = { + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "mailbox_primary_address": {"key": "mailboxPrimaryAddress", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "upn": {"key": "upn", "type": "str"}, + "external_directory_object_id": {"key": "externalDirectoryObjectId", "type": "str"}, + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.mailbox_primary_address = None + self.display_name = None + self.upn = None + self.external_directory_object_id = None + + +class MailClusterEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents a mail cluster entity. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar network_message_ids: The mail message IDs that are part of the mail cluster. + :vartype network_message_ids: list[str] + :ivar count_by_delivery_status: Count of mail messages by DeliveryStatus string representation. + :vartype count_by_delivery_status: JSON + :ivar count_by_threat_type: Count of mail messages by ThreatType string representation. + :vartype count_by_threat_type: JSON + :ivar count_by_protection_status: Count of mail messages by ProtectionStatus string + representation. + :vartype count_by_protection_status: JSON + :ivar threats: The threats of mail messages that are part of the mail cluster. + :vartype threats: list[str] + :ivar query: The query that was used to identify the messages of the mail cluster. + :vartype query: str + :ivar query_time: The query time. + :vartype query_time: ~datetime.datetime + :ivar mail_count: The number of mail messages that are part of the mail cluster. + :vartype mail_count: int + :ivar is_volume_anomaly: Is this a volume anomaly mail cluster. + :vartype is_volume_anomaly: bool + :ivar source: The source of the mail cluster (default is 'O365 ATP'). + :vartype source: str + :ivar cluster_source_identifier: The id of the cluster source. + :vartype cluster_source_identifier: str + :ivar cluster_source_type: The type of the cluster source. + :vartype cluster_source_type: str + :ivar cluster_query_start_time: The cluster query start time. + :vartype cluster_query_start_time: ~datetime.datetime + :ivar cluster_query_end_time: The cluster query end time. + :vartype cluster_query_end_time: ~datetime.datetime + :ivar cluster_group: The cluster group. + :vartype cluster_group: str + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "network_message_ids": {"readonly": True}, + "count_by_delivery_status": {"readonly": True}, + "count_by_threat_type": {"readonly": True}, + "count_by_protection_status": {"readonly": True}, + "threats": {"readonly": True}, + "query": {"readonly": True}, + "query_time": {"readonly": True}, + "mail_count": {"readonly": True}, + "is_volume_anomaly": {"readonly": True}, + "source": {"readonly": True}, + "cluster_source_identifier": {"readonly": True}, + "cluster_source_type": {"readonly": True}, + "cluster_query_start_time": {"readonly": True}, + "cluster_query_end_time": {"readonly": True}, + "cluster_group": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "network_message_ids": {"key": "properties.networkMessageIds", "type": "[str]"}, + "count_by_delivery_status": {"key": "properties.countByDeliveryStatus", "type": "object"}, + "count_by_threat_type": {"key": "properties.countByThreatType", "type": "object"}, + "count_by_protection_status": {"key": "properties.countByProtectionStatus", "type": "object"}, + "threats": {"key": "properties.threats", "type": "[str]"}, + "query": {"key": "properties.query", "type": "str"}, + "query_time": {"key": "properties.queryTime", "type": "iso-8601"}, + "mail_count": {"key": "properties.mailCount", "type": "int"}, + "is_volume_anomaly": {"key": "properties.isVolumeAnomaly", "type": "bool"}, + "source": {"key": "properties.source", "type": "str"}, + "cluster_source_identifier": {"key": "properties.clusterSourceIdentifier", "type": "str"}, + "cluster_source_type": {"key": "properties.clusterSourceType", "type": "str"}, + "cluster_query_start_time": {"key": "properties.clusterQueryStartTime", "type": "iso-8601"}, + "cluster_query_end_time": {"key": "properties.clusterQueryEndTime", "type": "iso-8601"}, + "cluster_group": {"key": "properties.clusterGroup", "type": "str"}, + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.kind = "MailCluster" # type: str + self.additional_data = None + self.friendly_name = None + self.network_message_ids = None + self.count_by_delivery_status = None + self.count_by_threat_type = None + self.count_by_protection_status = None + self.threats = None + self.query = None + self.query_time = None + self.mail_count = None + self.is_volume_anomaly = None + self.source = None + self.cluster_source_identifier = None + self.cluster_source_type = None + self.cluster_query_start_time = None + self.cluster_query_end_time = None + self.cluster_group = None + + +class MailClusterEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes + """Mail cluster entity property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar network_message_ids: The mail message IDs that are part of the mail cluster. + :vartype network_message_ids: list[str] + :ivar count_by_delivery_status: Count of mail messages by DeliveryStatus string representation. + :vartype count_by_delivery_status: JSON + :ivar count_by_threat_type: Count of mail messages by ThreatType string representation. + :vartype count_by_threat_type: JSON + :ivar count_by_protection_status: Count of mail messages by ProtectionStatus string + representation. + :vartype count_by_protection_status: JSON + :ivar threats: The threats of mail messages that are part of the mail cluster. + :vartype threats: list[str] + :ivar query: The query that was used to identify the messages of the mail cluster. + :vartype query: str + :ivar query_time: The query time. + :vartype query_time: ~datetime.datetime + :ivar mail_count: The number of mail messages that are part of the mail cluster. + :vartype mail_count: int + :ivar is_volume_anomaly: Is this a volume anomaly mail cluster. + :vartype is_volume_anomaly: bool + :ivar source: The source of the mail cluster (default is 'O365 ATP'). + :vartype source: str + :ivar cluster_source_identifier: The id of the cluster source. + :vartype cluster_source_identifier: str + :ivar cluster_source_type: The type of the cluster source. + :vartype cluster_source_type: str + :ivar cluster_query_start_time: The cluster query start time. + :vartype cluster_query_start_time: ~datetime.datetime + :ivar cluster_query_end_time: The cluster query end time. + :vartype cluster_query_end_time: ~datetime.datetime + :ivar cluster_group: The cluster group. + :vartype cluster_group: str + """ + + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "network_message_ids": {"readonly": True}, + "count_by_delivery_status": {"readonly": True}, + "count_by_threat_type": {"readonly": True}, + "count_by_protection_status": {"readonly": True}, + "threats": {"readonly": True}, + "query": {"readonly": True}, + "query_time": {"readonly": True}, + "mail_count": {"readonly": True}, + "is_volume_anomaly": {"readonly": True}, + "source": {"readonly": True}, + "cluster_source_identifier": {"readonly": True}, + "cluster_source_type": {"readonly": True}, + "cluster_query_start_time": {"readonly": True}, + "cluster_query_end_time": {"readonly": True}, + "cluster_group": {"readonly": True}, + } + + _attribute_map = { + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "network_message_ids": {"key": "networkMessageIds", "type": "[str]"}, + "count_by_delivery_status": {"key": "countByDeliveryStatus", "type": "object"}, + "count_by_threat_type": {"key": "countByThreatType", "type": "object"}, + "count_by_protection_status": {"key": "countByProtectionStatus", "type": "object"}, + "threats": {"key": "threats", "type": "[str]"}, + "query": {"key": "query", "type": "str"}, + "query_time": {"key": "queryTime", "type": "iso-8601"}, + "mail_count": {"key": "mailCount", "type": "int"}, + "is_volume_anomaly": {"key": "isVolumeAnomaly", "type": "bool"}, + "source": {"key": "source", "type": "str"}, + "cluster_source_identifier": {"key": "clusterSourceIdentifier", "type": "str"}, + "cluster_source_type": {"key": "clusterSourceType", "type": "str"}, + "cluster_query_start_time": {"key": "clusterQueryStartTime", "type": "iso-8601"}, + "cluster_query_end_time": {"key": "clusterQueryEndTime", "type": "iso-8601"}, + "cluster_group": {"key": "clusterGroup", "type": "str"}, + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.network_message_ids = None + self.count_by_delivery_status = None + self.count_by_threat_type = None + self.count_by_protection_status = None + self.threats = None + self.query = None + self.query_time = None + self.mail_count = None + self.is_volume_anomaly = None + self.source = None + self.cluster_source_identifier = None + self.cluster_source_type = None + self.cluster_query_start_time = None + self.cluster_query_end_time = None + self.cluster_group = None + + +class MailMessageEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents a mail message entity. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar file_entity_ids: The File entity ids of this mail message's attachments. + :vartype file_entity_ids: list[str] + :ivar recipient: The recipient of this mail message. Note that in case of multiple recipients + the mail message is forked and each copy has one recipient. + :vartype recipient: str + :ivar urls: The Urls contained in this mail message. + :vartype urls: list[str] + :ivar threats: The threats of this mail message. + :vartype threats: list[str] + :ivar p1_sender: The p1 sender's email address. + :vartype p1_sender: str + :ivar p1_sender_display_name: The p1 sender's display name. + :vartype p1_sender_display_name: str + :ivar p1_sender_domain: The p1 sender's domain. + :vartype p1_sender_domain: str + :ivar sender_ip: The sender's IP address. + :vartype sender_ip: str + :ivar p2_sender: The p2 sender's email address. + :vartype p2_sender: str + :ivar p2_sender_display_name: The p2 sender's display name. + :vartype p2_sender_display_name: str + :ivar p2_sender_domain: The p2 sender's domain. + :vartype p2_sender_domain: str + :ivar receive_date: The receive date of this message. + :vartype receive_date: ~datetime.datetime + :ivar network_message_id: The network message id of this mail message. + :vartype network_message_id: str + :ivar internet_message_id: The internet message id of this mail message. + :vartype internet_message_id: str + :ivar subject: The subject of this mail message. + :vartype subject: str + :ivar language: The language of this mail message. + :vartype language: str + :ivar threat_detection_methods: The threat detection methods. + :vartype threat_detection_methods: list[str] + :ivar body_fingerprint_bin1: The bodyFingerprintBin1. + :vartype body_fingerprint_bin1: int + :ivar body_fingerprint_bin2: The bodyFingerprintBin2. + :vartype body_fingerprint_bin2: int + :ivar body_fingerprint_bin3: The bodyFingerprintBin3. + :vartype body_fingerprint_bin3: int + :ivar body_fingerprint_bin4: The bodyFingerprintBin4. + :vartype body_fingerprint_bin4: int + :ivar body_fingerprint_bin5: The bodyFingerprintBin5. + :vartype body_fingerprint_bin5: int + :ivar antispam_direction: The directionality of this mail message. Known values are: "Unknown", + "Inbound", "Outbound", and "Intraorg". + :vartype antispam_direction: str or ~azure.mgmt.securityinsight.models.AntispamMailDirection + :ivar delivery_action: The delivery action of this mail message like Delivered, Blocked, + Replaced etc. Known values are: "Unknown", "DeliveredAsSpam", "Delivered", "Blocked", and + "Replaced". + :vartype delivery_action: str or ~azure.mgmt.securityinsight.models.DeliveryAction + :ivar delivery_location: The delivery location of this mail message like Inbox, JunkFolder etc. + Known values are: "Unknown", "Inbox", "JunkFolder", "DeletedFolder", "Quarantine", "External", + "Failed", "Dropped", and "Forwarded". + :vartype delivery_location: str or ~azure.mgmt.securityinsight.models.DeliveryLocation + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "file_entity_ids": {"readonly": True}, + "recipient": {"readonly": True}, + "urls": {"readonly": True}, + "threats": {"readonly": True}, + "p1_sender": {"readonly": True}, + "p1_sender_display_name": {"readonly": True}, + "p1_sender_domain": {"readonly": True}, + "sender_ip": {"readonly": True}, + "p2_sender": {"readonly": True}, + "p2_sender_display_name": {"readonly": True}, + "p2_sender_domain": {"readonly": True}, + "receive_date": {"readonly": True}, + "network_message_id": {"readonly": True}, + "internet_message_id": {"readonly": True}, + "subject": {"readonly": True}, + "language": {"readonly": True}, + "threat_detection_methods": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "file_entity_ids": {"key": "properties.fileEntityIds", "type": "[str]"}, + "recipient": {"key": "properties.recipient", "type": "str"}, + "urls": {"key": "properties.urls", "type": "[str]"}, + "threats": {"key": "properties.threats", "type": "[str]"}, + "p1_sender": {"key": "properties.p1Sender", "type": "str"}, + "p1_sender_display_name": {"key": "properties.p1SenderDisplayName", "type": "str"}, + "p1_sender_domain": {"key": "properties.p1SenderDomain", "type": "str"}, + "sender_ip": {"key": "properties.senderIP", "type": "str"}, + "p2_sender": {"key": "properties.p2Sender", "type": "str"}, + "p2_sender_display_name": {"key": "properties.p2SenderDisplayName", "type": "str"}, + "p2_sender_domain": {"key": "properties.p2SenderDomain", "type": "str"}, + "receive_date": {"key": "properties.receiveDate", "type": "iso-8601"}, + "network_message_id": {"key": "properties.networkMessageId", "type": "str"}, + "internet_message_id": {"key": "properties.internetMessageId", "type": "str"}, + "subject": {"key": "properties.subject", "type": "str"}, + "language": {"key": "properties.language", "type": "str"}, + "threat_detection_methods": {"key": "properties.threatDetectionMethods", "type": "[str]"}, + "body_fingerprint_bin1": {"key": "properties.bodyFingerprintBin1", "type": "int"}, + "body_fingerprint_bin2": {"key": "properties.bodyFingerprintBin2", "type": "int"}, + "body_fingerprint_bin3": {"key": "properties.bodyFingerprintBin3", "type": "int"}, + "body_fingerprint_bin4": {"key": "properties.bodyFingerprintBin4", "type": "int"}, + "body_fingerprint_bin5": {"key": "properties.bodyFingerprintBin5", "type": "int"}, + "antispam_direction": {"key": "properties.antispamDirection", "type": "str"}, + "delivery_action": {"key": "properties.deliveryAction", "type": "str"}, + "delivery_location": {"key": "properties.deliveryLocation", "type": "str"}, + } + + def __init__( # pylint: disable=too-many-locals + self, + *, + body_fingerprint_bin1: Optional[int] = None, + body_fingerprint_bin2: Optional[int] = None, + body_fingerprint_bin3: Optional[int] = None, + body_fingerprint_bin4: Optional[int] = None, + body_fingerprint_bin5: Optional[int] = None, + antispam_direction: Optional[Union[str, "_models.AntispamMailDirection"]] = None, + delivery_action: Optional[Union[str, "_models.DeliveryAction"]] = None, + delivery_location: Optional[Union[str, "_models.DeliveryLocation"]] = None, + **kwargs + ): + """ + :keyword body_fingerprint_bin1: The bodyFingerprintBin1. + :paramtype body_fingerprint_bin1: int + :keyword body_fingerprint_bin2: The bodyFingerprintBin2. + :paramtype body_fingerprint_bin2: int + :keyword body_fingerprint_bin3: The bodyFingerprintBin3. + :paramtype body_fingerprint_bin3: int + :keyword body_fingerprint_bin4: The bodyFingerprintBin4. + :paramtype body_fingerprint_bin4: int + :keyword body_fingerprint_bin5: The bodyFingerprintBin5. + :paramtype body_fingerprint_bin5: int + :keyword antispam_direction: The directionality of this mail message. Known values are: + "Unknown", "Inbound", "Outbound", and "Intraorg". + :paramtype antispam_direction: str or ~azure.mgmt.securityinsight.models.AntispamMailDirection + :keyword delivery_action: The delivery action of this mail message like Delivered, Blocked, + Replaced etc. Known values are: "Unknown", "DeliveredAsSpam", "Delivered", "Blocked", and + "Replaced". + :paramtype delivery_action: str or ~azure.mgmt.securityinsight.models.DeliveryAction + :keyword delivery_location: The delivery location of this mail message like Inbox, JunkFolder + etc. Known values are: "Unknown", "Inbox", "JunkFolder", "DeletedFolder", "Quarantine", + "External", "Failed", "Dropped", and "Forwarded". + :paramtype delivery_location: str or ~azure.mgmt.securityinsight.models.DeliveryLocation + """ + super().__init__(**kwargs) + self.kind = "MailMessage" # type: str + self.additional_data = None + self.friendly_name = None + self.file_entity_ids = None + self.recipient = None + self.urls = None + self.threats = None + self.p1_sender = None + self.p1_sender_display_name = None + self.p1_sender_domain = None + self.sender_ip = None + self.p2_sender = None + self.p2_sender_display_name = None + self.p2_sender_domain = None + self.receive_date = None + self.network_message_id = None + self.internet_message_id = None + self.subject = None + self.language = None + self.threat_detection_methods = None + self.body_fingerprint_bin1 = body_fingerprint_bin1 + self.body_fingerprint_bin2 = body_fingerprint_bin2 + self.body_fingerprint_bin3 = body_fingerprint_bin3 + self.body_fingerprint_bin4 = body_fingerprint_bin4 + self.body_fingerprint_bin5 = body_fingerprint_bin5 + self.antispam_direction = antispam_direction + self.delivery_action = delivery_action + self.delivery_location = delivery_location + + +class MailMessageEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes + """Mail message entity property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar file_entity_ids: The File entity ids of this mail message's attachments. + :vartype file_entity_ids: list[str] + :ivar recipient: The recipient of this mail message. Note that in case of multiple recipients + the mail message is forked and each copy has one recipient. + :vartype recipient: str + :ivar urls: The Urls contained in this mail message. + :vartype urls: list[str] + :ivar threats: The threats of this mail message. + :vartype threats: list[str] + :ivar p1_sender: The p1 sender's email address. + :vartype p1_sender: str + :ivar p1_sender_display_name: The p1 sender's display name. + :vartype p1_sender_display_name: str + :ivar p1_sender_domain: The p1 sender's domain. + :vartype p1_sender_domain: str + :ivar sender_ip: The sender's IP address. + :vartype sender_ip: str + :ivar p2_sender: The p2 sender's email address. + :vartype p2_sender: str + :ivar p2_sender_display_name: The p2 sender's display name. + :vartype p2_sender_display_name: str + :ivar p2_sender_domain: The p2 sender's domain. + :vartype p2_sender_domain: str + :ivar receive_date: The receive date of this message. + :vartype receive_date: ~datetime.datetime + :ivar network_message_id: The network message id of this mail message. + :vartype network_message_id: str + :ivar internet_message_id: The internet message id of this mail message. + :vartype internet_message_id: str + :ivar subject: The subject of this mail message. + :vartype subject: str + :ivar language: The language of this mail message. + :vartype language: str + :ivar threat_detection_methods: The threat detection methods. + :vartype threat_detection_methods: list[str] + :ivar body_fingerprint_bin1: The bodyFingerprintBin1. + :vartype body_fingerprint_bin1: int + :ivar body_fingerprint_bin2: The bodyFingerprintBin2. + :vartype body_fingerprint_bin2: int + :ivar body_fingerprint_bin3: The bodyFingerprintBin3. + :vartype body_fingerprint_bin3: int + :ivar body_fingerprint_bin4: The bodyFingerprintBin4. + :vartype body_fingerprint_bin4: int + :ivar body_fingerprint_bin5: The bodyFingerprintBin5. + :vartype body_fingerprint_bin5: int + :ivar antispam_direction: The directionality of this mail message. Known values are: "Unknown", + "Inbound", "Outbound", and "Intraorg". + :vartype antispam_direction: str or ~azure.mgmt.securityinsight.models.AntispamMailDirection + :ivar delivery_action: The delivery action of this mail message like Delivered, Blocked, + Replaced etc. Known values are: "Unknown", "DeliveredAsSpam", "Delivered", "Blocked", and + "Replaced". + :vartype delivery_action: str or ~azure.mgmt.securityinsight.models.DeliveryAction + :ivar delivery_location: The delivery location of this mail message like Inbox, JunkFolder etc. + Known values are: "Unknown", "Inbox", "JunkFolder", "DeletedFolder", "Quarantine", "External", + "Failed", "Dropped", and "Forwarded". + :vartype delivery_location: str or ~azure.mgmt.securityinsight.models.DeliveryLocation + """ + + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "file_entity_ids": {"readonly": True}, + "recipient": {"readonly": True}, + "urls": {"readonly": True}, + "threats": {"readonly": True}, + "p1_sender": {"readonly": True}, + "p1_sender_display_name": {"readonly": True}, + "p1_sender_domain": {"readonly": True}, + "sender_ip": {"readonly": True}, + "p2_sender": {"readonly": True}, + "p2_sender_display_name": {"readonly": True}, + "p2_sender_domain": {"readonly": True}, + "receive_date": {"readonly": True}, + "network_message_id": {"readonly": True}, + "internet_message_id": {"readonly": True}, + "subject": {"readonly": True}, + "language": {"readonly": True}, + "threat_detection_methods": {"readonly": True}, + } + + _attribute_map = { + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "file_entity_ids": {"key": "fileEntityIds", "type": "[str]"}, + "recipient": {"key": "recipient", "type": "str"}, + "urls": {"key": "urls", "type": "[str]"}, + "threats": {"key": "threats", "type": "[str]"}, + "p1_sender": {"key": "p1Sender", "type": "str"}, + "p1_sender_display_name": {"key": "p1SenderDisplayName", "type": "str"}, + "p1_sender_domain": {"key": "p1SenderDomain", "type": "str"}, + "sender_ip": {"key": "senderIP", "type": "str"}, + "p2_sender": {"key": "p2Sender", "type": "str"}, + "p2_sender_display_name": {"key": "p2SenderDisplayName", "type": "str"}, + "p2_sender_domain": {"key": "p2SenderDomain", "type": "str"}, + "receive_date": {"key": "receiveDate", "type": "iso-8601"}, + "network_message_id": {"key": "networkMessageId", "type": "str"}, + "internet_message_id": {"key": "internetMessageId", "type": "str"}, + "subject": {"key": "subject", "type": "str"}, + "language": {"key": "language", "type": "str"}, + "threat_detection_methods": {"key": "threatDetectionMethods", "type": "[str]"}, + "body_fingerprint_bin1": {"key": "bodyFingerprintBin1", "type": "int"}, + "body_fingerprint_bin2": {"key": "bodyFingerprintBin2", "type": "int"}, + "body_fingerprint_bin3": {"key": "bodyFingerprintBin3", "type": "int"}, + "body_fingerprint_bin4": {"key": "bodyFingerprintBin4", "type": "int"}, + "body_fingerprint_bin5": {"key": "bodyFingerprintBin5", "type": "int"}, + "antispam_direction": {"key": "antispamDirection", "type": "str"}, + "delivery_action": {"key": "deliveryAction", "type": "str"}, + "delivery_location": {"key": "deliveryLocation", "type": "str"}, + } + + def __init__( # pylint: disable=too-many-locals + self, + *, + body_fingerprint_bin1: Optional[int] = None, + body_fingerprint_bin2: Optional[int] = None, + body_fingerprint_bin3: Optional[int] = None, + body_fingerprint_bin4: Optional[int] = None, + body_fingerprint_bin5: Optional[int] = None, + antispam_direction: Optional[Union[str, "_models.AntispamMailDirection"]] = None, + delivery_action: Optional[Union[str, "_models.DeliveryAction"]] = None, + delivery_location: Optional[Union[str, "_models.DeliveryLocation"]] = None, + **kwargs + ): + """ + :keyword body_fingerprint_bin1: The bodyFingerprintBin1. + :paramtype body_fingerprint_bin1: int + :keyword body_fingerprint_bin2: The bodyFingerprintBin2. + :paramtype body_fingerprint_bin2: int + :keyword body_fingerprint_bin3: The bodyFingerprintBin3. + :paramtype body_fingerprint_bin3: int + :keyword body_fingerprint_bin4: The bodyFingerprintBin4. + :paramtype body_fingerprint_bin4: int + :keyword body_fingerprint_bin5: The bodyFingerprintBin5. + :paramtype body_fingerprint_bin5: int + :keyword antispam_direction: The directionality of this mail message. Known values are: + "Unknown", "Inbound", "Outbound", and "Intraorg". + :paramtype antispam_direction: str or ~azure.mgmt.securityinsight.models.AntispamMailDirection + :keyword delivery_action: The delivery action of this mail message like Delivered, Blocked, + Replaced etc. Known values are: "Unknown", "DeliveredAsSpam", "Delivered", "Blocked", and + "Replaced". + :paramtype delivery_action: str or ~azure.mgmt.securityinsight.models.DeliveryAction + :keyword delivery_location: The delivery location of this mail message like Inbox, JunkFolder + etc. Known values are: "Unknown", "Inbox", "JunkFolder", "DeletedFolder", "Quarantine", + "External", "Failed", "Dropped", and "Forwarded". + :paramtype delivery_location: str or ~azure.mgmt.securityinsight.models.DeliveryLocation + """ + super().__init__(**kwargs) + self.file_entity_ids = None + self.recipient = None + self.urls = None + self.threats = None + self.p1_sender = None + self.p1_sender_display_name = None + self.p1_sender_domain = None + self.sender_ip = None + self.p2_sender = None + self.p2_sender_display_name = None + self.p2_sender_domain = None + self.receive_date = None + self.network_message_id = None + self.internet_message_id = None + self.subject = None + self.language = None + self.threat_detection_methods = None + self.body_fingerprint_bin1 = body_fingerprint_bin1 + self.body_fingerprint_bin2 = body_fingerprint_bin2 + self.body_fingerprint_bin3 = body_fingerprint_bin3 + self.body_fingerprint_bin4 = body_fingerprint_bin4 + self.body_fingerprint_bin5 = body_fingerprint_bin5 + self.antispam_direction = antispam_direction + self.delivery_action = delivery_action + self.delivery_location = delivery_location + + +class MalwareEntity(Entity): # pylint: disable=too-many-instance-attributes + """Represents a malware entity. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar category: The malware category by the vendor, e.g. Trojan. + :vartype category: str + :ivar file_entity_ids: List of linked file entity identifiers on which the malware was found. + :vartype file_entity_ids: list[str] + :ivar malware_name: The malware name by the vendor, e.g. Win32/Toga!rfn. + :vartype malware_name: str + :ivar process_entity_ids: List of linked process entity identifiers on which the malware was + found. + :vartype process_entity_ids: list[str] + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "category": {"readonly": True}, + "file_entity_ids": {"readonly": True}, + "malware_name": {"readonly": True}, + "process_entity_ids": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "category": {"key": "properties.category", "type": "str"}, + "file_entity_ids": {"key": "properties.fileEntityIds", "type": "[str]"}, + "malware_name": {"key": "properties.malwareName", "type": "str"}, + "process_entity_ids": {"key": "properties.processEntityIds", "type": "[str]"}, + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.kind = "Malware" # type: str + self.additional_data = None + self.friendly_name = None + self.category = None + self.file_entity_ids = None + self.malware_name = None + self.process_entity_ids = None + + +class MalwareEntityProperties(EntityCommonProperties): + """Malware entity property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar category: The malware category by the vendor, e.g. Trojan. + :vartype category: str + :ivar file_entity_ids: List of linked file entity identifiers on which the malware was found. + :vartype file_entity_ids: list[str] + :ivar malware_name: The malware name by the vendor, e.g. Win32/Toga!rfn. + :vartype malware_name: str + :ivar process_entity_ids: List of linked process entity identifiers on which the malware was + found. + :vartype process_entity_ids: list[str] + """ + + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "category": {"readonly": True}, + "file_entity_ids": {"readonly": True}, + "malware_name": {"readonly": True}, + "process_entity_ids": {"readonly": True}, + } + + _attribute_map = { + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "category": {"key": "category", "type": "str"}, + "file_entity_ids": {"key": "fileEntityIds", "type": "[str]"}, + "malware_name": {"key": "malwareName", "type": "str"}, + "process_entity_ids": {"key": "processEntityIds", "type": "[str]"}, + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.category = None + self.file_entity_ids = None + self.malware_name = None + self.process_entity_ids = None + + +class ManualTriggerRequestBody(_serialization.Model): + """ManualTriggerRequestBody. + + :ivar tenant_id: + :vartype tenant_id: str + :ivar logic_apps_resource_id: + :vartype logic_apps_resource_id: str + """ + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + "logic_apps_resource_id": {"key": "logicAppsResourceId", "type": "str"}, + } + + def __init__(self, *, tenant_id: Optional[str] = None, logic_apps_resource_id: Optional[str] = None, **kwargs): + """ + :keyword tenant_id: + :paramtype tenant_id: str + :keyword logic_apps_resource_id: + :paramtype logic_apps_resource_id: str + """ + super().__init__(**kwargs) + self.tenant_id = tenant_id + self.logic_apps_resource_id = logic_apps_resource_id + + +class MCASCheckRequirements(DataConnectorsCheckRequirements): + """Represents MCAS (Microsoft Cloud App Security) requirements check request. + + All required parameters must be populated in order to send to Azure. + + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + """ + + _validation = { + "kind": {"required": True}, + } + + _attribute_map = { + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + """ + super().__init__(**kwargs) + self.kind = "MicrosoftCloudAppSecurity" # type: str + self.tenant_id = tenant_id + + +class MCASCheckRequirementsProperties(DataConnectorTenantId): + """MCAS (Microsoft Cloud App Security) requirements check properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + """ + + _validation = { + "tenant_id": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: str, **kwargs): + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + """ + super().__init__(tenant_id=tenant_id, **kwargs) + + +class MCASDataConnector(DataConnector): + """Represents MCAS (Microsoft Cloud App Security) data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.MCASDataConnectorDataTypes + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "MCASDataConnectorDataTypes"}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + tenant_id: Optional[str] = None, + data_types: Optional["_models.MCASDataConnectorDataTypes"] = None, + **kwargs + ): + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.MCASDataConnectorDataTypes + """ + super().__init__(etag=etag, **kwargs) + self.kind = "MicrosoftCloudAppSecurity" # type: str + self.tenant_id = tenant_id + self.data_types = data_types + + +class MCASDataConnectorDataTypes(AlertsDataTypeOfDataConnector): + """The available data types for MCAS (Microsoft Cloud App Security) data connector. + + All required parameters must be populated in order to send to Azure. + + :ivar alerts: Alerts data type connection. Required. + :vartype alerts: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon + :ivar discovery_logs: Discovery log data type connection. + :vartype discovery_logs: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon + """ + + _validation = { + "alerts": {"required": True}, + } + + _attribute_map = { + "alerts": {"key": "alerts", "type": "DataConnectorDataTypeCommon"}, + "discovery_logs": {"key": "discoveryLogs", "type": "DataConnectorDataTypeCommon"}, + } + + def __init__( + self, + *, + alerts: "_models.DataConnectorDataTypeCommon", + discovery_logs: Optional["_models.DataConnectorDataTypeCommon"] = None, + **kwargs + ): + """ + :keyword alerts: Alerts data type connection. Required. + :paramtype alerts: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon + :keyword discovery_logs: Discovery log data type connection. + :paramtype discovery_logs: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon + """ + super().__init__(alerts=alerts, **kwargs) + self.discovery_logs = discovery_logs + + +class MCASDataConnectorProperties(DataConnectorTenantId): + """MCAS (Microsoft Cloud App Security) data connector properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. Required. + :vartype data_types: ~azure.mgmt.securityinsight.models.MCASDataConnectorDataTypes + """ + + _validation = { + "tenant_id": {"required": True}, + "data_types": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + "data_types": {"key": "dataTypes", "type": "MCASDataConnectorDataTypes"}, + } + + def __init__(self, *, tenant_id: str, data_types: "_models.MCASDataConnectorDataTypes", **kwargs): + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. Required. + :paramtype data_types: ~azure.mgmt.securityinsight.models.MCASDataConnectorDataTypes + """ + super().__init__(tenant_id=tenant_id, **kwargs) + self.data_types = data_types + + +class MDATPCheckRequirements(DataConnectorsCheckRequirements): + """Represents MDATP (Microsoft Defender Advanced Threat Protection) requirements check request. + + All required parameters must be populated in order to send to Azure. + + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + """ + + _validation = { + "kind": {"required": True}, + } + + _attribute_map = { + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + """ + super().__init__(**kwargs) + self.kind = "MicrosoftDefenderAdvancedThreatProtection" # type: str + self.tenant_id = tenant_id + + +class MDATPCheckRequirementsProperties(DataConnectorTenantId): + """MDATP (Microsoft Defender Advanced Threat Protection) requirements check properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + """ + + _validation = { + "tenant_id": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: str, **kwargs): + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + """ + super().__init__(tenant_id=tenant_id, **kwargs) + + +class MDATPDataConnector(DataConnector): + """Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "AlertsDataTypeOfDataConnector"}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + tenant_id: Optional[str] = None, + data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, + **kwargs + ): + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + """ + super().__init__(etag=etag, **kwargs) + self.kind = "MicrosoftDefenderAdvancedThreatProtection" # type: str + self.tenant_id = tenant_id + self.data_types = data_types + + +class MDATPDataConnectorProperties(DataConnectorTenantId, DataConnectorWithAlertsProperties): + """MDATP (Microsoft Defender Advanced Threat Protection) data connector properties. + + All required parameters must be populated in order to send to Azure. + + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + """ + + _validation = { + "tenant_id": {"required": True}, + } + + _attribute_map = { + "data_types": {"key": "dataTypes", "type": "AlertsDataTypeOfDataConnector"}, + "tenant_id": {"key": "tenantId", "type": "str"}, + } + + def __init__( + self, *, tenant_id: str, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs + ): + """ + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + """ + super().__init__(tenant_id=tenant_id, data_types=data_types, **kwargs) + self.data_types = data_types + self.tenant_id = tenant_id + + +class MetadataAuthor(_serialization.Model): + """Publisher or creator of the content item. + + :ivar name: Name of the author. Company or person. + :vartype name: str + :ivar email: Email of author contact. + :vartype email: str + :ivar link: Link for author/vendor page. + :vartype link: str + """ + + _attribute_map = { + "name": {"key": "name", "type": "str"}, + "email": {"key": "email", "type": "str"}, + "link": {"key": "link", "type": "str"}, + } + + def __init__( + self, *, name: Optional[str] = None, email: Optional[str] = None, link: Optional[str] = None, **kwargs + ): + """ + :keyword name: Name of the author. Company or person. + :paramtype name: str + :keyword email: Email of author contact. + :paramtype email: str + :keyword link: Link for author/vendor page. + :paramtype link: str + """ + super().__init__(**kwargs) + self.name = name + self.email = email + self.link = link + + +class MetadataCategories(_serialization.Model): + """ies for the solution content item. + + :ivar domains: domain for the solution content item. + :vartype domains: list[str] + :ivar verticals: Industry verticals for the solution content item. + :vartype verticals: list[str] + """ + + _attribute_map = { + "domains": {"key": "domains", "type": "[str]"}, + "verticals": {"key": "verticals", "type": "[str]"}, + } + + def __init__(self, *, domains: Optional[List[str]] = None, verticals: Optional[List[str]] = None, **kwargs): + """ + :keyword domains: domain for the solution content item. + :paramtype domains: list[str] + :keyword verticals: Industry verticals for the solution content item. + :paramtype verticals: list[str] + """ + super().__init__(**kwargs) + self.domains = domains + self.verticals = verticals + + +class MetadataDependencies(_serialization.Model): + """Dependencies for the content item, what other content items it requires to work. Can describe more complex dependencies using a recursive/nested structure. For a single dependency an id/kind/version can be supplied or operator/criteria for complex dependencies. + + :ivar content_id: Id of the content item we depend on. + :vartype content_id: str + :ivar kind: Type of the content item we depend on. Known values are: "DataConnector", + "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", + "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", + "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and + "AutomationRule". + :vartype kind: str or ~azure.mgmt.securityinsight.models.Kind + :ivar version: Version of the the content item we depend on. Can be blank, * or missing to + indicate any version fulfills the dependency. If version does not match our defined numeric + format then an exact match is required. + :vartype version: str + :ivar name: Name of the content item. + :vartype name: str + :ivar operator: Operator used for list of dependencies in criteria array. Known values are: + "AND" and "OR". + :vartype operator: str or ~azure.mgmt.securityinsight.models.Operator + :ivar criteria: This is the list of dependencies we must fulfill, according to the AND/OR + operator. + :vartype criteria: list[~azure.mgmt.securityinsight.models.MetadataDependencies] + """ + + _attribute_map = { + "content_id": {"key": "contentId", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "version": {"key": "version", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "operator": {"key": "operator", "type": "str"}, + "criteria": {"key": "criteria", "type": "[MetadataDependencies]"}, + } + + def __init__( + self, + *, + content_id: Optional[str] = None, + kind: Optional[Union[str, "_models.Kind"]] = None, + version: Optional[str] = None, + name: Optional[str] = None, + operator: Optional[Union[str, "_models.Operator"]] = None, + criteria: Optional[List["_models.MetadataDependencies"]] = None, + **kwargs + ): + """ + :keyword content_id: Id of the content item we depend on. + :paramtype content_id: str + :keyword kind: Type of the content item we depend on. Known values are: "DataConnector", + "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", + "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", + "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and + "AutomationRule". + :paramtype kind: str or ~azure.mgmt.securityinsight.models.Kind + :keyword version: Version of the the content item we depend on. Can be blank, * or missing to + indicate any version fulfills the dependency. If version does not match our defined numeric + format then an exact match is required. + :paramtype version: str + :keyword name: Name of the content item. + :paramtype name: str + :keyword operator: Operator used for list of dependencies in criteria array. Known values are: + "AND" and "OR". + :paramtype operator: str or ~azure.mgmt.securityinsight.models.Operator + :keyword criteria: This is the list of dependencies we must fulfill, according to the AND/OR + operator. + :paramtype criteria: list[~azure.mgmt.securityinsight.models.MetadataDependencies] + """ + super().__init__(**kwargs) + self.content_id = content_id + self.kind = kind + self.version = version + self.name = name + self.operator = operator + self.criteria = criteria + + +class MetadataList(_serialization.Model): + """List of all the metadata. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar value: Array of metadata. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.MetadataModel] + :ivar next_link: URL to fetch the next page of metadata. + :vartype next_link: str + """ + + _validation = { + "value": {"required": True}, + "next_link": {"readonly": True}, + } + + _attribute_map = { + "value": {"key": "value", "type": "[MetadataModel]"}, + "next_link": {"key": "nextLink", "type": "str"}, + } + + def __init__(self, *, value: List["_models.MetadataModel"], **kwargs): + """ + :keyword value: Array of metadata. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.MetadataModel] + """ + super().__init__(**kwargs) + self.value = value + self.next_link = None + + +class MetadataModel(ResourceWithEtag): # pylint: disable=too-many-instance-attributes + """Metadata resource definition. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar content_id: Static ID for the content. Used to identify dependencies and content from + solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic + for user-created. This is the resource name. + :vartype content_id: str + :ivar parent_id: Full parent resource ID of the content item the metadata is for. This is the + full resource ID including the scope (subscription and resource group). + :vartype parent_id: str + :ivar version: Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, + 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we + cannot guarantee any version checks. + :vartype version: str + :ivar kind: The kind of content the metadata is for. Known values are: "DataConnector", + "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", + "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", + "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and + "AutomationRule". + :vartype kind: str or ~azure.mgmt.securityinsight.models.Kind + :ivar source: Source of the content. This is where/how it was created. + :vartype source: ~azure.mgmt.securityinsight.models.MetadataSource + :ivar author: The creator of the content item. + :vartype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :ivar support: Support information for the metadata - type, name, contact information. + :vartype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :ivar dependencies: Dependencies for the content item, what other content items it requires to + work. Can describe more complex dependencies using a recursive/nested structure. For a single + dependency an id/kind/version can be supplied or operator/criteria for complex formats. + :vartype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :ivar categories: Categories for the solution content item. + :vartype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :ivar providers: Providers for the solution content item. + :vartype providers: list[str] + :ivar first_publish_date: first publish date solution content item. + :vartype first_publish_date: ~datetime.date + :ivar last_publish_date: last publish date for the solution content item. + :vartype last_publish_date: ~datetime.date + :ivar custom_version: The custom version of the content. A optional free text. + :vartype custom_version: str + :ivar content_schema_version: Schema version of the content. Can be used to distinguish between + different flow based on the schema version. + :vartype content_schema_version: str + :ivar icon: the icon identifier. this id can later be fetched from the solution template. + :vartype icon: str + :ivar threat_analysis_tactics: the tactics the resource covers. + :vartype threat_analysis_tactics: list[str] + :ivar threat_analysis_techniques: the techniques the resource covers, these have to be aligned + with the tactics being used. + :vartype threat_analysis_techniques: list[str] + :ivar preview_images: preview image file names. These will be taken from the solution + artifacts. + :vartype preview_images: list[str] + :ivar preview_images_dark: preview image file names. These will be taken from the solution + artifacts. used for dark theme support. + :vartype preview_images_dark: list[str] + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "content_id": {"key": "properties.contentId", "type": "str"}, + "parent_id": {"key": "properties.parentId", "type": "str"}, + "version": {"key": "properties.version", "type": "str"}, + "kind": {"key": "properties.kind", "type": "str"}, + "source": {"key": "properties.source", "type": "MetadataSource"}, + "author": {"key": "properties.author", "type": "MetadataAuthor"}, + "support": {"key": "properties.support", "type": "MetadataSupport"}, + "dependencies": {"key": "properties.dependencies", "type": "MetadataDependencies"}, + "categories": {"key": "properties.categories", "type": "MetadataCategories"}, + "providers": {"key": "properties.providers", "type": "[str]"}, + "first_publish_date": {"key": "properties.firstPublishDate", "type": "date"}, + "last_publish_date": {"key": "properties.lastPublishDate", "type": "date"}, + "custom_version": {"key": "properties.customVersion", "type": "str"}, + "content_schema_version": {"key": "properties.contentSchemaVersion", "type": "str"}, + "icon": {"key": "properties.icon", "type": "str"}, + "threat_analysis_tactics": {"key": "properties.threatAnalysisTactics", "type": "[str]"}, + "threat_analysis_techniques": {"key": "properties.threatAnalysisTechniques", "type": "[str]"}, + "preview_images": {"key": "properties.previewImages", "type": "[str]"}, + "preview_images_dark": {"key": "properties.previewImagesDark", "type": "[str]"}, + } + + def __init__( # pylint: disable=too-many-locals + self, + *, + etag: Optional[str] = None, + content_id: Optional[str] = None, + parent_id: Optional[str] = None, + version: Optional[str] = None, + kind: Optional[Union[str, "_models.Kind"]] = None, + source: Optional["_models.MetadataSource"] = None, + author: Optional["_models.MetadataAuthor"] = None, + support: Optional["_models.MetadataSupport"] = None, + dependencies: Optional["_models.MetadataDependencies"] = None, + categories: Optional["_models.MetadataCategories"] = None, + providers: Optional[List[str]] = None, + first_publish_date: Optional[datetime.date] = None, + last_publish_date: Optional[datetime.date] = None, + custom_version: Optional[str] = None, + content_schema_version: Optional[str] = None, + icon: Optional[str] = None, + threat_analysis_tactics: Optional[List[str]] = None, + threat_analysis_techniques: Optional[List[str]] = None, + preview_images: Optional[List[str]] = None, + preview_images_dark: Optional[List[str]] = None, + **kwargs + ): + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword content_id: Static ID for the content. Used to identify dependencies and content from + solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic + for user-created. This is the resource name. + :paramtype content_id: str + :keyword parent_id: Full parent resource ID of the content item the metadata is for. This is + the full resource ID including the scope (subscription and resource group). + :paramtype parent_id: str + :keyword version: Version of the content. Default and recommended format is numeric (e.g. 1, + 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then + we cannot guarantee any version checks. + :paramtype version: str + :keyword kind: The kind of content the metadata is for. Known values are: "DataConnector", + "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", + "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", + "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and + "AutomationRule". + :paramtype kind: str or ~azure.mgmt.securityinsight.models.Kind + :keyword source: Source of the content. This is where/how it was created. + :paramtype source: ~azure.mgmt.securityinsight.models.MetadataSource + :keyword author: The creator of the content item. + :paramtype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :keyword support: Support information for the metadata - type, name, contact information. + :paramtype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :keyword dependencies: Dependencies for the content item, what other content items it requires + to work. Can describe more complex dependencies using a recursive/nested structure. For a + single dependency an id/kind/version can be supplied or operator/criteria for complex formats. + :paramtype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :keyword categories: Categories for the solution content item. + :paramtype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :keyword providers: Providers for the solution content item. + :paramtype providers: list[str] + :keyword first_publish_date: first publish date solution content item. + :paramtype first_publish_date: ~datetime.date + :keyword last_publish_date: last publish date for the solution content item. + :paramtype last_publish_date: ~datetime.date + :keyword custom_version: The custom version of the content. A optional free text. + :paramtype custom_version: str + :keyword content_schema_version: Schema version of the content. Can be used to distinguish + between different flow based on the schema version. + :paramtype content_schema_version: str + :keyword icon: the icon identifier. this id can later be fetched from the solution template. + :paramtype icon: str + :keyword threat_analysis_tactics: the tactics the resource covers. + :paramtype threat_analysis_tactics: list[str] + :keyword threat_analysis_techniques: the techniques the resource covers, these have to be + aligned with the tactics being used. + :paramtype threat_analysis_techniques: list[str] + :keyword preview_images: preview image file names. These will be taken from the solution + artifacts. + :paramtype preview_images: list[str] + :keyword preview_images_dark: preview image file names. These will be taken from the solution + artifacts. used for dark theme support. + :paramtype preview_images_dark: list[str] + """ + super().__init__(etag=etag, **kwargs) + self.content_id = content_id + self.parent_id = parent_id + self.version = version + self.kind = kind + self.source = source + self.author = author + self.support = support + self.dependencies = dependencies + self.categories = categories + self.providers = providers + self.first_publish_date = first_publish_date + self.last_publish_date = last_publish_date + self.custom_version = custom_version + self.content_schema_version = content_schema_version + self.icon = icon + self.threat_analysis_tactics = threat_analysis_tactics + self.threat_analysis_techniques = threat_analysis_techniques + self.preview_images = preview_images + self.preview_images_dark = preview_images_dark + + +class MetadataPatch(ResourceWithEtag): # pylint: disable=too-many-instance-attributes + """Metadata patch request body. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar content_id: Static ID for the content. Used to identify dependencies and content from + solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic + for user-created. This is the resource name. + :vartype content_id: str + :ivar parent_id: Full parent resource ID of the content item the metadata is for. This is the + full resource ID including the scope (subscription and resource group). + :vartype parent_id: str + :ivar version: Version of the content. Default and recommended format is numeric (e.g. 1, 1.0, + 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then we + cannot guarantee any version checks. + :vartype version: str + :ivar kind: The kind of content the metadata is for. Known values are: "DataConnector", + "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", + "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", + "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and + "AutomationRule". + :vartype kind: str or ~azure.mgmt.securityinsight.models.Kind + :ivar source: Source of the content. This is where/how it was created. + :vartype source: ~azure.mgmt.securityinsight.models.MetadataSource + :ivar author: The creator of the content item. + :vartype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :ivar support: Support information for the metadata - type, name, contact information. + :vartype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :ivar dependencies: Dependencies for the content item, what other content items it requires to + work. Can describe more complex dependencies using a recursive/nested structure. For a single + dependency an id/kind/version can be supplied or operator/criteria for complex formats. + :vartype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :ivar categories: Categories for the solution content item. + :vartype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :ivar providers: Providers for the solution content item. + :vartype providers: list[str] + :ivar first_publish_date: first publish date solution content item. + :vartype first_publish_date: ~datetime.date + :ivar last_publish_date: last publish date for the solution content item. + :vartype last_publish_date: ~datetime.date + :ivar custom_version: The custom version of the content. A optional free text. + :vartype custom_version: str + :ivar content_schema_version: Schema version of the content. Can be used to distinguish between + different flow based on the schema version. + :vartype content_schema_version: str + :ivar icon: the icon identifier. this id can later be fetched from the solution template. + :vartype icon: str + :ivar threat_analysis_tactics: the tactics the resource covers. + :vartype threat_analysis_tactics: list[str] + :ivar threat_analysis_techniques: the techniques the resource covers, these have to be aligned + with the tactics being used. + :vartype threat_analysis_techniques: list[str] + :ivar preview_images: preview image file names. These will be taken from the solution + artifacts. + :vartype preview_images: list[str] + :ivar preview_images_dark: preview image file names. These will be taken from the solution + artifacts. used for dark theme support. + :vartype preview_images_dark: list[str] + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "content_id": {"key": "properties.contentId", "type": "str"}, + "parent_id": {"key": "properties.parentId", "type": "str"}, + "version": {"key": "properties.version", "type": "str"}, + "kind": {"key": "properties.kind", "type": "str"}, + "source": {"key": "properties.source", "type": "MetadataSource"}, + "author": {"key": "properties.author", "type": "MetadataAuthor"}, + "support": {"key": "properties.support", "type": "MetadataSupport"}, + "dependencies": {"key": "properties.dependencies", "type": "MetadataDependencies"}, + "categories": {"key": "properties.categories", "type": "MetadataCategories"}, + "providers": {"key": "properties.providers", "type": "[str]"}, + "first_publish_date": {"key": "properties.firstPublishDate", "type": "date"}, + "last_publish_date": {"key": "properties.lastPublishDate", "type": "date"}, + "custom_version": {"key": "properties.customVersion", "type": "str"}, + "content_schema_version": {"key": "properties.contentSchemaVersion", "type": "str"}, + "icon": {"key": "properties.icon", "type": "str"}, + "threat_analysis_tactics": {"key": "properties.threatAnalysisTactics", "type": "[str]"}, + "threat_analysis_techniques": {"key": "properties.threatAnalysisTechniques", "type": "[str]"}, + "preview_images": {"key": "properties.previewImages", "type": "[str]"}, + "preview_images_dark": {"key": "properties.previewImagesDark", "type": "[str]"}, + } + + def __init__( # pylint: disable=too-many-locals + self, + *, + etag: Optional[str] = None, + content_id: Optional[str] = None, + parent_id: Optional[str] = None, + version: Optional[str] = None, + kind: Optional[Union[str, "_models.Kind"]] = None, + source: Optional["_models.MetadataSource"] = None, + author: Optional["_models.MetadataAuthor"] = None, + support: Optional["_models.MetadataSupport"] = None, + dependencies: Optional["_models.MetadataDependencies"] = None, + categories: Optional["_models.MetadataCategories"] = None, + providers: Optional[List[str]] = None, + first_publish_date: Optional[datetime.date] = None, + last_publish_date: Optional[datetime.date] = None, + custom_version: Optional[str] = None, + content_schema_version: Optional[str] = None, + icon: Optional[str] = None, + threat_analysis_tactics: Optional[List[str]] = None, + threat_analysis_techniques: Optional[List[str]] = None, + preview_images: Optional[List[str]] = None, + preview_images_dark: Optional[List[str]] = None, + **kwargs + ): + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword content_id: Static ID for the content. Used to identify dependencies and content from + solutions or community. Hard-coded/static for out of the box content and solutions. Dynamic + for user-created. This is the resource name. + :paramtype content_id: str + :keyword parent_id: Full parent resource ID of the content item the metadata is for. This is + the full resource ID including the scope (subscription and resource group). + :paramtype parent_id: str + :keyword version: Version of the content. Default and recommended format is numeric (e.g. 1, + 1.0, 1.0.0, 1.0.0.0), following ARM template best practices. Can also be any string, but then + we cannot guarantee any version checks. + :paramtype version: str + :keyword kind: The kind of content the metadata is for. Known values are: "DataConnector", + "DataType", "Workbook", "WorkbookTemplate", "Playbook", "PlaybookTemplate", + "AnalyticsRuleTemplate", "AnalyticsRule", "HuntingQuery", "InvestigationQuery", "Parser", + "Watchlist", "WatchlistTemplate", "Solution", "AzureFunction", "LogicAppsCustomConnector", and + "AutomationRule". + :paramtype kind: str or ~azure.mgmt.securityinsight.models.Kind + :keyword source: Source of the content. This is where/how it was created. + :paramtype source: ~azure.mgmt.securityinsight.models.MetadataSource + :keyword author: The creator of the content item. + :paramtype author: ~azure.mgmt.securityinsight.models.MetadataAuthor + :keyword support: Support information for the metadata - type, name, contact information. + :paramtype support: ~azure.mgmt.securityinsight.models.MetadataSupport + :keyword dependencies: Dependencies for the content item, what other content items it requires + to work. Can describe more complex dependencies using a recursive/nested structure. For a + single dependency an id/kind/version can be supplied or operator/criteria for complex formats. + :paramtype dependencies: ~azure.mgmt.securityinsight.models.MetadataDependencies + :keyword categories: Categories for the solution content item. + :paramtype categories: ~azure.mgmt.securityinsight.models.MetadataCategories + :keyword providers: Providers for the solution content item. + :paramtype providers: list[str] + :keyword first_publish_date: first publish date solution content item. + :paramtype first_publish_date: ~datetime.date + :keyword last_publish_date: last publish date for the solution content item. + :paramtype last_publish_date: ~datetime.date + :keyword custom_version: The custom version of the content. A optional free text. + :paramtype custom_version: str + :keyword content_schema_version: Schema version of the content. Can be used to distinguish + between different flow based on the schema version. + :paramtype content_schema_version: str + :keyword icon: the icon identifier. this id can later be fetched from the solution template. + :paramtype icon: str + :keyword threat_analysis_tactics: the tactics the resource covers. + :paramtype threat_analysis_tactics: list[str] + :keyword threat_analysis_techniques: the techniques the resource covers, these have to be + aligned with the tactics being used. + :paramtype threat_analysis_techniques: list[str] + :keyword preview_images: preview image file names. These will be taken from the solution + artifacts. + :paramtype preview_images: list[str] + :keyword preview_images_dark: preview image file names. These will be taken from the solution + artifacts. used for dark theme support. + :paramtype preview_images_dark: list[str] + """ + super().__init__(etag=etag, **kwargs) + self.content_id = content_id + self.parent_id = parent_id + self.version = version + self.kind = kind + self.source = source + self.author = author + self.support = support + self.dependencies = dependencies + self.categories = categories + self.providers = providers + self.first_publish_date = first_publish_date + self.last_publish_date = last_publish_date + self.custom_version = custom_version + self.content_schema_version = content_schema_version + self.icon = icon + self.threat_analysis_tactics = threat_analysis_tactics + self.threat_analysis_techniques = threat_analysis_techniques + self.preview_images = preview_images + self.preview_images_dark = preview_images_dark + + +class MetadataSource(_serialization.Model): + """The original source of the content item, where it comes from. + + All required parameters must be populated in order to send to Azure. + + :ivar kind: Source type of the content. Required. Known values are: "LocalWorkspace", + "Community", "Solution", and "SourceRepository". + :vartype kind: str or ~azure.mgmt.securityinsight.models.SourceKind + :ivar name: Name of the content source. The repo name, solution name, LA workspace name etc. + :vartype name: str + :ivar source_id: ID of the content source. The solution ID, workspace ID, etc. + :vartype source_id: str + """ + + _validation = { + "kind": {"required": True}, + } + + _attribute_map = { + "kind": {"key": "kind", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "source_id": {"key": "sourceId", "type": "str"}, + } + + def __init__( + self, + *, + kind: Union[str, "_models.SourceKind"], + name: Optional[str] = None, + source_id: Optional[str] = None, + **kwargs + ): + """ + :keyword kind: Source type of the content. Required. Known values are: "LocalWorkspace", + "Community", "Solution", and "SourceRepository". + :paramtype kind: str or ~azure.mgmt.securityinsight.models.SourceKind + :keyword name: Name of the content source. The repo name, solution name, LA workspace name + etc. + :paramtype name: str + :keyword source_id: ID of the content source. The solution ID, workspace ID, etc. + :paramtype source_id: str + """ + super().__init__(**kwargs) + self.kind = kind + self.name = name + self.source_id = source_id + + +class MetadataSupport(_serialization.Model): + """Support information for the content item. + + All required parameters must be populated in order to send to Azure. + + :ivar tier: Type of support for content item. Required. Known values are: "Microsoft", + "Partner", and "Community". + :vartype tier: str or ~azure.mgmt.securityinsight.models.SupportTier + :ivar name: Name of the support contact. Company or person. + :vartype name: str + :ivar email: Email of support contact. + :vartype email: str + :ivar link: Link for support help, like to support page to open a ticket etc. + :vartype link: str + """ + + _validation = { + "tier": {"required": True}, + } + + _attribute_map = { + "tier": {"key": "tier", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "email": {"key": "email", "type": "str"}, + "link": {"key": "link", "type": "str"}, + } + + def __init__( + self, + *, + tier: Union[str, "_models.SupportTier"], + name: Optional[str] = None, + email: Optional[str] = None, + link: Optional[str] = None, + **kwargs + ): + """ + :keyword tier: Type of support for content item. Required. Known values are: "Microsoft", + "Partner", and "Community". + :paramtype tier: str or ~azure.mgmt.securityinsight.models.SupportTier + :keyword name: Name of the support contact. Company or person. + :paramtype name: str + :keyword email: Email of support contact. + :paramtype email: str + :keyword link: Link for support help, like to support page to open a ticket etc. + :paramtype link: str + """ + super().__init__(**kwargs) + self.tier = tier + self.name = name + self.email = email + self.link = link + + +class MicrosoftSecurityIncidentCreationAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes + """Represents MicrosoftSecurityIncidentCreation rule. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and + "NRT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. + :vartype display_names_filter: list[str] + :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :vartype display_names_exclude_filter: list[str] + :ivar product_filter: The alerts' productName on which the cases will be generated. Known + values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat + Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", + "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". + :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :ivar severities_filter: the alerts' severities on which the cases will be generated. + :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. + :vartype alert_rule_template_name: str + :ivar description: The description of the alert rule. + :vartype description: str + :ivar display_name: The display name for alerts created by this alert rule. + :vartype display_name: str + :ivar enabled: Determines whether this alert rule is enabled or disabled. + :vartype enabled: bool + :ivar last_modified_utc: The last time that this alert has been modified. + :vartype last_modified_utc: ~datetime.datetime + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "last_modified_utc": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "display_names_filter": {"key": "properties.displayNamesFilter", "type": "[str]"}, + "display_names_exclude_filter": {"key": "properties.displayNamesExcludeFilter", "type": "[str]"}, + "product_filter": {"key": "properties.productFilter", "type": "str"}, + "severities_filter": {"key": "properties.severitiesFilter", "type": "[str]"}, + "alert_rule_template_name": {"key": "properties.alertRuleTemplateName", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "enabled": {"key": "properties.enabled", "type": "bool"}, + "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + display_names_filter: Optional[List[str]] = None, + display_names_exclude_filter: Optional[List[str]] = None, + product_filter: Optional[Union[str, "_models.MicrosoftSecurityProductName"]] = None, + severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, + alert_rule_template_name: Optional[str] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + enabled: Optional[bool] = None, + **kwargs + ): + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. + :paramtype display_names_filter: list[str] + :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :paramtype display_names_exclude_filter: list[str] + :keyword product_filter: The alerts' productName on which the cases will be generated. Known + values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat + Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", + "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". + :paramtype product_filter: str or + ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :keyword severities_filter: the alerts' severities on which the cases will be generated. + :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + :keyword alert_rule_template_name: The Name of the alert rule template used to create this + rule. + :paramtype alert_rule_template_name: str + :keyword description: The description of the alert rule. + :paramtype description: str + :keyword display_name: The display name for alerts created by this alert rule. + :paramtype display_name: str + :keyword enabled: Determines whether this alert rule is enabled or disabled. + :paramtype enabled: bool + """ + super().__init__(etag=etag, **kwargs) + self.kind = "MicrosoftSecurityIncidentCreation" # type: str + self.display_names_filter = display_names_filter + self.display_names_exclude_filter = display_names_exclude_filter + self.product_filter = product_filter + self.severities_filter = severities_filter + self.alert_rule_template_name = alert_rule_template_name + self.description = description + self.display_name = display_name + self.enabled = enabled + self.last_modified_utc = None + + +class MicrosoftSecurityIncidentCreationAlertRuleCommonProperties(_serialization.Model): + """MicrosoftSecurityIncidentCreation rule common property bag. + + All required parameters must be populated in order to send to Azure. + + :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. + :vartype display_names_filter: list[str] + :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :vartype display_names_exclude_filter: list[str] + :ivar product_filter: The alerts' productName on which the cases will be generated. Required. + Known values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced + Threat Protection", "Azure Active Directory Identity Protection", "Azure Security Center for + IoT", "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat + Protection". + :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :ivar severities_filter: the alerts' severities on which the cases will be generated. + :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + """ + + _validation = { + "product_filter": {"required": True}, + } + + _attribute_map = { + "display_names_filter": {"key": "displayNamesFilter", "type": "[str]"}, + "display_names_exclude_filter": {"key": "displayNamesExcludeFilter", "type": "[str]"}, + "product_filter": {"key": "productFilter", "type": "str"}, + "severities_filter": {"key": "severitiesFilter", "type": "[str]"}, + } + + def __init__( + self, + *, + product_filter: Union[str, "_models.MicrosoftSecurityProductName"], + display_names_filter: Optional[List[str]] = None, + display_names_exclude_filter: Optional[List[str]] = None, + severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, + **kwargs + ): + """ + :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. + :paramtype display_names_filter: list[str] + :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :paramtype display_names_exclude_filter: list[str] + :keyword product_filter: The alerts' productName on which the cases will be generated. + Required. Known values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure + Advanced Threat Protection", "Azure Active Directory Identity Protection", "Azure Security + Center for IoT", "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced + Threat Protection". + :paramtype product_filter: str or + ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :keyword severities_filter: the alerts' severities on which the cases will be generated. + :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + """ + super().__init__(**kwargs) + self.display_names_filter = display_names_filter + self.display_names_exclude_filter = display_names_exclude_filter + self.product_filter = product_filter + self.severities_filter = severities_filter + + +class MicrosoftSecurityIncidentCreationAlertRuleProperties(MicrosoftSecurityIncidentCreationAlertRuleCommonProperties): + """MicrosoftSecurityIncidentCreation rule property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. + :vartype display_names_filter: list[str] + :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :vartype display_names_exclude_filter: list[str] + :ivar product_filter: The alerts' productName on which the cases will be generated. Required. + Known values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced + Threat Protection", "Azure Active Directory Identity Protection", "Azure Security Center for + IoT", "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat + Protection". + :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :ivar severities_filter: the alerts' severities on which the cases will be generated. + :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. + :vartype alert_rule_template_name: str + :ivar description: The description of the alert rule. + :vartype description: str + :ivar display_name: The display name for alerts created by this alert rule. Required. + :vartype display_name: str + :ivar enabled: Determines whether this alert rule is enabled or disabled. Required. + :vartype enabled: bool + :ivar last_modified_utc: The last time that this alert has been modified. + :vartype last_modified_utc: ~datetime.datetime + """ + + _validation = { + "product_filter": {"required": True}, + "display_name": {"required": True}, + "enabled": {"required": True}, + "last_modified_utc": {"readonly": True}, + } + + _attribute_map = { + "display_names_filter": {"key": "displayNamesFilter", "type": "[str]"}, + "display_names_exclude_filter": {"key": "displayNamesExcludeFilter", "type": "[str]"}, + "product_filter": {"key": "productFilter", "type": "str"}, + "severities_filter": {"key": "severitiesFilter", "type": "[str]"}, + "alert_rule_template_name": {"key": "alertRuleTemplateName", "type": "str"}, + "description": {"key": "description", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "enabled": {"key": "enabled", "type": "bool"}, + "last_modified_utc": {"key": "lastModifiedUtc", "type": "iso-8601"}, + } + + def __init__( + self, + *, + product_filter: Union[str, "_models.MicrosoftSecurityProductName"], + display_name: str, + enabled: bool, + display_names_filter: Optional[List[str]] = None, + display_names_exclude_filter: Optional[List[str]] = None, + severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, + alert_rule_template_name: Optional[str] = None, + description: Optional[str] = None, + **kwargs + ): + """ + :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. + :paramtype display_names_filter: list[str] + :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :paramtype display_names_exclude_filter: list[str] + :keyword product_filter: The alerts' productName on which the cases will be generated. + Required. Known values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure + Advanced Threat Protection", "Azure Active Directory Identity Protection", "Azure Security + Center for IoT", "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced + Threat Protection". + :paramtype product_filter: str or + ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :keyword severities_filter: the alerts' severities on which the cases will be generated. + :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + :keyword alert_rule_template_name: The Name of the alert rule template used to create this + rule. + :paramtype alert_rule_template_name: str + :keyword description: The description of the alert rule. + :paramtype description: str + :keyword display_name: The display name for alerts created by this alert rule. Required. + :paramtype display_name: str + :keyword enabled: Determines whether this alert rule is enabled or disabled. Required. + :paramtype enabled: bool + """ + super().__init__( + display_names_filter=display_names_filter, + display_names_exclude_filter=display_names_exclude_filter, + product_filter=product_filter, + severities_filter=severities_filter, + **kwargs + ) + self.alert_rule_template_name = alert_rule_template_name + self.description = description + self.display_name = display_name + self.enabled = enabled + self.last_modified_utc = None + + +class MicrosoftSecurityIncidentCreationAlertRuleTemplate( + AlertRuleTemplate +): # pylint: disable=too-many-instance-attributes + """Represents MicrosoftSecurityIncidentCreation rule template. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and + "NRT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :vartype alert_rules_created_by_template_count: int + :ivar last_updated_date_utc: The last time that this alert rule template has been updated. + :vartype last_updated_date_utc: ~datetime.datetime + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :ivar description: The description of the alert rule template. + :vartype description: str + :ivar display_name: The display name for alert rule template. + :vartype display_name: str + :ivar required_data_connectors: The required data sources for this template. + :vartype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :ivar status: The alert rule template status. Known values are: "Installed", "Available", and + "NotAvailable". + :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. + :vartype display_names_filter: list[str] + :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :vartype display_names_exclude_filter: list[str] + :ivar product_filter: The alerts' productName on which the cases will be generated. Known + values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat + Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", + "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". + :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :ivar severities_filter: the alerts' severities on which the cases will be generated. + :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "last_updated_date_utc": {"readonly": True}, + "created_date_utc": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "alert_rules_created_by_template_count": {"key": "properties.alertRulesCreatedByTemplateCount", "type": "int"}, + "last_updated_date_utc": {"key": "properties.lastUpdatedDateUTC", "type": "iso-8601"}, + "created_date_utc": {"key": "properties.createdDateUTC", "type": "iso-8601"}, + "description": {"key": "properties.description", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "required_data_connectors": { + "key": "properties.requiredDataConnectors", + "type": "[AlertRuleTemplateDataSource]", + }, + "status": {"key": "properties.status", "type": "str"}, + "display_names_filter": {"key": "properties.displayNamesFilter", "type": "[str]"}, + "display_names_exclude_filter": {"key": "properties.displayNamesExcludeFilter", "type": "[str]"}, + "product_filter": {"key": "properties.productFilter", "type": "str"}, + "severities_filter": {"key": "properties.severitiesFilter", "type": "[str]"}, + } + + def __init__( + self, + *, + alert_rules_created_by_template_count: Optional[int] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "_models.TemplateStatus"]] = None, + display_names_filter: Optional[List[str]] = None, + display_names_exclude_filter: Optional[List[str]] = None, + product_filter: Optional[Union[str, "_models.MicrosoftSecurityProductName"]] = None, + severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, + **kwargs + ): + """ + :keyword alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :paramtype alert_rules_created_by_template_count: int + :keyword description: The description of the alert rule template. + :paramtype description: str + :keyword display_name: The display name for alert rule template. + :paramtype display_name: str + :keyword required_data_connectors: The required data sources for this template. + :paramtype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :keyword status: The alert rule template status. Known values are: "Installed", "Available", + and "NotAvailable". + :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. + :paramtype display_names_filter: list[str] + :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :paramtype display_names_exclude_filter: list[str] + :keyword product_filter: The alerts' productName on which the cases will be generated. Known + values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat + Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", + "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". + :paramtype product_filter: str or + ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :keyword severities_filter: the alerts' severities on which the cases will be generated. + :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + """ + super().__init__(**kwargs) + self.kind = "MicrosoftSecurityIncidentCreation" # type: str + self.alert_rules_created_by_template_count = alert_rules_created_by_template_count + self.last_updated_date_utc = None + self.created_date_utc = None + self.description = description + self.display_name = display_name + self.required_data_connectors = required_data_connectors + self.status = status + self.display_names_filter = display_names_filter + self.display_names_exclude_filter = display_names_exclude_filter + self.product_filter = product_filter + self.severities_filter = severities_filter + + +class MicrosoftSecurityIncidentCreationAlertRuleTemplateProperties( + AlertRuleTemplatePropertiesBase +): # pylint: disable=too-many-instance-attributes + """MicrosoftSecurityIncidentCreation rule template properties. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :vartype alert_rules_created_by_template_count: int + :ivar last_updated_date_utc: The last time that this alert rule template has been updated. + :vartype last_updated_date_utc: ~datetime.datetime + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :ivar description: The description of the alert rule template. + :vartype description: str + :ivar display_name: The display name for alert rule template. + :vartype display_name: str + :ivar required_data_connectors: The required data sources for this template. + :vartype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :ivar status: The alert rule template status. Known values are: "Installed", "Available", and + "NotAvailable". + :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. + :vartype display_names_filter: list[str] + :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :vartype display_names_exclude_filter: list[str] + :ivar product_filter: The alerts' productName on which the cases will be generated. Known + values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat + Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", + "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". + :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :ivar severities_filter: the alerts' severities on which the cases will be generated. + :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + """ + + _validation = { + "last_updated_date_utc": {"readonly": True}, + "created_date_utc": {"readonly": True}, + } + + _attribute_map = { + "alert_rules_created_by_template_count": {"key": "alertRulesCreatedByTemplateCount", "type": "int"}, + "last_updated_date_utc": {"key": "lastUpdatedDateUTC", "type": "iso-8601"}, + "created_date_utc": {"key": "createdDateUTC", "type": "iso-8601"}, + "description": {"key": "description", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "required_data_connectors": {"key": "requiredDataConnectors", "type": "[AlertRuleTemplateDataSource]"}, + "status": {"key": "status", "type": "str"}, + "display_names_filter": {"key": "displayNamesFilter", "type": "[str]"}, + "display_names_exclude_filter": {"key": "displayNamesExcludeFilter", "type": "[str]"}, + "product_filter": {"key": "productFilter", "type": "str"}, + "severities_filter": {"key": "severitiesFilter", "type": "[str]"}, + } + + def __init__( + self, + *, + alert_rules_created_by_template_count: Optional[int] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "_models.TemplateStatus"]] = None, + display_names_filter: Optional[List[str]] = None, + display_names_exclude_filter: Optional[List[str]] = None, + product_filter: Optional[Union[str, "_models.MicrosoftSecurityProductName"]] = None, + severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, + **kwargs + ): + """ + :keyword alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :paramtype alert_rules_created_by_template_count: int + :keyword description: The description of the alert rule template. + :paramtype description: str + :keyword display_name: The display name for alert rule template. + :paramtype display_name: str + :keyword required_data_connectors: The required data sources for this template. + :paramtype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :keyword status: The alert rule template status. Known values are: "Installed", "Available", + and "NotAvailable". + :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. + :paramtype display_names_filter: list[str] + :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be + generated. + :paramtype display_names_exclude_filter: list[str] + :keyword product_filter: The alerts' productName on which the cases will be generated. Known + values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat + Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT", + "Office 365 Advanced Threat Protection", and "Microsoft Defender Advanced Threat Protection". + :paramtype product_filter: str or + ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName + :keyword severities_filter: the alerts' severities on which the cases will be generated. + :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + """ + super().__init__( + alert_rules_created_by_template_count=alert_rules_created_by_template_count, + description=description, + display_name=display_name, + required_data_connectors=required_data_connectors, + status=status, + **kwargs + ) + self.display_names_filter = display_names_filter + self.display_names_exclude_filter = display_names_exclude_filter + self.product_filter = product_filter + self.severities_filter = severities_filter + + +class MLBehaviorAnalyticsAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes + """Represents MLBehaviorAnalytics alert rule. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and + "NRT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. + :vartype alert_rule_template_name: str + :ivar description: The description of the alert rule. + :vartype description: str + :ivar display_name: The display name for alerts created by this alert rule. + :vartype display_name: str + :ivar enabled: Determines whether this alert rule is enabled or disabled. + :vartype enabled: bool + :ivar last_modified_utc: The last time that this alert rule has been modified. + :vartype last_modified_utc: ~datetime.datetime + :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", + "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar tactics: The tactics of the alert rule. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule. + :vartype techniques: list[str] + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "description": {"readonly": True}, + "display_name": {"readonly": True}, + "last_modified_utc": {"readonly": True}, + "severity": {"readonly": True}, + "tactics": {"readonly": True}, + "techniques": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "alert_rule_template_name": {"key": "properties.alertRuleTemplateName", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "enabled": {"key": "properties.enabled", "type": "bool"}, + "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, + "severity": {"key": "properties.severity", "type": "str"}, + "tactics": {"key": "properties.tactics", "type": "[str]"}, + "techniques": {"key": "properties.techniques", "type": "[str]"}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + alert_rule_template_name: Optional[str] = None, + enabled: Optional[bool] = None, + **kwargs + ): + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword alert_rule_template_name: The Name of the alert rule template used to create this + rule. + :paramtype alert_rule_template_name: str + :keyword enabled: Determines whether this alert rule is enabled or disabled. + :paramtype enabled: bool + """ + super().__init__(etag=etag, **kwargs) + self.kind = "MLBehaviorAnalytics" # type: str + self.alert_rule_template_name = alert_rule_template_name + self.description = None + self.display_name = None + self.enabled = enabled + self.last_modified_utc = None + self.severity = None + self.tactics = None + self.techniques = None + + +class MLBehaviorAnalyticsAlertRuleTemplate(AlertRuleTemplate): # pylint: disable=too-many-instance-attributes + """Represents MLBehaviorAnalytics alert rule template. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and + "NRT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :vartype alert_rules_created_by_template_count: int + :ivar last_updated_date_utc: The last time that this alert rule template has been updated. + :vartype last_updated_date_utc: ~datetime.datetime + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :ivar description: The description of the alert rule template. + :vartype description: str + :ivar display_name: The display name for alert rule template. + :vartype display_name: str + :ivar required_data_connectors: The required data sources for this template. + :vartype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :ivar status: The alert rule template status. Known values are: "Installed", "Available", and + "NotAvailable". + :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :ivar tactics: The tactics of the alert rule. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule. + :vartype techniques: list[str] + :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", + "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "last_updated_date_utc": {"readonly": True}, + "created_date_utc": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "alert_rules_created_by_template_count": {"key": "properties.alertRulesCreatedByTemplateCount", "type": "int"}, + "last_updated_date_utc": {"key": "properties.lastUpdatedDateUTC", "type": "iso-8601"}, + "created_date_utc": {"key": "properties.createdDateUTC", "type": "iso-8601"}, + "description": {"key": "properties.description", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "required_data_connectors": { + "key": "properties.requiredDataConnectors", + "type": "[AlertRuleTemplateDataSource]", + }, + "status": {"key": "properties.status", "type": "str"}, + "tactics": {"key": "properties.tactics", "type": "[str]"}, + "techniques": {"key": "properties.techniques", "type": "[str]"}, + "severity": {"key": "properties.severity", "type": "str"}, + } + + def __init__( + self, + *, + alert_rules_created_by_template_count: Optional[int] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "_models.TemplateStatus"]] = None, + tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, + techniques: Optional[List[str]] = None, + severity: Optional[Union[str, "_models.AlertSeverity"]] = None, + **kwargs + ): + """ + :keyword alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :paramtype alert_rules_created_by_template_count: int + :keyword description: The description of the alert rule template. + :paramtype description: str + :keyword display_name: The display name for alert rule template. + :paramtype display_name: str + :keyword required_data_connectors: The required data sources for this template. + :paramtype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :keyword status: The alert rule template status. Known values are: "Installed", "Available", + and "NotAvailable". + :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :keyword tactics: The tactics of the alert rule. + :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :keyword techniques: The techniques of the alert rule. + :paramtype techniques: list[str] + :keyword severity: The severity for alerts created by this alert rule. Known values are: + "High", "Medium", "Low", and "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + """ + super().__init__(**kwargs) + self.kind = "MLBehaviorAnalytics" # type: str + self.alert_rules_created_by_template_count = alert_rules_created_by_template_count + self.last_updated_date_utc = None + self.created_date_utc = None + self.description = description + self.display_name = display_name + self.required_data_connectors = required_data_connectors + self.status = status + self.tactics = tactics + self.techniques = techniques + self.severity = severity + + +class MLBehaviorAnalyticsAlertRuleTemplateProperties(AlertRuleTemplateWithMitreProperties): + """MLBehaviorAnalytics alert rule template properties. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :vartype alert_rules_created_by_template_count: int + :ivar last_updated_date_utc: The last time that this alert rule template has been updated. + :vartype last_updated_date_utc: ~datetime.datetime + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :ivar description: The description of the alert rule template. + :vartype description: str + :ivar display_name: The display name for alert rule template. + :vartype display_name: str + :ivar required_data_connectors: The required data sources for this template. + :vartype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :ivar status: The alert rule template status. Known values are: "Installed", "Available", and + "NotAvailable". + :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :ivar tactics: The tactics of the alert rule. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule. + :vartype techniques: list[str] + :ivar severity: The severity for alerts created by this alert rule. Required. Known values are: + "High", "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + """ + + _validation = { + "last_updated_date_utc": {"readonly": True}, + "created_date_utc": {"readonly": True}, + "severity": {"required": True}, + } + + _attribute_map = { + "alert_rules_created_by_template_count": {"key": "alertRulesCreatedByTemplateCount", "type": "int"}, + "last_updated_date_utc": {"key": "lastUpdatedDateUTC", "type": "iso-8601"}, + "created_date_utc": {"key": "createdDateUTC", "type": "iso-8601"}, + "description": {"key": "description", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "required_data_connectors": {"key": "requiredDataConnectors", "type": "[AlertRuleTemplateDataSource]"}, + "status": {"key": "status", "type": "str"}, + "tactics": {"key": "tactics", "type": "[str]"}, + "techniques": {"key": "techniques", "type": "[str]"}, + "severity": {"key": "severity", "type": "str"}, + } + + def __init__( + self, + *, + severity: Union[str, "_models.AlertSeverity"], + alert_rules_created_by_template_count: Optional[int] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "_models.TemplateStatus"]] = None, + tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, + techniques: Optional[List[str]] = None, + **kwargs + ): + """ + :keyword alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :paramtype alert_rules_created_by_template_count: int + :keyword description: The description of the alert rule template. + :paramtype description: str + :keyword display_name: The display name for alert rule template. + :paramtype display_name: str + :keyword required_data_connectors: The required data sources for this template. + :paramtype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :keyword status: The alert rule template status. Known values are: "Installed", "Available", + and "NotAvailable". + :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :keyword tactics: The tactics of the alert rule. + :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :keyword techniques: The techniques of the alert rule. + :paramtype techniques: list[str] + :keyword severity: The severity for alerts created by this alert rule. Required. Known values + are: "High", "Medium", "Low", and "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + """ + super().__init__( + alert_rules_created_by_template_count=alert_rules_created_by_template_count, + description=description, + display_name=display_name, + required_data_connectors=required_data_connectors, + status=status, + tactics=tactics, + techniques=techniques, + **kwargs + ) + self.severity = severity + + +class MSTICheckRequirements(DataConnectorsCheckRequirements): + """Represents Microsoft Threat Intelligence requirements check request. + + All required parameters must be populated in order to send to Azure. + + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + """ + + _validation = { + "kind": {"required": True}, + } + + _attribute_map = { + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + """ + super().__init__(**kwargs) + self.kind = "MicrosoftThreatIntelligence" # type: str + self.tenant_id = tenant_id + + +class MSTICheckRequirementsProperties(DataConnectorTenantId): + """Microsoft Threat Intelligence requirements check properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + """ + + _validation = { + "tenant_id": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: str, **kwargs): + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + """ + super().__init__(tenant_id=tenant_id, **kwargs) + + +class MSTIDataConnector(DataConnector): + """Represents Microsoft Threat Intelligence data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypes + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "MSTIDataConnectorDataTypes"}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + tenant_id: Optional[str] = None, + data_types: Optional["_models.MSTIDataConnectorDataTypes"] = None, + **kwargs + ): + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypes + """ + super().__init__(etag=etag, **kwargs) + self.kind = "MicrosoftThreatIntelligence" # type: str + self.tenant_id = tenant_id + self.data_types = data_types + + +class MSTIDataConnectorDataTypes(_serialization.Model): + """The available data types for Microsoft Threat Intelligence Platforms data connector. + + All required parameters must be populated in order to send to Azure. + + :ivar bing_safety_phishing_url: Data type for Microsoft Threat Intelligence Platforms data + connector. Required. + :vartype bing_safety_phishing_url: + ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypesBingSafetyPhishingURL + :ivar microsoft_emerging_threat_feed: Data type for Microsoft Threat Intelligence Platforms + data connector. Required. + :vartype microsoft_emerging_threat_feed: + ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed + """ + + _validation = { + "bing_safety_phishing_url": {"required": True}, + "microsoft_emerging_threat_feed": {"required": True}, + } + + _attribute_map = { + "bing_safety_phishing_url": { + "key": "bingSafetyPhishingURL", + "type": "MSTIDataConnectorDataTypesBingSafetyPhishingURL", + }, + "microsoft_emerging_threat_feed": { + "key": "microsoftEmergingThreatFeed", + "type": "MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed", + }, + } + + def __init__( + self, + *, + bing_safety_phishing_url: "_models.MSTIDataConnectorDataTypesBingSafetyPhishingURL", + microsoft_emerging_threat_feed: "_models.MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed", + **kwargs + ): + """ + :keyword bing_safety_phishing_url: Data type for Microsoft Threat Intelligence Platforms data + connector. Required. + :paramtype bing_safety_phishing_url: + ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypesBingSafetyPhishingURL + :keyword microsoft_emerging_threat_feed: Data type for Microsoft Threat Intelligence Platforms + data connector. Required. + :paramtype microsoft_emerging_threat_feed: + ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed + """ + super().__init__(**kwargs) + self.bing_safety_phishing_url = bing_safety_phishing_url + self.microsoft_emerging_threat_feed = microsoft_emerging_threat_feed + + +class MSTIDataConnectorDataTypesBingSafetyPhishingURL(DataConnectorDataTypeCommon): + """Data type for Microsoft Threat Intelligence Platforms data connector. + + All required parameters must be populated in order to send to Azure. + + :ivar state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :ivar lookback_period: lookback period. Required. + :vartype lookback_period: str + """ + + _validation = { + "state": {"required": True}, + "lookback_period": {"required": True}, + } + + _attribute_map = { + "state": {"key": "state", "type": "str"}, + "lookback_period": {"key": "lookbackPeriod", "type": "str"}, + } + + def __init__(self, *, state: Union[str, "_models.DataTypeState"], lookback_period: str, **kwargs): + """ + :keyword state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :keyword lookback_period: lookback period. Required. + :paramtype lookback_period: str + """ + super().__init__(state=state, **kwargs) + self.lookback_period = lookback_period + + +class MSTIDataConnectorDataTypesMicrosoftEmergingThreatFeed(DataConnectorDataTypeCommon): + """Data type for Microsoft Threat Intelligence Platforms data connector. + + All required parameters must be populated in order to send to Azure. + + :ivar state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :ivar lookback_period: lookback period. Required. + :vartype lookback_period: str + """ + + _validation = { + "state": {"required": True}, + "lookback_period": {"required": True}, + } + + _attribute_map = { + "state": {"key": "state", "type": "str"}, + "lookback_period": {"key": "lookbackPeriod", "type": "str"}, + } + + def __init__(self, *, state: Union[str, "_models.DataTypeState"], lookback_period: str, **kwargs): + """ + :keyword state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :keyword lookback_period: lookback period. Required. + :paramtype lookback_period: str + """ + super().__init__(state=state, **kwargs) + self.lookback_period = lookback_period + + +class MSTIDataConnectorProperties(DataConnectorTenantId): + """Microsoft Threat Intelligence data connector properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. Required. + :vartype data_types: ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypes + """ + + _validation = { + "tenant_id": {"required": True}, + "data_types": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + "data_types": {"key": "dataTypes", "type": "MSTIDataConnectorDataTypes"}, + } + + def __init__(self, *, tenant_id: str, data_types: "_models.MSTIDataConnectorDataTypes", **kwargs): + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. Required. + :paramtype data_types: ~azure.mgmt.securityinsight.models.MSTIDataConnectorDataTypes + """ + super().__init__(tenant_id=tenant_id, **kwargs) + self.data_types = data_types + + +class MtpCheckRequirements(DataConnectorsCheckRequirements): + """Represents MTP (Microsoft Threat Protection) requirements check request. + + All required parameters must be populated in order to send to Azure. + + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + """ + + _validation = { + "kind": {"required": True}, + } + + _attribute_map = { + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + """ + super().__init__(**kwargs) + self.kind = "MicrosoftThreatProtection" # type: str + self.tenant_id = tenant_id + + +class MTPCheckRequirementsProperties(DataConnectorTenantId): + """MTP (Microsoft Threat Protection) requirements check properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + """ + + _validation = { + "tenant_id": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: str, **kwargs): + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + """ + super().__init__(tenant_id=tenant_id, **kwargs) + + +class MTPDataConnector(DataConnector): + """Represents MTP (Microsoft Threat Protection) data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypes + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "MTPDataConnectorDataTypes"}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + tenant_id: Optional[str] = None, + data_types: Optional["_models.MTPDataConnectorDataTypes"] = None, + **kwargs + ): + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypes + """ + super().__init__(etag=etag, **kwargs) + self.kind = "MicrosoftThreatProtection" # type: str + self.tenant_id = tenant_id + self.data_types = data_types + + +class MTPDataConnectorDataTypes(_serialization.Model): + """The available data types for Microsoft Threat Protection Platforms data connector. + + All required parameters must be populated in order to send to Azure. + + :ivar incidents: Data type for Microsoft Threat Protection Platforms data connector. Required. + :vartype incidents: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypesIncidents + """ + + _validation = { + "incidents": {"required": True}, + } + + _attribute_map = { + "incidents": {"key": "incidents", "type": "MTPDataConnectorDataTypesIncidents"}, + } + + def __init__(self, *, incidents: "_models.MTPDataConnectorDataTypesIncidents", **kwargs): + """ + :keyword incidents: Data type for Microsoft Threat Protection Platforms data connector. + Required. + :paramtype incidents: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypesIncidents + """ + super().__init__(**kwargs) + self.incidents = incidents + + +class MTPDataConnectorDataTypesIncidents(DataConnectorDataTypeCommon): + """Data type for Microsoft Threat Protection Platforms data connector. + + All required parameters must be populated in order to send to Azure. + + :ivar state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _validation = { + "state": {"required": True}, + } + + _attribute_map = { + "state": {"key": "state", "type": "str"}, + } + + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): + """ + :keyword state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + super().__init__(state=state, **kwargs) + + +class MTPDataConnectorProperties(DataConnectorTenantId): + """MTP (Microsoft Threat Protection) data connector properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. Required. + :vartype data_types: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypes + """ + + _validation = { + "tenant_id": {"required": True}, + "data_types": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + "data_types": {"key": "dataTypes", "type": "MTPDataConnectorDataTypes"}, + } + + def __init__(self, *, tenant_id: str, data_types: "_models.MTPDataConnectorDataTypes", **kwargs): + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. Required. + :paramtype data_types: ~azure.mgmt.securityinsight.models.MTPDataConnectorDataTypes + """ + super().__init__(tenant_id=tenant_id, **kwargs) + self.data_types = data_types + + +class NicEntity(Entity): + """Represents an network interface entity. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar mac_address: The MAC address of this network interface. + :vartype mac_address: str + :ivar ip_address_entity_id: The IP entity id of this network interface. + :vartype ip_address_entity_id: str + :ivar vlans: A list of VLANs of the network interface entity. + :vartype vlans: list[str] + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "mac_address": {"readonly": True}, + "ip_address_entity_id": {"readonly": True}, + "vlans": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "mac_address": {"key": "properties.macAddress", "type": "str"}, + "ip_address_entity_id": {"key": "properties.ipAddressEntityId", "type": "str"}, + "vlans": {"key": "properties.vlans", "type": "[str]"}, + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.kind = "Nic" # type: str + self.additional_data = None + self.friendly_name = None + self.mac_address = None + self.ip_address_entity_id = None + self.vlans = None + + +class NicEntityProperties(EntityCommonProperties): + """Nic entity property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar additional_data: A bag of custom fields that should be part of the entity and will be + presented to the user. + :vartype additional_data: dict[str, JSON] + :ivar friendly_name: The graph item display name which is a short humanly readable description + of the graph item instance. This property is optional and might be system generated. + :vartype friendly_name: str + :ivar mac_address: The MAC address of this network interface. + :vartype mac_address: str + :ivar ip_address_entity_id: The IP entity id of this network interface. + :vartype ip_address_entity_id: str + :ivar vlans: A list of VLANs of the network interface entity. + :vartype vlans: list[str] + """ + + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "mac_address": {"readonly": True}, + "ip_address_entity_id": {"readonly": True}, + "vlans": {"readonly": True}, + } + + _attribute_map = { + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "mac_address": {"key": "macAddress", "type": "str"}, + "ip_address_entity_id": {"key": "ipAddressEntityId", "type": "str"}, + "vlans": {"key": "vlans", "type": "[str]"}, + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.mac_address = None + self.ip_address_entity_id = None + self.vlans = None + + +class NrtAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes + """Represents NRT alert rule. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and + "NRT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. + :vartype alert_rule_template_name: str + :ivar template_version: The version of the alert rule template used to create this rule - in + format , where all are numbers, for example 0 <1.0.2>. + :vartype template_version: str + :ivar description: The description of the alert rule. + :vartype description: str + :ivar query: The query that creates alerts for this rule. + :vartype query: str + :ivar tactics: The tactics of the alert rule. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule. + :vartype techniques: list[str] + :ivar display_name: The display name for alerts created by this alert rule. + :vartype display_name: str + :ivar enabled: Determines whether this alert rule is enabled or disabled. + :vartype enabled: bool + :ivar last_modified_utc: The last time that this alert rule has been modified. + :vartype last_modified_utc: ~datetime.datetime + :ivar suppression_duration: The suppression (in ISO 8601 duration format) to wait since last + time this alert rule been triggered. + :vartype suppression_duration: ~datetime.timedelta + :ivar suppression_enabled: Determines whether the suppression for this alert rule is enabled or + disabled. + :vartype suppression_enabled: bool + :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", + "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar incident_configuration: The settings of the incidents that created from alerts triggered + by this analytics rule. + :vartype incident_configuration: ~azure.mgmt.securityinsight.models.IncidentConfiguration + :ivar custom_details: Dictionary of string key-value pairs of columns to be attached to the + alert. + :vartype custom_details: dict[str, str] + :ivar entity_mappings: Array of the entity mappings of the alert rule. + :vartype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] + :ivar alert_details_override: The alert details override settings. + :vartype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride + :ivar event_grouping_settings: The event grouping settings. + :vartype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "last_modified_utc": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "alert_rule_template_name": {"key": "properties.alertRuleTemplateName", "type": "str"}, + "template_version": {"key": "properties.templateVersion", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "query": {"key": "properties.query", "type": "str"}, + "tactics": {"key": "properties.tactics", "type": "[str]"}, + "techniques": {"key": "properties.techniques", "type": "[str]"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "enabled": {"key": "properties.enabled", "type": "bool"}, + "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, + "suppression_duration": {"key": "properties.suppressionDuration", "type": "duration"}, + "suppression_enabled": {"key": "properties.suppressionEnabled", "type": "bool"}, + "severity": {"key": "properties.severity", "type": "str"}, + "incident_configuration": {"key": "properties.incidentConfiguration", "type": "IncidentConfiguration"}, + "custom_details": {"key": "properties.customDetails", "type": "{str}"}, + "entity_mappings": {"key": "properties.entityMappings", "type": "[EntityMapping]"}, + "alert_details_override": {"key": "properties.alertDetailsOverride", "type": "AlertDetailsOverride"}, + "event_grouping_settings": {"key": "properties.eventGroupingSettings", "type": "EventGroupingSettings"}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + alert_rule_template_name: Optional[str] = None, + template_version: Optional[str] = None, + description: Optional[str] = None, + query: Optional[str] = None, + tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, + techniques: Optional[List[str]] = None, + display_name: Optional[str] = None, + enabled: Optional[bool] = None, + suppression_duration: Optional[datetime.timedelta] = None, + suppression_enabled: Optional[bool] = None, + severity: Optional[Union[str, "_models.AlertSeverity"]] = None, + incident_configuration: Optional["_models.IncidentConfiguration"] = None, + custom_details: Optional[Dict[str, str]] = None, + entity_mappings: Optional[List["_models.EntityMapping"]] = None, + alert_details_override: Optional["_models.AlertDetailsOverride"] = None, + event_grouping_settings: Optional["_models.EventGroupingSettings"] = None, + **kwargs + ): + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword alert_rule_template_name: The Name of the alert rule template used to create this + rule. + :paramtype alert_rule_template_name: str + :keyword template_version: The version of the alert rule template used to create this rule - in + format , where all are numbers, for example 0 <1.0.2>. + :paramtype template_version: str + :keyword description: The description of the alert rule. + :paramtype description: str + :keyword query: The query that creates alerts for this rule. + :paramtype query: str + :keyword tactics: The tactics of the alert rule. + :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :keyword techniques: The techniques of the alert rule. + :paramtype techniques: list[str] + :keyword display_name: The display name for alerts created by this alert rule. + :paramtype display_name: str + :keyword enabled: Determines whether this alert rule is enabled or disabled. + :paramtype enabled: bool + :keyword suppression_duration: The suppression (in ISO 8601 duration format) to wait since last + time this alert rule been triggered. + :paramtype suppression_duration: ~datetime.timedelta + :keyword suppression_enabled: Determines whether the suppression for this alert rule is enabled + or disabled. + :paramtype suppression_enabled: bool + :keyword severity: The severity for alerts created by this alert rule. Known values are: + "High", "Medium", "Low", and "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :keyword incident_configuration: The settings of the incidents that created from alerts + triggered by this analytics rule. + :paramtype incident_configuration: ~azure.mgmt.securityinsight.models.IncidentConfiguration + :keyword custom_details: Dictionary of string key-value pairs of columns to be attached to the + alert. + :paramtype custom_details: dict[str, str] + :keyword entity_mappings: Array of the entity mappings of the alert rule. + :paramtype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] + :keyword alert_details_override: The alert details override settings. + :paramtype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride + :keyword event_grouping_settings: The event grouping settings. + :paramtype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings + """ + super().__init__(etag=etag, **kwargs) + self.kind = "NRT" # type: str + self.alert_rule_template_name = alert_rule_template_name + self.template_version = template_version + self.description = description + self.query = query + self.tactics = tactics + self.techniques = techniques + self.display_name = display_name + self.enabled = enabled + self.last_modified_utc = None + self.suppression_duration = suppression_duration + self.suppression_enabled = suppression_enabled + self.severity = severity + self.incident_configuration = incident_configuration + self.custom_details = custom_details + self.entity_mappings = entity_mappings + self.alert_details_override = alert_details_override + self.event_grouping_settings = event_grouping_settings + + +class NrtAlertRuleTemplate(AlertRuleTemplate): # pylint: disable=too-many-instance-attributes + """Represents NRT alert rule template. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and + "NRT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :vartype alert_rules_created_by_template_count: int + :ivar last_updated_date_utc: The last time that this alert rule template has been updated. + :vartype last_updated_date_utc: ~datetime.datetime + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :ivar description: The description of the alert rule template. + :vartype description: str + :ivar display_name: The display name for alert rule template. + :vartype display_name: str + :ivar required_data_connectors: The required data sources for this template. + :vartype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :ivar status: The alert rule template status. Known values are: "Installed", "Available", and + "NotAvailable". + :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :ivar tactics: The tactics of the alert rule. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule. + :vartype techniques: list[str] + :ivar query: The query that creates alerts for this rule. + :vartype query: str + :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", + "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar version: The version of this template - in format , where all are numbers. For + example <1.0.2>. + :vartype version: str + :ivar custom_details: Dictionary of string key-value pairs of columns to be attached to the + alert. + :vartype custom_details: dict[str, str] + :ivar entity_mappings: Array of the entity mappings of the alert rule. + :vartype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] + :ivar alert_details_override: The alert details override settings. + :vartype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride + :ivar event_grouping_settings: The event grouping settings. + :vartype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "last_updated_date_utc": {"readonly": True}, + "created_date_utc": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "alert_rules_created_by_template_count": {"key": "properties.alertRulesCreatedByTemplateCount", "type": "int"}, + "last_updated_date_utc": {"key": "properties.lastUpdatedDateUTC", "type": "iso-8601"}, + "created_date_utc": {"key": "properties.createdDateUTC", "type": "iso-8601"}, + "description": {"key": "properties.description", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "required_data_connectors": { + "key": "properties.requiredDataConnectors", + "type": "[AlertRuleTemplateDataSource]", + }, + "status": {"key": "properties.status", "type": "str"}, + "tactics": {"key": "properties.tactics", "type": "[str]"}, + "techniques": {"key": "properties.techniques", "type": "[str]"}, + "query": {"key": "properties.query", "type": "str"}, + "severity": {"key": "properties.severity", "type": "str"}, + "version": {"key": "properties.version", "type": "str"}, + "custom_details": {"key": "properties.customDetails", "type": "{str}"}, + "entity_mappings": {"key": "properties.entityMappings", "type": "[EntityMapping]"}, + "alert_details_override": {"key": "properties.alertDetailsOverride", "type": "AlertDetailsOverride"}, + "event_grouping_settings": {"key": "properties.eventGroupingSettings", "type": "EventGroupingSettings"}, + } + + def __init__( + self, + *, + alert_rules_created_by_template_count: Optional[int] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "_models.TemplateStatus"]] = None, + tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, + techniques: Optional[List[str]] = None, + query: Optional[str] = None, + severity: Optional[Union[str, "_models.AlertSeverity"]] = None, + version: Optional[str] = None, + custom_details: Optional[Dict[str, str]] = None, + entity_mappings: Optional[List["_models.EntityMapping"]] = None, + alert_details_override: Optional["_models.AlertDetailsOverride"] = None, + event_grouping_settings: Optional["_models.EventGroupingSettings"] = None, + **kwargs + ): + """ + :keyword alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :paramtype alert_rules_created_by_template_count: int + :keyword description: The description of the alert rule template. + :paramtype description: str + :keyword display_name: The display name for alert rule template. + :paramtype display_name: str + :keyword required_data_connectors: The required data sources for this template. + :paramtype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :keyword status: The alert rule template status. Known values are: "Installed", "Available", + and "NotAvailable". + :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :keyword tactics: The tactics of the alert rule. + :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :keyword techniques: The techniques of the alert rule. + :paramtype techniques: list[str] + :keyword query: The query that creates alerts for this rule. + :paramtype query: str + :keyword severity: The severity for alerts created by this alert rule. Known values are: + "High", "Medium", "Low", and "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :keyword version: The version of this template - in format , where all are numbers. For + example <1.0.2>. + :paramtype version: str + :keyword custom_details: Dictionary of string key-value pairs of columns to be attached to the + alert. + :paramtype custom_details: dict[str, str] + :keyword entity_mappings: Array of the entity mappings of the alert rule. + :paramtype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] + :keyword alert_details_override: The alert details override settings. + :paramtype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride + :keyword event_grouping_settings: The event grouping settings. + :paramtype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings + """ + super().__init__(**kwargs) + self.kind = "NRT" # type: str + self.alert_rules_created_by_template_count = alert_rules_created_by_template_count + self.last_updated_date_utc = None + self.created_date_utc = None + self.description = description + self.display_name = display_name + self.required_data_connectors = required_data_connectors + self.status = status + self.tactics = tactics + self.techniques = techniques + self.query = query + self.severity = severity + self.version = version + self.custom_details = custom_details + self.entity_mappings = entity_mappings + self.alert_details_override = alert_details_override + self.event_grouping_settings = event_grouping_settings + + +class QueryBasedAlertRuleTemplateProperties(_serialization.Model): + """Query based alert rule template base property bag. + + :ivar query: The query that creates alerts for this rule. + :vartype query: str + :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", + "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar version: The version of this template - in format , where all are numbers. For + example <1.0.2>. + :vartype version: str + :ivar custom_details: Dictionary of string key-value pairs of columns to be attached to the + alert. + :vartype custom_details: dict[str, str] + :ivar entity_mappings: Array of the entity mappings of the alert rule. + :vartype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] + :ivar alert_details_override: The alert details override settings. + :vartype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride + :ivar event_grouping_settings: The event grouping settings. + :vartype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings + """ + + _attribute_map = { + "query": {"key": "query", "type": "str"}, + "severity": {"key": "severity", "type": "str"}, + "version": {"key": "version", "type": "str"}, + "custom_details": {"key": "customDetails", "type": "{str}"}, + "entity_mappings": {"key": "entityMappings", "type": "[EntityMapping]"}, + "alert_details_override": {"key": "alertDetailsOverride", "type": "AlertDetailsOverride"}, + "event_grouping_settings": {"key": "eventGroupingSettings", "type": "EventGroupingSettings"}, + } + + def __init__( + self, + *, + query: Optional[str] = None, + severity: Optional[Union[str, "_models.AlertSeverity"]] = None, + version: Optional[str] = None, + custom_details: Optional[Dict[str, str]] = None, + entity_mappings: Optional[List["_models.EntityMapping"]] = None, + alert_details_override: Optional["_models.AlertDetailsOverride"] = None, + event_grouping_settings: Optional["_models.EventGroupingSettings"] = None, + **kwargs + ): + """ + :keyword query: The query that creates alerts for this rule. + :paramtype query: str + :keyword severity: The severity for alerts created by this alert rule. Known values are: + "High", "Medium", "Low", and "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :keyword version: The version of this template - in format , where all are numbers. For + example <1.0.2>. + :paramtype version: str + :keyword custom_details: Dictionary of string key-value pairs of columns to be attached to the + alert. + :paramtype custom_details: dict[str, str] + :keyword entity_mappings: Array of the entity mappings of the alert rule. + :paramtype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] + :keyword alert_details_override: The alert details override settings. + :paramtype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride + :keyword event_grouping_settings: The event grouping settings. + :paramtype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings + """ + super().__init__(**kwargs) + self.query = query + self.severity = severity + self.version = version + self.custom_details = custom_details + self.entity_mappings = entity_mappings + self.alert_details_override = alert_details_override + self.event_grouping_settings = event_grouping_settings + + +class NrtAlertRuleTemplateProperties( + AlertRuleTemplateWithMitreProperties, QueryBasedAlertRuleTemplateProperties +): # pylint: disable=too-many-instance-attributes + """NRT alert rule template properties. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar query: The query that creates alerts for this rule. + :vartype query: str + :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", + "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar version: The version of this template - in format , where all are numbers. For + example <1.0.2>. + :vartype version: str + :ivar custom_details: Dictionary of string key-value pairs of columns to be attached to the + alert. + :vartype custom_details: dict[str, str] + :ivar entity_mappings: Array of the entity mappings of the alert rule. + :vartype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] + :ivar alert_details_override: The alert details override settings. + :vartype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride + :ivar event_grouping_settings: The event grouping settings. + :vartype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings + :ivar alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :vartype alert_rules_created_by_template_count: int + :ivar last_updated_date_utc: The last time that this alert rule template has been updated. + :vartype last_updated_date_utc: ~datetime.datetime + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :ivar description: The description of the alert rule template. + :vartype description: str + :ivar display_name: The display name for alert rule template. + :vartype display_name: str + :ivar required_data_connectors: The required data sources for this template. + :vartype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :ivar status: The alert rule template status. Known values are: "Installed", "Available", and + "NotAvailable". + :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :ivar tactics: The tactics of the alert rule. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule. + :vartype techniques: list[str] + """ + + _validation = { + "last_updated_date_utc": {"readonly": True}, + "created_date_utc": {"readonly": True}, + } + + _attribute_map = { + "query": {"key": "query", "type": "str"}, + "severity": {"key": "severity", "type": "str"}, + "version": {"key": "version", "type": "str"}, + "custom_details": {"key": "customDetails", "type": "{str}"}, + "entity_mappings": {"key": "entityMappings", "type": "[EntityMapping]"}, + "alert_details_override": {"key": "alertDetailsOverride", "type": "AlertDetailsOverride"}, + "event_grouping_settings": {"key": "eventGroupingSettings", "type": "EventGroupingSettings"}, + "alert_rules_created_by_template_count": {"key": "alertRulesCreatedByTemplateCount", "type": "int"}, + "last_updated_date_utc": {"key": "lastUpdatedDateUTC", "type": "iso-8601"}, + "created_date_utc": {"key": "createdDateUTC", "type": "iso-8601"}, + "description": {"key": "description", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "required_data_connectors": {"key": "requiredDataConnectors", "type": "[AlertRuleTemplateDataSource]"}, + "status": {"key": "status", "type": "str"}, + "tactics": {"key": "tactics", "type": "[str]"}, + "techniques": {"key": "techniques", "type": "[str]"}, + } + + def __init__( + self, + *, + query: Optional[str] = None, + severity: Optional[Union[str, "_models.AlertSeverity"]] = None, + version: Optional[str] = None, + custom_details: Optional[Dict[str, str]] = None, + entity_mappings: Optional[List["_models.EntityMapping"]] = None, + alert_details_override: Optional["_models.AlertDetailsOverride"] = None, + event_grouping_settings: Optional["_models.EventGroupingSettings"] = None, + alert_rules_created_by_template_count: Optional[int] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "_models.TemplateStatus"]] = None, + tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, + techniques: Optional[List[str]] = None, + **kwargs + ): + """ + :keyword query: The query that creates alerts for this rule. + :paramtype query: str + :keyword severity: The severity for alerts created by this alert rule. Known values are: + "High", "Medium", "Low", and "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :keyword version: The version of this template - in format , where all are numbers. For + example <1.0.2>. + :paramtype version: str + :keyword custom_details: Dictionary of string key-value pairs of columns to be attached to the + alert. + :paramtype custom_details: dict[str, str] + :keyword entity_mappings: Array of the entity mappings of the alert rule. + :paramtype entity_mappings: list[~azure.mgmt.securityinsight.models.EntityMapping] + :keyword alert_details_override: The alert details override settings. + :paramtype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride + :keyword event_grouping_settings: The event grouping settings. + :paramtype event_grouping_settings: ~azure.mgmt.securityinsight.models.EventGroupingSettings + :keyword alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :paramtype alert_rules_created_by_template_count: int + :keyword description: The description of the alert rule template. + :paramtype description: str + :keyword display_name: The display name for alert rule template. + :paramtype display_name: str + :keyword required_data_connectors: The required data sources for this template. + :paramtype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :keyword status: The alert rule template status. Known values are: "Installed", "Available", + and "NotAvailable". + :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :keyword tactics: The tactics of the alert rule. + :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :keyword techniques: The techniques of the alert rule. + :paramtype techniques: list[str] + """ + super().__init__( + alert_rules_created_by_template_count=alert_rules_created_by_template_count, + description=description, + display_name=display_name, + required_data_connectors=required_data_connectors, + status=status, + tactics=tactics, + techniques=techniques, + query=query, + severity=severity, + version=version, + custom_details=custom_details, + entity_mappings=entity_mappings, + alert_details_override=alert_details_override, + event_grouping_settings=event_grouping_settings, + **kwargs + ) + self.query = query + self.severity = severity + self.version = version + self.custom_details = custom_details + self.entity_mappings = entity_mappings + self.alert_details_override = alert_details_override + self.event_grouping_settings = event_grouping_settings + self.alert_rules_created_by_template_count = alert_rules_created_by_template_count + self.last_updated_date_utc = None + self.created_date_utc = None + self.description = description + self.display_name = display_name + self.required_data_connectors = required_data_connectors + self.status = status + self.tactics = tactics + self.techniques = techniques + + +class Office365ProjectCheckRequirements(DataConnectorsCheckRequirements): + """Represents Office365 Project requirements check request. + + All required parameters must be populated in order to send to Azure. + + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + """ + + _validation = { + "kind": {"required": True}, + } + + _attribute_map = { + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + """ + super().__init__(**kwargs) + self.kind = "Office365Project" # type: str + self.tenant_id = tenant_id + + +class Office365ProjectCheckRequirementsProperties(DataConnectorTenantId): + """Office365 Project requirements check properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + """ + + _validation = { + "tenant_id": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: str, **kwargs): + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + """ + super().__init__(tenant_id=tenant_id, **kwargs) + + +class Office365ProjectConnectorDataTypes(_serialization.Model): + """The available data types for Office Microsoft Project data connector. + + All required parameters must be populated in order to send to Azure. + + :ivar logs: Logs data type. Required. + :vartype logs: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypesLogs """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'mailbox_primary_address': {'readonly': True}, - 'display_name': {'readonly': True}, - 'upn': {'readonly': True}, - 'external_directory_object_id': {'readonly': True}, + "logs": {"required": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, - 'mailbox_primary_address': {'key': 'properties.mailboxPrimaryAddress', 'type': 'str'}, - 'display_name': {'key': 'properties.displayName', 'type': 'str'}, - 'upn': {'key': 'properties.upn', 'type': 'str'}, - 'external_directory_object_id': {'key': 'properties.externalDirectoryObjectId', 'type': 'str'}, + "logs": {"key": "logs", "type": "Office365ProjectConnectorDataTypesLogs"}, } - def __init__( - self, - **kwargs - ): + def __init__(self, *, logs: "_models.Office365ProjectConnectorDataTypesLogs", **kwargs): """ + :keyword logs: Logs data type. Required. + :paramtype logs: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypesLogs """ - super(MailboxEntity, self).__init__(**kwargs) - self.kind = 'Mailbox' # type: str - self.additional_data = None - self.friendly_name = None - self.mailbox_primary_address = None - self.display_name = None - self.upn = None - self.external_directory_object_id = None + super().__init__(**kwargs) + self.logs = logs -class MailboxEntityProperties(EntityCommonProperties): - """Mailbox entity property bag. +class Office365ProjectConnectorDataTypesLogs(DataConnectorDataTypeCommon): + """Logs data type. - Variables are only populated by the server, and will be ignored when sending a request. + All required parameters must be populated in order to send to Azure. - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar mailbox_primary_address: The mailbox's primary address. - :vartype mailbox_primary_address: str - :ivar display_name: The mailbox's display name. - :vartype display_name: str - :ivar upn: The mailbox's UPN. - :vartype upn: str - :ivar external_directory_object_id: The AzureAD identifier of mailbox. Similar to AadUserId in - account entity but this property is specific to mailbox object on office side. - :vartype external_directory_object_id: str + :ivar state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState """ _validation = { - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'mailbox_primary_address': {'readonly': True}, - 'display_name': {'readonly': True}, - 'upn': {'readonly': True}, - 'external_directory_object_id': {'readonly': True}, + "state": {"required": True}, } _attribute_map = { - 'additional_data': {'key': 'additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'friendlyName', 'type': 'str'}, - 'mailbox_primary_address': {'key': 'mailboxPrimaryAddress', 'type': 'str'}, - 'display_name': {'key': 'displayName', 'type': 'str'}, - 'upn': {'key': 'upn', 'type': 'str'}, - 'external_directory_object_id': {'key': 'externalDirectoryObjectId', 'type': 'str'}, + "state": {"key": "state", "type": "str"}, } - def __init__( - self, - **kwargs - ): + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): """ + :keyword state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState """ - super(MailboxEntityProperties, self).__init__(**kwargs) - self.mailbox_primary_address = None - self.display_name = None - self.upn = None - self.external_directory_object_id = None + super().__init__(state=state, **kwargs) -class MailClusterEntity(Entity): - """Represents a mail cluster entity. +class Office365ProjectDataConnector(DataConnector): + """Represents Office Microsoft Project data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -5162,640 +16024,158 @@ class MailClusterEntity(Entity): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: Required. The kind of the entity.Constant filled by server. Known values are: - "Account", "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", - "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", - "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", - "SubmissionMail". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar network_message_ids: The mail message IDs that are part of the mail cluster. - :vartype network_message_ids: list[str] - :ivar count_by_delivery_status: Count of mail messages by DeliveryStatus string representation. - :vartype count_by_delivery_status: any - :ivar count_by_threat_type: Count of mail messages by ThreatType string representation. - :vartype count_by_threat_type: any - :ivar count_by_protection_status: Count of mail messages by ProtectionStatus string - representation. - :vartype count_by_protection_status: any - :ivar threats: The threats of mail messages that are part of the mail cluster. - :vartype threats: list[str] - :ivar query: The query that was used to identify the messages of the mail cluster. - :vartype query: str - :ivar query_time: The query time. - :vartype query_time: ~datetime.datetime - :ivar mail_count: The number of mail messages that are part of the mail cluster. - :vartype mail_count: int - :ivar is_volume_anomaly: Is this a volume anomaly mail cluster. - :vartype is_volume_anomaly: bool - :ivar source: The source of the mail cluster (default is 'O365 ATP'). - :vartype source: str - :ivar cluster_source_identifier: The id of the cluster source. - :vartype cluster_source_identifier: str - :ivar cluster_source_type: The type of the cluster source. - :vartype cluster_source_type: str - :ivar cluster_query_start_time: The cluster query start time. - :vartype cluster_query_start_time: ~datetime.datetime - :ivar cluster_query_end_time: The cluster query end time. - :vartype cluster_query_end_time: ~datetime.datetime - :ivar cluster_group: The cluster group. - :vartype cluster_group: str - """ - - _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'network_message_ids': {'readonly': True}, - 'count_by_delivery_status': {'readonly': True}, - 'count_by_threat_type': {'readonly': True}, - 'count_by_protection_status': {'readonly': True}, - 'threats': {'readonly': True}, - 'query': {'readonly': True}, - 'query_time': {'readonly': True}, - 'mail_count': {'readonly': True}, - 'is_volume_anomaly': {'readonly': True}, - 'source': {'readonly': True}, - 'cluster_source_identifier': {'readonly': True}, - 'cluster_source_type': {'readonly': True}, - 'cluster_query_start_time': {'readonly': True}, - 'cluster_query_end_time': {'readonly': True}, - 'cluster_group': {'readonly': True}, - } - - _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, - 'network_message_ids': {'key': 'properties.networkMessageIds', 'type': '[str]'}, - 'count_by_delivery_status': {'key': 'properties.countByDeliveryStatus', 'type': 'object'}, - 'count_by_threat_type': {'key': 'properties.countByThreatType', 'type': 'object'}, - 'count_by_protection_status': {'key': 'properties.countByProtectionStatus', 'type': 'object'}, - 'threats': {'key': 'properties.threats', 'type': '[str]'}, - 'query': {'key': 'properties.query', 'type': 'str'}, - 'query_time': {'key': 'properties.queryTime', 'type': 'iso-8601'}, - 'mail_count': {'key': 'properties.mailCount', 'type': 'int'}, - 'is_volume_anomaly': {'key': 'properties.isVolumeAnomaly', 'type': 'bool'}, - 'source': {'key': 'properties.source', 'type': 'str'}, - 'cluster_source_identifier': {'key': 'properties.clusterSourceIdentifier', 'type': 'str'}, - 'cluster_source_type': {'key': 'properties.clusterSourceType', 'type': 'str'}, - 'cluster_query_start_time': {'key': 'properties.clusterQueryStartTime', 'type': 'iso-8601'}, - 'cluster_query_end_time': {'key': 'properties.clusterQueryEndTime', 'type': 'iso-8601'}, - 'cluster_group': {'key': 'properties.clusterGroup', 'type': 'str'}, - } - - def __init__( - self, - **kwargs - ): - """ - """ - super(MailClusterEntity, self).__init__(**kwargs) - self.kind = 'MailCluster' # type: str - self.additional_data = None - self.friendly_name = None - self.network_message_ids = None - self.count_by_delivery_status = None - self.count_by_threat_type = None - self.count_by_protection_status = None - self.threats = None - self.query = None - self.query_time = None - self.mail_count = None - self.is_volume_anomaly = None - self.source = None - self.cluster_source_identifier = None - self.cluster_source_type = None - self.cluster_query_start_time = None - self.cluster_query_end_time = None - self.cluster_group = None - - -class MailClusterEntityProperties(EntityCommonProperties): - """Mail cluster entity property bag. - - Variables are only populated by the server, and will be ignored when sending a request. - - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar network_message_ids: The mail message IDs that are part of the mail cluster. - :vartype network_message_ids: list[str] - :ivar count_by_delivery_status: Count of mail messages by DeliveryStatus string representation. - :vartype count_by_delivery_status: any - :ivar count_by_threat_type: Count of mail messages by ThreatType string representation. - :vartype count_by_threat_type: any - :ivar count_by_protection_status: Count of mail messages by ProtectionStatus string - representation. - :vartype count_by_protection_status: any - :ivar threats: The threats of mail messages that are part of the mail cluster. - :vartype threats: list[str] - :ivar query: The query that was used to identify the messages of the mail cluster. - :vartype query: str - :ivar query_time: The query time. - :vartype query_time: ~datetime.datetime - :ivar mail_count: The number of mail messages that are part of the mail cluster. - :vartype mail_count: int - :ivar is_volume_anomaly: Is this a volume anomaly mail cluster. - :vartype is_volume_anomaly: bool - :ivar source: The source of the mail cluster (default is 'O365 ATP'). - :vartype source: str - :ivar cluster_source_identifier: The id of the cluster source. - :vartype cluster_source_identifier: str - :ivar cluster_source_type: The type of the cluster source. - :vartype cluster_source_type: str - :ivar cluster_query_start_time: The cluster query start time. - :vartype cluster_query_start_time: ~datetime.datetime - :ivar cluster_query_end_time: The cluster query end time. - :vartype cluster_query_end_time: ~datetime.datetime - :ivar cluster_group: The cluster group. - :vartype cluster_group: str + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypes """ _validation = { - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'network_message_ids': {'readonly': True}, - 'count_by_delivery_status': {'readonly': True}, - 'count_by_threat_type': {'readonly': True}, - 'count_by_protection_status': {'readonly': True}, - 'threats': {'readonly': True}, - 'query': {'readonly': True}, - 'query_time': {'readonly': True}, - 'mail_count': {'readonly': True}, - 'is_volume_anomaly': {'readonly': True}, - 'source': {'readonly': True}, - 'cluster_source_identifier': {'readonly': True}, - 'cluster_source_type': {'readonly': True}, - 'cluster_query_start_time': {'readonly': True}, - 'cluster_query_end_time': {'readonly': True}, - 'cluster_group': {'readonly': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, } _attribute_map = { - 'additional_data': {'key': 'additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'friendlyName', 'type': 'str'}, - 'network_message_ids': {'key': 'networkMessageIds', 'type': '[str]'}, - 'count_by_delivery_status': {'key': 'countByDeliveryStatus', 'type': 'object'}, - 'count_by_threat_type': {'key': 'countByThreatType', 'type': 'object'}, - 'count_by_protection_status': {'key': 'countByProtectionStatus', 'type': 'object'}, - 'threats': {'key': 'threats', 'type': '[str]'}, - 'query': {'key': 'query', 'type': 'str'}, - 'query_time': {'key': 'queryTime', 'type': 'iso-8601'}, - 'mail_count': {'key': 'mailCount', 'type': 'int'}, - 'is_volume_anomaly': {'key': 'isVolumeAnomaly', 'type': 'bool'}, - 'source': {'key': 'source', 'type': 'str'}, - 'cluster_source_identifier': {'key': 'clusterSourceIdentifier', 'type': 'str'}, - 'cluster_source_type': {'key': 'clusterSourceType', 'type': 'str'}, - 'cluster_query_start_time': {'key': 'clusterQueryStartTime', 'type': 'iso-8601'}, - 'cluster_query_end_time': {'key': 'clusterQueryEndTime', 'type': 'iso-8601'}, - 'cluster_group': {'key': 'clusterGroup', 'type': 'str'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "Office365ProjectConnectorDataTypes"}, } def __init__( self, + *, + etag: Optional[str] = None, + tenant_id: Optional[str] = None, + data_types: Optional["_models.Office365ProjectConnectorDataTypes"] = None, **kwargs ): """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypes """ - super(MailClusterEntityProperties, self).__init__(**kwargs) - self.network_message_ids = None - self.count_by_delivery_status = None - self.count_by_threat_type = None - self.count_by_protection_status = None - self.threats = None - self.query = None - self.query_time = None - self.mail_count = None - self.is_volume_anomaly = None - self.source = None - self.cluster_source_identifier = None - self.cluster_source_type = None - self.cluster_query_start_time = None - self.cluster_query_end_time = None - self.cluster_group = None - + super().__init__(etag=etag, **kwargs) + self.kind = "Office365Project" # type: str + self.tenant_id = tenant_id + self.data_types = data_types -class MailMessageEntity(Entity): - """Represents a mail message entity. - Variables are only populated by the server, and will be ignored when sending a request. +class Office365ProjectDataConnectorProperties(DataConnectorTenantId): + """Office Microsoft Project data connector properties. All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: Required. The kind of the entity.Constant filled by server. Known values are: - "Account", "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", - "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", - "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", - "SubmissionMail". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar file_entity_ids: The File entity ids of this mail message's attachments. - :vartype file_entity_ids: list[str] - :ivar recipient: The recipient of this mail message. Note that in case of multiple recipients - the mail message is forked and each copy has one recipient. - :vartype recipient: str - :ivar urls: The Urls contained in this mail message. - :vartype urls: list[str] - :ivar threats: The threats of this mail message. - :vartype threats: list[str] - :ivar p1_sender: The p1 sender's email address. - :vartype p1_sender: str - :ivar p1_sender_display_name: The p1 sender's display name. - :vartype p1_sender_display_name: str - :ivar p1_sender_domain: The p1 sender's domain. - :vartype p1_sender_domain: str - :ivar sender_ip: The sender's IP address. - :vartype sender_ip: str - :ivar p2_sender: The p2 sender's email address. - :vartype p2_sender: str - :ivar p2_sender_display_name: The p2 sender's display name. - :vartype p2_sender_display_name: str - :ivar p2_sender_domain: The p2 sender's domain. - :vartype p2_sender_domain: str - :ivar receive_date: The receive date of this message. - :vartype receive_date: ~datetime.datetime - :ivar network_message_id: The network message id of this mail message. - :vartype network_message_id: str - :ivar internet_message_id: The internet message id of this mail message. - :vartype internet_message_id: str - :ivar subject: The subject of this mail message. - :vartype subject: str - :ivar language: The language of this mail message. - :vartype language: str - :ivar threat_detection_methods: The threat detection methods. - :vartype threat_detection_methods: list[str] - :ivar body_fingerprint_bin1: The bodyFingerprintBin1. - :vartype body_fingerprint_bin1: int - :ivar body_fingerprint_bin2: The bodyFingerprintBin2. - :vartype body_fingerprint_bin2: int - :ivar body_fingerprint_bin3: The bodyFingerprintBin3. - :vartype body_fingerprint_bin3: int - :ivar body_fingerprint_bin4: The bodyFingerprintBin4. - :vartype body_fingerprint_bin4: int - :ivar body_fingerprint_bin5: The bodyFingerprintBin5. - :vartype body_fingerprint_bin5: int - :ivar antispam_direction: The directionality of this mail message. Known values are: "Unknown", - "Inbound", "Outbound", "Intraorg". - :vartype antispam_direction: str or ~azure.mgmt.securityinsight.models.AntispamMailDirection - :ivar delivery_action: The delivery action of this mail message like Delivered, Blocked, - Replaced etc. Known values are: "Unknown", "DeliveredAsSpam", "Delivered", "Blocked", - "Replaced". - :vartype delivery_action: str or ~azure.mgmt.securityinsight.models.DeliveryAction - :ivar delivery_location: The delivery location of this mail message like Inbox, JunkFolder etc. - Known values are: "Unknown", "Inbox", "JunkFolder", "DeletedFolder", "Quarantine", "External", - "Failed", "Dropped", "Forwarded". - :vartype delivery_location: str or ~azure.mgmt.securityinsight.models.DeliveryLocation + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. Required. + :vartype data_types: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypes + """ + + _validation = { + "tenant_id": {"required": True}, + "data_types": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + "data_types": {"key": "dataTypes", "type": "Office365ProjectConnectorDataTypes"}, + } + + def __init__(self, *, tenant_id: str, data_types: "_models.Office365ProjectConnectorDataTypes", **kwargs): + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. Required. + :paramtype data_types: ~azure.mgmt.securityinsight.models.Office365ProjectConnectorDataTypes + """ + super().__init__(tenant_id=tenant_id, **kwargs) + self.data_types = data_types + + +class OfficeATPCheckRequirements(DataConnectorsCheckRequirements): + """Represents OfficeATP (Office 365 Advanced Threat Protection) requirements check request. + + All required parameters must be populated in order to send to Azure. + + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'file_entity_ids': {'readonly': True}, - 'recipient': {'readonly': True}, - 'urls': {'readonly': True}, - 'threats': {'readonly': True}, - 'p1_sender': {'readonly': True}, - 'p1_sender_display_name': {'readonly': True}, - 'p1_sender_domain': {'readonly': True}, - 'sender_ip': {'readonly': True}, - 'p2_sender': {'readonly': True}, - 'p2_sender_display_name': {'readonly': True}, - 'p2_sender_domain': {'readonly': True}, - 'receive_date': {'readonly': True}, - 'network_message_id': {'readonly': True}, - 'internet_message_id': {'readonly': True}, - 'subject': {'readonly': True}, - 'language': {'readonly': True}, - 'threat_detection_methods': {'readonly': True}, - } - - _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, - 'file_entity_ids': {'key': 'properties.fileEntityIds', 'type': '[str]'}, - 'recipient': {'key': 'properties.recipient', 'type': 'str'}, - 'urls': {'key': 'properties.urls', 'type': '[str]'}, - 'threats': {'key': 'properties.threats', 'type': '[str]'}, - 'p1_sender': {'key': 'properties.p1Sender', 'type': 'str'}, - 'p1_sender_display_name': {'key': 'properties.p1SenderDisplayName', 'type': 'str'}, - 'p1_sender_domain': {'key': 'properties.p1SenderDomain', 'type': 'str'}, - 'sender_ip': {'key': 'properties.senderIP', 'type': 'str'}, - 'p2_sender': {'key': 'properties.p2Sender', 'type': 'str'}, - 'p2_sender_display_name': {'key': 'properties.p2SenderDisplayName', 'type': 'str'}, - 'p2_sender_domain': {'key': 'properties.p2SenderDomain', 'type': 'str'}, - 'receive_date': {'key': 'properties.receiveDate', 'type': 'iso-8601'}, - 'network_message_id': {'key': 'properties.networkMessageId', 'type': 'str'}, - 'internet_message_id': {'key': 'properties.internetMessageId', 'type': 'str'}, - 'subject': {'key': 'properties.subject', 'type': 'str'}, - 'language': {'key': 'properties.language', 'type': 'str'}, - 'threat_detection_methods': {'key': 'properties.threatDetectionMethods', 'type': '[str]'}, - 'body_fingerprint_bin1': {'key': 'properties.bodyFingerprintBin1', 'type': 'int'}, - 'body_fingerprint_bin2': {'key': 'properties.bodyFingerprintBin2', 'type': 'int'}, - 'body_fingerprint_bin3': {'key': 'properties.bodyFingerprintBin3', 'type': 'int'}, - 'body_fingerprint_bin4': {'key': 'properties.bodyFingerprintBin4', 'type': 'int'}, - 'body_fingerprint_bin5': {'key': 'properties.bodyFingerprintBin5', 'type': 'int'}, - 'antispam_direction': {'key': 'properties.antispamDirection', 'type': 'str'}, - 'delivery_action': {'key': 'properties.deliveryAction', 'type': 'str'}, - 'delivery_location': {'key': 'properties.deliveryLocation', 'type': 'str'}, + "kind": {"required": True}, } - def __init__( - self, - *, - body_fingerprint_bin1: Optional[int] = None, - body_fingerprint_bin2: Optional[int] = None, - body_fingerprint_bin3: Optional[int] = None, - body_fingerprint_bin4: Optional[int] = None, - body_fingerprint_bin5: Optional[int] = None, - antispam_direction: Optional[Union[str, "_models.AntispamMailDirection"]] = None, - delivery_action: Optional[Union[str, "_models.DeliveryAction"]] = None, - delivery_location: Optional[Union[str, "_models.DeliveryLocation"]] = None, - **kwargs - ): + _attribute_map = { + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): """ - :keyword body_fingerprint_bin1: The bodyFingerprintBin1. - :paramtype body_fingerprint_bin1: int - :keyword body_fingerprint_bin2: The bodyFingerprintBin2. - :paramtype body_fingerprint_bin2: int - :keyword body_fingerprint_bin3: The bodyFingerprintBin3. - :paramtype body_fingerprint_bin3: int - :keyword body_fingerprint_bin4: The bodyFingerprintBin4. - :paramtype body_fingerprint_bin4: int - :keyword body_fingerprint_bin5: The bodyFingerprintBin5. - :paramtype body_fingerprint_bin5: int - :keyword antispam_direction: The directionality of this mail message. Known values are: - "Unknown", "Inbound", "Outbound", "Intraorg". - :paramtype antispam_direction: str or ~azure.mgmt.securityinsight.models.AntispamMailDirection - :keyword delivery_action: The delivery action of this mail message like Delivered, Blocked, - Replaced etc. Known values are: "Unknown", "DeliveredAsSpam", "Delivered", "Blocked", - "Replaced". - :paramtype delivery_action: str or ~azure.mgmt.securityinsight.models.DeliveryAction - :keyword delivery_location: The delivery location of this mail message like Inbox, JunkFolder - etc. Known values are: "Unknown", "Inbox", "JunkFolder", "DeletedFolder", "Quarantine", - "External", "Failed", "Dropped", "Forwarded". - :paramtype delivery_location: str or ~azure.mgmt.securityinsight.models.DeliveryLocation + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str """ - super(MailMessageEntity, self).__init__(**kwargs) - self.kind = 'MailMessage' # type: str - self.additional_data = None - self.friendly_name = None - self.file_entity_ids = None - self.recipient = None - self.urls = None - self.threats = None - self.p1_sender = None - self.p1_sender_display_name = None - self.p1_sender_domain = None - self.sender_ip = None - self.p2_sender = None - self.p2_sender_display_name = None - self.p2_sender_domain = None - self.receive_date = None - self.network_message_id = None - self.internet_message_id = None - self.subject = None - self.language = None - self.threat_detection_methods = None - self.body_fingerprint_bin1 = body_fingerprint_bin1 - self.body_fingerprint_bin2 = body_fingerprint_bin2 - self.body_fingerprint_bin3 = body_fingerprint_bin3 - self.body_fingerprint_bin4 = body_fingerprint_bin4 - self.body_fingerprint_bin5 = body_fingerprint_bin5 - self.antispam_direction = antispam_direction - self.delivery_action = delivery_action - self.delivery_location = delivery_location + super().__init__(**kwargs) + self.kind = "OfficeATP" # type: str + self.tenant_id = tenant_id -class MailMessageEntityProperties(EntityCommonProperties): - """Mail message entity property bag. +class OfficeATPCheckRequirementsProperties(DataConnectorTenantId): + """OfficeATP (Office 365 Advanced Threat Protection) requirements check properties. - Variables are only populated by the server, and will be ignored when sending a request. + All required parameters must be populated in order to send to Azure. - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar file_entity_ids: The File entity ids of this mail message's attachments. - :vartype file_entity_ids: list[str] - :ivar recipient: The recipient of this mail message. Note that in case of multiple recipients - the mail message is forked and each copy has one recipient. - :vartype recipient: str - :ivar urls: The Urls contained in this mail message. - :vartype urls: list[str] - :ivar threats: The threats of this mail message. - :vartype threats: list[str] - :ivar p1_sender: The p1 sender's email address. - :vartype p1_sender: str - :ivar p1_sender_display_name: The p1 sender's display name. - :vartype p1_sender_display_name: str - :ivar p1_sender_domain: The p1 sender's domain. - :vartype p1_sender_domain: str - :ivar sender_ip: The sender's IP address. - :vartype sender_ip: str - :ivar p2_sender: The p2 sender's email address. - :vartype p2_sender: str - :ivar p2_sender_display_name: The p2 sender's display name. - :vartype p2_sender_display_name: str - :ivar p2_sender_domain: The p2 sender's domain. - :vartype p2_sender_domain: str - :ivar receive_date: The receive date of this message. - :vartype receive_date: ~datetime.datetime - :ivar network_message_id: The network message id of this mail message. - :vartype network_message_id: str - :ivar internet_message_id: The internet message id of this mail message. - :vartype internet_message_id: str - :ivar subject: The subject of this mail message. - :vartype subject: str - :ivar language: The language of this mail message. - :vartype language: str - :ivar threat_detection_methods: The threat detection methods. - :vartype threat_detection_methods: list[str] - :ivar body_fingerprint_bin1: The bodyFingerprintBin1. - :vartype body_fingerprint_bin1: int - :ivar body_fingerprint_bin2: The bodyFingerprintBin2. - :vartype body_fingerprint_bin2: int - :ivar body_fingerprint_bin3: The bodyFingerprintBin3. - :vartype body_fingerprint_bin3: int - :ivar body_fingerprint_bin4: The bodyFingerprintBin4. - :vartype body_fingerprint_bin4: int - :ivar body_fingerprint_bin5: The bodyFingerprintBin5. - :vartype body_fingerprint_bin5: int - :ivar antispam_direction: The directionality of this mail message. Known values are: "Unknown", - "Inbound", "Outbound", "Intraorg". - :vartype antispam_direction: str or ~azure.mgmt.securityinsight.models.AntispamMailDirection - :ivar delivery_action: The delivery action of this mail message like Delivered, Blocked, - Replaced etc. Known values are: "Unknown", "DeliveredAsSpam", "Delivered", "Blocked", - "Replaced". - :vartype delivery_action: str or ~azure.mgmt.securityinsight.models.DeliveryAction - :ivar delivery_location: The delivery location of this mail message like Inbox, JunkFolder etc. - Known values are: "Unknown", "Inbox", "JunkFolder", "DeletedFolder", "Quarantine", "External", - "Failed", "Dropped", "Forwarded". - :vartype delivery_location: str or ~azure.mgmt.securityinsight.models.DeliveryLocation + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str """ _validation = { - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'file_entity_ids': {'readonly': True}, - 'recipient': {'readonly': True}, - 'urls': {'readonly': True}, - 'threats': {'readonly': True}, - 'p1_sender': {'readonly': True}, - 'p1_sender_display_name': {'readonly': True}, - 'p1_sender_domain': {'readonly': True}, - 'sender_ip': {'readonly': True}, - 'p2_sender': {'readonly': True}, - 'p2_sender_display_name': {'readonly': True}, - 'p2_sender_domain': {'readonly': True}, - 'receive_date': {'readonly': True}, - 'network_message_id': {'readonly': True}, - 'internet_message_id': {'readonly': True}, - 'subject': {'readonly': True}, - 'language': {'readonly': True}, - 'threat_detection_methods': {'readonly': True}, - } - - _attribute_map = { - 'additional_data': {'key': 'additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'friendlyName', 'type': 'str'}, - 'file_entity_ids': {'key': 'fileEntityIds', 'type': '[str]'}, - 'recipient': {'key': 'recipient', 'type': 'str'}, - 'urls': {'key': 'urls', 'type': '[str]'}, - 'threats': {'key': 'threats', 'type': '[str]'}, - 'p1_sender': {'key': 'p1Sender', 'type': 'str'}, - 'p1_sender_display_name': {'key': 'p1SenderDisplayName', 'type': 'str'}, - 'p1_sender_domain': {'key': 'p1SenderDomain', 'type': 'str'}, - 'sender_ip': {'key': 'senderIP', 'type': 'str'}, - 'p2_sender': {'key': 'p2Sender', 'type': 'str'}, - 'p2_sender_display_name': {'key': 'p2SenderDisplayName', 'type': 'str'}, - 'p2_sender_domain': {'key': 'p2SenderDomain', 'type': 'str'}, - 'receive_date': {'key': 'receiveDate', 'type': 'iso-8601'}, - 'network_message_id': {'key': 'networkMessageId', 'type': 'str'}, - 'internet_message_id': {'key': 'internetMessageId', 'type': 'str'}, - 'subject': {'key': 'subject', 'type': 'str'}, - 'language': {'key': 'language', 'type': 'str'}, - 'threat_detection_methods': {'key': 'threatDetectionMethods', 'type': '[str]'}, - 'body_fingerprint_bin1': {'key': 'bodyFingerprintBin1', 'type': 'int'}, - 'body_fingerprint_bin2': {'key': 'bodyFingerprintBin2', 'type': 'int'}, - 'body_fingerprint_bin3': {'key': 'bodyFingerprintBin3', 'type': 'int'}, - 'body_fingerprint_bin4': {'key': 'bodyFingerprintBin4', 'type': 'int'}, - 'body_fingerprint_bin5': {'key': 'bodyFingerprintBin5', 'type': 'int'}, - 'antispam_direction': {'key': 'antispamDirection', 'type': 'str'}, - 'delivery_action': {'key': 'deliveryAction', 'type': 'str'}, - 'delivery_location': {'key': 'deliveryLocation', 'type': 'str'}, + "tenant_id": {"required": True}, } - def __init__( - self, - *, - body_fingerprint_bin1: Optional[int] = None, - body_fingerprint_bin2: Optional[int] = None, - body_fingerprint_bin3: Optional[int] = None, - body_fingerprint_bin4: Optional[int] = None, - body_fingerprint_bin5: Optional[int] = None, - antispam_direction: Optional[Union[str, "_models.AntispamMailDirection"]] = None, - delivery_action: Optional[Union[str, "_models.DeliveryAction"]] = None, - delivery_location: Optional[Union[str, "_models.DeliveryLocation"]] = None, - **kwargs - ): + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: str, **kwargs): """ - :keyword body_fingerprint_bin1: The bodyFingerprintBin1. - :paramtype body_fingerprint_bin1: int - :keyword body_fingerprint_bin2: The bodyFingerprintBin2. - :paramtype body_fingerprint_bin2: int - :keyword body_fingerprint_bin3: The bodyFingerprintBin3. - :paramtype body_fingerprint_bin3: int - :keyword body_fingerprint_bin4: The bodyFingerprintBin4. - :paramtype body_fingerprint_bin4: int - :keyword body_fingerprint_bin5: The bodyFingerprintBin5. - :paramtype body_fingerprint_bin5: int - :keyword antispam_direction: The directionality of this mail message. Known values are: - "Unknown", "Inbound", "Outbound", "Intraorg". - :paramtype antispam_direction: str or ~azure.mgmt.securityinsight.models.AntispamMailDirection - :keyword delivery_action: The delivery action of this mail message like Delivered, Blocked, - Replaced etc. Known values are: "Unknown", "DeliveredAsSpam", "Delivered", "Blocked", - "Replaced". - :paramtype delivery_action: str or ~azure.mgmt.securityinsight.models.DeliveryAction - :keyword delivery_location: The delivery location of this mail message like Inbox, JunkFolder - etc. Known values are: "Unknown", "Inbox", "JunkFolder", "DeletedFolder", "Quarantine", - "External", "Failed", "Dropped", "Forwarded". - :paramtype delivery_location: str or ~azure.mgmt.securityinsight.models.DeliveryLocation + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str """ - super(MailMessageEntityProperties, self).__init__(**kwargs) - self.file_entity_ids = None - self.recipient = None - self.urls = None - self.threats = None - self.p1_sender = None - self.p1_sender_display_name = None - self.p1_sender_domain = None - self.sender_ip = None - self.p2_sender = None - self.p2_sender_display_name = None - self.p2_sender_domain = None - self.receive_date = None - self.network_message_id = None - self.internet_message_id = None - self.subject = None - self.language = None - self.threat_detection_methods = None - self.body_fingerprint_bin1 = body_fingerprint_bin1 - self.body_fingerprint_bin2 = body_fingerprint_bin2 - self.body_fingerprint_bin3 = body_fingerprint_bin3 - self.body_fingerprint_bin4 = body_fingerprint_bin4 - self.body_fingerprint_bin5 = body_fingerprint_bin5 - self.antispam_direction = antispam_direction - self.delivery_action = delivery_action - self.delivery_location = delivery_location + super().__init__(tenant_id=tenant_id, **kwargs) -class MalwareEntity(Entity): - """Represents a malware entity. +class OfficeATPDataConnector(DataConnector): + """Represents OfficeATP (Office 365 Advanced Threat Protection) data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -5812,133 +16192,102 @@ class MalwareEntity(Entity): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: Required. The kind of the entity.Constant filled by server. Known values are: - "Account", "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", - "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", - "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", - "SubmissionMail". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar category: The malware category by the vendor, e.g. Trojan. - :vartype category: str - :ivar file_entity_ids: List of linked file entity identifiers on which the malware was found. - :vartype file_entity_ids: list[str] - :ivar malware_name: The malware name by the vendor, e.g. Win32/Toga!rfn. - :vartype malware_name: str - :ivar process_entity_ids: List of linked process entity identifiers on which the malware was - found. - :vartype process_entity_ids: list[str] + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'category': {'readonly': True}, - 'file_entity_ids': {'readonly': True}, - 'malware_name': {'readonly': True}, - 'process_entity_ids': {'readonly': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, - 'category': {'key': 'properties.category', 'type': 'str'}, - 'file_entity_ids': {'key': 'properties.fileEntityIds', 'type': '[str]'}, - 'malware_name': {'key': 'properties.malwareName', 'type': 'str'}, - 'process_entity_ids': {'key': 'properties.processEntityIds', 'type': '[str]'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "AlertsDataTypeOfDataConnector"}, } def __init__( self, + *, + etag: Optional[str] = None, + tenant_id: Optional[str] = None, + data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs ): """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector """ - super(MalwareEntity, self).__init__(**kwargs) - self.kind = 'Malware' # type: str - self.additional_data = None - self.friendly_name = None - self.category = None - self.file_entity_ids = None - self.malware_name = None - self.process_entity_ids = None + super().__init__(etag=etag, **kwargs) + self.kind = "OfficeATP" # type: str + self.tenant_id = tenant_id + self.data_types = data_types -class MalwareEntityProperties(EntityCommonProperties): - """Malware entity property bag. +class OfficeATPDataConnectorProperties(DataConnectorTenantId, DataConnectorWithAlertsProperties): + """OfficeATP (Office 365 Advanced Threat Protection) data connector properties. - Variables are only populated by the server, and will be ignored when sending a request. + All required parameters must be populated in order to send to Azure. - :ivar additional_data: A bag of custom fields that should be part of the entity and will be - presented to the user. - :vartype additional_data: dict[str, any] - :ivar friendly_name: The graph item display name which is a short humanly readable description - of the graph item instance. This property is optional and might be system generated. - :vartype friendly_name: str - :ivar category: The malware category by the vendor, e.g. Trojan. - :vartype category: str - :ivar file_entity_ids: List of linked file entity identifiers on which the malware was found. - :vartype file_entity_ids: list[str] - :ivar malware_name: The malware name by the vendor, e.g. Win32/Toga!rfn. - :vartype malware_name: str - :ivar process_entity_ids: List of linked process entity identifiers on which the malware was - found. - :vartype process_entity_ids: list[str] + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str """ _validation = { - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'category': {'readonly': True}, - 'file_entity_ids': {'readonly': True}, - 'malware_name': {'readonly': True}, - 'process_entity_ids': {'readonly': True}, + "tenant_id": {"required": True}, } _attribute_map = { - 'additional_data': {'key': 'additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'friendlyName', 'type': 'str'}, - 'category': {'key': 'category', 'type': 'str'}, - 'file_entity_ids': {'key': 'fileEntityIds', 'type': '[str]'}, - 'malware_name': {'key': 'malwareName', 'type': 'str'}, - 'process_entity_ids': {'key': 'processEntityIds', 'type': '[str]'}, + "data_types": {"key": "dataTypes", "type": "AlertsDataTypeOfDataConnector"}, + "tenant_id": {"key": "tenantId", "type": "str"}, } def __init__( - self, - **kwargs + self, *, tenant_id: str, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs ): """ + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str """ - super(MalwareEntityProperties, self).__init__(**kwargs) - self.category = None - self.file_entity_ids = None - self.malware_name = None - self.process_entity_ids = None + super().__init__(tenant_id=tenant_id, data_types=data_types, **kwargs) + self.data_types = data_types + self.tenant_id = tenant_id -class MCASDataConnector(DataConnector): - """Represents MCAS (Microsoft Cloud App Security) data connector. +class OfficeConsent(Resource): + """Consent for Office365 tenant that already made. Variables are only populated by the server, and will be ignored when sending a request. - All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. :vartype id: str @@ -5950,93 +16299,75 @@ class MCASDataConnector(DataConnector): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: Required. The data connector kind.Constant filled by server. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "Office365", "AmazonWebServicesCloudTrail", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection". - :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind - :ivar tenant_id: The tenant id to connect to, and get the data from. + :ivar tenant_id: The tenantId of the Office365 with the consent. :vartype tenant_id: str - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.MCASDataConnectorDataTypes + :ivar consent_id: Help to easily cascade among the data layers. + :vartype consent_id: str """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'etag': {'key': 'etag', 'type': 'str'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, - 'data_types': {'key': 'properties.dataTypes', 'type': 'MCASDataConnectorDataTypes'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "consent_id": {"key": "properties.consentId", "type": "str"}, } - def __init__( - self, - *, - etag: Optional[str] = None, - tenant_id: Optional[str] = None, - data_types: Optional["_models.MCASDataConnectorDataTypes"] = None, - **kwargs - ): + def __init__(self, *, tenant_id: Optional[str] = None, consent_id: Optional[str] = None, **kwargs): """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword tenant_id: The tenant id to connect to, and get the data from. + :keyword tenant_id: The tenantId of the Office365 with the consent. :paramtype tenant_id: str - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.MCASDataConnectorDataTypes + :keyword consent_id: Help to easily cascade among the data layers. + :paramtype consent_id: str """ - super(MCASDataConnector, self).__init__(etag=etag, **kwargs) - self.kind = 'MicrosoftCloudAppSecurity' # type: str + super().__init__(**kwargs) self.tenant_id = tenant_id - self.data_types = data_types + self.consent_id = consent_id -class MCASDataConnectorDataTypes(AlertsDataTypeOfDataConnector): - """The available data types for MCAS (Microsoft Cloud App Security) data connector. +class OfficeConsentList(_serialization.Model): + """List of all the office365 consents. - :ivar alerts: Alerts data type connection. - :vartype alerts: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon - :ivar discovery_logs: Discovery log data type connection. - :vartype discovery_logs: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of office consents. + :vartype next_link: str + :ivar value: Array of the consents. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.OfficeConsent] """ + _validation = { + "next_link": {"readonly": True}, + "value": {"required": True}, + } + _attribute_map = { - 'alerts': {'key': 'alerts', 'type': 'DataConnectorDataTypeCommon'}, - 'discovery_logs': {'key': 'discoveryLogs', 'type': 'DataConnectorDataTypeCommon'}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[OfficeConsent]"}, } - def __init__( - self, - *, - alerts: Optional["_models.DataConnectorDataTypeCommon"] = None, - discovery_logs: Optional["_models.DataConnectorDataTypeCommon"] = None, - **kwargs - ): + def __init__(self, *, value: List["_models.OfficeConsent"], **kwargs): """ - :keyword alerts: Alerts data type connection. - :paramtype alerts: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon - :keyword discovery_logs: Discovery log data type connection. - :paramtype discovery_logs: ~azure.mgmt.securityinsight.models.DataConnectorDataTypeCommon + :keyword value: Array of the consents. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.OfficeConsent] """ - super(MCASDataConnectorDataTypes, self).__init__(alerts=alerts, **kwargs) - self.discovery_logs = discovery_logs + super().__init__(**kwargs) + self.next_link = None + self.value = value -class MDATPDataConnector(DataConnector): - """Represents MDATP (Microsoft Defender Advanced Threat Protection) data connector. +class OfficeDataConnector(DataConnector): + """Represents office data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -6055,34 +16386,37 @@ class MDATPDataConnector(DataConnector): :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar kind: Required. The data connector kind.Constant filled by server. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "Office365", "AmazonWebServicesCloudTrail", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection". + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar tenant_id: The tenant id to connect to, and get the data from. :vartype tenant_id: str :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :vartype data_types: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypes """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'etag': {'key': 'etag', 'type': 'str'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, - 'data_types': {'key': 'properties.dataTypes', 'type': 'AlertsDataTypeOfDataConnector'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "OfficeDataConnectorDataTypes"}, } def __init__( @@ -6090,7 +16424,7 @@ def __init__( *, etag: Optional[str] = None, tenant_id: Optional[str] = None, - data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, + data_types: Optional["_models.OfficeDataConnectorDataTypes"] = None, **kwargs ): """ @@ -6099,433 +16433,238 @@ def __init__( :keyword tenant_id: The tenant id to connect to, and get the data from. :paramtype tenant_id: str :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :paramtype data_types: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypes """ - super(MDATPDataConnector, self).__init__(etag=etag, **kwargs) - self.kind = 'MicrosoftDefenderAdvancedThreatProtection' # type: str + super().__init__(etag=etag, **kwargs) + self.kind = "Office365" # type: str self.tenant_id = tenant_id self.data_types = data_types -class MicrosoftSecurityIncidentCreationAlertRule(AlertRule): - """Represents MicrosoftSecurityIncidentCreation rule. - - Variables are only populated by the server, and will be ignored when sending a request. +class OfficeDataConnectorDataTypes(_serialization.Model): + """The available data types for office data connector. All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar etag: Etag of the azure resource. - :vartype etag: str - :ivar kind: Required. The alert rule kind.Constant filled by server. Known values are: - "Scheduled", "MicrosoftSecurityIncidentCreation", "Fusion". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind - :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. - :vartype display_names_filter: list[str] - :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :vartype display_names_exclude_filter: list[str] - :ivar product_filter: The alerts' productName on which the cases will be generated. Known - values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat - Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT". - :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :ivar severities_filter: the alerts' severities on which the cases will be generated. - :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] - :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. - :vartype alert_rule_template_name: str - :ivar description: The description of the alert rule. - :vartype description: str - :ivar display_name: The display name for alerts created by this alert rule. - :vartype display_name: str - :ivar enabled: Determines whether this alert rule is enabled or disabled. - :vartype enabled: bool - :ivar last_modified_utc: The last time that this alert has been modified. - :vartype last_modified_utc: ~datetime.datetime + :ivar exchange: Exchange data type connection. Required. + :vartype exchange: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesExchange + :ivar share_point: SharePoint data type connection. Required. + :vartype share_point: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesSharePoint + :ivar teams: Teams data type connection. Required. + :vartype teams: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesTeams """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, - 'last_modified_utc': {'readonly': True}, + "exchange": {"required": True}, + "share_point": {"required": True}, + "teams": {"required": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'etag': {'key': 'etag', 'type': 'str'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'display_names_filter': {'key': 'properties.displayNamesFilter', 'type': '[str]'}, - 'display_names_exclude_filter': {'key': 'properties.displayNamesExcludeFilter', 'type': '[str]'}, - 'product_filter': {'key': 'properties.productFilter', 'type': 'str'}, - 'severities_filter': {'key': 'properties.severitiesFilter', 'type': '[str]'}, - 'alert_rule_template_name': {'key': 'properties.alertRuleTemplateName', 'type': 'str'}, - 'description': {'key': 'properties.description', 'type': 'str'}, - 'display_name': {'key': 'properties.displayName', 'type': 'str'}, - 'enabled': {'key': 'properties.enabled', 'type': 'bool'}, - 'last_modified_utc': {'key': 'properties.lastModifiedUtc', 'type': 'iso-8601'}, + "exchange": {"key": "exchange", "type": "OfficeDataConnectorDataTypesExchange"}, + "share_point": {"key": "sharePoint", "type": "OfficeDataConnectorDataTypesSharePoint"}, + "teams": {"key": "teams", "type": "OfficeDataConnectorDataTypesTeams"}, } def __init__( self, *, - etag: Optional[str] = None, - display_names_filter: Optional[List[str]] = None, - display_names_exclude_filter: Optional[List[str]] = None, - product_filter: Optional[Union[str, "_models.MicrosoftSecurityProductName"]] = None, - severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, - alert_rule_template_name: Optional[str] = None, - description: Optional[str] = None, - display_name: Optional[str] = None, - enabled: Optional[bool] = None, + exchange: "_models.OfficeDataConnectorDataTypesExchange", + share_point: "_models.OfficeDataConnectorDataTypesSharePoint", + teams: "_models.OfficeDataConnectorDataTypesTeams", **kwargs ): """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. - :paramtype display_names_filter: list[str] - :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :paramtype display_names_exclude_filter: list[str] - :keyword product_filter: The alerts' productName on which the cases will be generated. Known - values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat - Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT". - :paramtype product_filter: str or - ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :keyword severities_filter: the alerts' severities on which the cases will be generated. - :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] - :keyword alert_rule_template_name: The Name of the alert rule template used to create this - rule. - :paramtype alert_rule_template_name: str - :keyword description: The description of the alert rule. - :paramtype description: str - :keyword display_name: The display name for alerts created by this alert rule. - :paramtype display_name: str - :keyword enabled: Determines whether this alert rule is enabled or disabled. - :paramtype enabled: bool + :keyword exchange: Exchange data type connection. Required. + :paramtype exchange: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesExchange + :keyword share_point: SharePoint data type connection. Required. + :paramtype share_point: + ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesSharePoint + :keyword teams: Teams data type connection. Required. + :paramtype teams: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesTeams """ - super(MicrosoftSecurityIncidentCreationAlertRule, self).__init__(etag=etag, **kwargs) - self.kind = 'MicrosoftSecurityIncidentCreation' # type: str - self.display_names_filter = display_names_filter - self.display_names_exclude_filter = display_names_exclude_filter - self.product_filter = product_filter - self.severities_filter = severities_filter - self.alert_rule_template_name = alert_rule_template_name - self.description = description - self.display_name = display_name - self.enabled = enabled - self.last_modified_utc = None + super().__init__(**kwargs) + self.exchange = exchange + self.share_point = share_point + self.teams = teams -class MicrosoftSecurityIncidentCreationAlertRuleCommonProperties(msrest.serialization.Model): - """MicrosoftSecurityIncidentCreation rule common property bag. +class OfficeDataConnectorDataTypesExchange(DataConnectorDataTypeCommon): + """Exchange data type connection. All required parameters must be populated in order to send to Azure. - :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. - :vartype display_names_filter: list[str] - :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :vartype display_names_exclude_filter: list[str] - :ivar product_filter: Required. The alerts' productName on which the cases will be generated. - Known values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced - Threat Protection", "Azure Active Directory Identity Protection", "Azure Security Center for - IoT". - :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :ivar severities_filter: the alerts' severities on which the cases will be generated. - :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + :ivar state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState """ _validation = { - 'product_filter': {'required': True}, + "state": {"required": True}, } _attribute_map = { - 'display_names_filter': {'key': 'displayNamesFilter', 'type': '[str]'}, - 'display_names_exclude_filter': {'key': 'displayNamesExcludeFilter', 'type': '[str]'}, - 'product_filter': {'key': 'productFilter', 'type': 'str'}, - 'severities_filter': {'key': 'severitiesFilter', 'type': '[str]'}, + "state": {"key": "state", "type": "str"}, } - def __init__( - self, - *, - product_filter: Union[str, "_models.MicrosoftSecurityProductName"], - display_names_filter: Optional[List[str]] = None, - display_names_exclude_filter: Optional[List[str]] = None, - severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, - **kwargs - ): + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): """ - :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. - :paramtype display_names_filter: list[str] - :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :paramtype display_names_exclude_filter: list[str] - :keyword product_filter: Required. The alerts' productName on which the cases will be - generated. Known values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure - Advanced Threat Protection", "Azure Active Directory Identity Protection", "Azure Security - Center for IoT". - :paramtype product_filter: str or - ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :keyword severities_filter: the alerts' severities on which the cases will be generated. - :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + :keyword state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState """ - super(MicrosoftSecurityIncidentCreationAlertRuleCommonProperties, self).__init__(**kwargs) - self.display_names_filter = display_names_filter - self.display_names_exclude_filter = display_names_exclude_filter - self.product_filter = product_filter - self.severities_filter = severities_filter + super().__init__(state=state, **kwargs) -class MicrosoftSecurityIncidentCreationAlertRuleProperties(MicrosoftSecurityIncidentCreationAlertRuleCommonProperties): - """MicrosoftSecurityIncidentCreation rule property bag. +class OfficeDataConnectorDataTypesSharePoint(DataConnectorDataTypeCommon): + """SharePoint data type connection. - Variables are only populated by the server, and will be ignored when sending a request. + All required parameters must be populated in order to send to Azure. + + :ivar state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _validation = { + "state": {"required": True}, + } + + _attribute_map = { + "state": {"key": "state", "type": "str"}, + } + + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): + """ + :keyword state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + super().__init__(state=state, **kwargs) + + +class OfficeDataConnectorDataTypesTeams(DataConnectorDataTypeCommon): + """Teams data type connection. + + All required parameters must be populated in order to send to Azure. + + :ivar state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _validation = { + "state": {"required": True}, + } + + _attribute_map = { + "state": {"key": "state", "type": "str"}, + } + + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): + """ + :keyword state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + super().__init__(state=state, **kwargs) + + +class OfficeDataConnectorProperties(DataConnectorTenantId): + """Office data connector properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. Required. + :vartype data_types: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypes + """ + + _validation = { + "tenant_id": {"required": True}, + "data_types": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + "data_types": {"key": "dataTypes", "type": "OfficeDataConnectorDataTypes"}, + } + + def __init__(self, *, tenant_id: str, data_types: "_models.OfficeDataConnectorDataTypes", **kwargs): + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. Required. + :paramtype data_types: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypes + """ + super().__init__(tenant_id=tenant_id, **kwargs) + self.data_types = data_types + + +class OfficeIRMCheckRequirements(DataConnectorsCheckRequirements): + """Represents OfficeIRM (Microsoft Insider Risk Management) requirements check request. All required parameters must be populated in order to send to Azure. - :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. - :vartype display_names_filter: list[str] - :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :vartype display_names_exclude_filter: list[str] - :ivar product_filter: Required. The alerts' productName on which the cases will be generated. - Known values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced - Threat Protection", "Azure Active Directory Identity Protection", "Azure Security Center for - IoT". - :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :ivar severities_filter: the alerts' severities on which the cases will be generated. - :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] - :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. - :vartype alert_rule_template_name: str - :ivar description: The description of the alert rule. - :vartype description: str - :ivar display_name: Required. The display name for alerts created by this alert rule. - :vartype display_name: str - :ivar enabled: Required. Determines whether this alert rule is enabled or disabled. - :vartype enabled: bool - :ivar last_modified_utc: The last time that this alert has been modified. - :vartype last_modified_utc: ~datetime.datetime + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str """ _validation = { - 'product_filter': {'required': True}, - 'display_name': {'required': True}, - 'enabled': {'required': True}, - 'last_modified_utc': {'readonly': True}, + "kind": {"required": True}, } _attribute_map = { - 'display_names_filter': {'key': 'displayNamesFilter', 'type': '[str]'}, - 'display_names_exclude_filter': {'key': 'displayNamesExcludeFilter', 'type': '[str]'}, - 'product_filter': {'key': 'productFilter', 'type': 'str'}, - 'severities_filter': {'key': 'severitiesFilter', 'type': '[str]'}, - 'alert_rule_template_name': {'key': 'alertRuleTemplateName', 'type': 'str'}, - 'description': {'key': 'description', 'type': 'str'}, - 'display_name': {'key': 'displayName', 'type': 'str'}, - 'enabled': {'key': 'enabled', 'type': 'bool'}, - 'last_modified_utc': {'key': 'lastModifiedUtc', 'type': 'iso-8601'}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, } - def __init__( - self, - *, - product_filter: Union[str, "_models.MicrosoftSecurityProductName"], - display_name: str, - enabled: bool, - display_names_filter: Optional[List[str]] = None, - display_names_exclude_filter: Optional[List[str]] = None, - severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, - alert_rule_template_name: Optional[str] = None, - description: Optional[str] = None, - **kwargs - ): + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): """ - :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. - :paramtype display_names_filter: list[str] - :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :paramtype display_names_exclude_filter: list[str] - :keyword product_filter: Required. The alerts' productName on which the cases will be - generated. Known values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure - Advanced Threat Protection", "Azure Active Directory Identity Protection", "Azure Security - Center for IoT". - :paramtype product_filter: str or - ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :keyword severities_filter: the alerts' severities on which the cases will be generated. - :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] - :keyword alert_rule_template_name: The Name of the alert rule template used to create this - rule. - :paramtype alert_rule_template_name: str - :keyword description: The description of the alert rule. - :paramtype description: str - :keyword display_name: Required. The display name for alerts created by this alert rule. - :paramtype display_name: str - :keyword enabled: Required. Determines whether this alert rule is enabled or disabled. - :paramtype enabled: bool + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str """ - super(MicrosoftSecurityIncidentCreationAlertRuleProperties, self).__init__(display_names_filter=display_names_filter, display_names_exclude_filter=display_names_exclude_filter, product_filter=product_filter, severities_filter=severities_filter, **kwargs) - self.alert_rule_template_name = alert_rule_template_name - self.description = description - self.display_name = display_name - self.enabled = enabled - self.last_modified_utc = None - + super().__init__(**kwargs) + self.kind = "OfficeIRM" # type: str + self.tenant_id = tenant_id -class MicrosoftSecurityIncidentCreationAlertRuleTemplate(AlertRuleTemplate): - """Represents MicrosoftSecurityIncidentCreation rule template. - Variables are only populated by the server, and will be ignored when sending a request. +class OfficeIRMCheckRequirementsProperties(DataConnectorTenantId): + """OfficeIRM (Microsoft Insider Risk Management) requirements check properties. All required parameters must be populated in order to send to Azure. - :ivar id: Fully qualified resource ID for the resource. Ex - - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. - :vartype id: str - :ivar name: The name of the resource. - :vartype name: str - :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or - "Microsoft.Storage/storageAccounts". - :vartype type: str - :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy - information. - :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: Required. The alert rule kind.Constant filled by server. Known values are: - "Scheduled", "MicrosoftSecurityIncidentCreation", "Fusion". - :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind - :ivar alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :vartype alert_rules_created_by_template_count: int - :ivar created_date_utc: The time that this alert rule template has been added. - :vartype created_date_utc: ~datetime.datetime - :ivar last_updated_date_utc: The time that this alert rule template was last updated. - :vartype last_updated_date_utc: ~datetime.datetime - :ivar description: The description of the alert rule template. - :vartype description: str - :ivar display_name: The display name for alert rule template. - :vartype display_name: str - :ivar required_data_connectors: The required data connectors for this template. - :vartype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :ivar status: The alert rule template status. Known values are: "Installed", "Available", - "NotAvailable". - :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :ivar display_names_filter: the alerts' displayNames on which the cases will be generated. - :vartype display_names_filter: list[str] - :ivar display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :vartype display_names_exclude_filter: list[str] - :ivar product_filter: The alerts' productName on which the cases will be generated. Known - values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat - Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT". - :vartype product_filter: str or ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :ivar severities_filter: the alerts' severities on which the cases will be generated. - :vartype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, - 'created_date_utc': {'readonly': True}, - 'last_updated_date_utc': {'readonly': True}, + "tenant_id": {"required": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'alert_rules_created_by_template_count': {'key': 'properties.alertRulesCreatedByTemplateCount', 'type': 'int'}, - 'created_date_utc': {'key': 'properties.createdDateUTC', 'type': 'iso-8601'}, - 'last_updated_date_utc': {'key': 'properties.lastUpdatedDateUTC', 'type': 'iso-8601'}, - 'description': {'key': 'properties.description', 'type': 'str'}, - 'display_name': {'key': 'properties.displayName', 'type': 'str'}, - 'required_data_connectors': {'key': 'properties.requiredDataConnectors', 'type': '[AlertRuleTemplateDataSource]'}, - 'status': {'key': 'properties.status', 'type': 'str'}, - 'display_names_filter': {'key': 'properties.displayNamesFilter', 'type': '[str]'}, - 'display_names_exclude_filter': {'key': 'properties.displayNamesExcludeFilter', 'type': '[str]'}, - 'product_filter': {'key': 'properties.productFilter', 'type': 'str'}, - 'severities_filter': {'key': 'properties.severitiesFilter', 'type': '[str]'}, + "tenant_id": {"key": "tenantId", "type": "str"}, } - def __init__( - self, - *, - alert_rules_created_by_template_count: Optional[int] = None, - description: Optional[str] = None, - display_name: Optional[str] = None, - required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, - status: Optional[Union[str, "_models.TemplateStatus"]] = None, - display_names_filter: Optional[List[str]] = None, - display_names_exclude_filter: Optional[List[str]] = None, - product_filter: Optional[Union[str, "_models.MicrosoftSecurityProductName"]] = None, - severities_filter: Optional[List[Union[str, "_models.AlertSeverity"]]] = None, - **kwargs - ): + def __init__(self, *, tenant_id: str, **kwargs): """ - :keyword alert_rules_created_by_template_count: the number of alert rules that were created by - this template. - :paramtype alert_rules_created_by_template_count: int - :keyword description: The description of the alert rule template. - :paramtype description: str - :keyword display_name: The display name for alert rule template. - :paramtype display_name: str - :keyword required_data_connectors: The required data connectors for this template. - :paramtype required_data_connectors: - list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :keyword status: The alert rule template status. Known values are: "Installed", "Available", - "NotAvailable". - :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus - :keyword display_names_filter: the alerts' displayNames on which the cases will be generated. - :paramtype display_names_filter: list[str] - :keyword display_names_exclude_filter: the alerts' displayNames on which the cases will not be - generated. - :paramtype display_names_exclude_filter: list[str] - :keyword product_filter: The alerts' productName on which the cases will be generated. Known - values are: "Microsoft Cloud App Security", "Azure Security Center", "Azure Advanced Threat - Protection", "Azure Active Directory Identity Protection", "Azure Security Center for IoT". - :paramtype product_filter: str or - ~azure.mgmt.securityinsight.models.MicrosoftSecurityProductName - :keyword severities_filter: the alerts' severities on which the cases will be generated. - :paramtype severities_filter: list[str or ~azure.mgmt.securityinsight.models.AlertSeverity] + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str """ - super(MicrosoftSecurityIncidentCreationAlertRuleTemplate, self).__init__(**kwargs) - self.kind = 'MicrosoftSecurityIncidentCreation' # type: str - self.alert_rules_created_by_template_count = alert_rules_created_by_template_count - self.created_date_utc = None - self.last_updated_date_utc = None - self.description = description - self.display_name = display_name - self.required_data_connectors = required_data_connectors - self.status = status - self.display_names_filter = display_names_filter - self.display_names_exclude_filter = display_names_exclude_filter - self.product_filter = product_filter - self.severities_filter = severities_filter + super().__init__(tenant_id=tenant_id, **kwargs) -class OfficeDataConnector(DataConnector): - """Represents office data connector. +class OfficeIRMDataConnector(DataConnector): + """Represents OfficeIRM (Microsoft Insider Risk Management) data connector. Variables are only populated by the server, and will be ignored when sending a request. @@ -6544,34 +16683,37 @@ class OfficeDataConnector(DataConnector): :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar kind: Required. The data connector kind.Constant filled by server. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "Office365", "AmazonWebServicesCloudTrail", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection". + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar tenant_id: The tenant id to connect to, and get the data from. :vartype tenant_id: str :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypes + :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'etag': {'key': 'etag', 'type': 'str'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, - 'data_types': {'key': 'properties.dataTypes', 'type': 'OfficeDataConnectorDataTypes'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "AlertsDataTypeOfDataConnector"}, } def __init__( @@ -6579,7 +16721,7 @@ def __init__( *, etag: Optional[str] = None, tenant_id: Optional[str] = None, - data_types: Optional["_models.OfficeDataConnectorDataTypes"] = None, + data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs ): """ @@ -6588,133 +16730,270 @@ def __init__( :keyword tenant_id: The tenant id to connect to, and get the data from. :paramtype tenant_id: str :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypes + :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector """ - super(OfficeDataConnector, self).__init__(etag=etag, **kwargs) - self.kind = 'Office365' # type: str + super().__init__(etag=etag, **kwargs) + self.kind = "OfficeIRM" # type: str self.tenant_id = tenant_id self.data_types = data_types -class OfficeDataConnectorDataTypes(msrest.serialization.Model): - """The available data types for office data connector. +class OfficeIRMDataConnectorProperties(DataConnectorTenantId, DataConnectorWithAlertsProperties): + """OfficeIRM (Microsoft Insider Risk Management) data connector properties. - :ivar exchange: Exchange data type connection. - :vartype exchange: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesExchange - :ivar share_point: SharePoint data type connection. - :vartype share_point: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesSharePoint - :ivar teams: Teams data type connection. - :vartype teams: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesTeams + All required parameters must be populated in order to send to Azure. + + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str """ + _validation = { + "tenant_id": {"required": True}, + } + _attribute_map = { - 'exchange': {'key': 'exchange', 'type': 'OfficeDataConnectorDataTypesExchange'}, - 'share_point': {'key': 'sharePoint', 'type': 'OfficeDataConnectorDataTypesSharePoint'}, - 'teams': {'key': 'teams', 'type': 'OfficeDataConnectorDataTypesTeams'}, + "data_types": {"key": "dataTypes", "type": "AlertsDataTypeOfDataConnector"}, + "tenant_id": {"key": "tenantId", "type": "str"}, } def __init__( - self, - *, - exchange: Optional["_models.OfficeDataConnectorDataTypesExchange"] = None, - share_point: Optional["_models.OfficeDataConnectorDataTypesSharePoint"] = None, - teams: Optional["_models.OfficeDataConnectorDataTypesTeams"] = None, - **kwargs + self, *, tenant_id: str, data_types: Optional["_models.AlertsDataTypeOfDataConnector"] = None, **kwargs ): """ - :keyword exchange: Exchange data type connection. - :paramtype exchange: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesExchange - :keyword share_point: SharePoint data type connection. - :paramtype share_point: - ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesSharePoint - :keyword teams: Teams data type connection. - :paramtype teams: ~azure.mgmt.securityinsight.models.OfficeDataConnectorDataTypesTeams + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.AlertsDataTypeOfDataConnector + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str """ - super(OfficeDataConnectorDataTypes, self).__init__(**kwargs) - self.exchange = exchange - self.share_point = share_point - self.teams = teams + super().__init__(tenant_id=tenant_id, data_types=data_types, **kwargs) + self.data_types = data_types + self.tenant_id = tenant_id -class OfficeDataConnectorDataTypesExchange(DataConnectorDataTypeCommon): - """Exchange data type connection. +class OfficePowerBICheckRequirements(DataConnectorsCheckRequirements): + """Represents Office PowerBI requirements check request. - :ivar state: Describe whether this data type connection is enabled or not. Known values are: - "Enabled", "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + All required parameters must be populated in order to send to Azure. + + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str """ + _validation = { + "kind": {"required": True}, + } + _attribute_map = { - 'state': {'key': 'state', 'type': 'str'}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, } - def __init__( - self, - *, - state: Optional[Union[str, "_models.DataTypeState"]] = None, - **kwargs - ): + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + """ + super().__init__(**kwargs) + self.kind = "OfficePowerBI" # type: str + self.tenant_id = tenant_id + + +class OfficePowerBICheckRequirementsProperties(DataConnectorTenantId): + """Office PowerBI requirements check properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + """ + + _validation = { + "tenant_id": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: str, **kwargs): + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + """ + super().__init__(tenant_id=tenant_id, **kwargs) + + +class OfficePowerBIConnectorDataTypes(_serialization.Model): + """The available data types for Office Microsoft PowerBI data connector. + + All required parameters must be populated in order to send to Azure. + + :ivar logs: Logs data type. Required. + :vartype logs: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypesLogs + """ + + _validation = { + "logs": {"required": True}, + } + + _attribute_map = { + "logs": {"key": "logs", "type": "OfficePowerBIConnectorDataTypesLogs"}, + } + + def __init__(self, *, logs: "_models.OfficePowerBIConnectorDataTypesLogs", **kwargs): + """ + :keyword logs: Logs data type. Required. + :paramtype logs: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypesLogs + """ + super().__init__(**kwargs) + self.logs = logs + + +class OfficePowerBIConnectorDataTypesLogs(DataConnectorDataTypeCommon): + """Logs data type. + + All required parameters must be populated in order to send to Azure. + + :ivar state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _validation = { + "state": {"required": True}, + } + + _attribute_map = { + "state": {"key": "state", "type": "str"}, + } + + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): """ - :keyword state: Describe whether this data type connection is enabled or not. Known values are: - "Enabled", "Disabled". + :keyword state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState """ - super(OfficeDataConnectorDataTypesExchange, self).__init__(state=state, **kwargs) + super().__init__(state=state, **kwargs) -class OfficeDataConnectorDataTypesSharePoint(DataConnectorDataTypeCommon): - """SharePoint data type connection. +class OfficePowerBIDataConnector(DataConnector): + """Represents Office Microsoft PowerBI data connector. - :ivar state: Describe whether this data type connection is enabled or not. Known values are: - "Enabled", "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypes """ + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + } + _attribute_map = { - 'state': {'key': 'state', 'type': 'str'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "OfficePowerBIConnectorDataTypes"}, } def __init__( self, *, - state: Optional[Union[str, "_models.DataTypeState"]] = None, + etag: Optional[str] = None, + tenant_id: Optional[str] = None, + data_types: Optional["_models.OfficePowerBIConnectorDataTypes"] = None, **kwargs ): """ - :keyword state: Describe whether this data type connection is enabled or not. Known values are: - "Enabled", "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypes """ - super(OfficeDataConnectorDataTypesSharePoint, self).__init__(state=state, **kwargs) + super().__init__(etag=etag, **kwargs) + self.kind = "OfficePowerBI" # type: str + self.tenant_id = tenant_id + self.data_types = data_types -class OfficeDataConnectorDataTypesTeams(DataConnectorDataTypeCommon): - """Teams data type connection. +class OfficePowerBIDataConnectorProperties(DataConnectorTenantId): + """Office Microsoft PowerBI data connector properties. - :ivar state: Describe whether this data type connection is enabled or not. Known values are: - "Enabled", "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + :ivar data_types: The available data types for the connector. Required. + :vartype data_types: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypes """ + _validation = { + "tenant_id": {"required": True}, + "data_types": {"required": True}, + } + _attribute_map = { - 'state': {'key': 'state', 'type': 'str'}, + "tenant_id": {"key": "tenantId", "type": "str"}, + "data_types": {"key": "dataTypes", "type": "OfficePowerBIConnectorDataTypes"}, } - def __init__( - self, - *, - state: Optional[Union[str, "_models.DataTypeState"]] = None, - **kwargs - ): + def __init__(self, *, tenant_id: str, data_types: "_models.OfficePowerBIConnectorDataTypes", **kwargs): """ - :keyword state: Describe whether this data type connection is enabled or not. Known values are: - "Enabled", "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + :keyword data_types: The available data types for the connector. Required. + :paramtype data_types: ~azure.mgmt.securityinsight.models.OfficePowerBIConnectorDataTypes """ - super(OfficeDataConnectorDataTypesTeams, self).__init__(state=state, **kwargs) + super().__init__(tenant_id=tenant_id, **kwargs) + self.data_types = data_types -class Operation(msrest.serialization.Model): +class Operation(_serialization.Model): """Operation provided by provider. :ivar display: Properties of the operation. @@ -6728,10 +17007,10 @@ class Operation(msrest.serialization.Model): """ _attribute_map = { - 'display': {'key': 'display', 'type': 'OperationDisplay'}, - 'name': {'key': 'name', 'type': 'str'}, - 'origin': {'key': 'origin', 'type': 'str'}, - 'is_data_action': {'key': 'isDataAction', 'type': 'bool'}, + "display": {"key": "display", "type": "OperationDisplay"}, + "name": {"key": "name", "type": "str"}, + "origin": {"key": "origin", "type": "str"}, + "is_data_action": {"key": "isDataAction", "type": "bool"}, } def __init__( @@ -6753,14 +17032,14 @@ def __init__( :keyword is_data_action: Indicates whether the operation is a data action. :paramtype is_data_action: bool """ - super(Operation, self).__init__(**kwargs) + super().__init__(**kwargs) self.display = display self.name = name self.origin = origin self.is_data_action = is_data_action -class OperationDisplay(msrest.serialization.Model): +class OperationDisplay(_serialization.Model): """Properties of the operation. :ivar description: Description of the operation. @@ -6774,10 +17053,10 @@ class OperationDisplay(msrest.serialization.Model): """ _attribute_map = { - 'description': {'key': 'description', 'type': 'str'}, - 'operation': {'key': 'operation', 'type': 'str'}, - 'provider': {'key': 'provider', 'type': 'str'}, - 'resource': {'key': 'resource', 'type': 'str'}, + "description": {"key": "description", "type": "str"}, + "operation": {"key": "operation", "type": "str"}, + "provider": {"key": "provider", "type": "str"}, + "resource": {"key": "resource", "type": "str"}, } def __init__( @@ -6799,14 +17078,14 @@ def __init__( :keyword resource: Resource name. :paramtype resource: str """ - super(OperationDisplay, self).__init__(**kwargs) + super().__init__(**kwargs) self.description = description self.operation = operation self.provider = provider self.resource = resource -class OperationsList(msrest.serialization.Model): +class OperationsList(_serialization.Model): """Lists the operations available in the SecurityInsights RP. Variables are only populated by the server, and will be ignored when sending a request. @@ -6815,74 +17094,243 @@ class OperationsList(msrest.serialization.Model): :ivar next_link: URL to fetch the next set of operations. :vartype next_link: str - :ivar value: Required. Array of operations. + :ivar value: Array of operations. Required. :vartype value: list[~azure.mgmt.securityinsight.models.Operation] """ _validation = { - 'next_link': {'readonly': True}, - 'value': {'required': True}, + "next_link": {"readonly": True}, + "value": {"required": True}, + } + + _attribute_map = { + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[Operation]"}, } + def __init__(self, *, value: List["_models.Operation"], **kwargs): + """ + :keyword value: Array of operations. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.Operation] + """ + super().__init__(**kwargs) + self.next_link = None + self.value = value + + +class Permissions(_serialization.Model): + """Permissions required for the connector. + + :ivar resource_provider: Resource provider permissions required for the connector. + :vartype resource_provider: + list[~azure.mgmt.securityinsight.models.PermissionsResourceProviderItem] + :ivar customs: Customs permissions required for the connector. + :vartype customs: list[~azure.mgmt.securityinsight.models.PermissionsCustomsItem] + """ + _attribute_map = { - 'next_link': {'key': 'nextLink', 'type': 'str'}, - 'value': {'key': 'value', 'type': '[Operation]'}, + "resource_provider": {"key": "resourceProvider", "type": "[PermissionsResourceProviderItem]"}, + "customs": {"key": "customs", "type": "[PermissionsCustomsItem]"}, } def __init__( self, *, - value: List["_models.Operation"], + resource_provider: Optional[List["_models.PermissionsResourceProviderItem"]] = None, + customs: Optional[List["_models.PermissionsCustomsItem"]] = None, **kwargs ): """ - :keyword value: Required. Array of operations. - :paramtype value: list[~azure.mgmt.securityinsight.models.Operation] + :keyword resource_provider: Resource provider permissions required for the connector. + :paramtype resource_provider: + list[~azure.mgmt.securityinsight.models.PermissionsResourceProviderItem] + :keyword customs: Customs permissions required for the connector. + :paramtype customs: list[~azure.mgmt.securityinsight.models.PermissionsCustomsItem] """ - super(OperationsList, self).__init__(**kwargs) - self.next_link = None - self.value = value + super().__init__(**kwargs) + self.resource_provider = resource_provider + self.customs = customs -class PlaybookActionProperties(msrest.serialization.Model): - """PlaybookActionProperties. +class PermissionsCustomsItem(Customs): + """PermissionsCustomsItem. - All required parameters must be populated in order to send to Azure. + :ivar name: Customs permissions name. + :vartype name: str + :ivar description: Customs permissions description. + :vartype description: str + """ - :ivar logic_app_resource_id: Required. The resource id of the playbook resource. - :vartype logic_app_resource_id: str - :ivar tenant_id: The tenant id of the playbook resource. - :vartype tenant_id: str + _attribute_map = { + "name": {"key": "name", "type": "str"}, + "description": {"key": "description", "type": "str"}, + } + + def __init__(self, *, name: Optional[str] = None, description: Optional[str] = None, **kwargs): + """ + :keyword name: Customs permissions name. + :paramtype name: str + :keyword description: Customs permissions description. + :paramtype description: str + """ + super().__init__(name=name, description=description, **kwargs) + + +class ResourceProvider(_serialization.Model): + """Resource provider permissions required for the connector. + + :ivar provider: Provider name. Known values are: "Microsoft.OperationalInsights/solutions", + "Microsoft.OperationalInsights/workspaces", + "Microsoft.OperationalInsights/workspaces/datasources", "microsoft.aadiam/diagnosticSettings", + "Microsoft.OperationalInsights/workspaces/sharedKeys", and + "Microsoft.Authorization/policyAssignments". + :vartype provider: str or ~azure.mgmt.securityinsight.models.ProviderName + :ivar permissions_display_text: Permission description text. + :vartype permissions_display_text: str + :ivar provider_display_name: Permission provider display name. + :vartype provider_display_name: str + :ivar scope: Permission provider scope. Known values are: "ResourceGroup", "Subscription", and + "Workspace". + :vartype scope: str or ~azure.mgmt.securityinsight.models.PermissionProviderScope + :ivar required_permissions: Required permissions for the connector. + :vartype required_permissions: ~azure.mgmt.securityinsight.models.RequiredPermissions """ - _validation = { - 'logic_app_resource_id': {'required': True}, + _attribute_map = { + "provider": {"key": "provider", "type": "str"}, + "permissions_display_text": {"key": "permissionsDisplayText", "type": "str"}, + "provider_display_name": {"key": "providerDisplayName", "type": "str"}, + "scope": {"key": "scope", "type": "str"}, + "required_permissions": {"key": "requiredPermissions", "type": "RequiredPermissions"}, } + def __init__( + self, + *, + provider: Optional[Union[str, "_models.ProviderName"]] = None, + permissions_display_text: Optional[str] = None, + provider_display_name: Optional[str] = None, + scope: Optional[Union[str, "_models.PermissionProviderScope"]] = None, + required_permissions: Optional["_models.RequiredPermissions"] = None, + **kwargs + ): + """ + :keyword provider: Provider name. Known values are: "Microsoft.OperationalInsights/solutions", + "Microsoft.OperationalInsights/workspaces", + "Microsoft.OperationalInsights/workspaces/datasources", "microsoft.aadiam/diagnosticSettings", + "Microsoft.OperationalInsights/workspaces/sharedKeys", and + "Microsoft.Authorization/policyAssignments". + :paramtype provider: str or ~azure.mgmt.securityinsight.models.ProviderName + :keyword permissions_display_text: Permission description text. + :paramtype permissions_display_text: str + :keyword provider_display_name: Permission provider display name. + :paramtype provider_display_name: str + :keyword scope: Permission provider scope. Known values are: "ResourceGroup", "Subscription", + and "Workspace". + :paramtype scope: str or ~azure.mgmt.securityinsight.models.PermissionProviderScope + :keyword required_permissions: Required permissions for the connector. + :paramtype required_permissions: ~azure.mgmt.securityinsight.models.RequiredPermissions + """ + super().__init__(**kwargs) + self.provider = provider + self.permissions_display_text = permissions_display_text + self.provider_display_name = provider_display_name + self.scope = scope + self.required_permissions = required_permissions + + +class PermissionsResourceProviderItem(ResourceProvider): + """PermissionsResourceProviderItem. + + :ivar provider: Provider name. Known values are: "Microsoft.OperationalInsights/solutions", + "Microsoft.OperationalInsights/workspaces", + "Microsoft.OperationalInsights/workspaces/datasources", "microsoft.aadiam/diagnosticSettings", + "Microsoft.OperationalInsights/workspaces/sharedKeys", and + "Microsoft.Authorization/policyAssignments". + :vartype provider: str or ~azure.mgmt.securityinsight.models.ProviderName + :ivar permissions_display_text: Permission description text. + :vartype permissions_display_text: str + :ivar provider_display_name: Permission provider display name. + :vartype provider_display_name: str + :ivar scope: Permission provider scope. Known values are: "ResourceGroup", "Subscription", and + "Workspace". + :vartype scope: str or ~azure.mgmt.securityinsight.models.PermissionProviderScope + :ivar required_permissions: Required permissions for the connector. + :vartype required_permissions: ~azure.mgmt.securityinsight.models.RequiredPermissions + """ + _attribute_map = { - 'logic_app_resource_id': {'key': 'logicAppResourceId', 'type': 'str'}, - 'tenant_id': {'key': 'tenantId', 'type': 'str'}, + "provider": {"key": "provider", "type": "str"}, + "permissions_display_text": {"key": "permissionsDisplayText", "type": "str"}, + "provider_display_name": {"key": "providerDisplayName", "type": "str"}, + "scope": {"key": "scope", "type": "str"}, + "required_permissions": {"key": "requiredPermissions", "type": "RequiredPermissions"}, } def __init__( self, *, - logic_app_resource_id: str, - tenant_id: Optional[str] = None, + provider: Optional[Union[str, "_models.ProviderName"]] = None, + permissions_display_text: Optional[str] = None, + provider_display_name: Optional[str] = None, + scope: Optional[Union[str, "_models.PermissionProviderScope"]] = None, + required_permissions: Optional["_models.RequiredPermissions"] = None, **kwargs ): """ - :keyword logic_app_resource_id: Required. The resource id of the playbook resource. + :keyword provider: Provider name. Known values are: "Microsoft.OperationalInsights/solutions", + "Microsoft.OperationalInsights/workspaces", + "Microsoft.OperationalInsights/workspaces/datasources", "microsoft.aadiam/diagnosticSettings", + "Microsoft.OperationalInsights/workspaces/sharedKeys", and + "Microsoft.Authorization/policyAssignments". + :paramtype provider: str or ~azure.mgmt.securityinsight.models.ProviderName + :keyword permissions_display_text: Permission description text. + :paramtype permissions_display_text: str + :keyword provider_display_name: Permission provider display name. + :paramtype provider_display_name: str + :keyword scope: Permission provider scope. Known values are: "ResourceGroup", "Subscription", + and "Workspace". + :paramtype scope: str or ~azure.mgmt.securityinsight.models.PermissionProviderScope + :keyword required_permissions: Required permissions for the connector. + :paramtype required_permissions: ~azure.mgmt.securityinsight.models.RequiredPermissions + """ + super().__init__( + provider=provider, + permissions_display_text=permissions_display_text, + provider_display_name=provider_display_name, + scope=scope, + required_permissions=required_permissions, + **kwargs + ) + + +class PlaybookActionProperties(_serialization.Model): + """PlaybookActionProperties. + + :ivar logic_app_resource_id: The resource id of the playbook resource. + :vartype logic_app_resource_id: str + :ivar tenant_id: The tenant id of the playbook resource. + :vartype tenant_id: str + """ + + _attribute_map = { + "logic_app_resource_id": {"key": "logicAppResourceId", "type": "str"}, + "tenant_id": {"key": "tenantId", "type": "str"}, + } + + def __init__(self, *, logic_app_resource_id: Optional[str] = None, tenant_id: Optional[str] = None, **kwargs): + """ + :keyword logic_app_resource_id: The resource id of the playbook resource. :paramtype logic_app_resource_id: str :keyword tenant_id: The tenant id of the playbook resource. :paramtype tenant_id: str """ - super(PlaybookActionProperties, self).__init__(**kwargs) + super().__init__(**kwargs) self.logic_app_resource_id = logic_app_resource_id self.tenant_id = tenant_id -class ProcessEntity(Entity): +class ProcessEntity(Entity): # pylint: disable=too-many-instance-attributes """Represents a process entity. Variables are only populated by the server, and will be ignored when sending a request. @@ -6900,15 +17348,14 @@ class ProcessEntity(Entity): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: Required. The kind of the entity.Constant filled by server. Known values are: - "Account", "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", - "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", - "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", - "SubmissionMail". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str @@ -6919,7 +17366,7 @@ class ProcessEntity(Entity): :ivar creation_time_utc: The time when the process started to run. :vartype creation_time_utc: ~datetime.datetime :ivar elevation_token: The elevation token associated with the process. Known values are: - "Default", "Full", "Limited". + "Default", "Full", and "Limited". :vartype elevation_token: str or ~azure.mgmt.securityinsight.models.ElevationToken :ivar host_entity_id: The host entity id on which the process was running. :vartype host_entity_id: str @@ -6934,55 +17381,50 @@ class ProcessEntity(Entity): """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'account_entity_id': {'readonly': True}, - 'command_line': {'readonly': True}, - 'creation_time_utc': {'readonly': True}, - 'host_entity_id': {'readonly': True}, - 'host_logon_session_entity_id': {'readonly': True}, - 'image_file_entity_id': {'readonly': True}, - 'parent_process_entity_id': {'readonly': True}, - 'process_id': {'readonly': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "account_entity_id": {"readonly": True}, + "command_line": {"readonly": True}, + "creation_time_utc": {"readonly": True}, + "host_entity_id": {"readonly": True}, + "host_logon_session_entity_id": {"readonly": True}, + "image_file_entity_id": {"readonly": True}, + "parent_process_entity_id": {"readonly": True}, + "process_id": {"readonly": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, - 'account_entity_id': {'key': 'properties.accountEntityId', 'type': 'str'}, - 'command_line': {'key': 'properties.commandLine', 'type': 'str'}, - 'creation_time_utc': {'key': 'properties.creationTimeUtc', 'type': 'iso-8601'}, - 'elevation_token': {'key': 'properties.elevationToken', 'type': 'str'}, - 'host_entity_id': {'key': 'properties.hostEntityId', 'type': 'str'}, - 'host_logon_session_entity_id': {'key': 'properties.hostLogonSessionEntityId', 'type': 'str'}, - 'image_file_entity_id': {'key': 'properties.imageFileEntityId', 'type': 'str'}, - 'parent_process_entity_id': {'key': 'properties.parentProcessEntityId', 'type': 'str'}, - 'process_id': {'key': 'properties.processId', 'type': 'str'}, - } - - def __init__( - self, - *, - elevation_token: Optional[Union[str, "_models.ElevationToken"]] = None, - **kwargs - ): + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "account_entity_id": {"key": "properties.accountEntityId", "type": "str"}, + "command_line": {"key": "properties.commandLine", "type": "str"}, + "creation_time_utc": {"key": "properties.creationTimeUtc", "type": "iso-8601"}, + "elevation_token": {"key": "properties.elevationToken", "type": "str"}, + "host_entity_id": {"key": "properties.hostEntityId", "type": "str"}, + "host_logon_session_entity_id": {"key": "properties.hostLogonSessionEntityId", "type": "str"}, + "image_file_entity_id": {"key": "properties.imageFileEntityId", "type": "str"}, + "parent_process_entity_id": {"key": "properties.parentProcessEntityId", "type": "str"}, + "process_id": {"key": "properties.processId", "type": "str"}, + } + + def __init__(self, *, elevation_token: Optional[Union[str, "_models.ElevationToken"]] = None, **kwargs): """ :keyword elevation_token: The elevation token associated with the process. Known values are: - "Default", "Full", "Limited". + "Default", "Full", and "Limited". :paramtype elevation_token: str or ~azure.mgmt.securityinsight.models.ElevationToken """ - super(ProcessEntity, self).__init__(**kwargs) - self.kind = 'Process' # type: str + super().__init__(**kwargs) + self.kind = "Process" # type: str self.additional_data = None self.friendly_name = None self.account_entity_id = None @@ -6996,14 +17438,14 @@ def __init__( self.process_id = None -class ProcessEntityProperties(EntityCommonProperties): +class ProcessEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes """Process entity property bag. Variables are only populated by the server, and will be ignored when sending a request. :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str @@ -7014,7 +17456,7 @@ class ProcessEntityProperties(EntityCommonProperties): :ivar creation_time_utc: The time when the process started to run. :vartype creation_time_utc: ~datetime.datetime :ivar elevation_token: The elevation token associated with the process. Known values are: - "Default", "Full", "Limited". + "Default", "Full", and "Limited". :vartype elevation_token: str or ~azure.mgmt.securityinsight.models.ElevationToken :ivar host_entity_id: The host entity id on which the process was running. :vartype host_entity_id: str @@ -7029,44 +17471,39 @@ class ProcessEntityProperties(EntityCommonProperties): """ _validation = { - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'account_entity_id': {'readonly': True}, - 'command_line': {'readonly': True}, - 'creation_time_utc': {'readonly': True}, - 'host_entity_id': {'readonly': True}, - 'host_logon_session_entity_id': {'readonly': True}, - 'image_file_entity_id': {'readonly': True}, - 'parent_process_entity_id': {'readonly': True}, - 'process_id': {'readonly': True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "account_entity_id": {"readonly": True}, + "command_line": {"readonly": True}, + "creation_time_utc": {"readonly": True}, + "host_entity_id": {"readonly": True}, + "host_logon_session_entity_id": {"readonly": True}, + "image_file_entity_id": {"readonly": True}, + "parent_process_entity_id": {"readonly": True}, + "process_id": {"readonly": True}, } _attribute_map = { - 'additional_data': {'key': 'additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'friendlyName', 'type': 'str'}, - 'account_entity_id': {'key': 'accountEntityId', 'type': 'str'}, - 'command_line': {'key': 'commandLine', 'type': 'str'}, - 'creation_time_utc': {'key': 'creationTimeUtc', 'type': 'iso-8601'}, - 'elevation_token': {'key': 'elevationToken', 'type': 'str'}, - 'host_entity_id': {'key': 'hostEntityId', 'type': 'str'}, - 'host_logon_session_entity_id': {'key': 'hostLogonSessionEntityId', 'type': 'str'}, - 'image_file_entity_id': {'key': 'imageFileEntityId', 'type': 'str'}, - 'parent_process_entity_id': {'key': 'parentProcessEntityId', 'type': 'str'}, - 'process_id': {'key': 'processId', 'type': 'str'}, + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "account_entity_id": {"key": "accountEntityId", "type": "str"}, + "command_line": {"key": "commandLine", "type": "str"}, + "creation_time_utc": {"key": "creationTimeUtc", "type": "iso-8601"}, + "elevation_token": {"key": "elevationToken", "type": "str"}, + "host_entity_id": {"key": "hostEntityId", "type": "str"}, + "host_logon_session_entity_id": {"key": "hostLogonSessionEntityId", "type": "str"}, + "image_file_entity_id": {"key": "imageFileEntityId", "type": "str"}, + "parent_process_entity_id": {"key": "parentProcessEntityId", "type": "str"}, + "process_id": {"key": "processId", "type": "str"}, } - def __init__( - self, - *, - elevation_token: Optional[Union[str, "_models.ElevationToken"]] = None, - **kwargs - ): + def __init__(self, *, elevation_token: Optional[Union[str, "_models.ElevationToken"]] = None, **kwargs): """ :keyword elevation_token: The elevation token associated with the process. Known values are: - "Default", "Full", "Limited". + "Default", "Full", and "Limited". :paramtype elevation_token: str or ~azure.mgmt.securityinsight.models.ElevationToken """ - super(ProcessEntityProperties, self).__init__(**kwargs) + super().__init__(**kwargs) self.account_entity_id = None self.command_line = None self.creation_time_utc = None @@ -7078,40 +17515,149 @@ def __init__( self.process_id = None -class PropertyConditionProperties(AutomationRuleCondition): - """Describes an automation rule condition that evaluates a property's value. +class PropertyArrayChangedConditionProperties(AutomationRuleCondition): + """Describes an automation rule condition that evaluates an array property's value change. All required parameters must be populated in order to send to Azure. - :ivar condition_type: Required. Constant filled by server. Known values are: "Property". + :ivar condition_type: Required. Known values are: "Property", "PropertyArray", + "PropertyChanged", "PropertyArrayChanged", and "Boolean". :vartype condition_type: str or ~azure.mgmt.securityinsight.models.ConditionType :ivar condition_properties: :vartype condition_properties: - ~azure.mgmt.securityinsight.models.AutomationRulePropertyValuesCondition + ~azure.mgmt.securityinsight.models.AutomationRulePropertyArrayChangedValuesCondition """ _validation = { - 'condition_type': {'required': True}, + "condition_type": {"required": True}, } _attribute_map = { - 'condition_type': {'key': 'conditionType', 'type': 'str'}, - 'condition_properties': {'key': 'conditionProperties', 'type': 'AutomationRulePropertyValuesCondition'}, + "condition_type": {"key": "conditionType", "type": "str"}, + "condition_properties": { + "key": "conditionProperties", + "type": "AutomationRulePropertyArrayChangedValuesCondition", + }, } def __init__( self, *, - condition_properties: Optional["_models.AutomationRulePropertyValuesCondition"] = None, + condition_properties: Optional["_models.AutomationRulePropertyArrayChangedValuesCondition"] = None, **kwargs + ): + """ + :keyword condition_properties: + :paramtype condition_properties: + ~azure.mgmt.securityinsight.models.AutomationRulePropertyArrayChangedValuesCondition + """ + super().__init__(**kwargs) + self.condition_type = "PropertyArrayChanged" # type: str + self.condition_properties = condition_properties + + +class PropertyArrayConditionProperties(AutomationRuleCondition): + """Describes an automation rule condition that evaluates an array property's value. + + All required parameters must be populated in order to send to Azure. + + :ivar condition_type: Required. Known values are: "Property", "PropertyArray", + "PropertyChanged", "PropertyArrayChanged", and "Boolean". + :vartype condition_type: str or ~azure.mgmt.securityinsight.models.ConditionType + :ivar condition_properties: + :vartype condition_properties: + ~azure.mgmt.securityinsight.models.AutomationRulePropertyArrayValuesCondition + """ + + _validation = { + "condition_type": {"required": True}, + } + + _attribute_map = { + "condition_type": {"key": "conditionType", "type": "str"}, + "condition_properties": {"key": "conditionProperties", "type": "AutomationRulePropertyArrayValuesCondition"}, + } + + def __init__( + self, *, condition_properties: Optional["_models.AutomationRulePropertyArrayValuesCondition"] = None, **kwargs + ): + """ + :keyword condition_properties: + :paramtype condition_properties: + ~azure.mgmt.securityinsight.models.AutomationRulePropertyArrayValuesCondition + """ + super().__init__(**kwargs) + self.condition_type = "PropertyArray" # type: str + self.condition_properties = condition_properties + + +class PropertyChangedConditionProperties(AutomationRuleCondition): + """Describes an automation rule condition that evaluates a property's value change. + + All required parameters must be populated in order to send to Azure. + + :ivar condition_type: Required. Known values are: "Property", "PropertyArray", + "PropertyChanged", "PropertyArrayChanged", and "Boolean". + :vartype condition_type: str or ~azure.mgmt.securityinsight.models.ConditionType + :ivar condition_properties: + :vartype condition_properties: + ~azure.mgmt.securityinsight.models.AutomationRulePropertyValuesChangedCondition + """ + + _validation = { + "condition_type": {"required": True}, + } + + _attribute_map = { + "condition_type": {"key": "conditionType", "type": "str"}, + "condition_properties": {"key": "conditionProperties", "type": "AutomationRulePropertyValuesChangedCondition"}, + } + + def __init__( + self, *, condition_properties: Optional["_models.AutomationRulePropertyValuesChangedCondition"] = None, **kwargs + ): + """ + :keyword condition_properties: + :paramtype condition_properties: + ~azure.mgmt.securityinsight.models.AutomationRulePropertyValuesChangedCondition + """ + super().__init__(**kwargs) + self.condition_type = "PropertyChanged" # type: str + self.condition_properties = condition_properties + + +class PropertyConditionProperties(AutomationRuleCondition): + """Describes an automation rule condition that evaluates a property's value. + + All required parameters must be populated in order to send to Azure. + + :ivar condition_type: Required. Known values are: "Property", "PropertyArray", + "PropertyChanged", "PropertyArrayChanged", and "Boolean". + :vartype condition_type: str or ~azure.mgmt.securityinsight.models.ConditionType + :ivar condition_properties: + :vartype condition_properties: + ~azure.mgmt.securityinsight.models.AutomationRulePropertyValuesCondition + """ + + _validation = { + "condition_type": {"required": True}, + } + + _attribute_map = { + "condition_type": {"key": "conditionType", "type": "str"}, + "condition_properties": {"key": "conditionProperties", "type": "AutomationRulePropertyValuesCondition"}, + } + + def __init__( + self, *, condition_properties: Optional["_models.AutomationRulePropertyValuesCondition"] = None, **kwargs ): """ :keyword condition_properties: :paramtype condition_properties: ~azure.mgmt.securityinsight.models.AutomationRulePropertyValuesCondition """ - super(PropertyConditionProperties, self).__init__(**kwargs) - self.condition_type = 'Property' # type: str + super().__init__(**kwargs) + self.condition_type = "Property" # type: str self.condition_properties = condition_properties @@ -7133,21 +17679,20 @@ class RegistryKeyEntity(Entity): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: Required. The kind of the entity.Constant filled by server. Known values are: - "Account", "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", - "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", - "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", - "SubmissionMail". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str :ivar hive: the hive that holds the registry key. Known values are: "HKEY_LOCAL_MACHINE", "HKEY_CLASSES_ROOT", "HKEY_CURRENT_CONFIG", "HKEY_USERS", "HKEY_CURRENT_USER_LOCAL_SETTINGS", - "HKEY_PERFORMANCE_DATA", "HKEY_PERFORMANCE_NLSTEXT", "HKEY_PERFORMANCE_TEXT", "HKEY_A", + "HKEY_PERFORMANCE_DATA", "HKEY_PERFORMANCE_NLSTEXT", "HKEY_PERFORMANCE_TEXT", "HKEY_A", and "HKEY_CURRENT_USER". :vartype hive: str or ~azure.mgmt.securityinsight.models.RegistryHive :ivar key: The registry key path. @@ -7155,37 +17700,33 @@ class RegistryKeyEntity(Entity): """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'hive': {'readonly': True}, - 'key': {'readonly': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "hive": {"readonly": True}, + "key": {"readonly": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, - 'hive': {'key': 'properties.hive', 'type': 'str'}, - 'key': {'key': 'properties.key', 'type': 'str'}, - } - - def __init__( - self, - **kwargs - ): - """ - """ - super(RegistryKeyEntity, self).__init__(**kwargs) - self.kind = 'RegistryKey' # type: str + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "hive": {"key": "properties.hive", "type": "str"}, + "key": {"key": "properties.key", "type": "str"}, + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.kind = "RegistryKey" # type: str self.additional_data = None self.friendly_name = None self.hive = None @@ -7199,13 +17740,13 @@ class RegistryKeyEntityProperties(EntityCommonProperties): :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str :ivar hive: the hive that holds the registry key. Known values are: "HKEY_LOCAL_MACHINE", "HKEY_CLASSES_ROOT", "HKEY_CURRENT_CONFIG", "HKEY_USERS", "HKEY_CURRENT_USER_LOCAL_SETTINGS", - "HKEY_PERFORMANCE_DATA", "HKEY_PERFORMANCE_NLSTEXT", "HKEY_PERFORMANCE_TEXT", "HKEY_A", + "HKEY_PERFORMANCE_DATA", "HKEY_PERFORMANCE_NLSTEXT", "HKEY_PERFORMANCE_TEXT", "HKEY_A", and "HKEY_CURRENT_USER". :vartype hive: str or ~azure.mgmt.securityinsight.models.RegistryHive :ivar key: The registry key path. @@ -7213,31 +17754,27 @@ class RegistryKeyEntityProperties(EntityCommonProperties): """ _validation = { - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'hive': {'readonly': True}, - 'key': {'readonly': True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "hive": {"readonly": True}, + "key": {"readonly": True}, } _attribute_map = { - 'additional_data': {'key': 'additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'friendlyName', 'type': 'str'}, - 'hive': {'key': 'hive', 'type': 'str'}, - 'key': {'key': 'key', 'type': 'str'}, + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "hive": {"key": "hive", "type": "str"}, + "key": {"key": "key", "type": "str"}, } - def __init__( - self, - **kwargs - ): - """ - """ - super(RegistryKeyEntityProperties, self).__init__(**kwargs) + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) self.hive = None self.key = None -class RegistryValueEntity(Entity): +class RegistryValueEntity(Entity): # pylint: disable=too-many-instance-attributes """Represents a registry value entity. Variables are only populated by the server, and will be ignored when sending a request. @@ -7255,15 +17792,14 @@ class RegistryValueEntity(Entity): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: Required. The kind of the entity.Constant filled by server. Known values are: - "Account", "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", - "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", - "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", - "SubmissionMail". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str @@ -7275,46 +17811,42 @@ class RegistryValueEntity(Entity): :vartype value_name: str :ivar value_type: Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry. Known values are: "None", "Unknown", - "String", "ExpandString", "Binary", "DWord", "MultiString", "QWord". + "String", "ExpandString", "Binary", "DWord", "MultiString", and "QWord". :vartype value_type: str or ~azure.mgmt.securityinsight.models.RegistryValueKind """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'key_entity_id': {'readonly': True}, - 'value_data': {'readonly': True}, - 'value_name': {'readonly': True}, - 'value_type': {'readonly': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "key_entity_id": {"readonly": True}, + "value_data": {"readonly": True}, + "value_name": {"readonly": True}, + "value_type": {"readonly": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, - 'key_entity_id': {'key': 'properties.keyEntityId', 'type': 'str'}, - 'value_data': {'key': 'properties.valueData', 'type': 'str'}, - 'value_name': {'key': 'properties.valueName', 'type': 'str'}, - 'value_type': {'key': 'properties.valueType', 'type': 'str'}, - } - - def __init__( - self, - **kwargs - ): - """ - """ - super(RegistryValueEntity, self).__init__(**kwargs) - self.kind = 'RegistryValue' # type: str + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "key_entity_id": {"key": "properties.keyEntityId", "type": "str"}, + "value_data": {"key": "properties.valueData", "type": "str"}, + "value_name": {"key": "properties.valueName", "type": "str"}, + "value_type": {"key": "properties.valueType", "type": "str"}, + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.kind = "RegistryValue" # type: str self.additional_data = None self.friendly_name = None self.key_entity_id = None @@ -7330,7 +17862,7 @@ class RegistryValueEntityProperties(EntityCommonProperties): :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str @@ -7342,35 +17874,31 @@ class RegistryValueEntityProperties(EntityCommonProperties): :vartype value_name: str :ivar value_type: Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry. Known values are: "None", "Unknown", - "String", "ExpandString", "Binary", "DWord", "MultiString", "QWord". + "String", "ExpandString", "Binary", "DWord", "MultiString", and "QWord". :vartype value_type: str or ~azure.mgmt.securityinsight.models.RegistryValueKind """ _validation = { - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'key_entity_id': {'readonly': True}, - 'value_data': {'readonly': True}, - 'value_name': {'readonly': True}, - 'value_type': {'readonly': True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "key_entity_id": {"readonly": True}, + "value_data": {"readonly": True}, + "value_name": {"readonly": True}, + "value_type": {"readonly": True}, } _attribute_map = { - 'additional_data': {'key': 'additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'friendlyName', 'type': 'str'}, - 'key_entity_id': {'key': 'keyEntityId', 'type': 'str'}, - 'value_data': {'key': 'valueData', 'type': 'str'}, - 'value_name': {'key': 'valueName', 'type': 'str'}, - 'value_type': {'key': 'valueType', 'type': 'str'}, + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "key_entity_id": {"key": "keyEntityId", "type": "str"}, + "value_data": {"key": "valueData", "type": "str"}, + "value_name": {"key": "valueName", "type": "str"}, + "value_type": {"key": "valueType", "type": "str"}, } - def __init__( - self, - **kwargs - ): - """ - """ - super(RegistryValueEntityProperties, self).__init__(**kwargs) + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) self.key_entity_id = None self.value_data = None self.value_name = None @@ -7405,87 +17933,289 @@ class Relation(ResourceWithEtag): :vartype related_resource_kind: str """ - _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'related_resource_name': {'readonly': True}, - 'related_resource_type': {'readonly': True}, - 'related_resource_kind': {'readonly': True}, + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "related_resource_name": {"readonly": True}, + "related_resource_type": {"readonly": True}, + "related_resource_kind": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "related_resource_id": {"key": "properties.relatedResourceId", "type": "str"}, + "related_resource_name": {"key": "properties.relatedResourceName", "type": "str"}, + "related_resource_type": {"key": "properties.relatedResourceType", "type": "str"}, + "related_resource_kind": {"key": "properties.relatedResourceKind", "type": "str"}, + } + + def __init__(self, *, etag: Optional[str] = None, related_resource_id: Optional[str] = None, **kwargs): + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword related_resource_id: The resource ID of the related resource. + :paramtype related_resource_id: str + """ + super().__init__(etag=etag, **kwargs) + self.related_resource_id = related_resource_id + self.related_resource_name = None + self.related_resource_type = None + self.related_resource_kind = None + + +class RelationList(_serialization.Model): + """List of relations. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of relations. + :vartype next_link: str + :ivar value: Array of relations. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.Relation] + """ + + _validation = { + "next_link": {"readonly": True}, + "value": {"required": True}, + } + + _attribute_map = { + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[Relation]"}, } + def __init__(self, *, value: List["_models.Relation"], **kwargs): + """ + :keyword value: Array of relations. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.Relation] + """ + super().__init__(**kwargs) + self.next_link = None + self.value = value + + +class Repo(_serialization.Model): + """Represents a repository. + + :ivar url: The url to access the repository. + :vartype url: str + :ivar full_name: The name of the repository. + :vartype full_name: str + :ivar branches: Array of branches. + :vartype branches: list[str] + """ + _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'etag': {'key': 'etag', 'type': 'str'}, - 'related_resource_id': {'key': 'properties.relatedResourceId', 'type': 'str'}, - 'related_resource_name': {'key': 'properties.relatedResourceName', 'type': 'str'}, - 'related_resource_type': {'key': 'properties.relatedResourceType', 'type': 'str'}, - 'related_resource_kind': {'key': 'properties.relatedResourceKind', 'type': 'str'}, + "url": {"key": "url", "type": "str"}, + "full_name": {"key": "fullName", "type": "str"}, + "branches": {"key": "branches", "type": "[str]"}, } def __init__( self, *, - etag: Optional[str] = None, - related_resource_id: Optional[str] = None, + url: Optional[str] = None, + full_name: Optional[str] = None, + branches: Optional[List[str]] = None, **kwargs ): """ - :keyword etag: Etag of the azure resource. - :paramtype etag: str - :keyword related_resource_id: The resource ID of the related resource. - :paramtype related_resource_id: str + :keyword url: The url to access the repository. + :paramtype url: str + :keyword full_name: The name of the repository. + :paramtype full_name: str + :keyword branches: Array of branches. + :paramtype branches: list[str] """ - super(Relation, self).__init__(etag=etag, **kwargs) - self.related_resource_id = related_resource_id - self.related_resource_name = None - self.related_resource_type = None - self.related_resource_kind = None + super().__init__(**kwargs) + self.url = url + self.full_name = full_name + self.branches = branches -class RelationList(msrest.serialization.Model): - """List of relations. +class RepoList(_serialization.Model): + """List all the source controls. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar next_link: URL to fetch the next set of relations. + :ivar next_link: URL to fetch the next set of repositories. :vartype next_link: str - :ivar value: Required. Array of relations. - :vartype value: list[~azure.mgmt.securityinsight.models.Relation] + :ivar value: Array of repositories. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.Repo] """ _validation = { - 'next_link': {'readonly': True}, - 'value': {'required': True}, + "next_link": {"readonly": True}, + "value": {"required": True}, } _attribute_map = { - 'next_link': {'key': 'nextLink', 'type': 'str'}, - 'value': {'key': 'value', 'type': '[Relation]'}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[Repo]"}, + } + + def __init__(self, *, value: List["_models.Repo"], **kwargs): + """ + :keyword value: Array of repositories. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.Repo] + """ + super().__init__(**kwargs) + self.next_link = None + self.value = value + + +class Repository(_serialization.Model): + """metadata of a repository. + + :ivar url: Url of repository. + :vartype url: str + :ivar branch: Branch name of repository. + :vartype branch: str + :ivar display_url: Display url of repository. + :vartype display_url: str + :ivar deployment_logs_url: Url to access repository action logs. + :vartype deployment_logs_url: str + :ivar path_mapping: Dictionary of source control content type and path mapping. + :vartype path_mapping: list[~azure.mgmt.securityinsight.models.ContentPathMap] + """ + + _attribute_map = { + "url": {"key": "url", "type": "str"}, + "branch": {"key": "branch", "type": "str"}, + "display_url": {"key": "displayUrl", "type": "str"}, + "deployment_logs_url": {"key": "deploymentLogsUrl", "type": "str"}, + "path_mapping": {"key": "pathMapping", "type": "[ContentPathMap]"}, } def __init__( self, *, - value: List["_models.Relation"], + url: Optional[str] = None, + branch: Optional[str] = None, + display_url: Optional[str] = None, + deployment_logs_url: Optional[str] = None, + path_mapping: Optional[List["_models.ContentPathMap"]] = None, **kwargs ): """ - :keyword value: Required. Array of relations. - :paramtype value: list[~azure.mgmt.securityinsight.models.Relation] + :keyword url: Url of repository. + :paramtype url: str + :keyword branch: Branch name of repository. + :paramtype branch: str + :keyword display_url: Display url of repository. + :paramtype display_url: str + :keyword deployment_logs_url: Url to access repository action logs. + :paramtype deployment_logs_url: str + :keyword path_mapping: Dictionary of source control content type and path mapping. + :paramtype path_mapping: list[~azure.mgmt.securityinsight.models.ContentPathMap] + """ + super().__init__(**kwargs) + self.url = url + self.branch = branch + self.display_url = display_url + self.deployment_logs_url = deployment_logs_url + self.path_mapping = path_mapping + + +class RepositoryResourceInfo(_serialization.Model): + """Resources created in user's repository for the source-control. + + :ivar webhook: The webhook object created for the source-control. + :vartype webhook: ~azure.mgmt.securityinsight.models.Webhook + :ivar git_hub_resource_info: Resources created in GitHub for this source-control. + :vartype git_hub_resource_info: ~azure.mgmt.securityinsight.models.GitHubResourceInfo + :ivar azure_dev_ops_resource_info: Resources created in Azure DevOps for this source-control. + :vartype azure_dev_ops_resource_info: + ~azure.mgmt.securityinsight.models.AzureDevOpsResourceInfo + """ + + _attribute_map = { + "webhook": {"key": "webhook", "type": "Webhook"}, + "git_hub_resource_info": {"key": "gitHubResourceInfo", "type": "GitHubResourceInfo"}, + "azure_dev_ops_resource_info": {"key": "azureDevOpsResourceInfo", "type": "AzureDevOpsResourceInfo"}, + } + + def __init__( + self, + *, + webhook: Optional["_models.Webhook"] = None, + git_hub_resource_info: Optional["_models.GitHubResourceInfo"] = None, + azure_dev_ops_resource_info: Optional["_models.AzureDevOpsResourceInfo"] = None, + **kwargs + ): """ - super(RelationList, self).__init__(**kwargs) - self.next_link = None - self.value = value + :keyword webhook: The webhook object created for the source-control. + :paramtype webhook: ~azure.mgmt.securityinsight.models.Webhook + :keyword git_hub_resource_info: Resources created in GitHub for this source-control. + :paramtype git_hub_resource_info: ~azure.mgmt.securityinsight.models.GitHubResourceInfo + :keyword azure_dev_ops_resource_info: Resources created in Azure DevOps for this + source-control. + :paramtype azure_dev_ops_resource_info: + ~azure.mgmt.securityinsight.models.AzureDevOpsResourceInfo + """ + super().__init__(**kwargs) + self.webhook = webhook + self.git_hub_resource_info = git_hub_resource_info + self.azure_dev_ops_resource_info = azure_dev_ops_resource_info + + +class RequiredPermissions(_serialization.Model): + """Required permissions for the connector. + + :ivar action: action permission. + :vartype action: bool + :ivar write: write permission. + :vartype write: bool + :ivar read: read permission. + :vartype read: bool + :ivar delete: delete permission. + :vartype delete: bool + """ + + _attribute_map = { + "action": {"key": "action", "type": "bool"}, + "write": {"key": "write", "type": "bool"}, + "read": {"key": "read", "type": "bool"}, + "delete": {"key": "delete", "type": "bool"}, + } + + def __init__( + self, + *, + action: Optional[bool] = None, + write: Optional[bool] = None, + read: Optional[bool] = None, + delete: Optional[bool] = None, + **kwargs + ): + """ + :keyword action: action permission. + :paramtype action: bool + :keyword write: write permission. + :paramtype write: bool + :keyword read: read permission. + :paramtype read: bool + :keyword delete: delete permission. + :paramtype delete: bool + """ + super().__init__(**kwargs) + self.action = action + self.write = write + self.read = read + self.delete = delete -class ScheduledAlertRule(AlertRule): +class ScheduledAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes """Represents scheduled alert rule. Variables are only populated by the server, and will be ignored when sending a request. @@ -7505,8 +18235,9 @@ class ScheduledAlertRule(AlertRule): :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar kind: Required. The alert rule kind.Constant filled by server. Known values are: - "Scheduled", "MicrosoftSecurityIncidentCreation", "Fusion". + :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and + "NRT". :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind :ivar query: The query that creates alerts for this rule. :vartype query: str @@ -7515,10 +18246,10 @@ class ScheduledAlertRule(AlertRule): :ivar query_period: The period (in ISO 8601 duration format) that this alert rule looks at. :vartype query_period: ~datetime.timedelta :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", "Informational". + "Medium", "Low", and "Informational". :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity :ivar trigger_operator: The operation against the threshold that triggers alert rule. Known - values are: "GreaterThan", "LessThan", "Equal", "NotEqual". + values are: "GreaterThan", "LessThan", "Equal", and "NotEqual". :vartype trigger_operator: str or ~azure.mgmt.securityinsight.models.TriggerOperator :ivar trigger_threshold: The threshold triggers this alert rule. :vartype trigger_threshold: int @@ -7552,50 +18283,53 @@ class ScheduledAlertRule(AlertRule): :vartype suppression_enabled: bool :ivar tactics: The tactics of the alert rule. :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule. + :vartype techniques: list[str] :ivar incident_configuration: The settings of the incidents that created from alerts triggered by this analytics rule. :vartype incident_configuration: ~azure.mgmt.securityinsight.models.IncidentConfiguration """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, - 'last_modified_utc': {'readonly': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "last_modified_utc": {"readonly": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'etag': {'key': 'etag', 'type': 'str'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'query': {'key': 'properties.query', 'type': 'str'}, - 'query_frequency': {'key': 'properties.queryFrequency', 'type': 'duration'}, - 'query_period': {'key': 'properties.queryPeriod', 'type': 'duration'}, - 'severity': {'key': 'properties.severity', 'type': 'str'}, - 'trigger_operator': {'key': 'properties.triggerOperator', 'type': 'str'}, - 'trigger_threshold': {'key': 'properties.triggerThreshold', 'type': 'int'}, - 'event_grouping_settings': {'key': 'properties.eventGroupingSettings', 'type': 'EventGroupingSettings'}, - 'custom_details': {'key': 'properties.customDetails', 'type': '{str}'}, - 'entity_mappings': {'key': 'properties.entityMappings', 'type': '[EntityMapping]'}, - 'alert_details_override': {'key': 'properties.alertDetailsOverride', 'type': 'AlertDetailsOverride'}, - 'alert_rule_template_name': {'key': 'properties.alertRuleTemplateName', 'type': 'str'}, - 'template_version': {'key': 'properties.templateVersion', 'type': 'str'}, - 'description': {'key': 'properties.description', 'type': 'str'}, - 'display_name': {'key': 'properties.displayName', 'type': 'str'}, - 'enabled': {'key': 'properties.enabled', 'type': 'bool'}, - 'last_modified_utc': {'key': 'properties.lastModifiedUtc', 'type': 'iso-8601'}, - 'suppression_duration': {'key': 'properties.suppressionDuration', 'type': 'duration'}, - 'suppression_enabled': {'key': 'properties.suppressionEnabled', 'type': 'bool'}, - 'tactics': {'key': 'properties.tactics', 'type': '[str]'}, - 'incident_configuration': {'key': 'properties.incidentConfiguration', 'type': 'IncidentConfiguration'}, - } - - def __init__( + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "query": {"key": "properties.query", "type": "str"}, + "query_frequency": {"key": "properties.queryFrequency", "type": "duration"}, + "query_period": {"key": "properties.queryPeriod", "type": "duration"}, + "severity": {"key": "properties.severity", "type": "str"}, + "trigger_operator": {"key": "properties.triggerOperator", "type": "str"}, + "trigger_threshold": {"key": "properties.triggerThreshold", "type": "int"}, + "event_grouping_settings": {"key": "properties.eventGroupingSettings", "type": "EventGroupingSettings"}, + "custom_details": {"key": "properties.customDetails", "type": "{str}"}, + "entity_mappings": {"key": "properties.entityMappings", "type": "[EntityMapping]"}, + "alert_details_override": {"key": "properties.alertDetailsOverride", "type": "AlertDetailsOverride"}, + "alert_rule_template_name": {"key": "properties.alertRuleTemplateName", "type": "str"}, + "template_version": {"key": "properties.templateVersion", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "enabled": {"key": "properties.enabled", "type": "bool"}, + "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, + "suppression_duration": {"key": "properties.suppressionDuration", "type": "duration"}, + "suppression_enabled": {"key": "properties.suppressionEnabled", "type": "bool"}, + "tactics": {"key": "properties.tactics", "type": "[str]"}, + "techniques": {"key": "properties.techniques", "type": "[str]"}, + "incident_configuration": {"key": "properties.incidentConfiguration", "type": "IncidentConfiguration"}, + } + + def __init__( # pylint: disable=too-many-locals self, *, etag: Optional[str] = None, @@ -7617,6 +18351,7 @@ def __init__( suppression_duration: Optional[datetime.timedelta] = None, suppression_enabled: Optional[bool] = None, tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, + techniques: Optional[List[str]] = None, incident_configuration: Optional["_models.IncidentConfiguration"] = None, **kwargs ): @@ -7631,10 +18366,10 @@ def __init__( :keyword query_period: The period (in ISO 8601 duration format) that this alert rule looks at. :paramtype query_period: ~datetime.timedelta :keyword severity: The severity for alerts created by this alert rule. Known values are: - "High", "Medium", "Low", "Informational". + "High", "Medium", "Low", and "Informational". :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity :keyword trigger_operator: The operation against the threshold that triggers alert rule. Known - values are: "GreaterThan", "LessThan", "Equal", "NotEqual". + values are: "GreaterThan", "LessThan", "Equal", and "NotEqual". :paramtype trigger_operator: str or ~azure.mgmt.securityinsight.models.TriggerOperator :keyword trigger_threshold: The threshold triggers this alert rule. :paramtype trigger_threshold: int @@ -7667,12 +18402,14 @@ def __init__( :paramtype suppression_enabled: bool :keyword tactics: The tactics of the alert rule. :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :keyword techniques: The techniques of the alert rule. + :paramtype techniques: list[str] :keyword incident_configuration: The settings of the incidents that created from alerts triggered by this analytics rule. :paramtype incident_configuration: ~azure.mgmt.securityinsight.models.IncidentConfiguration """ - super(ScheduledAlertRule, self).__init__(etag=etag, **kwargs) - self.kind = 'Scheduled' # type: str + super().__init__(etag=etag, **kwargs) + self.kind = "Scheduled" # type: str self.query = query self.query_frequency = query_frequency self.query_period = query_period @@ -7692,10 +18429,11 @@ def __init__( self.suppression_duration = suppression_duration self.suppression_enabled = suppression_enabled self.tactics = tactics + self.techniques = techniques self.incident_configuration = incident_configuration -class ScheduledAlertRuleCommonProperties(msrest.serialization.Model): +class ScheduledAlertRuleCommonProperties(_serialization.Model): """Scheduled alert rule template property bag. :ivar query: The query that creates alerts for this rule. @@ -7705,10 +18443,10 @@ class ScheduledAlertRuleCommonProperties(msrest.serialization.Model): :ivar query_period: The period (in ISO 8601 duration format) that this alert rule looks at. :vartype query_period: ~datetime.timedelta :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", "Informational". + "Medium", "Low", and "Informational". :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity :ivar trigger_operator: The operation against the threshold that triggers alert rule. Known - values are: "GreaterThan", "LessThan", "Equal", "NotEqual". + values are: "GreaterThan", "LessThan", "Equal", and "NotEqual". :vartype trigger_operator: str or ~azure.mgmt.securityinsight.models.TriggerOperator :ivar trigger_threshold: The threshold triggers this alert rule. :vartype trigger_threshold: int @@ -7724,16 +18462,16 @@ class ScheduledAlertRuleCommonProperties(msrest.serialization.Model): """ _attribute_map = { - 'query': {'key': 'query', 'type': 'str'}, - 'query_frequency': {'key': 'queryFrequency', 'type': 'duration'}, - 'query_period': {'key': 'queryPeriod', 'type': 'duration'}, - 'severity': {'key': 'severity', 'type': 'str'}, - 'trigger_operator': {'key': 'triggerOperator', 'type': 'str'}, - 'trigger_threshold': {'key': 'triggerThreshold', 'type': 'int'}, - 'event_grouping_settings': {'key': 'eventGroupingSettings', 'type': 'EventGroupingSettings'}, - 'custom_details': {'key': 'customDetails', 'type': '{str}'}, - 'entity_mappings': {'key': 'entityMappings', 'type': '[EntityMapping]'}, - 'alert_details_override': {'key': 'alertDetailsOverride', 'type': 'AlertDetailsOverride'}, + "query": {"key": "query", "type": "str"}, + "query_frequency": {"key": "queryFrequency", "type": "duration"}, + "query_period": {"key": "queryPeriod", "type": "duration"}, + "severity": {"key": "severity", "type": "str"}, + "trigger_operator": {"key": "triggerOperator", "type": "str"}, + "trigger_threshold": {"key": "triggerThreshold", "type": "int"}, + "event_grouping_settings": {"key": "eventGroupingSettings", "type": "EventGroupingSettings"}, + "custom_details": {"key": "customDetails", "type": "{str}"}, + "entity_mappings": {"key": "entityMappings", "type": "[EntityMapping]"}, + "alert_details_override": {"key": "alertDetailsOverride", "type": "AlertDetailsOverride"}, } def __init__( @@ -7760,10 +18498,10 @@ def __init__( :keyword query_period: The period (in ISO 8601 duration format) that this alert rule looks at. :paramtype query_period: ~datetime.timedelta :keyword severity: The severity for alerts created by this alert rule. Known values are: - "High", "Medium", "Low", "Informational". + "High", "Medium", "Low", and "Informational". :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity :keyword trigger_operator: The operation against the threshold that triggers alert rule. Known - values are: "GreaterThan", "LessThan", "Equal", "NotEqual". + values are: "GreaterThan", "LessThan", "Equal", and "NotEqual". :paramtype trigger_operator: str or ~azure.mgmt.securityinsight.models.TriggerOperator :keyword trigger_threshold: The threshold triggers this alert rule. :paramtype trigger_threshold: int @@ -7777,7 +18515,7 @@ def __init__( :keyword alert_details_override: The alert details override settings. :paramtype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride """ - super(ScheduledAlertRuleCommonProperties, self).__init__(**kwargs) + super().__init__(**kwargs) self.query = query self.query_frequency = query_frequency self.query_period = query_period @@ -7790,7 +18528,7 @@ def __init__( self.alert_details_override = alert_details_override -class ScheduledAlertRuleProperties(ScheduledAlertRuleCommonProperties): +class ScheduledAlertRuleProperties(ScheduledAlertRuleCommonProperties): # pylint: disable=too-many-instance-attributes """Scheduled alert rule base property bag. Variables are only populated by the server, and will be ignored when sending a request. @@ -7804,10 +18542,10 @@ class ScheduledAlertRuleProperties(ScheduledAlertRuleCommonProperties): :ivar query_period: The period (in ISO 8601 duration format) that this alert rule looks at. :vartype query_period: ~datetime.timedelta :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", "Informational". + "Medium", "Low", and "Informational". :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity :ivar trigger_operator: The operation against the threshold that triggers alert rule. Known - values are: "GreaterThan", "LessThan", "Equal", "NotEqual". + values are: "GreaterThan", "LessThan", "Equal", and "NotEqual". :vartype trigger_operator: str or ~azure.mgmt.securityinsight.models.TriggerOperator :ivar trigger_threshold: The threshold triggers this alert rule. :vartype trigger_threshold: int @@ -7827,54 +18565,57 @@ class ScheduledAlertRuleProperties(ScheduledAlertRuleCommonProperties): :vartype template_version: str :ivar description: The description of the alert rule. :vartype description: str - :ivar display_name: Required. The display name for alerts created by this alert rule. + :ivar display_name: The display name for alerts created by this alert rule. Required. :vartype display_name: str - :ivar enabled: Required. Determines whether this alert rule is enabled or disabled. + :ivar enabled: Determines whether this alert rule is enabled or disabled. Required. :vartype enabled: bool :ivar last_modified_utc: The last time that this alert rule has been modified. :vartype last_modified_utc: ~datetime.datetime - :ivar suppression_duration: Required. The suppression (in ISO 8601 duration format) to wait - since last time this alert rule been triggered. + :ivar suppression_duration: The suppression (in ISO 8601 duration format) to wait since last + time this alert rule been triggered. Required. :vartype suppression_duration: ~datetime.timedelta - :ivar suppression_enabled: Required. Determines whether the suppression for this alert rule is - enabled or disabled. + :ivar suppression_enabled: Determines whether the suppression for this alert rule is enabled or + disabled. Required. :vartype suppression_enabled: bool :ivar tactics: The tactics of the alert rule. :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule. + :vartype techniques: list[str] :ivar incident_configuration: The settings of the incidents that created from alerts triggered by this analytics rule. :vartype incident_configuration: ~azure.mgmt.securityinsight.models.IncidentConfiguration """ _validation = { - 'display_name': {'required': True}, - 'enabled': {'required': True}, - 'last_modified_utc': {'readonly': True}, - 'suppression_duration': {'required': True}, - 'suppression_enabled': {'required': True}, + "display_name": {"required": True}, + "enabled": {"required": True}, + "last_modified_utc": {"readonly": True}, + "suppression_duration": {"required": True}, + "suppression_enabled": {"required": True}, } _attribute_map = { - 'query': {'key': 'query', 'type': 'str'}, - 'query_frequency': {'key': 'queryFrequency', 'type': 'duration'}, - 'query_period': {'key': 'queryPeriod', 'type': 'duration'}, - 'severity': {'key': 'severity', 'type': 'str'}, - 'trigger_operator': {'key': 'triggerOperator', 'type': 'str'}, - 'trigger_threshold': {'key': 'triggerThreshold', 'type': 'int'}, - 'event_grouping_settings': {'key': 'eventGroupingSettings', 'type': 'EventGroupingSettings'}, - 'custom_details': {'key': 'customDetails', 'type': '{str}'}, - 'entity_mappings': {'key': 'entityMappings', 'type': '[EntityMapping]'}, - 'alert_details_override': {'key': 'alertDetailsOverride', 'type': 'AlertDetailsOverride'}, - 'alert_rule_template_name': {'key': 'alertRuleTemplateName', 'type': 'str'}, - 'template_version': {'key': 'templateVersion', 'type': 'str'}, - 'description': {'key': 'description', 'type': 'str'}, - 'display_name': {'key': 'displayName', 'type': 'str'}, - 'enabled': {'key': 'enabled', 'type': 'bool'}, - 'last_modified_utc': {'key': 'lastModifiedUtc', 'type': 'iso-8601'}, - 'suppression_duration': {'key': 'suppressionDuration', 'type': 'duration'}, - 'suppression_enabled': {'key': 'suppressionEnabled', 'type': 'bool'}, - 'tactics': {'key': 'tactics', 'type': '[str]'}, - 'incident_configuration': {'key': 'incidentConfiguration', 'type': 'IncidentConfiguration'}, + "query": {"key": "query", "type": "str"}, + "query_frequency": {"key": "queryFrequency", "type": "duration"}, + "query_period": {"key": "queryPeriod", "type": "duration"}, + "severity": {"key": "severity", "type": "str"}, + "trigger_operator": {"key": "triggerOperator", "type": "str"}, + "trigger_threshold": {"key": "triggerThreshold", "type": "int"}, + "event_grouping_settings": {"key": "eventGroupingSettings", "type": "EventGroupingSettings"}, + "custom_details": {"key": "customDetails", "type": "{str}"}, + "entity_mappings": {"key": "entityMappings", "type": "[EntityMapping]"}, + "alert_details_override": {"key": "alertDetailsOverride", "type": "AlertDetailsOverride"}, + "alert_rule_template_name": {"key": "alertRuleTemplateName", "type": "str"}, + "template_version": {"key": "templateVersion", "type": "str"}, + "description": {"key": "description", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "enabled": {"key": "enabled", "type": "bool"}, + "last_modified_utc": {"key": "lastModifiedUtc", "type": "iso-8601"}, + "suppression_duration": {"key": "suppressionDuration", "type": "duration"}, + "suppression_enabled": {"key": "suppressionEnabled", "type": "bool"}, + "tactics": {"key": "tactics", "type": "[str]"}, + "techniques": {"key": "techniques", "type": "[str]"}, + "incident_configuration": {"key": "incidentConfiguration", "type": "IncidentConfiguration"}, } def __init__( @@ -7898,6 +18639,7 @@ def __init__( template_version: Optional[str] = None, description: Optional[str] = None, tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, + techniques: Optional[List[str]] = None, incident_configuration: Optional["_models.IncidentConfiguration"] = None, **kwargs ): @@ -7910,10 +18652,10 @@ def __init__( :keyword query_period: The period (in ISO 8601 duration format) that this alert rule looks at. :paramtype query_period: ~datetime.timedelta :keyword severity: The severity for alerts created by this alert rule. Known values are: - "High", "Medium", "Low", "Informational". + "High", "Medium", "Low", and "Informational". :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity :keyword trigger_operator: The operation against the threshold that triggers alert rule. Known - values are: "GreaterThan", "LessThan", "Equal", "NotEqual". + values are: "GreaterThan", "LessThan", "Equal", and "NotEqual". :paramtype trigger_operator: str or ~azure.mgmt.securityinsight.models.TriggerOperator :keyword trigger_threshold: The threshold triggers this alert rule. :paramtype trigger_threshold: int @@ -7934,23 +18676,37 @@ def __init__( :paramtype template_version: str :keyword description: The description of the alert rule. :paramtype description: str - :keyword display_name: Required. The display name for alerts created by this alert rule. + :keyword display_name: The display name for alerts created by this alert rule. Required. :paramtype display_name: str - :keyword enabled: Required. Determines whether this alert rule is enabled or disabled. + :keyword enabled: Determines whether this alert rule is enabled or disabled. Required. :paramtype enabled: bool - :keyword suppression_duration: Required. The suppression (in ISO 8601 duration format) to wait - since last time this alert rule been triggered. + :keyword suppression_duration: The suppression (in ISO 8601 duration format) to wait since last + time this alert rule been triggered. Required. :paramtype suppression_duration: ~datetime.timedelta - :keyword suppression_enabled: Required. Determines whether the suppression for this alert rule - is enabled or disabled. + :keyword suppression_enabled: Determines whether the suppression for this alert rule is enabled + or disabled. Required. :paramtype suppression_enabled: bool :keyword tactics: The tactics of the alert rule. :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :keyword techniques: The techniques of the alert rule. + :paramtype techniques: list[str] :keyword incident_configuration: The settings of the incidents that created from alerts triggered by this analytics rule. :paramtype incident_configuration: ~azure.mgmt.securityinsight.models.IncidentConfiguration """ - super(ScheduledAlertRuleProperties, self).__init__(query=query, query_frequency=query_frequency, query_period=query_period, severity=severity, trigger_operator=trigger_operator, trigger_threshold=trigger_threshold, event_grouping_settings=event_grouping_settings, custom_details=custom_details, entity_mappings=entity_mappings, alert_details_override=alert_details_override, **kwargs) + super().__init__( + query=query, + query_frequency=query_frequency, + query_period=query_period, + severity=severity, + trigger_operator=trigger_operator, + trigger_threshold=trigger_threshold, + event_grouping_settings=event_grouping_settings, + custom_details=custom_details, + entity_mappings=entity_mappings, + alert_details_override=alert_details_override, + **kwargs + ) self.alert_rule_template_name = alert_rule_template_name self.template_version = template_version self.description = description @@ -7960,10 +18716,11 @@ def __init__( self.suppression_duration = suppression_duration self.suppression_enabled = suppression_enabled self.tactics = tactics + self.techniques = techniques self.incident_configuration = incident_configuration -class ScheduledAlertRuleTemplate(AlertRuleTemplate): +class ScheduledAlertRuleTemplate(AlertRuleTemplate): # pylint: disable=too-many-instance-attributes """Represents scheduled alert rule template. Variables are only populated by the server, and will be ignored when sending a request. @@ -7981,8 +18738,9 @@ class ScheduledAlertRuleTemplate(AlertRuleTemplate): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: Required. The alert rule kind.Constant filled by server. Known values are: - "Scheduled", "MicrosoftSecurityIncidentCreation", "Fusion". + :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and + "NRT". :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind :ivar alert_rules_created_by_template_count: the number of alert rules that were created by this template. @@ -7998,7 +18756,7 @@ class ScheduledAlertRuleTemplate(AlertRuleTemplate): :ivar required_data_connectors: The required data connectors for this template. :vartype required_data_connectors: list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] - :ivar status: The alert rule template status. Known values are: "Installed", "Available", + :ivar status: The alert rule template status. Known values are: "Installed", "Available", and "NotAvailable". :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus :ivar query: The query that creates alerts for this rule. @@ -8008,15 +18766,17 @@ class ScheduledAlertRuleTemplate(AlertRuleTemplate): :ivar query_period: The period (in ISO 8601 duration format) that this alert rule looks at. :vartype query_period: ~datetime.timedelta :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", - "Medium", "Low", "Informational". + "Medium", "Low", and "Informational". :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity :ivar trigger_operator: The operation against the threshold that triggers alert rule. Known - values are: "GreaterThan", "LessThan", "Equal", "NotEqual". + values are: "GreaterThan", "LessThan", "Equal", and "NotEqual". :vartype trigger_operator: str or ~azure.mgmt.securityinsight.models.TriggerOperator :ivar trigger_threshold: The threshold triggers this alert rule. :vartype trigger_threshold: int :ivar tactics: The tactics of the alert rule template. :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule. + :vartype techniques: list[str] :ivar version: The version of this template - in format , where all are numbers. For example <1.0.2>. :vartype version: str @@ -8032,43 +18792,47 @@ class ScheduledAlertRuleTemplate(AlertRuleTemplate): """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, - 'created_date_utc': {'readonly': True}, - 'last_updated_date_utc': {'readonly': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "created_date_utc": {"readonly": True}, + "last_updated_date_utc": {"readonly": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'alert_rules_created_by_template_count': {'key': 'properties.alertRulesCreatedByTemplateCount', 'type': 'int'}, - 'created_date_utc': {'key': 'properties.createdDateUTC', 'type': 'iso-8601'}, - 'last_updated_date_utc': {'key': 'properties.lastUpdatedDateUTC', 'type': 'iso-8601'}, - 'description': {'key': 'properties.description', 'type': 'str'}, - 'display_name': {'key': 'properties.displayName', 'type': 'str'}, - 'required_data_connectors': {'key': 'properties.requiredDataConnectors', 'type': '[AlertRuleTemplateDataSource]'}, - 'status': {'key': 'properties.status', 'type': 'str'}, - 'query': {'key': 'properties.query', 'type': 'str'}, - 'query_frequency': {'key': 'properties.queryFrequency', 'type': 'duration'}, - 'query_period': {'key': 'properties.queryPeriod', 'type': 'duration'}, - 'severity': {'key': 'properties.severity', 'type': 'str'}, - 'trigger_operator': {'key': 'properties.triggerOperator', 'type': 'str'}, - 'trigger_threshold': {'key': 'properties.triggerThreshold', 'type': 'int'}, - 'tactics': {'key': 'properties.tactics', 'type': '[str]'}, - 'version': {'key': 'properties.version', 'type': 'str'}, - 'event_grouping_settings': {'key': 'properties.eventGroupingSettings', 'type': 'EventGroupingSettings'}, - 'custom_details': {'key': 'properties.customDetails', 'type': '{str}'}, - 'entity_mappings': {'key': 'properties.entityMappings', 'type': '[EntityMapping]'}, - 'alert_details_override': {'key': 'properties.alertDetailsOverride', 'type': 'AlertDetailsOverride'}, - } - - def __init__( + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "alert_rules_created_by_template_count": {"key": "properties.alertRulesCreatedByTemplateCount", "type": "int"}, + "created_date_utc": {"key": "properties.createdDateUTC", "type": "iso-8601"}, + "last_updated_date_utc": {"key": "properties.lastUpdatedDateUTC", "type": "iso-8601"}, + "description": {"key": "properties.description", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "required_data_connectors": { + "key": "properties.requiredDataConnectors", + "type": "[AlertRuleTemplateDataSource]", + }, + "status": {"key": "properties.status", "type": "str"}, + "query": {"key": "properties.query", "type": "str"}, + "query_frequency": {"key": "properties.queryFrequency", "type": "duration"}, + "query_period": {"key": "properties.queryPeriod", "type": "duration"}, + "severity": {"key": "properties.severity", "type": "str"}, + "trigger_operator": {"key": "properties.triggerOperator", "type": "str"}, + "trigger_threshold": {"key": "properties.triggerThreshold", "type": "int"}, + "tactics": {"key": "properties.tactics", "type": "[str]"}, + "techniques": {"key": "properties.techniques", "type": "[str]"}, + "version": {"key": "properties.version", "type": "str"}, + "event_grouping_settings": {"key": "properties.eventGroupingSettings", "type": "EventGroupingSettings"}, + "custom_details": {"key": "properties.customDetails", "type": "{str}"}, + "entity_mappings": {"key": "properties.entityMappings", "type": "[EntityMapping]"}, + "alert_details_override": {"key": "properties.alertDetailsOverride", "type": "AlertDetailsOverride"}, + } + + def __init__( # pylint: disable=too-many-locals self, *, alert_rules_created_by_template_count: Optional[int] = None, @@ -8083,6 +18847,7 @@ def __init__( trigger_operator: Optional[Union[str, "_models.TriggerOperator"]] = None, trigger_threshold: Optional[int] = None, tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, + techniques: Optional[List[str]] = None, version: Optional[str] = None, event_grouping_settings: Optional["_models.EventGroupingSettings"] = None, custom_details: Optional[Dict[str, str]] = None, @@ -8102,7 +18867,7 @@ def __init__( :paramtype required_data_connectors: list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] :keyword status: The alert rule template status. Known values are: "Installed", "Available", - "NotAvailable". + and "NotAvailable". :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus :keyword query: The query that creates alerts for this rule. :paramtype query: str @@ -8112,15 +18877,17 @@ def __init__( :keyword query_period: The period (in ISO 8601 duration format) that this alert rule looks at. :paramtype query_period: ~datetime.timedelta :keyword severity: The severity for alerts created by this alert rule. Known values are: - "High", "Medium", "Low", "Informational". + "High", "Medium", "Low", and "Informational". :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity :keyword trigger_operator: The operation against the threshold that triggers alert rule. Known - values are: "GreaterThan", "LessThan", "Equal", "NotEqual". + values are: "GreaterThan", "LessThan", "Equal", and "NotEqual". :paramtype trigger_operator: str or ~azure.mgmt.securityinsight.models.TriggerOperator :keyword trigger_threshold: The threshold triggers this alert rule. :paramtype trigger_threshold: int :keyword tactics: The tactics of the alert rule template. :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :keyword techniques: The techniques of the alert rule. + :paramtype techniques: list[str] :keyword version: The version of this template - in format , where all are numbers. For example <1.0.2>. :paramtype version: str @@ -8134,8 +18901,8 @@ def __init__( :keyword alert_details_override: The alert details override settings. :paramtype alert_details_override: ~azure.mgmt.securityinsight.models.AlertDetailsOverride """ - super(ScheduledAlertRuleTemplate, self).__init__(**kwargs) - self.kind = 'Scheduled' # type: str + super().__init__(**kwargs) + self.kind = "Scheduled" # type: str self.alert_rules_created_by_template_count = alert_rules_created_by_template_count self.created_date_utc = None self.last_updated_date_utc = None @@ -8150,6 +18917,7 @@ def __init__( self.trigger_operator = trigger_operator self.trigger_threshold = trigger_threshold self.tactics = tactics + self.techniques = techniques self.version = version self.event_grouping_settings = event_grouping_settings self.custom_details = custom_details @@ -8157,7 +18925,7 @@ def __init__( self.alert_details_override = alert_details_override -class SecurityAlert(Entity): +class SecurityAlert(Entity): # pylint: disable=too-many-instance-attributes """Represents a security alert entity. Variables are only populated by the server, and will be ignored when sending a request. @@ -8175,15 +18943,14 @@ class SecurityAlert(Entity): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: Required. The kind of the entity.Constant filled by server. Known values are: - "Account", "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", - "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", - "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", - "SubmissionMail". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str @@ -8194,7 +18961,7 @@ class SecurityAlert(Entity): :ivar compromised_entity: Display name of the main entity being reported on. :vartype compromised_entity: str :ivar confidence_level: The confidence level of this alert. Known values are: "Unknown", "Low", - "High". + and "High". :vartype confidence_level: str or ~azure.mgmt.securityinsight.models.ConfidenceLevel :ivar confidence_reasons: The confidence reasons. :vartype confidence_reasons: @@ -8203,7 +18970,7 @@ class SecurityAlert(Entity): :vartype confidence_score: float :ivar confidence_score_status: The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final. Known values are: - "NotApplicable", "InProcess", "NotFinal", "Final". + "NotApplicable", "InProcess", "NotFinal", and "Final". :vartype confidence_score_status: str or ~azure.mgmt.securityinsight.models.ConfidenceScoreStatus :ivar description: Alert description. @@ -8214,7 +18981,7 @@ class SecurityAlert(Entity): :ivar intent: Holds the alert intent stage(s) mapping for this alert. Known values are: "Unknown", "Probing", "Exploitation", "Persistence", "PrivilegeEscalation", "DefenseEvasion", "CredentialAccess", "Discovery", "LateralMovement", "Execution", "Collection", "Exfiltration", - "CommandAndControl", "Impact". + "CommandAndControl", and "Impact". :vartype intent: str or ~azure.mgmt.securityinsight.models.KillChainIntent :ivar provider_alert_id: The identifier of the alert inside the product which generated the alert. @@ -8230,14 +18997,14 @@ class SecurityAlert(Entity): :vartype product_version: str :ivar remediation_steps: Manual action items to take to remediate the alert. :vartype remediation_steps: list[str] - :ivar severity: The severity of the alert. Known values are: "High", "Medium", "Low", + :ivar severity: The severity of the alert. Known values are: "High", "Medium", "Low", and "Informational". :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity :ivar start_time_utc: The impact start time of the alert (the time of the first event contributing to the alert). :vartype start_time_utc: ~datetime.datetime :ivar status: The lifecycle status of the alert. Known values are: "Unknown", "New", - "Resolved", "Dismissed", "InProgress". + "Resolved", "Dismissed", and "InProgress". :vartype status: str or ~azure.mgmt.securityinsight.models.AlertStatus :ivar system_alert_id: Holds the product identifier of the alert for the product. :vartype system_alert_id: str @@ -8250,91 +19017,91 @@ class SecurityAlert(Entity): :ivar alert_link: The uri link of the alert. :vartype alert_link: str :ivar resource_identifiers: The list of resource identifiers of the alert. - :vartype resource_identifiers: list[any] - """ - - _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'alert_display_name': {'readonly': True}, - 'alert_type': {'readonly': True}, - 'compromised_entity': {'readonly': True}, - 'confidence_level': {'readonly': True}, - 'confidence_reasons': {'readonly': True}, - 'confidence_score': {'readonly': True}, - 'confidence_score_status': {'readonly': True}, - 'description': {'readonly': True}, - 'end_time_utc': {'readonly': True}, - 'intent': {'readonly': True}, - 'provider_alert_id': {'readonly': True}, - 'processing_end_time': {'readonly': True}, - 'product_component_name': {'readonly': True}, - 'product_name': {'readonly': True}, - 'product_version': {'readonly': True}, - 'remediation_steps': {'readonly': True}, - 'start_time_utc': {'readonly': True}, - 'status': {'readonly': True}, - 'system_alert_id': {'readonly': True}, - 'tactics': {'readonly': True}, - 'time_generated': {'readonly': True}, - 'vendor_name': {'readonly': True}, - 'alert_link': {'readonly': True}, - 'resource_identifiers': {'readonly': True}, - } - - _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, - 'alert_display_name': {'key': 'properties.alertDisplayName', 'type': 'str'}, - 'alert_type': {'key': 'properties.alertType', 'type': 'str'}, - 'compromised_entity': {'key': 'properties.compromisedEntity', 'type': 'str'}, - 'confidence_level': {'key': 'properties.confidenceLevel', 'type': 'str'}, - 'confidence_reasons': {'key': 'properties.confidenceReasons', 'type': '[SecurityAlertPropertiesConfidenceReasonsItem]'}, - 'confidence_score': {'key': 'properties.confidenceScore', 'type': 'float'}, - 'confidence_score_status': {'key': 'properties.confidenceScoreStatus', 'type': 'str'}, - 'description': {'key': 'properties.description', 'type': 'str'}, - 'end_time_utc': {'key': 'properties.endTimeUtc', 'type': 'iso-8601'}, - 'intent': {'key': 'properties.intent', 'type': 'str'}, - 'provider_alert_id': {'key': 'properties.providerAlertId', 'type': 'str'}, - 'processing_end_time': {'key': 'properties.processingEndTime', 'type': 'iso-8601'}, - 'product_component_name': {'key': 'properties.productComponentName', 'type': 'str'}, - 'product_name': {'key': 'properties.productName', 'type': 'str'}, - 'product_version': {'key': 'properties.productVersion', 'type': 'str'}, - 'remediation_steps': {'key': 'properties.remediationSteps', 'type': '[str]'}, - 'severity': {'key': 'properties.severity', 'type': 'str'}, - 'start_time_utc': {'key': 'properties.startTimeUtc', 'type': 'iso-8601'}, - 'status': {'key': 'properties.status', 'type': 'str'}, - 'system_alert_id': {'key': 'properties.systemAlertId', 'type': 'str'}, - 'tactics': {'key': 'properties.tactics', 'type': '[str]'}, - 'time_generated': {'key': 'properties.timeGenerated', 'type': 'iso-8601'}, - 'vendor_name': {'key': 'properties.vendorName', 'type': 'str'}, - 'alert_link': {'key': 'properties.alertLink', 'type': 'str'}, - 'resource_identifiers': {'key': 'properties.resourceIdentifiers', 'type': '[object]'}, + :vartype resource_identifiers: list[JSON] + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "alert_display_name": {"readonly": True}, + "alert_type": {"readonly": True}, + "compromised_entity": {"readonly": True}, + "confidence_level": {"readonly": True}, + "confidence_reasons": {"readonly": True}, + "confidence_score": {"readonly": True}, + "confidence_score_status": {"readonly": True}, + "description": {"readonly": True}, + "end_time_utc": {"readonly": True}, + "intent": {"readonly": True}, + "provider_alert_id": {"readonly": True}, + "processing_end_time": {"readonly": True}, + "product_component_name": {"readonly": True}, + "product_name": {"readonly": True}, + "product_version": {"readonly": True}, + "remediation_steps": {"readonly": True}, + "start_time_utc": {"readonly": True}, + "status": {"readonly": True}, + "system_alert_id": {"readonly": True}, + "tactics": {"readonly": True}, + "time_generated": {"readonly": True}, + "vendor_name": {"readonly": True}, + "alert_link": {"readonly": True}, + "resource_identifiers": {"readonly": True}, } - def __init__( - self, - *, - severity: Optional[Union[str, "_models.AlertSeverity"]] = None, - **kwargs + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "alert_display_name": {"key": "properties.alertDisplayName", "type": "str"}, + "alert_type": {"key": "properties.alertType", "type": "str"}, + "compromised_entity": {"key": "properties.compromisedEntity", "type": "str"}, + "confidence_level": {"key": "properties.confidenceLevel", "type": "str"}, + "confidence_reasons": { + "key": "properties.confidenceReasons", + "type": "[SecurityAlertPropertiesConfidenceReasonsItem]", + }, + "confidence_score": {"key": "properties.confidenceScore", "type": "float"}, + "confidence_score_status": {"key": "properties.confidenceScoreStatus", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "end_time_utc": {"key": "properties.endTimeUtc", "type": "iso-8601"}, + "intent": {"key": "properties.intent", "type": "str"}, + "provider_alert_id": {"key": "properties.providerAlertId", "type": "str"}, + "processing_end_time": {"key": "properties.processingEndTime", "type": "iso-8601"}, + "product_component_name": {"key": "properties.productComponentName", "type": "str"}, + "product_name": {"key": "properties.productName", "type": "str"}, + "product_version": {"key": "properties.productVersion", "type": "str"}, + "remediation_steps": {"key": "properties.remediationSteps", "type": "[str]"}, + "severity": {"key": "properties.severity", "type": "str"}, + "start_time_utc": {"key": "properties.startTimeUtc", "type": "iso-8601"}, + "status": {"key": "properties.status", "type": "str"}, + "system_alert_id": {"key": "properties.systemAlertId", "type": "str"}, + "tactics": {"key": "properties.tactics", "type": "[str]"}, + "time_generated": {"key": "properties.timeGenerated", "type": "iso-8601"}, + "vendor_name": {"key": "properties.vendorName", "type": "str"}, + "alert_link": {"key": "properties.alertLink", "type": "str"}, + "resource_identifiers": {"key": "properties.resourceIdentifiers", "type": "[object]"}, + } + + def __init__( # pylint: disable=too-many-locals + self, *, severity: Optional[Union[str, "_models.AlertSeverity"]] = None, **kwargs ): """ - :keyword severity: The severity of the alert. Known values are: "High", "Medium", "Low", + :keyword severity: The severity of the alert. Known values are: "High", "Medium", "Low", and "Informational". :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity """ - super(SecurityAlert, self).__init__(**kwargs) - self.kind = 'SecurityAlert' # type: str + super().__init__(**kwargs) + self.kind = "SecurityAlert" # type: str self.additional_data = None self.friendly_name = None self.alert_display_name = None @@ -8364,14 +19131,14 @@ def __init__( self.resource_identifiers = None -class SecurityAlertProperties(EntityCommonProperties): +class SecurityAlertProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes """SecurityAlert entity property bag. Variables are only populated by the server, and will be ignored when sending a request. :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str @@ -8382,7 +19149,7 @@ class SecurityAlertProperties(EntityCommonProperties): :ivar compromised_entity: Display name of the main entity being reported on. :vartype compromised_entity: str :ivar confidence_level: The confidence level of this alert. Known values are: "Unknown", "Low", - "High". + and "High". :vartype confidence_level: str or ~azure.mgmt.securityinsight.models.ConfidenceLevel :ivar confidence_reasons: The confidence reasons. :vartype confidence_reasons: @@ -8391,7 +19158,7 @@ class SecurityAlertProperties(EntityCommonProperties): :vartype confidence_score: float :ivar confidence_score_status: The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final. Known values are: - "NotApplicable", "InProcess", "NotFinal", "Final". + "NotApplicable", "InProcess", "NotFinal", and "Final". :vartype confidence_score_status: str or ~azure.mgmt.securityinsight.models.ConfidenceScoreStatus :ivar description: Alert description. @@ -8402,7 +19169,7 @@ class SecurityAlertProperties(EntityCommonProperties): :ivar intent: Holds the alert intent stage(s) mapping for this alert. Known values are: "Unknown", "Probing", "Exploitation", "Persistence", "PrivilegeEscalation", "DefenseEvasion", "CredentialAccess", "Discovery", "LateralMovement", "Execution", "Collection", "Exfiltration", - "CommandAndControl", "Impact". + "CommandAndControl", and "Impact". :vartype intent: str or ~azure.mgmt.securityinsight.models.KillChainIntent :ivar provider_alert_id: The identifier of the alert inside the product which generated the alert. @@ -8418,14 +19185,14 @@ class SecurityAlertProperties(EntityCommonProperties): :vartype product_version: str :ivar remediation_steps: Manual action items to take to remediate the alert. :vartype remediation_steps: list[str] - :ivar severity: The severity of the alert. Known values are: "High", "Medium", "Low", + :ivar severity: The severity of the alert. Known values are: "High", "Medium", "Low", and "Informational". :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity :ivar start_time_utc: The impact start time of the alert (the time of the first event contributing to the alert). :vartype start_time_utc: ~datetime.datetime :ivar status: The lifecycle status of the alert. Known values are: "Unknown", "New", - "Resolved", "Dismissed", "InProgress". + "Resolved", "Dismissed", and "InProgress". :vartype status: str or ~azure.mgmt.securityinsight.models.AlertStatus :ivar system_alert_id: Holds the product identifier of the alert for the product. :vartype system_alert_id: str @@ -8438,80 +19205,77 @@ class SecurityAlertProperties(EntityCommonProperties): :ivar alert_link: The uri link of the alert. :vartype alert_link: str :ivar resource_identifiers: The list of resource identifiers of the alert. - :vartype resource_identifiers: list[any] - """ - - _validation = { - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'alert_display_name': {'readonly': True}, - 'alert_type': {'readonly': True}, - 'compromised_entity': {'readonly': True}, - 'confidence_level': {'readonly': True}, - 'confidence_reasons': {'readonly': True}, - 'confidence_score': {'readonly': True}, - 'confidence_score_status': {'readonly': True}, - 'description': {'readonly': True}, - 'end_time_utc': {'readonly': True}, - 'intent': {'readonly': True}, - 'provider_alert_id': {'readonly': True}, - 'processing_end_time': {'readonly': True}, - 'product_component_name': {'readonly': True}, - 'product_name': {'readonly': True}, - 'product_version': {'readonly': True}, - 'remediation_steps': {'readonly': True}, - 'start_time_utc': {'readonly': True}, - 'status': {'readonly': True}, - 'system_alert_id': {'readonly': True}, - 'tactics': {'readonly': True}, - 'time_generated': {'readonly': True}, - 'vendor_name': {'readonly': True}, - 'alert_link': {'readonly': True}, - 'resource_identifiers': {'readonly': True}, - } - - _attribute_map = { - 'additional_data': {'key': 'additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'friendlyName', 'type': 'str'}, - 'alert_display_name': {'key': 'alertDisplayName', 'type': 'str'}, - 'alert_type': {'key': 'alertType', 'type': 'str'}, - 'compromised_entity': {'key': 'compromisedEntity', 'type': 'str'}, - 'confidence_level': {'key': 'confidenceLevel', 'type': 'str'}, - 'confidence_reasons': {'key': 'confidenceReasons', 'type': '[SecurityAlertPropertiesConfidenceReasonsItem]'}, - 'confidence_score': {'key': 'confidenceScore', 'type': 'float'}, - 'confidence_score_status': {'key': 'confidenceScoreStatus', 'type': 'str'}, - 'description': {'key': 'description', 'type': 'str'}, - 'end_time_utc': {'key': 'endTimeUtc', 'type': 'iso-8601'}, - 'intent': {'key': 'intent', 'type': 'str'}, - 'provider_alert_id': {'key': 'providerAlertId', 'type': 'str'}, - 'processing_end_time': {'key': 'processingEndTime', 'type': 'iso-8601'}, - 'product_component_name': {'key': 'productComponentName', 'type': 'str'}, - 'product_name': {'key': 'productName', 'type': 'str'}, - 'product_version': {'key': 'productVersion', 'type': 'str'}, - 'remediation_steps': {'key': 'remediationSteps', 'type': '[str]'}, - 'severity': {'key': 'severity', 'type': 'str'}, - 'start_time_utc': {'key': 'startTimeUtc', 'type': 'iso-8601'}, - 'status': {'key': 'status', 'type': 'str'}, - 'system_alert_id': {'key': 'systemAlertId', 'type': 'str'}, - 'tactics': {'key': 'tactics', 'type': '[str]'}, - 'time_generated': {'key': 'timeGenerated', 'type': 'iso-8601'}, - 'vendor_name': {'key': 'vendorName', 'type': 'str'}, - 'alert_link': {'key': 'alertLink', 'type': 'str'}, - 'resource_identifiers': {'key': 'resourceIdentifiers', 'type': '[object]'}, + :vartype resource_identifiers: list[JSON] + """ + + _validation = { + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "alert_display_name": {"readonly": True}, + "alert_type": {"readonly": True}, + "compromised_entity": {"readonly": True}, + "confidence_level": {"readonly": True}, + "confidence_reasons": {"readonly": True}, + "confidence_score": {"readonly": True}, + "confidence_score_status": {"readonly": True}, + "description": {"readonly": True}, + "end_time_utc": {"readonly": True}, + "intent": {"readonly": True}, + "provider_alert_id": {"readonly": True}, + "processing_end_time": {"readonly": True}, + "product_component_name": {"readonly": True}, + "product_name": {"readonly": True}, + "product_version": {"readonly": True}, + "remediation_steps": {"readonly": True}, + "start_time_utc": {"readonly": True}, + "status": {"readonly": True}, + "system_alert_id": {"readonly": True}, + "tactics": {"readonly": True}, + "time_generated": {"readonly": True}, + "vendor_name": {"readonly": True}, + "alert_link": {"readonly": True}, + "resource_identifiers": {"readonly": True}, } - def __init__( - self, - *, - severity: Optional[Union[str, "_models.AlertSeverity"]] = None, - **kwargs + _attribute_map = { + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "alert_display_name": {"key": "alertDisplayName", "type": "str"}, + "alert_type": {"key": "alertType", "type": "str"}, + "compromised_entity": {"key": "compromisedEntity", "type": "str"}, + "confidence_level": {"key": "confidenceLevel", "type": "str"}, + "confidence_reasons": {"key": "confidenceReasons", "type": "[SecurityAlertPropertiesConfidenceReasonsItem]"}, + "confidence_score": {"key": "confidenceScore", "type": "float"}, + "confidence_score_status": {"key": "confidenceScoreStatus", "type": "str"}, + "description": {"key": "description", "type": "str"}, + "end_time_utc": {"key": "endTimeUtc", "type": "iso-8601"}, + "intent": {"key": "intent", "type": "str"}, + "provider_alert_id": {"key": "providerAlertId", "type": "str"}, + "processing_end_time": {"key": "processingEndTime", "type": "iso-8601"}, + "product_component_name": {"key": "productComponentName", "type": "str"}, + "product_name": {"key": "productName", "type": "str"}, + "product_version": {"key": "productVersion", "type": "str"}, + "remediation_steps": {"key": "remediationSteps", "type": "[str]"}, + "severity": {"key": "severity", "type": "str"}, + "start_time_utc": {"key": "startTimeUtc", "type": "iso-8601"}, + "status": {"key": "status", "type": "str"}, + "system_alert_id": {"key": "systemAlertId", "type": "str"}, + "tactics": {"key": "tactics", "type": "[str]"}, + "time_generated": {"key": "timeGenerated", "type": "iso-8601"}, + "vendor_name": {"key": "vendorName", "type": "str"}, + "alert_link": {"key": "alertLink", "type": "str"}, + "resource_identifiers": {"key": "resourceIdentifiers", "type": "[object]"}, + } + + def __init__( # pylint: disable=too-many-locals + self, *, severity: Optional[Union[str, "_models.AlertSeverity"]] = None, **kwargs ): """ - :keyword severity: The severity of the alert. Known values are: "High", "Medium", "Low", + :keyword severity: The severity of the alert. Known values are: "High", "Medium", "Low", and "Informational". :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity """ - super(SecurityAlertProperties, self).__init__(**kwargs) + super().__init__(**kwargs) self.alert_display_name = None self.alert_type = None self.compromised_entity = None @@ -8539,7 +19303,7 @@ def __init__( self.resource_identifiers = None -class SecurityAlertPropertiesConfidenceReasonsItem(msrest.serialization.Model): +class SecurityAlertPropertiesConfidenceReasonsItem(_serialization.Model): """confidence reason item. Variables are only populated by the server, and will be ignored when sending a request. @@ -8551,24 +19315,121 @@ class SecurityAlertPropertiesConfidenceReasonsItem(msrest.serialization.Model): """ _validation = { - 'reason': {'readonly': True}, - 'reason_type': {'readonly': True}, + "reason": {"readonly": True}, + "reason_type": {"readonly": True}, + } + + _attribute_map = { + "reason": {"key": "reason", "type": "str"}, + "reason_type": {"key": "reasonType", "type": "str"}, + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.reason = None + self.reason_type = None + + +class SecurityAlertTimelineItem(EntityTimelineItem): + """Represents security alert timeline item. + + All required parameters must be populated in order to send to Azure. + + :ivar kind: The entity query kind type. Required. Known values are: "Activity", "Bookmark", + "SecurityAlert", and "Anomaly". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityTimelineKind + :ivar azure_resource_id: The alert azure resource id. Required. + :vartype azure_resource_id: str + :ivar product_name: The alert product name. + :vartype product_name: str + :ivar description: The alert description. + :vartype description: str + :ivar display_name: The alert name. Required. + :vartype display_name: str + :ivar severity: The alert severity. Required. Known values are: "High", "Medium", "Low", and + "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar end_time_utc: The alert end time. Required. + :vartype end_time_utc: ~datetime.datetime + :ivar start_time_utc: The alert start time. Required. + :vartype start_time_utc: ~datetime.datetime + :ivar time_generated: The alert generated time. Required. + :vartype time_generated: ~datetime.datetime + :ivar alert_type: The name of the alert type. Required. + :vartype alert_type: str + """ + + _validation = { + "kind": {"required": True}, + "azure_resource_id": {"required": True}, + "display_name": {"required": True}, + "severity": {"required": True}, + "end_time_utc": {"required": True}, + "start_time_utc": {"required": True}, + "time_generated": {"required": True}, + "alert_type": {"required": True}, } _attribute_map = { - 'reason': {'key': 'reason', 'type': 'str'}, - 'reason_type': {'key': 'reasonType', 'type': 'str'}, + "kind": {"key": "kind", "type": "str"}, + "azure_resource_id": {"key": "azureResourceId", "type": "str"}, + "product_name": {"key": "productName", "type": "str"}, + "description": {"key": "description", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "severity": {"key": "severity", "type": "str"}, + "end_time_utc": {"key": "endTimeUtc", "type": "iso-8601"}, + "start_time_utc": {"key": "startTimeUtc", "type": "iso-8601"}, + "time_generated": {"key": "timeGenerated", "type": "iso-8601"}, + "alert_type": {"key": "alertType", "type": "str"}, } def __init__( self, + *, + azure_resource_id: str, + display_name: str, + severity: Union[str, "_models.AlertSeverity"], + end_time_utc: datetime.datetime, + start_time_utc: datetime.datetime, + time_generated: datetime.datetime, + alert_type: str, + product_name: Optional[str] = None, + description: Optional[str] = None, **kwargs ): """ - """ - super(SecurityAlertPropertiesConfidenceReasonsItem, self).__init__(**kwargs) - self.reason = None - self.reason_type = None + :keyword azure_resource_id: The alert azure resource id. Required. + :paramtype azure_resource_id: str + :keyword product_name: The alert product name. + :paramtype product_name: str + :keyword description: The alert description. + :paramtype description: str + :keyword display_name: The alert name. Required. + :paramtype display_name: str + :keyword severity: The alert severity. Required. Known values are: "High", "Medium", "Low", and + "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :keyword end_time_utc: The alert end time. Required. + :paramtype end_time_utc: ~datetime.datetime + :keyword start_time_utc: The alert start time. Required. + :paramtype start_time_utc: ~datetime.datetime + :keyword time_generated: The alert generated time. Required. + :paramtype time_generated: ~datetime.datetime + :keyword alert_type: The name of the alert type. Required. + :paramtype alert_type: str + """ + super().__init__(**kwargs) + self.kind = "SecurityAlert" # type: str + self.azure_resource_id = azure_resource_id + self.product_name = product_name + self.description = description + self.display_name = display_name + self.severity = severity + self.end_time_utc = end_time_utc + self.start_time_utc = start_time_utc + self.time_generated = time_generated + self.alert_type = alert_type class SecurityGroupEntity(Entity): @@ -8589,15 +19450,14 @@ class SecurityGroupEntity(Entity): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: Required. The kind of the entity.Constant filled by server. Known values are: - "Account", "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", - "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", - "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", - "SubmissionMail". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str @@ -8612,39 +19472,35 @@ class SecurityGroupEntity(Entity): """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'distinguished_name': {'readonly': True}, - 'object_guid': {'readonly': True}, - 'sid': {'readonly': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "distinguished_name": {"readonly": True}, + "object_guid": {"readonly": True}, + "sid": {"readonly": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, - 'distinguished_name': {'key': 'properties.distinguishedName', 'type': 'str'}, - 'object_guid': {'key': 'properties.objectGuid', 'type': 'str'}, - 'sid': {'key': 'properties.sid', 'type': 'str'}, - } - - def __init__( - self, - **kwargs - ): - """ - """ - super(SecurityGroupEntity, self).__init__(**kwargs) - self.kind = 'SecurityGroup' # type: str + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "distinguished_name": {"key": "properties.distinguishedName", "type": "str"}, + "object_guid": {"key": "properties.objectGuid", "type": "str"}, + "sid": {"key": "properties.sid", "type": "str"}, + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.kind = "SecurityGroup" # type: str self.additional_data = None self.friendly_name = None self.distinguished_name = None @@ -8659,7 +19515,7 @@ class SecurityGroupEntityProperties(EntityCommonProperties): :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str @@ -8674,35 +19530,191 @@ class SecurityGroupEntityProperties(EntityCommonProperties): """ _validation = { - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'distinguished_name': {'readonly': True}, - 'object_guid': {'readonly': True}, - 'sid': {'readonly': True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "distinguished_name": {"readonly": True}, + "object_guid": {"readonly": True}, + "sid": {"readonly": True}, } _attribute_map = { - 'additional_data': {'key': 'additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'friendlyName', 'type': 'str'}, - 'distinguished_name': {'key': 'distinguishedName', 'type': 'str'}, - 'object_guid': {'key': 'objectGuid', 'type': 'str'}, - 'sid': {'key': 'sid', 'type': 'str'}, + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "distinguished_name": {"key": "distinguishedName", "type": "str"}, + "object_guid": {"key": "objectGuid", "type": "str"}, + "sid": {"key": "sid", "type": "str"}, } - def __init__( - self, - **kwargs - ): + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.distinguished_name = None + self.object_guid = None + self.sid = None + + +class SecurityMLAnalyticsSettingsDataSource(_serialization.Model): + """security ml analytics settings data sources. + + :ivar connector_id: The connector id that provides the following data types. + :vartype connector_id: str + :ivar data_types: The data types used by the security ml analytics settings. + :vartype data_types: list[str] + """ + + _attribute_map = { + "connector_id": {"key": "connectorId", "type": "str"}, + "data_types": {"key": "dataTypes", "type": "[str]"}, + } + + def __init__(self, *, connector_id: Optional[str] = None, data_types: Optional[List[str]] = None, **kwargs): + """ + :keyword connector_id: The connector id that provides the following data types. + :paramtype connector_id: str + :keyword data_types: The data types used by the security ml analytics settings. + :paramtype data_types: list[str] + """ + super().__init__(**kwargs) + self.connector_id = connector_id + self.data_types = data_types + + +class SecurityMLAnalyticsSettingsList(_serialization.Model): + """List all the SecurityMLAnalyticsSettings. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of SecurityMLAnalyticsSettings. + :vartype next_link: str + :ivar value: Array of SecurityMLAnalyticsSettings. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSetting] + """ + + _validation = { + "next_link": {"readonly": True}, + "value": {"required": True}, + } + + _attribute_map = { + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[SecurityMLAnalyticsSetting]"}, + } + + def __init__(self, *, value: List["_models.SecurityMLAnalyticsSetting"], **kwargs): + """ + :keyword value: Array of SecurityMLAnalyticsSettings. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSetting] + """ + super().__init__(**kwargs) + self.next_link = None + self.value = value + + +class SentinelOnboardingState(ResourceWithEtag): + """Sentinel onboarding state. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar customer_managed_key: Flag that indicates the status of the CMK setting. + :vartype customer_managed_key: bool + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "customer_managed_key": {"key": "properties.customerManagedKey", "type": "bool"}, + } + + def __init__(self, *, etag: Optional[str] = None, customer_managed_key: Optional[bool] = None, **kwargs): + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword customer_managed_key: Flag that indicates the status of the CMK setting. + :paramtype customer_managed_key: bool + """ + super().__init__(etag=etag, **kwargs) + self.customer_managed_key = customer_managed_key + + +class SentinelOnboardingStatesList(_serialization.Model): + """List of the Sentinel onboarding states. + + All required parameters must be populated in order to send to Azure. + + :ivar value: Array of Sentinel onboarding states. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.SentinelOnboardingState] + """ + + _validation = { + "value": {"required": True}, + } + + _attribute_map = { + "value": {"key": "value", "type": "[SentinelOnboardingState]"}, + } + + def __init__(self, *, value: List["_models.SentinelOnboardingState"], **kwargs): + """ + :keyword value: Array of Sentinel onboarding states. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.SentinelOnboardingState] + """ + super().__init__(**kwargs) + self.value = value + + +class SettingList(_serialization.Model): + """List of all the settings. + + All required parameters must be populated in order to send to Azure. + + :ivar value: Array of settings. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.Settings] + """ + + _validation = { + "value": {"required": True}, + } + + _attribute_map = { + "value": {"key": "value", "type": "[Settings]"}, + } + + def __init__(self, *, value: List["_models.Settings"], **kwargs): """ + :keyword value: Array of settings. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.Settings] """ - super(SecurityGroupEntityProperties, self).__init__(**kwargs) - self.distinguished_name = None - self.object_guid = None - self.sid = None + super().__init__(**kwargs) + self.value = value -class SentinelOnboardingState(ResourceWithEtag): - """Sentinel onboarding state. +class SourceControl(ResourceWithEtag): # pylint: disable=too-many-instance-attributes + """Represents a SourceControl in Azure Security Insights. Variables are only populated by the server, and will be ignored when sending a request. @@ -8719,75 +19731,140 @@ class SentinelOnboardingState(ResourceWithEtag): :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar customer_managed_key: Flag that indicates the status of the CMK setting. - :vartype customer_managed_key: bool + :ivar id_properties_id: The id (a Guid) of the source control. + :vartype id_properties_id: str + :ivar version: The version number associated with the source control. Known values are: "V1" + and "V2". + :vartype version: str or ~azure.mgmt.securityinsight.models.Version + :ivar display_name: The display name of the source control. + :vartype display_name: str + :ivar description: A description of the source control. + :vartype description: str + :ivar repo_type: The repository type of the source control. Known values are: "Github" and + "DevOps". + :vartype repo_type: str or ~azure.mgmt.securityinsight.models.RepoType + :ivar content_types: Array of source control content types. + :vartype content_types: list[str or ~azure.mgmt.securityinsight.models.ContentType] + :ivar repository: Repository metadata. + :vartype repository: ~azure.mgmt.securityinsight.models.Repository + :ivar repository_resource_info: Information regarding the resources created in user's + repository. + :vartype repository_resource_info: ~azure.mgmt.securityinsight.models.RepositoryResourceInfo + :ivar last_deployment_info: Information regarding the latest deployment for the source control. + :vartype last_deployment_info: ~azure.mgmt.securityinsight.models.DeploymentInfo """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'etag': {'key': 'etag', 'type': 'str'}, - 'customer_managed_key': {'key': 'properties.customerManagedKey', 'type': 'bool'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "id_properties_id": {"key": "properties.id", "type": "str"}, + "version": {"key": "properties.version", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "repo_type": {"key": "properties.repoType", "type": "str"}, + "content_types": {"key": "properties.contentTypes", "type": "[str]"}, + "repository": {"key": "properties.repository", "type": "Repository"}, + "repository_resource_info": {"key": "properties.repositoryResourceInfo", "type": "RepositoryResourceInfo"}, + "last_deployment_info": {"key": "properties.lastDeploymentInfo", "type": "DeploymentInfo"}, } def __init__( self, *, etag: Optional[str] = None, - customer_managed_key: Optional[bool] = None, + id_properties_id: Optional[str] = None, + version: Optional[Union[str, "_models.Version"]] = None, + display_name: Optional[str] = None, + description: Optional[str] = None, + repo_type: Optional[Union[str, "_models.RepoType"]] = None, + content_types: Optional[List[Union[str, "_models.ContentType"]]] = None, + repository: Optional["_models.Repository"] = None, + repository_resource_info: Optional["_models.RepositoryResourceInfo"] = None, + last_deployment_info: Optional["_models.DeploymentInfo"] = None, **kwargs ): """ :keyword etag: Etag of the azure resource. :paramtype etag: str - :keyword customer_managed_key: Flag that indicates the status of the CMK setting. - :paramtype customer_managed_key: bool - """ - super(SentinelOnboardingState, self).__init__(etag=etag, **kwargs) - self.customer_managed_key = customer_managed_key + :keyword id_properties_id: The id (a Guid) of the source control. + :paramtype id_properties_id: str + :keyword version: The version number associated with the source control. Known values are: "V1" + and "V2". + :paramtype version: str or ~azure.mgmt.securityinsight.models.Version + :keyword display_name: The display name of the source control. + :paramtype display_name: str + :keyword description: A description of the source control. + :paramtype description: str + :keyword repo_type: The repository type of the source control. Known values are: "Github" and + "DevOps". + :paramtype repo_type: str or ~azure.mgmt.securityinsight.models.RepoType + :keyword content_types: Array of source control content types. + :paramtype content_types: list[str or ~azure.mgmt.securityinsight.models.ContentType] + :keyword repository: Repository metadata. + :paramtype repository: ~azure.mgmt.securityinsight.models.Repository + :keyword repository_resource_info: Information regarding the resources created in user's + repository. + :paramtype repository_resource_info: ~azure.mgmt.securityinsight.models.RepositoryResourceInfo + :keyword last_deployment_info: Information regarding the latest deployment for the source + control. + :paramtype last_deployment_info: ~azure.mgmt.securityinsight.models.DeploymentInfo + """ + super().__init__(etag=etag, **kwargs) + self.id_properties_id = id_properties_id + self.version = version + self.display_name = display_name + self.description = description + self.repo_type = repo_type + self.content_types = content_types + self.repository = repository + self.repository_resource_info = repository_resource_info + self.last_deployment_info = last_deployment_info -class SentinelOnboardingStatesList(msrest.serialization.Model): - """List of the Sentinel onboarding states. +class SourceControlList(_serialization.Model): + """List all the source controls. + + Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar value: Required. Array of Sentinel onboarding states. - :vartype value: list[~azure.mgmt.securityinsight.models.SentinelOnboardingState] + :ivar next_link: URL to fetch the next set of source controls. + :vartype next_link: str + :ivar value: Array of source controls. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.SourceControl] """ _validation = { - 'value': {'required': True}, + "next_link": {"readonly": True}, + "value": {"required": True}, } _attribute_map = { - 'value': {'key': 'value', 'type': '[SentinelOnboardingState]'}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[SourceControl]"}, } - def __init__( - self, - *, - value: List["_models.SentinelOnboardingState"], - **kwargs - ): + def __init__(self, *, value: List["_models.SourceControl"], **kwargs): """ - :keyword value: Required. Array of Sentinel onboarding states. - :paramtype value: list[~azure.mgmt.securityinsight.models.SentinelOnboardingState] + :keyword value: Array of source controls. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.SourceControl] """ - super(SentinelOnboardingStatesList, self).__init__(**kwargs) + super().__init__(**kwargs) + self.next_link = None self.value = value -class SubmissionMailEntity(Entity): +class SubmissionMailEntity(Entity): # pylint: disable=too-many-instance-attributes """Represents a submission mail entity. Variables are only populated by the server, and will be ignored when sending a request. @@ -8805,15 +19882,14 @@ class SubmissionMailEntity(Entity): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: Required. The kind of the entity.Constant filled by server. Known values are: - "Account", "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", - "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", - "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", - "SubmissionMail". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str @@ -8841,53 +19917,49 @@ class SubmissionMailEntity(Entity): """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'network_message_id': {'readonly': True}, - 'submission_id': {'readonly': True}, - 'submitter': {'readonly': True}, - 'submission_date': {'readonly': True}, - 'timestamp': {'readonly': True}, - 'recipient': {'readonly': True}, - 'sender': {'readonly': True}, - 'sender_ip': {'readonly': True}, - 'subject': {'readonly': True}, - 'report_type': {'readonly': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "network_message_id": {"readonly": True}, + "submission_id": {"readonly": True}, + "submitter": {"readonly": True}, + "submission_date": {"readonly": True}, + "timestamp": {"readonly": True}, + "recipient": {"readonly": True}, + "sender": {"readonly": True}, + "sender_ip": {"readonly": True}, + "subject": {"readonly": True}, + "report_type": {"readonly": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, - 'network_message_id': {'key': 'properties.networkMessageId', 'type': 'str'}, - 'submission_id': {'key': 'properties.submissionId', 'type': 'str'}, - 'submitter': {'key': 'properties.submitter', 'type': 'str'}, - 'submission_date': {'key': 'properties.submissionDate', 'type': 'iso-8601'}, - 'timestamp': {'key': 'properties.timestamp', 'type': 'iso-8601'}, - 'recipient': {'key': 'properties.recipient', 'type': 'str'}, - 'sender': {'key': 'properties.sender', 'type': 'str'}, - 'sender_ip': {'key': 'properties.senderIp', 'type': 'str'}, - 'subject': {'key': 'properties.subject', 'type': 'str'}, - 'report_type': {'key': 'properties.reportType', 'type': 'str'}, - } - - def __init__( - self, - **kwargs - ): - """ - """ - super(SubmissionMailEntity, self).__init__(**kwargs) - self.kind = 'SubmissionMail' # type: str + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "network_message_id": {"key": "properties.networkMessageId", "type": "str"}, + "submission_id": {"key": "properties.submissionId", "type": "str"}, + "submitter": {"key": "properties.submitter", "type": "str"}, + "submission_date": {"key": "properties.submissionDate", "type": "iso-8601"}, + "timestamp": {"key": "properties.timestamp", "type": "iso-8601"}, + "recipient": {"key": "properties.recipient", "type": "str"}, + "sender": {"key": "properties.sender", "type": "str"}, + "sender_ip": {"key": "properties.senderIp", "type": "str"}, + "subject": {"key": "properties.subject", "type": "str"}, + "report_type": {"key": "properties.reportType", "type": "str"}, + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.kind = "SubmissionMail" # type: str self.additional_data = None self.friendly_name = None self.network_message_id = None @@ -8902,14 +19974,14 @@ def __init__( self.report_type = None -class SubmissionMailEntityProperties(EntityCommonProperties): +class SubmissionMailEntityProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes """Submission mail entity property bag. Variables are only populated by the server, and will be ignored when sending a request. :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str @@ -8937,42 +20009,38 @@ class SubmissionMailEntityProperties(EntityCommonProperties): """ _validation = { - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'network_message_id': {'readonly': True}, - 'submission_id': {'readonly': True}, - 'submitter': {'readonly': True}, - 'submission_date': {'readonly': True}, - 'timestamp': {'readonly': True}, - 'recipient': {'readonly': True}, - 'sender': {'readonly': True}, - 'sender_ip': {'readonly': True}, - 'subject': {'readonly': True}, - 'report_type': {'readonly': True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "network_message_id": {"readonly": True}, + "submission_id": {"readonly": True}, + "submitter": {"readonly": True}, + "submission_date": {"readonly": True}, + "timestamp": {"readonly": True}, + "recipient": {"readonly": True}, + "sender": {"readonly": True}, + "sender_ip": {"readonly": True}, + "subject": {"readonly": True}, + "report_type": {"readonly": True}, } _attribute_map = { - 'additional_data': {'key': 'additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'friendlyName', 'type': 'str'}, - 'network_message_id': {'key': 'networkMessageId', 'type': 'str'}, - 'submission_id': {'key': 'submissionId', 'type': 'str'}, - 'submitter': {'key': 'submitter', 'type': 'str'}, - 'submission_date': {'key': 'submissionDate', 'type': 'iso-8601'}, - 'timestamp': {'key': 'timestamp', 'type': 'iso-8601'}, - 'recipient': {'key': 'recipient', 'type': 'str'}, - 'sender': {'key': 'sender', 'type': 'str'}, - 'sender_ip': {'key': 'senderIp', 'type': 'str'}, - 'subject': {'key': 'subject', 'type': 'str'}, - 'report_type': {'key': 'reportType', 'type': 'str'}, - } - - def __init__( - self, - **kwargs - ): - """ - """ - super(SubmissionMailEntityProperties, self).__init__(**kwargs) + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "network_message_id": {"key": "networkMessageId", "type": "str"}, + "submission_id": {"key": "submissionId", "type": "str"}, + "submitter": {"key": "submitter", "type": "str"}, + "submission_date": {"key": "submissionDate", "type": "iso-8601"}, + "timestamp": {"key": "timestamp", "type": "iso-8601"}, + "recipient": {"key": "recipient", "type": "str"}, + "sender": {"key": "sender", "type": "str"}, + "sender_ip": {"key": "senderIp", "type": "str"}, + "subject": {"key": "subject", "type": "str"}, + "report_type": {"key": "reportType", "type": "str"}, + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) self.network_message_id = None self.submission_id = None self.submitter = None @@ -8985,124 +20053,546 @@ def __init__( self.report_type = None -class SystemData(msrest.serialization.Model): +class SystemData(_serialization.Model): """Metadata pertaining to creation and last modification of the resource. :ivar created_by: The identity that created the resource. :vartype created_by: str :ivar created_by_type: The type of identity that created the resource. Known values are: - "User", "Application", "ManagedIdentity", "Key". + "User", "Application", "ManagedIdentity", and "Key". :vartype created_by_type: str or ~azure.mgmt.securityinsight.models.CreatedByType :ivar created_at: The timestamp of resource creation (UTC). :vartype created_at: ~datetime.datetime :ivar last_modified_by: The identity that last modified the resource. :vartype last_modified_by: str :ivar last_modified_by_type: The type of identity that last modified the resource. Known values - are: "User", "Application", "ManagedIdentity", "Key". + are: "User", "Application", "ManagedIdentity", and "Key". :vartype last_modified_by_type: str or ~azure.mgmt.securityinsight.models.CreatedByType :ivar last_modified_at: The timestamp of resource last modification (UTC). :vartype last_modified_at: ~datetime.datetime """ _attribute_map = { - 'created_by': {'key': 'createdBy', 'type': 'str'}, - 'created_by_type': {'key': 'createdByType', 'type': 'str'}, - 'created_at': {'key': 'createdAt', 'type': 'iso-8601'}, - 'last_modified_by': {'key': 'lastModifiedBy', 'type': 'str'}, - 'last_modified_by_type': {'key': 'lastModifiedByType', 'type': 'str'}, - 'last_modified_at': {'key': 'lastModifiedAt', 'type': 'iso-8601'}, + "created_by": {"key": "createdBy", "type": "str"}, + "created_by_type": {"key": "createdByType", "type": "str"}, + "created_at": {"key": "createdAt", "type": "iso-8601"}, + "last_modified_by": {"key": "lastModifiedBy", "type": "str"}, + "last_modified_by_type": {"key": "lastModifiedByType", "type": "str"}, + "last_modified_at": {"key": "lastModifiedAt", "type": "iso-8601"}, + } + + def __init__( + self, + *, + created_by: Optional[str] = None, + created_by_type: Optional[Union[str, "_models.CreatedByType"]] = None, + created_at: Optional[datetime.datetime] = None, + last_modified_by: Optional[str] = None, + last_modified_by_type: Optional[Union[str, "_models.CreatedByType"]] = None, + last_modified_at: Optional[datetime.datetime] = None, + **kwargs + ): + """ + :keyword created_by: The identity that created the resource. + :paramtype created_by: str + :keyword created_by_type: The type of identity that created the resource. Known values are: + "User", "Application", "ManagedIdentity", and "Key". + :paramtype created_by_type: str or ~azure.mgmt.securityinsight.models.CreatedByType + :keyword created_at: The timestamp of resource creation (UTC). + :paramtype created_at: ~datetime.datetime + :keyword last_modified_by: The identity that last modified the resource. + :paramtype last_modified_by: str + :keyword last_modified_by_type: The type of identity that last modified the resource. Known + values are: "User", "Application", "ManagedIdentity", and "Key". + :paramtype last_modified_by_type: str or ~azure.mgmt.securityinsight.models.CreatedByType + :keyword last_modified_at: The timestamp of resource last modification (UTC). + :paramtype last_modified_at: ~datetime.datetime + """ + super().__init__(**kwargs) + self.created_by = created_by + self.created_by_type = created_by_type + self.created_at = created_at + self.last_modified_by = last_modified_by + self.last_modified_by_type = last_modified_by_type + self.last_modified_at = last_modified_at + + +class TeamInformation(_serialization.Model): + """Describes team information. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar team_id: Team ID. + :vartype team_id: str + :ivar primary_channel_url: The primary channel URL of the team. + :vartype primary_channel_url: str + :ivar team_creation_time_utc: The time the team was created. + :vartype team_creation_time_utc: ~datetime.datetime + :ivar name: The name of the team. + :vartype name: str + :ivar description: The description of the team. + :vartype description: str + """ + + _validation = { + "team_id": {"readonly": True}, + "primary_channel_url": {"readonly": True}, + "team_creation_time_utc": {"readonly": True}, + "name": {"readonly": True}, + "description": {"readonly": True}, + } + + _attribute_map = { + "team_id": {"key": "teamId", "type": "str"}, + "primary_channel_url": {"key": "primaryChannelUrl", "type": "str"}, + "team_creation_time_utc": {"key": "teamCreationTimeUtc", "type": "iso-8601"}, + "name": {"key": "name", "type": "str"}, + "description": {"key": "description", "type": "str"}, + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.team_id = None + self.primary_channel_url = None + self.team_creation_time_utc = None + self.name = None + self.description = None + + +class TeamProperties(_serialization.Model): + """Describes team properties. + + All required parameters must be populated in order to send to Azure. + + :ivar team_name: The name of the team. Required. + :vartype team_name: str + :ivar team_description: The description of the team. + :vartype team_description: str + :ivar member_ids: List of member IDs to add to the team. + :vartype member_ids: list[str] + :ivar group_ids: List of group IDs to add their members to the team. + :vartype group_ids: list[str] + """ + + _validation = { + "team_name": {"required": True}, + } + + _attribute_map = { + "team_name": {"key": "teamName", "type": "str"}, + "team_description": {"key": "teamDescription", "type": "str"}, + "member_ids": {"key": "memberIds", "type": "[str]"}, + "group_ids": {"key": "groupIds", "type": "[str]"}, + } + + def __init__( + self, + *, + team_name: str, + team_description: Optional[str] = None, + member_ids: Optional[List[str]] = None, + group_ids: Optional[List[str]] = None, + **kwargs + ): + """ + :keyword team_name: The name of the team. Required. + :paramtype team_name: str + :keyword team_description: The description of the team. + :paramtype team_description: str + :keyword member_ids: List of member IDs to add to the team. + :paramtype member_ids: list[str] + :keyword group_ids: List of group IDs to add their members to the team. + :paramtype group_ids: list[str] + """ + super().__init__(**kwargs) + self.team_name = team_name + self.team_description = team_description + self.member_ids = member_ids + self.group_ids = group_ids + + +class ThreatIntelligence(_serialization.Model): + """ThreatIntelligence property bag. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar confidence: Confidence (must be between 0 and 1). + :vartype confidence: float + :ivar provider_name: Name of the provider from whom this Threat Intelligence information was + received. + :vartype provider_name: str + :ivar report_link: Report link. + :vartype report_link: str + :ivar threat_description: Threat description (free text). + :vartype threat_description: str + :ivar threat_name: Threat name (e.g. "Jedobot malware"). + :vartype threat_name: str + :ivar threat_type: Threat type (e.g. "Botnet"). + :vartype threat_type: str + """ + + _validation = { + "confidence": {"readonly": True}, + "provider_name": {"readonly": True}, + "report_link": {"readonly": True}, + "threat_description": {"readonly": True}, + "threat_name": {"readonly": True}, + "threat_type": {"readonly": True}, + } + + _attribute_map = { + "confidence": {"key": "confidence", "type": "float"}, + "provider_name": {"key": "providerName", "type": "str"}, + "report_link": {"key": "reportLink", "type": "str"}, + "threat_description": {"key": "threatDescription", "type": "str"}, + "threat_name": {"key": "threatName", "type": "str"}, + "threat_type": {"key": "threatType", "type": "str"}, + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.confidence = None + self.provider_name = None + self.report_link = None + self.threat_description = None + self.threat_name = None + self.threat_type = None + + +class ThreatIntelligenceAlertRule(AlertRule): # pylint: disable=too-many-instance-attributes + """Represents Threat Intelligence alert rule. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and + "NRT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar alert_rule_template_name: The Name of the alert rule template used to create this rule. + :vartype alert_rule_template_name: str + :ivar description: The description of the alert rule. + :vartype description: str + :ivar display_name: The display name for alerts created by this alert rule. + :vartype display_name: str + :ivar enabled: Determines whether this alert rule is enabled or disabled. + :vartype enabled: bool + :ivar last_modified_utc: The last time that this alert has been modified. + :vartype last_modified_utc: ~datetime.datetime + :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", + "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + :ivar tactics: The tactics of the alert rule. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule. + :vartype techniques: list[str] + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "description": {"readonly": True}, + "display_name": {"readonly": True}, + "last_modified_utc": {"readonly": True}, + "severity": {"readonly": True}, + "tactics": {"readonly": True}, + "techniques": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "alert_rule_template_name": {"key": "properties.alertRuleTemplateName", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "enabled": {"key": "properties.enabled", "type": "bool"}, + "last_modified_utc": {"key": "properties.lastModifiedUtc", "type": "iso-8601"}, + "severity": {"key": "properties.severity", "type": "str"}, + "tactics": {"key": "properties.tactics", "type": "[str]"}, + "techniques": {"key": "properties.techniques", "type": "[str]"}, + } + + def __init__( + self, + *, + etag: Optional[str] = None, + alert_rule_template_name: Optional[str] = None, + enabled: Optional[bool] = None, + **kwargs + ): + """ + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword alert_rule_template_name: The Name of the alert rule template used to create this + rule. + :paramtype alert_rule_template_name: str + :keyword enabled: Determines whether this alert rule is enabled or disabled. + :paramtype enabled: bool + """ + super().__init__(etag=etag, **kwargs) + self.kind = "ThreatIntelligence" # type: str + self.alert_rule_template_name = alert_rule_template_name + self.description = None + self.display_name = None + self.enabled = enabled + self.last_modified_utc = None + self.severity = None + self.tactics = None + self.techniques = None + + +class ThreatIntelligenceAlertRuleTemplate(AlertRuleTemplate): # pylint: disable=too-many-instance-attributes + """Represents Threat Intelligence alert rule template. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar kind: The kind of the alert rule. Required. Known values are: "Scheduled", + "MicrosoftSecurityIncidentCreation", "Fusion", "MLBehaviorAnalytics", "ThreatIntelligence", and + "NRT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.AlertRuleKind + :ivar alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :vartype alert_rules_created_by_template_count: int + :ivar last_updated_date_utc: The last time that this alert rule template has been updated. + :vartype last_updated_date_utc: ~datetime.datetime + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :ivar description: The description of the alert rule template. + :vartype description: str + :ivar display_name: The display name for alert rule template. + :vartype display_name: str + :ivar required_data_connectors: The required data sources for this template. + :vartype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :ivar status: The alert rule template status. Known values are: "Installed", "Available", and + "NotAvailable". + :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :ivar tactics: The tactics of the alert rule. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule. + :vartype techniques: list[str] + :ivar severity: The severity for alerts created by this alert rule. Known values are: "High", + "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity + """ + + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "last_updated_date_utc": {"readonly": True}, + "created_date_utc": {"readonly": True}, + } + + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "alert_rules_created_by_template_count": {"key": "properties.alertRulesCreatedByTemplateCount", "type": "int"}, + "last_updated_date_utc": {"key": "properties.lastUpdatedDateUTC", "type": "iso-8601"}, + "created_date_utc": {"key": "properties.createdDateUTC", "type": "iso-8601"}, + "description": {"key": "properties.description", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "required_data_connectors": { + "key": "properties.requiredDataConnectors", + "type": "[AlertRuleTemplateDataSource]", + }, + "status": {"key": "properties.status", "type": "str"}, + "tactics": {"key": "properties.tactics", "type": "[str]"}, + "techniques": {"key": "properties.techniques", "type": "[str]"}, + "severity": {"key": "properties.severity", "type": "str"}, } def __init__( self, *, - created_by: Optional[str] = None, - created_by_type: Optional[Union[str, "_models.CreatedByType"]] = None, - created_at: Optional[datetime.datetime] = None, - last_modified_by: Optional[str] = None, - last_modified_by_type: Optional[Union[str, "_models.CreatedByType"]] = None, - last_modified_at: Optional[datetime.datetime] = None, + alert_rules_created_by_template_count: Optional[int] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "_models.TemplateStatus"]] = None, + tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, + techniques: Optional[List[str]] = None, + severity: Optional[Union[str, "_models.AlertSeverity"]] = None, **kwargs ): """ - :keyword created_by: The identity that created the resource. - :paramtype created_by: str - :keyword created_by_type: The type of identity that created the resource. Known values are: - "User", "Application", "ManagedIdentity", "Key". - :paramtype created_by_type: str or ~azure.mgmt.securityinsight.models.CreatedByType - :keyword created_at: The timestamp of resource creation (UTC). - :paramtype created_at: ~datetime.datetime - :keyword last_modified_by: The identity that last modified the resource. - :paramtype last_modified_by: str - :keyword last_modified_by_type: The type of identity that last modified the resource. Known - values are: "User", "Application", "ManagedIdentity", "Key". - :paramtype last_modified_by_type: str or ~azure.mgmt.securityinsight.models.CreatedByType - :keyword last_modified_at: The timestamp of resource last modification (UTC). - :paramtype last_modified_at: ~datetime.datetime + :keyword alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :paramtype alert_rules_created_by_template_count: int + :keyword description: The description of the alert rule template. + :paramtype description: str + :keyword display_name: The display name for alert rule template. + :paramtype display_name: str + :keyword required_data_connectors: The required data sources for this template. + :paramtype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :keyword status: The alert rule template status. Known values are: "Installed", "Available", + and "NotAvailable". + :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :keyword tactics: The tactics of the alert rule. + :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :keyword techniques: The techniques of the alert rule. + :paramtype techniques: list[str] + :keyword severity: The severity for alerts created by this alert rule. Known values are: + "High", "Medium", "Low", and "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity """ - super(SystemData, self).__init__(**kwargs) - self.created_by = created_by - self.created_by_type = created_by_type - self.created_at = created_at - self.last_modified_by = last_modified_by - self.last_modified_by_type = last_modified_by_type - self.last_modified_at = last_modified_at + super().__init__(**kwargs) + self.kind = "ThreatIntelligence" # type: str + self.alert_rules_created_by_template_count = alert_rules_created_by_template_count + self.last_updated_date_utc = None + self.created_date_utc = None + self.description = description + self.display_name = display_name + self.required_data_connectors = required_data_connectors + self.status = status + self.tactics = tactics + self.techniques = techniques + self.severity = severity -class ThreatIntelligence(msrest.serialization.Model): - """ThreatIntelligence property bag. +class ThreatIntelligenceAlertRuleTemplateProperties(AlertRuleTemplateWithMitreProperties): + """Threat Intelligence alert rule template properties. Variables are only populated by the server, and will be ignored when sending a request. - :ivar confidence: Confidence (must be between 0 and 1). - :vartype confidence: float - :ivar provider_name: Name of the provider from whom this Threat Intelligence information was - received. - :vartype provider_name: str - :ivar report_link: Report link. - :vartype report_link: str - :ivar threat_description: Threat description (free text). - :vartype threat_description: str - :ivar threat_name: Threat name (e.g. "Jedobot malware"). - :vartype threat_name: str - :ivar threat_type: Threat type (e.g. "Botnet"). - :vartype threat_type: str + All required parameters must be populated in order to send to Azure. + + :ivar alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :vartype alert_rules_created_by_template_count: int + :ivar last_updated_date_utc: The last time that this alert rule template has been updated. + :vartype last_updated_date_utc: ~datetime.datetime + :ivar created_date_utc: The time that this alert rule template has been added. + :vartype created_date_utc: ~datetime.datetime + :ivar description: The description of the alert rule template. + :vartype description: str + :ivar display_name: The display name for alert rule template. + :vartype display_name: str + :ivar required_data_connectors: The required data sources for this template. + :vartype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :ivar status: The alert rule template status. Known values are: "Installed", "Available", and + "NotAvailable". + :vartype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :ivar tactics: The tactics of the alert rule. + :vartype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :ivar techniques: The techniques of the alert rule. + :vartype techniques: list[str] + :ivar severity: The severity for alerts created by this alert rule. Required. Known values are: + "High", "Medium", "Low", and "Informational". + :vartype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity """ _validation = { - 'confidence': {'readonly': True}, - 'provider_name': {'readonly': True}, - 'report_link': {'readonly': True}, - 'threat_description': {'readonly': True}, - 'threat_name': {'readonly': True}, - 'threat_type': {'readonly': True}, + "last_updated_date_utc": {"readonly": True}, + "created_date_utc": {"readonly": True}, + "severity": {"required": True}, } _attribute_map = { - 'confidence': {'key': 'confidence', 'type': 'float'}, - 'provider_name': {'key': 'providerName', 'type': 'str'}, - 'report_link': {'key': 'reportLink', 'type': 'str'}, - 'threat_description': {'key': 'threatDescription', 'type': 'str'}, - 'threat_name': {'key': 'threatName', 'type': 'str'}, - 'threat_type': {'key': 'threatType', 'type': 'str'}, + "alert_rules_created_by_template_count": {"key": "alertRulesCreatedByTemplateCount", "type": "int"}, + "last_updated_date_utc": {"key": "lastUpdatedDateUTC", "type": "iso-8601"}, + "created_date_utc": {"key": "createdDateUTC", "type": "iso-8601"}, + "description": {"key": "description", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "required_data_connectors": {"key": "requiredDataConnectors", "type": "[AlertRuleTemplateDataSource]"}, + "status": {"key": "status", "type": "str"}, + "tactics": {"key": "tactics", "type": "[str]"}, + "techniques": {"key": "techniques", "type": "[str]"}, + "severity": {"key": "severity", "type": "str"}, } def __init__( self, + *, + severity: Union[str, "_models.AlertSeverity"], + alert_rules_created_by_template_count: Optional[int] = None, + description: Optional[str] = None, + display_name: Optional[str] = None, + required_data_connectors: Optional[List["_models.AlertRuleTemplateDataSource"]] = None, + status: Optional[Union[str, "_models.TemplateStatus"]] = None, + tactics: Optional[List[Union[str, "_models.AttackTactic"]]] = None, + techniques: Optional[List[str]] = None, **kwargs ): """ + :keyword alert_rules_created_by_template_count: the number of alert rules that were created by + this template. + :paramtype alert_rules_created_by_template_count: int + :keyword description: The description of the alert rule template. + :paramtype description: str + :keyword display_name: The display name for alert rule template. + :paramtype display_name: str + :keyword required_data_connectors: The required data sources for this template. + :paramtype required_data_connectors: + list[~azure.mgmt.securityinsight.models.AlertRuleTemplateDataSource] + :keyword status: The alert rule template status. Known values are: "Installed", "Available", + and "NotAvailable". + :paramtype status: str or ~azure.mgmt.securityinsight.models.TemplateStatus + :keyword tactics: The tactics of the alert rule. + :paramtype tactics: list[str or ~azure.mgmt.securityinsight.models.AttackTactic] + :keyword techniques: The techniques of the alert rule. + :paramtype techniques: list[str] + :keyword severity: The severity for alerts created by this alert rule. Required. Known values + are: "High", "Medium", "Low", and "Informational". + :paramtype severity: str or ~azure.mgmt.securityinsight.models.AlertSeverity """ - super(ThreatIntelligence, self).__init__(**kwargs) - self.confidence = None - self.provider_name = None - self.report_link = None - self.threat_description = None - self.threat_name = None - self.threat_type = None + super().__init__( + alert_rules_created_by_template_count=alert_rules_created_by_template_count, + description=description, + display_name=display_name, + required_data_connectors=required_data_connectors, + status=status, + tactics=tactics, + techniques=techniques, + **kwargs + ) + self.severity = severity -class ThreatIntelligenceAppendTags(msrest.serialization.Model): +class ThreatIntelligenceAppendTags(_serialization.Model): """Array of tags to be appended to the threat intelligence indicator. :ivar threat_intelligence_tags: List of tags to be appended. @@ -9110,24 +20600,19 @@ class ThreatIntelligenceAppendTags(msrest.serialization.Model): """ _attribute_map = { - 'threat_intelligence_tags': {'key': 'threatIntelligenceTags', 'type': '[str]'}, + "threat_intelligence_tags": {"key": "threatIntelligenceTags", "type": "[str]"}, } - def __init__( - self, - *, - threat_intelligence_tags: Optional[List[str]] = None, - **kwargs - ): + def __init__(self, *, threat_intelligence_tags: Optional[List[str]] = None, **kwargs): """ :keyword threat_intelligence_tags: List of tags to be appended. :paramtype threat_intelligence_tags: list[str] """ - super(ThreatIntelligenceAppendTags, self).__init__(**kwargs) + super().__init__(**kwargs) self.threat_intelligence_tags = threat_intelligence_tags -class ThreatIntelligenceExternalReference(msrest.serialization.Model): +class ThreatIntelligenceExternalReference(_serialization.Model): """Describes external reference. :ivar description: External reference description. @@ -9143,11 +20628,11 @@ class ThreatIntelligenceExternalReference(msrest.serialization.Model): """ _attribute_map = { - 'description': {'key': 'description', 'type': 'str'}, - 'external_id': {'key': 'externalId', 'type': 'str'}, - 'source_name': {'key': 'sourceName', 'type': 'str'}, - 'url': {'key': 'url', 'type': 'str'}, - 'hashes': {'key': 'hashes', 'type': '{str}'}, + "description": {"key": "description", "type": "str"}, + "external_id": {"key": "externalId", "type": "str"}, + "source_name": {"key": "sourceName", "type": "str"}, + "url": {"key": "url", "type": "str"}, + "hashes": {"key": "hashes", "type": "{str}"}, } def __init__( @@ -9172,7 +20657,7 @@ def __init__( :keyword hashes: External reference hashes. :paramtype hashes: dict[str, str] """ - super(ThreatIntelligenceExternalReference, self).__init__(**kwargs) + super().__init__(**kwargs) self.description = description self.external_id = external_id self.source_name = source_name @@ -9180,7 +20665,7 @@ def __init__( self.hashes = hashes -class ThreatIntelligenceFilteringCriteria(msrest.serialization.Model): +class ThreatIntelligenceFilteringCriteria(_serialization.Model): # pylint: disable=too-many-instance-attributes """Filtering criteria for querying threat intelligence indicators. :ivar page_size: Page size. @@ -9212,19 +20697,19 @@ class ThreatIntelligenceFilteringCriteria(msrest.serialization.Model): """ _attribute_map = { - 'page_size': {'key': 'pageSize', 'type': 'int'}, - 'min_confidence': {'key': 'minConfidence', 'type': 'int'}, - 'max_confidence': {'key': 'maxConfidence', 'type': 'int'}, - 'min_valid_until': {'key': 'minValidUntil', 'type': 'str'}, - 'max_valid_until': {'key': 'maxValidUntil', 'type': 'str'}, - 'include_disabled': {'key': 'includeDisabled', 'type': 'bool'}, - 'sort_by': {'key': 'sortBy', 'type': '[ThreatIntelligenceSortingCriteria]'}, - 'sources': {'key': 'sources', 'type': '[str]'}, - 'pattern_types': {'key': 'patternTypes', 'type': '[str]'}, - 'threat_types': {'key': 'threatTypes', 'type': '[str]'}, - 'ids': {'key': 'ids', 'type': '[str]'}, - 'keywords': {'key': 'keywords', 'type': '[str]'}, - 'skip_token': {'key': 'skipToken', 'type': 'str'}, + "page_size": {"key": "pageSize", "type": "int"}, + "min_confidence": {"key": "minConfidence", "type": "int"}, + "max_confidence": {"key": "maxConfidence", "type": "int"}, + "min_valid_until": {"key": "minValidUntil", "type": "str"}, + "max_valid_until": {"key": "maxValidUntil", "type": "str"}, + "include_disabled": {"key": "includeDisabled", "type": "bool"}, + "sort_by": {"key": "sortBy", "type": "[ThreatIntelligenceSortingCriteria]"}, + "sources": {"key": "sources", "type": "[str]"}, + "pattern_types": {"key": "patternTypes", "type": "[str]"}, + "threat_types": {"key": "threatTypes", "type": "[str]"}, + "ids": {"key": "ids", "type": "[str]"}, + "keywords": {"key": "keywords", "type": "[str]"}, + "skip_token": {"key": "skipToken", "type": "str"}, } def __init__( @@ -9273,7 +20758,7 @@ def __init__( :keyword skip_token: Skip token. :paramtype skip_token: str """ - super(ThreatIntelligenceFilteringCriteria, self).__init__(**kwargs) + super().__init__(**kwargs) self.page_size = page_size self.min_confidence = min_confidence self.max_confidence = max_confidence @@ -9289,7 +20774,7 @@ def __init__( self.skip_token = skip_token -class ThreatIntelligenceGranularMarkingModel(msrest.serialization.Model): +class ThreatIntelligenceGranularMarkingModel(_serialization.Model): """Describes threat granular marking model entity. :ivar language: Language granular marking model. @@ -9301,9 +20786,9 @@ class ThreatIntelligenceGranularMarkingModel(msrest.serialization.Model): """ _attribute_map = { - 'language': {'key': 'language', 'type': 'str'}, - 'marking_ref': {'key': 'markingRef', 'type': 'int'}, - 'selectors': {'key': 'selectors', 'type': '[str]'}, + "language": {"key": "language", "type": "str"}, + "marking_ref": {"key": "markingRef", "type": "int"}, + "selectors": {"key": "selectors", "type": "[str]"}, } def __init__( @@ -9322,7 +20807,7 @@ def __init__( :keyword selectors: granular marking model selectors. :paramtype selectors: list[str] """ - super(ThreatIntelligenceGranularMarkingModel, self).__init__(**kwargs) + super().__init__(**kwargs) self.language = language self.marking_ref = marking_ref self.selectors = selectors @@ -9331,8 +20816,8 @@ def __init__( class ThreatIntelligenceInformation(ResourceWithEtag): """Threat intelligence information object. - You probably want to use the sub-classes and not this class directly. Known - sub-classes are: ThreatIntelligenceIndicatorModel. + You probably want to use the sub-classes and not this class directly. Known sub-classes are: + ThreatIntelligenceIndicatorModel Variables are only populated by the server, and will be ignored when sending a request. @@ -9351,47 +20836,39 @@ class ThreatIntelligenceInformation(ResourceWithEtag): :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar kind: Required. The kind of the entity.Constant filled by server. Known values are: - "indicator". - :vartype kind: str or ~azure.mgmt.securityinsight.models.ThreatIntelligenceResourceInnerKind + :ivar kind: The kind of the entity. Required. "indicator" + :vartype kind: str or ~azure.mgmt.securityinsight.models.ThreatIntelligenceResourceKindEnum """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'etag': {'key': 'etag', 'type': 'str'}, - 'kind': {'key': 'kind', 'type': 'str'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, } - _subtype_map = { - 'kind': {'indicator': 'ThreatIntelligenceIndicatorModel'} - } + _subtype_map = {"kind": {"indicator": "ThreatIntelligenceIndicatorModel"}} - def __init__( - self, - *, - etag: Optional[str] = None, - **kwargs - ): + def __init__(self, *, etag: Optional[str] = None, **kwargs): """ :keyword etag: Etag of the azure resource. :paramtype etag: str """ - super(ThreatIntelligenceInformation, self).__init__(etag=etag, **kwargs) - self.kind = 'ThreatIntelligenceInformation' # type: str + super().__init__(etag=etag, **kwargs) + self.kind = None # type: Optional[str] -class ThreatIntelligenceIndicatorModel(ThreatIntelligenceInformation): +class ThreatIntelligenceIndicatorModel(ThreatIntelligenceInformation): # pylint: disable=too-many-instance-attributes """Threat intelligence indicator entity. Variables are only populated by the server, and will be ignored when sending a request. @@ -9411,12 +20888,11 @@ class ThreatIntelligenceIndicatorModel(ThreatIntelligenceInformation): :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar kind: Required. The kind of the entity.Constant filled by server. Known values are: - "indicator". - :vartype kind: str or ~azure.mgmt.securityinsight.models.ThreatIntelligenceResourceInnerKind + :ivar kind: The kind of the entity. Required. "indicator" + :vartype kind: str or ~azure.mgmt.securityinsight.models.ThreatIntelligenceResourceKindEnum :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str @@ -9483,55 +20959,58 @@ class ThreatIntelligenceIndicatorModel(ThreatIntelligenceInformation): """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - } - - _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'etag': {'key': 'etag', 'type': 'str'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, - 'threat_intelligence_tags': {'key': 'properties.threatIntelligenceTags', 'type': '[str]'}, - 'last_updated_time_utc': {'key': 'properties.lastUpdatedTimeUtc', 'type': 'str'}, - 'source': {'key': 'properties.source', 'type': 'str'}, - 'display_name': {'key': 'properties.displayName', 'type': 'str'}, - 'description': {'key': 'properties.description', 'type': 'str'}, - 'indicator_types': {'key': 'properties.indicatorTypes', 'type': '[str]'}, - 'pattern': {'key': 'properties.pattern', 'type': 'str'}, - 'pattern_type': {'key': 'properties.patternType', 'type': 'str'}, - 'pattern_version': {'key': 'properties.patternVersion', 'type': 'str'}, - 'kill_chain_phases': {'key': 'properties.killChainPhases', 'type': '[ThreatIntelligenceKillChainPhase]'}, - 'parsed_pattern': {'key': 'properties.parsedPattern', 'type': '[ThreatIntelligenceParsedPattern]'}, - 'external_id': {'key': 'properties.externalId', 'type': 'str'}, - 'created_by_ref': {'key': 'properties.createdByRef', 'type': 'str'}, - 'defanged': {'key': 'properties.defanged', 'type': 'bool'}, - 'external_last_updated_time_utc': {'key': 'properties.externalLastUpdatedTimeUtc', 'type': 'str'}, - 'external_references': {'key': 'properties.externalReferences', 'type': '[ThreatIntelligenceExternalReference]'}, - 'granular_markings': {'key': 'properties.granularMarkings', 'type': '[ThreatIntelligenceGranularMarkingModel]'}, - 'labels': {'key': 'properties.labels', 'type': '[str]'}, - 'revoked': {'key': 'properties.revoked', 'type': 'bool'}, - 'confidence': {'key': 'properties.confidence', 'type': 'int'}, - 'object_marking_refs': {'key': 'properties.objectMarkingRefs', 'type': '[str]'}, - 'language': {'key': 'properties.language', 'type': 'str'}, - 'threat_types': {'key': 'properties.threatTypes', 'type': '[str]'}, - 'valid_from': {'key': 'properties.validFrom', 'type': 'str'}, - 'valid_until': {'key': 'properties.validUntil', 'type': 'str'}, - 'created': {'key': 'properties.created', 'type': 'str'}, - 'modified': {'key': 'properties.modified', 'type': 'str'}, - 'extensions': {'key': 'properties.extensions', 'type': '{object}'}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, } - def __init__( + _attribute_map = { + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "threat_intelligence_tags": {"key": "properties.threatIntelligenceTags", "type": "[str]"}, + "last_updated_time_utc": {"key": "properties.lastUpdatedTimeUtc", "type": "str"}, + "source": {"key": "properties.source", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "description": {"key": "properties.description", "type": "str"}, + "indicator_types": {"key": "properties.indicatorTypes", "type": "[str]"}, + "pattern": {"key": "properties.pattern", "type": "str"}, + "pattern_type": {"key": "properties.patternType", "type": "str"}, + "pattern_version": {"key": "properties.patternVersion", "type": "str"}, + "kill_chain_phases": {"key": "properties.killChainPhases", "type": "[ThreatIntelligenceKillChainPhase]"}, + "parsed_pattern": {"key": "properties.parsedPattern", "type": "[ThreatIntelligenceParsedPattern]"}, + "external_id": {"key": "properties.externalId", "type": "str"}, + "created_by_ref": {"key": "properties.createdByRef", "type": "str"}, + "defanged": {"key": "properties.defanged", "type": "bool"}, + "external_last_updated_time_utc": {"key": "properties.externalLastUpdatedTimeUtc", "type": "str"}, + "external_references": { + "key": "properties.externalReferences", + "type": "[ThreatIntelligenceExternalReference]", + }, + "granular_markings": {"key": "properties.granularMarkings", "type": "[ThreatIntelligenceGranularMarkingModel]"}, + "labels": {"key": "properties.labels", "type": "[str]"}, + "revoked": {"key": "properties.revoked", "type": "bool"}, + "confidence": {"key": "properties.confidence", "type": "int"}, + "object_marking_refs": {"key": "properties.objectMarkingRefs", "type": "[str]"}, + "language": {"key": "properties.language", "type": "str"}, + "threat_types": {"key": "properties.threatTypes", "type": "[str]"}, + "valid_from": {"key": "properties.validFrom", "type": "str"}, + "valid_until": {"key": "properties.validUntil", "type": "str"}, + "created": {"key": "properties.created", "type": "str"}, + "modified": {"key": "properties.modified", "type": "str"}, + "extensions": {"key": "properties.extensions", "type": "{object}"}, + } + + def __init__( # pylint: disable=too-many-locals self, *, etag: Optional[str] = None, @@ -9629,8 +21108,8 @@ def __init__( :keyword extensions: Extensions map. :paramtype extensions: dict[str, any] """ - super(ThreatIntelligenceIndicatorModel, self).__init__(etag=etag, **kwargs) - self.kind = 'indicator' # type: str + super().__init__(etag=etag, **kwargs) + self.kind = "indicator" # type: str self.additional_data = None self.friendly_name = None self.threat_intelligence_tags = threat_intelligence_tags @@ -9663,14 +21142,14 @@ def __init__( self.extensions = extensions -class ThreatIntelligenceIndicatorProperties(EntityCommonProperties): +class ThreatIntelligenceIndicatorProperties(EntityCommonProperties): # pylint: disable=too-many-instance-attributes """Describes threat intelligence entity properties. Variables are only populated by the server, and will be ignored when sending a request. :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str @@ -9737,44 +21216,44 @@ class ThreatIntelligenceIndicatorProperties(EntityCommonProperties): """ _validation = { - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, } _attribute_map = { - 'additional_data': {'key': 'additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'friendlyName', 'type': 'str'}, - 'threat_intelligence_tags': {'key': 'threatIntelligenceTags', 'type': '[str]'}, - 'last_updated_time_utc': {'key': 'lastUpdatedTimeUtc', 'type': 'str'}, - 'source': {'key': 'source', 'type': 'str'}, - 'display_name': {'key': 'displayName', 'type': 'str'}, - 'description': {'key': 'description', 'type': 'str'}, - 'indicator_types': {'key': 'indicatorTypes', 'type': '[str]'}, - 'pattern': {'key': 'pattern', 'type': 'str'}, - 'pattern_type': {'key': 'patternType', 'type': 'str'}, - 'pattern_version': {'key': 'patternVersion', 'type': 'str'}, - 'kill_chain_phases': {'key': 'killChainPhases', 'type': '[ThreatIntelligenceKillChainPhase]'}, - 'parsed_pattern': {'key': 'parsedPattern', 'type': '[ThreatIntelligenceParsedPattern]'}, - 'external_id': {'key': 'externalId', 'type': 'str'}, - 'created_by_ref': {'key': 'createdByRef', 'type': 'str'}, - 'defanged': {'key': 'defanged', 'type': 'bool'}, - 'external_last_updated_time_utc': {'key': 'externalLastUpdatedTimeUtc', 'type': 'str'}, - 'external_references': {'key': 'externalReferences', 'type': '[ThreatIntelligenceExternalReference]'}, - 'granular_markings': {'key': 'granularMarkings', 'type': '[ThreatIntelligenceGranularMarkingModel]'}, - 'labels': {'key': 'labels', 'type': '[str]'}, - 'revoked': {'key': 'revoked', 'type': 'bool'}, - 'confidence': {'key': 'confidence', 'type': 'int'}, - 'object_marking_refs': {'key': 'objectMarkingRefs', 'type': '[str]'}, - 'language': {'key': 'language', 'type': 'str'}, - 'threat_types': {'key': 'threatTypes', 'type': '[str]'}, - 'valid_from': {'key': 'validFrom', 'type': 'str'}, - 'valid_until': {'key': 'validUntil', 'type': 'str'}, - 'created': {'key': 'created', 'type': 'str'}, - 'modified': {'key': 'modified', 'type': 'str'}, - 'extensions': {'key': 'extensions', 'type': '{object}'}, - } - - def __init__( + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "threat_intelligence_tags": {"key": "threatIntelligenceTags", "type": "[str]"}, + "last_updated_time_utc": {"key": "lastUpdatedTimeUtc", "type": "str"}, + "source": {"key": "source", "type": "str"}, + "display_name": {"key": "displayName", "type": "str"}, + "description": {"key": "description", "type": "str"}, + "indicator_types": {"key": "indicatorTypes", "type": "[str]"}, + "pattern": {"key": "pattern", "type": "str"}, + "pattern_type": {"key": "patternType", "type": "str"}, + "pattern_version": {"key": "patternVersion", "type": "str"}, + "kill_chain_phases": {"key": "killChainPhases", "type": "[ThreatIntelligenceKillChainPhase]"}, + "parsed_pattern": {"key": "parsedPattern", "type": "[ThreatIntelligenceParsedPattern]"}, + "external_id": {"key": "externalId", "type": "str"}, + "created_by_ref": {"key": "createdByRef", "type": "str"}, + "defanged": {"key": "defanged", "type": "bool"}, + "external_last_updated_time_utc": {"key": "externalLastUpdatedTimeUtc", "type": "str"}, + "external_references": {"key": "externalReferences", "type": "[ThreatIntelligenceExternalReference]"}, + "granular_markings": {"key": "granularMarkings", "type": "[ThreatIntelligenceGranularMarkingModel]"}, + "labels": {"key": "labels", "type": "[str]"}, + "revoked": {"key": "revoked", "type": "bool"}, + "confidence": {"key": "confidence", "type": "int"}, + "object_marking_refs": {"key": "objectMarkingRefs", "type": "[str]"}, + "language": {"key": "language", "type": "str"}, + "threat_types": {"key": "threatTypes", "type": "[str]"}, + "valid_from": {"key": "validFrom", "type": "str"}, + "valid_until": {"key": "validUntil", "type": "str"}, + "created": {"key": "created", "type": "str"}, + "modified": {"key": "modified", "type": "str"}, + "extensions": {"key": "extensions", "type": "{object}"}, + } + + def __init__( # pylint: disable=too-many-locals self, *, threat_intelligence_tags: Optional[List[str]] = None, @@ -9869,7 +21348,7 @@ def __init__( :keyword extensions: Extensions map. :paramtype extensions: dict[str, any] """ - super(ThreatIntelligenceIndicatorProperties, self).__init__(**kwargs) + super().__init__(**kwargs) self.threat_intelligence_tags = threat_intelligence_tags self.last_updated_time_utc = last_updated_time_utc self.source = source @@ -9900,318 +21379,718 @@ def __init__( self.extensions = extensions -class ThreatIntelligenceInformationList(msrest.serialization.Model): - """List of all the threat intelligence information objects. +class ThreatIntelligenceInformationList(_serialization.Model): + """List of all the threat intelligence information objects. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar next_link: URL to fetch the next set of information objects. + :vartype next_link: str + :ivar value: Array of threat intelligence information objects. Required. + :vartype value: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation] + """ + + _validation = { + "next_link": {"readonly": True}, + "value": {"required": True}, + } + + _attribute_map = { + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[ThreatIntelligenceInformation]"}, + } + + def __init__(self, *, value: List["_models.ThreatIntelligenceInformation"], **kwargs): + """ + :keyword value: Array of threat intelligence information objects. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation] + """ + super().__init__(**kwargs) + self.next_link = None + self.value = value + + +class ThreatIntelligenceKillChainPhase(_serialization.Model): + """Describes threat kill chain phase entity. + + :ivar kill_chain_name: Kill chainName name. + :vartype kill_chain_name: str + :ivar phase_name: Phase name. + :vartype phase_name: str + """ + + _attribute_map = { + "kill_chain_name": {"key": "killChainName", "type": "str"}, + "phase_name": {"key": "phaseName", "type": "str"}, + } + + def __init__(self, *, kill_chain_name: Optional[str] = None, phase_name: Optional[str] = None, **kwargs): + """ + :keyword kill_chain_name: Kill chainName name. + :paramtype kill_chain_name: str + :keyword phase_name: Phase name. + :paramtype phase_name: str + """ + super().__init__(**kwargs) + self.kill_chain_name = kill_chain_name + self.phase_name = phase_name + + +class ThreatIntelligenceMetric(_serialization.Model): + """Describes threat intelligence metric. + + :ivar last_updated_time_utc: Last updated indicator metric. + :vartype last_updated_time_utc: str + :ivar threat_type_metrics: Threat type metrics. + :vartype threat_type_metrics: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] + :ivar pattern_type_metrics: Pattern type metrics. + :vartype pattern_type_metrics: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] + :ivar source_metrics: Source metrics. + :vartype source_metrics: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] + """ + + _attribute_map = { + "last_updated_time_utc": {"key": "lastUpdatedTimeUtc", "type": "str"}, + "threat_type_metrics": {"key": "threatTypeMetrics", "type": "[ThreatIntelligenceMetricEntity]"}, + "pattern_type_metrics": {"key": "patternTypeMetrics", "type": "[ThreatIntelligenceMetricEntity]"}, + "source_metrics": {"key": "sourceMetrics", "type": "[ThreatIntelligenceMetricEntity]"}, + } + + def __init__( + self, + *, + last_updated_time_utc: Optional[str] = None, + threat_type_metrics: Optional[List["_models.ThreatIntelligenceMetricEntity"]] = None, + pattern_type_metrics: Optional[List["_models.ThreatIntelligenceMetricEntity"]] = None, + source_metrics: Optional[List["_models.ThreatIntelligenceMetricEntity"]] = None, + **kwargs + ): + """ + :keyword last_updated_time_utc: Last updated indicator metric. + :paramtype last_updated_time_utc: str + :keyword threat_type_metrics: Threat type metrics. + :paramtype threat_type_metrics: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] + :keyword pattern_type_metrics: Pattern type metrics. + :paramtype pattern_type_metrics: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] + :keyword source_metrics: Source metrics. + :paramtype source_metrics: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] + """ + super().__init__(**kwargs) + self.last_updated_time_utc = last_updated_time_utc + self.threat_type_metrics = threat_type_metrics + self.pattern_type_metrics = pattern_type_metrics + self.source_metrics = source_metrics + + +class ThreatIntelligenceMetricEntity(_serialization.Model): + """Describes threat intelligence metric entity. + + :ivar metric_name: Metric name. + :vartype metric_name: str + :ivar metric_value: Metric value. + :vartype metric_value: int + """ + + _attribute_map = { + "metric_name": {"key": "metricName", "type": "str"}, + "metric_value": {"key": "metricValue", "type": "int"}, + } + + def __init__(self, *, metric_name: Optional[str] = None, metric_value: Optional[int] = None, **kwargs): + """ + :keyword metric_name: Metric name. + :paramtype metric_name: str + :keyword metric_value: Metric value. + :paramtype metric_value: int + """ + super().__init__(**kwargs) + self.metric_name = metric_name + self.metric_value = metric_value + + +class ThreatIntelligenceMetrics(_serialization.Model): + """Threat intelligence metrics. + + :ivar properties: Threat intelligence metrics. + :vartype properties: ~azure.mgmt.securityinsight.models.ThreatIntelligenceMetric + """ + + _attribute_map = { + "properties": {"key": "properties", "type": "ThreatIntelligenceMetric"}, + } + + def __init__(self, *, properties: Optional["_models.ThreatIntelligenceMetric"] = None, **kwargs): + """ + :keyword properties: Threat intelligence metrics. + :paramtype properties: ~azure.mgmt.securityinsight.models.ThreatIntelligenceMetric + """ + super().__init__(**kwargs) + self.properties = properties - Variables are only populated by the server, and will be ignored when sending a request. + +class ThreatIntelligenceMetricsList(_serialization.Model): + """List of all the threat intelligence metric fields (type/threat type/source). All required parameters must be populated in order to send to Azure. - :ivar next_link: URL to fetch the next set of information objects. - :vartype next_link: str - :ivar value: Required. Array of threat intelligence information objects. - :vartype value: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation] + :ivar value: Array of threat intelligence metric fields (type/threat type/source). Required. + :vartype value: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetrics] """ _validation = { - 'next_link': {'readonly': True}, - 'value': {'required': True}, + "value": {"required": True}, } _attribute_map = { - 'next_link': {'key': 'nextLink', 'type': 'str'}, - 'value': {'key': 'value', 'type': '[ThreatIntelligenceInformation]'}, + "value": {"key": "value", "type": "[ThreatIntelligenceMetrics]"}, } - def __init__( - self, - *, - value: List["_models.ThreatIntelligenceInformation"], - **kwargs - ): + def __init__(self, *, value: List["_models.ThreatIntelligenceMetrics"], **kwargs): """ - :keyword value: Required. Array of threat intelligence information objects. - :paramtype value: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation] + :keyword value: Array of threat intelligence metric fields (type/threat type/source). Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetrics] """ - super(ThreatIntelligenceInformationList, self).__init__(**kwargs) - self.next_link = None + super().__init__(**kwargs) self.value = value -class ThreatIntelligenceKillChainPhase(msrest.serialization.Model): - """Describes threat kill chain phase entity. +class ThreatIntelligenceParsedPattern(_serialization.Model): + """Describes parsed pattern entity. - :ivar kill_chain_name: Kill chainName name. - :vartype kill_chain_name: str - :ivar phase_name: Phase name. - :vartype phase_name: str + :ivar pattern_type_key: Pattern type key. + :vartype pattern_type_key: str + :ivar pattern_type_values: Pattern type keys. + :vartype pattern_type_values: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceParsedPatternTypeValue] """ _attribute_map = { - 'kill_chain_name': {'key': 'killChainName', 'type': 'str'}, - 'phase_name': {'key': 'phaseName', 'type': 'str'}, + "pattern_type_key": {"key": "patternTypeKey", "type": "str"}, + "pattern_type_values": {"key": "patternTypeValues", "type": "[ThreatIntelligenceParsedPatternTypeValue]"}, } def __init__( self, *, - kill_chain_name: Optional[str] = None, - phase_name: Optional[str] = None, + pattern_type_key: Optional[str] = None, + pattern_type_values: Optional[List["_models.ThreatIntelligenceParsedPatternTypeValue"]] = None, **kwargs ): """ - :keyword kill_chain_name: Kill chainName name. - :paramtype kill_chain_name: str - :keyword phase_name: Phase name. - :paramtype phase_name: str + :keyword pattern_type_key: Pattern type key. + :paramtype pattern_type_key: str + :keyword pattern_type_values: Pattern type keys. + :paramtype pattern_type_values: + list[~azure.mgmt.securityinsight.models.ThreatIntelligenceParsedPatternTypeValue] """ - super(ThreatIntelligenceKillChainPhase, self).__init__(**kwargs) - self.kill_chain_name = kill_chain_name - self.phase_name = phase_name + super().__init__(**kwargs) + self.pattern_type_key = pattern_type_key + self.pattern_type_values = pattern_type_values -class ThreatIntelligenceMetric(msrest.serialization.Model): - """Describes threat intelligence metric. +class ThreatIntelligenceParsedPatternTypeValue(_serialization.Model): + """Describes threat kill chain phase entity. - :ivar last_updated_time_utc: Last updated indicator metric. - :vartype last_updated_time_utc: str - :ivar threat_type_metrics: Threat type metrics. - :vartype threat_type_metrics: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] - :ivar pattern_type_metrics: Pattern type metrics. - :vartype pattern_type_metrics: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] - :ivar source_metrics: Source metrics. - :vartype source_metrics: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] + :ivar value_type: Type of the value. + :vartype value_type: str + :ivar value: Value of parsed pattern. + :vartype value: str + """ + + _attribute_map = { + "value_type": {"key": "valueType", "type": "str"}, + "value": {"key": "value", "type": "str"}, + } + + def __init__(self, *, value_type: Optional[str] = None, value: Optional[str] = None, **kwargs): + """ + :keyword value_type: Type of the value. + :paramtype value_type: str + :keyword value: Value of parsed pattern. + :paramtype value: str + """ + super().__init__(**kwargs) + self.value_type = value_type + self.value = value + + +class ThreatIntelligenceSortingCriteria(_serialization.Model): + """List of available columns for sorting. + + :ivar item_key: Column name. + :vartype item_key: str + :ivar sort_order: Sorting order (ascending/descending/unsorted). Known values are: "unsorted", + "ascending", and "descending". + :vartype sort_order: str or + ~azure.mgmt.securityinsight.models.ThreatIntelligenceSortingCriteriaEnum """ _attribute_map = { - 'last_updated_time_utc': {'key': 'lastUpdatedTimeUtc', 'type': 'str'}, - 'threat_type_metrics': {'key': 'threatTypeMetrics', 'type': '[ThreatIntelligenceMetricEntity]'}, - 'pattern_type_metrics': {'key': 'patternTypeMetrics', 'type': '[ThreatIntelligenceMetricEntity]'}, - 'source_metrics': {'key': 'sourceMetrics', 'type': '[ThreatIntelligenceMetricEntity]'}, + "item_key": {"key": "itemKey", "type": "str"}, + "sort_order": {"key": "sortOrder", "type": "str"}, } def __init__( self, *, - last_updated_time_utc: Optional[str] = None, - threat_type_metrics: Optional[List["_models.ThreatIntelligenceMetricEntity"]] = None, - pattern_type_metrics: Optional[List["_models.ThreatIntelligenceMetricEntity"]] = None, - source_metrics: Optional[List["_models.ThreatIntelligenceMetricEntity"]] = None, + item_key: Optional[str] = None, + sort_order: Optional[Union[str, "_models.ThreatIntelligenceSortingCriteriaEnum"]] = None, **kwargs ): """ - :keyword last_updated_time_utc: Last updated indicator metric. - :paramtype last_updated_time_utc: str - :keyword threat_type_metrics: Threat type metrics. - :paramtype threat_type_metrics: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] - :keyword pattern_type_metrics: Pattern type metrics. - :paramtype pattern_type_metrics: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] - :keyword source_metrics: Source metrics. - :paramtype source_metrics: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricEntity] + :keyword item_key: Column name. + :paramtype item_key: str + :keyword sort_order: Sorting order (ascending/descending/unsorted). Known values are: + "unsorted", "ascending", and "descending". + :paramtype sort_order: str or + ~azure.mgmt.securityinsight.models.ThreatIntelligenceSortingCriteriaEnum """ - super(ThreatIntelligenceMetric, self).__init__(**kwargs) - self.last_updated_time_utc = last_updated_time_utc - self.threat_type_metrics = threat_type_metrics - self.pattern_type_metrics = pattern_type_metrics - self.source_metrics = source_metrics + super().__init__(**kwargs) + self.item_key = item_key + self.sort_order = sort_order -class ThreatIntelligenceMetricEntity(msrest.serialization.Model): - """Describes threat intelligence metric entity. +class TICheckRequirements(DataConnectorsCheckRequirements): + """Threat Intelligence Platforms data connector check requirements. - :ivar metric_name: Metric name. - :vartype metric_name: str - :ivar metric_value: Metric value. - :vartype metric_value: int + All required parameters must be populated in order to send to Azure. + + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + """ + + _validation = { + "kind": {"required": True}, + } + + _attribute_map = { + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + """ + super().__init__(**kwargs) + self.kind = "ThreatIntelligence" # type: str + self.tenant_id = tenant_id + + +class TICheckRequirementsProperties(DataConnectorTenantId): + """Threat Intelligence Platforms data connector required properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + """ + + _validation = { + "tenant_id": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: str, **kwargs): + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + """ + super().__init__(tenant_id=tenant_id, **kwargs) + + +class TIDataConnector(DataConnector): + """Represents threat intelligence data connector. + + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str + :ivar tip_lookback_period: The lookback period for the feed to be imported. + :vartype tip_lookback_period: ~datetime.datetime + :ivar data_types: The available data types for the connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypes """ + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + } + _attribute_map = { - 'metric_name': {'key': 'metricName', 'type': 'str'}, - 'metric_value': {'key': 'metricValue', 'type': 'int'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "tip_lookback_period": {"key": "properties.tipLookbackPeriod", "type": "iso-8601"}, + "data_types": {"key": "properties.dataTypes", "type": "TIDataConnectorDataTypes"}, } def __init__( self, *, - metric_name: Optional[str] = None, - metric_value: Optional[int] = None, + etag: Optional[str] = None, + tenant_id: Optional[str] = None, + tip_lookback_period: Optional[datetime.datetime] = None, + data_types: Optional["_models.TIDataConnectorDataTypes"] = None, **kwargs ): """ - :keyword metric_name: Metric name. - :paramtype metric_name: str - :keyword metric_value: Metric value. - :paramtype metric_value: int + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str + :keyword tip_lookback_period: The lookback period for the feed to be imported. + :paramtype tip_lookback_period: ~datetime.datetime + :keyword data_types: The available data types for the connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypes """ - super(ThreatIntelligenceMetricEntity, self).__init__(**kwargs) - self.metric_name = metric_name - self.metric_value = metric_value + super().__init__(etag=etag, **kwargs) + self.kind = "ThreatIntelligence" # type: str + self.tenant_id = tenant_id + self.tip_lookback_period = tip_lookback_period + self.data_types = data_types -class ThreatIntelligenceMetrics(msrest.serialization.Model): - """Threat intelligence metrics. +class TIDataConnectorDataTypes(_serialization.Model): + """The available data types for TI (Threat Intelligence) data connector. - :ivar properties: Threat intelligence metrics. - :vartype properties: ~azure.mgmt.securityinsight.models.ThreatIntelligenceMetric + All required parameters must be populated in order to send to Azure. + + :ivar indicators: Data type for indicators connection. Required. + :vartype indicators: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypesIndicators + """ + + _validation = { + "indicators": {"required": True}, + } + + _attribute_map = { + "indicators": {"key": "indicators", "type": "TIDataConnectorDataTypesIndicators"}, + } + + def __init__(self, *, indicators: "_models.TIDataConnectorDataTypesIndicators", **kwargs): + """ + :keyword indicators: Data type for indicators connection. Required. + :paramtype indicators: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypesIndicators + """ + super().__init__(**kwargs) + self.indicators = indicators + + +class TIDataConnectorDataTypesIndicators(DataConnectorDataTypeCommon): + """Data type for indicators connection. + + All required parameters must be populated in order to send to Azure. + + :ivar state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _validation = { + "state": {"required": True}, + } + + _attribute_map = { + "state": {"key": "state", "type": "str"}, + } + + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): + """ + :keyword state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + super().__init__(state=state, **kwargs) + + +class TIDataConnectorProperties(DataConnectorTenantId): + """TI (Threat Intelligence) data connector properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + :ivar tip_lookback_period: The lookback period for the feed to be imported. + :vartype tip_lookback_period: ~datetime.datetime + :ivar data_types: The available data types for the connector. Required. + :vartype data_types: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypes """ + _validation = { + "tenant_id": {"required": True}, + "data_types": {"required": True}, + } + _attribute_map = { - 'properties': {'key': 'properties', 'type': 'ThreatIntelligenceMetric'}, + "tenant_id": {"key": "tenantId", "type": "str"}, + "tip_lookback_period": {"key": "tipLookbackPeriod", "type": "iso-8601"}, + "data_types": {"key": "dataTypes", "type": "TIDataConnectorDataTypes"}, } def __init__( self, *, - properties: Optional["_models.ThreatIntelligenceMetric"] = None, + tenant_id: str, + data_types: "_models.TIDataConnectorDataTypes", + tip_lookback_period: Optional[datetime.datetime] = None, **kwargs ): """ - :keyword properties: Threat intelligence metrics. - :paramtype properties: ~azure.mgmt.securityinsight.models.ThreatIntelligenceMetric + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + :keyword tip_lookback_period: The lookback period for the feed to be imported. + :paramtype tip_lookback_period: ~datetime.datetime + :keyword data_types: The available data types for the connector. Required. + :paramtype data_types: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypes """ - super(ThreatIntelligenceMetrics, self).__init__(**kwargs) - self.properties = properties + super().__init__(tenant_id=tenant_id, **kwargs) + self.tip_lookback_period = tip_lookback_period + self.data_types = data_types -class ThreatIntelligenceMetricsList(msrest.serialization.Model): - """List of all the threat intelligence metric fields (type/threat type/source). +class TimelineAggregation(_serialization.Model): + """timeline aggregation information per kind. All required parameters must be populated in order to send to Azure. - :ivar value: Required. Array of threat intelligence metric fields (type/threat type/source). - :vartype value: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetrics] + :ivar count: the total items found for a kind. Required. + :vartype count: int + :ivar kind: the query kind. Required. Known values are: "Activity", "Bookmark", + "SecurityAlert", and "Anomaly". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityTimelineKind """ _validation = { - 'value': {'required': True}, + "count": {"required": True}, + "kind": {"required": True}, } _attribute_map = { - 'value': {'key': 'value', 'type': '[ThreatIntelligenceMetrics]'}, + "count": {"key": "count", "type": "int"}, + "kind": {"key": "kind", "type": "str"}, } - def __init__( - self, - *, - value: List["_models.ThreatIntelligenceMetrics"], - **kwargs - ): + def __init__(self, *, count: int, kind: Union[str, "_models.EntityTimelineKind"], **kwargs): """ - :keyword value: Required. Array of threat intelligence metric fields (type/threat type/source). - :paramtype value: list[~azure.mgmt.securityinsight.models.ThreatIntelligenceMetrics] + :keyword count: the total items found for a kind. Required. + :paramtype count: int + :keyword kind: the query kind. Required. Known values are: "Activity", "Bookmark", + "SecurityAlert", and "Anomaly". + :paramtype kind: str or ~azure.mgmt.securityinsight.models.EntityTimelineKind """ - super(ThreatIntelligenceMetricsList, self).__init__(**kwargs) - self.value = value + super().__init__(**kwargs) + self.count = count + self.kind = kind -class ThreatIntelligenceParsedPattern(msrest.serialization.Model): - """Describes parsed pattern entity. +class TimelineError(_serialization.Model): + """Timeline Query Errors. - :ivar pattern_type_key: Pattern type key. - :vartype pattern_type_key: str - :ivar pattern_type_values: Pattern type keys. - :vartype pattern_type_values: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceParsedPatternTypeValue] + All required parameters must be populated in order to send to Azure. + + :ivar kind: the query kind. Required. Known values are: "Activity", "Bookmark", + "SecurityAlert", and "Anomaly". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityTimelineKind + :ivar query_id: the query id. + :vartype query_id: str + :ivar error_message: the error message. Required. + :vartype error_message: str """ + _validation = { + "kind": {"required": True}, + "error_message": {"required": True}, + } + _attribute_map = { - 'pattern_type_key': {'key': 'patternTypeKey', 'type': 'str'}, - 'pattern_type_values': {'key': 'patternTypeValues', 'type': '[ThreatIntelligenceParsedPatternTypeValue]'}, + "kind": {"key": "kind", "type": "str"}, + "query_id": {"key": "queryId", "type": "str"}, + "error_message": {"key": "errorMessage", "type": "str"}, } def __init__( self, *, - pattern_type_key: Optional[str] = None, - pattern_type_values: Optional[List["_models.ThreatIntelligenceParsedPatternTypeValue"]] = None, + kind: Union[str, "_models.EntityTimelineKind"], + error_message: str, + query_id: Optional[str] = None, **kwargs ): """ - :keyword pattern_type_key: Pattern type key. - :paramtype pattern_type_key: str - :keyword pattern_type_values: Pattern type keys. - :paramtype pattern_type_values: - list[~azure.mgmt.securityinsight.models.ThreatIntelligenceParsedPatternTypeValue] + :keyword kind: the query kind. Required. Known values are: "Activity", "Bookmark", + "SecurityAlert", and "Anomaly". + :paramtype kind: str or ~azure.mgmt.securityinsight.models.EntityTimelineKind + :keyword query_id: the query id. + :paramtype query_id: str + :keyword error_message: the error message. Required. + :paramtype error_message: str """ - super(ThreatIntelligenceParsedPattern, self).__init__(**kwargs) - self.pattern_type_key = pattern_type_key - self.pattern_type_values = pattern_type_values + super().__init__(**kwargs) + self.kind = kind + self.query_id = query_id + self.error_message = error_message -class ThreatIntelligenceParsedPatternTypeValue(msrest.serialization.Model): - """Describes threat kill chain phase entity. +class TimelineResultsMetadata(_serialization.Model): + """Expansion result metadata. - :ivar value_type: Type of the value. - :vartype value_type: str - :ivar value: Value of parsed pattern. - :vartype value: str + All required parameters must be populated in order to send to Azure. + + :ivar total_count: the total items found for the timeline request. Required. + :vartype total_count: int + :ivar aggregations: timeline aggregation per kind. Required. + :vartype aggregations: list[~azure.mgmt.securityinsight.models.TimelineAggregation] + :ivar errors: information about the failure queries. + :vartype errors: list[~azure.mgmt.securityinsight.models.TimelineError] """ + _validation = { + "total_count": {"required": True}, + "aggregations": {"required": True}, + } + _attribute_map = { - 'value_type': {'key': 'valueType', 'type': 'str'}, - 'value': {'key': 'value', 'type': 'str'}, + "total_count": {"key": "totalCount", "type": "int"}, + "aggregations": {"key": "aggregations", "type": "[TimelineAggregation]"}, + "errors": {"key": "errors", "type": "[TimelineError]"}, } def __init__( self, *, - value_type: Optional[str] = None, - value: Optional[str] = None, + total_count: int, + aggregations: List["_models.TimelineAggregation"], + errors: Optional[List["_models.TimelineError"]] = None, **kwargs ): """ - :keyword value_type: Type of the value. - :paramtype value_type: str - :keyword value: Value of parsed pattern. - :paramtype value: str + :keyword total_count: the total items found for the timeline request. Required. + :paramtype total_count: int + :keyword aggregations: timeline aggregation per kind. Required. + :paramtype aggregations: list[~azure.mgmt.securityinsight.models.TimelineAggregation] + :keyword errors: information about the failure queries. + :paramtype errors: list[~azure.mgmt.securityinsight.models.TimelineError] """ - super(ThreatIntelligenceParsedPatternTypeValue, self).__init__(**kwargs) - self.value_type = value_type - self.value = value + super().__init__(**kwargs) + self.total_count = total_count + self.aggregations = aggregations + self.errors = errors -class ThreatIntelligenceSortingCriteria(msrest.serialization.Model): - """List of available columns for sorting. +class TiTaxiiCheckRequirements(DataConnectorsCheckRequirements): + """Threat Intelligence TAXII data connector check requirements. - :ivar item_key: Column name. - :vartype item_key: str - :ivar sort_order: Sorting order (ascending/descending/unsorted). Known values are: "unsorted", - "ascending", "descending". - :vartype sort_order: str or ~azure.mgmt.securityinsight.models.ThreatIntelligenceSortingOrder + All required parameters must be populated in order to send to Azure. + + :ivar kind: Describes the kind of connector to be checked. Required. Known values are: + "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", + "ThreatIntelligence", "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", + "Office365Project", "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". + :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind + :ivar tenant_id: The tenant id to connect to, and get the data from. + :vartype tenant_id: str """ + _validation = { + "kind": {"required": True}, + } + _attribute_map = { - 'item_key': {'key': 'itemKey', 'type': 'str'}, - 'sort_order': {'key': 'sortOrder', 'type': 'str'}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, } - def __init__( - self, - *, - item_key: Optional[str] = None, - sort_order: Optional[Union[str, "_models.ThreatIntelligenceSortingOrder"]] = None, - **kwargs - ): + def __init__(self, *, tenant_id: Optional[str] = None, **kwargs): """ - :keyword item_key: Column name. - :paramtype item_key: str - :keyword sort_order: Sorting order (ascending/descending/unsorted). Known values are: - "unsorted", "ascending", "descending". - :paramtype sort_order: str or ~azure.mgmt.securityinsight.models.ThreatIntelligenceSortingOrder + :keyword tenant_id: The tenant id to connect to, and get the data from. + :paramtype tenant_id: str """ - super(ThreatIntelligenceSortingCriteria, self).__init__(**kwargs) - self.item_key = item_key - self.sort_order = sort_order + super().__init__(**kwargs) + self.kind = "ThreatIntelligenceTaxii" # type: str + self.tenant_id = tenant_id -class TIDataConnector(DataConnector): - """Represents threat intelligence data connector. +class TiTaxiiCheckRequirementsProperties(DataConnectorTenantId): + """Threat Intelligence TAXII data connector required properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + """ + + _validation = { + "tenant_id": {"required": True}, + } + + _attribute_map = { + "tenant_id": {"key": "tenantId", "type": "str"}, + } + + def __init__(self, *, tenant_id: str, **kwargs): + """ + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + """ + super().__init__(tenant_id=tenant_id, **kwargs) + + +class TiTaxiiDataConnector(DataConnector): # pylint: disable=too-many-instance-attributes + """Data connector to pull Threat intelligence data from TAXII 2.0/2.1 server. Variables are only populated by the server, and will be ignored when sending a request. @@ -10230,37 +22109,62 @@ class TIDataConnector(DataConnector): :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData :ivar etag: Etag of the azure resource. :vartype etag: str - :ivar kind: Required. The data connector kind.Constant filled by server. Known values are: - "AzureActiveDirectory", "AzureSecurityCenter", "MicrosoftCloudAppSecurity", - "ThreatIntelligence", "Office365", "AmazonWebServicesCloudTrail", - "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection". + :ivar kind: The data connector kind. Required. Known values are: "AzureActiveDirectory", + "AzureSecurityCenter", "MicrosoftCloudAppSecurity", "ThreatIntelligence", + "ThreatIntelligenceTaxii", "Office365", "OfficeATP", "OfficeIRM", "Office365Project", + "OfficePowerBI", "AmazonWebServicesCloudTrail", "AmazonWebServicesS3", + "AzureAdvancedThreatProtection", "MicrosoftDefenderAdvancedThreatProtection", "Dynamics365", + "MicrosoftThreatProtection", "MicrosoftThreatIntelligence", "GenericUI", "APIPolling", and + "IOT". :vartype kind: str or ~azure.mgmt.securityinsight.models.DataConnectorKind :ivar tenant_id: The tenant id to connect to, and get the data from. :vartype tenant_id: str - :ivar tip_lookback_period: The lookback period for the feed to be imported. - :vartype tip_lookback_period: ~datetime.datetime - :ivar data_types: The available data types for the connector. - :vartype data_types: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypes + :ivar workspace_id: The workspace id. + :vartype workspace_id: str + :ivar friendly_name: The friendly name for the TAXII server. + :vartype friendly_name: str + :ivar taxii_server: The API root for the TAXII server. + :vartype taxii_server: str + :ivar collection_id: The collection id of the TAXII server. + :vartype collection_id: str + :ivar user_name: The userName for the TAXII server. + :vartype user_name: str + :ivar password: The password for the TAXII server. + :vartype password: str + :ivar taxii_lookback_period: The lookback period for the TAXII server. + :vartype taxii_lookback_period: ~datetime.datetime + :ivar polling_frequency: The polling frequency for the TAXII server. Known values are: + "OnceAMinute", "OnceAnHour", and "OnceADay". + :vartype polling_frequency: str or ~azure.mgmt.securityinsight.models.PollingFrequency + :ivar data_types: The available data types for Threat Intelligence TAXII data connector. + :vartype data_types: ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypes """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'etag': {'key': 'etag', 'type': 'str'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, - 'tip_lookback_period': {'key': 'properties.tipLookbackPeriod', 'type': 'iso-8601'}, - 'data_types': {'key': 'properties.dataTypes', 'type': 'TIDataConnectorDataTypes'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "workspace_id": {"key": "properties.workspaceId", "type": "str"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "taxii_server": {"key": "properties.taxiiServer", "type": "str"}, + "collection_id": {"key": "properties.collectionId", "type": "str"}, + "user_name": {"key": "properties.userName", "type": "str"}, + "password": {"key": "properties.password", "type": "str"}, + "taxii_lookback_period": {"key": "properties.taxiiLookbackPeriod", "type": "iso-8601"}, + "polling_frequency": {"key": "properties.pollingFrequency", "type": "str"}, + "data_types": {"key": "properties.dataTypes", "type": "TiTaxiiDataConnectorDataTypes"}, } def __init__( @@ -10268,8 +22172,15 @@ def __init__( *, etag: Optional[str] = None, tenant_id: Optional[str] = None, - tip_lookback_period: Optional[datetime.datetime] = None, - data_types: Optional["_models.TIDataConnectorDataTypes"] = None, + workspace_id: Optional[str] = None, + friendly_name: Optional[str] = None, + taxii_server: Optional[str] = None, + collection_id: Optional[str] = None, + user_name: Optional[str] = None, + password: Optional[str] = None, + taxii_lookback_period: Optional[datetime.datetime] = None, + polling_frequency: Optional[Union[str, "_models.PollingFrequency"]] = None, + data_types: Optional["_models.TiTaxiiDataConnectorDataTypes"] = None, **kwargs ): """ @@ -10277,67 +22188,255 @@ def __init__( :paramtype etag: str :keyword tenant_id: The tenant id to connect to, and get the data from. :paramtype tenant_id: str - :keyword tip_lookback_period: The lookback period for the feed to be imported. - :paramtype tip_lookback_period: ~datetime.datetime - :keyword data_types: The available data types for the connector. - :paramtype data_types: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypes - """ - super(TIDataConnector, self).__init__(etag=etag, **kwargs) - self.kind = 'ThreatIntelligence' # type: str + :keyword workspace_id: The workspace id. + :paramtype workspace_id: str + :keyword friendly_name: The friendly name for the TAXII server. + :paramtype friendly_name: str + :keyword taxii_server: The API root for the TAXII server. + :paramtype taxii_server: str + :keyword collection_id: The collection id of the TAXII server. + :paramtype collection_id: str + :keyword user_name: The userName for the TAXII server. + :paramtype user_name: str + :keyword password: The password for the TAXII server. + :paramtype password: str + :keyword taxii_lookback_period: The lookback period for the TAXII server. + :paramtype taxii_lookback_period: ~datetime.datetime + :keyword polling_frequency: The polling frequency for the TAXII server. Known values are: + "OnceAMinute", "OnceAnHour", and "OnceADay". + :paramtype polling_frequency: str or ~azure.mgmt.securityinsight.models.PollingFrequency + :keyword data_types: The available data types for Threat Intelligence TAXII data connector. + :paramtype data_types: ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypes + """ + super().__init__(etag=etag, **kwargs) + self.kind = "ThreatIntelligenceTaxii" # type: str self.tenant_id = tenant_id - self.tip_lookback_period = tip_lookback_period + self.workspace_id = workspace_id + self.friendly_name = friendly_name + self.taxii_server = taxii_server + self.collection_id = collection_id + self.user_name = user_name + self.password = password + self.taxii_lookback_period = taxii_lookback_period + self.polling_frequency = polling_frequency self.data_types = data_types -class TIDataConnectorDataTypes(msrest.serialization.Model): - """The available data types for TI (Threat Intelligence) data connector. +class TiTaxiiDataConnectorDataTypes(_serialization.Model): + """The available data types for Threat Intelligence TAXII data connector. - :ivar indicators: Data type for indicators connection. - :vartype indicators: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypesIndicators + All required parameters must be populated in order to send to Azure. + + :ivar taxii_client: Data type for TAXII connector. Required. + :vartype taxii_client: + ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypesTaxiiClient + """ + + _validation = { + "taxii_client": {"required": True}, + } + + _attribute_map = { + "taxii_client": {"key": "taxiiClient", "type": "TiTaxiiDataConnectorDataTypesTaxiiClient"}, + } + + def __init__(self, *, taxii_client: "_models.TiTaxiiDataConnectorDataTypesTaxiiClient", **kwargs): + """ + :keyword taxii_client: Data type for TAXII connector. Required. + :paramtype taxii_client: + ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypesTaxiiClient + """ + super().__init__(**kwargs) + self.taxii_client = taxii_client + + +class TiTaxiiDataConnectorDataTypesTaxiiClient(DataConnectorDataTypeCommon): + """Data type for TAXII connector. + + All required parameters must be populated in order to send to Azure. + + :ivar state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + + _validation = { + "state": {"required": True}, + } + + _attribute_map = { + "state": {"key": "state", "type": "str"}, + } + + def __init__(self, *, state: Union[str, "_models.DataTypeState"], **kwargs): + """ + :keyword state: Describe whether this data type connection is enabled or not. Required. Known + values are: "Enabled" and "Disabled". + :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + """ + super().__init__(state=state, **kwargs) + + +class TiTaxiiDataConnectorProperties(DataConnectorTenantId): + """Threat Intelligence TAXII data connector properties. + + All required parameters must be populated in order to send to Azure. + + :ivar tenant_id: The tenant id to connect to, and get the data from. Required. + :vartype tenant_id: str + :ivar workspace_id: The workspace id. + :vartype workspace_id: str + :ivar friendly_name: The friendly name for the TAXII server. + :vartype friendly_name: str + :ivar taxii_server: The API root for the TAXII server. + :vartype taxii_server: str + :ivar collection_id: The collection id of the TAXII server. + :vartype collection_id: str + :ivar user_name: The userName for the TAXII server. + :vartype user_name: str + :ivar password: The password for the TAXII server. + :vartype password: str + :ivar taxii_lookback_period: The lookback period for the TAXII server. + :vartype taxii_lookback_period: ~datetime.datetime + :ivar polling_frequency: The polling frequency for the TAXII server. Required. Known values + are: "OnceAMinute", "OnceAnHour", and "OnceADay". + :vartype polling_frequency: str or ~azure.mgmt.securityinsight.models.PollingFrequency + :ivar data_types: The available data types for Threat Intelligence TAXII data connector. + Required. + :vartype data_types: ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypes """ + _validation = { + "tenant_id": {"required": True}, + "polling_frequency": {"required": True}, + "data_types": {"required": True}, + } + _attribute_map = { - 'indicators': {'key': 'indicators', 'type': 'TIDataConnectorDataTypesIndicators'}, + "tenant_id": {"key": "tenantId", "type": "str"}, + "workspace_id": {"key": "workspaceId", "type": "str"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "taxii_server": {"key": "taxiiServer", "type": "str"}, + "collection_id": {"key": "collectionId", "type": "str"}, + "user_name": {"key": "userName", "type": "str"}, + "password": {"key": "password", "type": "str"}, + "taxii_lookback_period": {"key": "taxiiLookbackPeriod", "type": "iso-8601"}, + "polling_frequency": {"key": "pollingFrequency", "type": "str"}, + "data_types": {"key": "dataTypes", "type": "TiTaxiiDataConnectorDataTypes"}, } def __init__( self, *, - indicators: Optional["_models.TIDataConnectorDataTypesIndicators"] = None, + tenant_id: str, + polling_frequency: Union[str, "_models.PollingFrequency"], + data_types: "_models.TiTaxiiDataConnectorDataTypes", + workspace_id: Optional[str] = None, + friendly_name: Optional[str] = None, + taxii_server: Optional[str] = None, + collection_id: Optional[str] = None, + user_name: Optional[str] = None, + password: Optional[str] = None, + taxii_lookback_period: Optional[datetime.datetime] = None, **kwargs ): """ - :keyword indicators: Data type for indicators connection. - :paramtype indicators: ~azure.mgmt.securityinsight.models.TIDataConnectorDataTypesIndicators - """ - super(TIDataConnectorDataTypes, self).__init__(**kwargs) - self.indicators = indicators + :keyword tenant_id: The tenant id to connect to, and get the data from. Required. + :paramtype tenant_id: str + :keyword workspace_id: The workspace id. + :paramtype workspace_id: str + :keyword friendly_name: The friendly name for the TAXII server. + :paramtype friendly_name: str + :keyword taxii_server: The API root for the TAXII server. + :paramtype taxii_server: str + :keyword collection_id: The collection id of the TAXII server. + :paramtype collection_id: str + :keyword user_name: The userName for the TAXII server. + :paramtype user_name: str + :keyword password: The password for the TAXII server. + :paramtype password: str + :keyword taxii_lookback_period: The lookback period for the TAXII server. + :paramtype taxii_lookback_period: ~datetime.datetime + :keyword polling_frequency: The polling frequency for the TAXII server. Required. Known values + are: "OnceAMinute", "OnceAnHour", and "OnceADay". + :paramtype polling_frequency: str or ~azure.mgmt.securityinsight.models.PollingFrequency + :keyword data_types: The available data types for Threat Intelligence TAXII data connector. + Required. + :paramtype data_types: ~azure.mgmt.securityinsight.models.TiTaxiiDataConnectorDataTypes + """ + super().__init__(tenant_id=tenant_id, **kwargs) + self.workspace_id = workspace_id + self.friendly_name = friendly_name + self.taxii_server = taxii_server + self.collection_id = collection_id + self.user_name = user_name + self.password = password + self.taxii_lookback_period = taxii_lookback_period + self.polling_frequency = polling_frequency + self.data_types = data_types -class TIDataConnectorDataTypesIndicators(DataConnectorDataTypeCommon): - """Data type for indicators connection. +class Ueba(Settings): + """Settings with single toggle. - :ivar state: Describe whether this data type connection is enabled or not. Known values are: - "Enabled", "Disabled". - :vartype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + Variables are only populated by the server, and will be ignored when sending a request. + + All required parameters must be populated in order to send to Azure. + + :ivar id: Fully qualified resource ID for the resource. Ex - + /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}. + :vartype id: str + :ivar name: The name of the resource. + :vartype name: str + :ivar type: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or + "Microsoft.Storage/storageAccounts". + :vartype type: str + :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy + information. + :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData + :ivar etag: Etag of the azure resource. + :vartype etag: str + :ivar kind: The kind of the setting. Required. Known values are: "Anomalies", "EyesOn", + "EntityAnalytics", and "Ueba". + :vartype kind: str or ~azure.mgmt.securityinsight.models.SettingKind + :ivar data_sources: The relevant data sources that enriched by ueba. + :vartype data_sources: list[str or ~azure.mgmt.securityinsight.models.UebaDataSources] """ + _validation = { + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + } + _attribute_map = { - 'state': {'key': 'state', 'type': 'str'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "kind": {"key": "kind", "type": "str"}, + "data_sources": {"key": "properties.dataSources", "type": "[str]"}, } def __init__( self, *, - state: Optional[Union[str, "_models.DataTypeState"]] = None, + etag: Optional[str] = None, + data_sources: Optional[List[Union[str, "_models.UebaDataSources"]]] = None, **kwargs ): """ - :keyword state: Describe whether this data type connection is enabled or not. Known values are: - "Enabled", "Disabled". - :paramtype state: str or ~azure.mgmt.securityinsight.models.DataTypeState + :keyword etag: Etag of the azure resource. + :paramtype etag: str + :keyword data_sources: The relevant data sources that enriched by ueba. + :paramtype data_sources: list[str or ~azure.mgmt.securityinsight.models.UebaDataSources] """ - super(TIDataConnectorDataTypesIndicators, self).__init__(state=state, **kwargs) + super().__init__(etag=etag, **kwargs) + self.kind = "Ueba" # type: str + self.data_sources = data_sources class UrlEntity(Entity): @@ -10358,15 +22457,14 @@ class UrlEntity(Entity): :ivar system_data: Azure Resource Manager metadata containing createdBy and modifiedBy information. :vartype system_data: ~azure.mgmt.securityinsight.models.SystemData - :ivar kind: Required. The kind of the entity.Constant filled by server. Known values are: - "Account", "Host", "File", "AzureResource", "CloudApplication", "DnsResolution", "FileHash", - "Ip", "Malware", "Process", "RegistryKey", "RegistryValue", "SecurityGroup", "Url", - "IoTDevice", "SecurityAlert", "Bookmark", "MailCluster", "MailMessage", "Mailbox", - "SubmissionMail". - :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKindEnum + :ivar kind: The kind of the entity. Required. Known values are: "Account", "Host", "File", + "AzureResource", "CloudApplication", "DnsResolution", "FileHash", "Ip", "Malware", "Process", + "RegistryKey", "RegistryValue", "SecurityGroup", "Url", "IoTDevice", "SecurityAlert", + "Bookmark", "MailCluster", "MailMessage", "Mailbox", "SubmissionMail", and "Nic". + :vartype kind: str or ~azure.mgmt.securityinsight.models.EntityKind :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str @@ -10375,35 +22473,31 @@ class UrlEntity(Entity): """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, - 'kind': {'required': True}, - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'url': {'readonly': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, + "kind": {"required": True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "url": {"readonly": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'kind': {'key': 'kind', 'type': 'str'}, - 'additional_data': {'key': 'properties.additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'properties.friendlyName', 'type': 'str'}, - 'url': {'key': 'properties.url', 'type': 'str'}, - } - - def __init__( - self, - **kwargs - ): - """ - """ - super(UrlEntity, self).__init__(**kwargs) - self.kind = 'Url' # type: str + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "kind": {"key": "kind", "type": "str"}, + "additional_data": {"key": "properties.additionalData", "type": "{object}"}, + "friendly_name": {"key": "properties.friendlyName", "type": "str"}, + "url": {"key": "properties.url", "type": "str"}, + } + + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) + self.kind = "Url" # type: str self.additional_data = None self.friendly_name = None self.url = None @@ -10416,7 +22510,7 @@ class UrlEntityProperties(EntityCommonProperties): :ivar additional_data: A bag of custom fields that should be part of the entity and will be presented to the user. - :vartype additional_data: dict[str, any] + :vartype additional_data: dict[str, JSON] :ivar friendly_name: The graph item display name which is a short humanly readable description of the graph item instance. This property is optional and might be system generated. :vartype friendly_name: str @@ -10425,28 +22519,24 @@ class UrlEntityProperties(EntityCommonProperties): """ _validation = { - 'additional_data': {'readonly': True}, - 'friendly_name': {'readonly': True}, - 'url': {'readonly': True}, + "additional_data": {"readonly": True}, + "friendly_name": {"readonly": True}, + "url": {"readonly": True}, } _attribute_map = { - 'additional_data': {'key': 'additionalData', 'type': '{object}'}, - 'friendly_name': {'key': 'friendlyName', 'type': 'str'}, - 'url': {'key': 'url', 'type': 'str'}, + "additional_data": {"key": "additionalData", "type": "{object}"}, + "friendly_name": {"key": "friendlyName", "type": "str"}, + "url": {"key": "url", "type": "str"}, } - def __init__( - self, - **kwargs - ): - """ - """ - super(UrlEntityProperties, self).__init__(**kwargs) + def __init__(self, **kwargs): + """ """ + super().__init__(**kwargs) self.url = None -class UserInfo(msrest.serialization.Model): +class UserInfo(_serialization.Model): """User information that made some action. Variables are only populated by the server, and will be ignored when sending a request. @@ -10460,33 +22550,58 @@ class UserInfo(msrest.serialization.Model): """ _validation = { - 'email': {'readonly': True}, - 'name': {'readonly': True}, + "email": {"readonly": True}, + "name": {"readonly": True}, } _attribute_map = { - 'email': {'key': 'email', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'object_id': {'key': 'objectId', 'type': 'str'}, + "email": {"key": "email", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "object_id": {"key": "objectId", "type": "str"}, } - def __init__( - self, - *, - object_id: Optional[str] = None, - **kwargs - ): + def __init__(self, *, object_id: Optional[str] = None, **kwargs): """ :keyword object_id: The object id of the user. :paramtype object_id: str """ - super(UserInfo, self).__init__(**kwargs) + super().__init__(**kwargs) self.email = None self.name = None self.object_id = object_id -class Watchlist(ResourceWithEtag): +class ValidationError(_serialization.Model): + """Describes an error encountered in the file during validation. + + Variables are only populated by the server, and will be ignored when sending a request. + + :ivar record_index: The number of the record that has the error. + :vartype record_index: int + :ivar error_messages: A list of descriptions of the error. + :vartype error_messages: list[str] + """ + + _validation = { + "error_messages": {"readonly": True}, + } + + _attribute_map = { + "record_index": {"key": "recordIndex", "type": "int"}, + "error_messages": {"key": "errorMessages", "type": "[str]"}, + } + + def __init__(self, *, record_index: Optional[int] = None, **kwargs): + """ + :keyword record_index: The number of the record that has the error. + :paramtype record_index: int + """ + super().__init__(**kwargs) + self.record_index = record_index + self.error_messages = None + + +class Watchlist(ResourceWithEtag): # pylint: disable=too-many-instance-attributes """Represents a Watchlist in Azure Security Insights. Variables are only populated by the server, and will be ignored when sending a request. @@ -10510,8 +22625,11 @@ class Watchlist(ResourceWithEtag): :vartype display_name: str :ivar provider: The provider of the watchlist. :vartype provider: str - :ivar source: The source of the watchlist. Known values are: "Local file", "Remote storage". - :vartype source: str or ~azure.mgmt.securityinsight.models.Source + :ivar source: The filename of the watchlist, called 'source'. + :vartype source: str + :ivar source_type: The sourceType of the watchlist. Known values are: "Local file" and "Remote + storage". + :vartype source_type: str or ~azure.mgmt.securityinsight.models.SourceType :ivar created: The time the watchlist was created. :vartype created: ~datetime.datetime :ivar updated: The last time the watchlist was updated. @@ -10534,68 +22652,69 @@ class Watchlist(ResourceWithEtag): :vartype default_duration: ~datetime.timedelta :ivar tenant_id: The tenantId where the watchlist belongs to. :vartype tenant_id: str - :ivar number_of_lines_to_skip: The number of lines in a csv content to skip before the header. + :ivar number_of_lines_to_skip: The number of lines in a csv/tsv content to skip before the + header. :vartype number_of_lines_to_skip: int - :ivar raw_content: The raw content that represents to watchlist items to create. Example : This - line will be skipped - header1,header2 - value1,value2. + :ivar raw_content: The raw content that represents to watchlist items to create. In case of + csv/tsv content type, it's the content of the file that will parsed by the endpoint. :vartype raw_content: str :ivar items_search_key: The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address. :vartype items_search_key: str - :ivar content_type: The content type of the raw content. For now, only text/csv is valid. + :ivar content_type: The content type of the raw content. Example : text/csv or text/tsv. :vartype content_type: str - :ivar upload_status: The status of the Watchlist upload : New, InProgress or Complete. **Note** - : When a Watchlist upload status is InProgress, the Watchlist cannot be deleted. + :ivar upload_status: The status of the Watchlist upload : New, InProgress or Complete. Pls note + : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted. :vartype upload_status: str """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'etag': {'key': 'etag', 'type': 'str'}, - 'watchlist_id': {'key': 'properties.watchlistId', 'type': 'str'}, - 'display_name': {'key': 'properties.displayName', 'type': 'str'}, - 'provider': {'key': 'properties.provider', 'type': 'str'}, - 'source': {'key': 'properties.source', 'type': 'str'}, - 'created': {'key': 'properties.created', 'type': 'iso-8601'}, - 'updated': {'key': 'properties.updated', 'type': 'iso-8601'}, - 'created_by': {'key': 'properties.createdBy', 'type': 'UserInfo'}, - 'updated_by': {'key': 'properties.updatedBy', 'type': 'UserInfo'}, - 'description': {'key': 'properties.description', 'type': 'str'}, - 'watchlist_type': {'key': 'properties.watchlistType', 'type': 'str'}, - 'watchlist_alias': {'key': 'properties.watchlistAlias', 'type': 'str'}, - 'is_deleted': {'key': 'properties.isDeleted', 'type': 'bool'}, - 'labels': {'key': 'properties.labels', 'type': '[str]'}, - 'default_duration': {'key': 'properties.defaultDuration', 'type': 'duration'}, - 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, - 'number_of_lines_to_skip': {'key': 'properties.numberOfLinesToSkip', 'type': 'int'}, - 'raw_content': {'key': 'properties.rawContent', 'type': 'str'}, - 'items_search_key': {'key': 'properties.itemsSearchKey', 'type': 'str'}, - 'content_type': {'key': 'properties.contentType', 'type': 'str'}, - 'upload_status': {'key': 'properties.uploadStatus', 'type': 'str'}, - } - - def __init__( + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "watchlist_id": {"key": "properties.watchlistId", "type": "str"}, + "display_name": {"key": "properties.displayName", "type": "str"}, + "provider": {"key": "properties.provider", "type": "str"}, + "source": {"key": "properties.source", "type": "str"}, + "source_type": {"key": "properties.sourceType", "type": "str"}, + "created": {"key": "properties.created", "type": "iso-8601"}, + "updated": {"key": "properties.updated", "type": "iso-8601"}, + "created_by": {"key": "properties.createdBy", "type": "UserInfo"}, + "updated_by": {"key": "properties.updatedBy", "type": "UserInfo"}, + "description": {"key": "properties.description", "type": "str"}, + "watchlist_type": {"key": "properties.watchlistType", "type": "str"}, + "watchlist_alias": {"key": "properties.watchlistAlias", "type": "str"}, + "is_deleted": {"key": "properties.isDeleted", "type": "bool"}, + "labels": {"key": "properties.labels", "type": "[str]"}, + "default_duration": {"key": "properties.defaultDuration", "type": "duration"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "number_of_lines_to_skip": {"key": "properties.numberOfLinesToSkip", "type": "int"}, + "raw_content": {"key": "properties.rawContent", "type": "str"}, + "items_search_key": {"key": "properties.itemsSearchKey", "type": "str"}, + "content_type": {"key": "properties.contentType", "type": "str"}, + "upload_status": {"key": "properties.uploadStatus", "type": "str"}, + } + + def __init__( # pylint: disable=too-many-locals self, *, etag: Optional[str] = None, watchlist_id: Optional[str] = None, display_name: Optional[str] = None, provider: Optional[str] = None, - source: Optional[Union[str, "_models.Source"]] = None, + source: Optional[str] = None, + source_type: Optional[Union[str, "_models.SourceType"]] = None, created: Optional[datetime.datetime] = None, updated: Optional[datetime.datetime] = None, created_by: Optional["_models.UserInfo"] = None, @@ -10623,8 +22742,11 @@ def __init__( :paramtype display_name: str :keyword provider: The provider of the watchlist. :paramtype provider: str - :keyword source: The source of the watchlist. Known values are: "Local file", "Remote storage". - :paramtype source: str or ~azure.mgmt.securityinsight.models.Source + :keyword source: The filename of the watchlist, called 'source'. + :paramtype source: str + :keyword source_type: The sourceType of the watchlist. Known values are: "Local file" and + "Remote storage". + :paramtype source_type: str or ~azure.mgmt.securityinsight.models.SourceType :keyword created: The time the watchlist was created. :paramtype created: ~datetime.datetime :keyword updated: The last time the watchlist was updated. @@ -10647,30 +22769,29 @@ def __init__( :paramtype default_duration: ~datetime.timedelta :keyword tenant_id: The tenantId where the watchlist belongs to. :paramtype tenant_id: str - :keyword number_of_lines_to_skip: The number of lines in a csv content to skip before the + :keyword number_of_lines_to_skip: The number of lines in a csv/tsv content to skip before the header. :paramtype number_of_lines_to_skip: int - :keyword raw_content: The raw content that represents to watchlist items to create. Example : - This line will be skipped - header1,header2 - value1,value2. + :keyword raw_content: The raw content that represents to watchlist items to create. In case of + csv/tsv content type, it's the content of the file that will parsed by the endpoint. :paramtype raw_content: str :keyword items_search_key: The search key is used to optimize query performance when using watchlists for joins with other data. For example, enable a column with IP addresses to be the designated SearchKey field, then use this field as the key field when joining to other event data by IP address. :paramtype items_search_key: str - :keyword content_type: The content type of the raw content. For now, only text/csv is valid. + :keyword content_type: The content type of the raw content. Example : text/csv or text/tsv. :paramtype content_type: str - :keyword upload_status: The status of the Watchlist upload : New, InProgress or Complete. - **Note** : When a Watchlist upload status is InProgress, the Watchlist cannot be deleted. + :keyword upload_status: The status of the Watchlist upload : New, InProgress or Complete. Pls + note : When a Watchlist upload status is equal to InProgress, the Watchlist cannot be deleted. :paramtype upload_status: str """ - super(Watchlist, self).__init__(etag=etag, **kwargs) + super().__init__(etag=etag, **kwargs) self.watchlist_id = watchlist_id self.display_name = display_name self.provider = provider self.source = source + self.source_type = source_type self.created = created self.updated = updated self.created_by = created_by @@ -10689,8 +22810,8 @@ def __init__( self.upload_status = upload_status -class WatchlistItem(ResourceWithEtag): - """Represents a Watchlist Item in Azure Security Insights. +class WatchlistItem(ResourceWithEtag): # pylint: disable=too-many-instance-attributes + """Represents a Watchlist item in Azure Security Insights. Variables are only populated by the server, and will be ignored when sending a request. @@ -10724,34 +22845,34 @@ class WatchlistItem(ResourceWithEtag): :ivar updated_by: Describes a user that updated the watchlist item. :vartype updated_by: ~azure.mgmt.securityinsight.models.UserInfo :ivar items_key_value: key-value pairs for a watchlist item. - :vartype items_key_value: any + :vartype items_key_value: dict[str, any] :ivar entity_mapping: key-value pairs for a watchlist item entity mapping. - :vartype entity_mapping: any + :vartype entity_mapping: dict[str, any] """ _validation = { - 'id': {'readonly': True}, - 'name': {'readonly': True}, - 'type': {'readonly': True}, - 'system_data': {'readonly': True}, + "id": {"readonly": True}, + "name": {"readonly": True}, + "type": {"readonly": True}, + "system_data": {"readonly": True}, } _attribute_map = { - 'id': {'key': 'id', 'type': 'str'}, - 'name': {'key': 'name', 'type': 'str'}, - 'type': {'key': 'type', 'type': 'str'}, - 'system_data': {'key': 'systemData', 'type': 'SystemData'}, - 'etag': {'key': 'etag', 'type': 'str'}, - 'watchlist_item_type': {'key': 'properties.watchlistItemType', 'type': 'str'}, - 'watchlist_item_id': {'key': 'properties.watchlistItemId', 'type': 'str'}, - 'tenant_id': {'key': 'properties.tenantId', 'type': 'str'}, - 'is_deleted': {'key': 'properties.isDeleted', 'type': 'bool'}, - 'created': {'key': 'properties.created', 'type': 'iso-8601'}, - 'updated': {'key': 'properties.updated', 'type': 'iso-8601'}, - 'created_by': {'key': 'properties.createdBy', 'type': 'UserInfo'}, - 'updated_by': {'key': 'properties.updatedBy', 'type': 'UserInfo'}, - 'items_key_value': {'key': 'properties.itemsKeyValue', 'type': 'object'}, - 'entity_mapping': {'key': 'properties.entityMapping', 'type': 'object'}, + "id": {"key": "id", "type": "str"}, + "name": {"key": "name", "type": "str"}, + "type": {"key": "type", "type": "str"}, + "system_data": {"key": "systemData", "type": "SystemData"}, + "etag": {"key": "etag", "type": "str"}, + "watchlist_item_type": {"key": "properties.watchlistItemType", "type": "str"}, + "watchlist_item_id": {"key": "properties.watchlistItemId", "type": "str"}, + "tenant_id": {"key": "properties.tenantId", "type": "str"}, + "is_deleted": {"key": "properties.isDeleted", "type": "bool"}, + "created": {"key": "properties.created", "type": "iso-8601"}, + "updated": {"key": "properties.updated", "type": "iso-8601"}, + "created_by": {"key": "properties.createdBy", "type": "UserInfo"}, + "updated_by": {"key": "properties.updatedBy", "type": "UserInfo"}, + "items_key_value": {"key": "properties.itemsKeyValue", "type": "{object}"}, + "entity_mapping": {"key": "properties.entityMapping", "type": "{object}"}, } def __init__( @@ -10766,8 +22887,8 @@ def __init__( updated: Optional[datetime.datetime] = None, created_by: Optional["_models.UserInfo"] = None, updated_by: Optional["_models.UserInfo"] = None, - items_key_value: Optional[Any] = None, - entity_mapping: Optional[Any] = None, + items_key_value: Optional[Dict[str, Any]] = None, + entity_mapping: Optional[Dict[str, Any]] = None, **kwargs ): """ @@ -10790,11 +22911,11 @@ def __init__( :keyword updated_by: Describes a user that updated the watchlist item. :paramtype updated_by: ~azure.mgmt.securityinsight.models.UserInfo :keyword items_key_value: key-value pairs for a watchlist item. - :paramtype items_key_value: any + :paramtype items_key_value: dict[str, any] :keyword entity_mapping: key-value pairs for a watchlist item entity mapping. - :paramtype entity_mapping: any + :paramtype entity_mapping: dict[str, any] """ - super(WatchlistItem, self).__init__(etag=etag, **kwargs) + super().__init__(etag=etag, **kwargs) self.watchlist_item_type = watchlist_item_type self.watchlist_item_id = watchlist_item_id self.tenant_id = tenant_id @@ -10807,45 +22928,40 @@ def __init__( self.entity_mapping = entity_mapping -class WatchlistItemList(msrest.serialization.Model): +class WatchlistItemList(_serialization.Model): """List all the watchlist items. Variables are only populated by the server, and will be ignored when sending a request. All required parameters must be populated in order to send to Azure. - :ivar next_link: URL to fetch the next set of watchlist items. + :ivar next_link: URL to fetch the next set of watchlist item. :vartype next_link: str - :ivar value: Required. Array of watchlist items. + :ivar value: Array of watchlist items. Required. :vartype value: list[~azure.mgmt.securityinsight.models.WatchlistItem] """ _validation = { - 'next_link': {'readonly': True}, - 'value': {'required': True}, + "next_link": {"readonly": True}, + "value": {"required": True}, } _attribute_map = { - 'next_link': {'key': 'nextLink', 'type': 'str'}, - 'value': {'key': 'value', 'type': '[WatchlistItem]'}, + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[WatchlistItem]"}, } - def __init__( - self, - *, - value: List["_models.WatchlistItem"], - **kwargs - ): + def __init__(self, *, value: List["_models.WatchlistItem"], **kwargs): """ - :keyword value: Required. Array of watchlist items. + :keyword value: Array of watchlist items. Required. :paramtype value: list[~azure.mgmt.securityinsight.models.WatchlistItem] """ - super(WatchlistItemList, self).__init__(**kwargs) + super().__init__(**kwargs) self.next_link = None self.value = value -class WatchlistList(msrest.serialization.Model): +class WatchlistList(_serialization.Model): """List all the watchlists. Variables are only populated by the server, and will be ignored when sending a request. @@ -10854,30 +22970,72 @@ class WatchlistList(msrest.serialization.Model): :ivar next_link: URL to fetch the next set of watchlists. :vartype next_link: str - :ivar value: Required. Array of watchlist. + :ivar value: Array of watchlist. Required. :vartype value: list[~azure.mgmt.securityinsight.models.Watchlist] """ _validation = { - 'next_link': {'readonly': True}, - 'value': {'required': True}, + "next_link": {"readonly": True}, + "value": {"required": True}, + } + + _attribute_map = { + "next_link": {"key": "nextLink", "type": "str"}, + "value": {"key": "value", "type": "[Watchlist]"}, } + def __init__(self, *, value: List["_models.Watchlist"], **kwargs): + """ + :keyword value: Array of watchlist. Required. + :paramtype value: list[~azure.mgmt.securityinsight.models.Watchlist] + """ + super().__init__(**kwargs) + self.next_link = None + self.value = value + + +class Webhook(_serialization.Model): + """Detail about the webhook object. + + :ivar webhook_id: Unique identifier for the webhook. + :vartype webhook_id: str + :ivar webhook_url: URL that gets invoked by the webhook. + :vartype webhook_url: str + :ivar webhook_secret_update_time: Time when the webhook secret was updated. + :vartype webhook_secret_update_time: str + :ivar rotate_webhook_secret: A flag to instruct the backend service to rotate webhook secret. + :vartype rotate_webhook_secret: bool + """ + _attribute_map = { - 'next_link': {'key': 'nextLink', 'type': 'str'}, - 'value': {'key': 'value', 'type': '[Watchlist]'}, + "webhook_id": {"key": "webhookId", "type": "str"}, + "webhook_url": {"key": "webhookUrl", "type": "str"}, + "webhook_secret_update_time": {"key": "webhookSecretUpdateTime", "type": "str"}, + "rotate_webhook_secret": {"key": "rotateWebhookSecret", "type": "bool"}, } def __init__( self, *, - value: List["_models.Watchlist"], + webhook_id: Optional[str] = None, + webhook_url: Optional[str] = None, + webhook_secret_update_time: Optional[str] = None, + rotate_webhook_secret: Optional[bool] = None, **kwargs ): """ - :keyword value: Required. Array of watchlist. - :paramtype value: list[~azure.mgmt.securityinsight.models.Watchlist] - """ - super(WatchlistList, self).__init__(**kwargs) - self.next_link = None - self.value = value + :keyword webhook_id: Unique identifier for the webhook. + :paramtype webhook_id: str + :keyword webhook_url: URL that gets invoked by the webhook. + :paramtype webhook_url: str + :keyword webhook_secret_update_time: Time when the webhook secret was updated. + :paramtype webhook_secret_update_time: str + :keyword rotate_webhook_secret: A flag to instruct the backend service to rotate webhook + secret. + :paramtype rotate_webhook_secret: bool + """ + super().__init__(**kwargs) + self.webhook_id = webhook_id + self.webhook_url = webhook_url + self.webhook_secret_update_time = webhook_secret_update_time + self.rotate_webhook_secret = rotate_webhook_secret diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_patch.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_patch.py index 0ad201a8c586..f7dd32510333 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_patch.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_patch.py @@ -10,6 +10,7 @@ __all__: List[str] = [] # Add all objects you want publicly available to users at this package level + def patch_sdk(): """Do not remove from this file. diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_security_insights_enums.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_security_insights_enums.py index 16bacae21243..8cce3c51b8f9 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_security_insights_enums.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/models/_security_insights_enums.py @@ -11,76 +11,80 @@ class ActionType(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The type of the automation rule action - """ + """The type of the automation rule action.""" - #: Modify an object's properties. + #: Modify an object's properties MODIFY_PROPERTIES = "ModifyProperties" - #: Run a playbook on an object. + #: Run a playbook on an object RUN_PLAYBOOK = "RunPlaybook" + class AlertDetail(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """Alert detail - """ + """Alert detail.""" - #: Alert display name. + #: Alert display name DISPLAY_NAME = "DisplayName" - #: Alert severity. + #: Alert severity SEVERITY = "Severity" + class AlertRuleKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The kind of the alert rule - """ + """The kind of the alert rule.""" SCHEDULED = "Scheduled" MICROSOFT_SECURITY_INCIDENT_CREATION = "MicrosoftSecurityIncidentCreation" FUSION = "Fusion" + ML_BEHAVIOR_ANALYTICS = "MLBehaviorAnalytics" + THREAT_INTELLIGENCE = "ThreatIntelligence" + NRT = "NRT" + class AlertSeverity(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The severity of the alert - """ + """The severity of the alert.""" - #: High severity. + #: High severity HIGH = "High" - #: Medium severity. + #: Medium severity MEDIUM = "Medium" - #: Low severity. + #: Low severity LOW = "Low" - #: Informational severity. + #: Informational severity INFORMATIONAL = "Informational" + class AlertStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The lifecycle status of the alert. - """ + """The lifecycle status of the alert.""" - #: Unknown value. + #: Unknown value UNKNOWN = "Unknown" - #: New alert. + #: New alert NEW = "New" - #: Alert closed after handling. + #: Alert closed after handling RESOLVED = "Resolved" - #: Alert dismissed as false positive. + #: Alert dismissed as false positive DISMISSED = "Dismissed" - #: Alert is being handled. + #: Alert is being handled IN_PROGRESS = "InProgress" + class AntispamMailDirection(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The directionality of this mail message - """ + """The directionality of this mail message.""" - #: Unknown. + #: Unknown UNKNOWN = "Unknown" - #: Inbound. + #: Inbound INBOUND = "Inbound" - #: Outbound. + #: Outbound OUTBOUND = "Outbound" - #: Intraorg. + #: Intraorg INTRAORG = "Intraorg" + class AttackTactic(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The severity for alerts created by this alert rule. - """ + """The severity for alerts created by this alert rule.""" + RECONNAISSANCE = "Reconnaissance" + RESOURCE_DEVELOPMENT = "ResourceDevelopment" INITIAL_ACCESS = "InitialAccess" EXECUTION = "Execution" PERSISTENCE = "Persistence" @@ -94,251 +98,449 @@ class AttackTactic(str, Enum, metaclass=CaseInsensitiveEnumMeta): COMMAND_AND_CONTROL = "CommandAndControl" IMPACT = "Impact" PRE_ATTACK = "PreAttack" + IMPAIR_PROCESS_CONTROL = "ImpairProcessControl" + INHIBIT_RESPONSE_FUNCTION = "InhibitResponseFunction" + + +class AutomationRuleBooleanConditionSupportedOperator(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """AutomationRuleBooleanConditionSupportedOperator.""" + + #: Evaluates as true if all the item conditions are evaluated as true + AND = "And" + #: Evaluates as true if at least one of the item conditions are evaluated as true + OR = "Or" + + +class AutomationRulePropertyArrayChangedConditionSupportedArrayType(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """AutomationRulePropertyArrayChangedConditionSupportedArrayType.""" + + #: Evaluate the condition on the alerts + ALERTS = "Alerts" + #: Evaluate the condition on the labels + LABELS = "Labels" + #: Evaluate the condition on the tactics + TACTICS = "Tactics" + #: Evaluate the condition on the comments + COMMENTS = "Comments" + + +class AutomationRulePropertyArrayChangedConditionSupportedChangeType(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """AutomationRulePropertyArrayChangedConditionSupportedChangeType.""" + + #: Evaluate the condition on items added to the array + ADDED = "Added" + + +class AutomationRulePropertyArrayConditionSupportedArrayConditionType(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """AutomationRulePropertyArrayConditionSupportedArrayConditionType.""" + + #: Evaluate the condition as true if any item fulfills it + ANY_ITEM = "AnyItem" + + +class AutomationRulePropertyArrayConditionSupportedArrayType(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """AutomationRulePropertyArrayConditionSupportedArrayType.""" + + #: Evaluate the condition on the custom detail keys + CUSTOM_DETAILS = "CustomDetails" + #: Evaluate the condition on a custom detail's values + CUSTOM_DETAIL_VALUES = "CustomDetailValues" + + +class AutomationRulePropertyChangedConditionSupportedChangedType(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """AutomationRulePropertyChangedConditionSupportedChangedType.""" + + #: Evaluate the condition on the previous value of the property + CHANGED_FROM = "ChangedFrom" + #: Evaluate the condition on the updated value of the property + CHANGED_TO = "ChangedTo" + + +class AutomationRulePropertyChangedConditionSupportedPropertyType(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """AutomationRulePropertyChangedConditionSupportedPropertyType.""" + + #: Evaluate the condition on the incident severity + INCIDENT_SEVERITY = "IncidentSeverity" + #: Evaluate the condition on the incident status + INCIDENT_STATUS = "IncidentStatus" + #: Evaluate the condition on the incident owner + INCIDENT_OWNER = "IncidentOwner" + class AutomationRulePropertyConditionSupportedOperator(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """AutomationRulePropertyConditionSupportedOperator.""" - #: Evaluates if the property equals at least one of the condition values. + #: Evaluates if the property equals at least one of the condition values EQUALS = "Equals" - #: Evaluates if the property does not equal any of the condition values. + #: Evaluates if the property does not equal any of the condition values NOT_EQUALS = "NotEquals" - #: Evaluates if the property contains at least one of the condition values. + #: Evaluates if the property contains at least one of the condition values CONTAINS = "Contains" - #: Evaluates if the property does not contain any of the condition values. + #: Evaluates if the property does not contain any of the condition values NOT_CONTAINS = "NotContains" - #: Evaluates if the property starts with any of the condition values. + #: Evaluates if the property starts with any of the condition values STARTS_WITH = "StartsWith" - #: Evaluates if the property does not start with any of the condition values. + #: Evaluates if the property does not start with any of the condition values NOT_STARTS_WITH = "NotStartsWith" - #: Evaluates if the property ends with any of the condition values. + #: Evaluates if the property ends with any of the condition values ENDS_WITH = "EndsWith" - #: Evaluates if the property does not end with any of the condition values. + #: Evaluates if the property does not end with any of the condition values NOT_ENDS_WITH = "NotEndsWith" + class AutomationRulePropertyConditionSupportedProperty(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The property to evaluate in an automation rule property condition - """ + """The property to evaluate in an automation rule property condition.""" - #: The title of the incident. + #: The title of the incident INCIDENT_TITLE = "IncidentTitle" - #: The description of the incident. + #: The description of the incident INCIDENT_DESCRIPTION = "IncidentDescription" - #: The severity of the incident. + #: The severity of the incident INCIDENT_SEVERITY = "IncidentSeverity" - #: The status of the incident. + #: The status of the incident INCIDENT_STATUS = "IncidentStatus" - #: The related Analytic rule ids of the incident. + #: The related Analytic rule ids of the incident INCIDENT_RELATED_ANALYTIC_RULE_IDS = "IncidentRelatedAnalyticRuleIds" - #: The tactics of the incident. + #: The tactics of the incident INCIDENT_TACTICS = "IncidentTactics" - #: The labels of the incident. + #: The labels of the incident INCIDENT_LABEL = "IncidentLabel" - #: The provider name of the incident. + #: The provider name of the incident INCIDENT_PROVIDER_NAME = "IncidentProviderName" - #: The account Azure Active Directory tenant id. + #: The update source of the incident + INCIDENT_UPDATED_BY_SOURCE = "IncidentUpdatedBySource" + #: The incident custom detail key + INCIDENT_CUSTOM_DETAILS_KEY = "IncidentCustomDetailsKey" + #: The incident custom detail value + INCIDENT_CUSTOM_DETAILS_VALUE = "IncidentCustomDetailsValue" + #: The account Azure Active Directory tenant id ACCOUNT_AAD_TENANT_ID = "AccountAadTenantId" - #: The account Azure Active Directory user id. + #: The account Azure Active Directory user id ACCOUNT_AAD_USER_ID = "AccountAadUserId" - #: The account name. + #: The account name ACCOUNT_NAME = "AccountName" - #: The account NetBIOS domain name. + #: The account NetBIOS domain name ACCOUNT_NT_DOMAIN = "AccountNTDomain" - #: The account Azure Active Directory Passport User ID. + #: The account Azure Active Directory Passport User ID ACCOUNT_PUID = "AccountPUID" - #: The account security identifier. + #: The account security identifier ACCOUNT_SID = "AccountSid" - #: The account unique identifier. + #: The account unique identifier ACCOUNT_OBJECT_GUID = "AccountObjectGuid" - #: The account user principal name suffix. + #: The account user principal name suffix ACCOUNT_UPN_SUFFIX = "AccountUPNSuffix" - #: The name of the product of the alert. + #: The name of the product of the alert ALERT_PRODUCT_NAMES = "AlertProductNames" - #: The Azure resource id. + #: The analytic rule ids of the alert + ALERT_ANALYTIC_RULE_IDS = "AlertAnalyticRuleIds" + #: The Azure resource id AZURE_RESOURCE_RESOURCE_ID = "AzureResourceResourceId" - #: The Azure resource subscription id. + #: The Azure resource subscription id AZURE_RESOURCE_SUBSCRIPTION_ID = "AzureResourceSubscriptionId" - #: The cloud application identifier. + #: The cloud application identifier CLOUD_APPLICATION_APP_ID = "CloudApplicationAppId" - #: The cloud application name. + #: The cloud application name CLOUD_APPLICATION_APP_NAME = "CloudApplicationAppName" - #: The dns record domain name. + #: The dns record domain name DNS_DOMAIN_NAME = "DNSDomainName" - #: The file directory full path. + #: The file directory full path FILE_DIRECTORY = "FileDirectory" - #: The file name without path. + #: The file name without path FILE_NAME = "FileName" - #: The file hash value. + #: The file hash value FILE_HASH_VALUE = "FileHashValue" - #: The host Azure resource id. + #: The host Azure resource id HOST_AZURE_ID = "HostAzureID" - #: The host name without domain. + #: The host name without domain HOST_NAME = "HostName" - #: The host NetBIOS name. + #: The host NetBIOS name HOST_NET_BIOS_NAME = "HostNetBiosName" - #: The host NT domain. + #: The host NT domain HOST_NT_DOMAIN = "HostNTDomain" - #: The host operating system. + #: The host operating system HOST_OS_VERSION = "HostOSVersion" - #: "The IoT device id. + #: "The IoT device id IO_T_DEVICE_ID = "IoTDeviceId" - #: The IoT device name. + #: The IoT device name IO_T_DEVICE_NAME = "IoTDeviceName" - #: The IoT device type. + #: The IoT device type IO_T_DEVICE_TYPE = "IoTDeviceType" - #: The IoT device vendor. + #: The IoT device vendor IO_T_DEVICE_VENDOR = "IoTDeviceVendor" - #: The IoT device model. + #: The IoT device model IO_T_DEVICE_MODEL = "IoTDeviceModel" - #: The IoT device operating system. + #: The IoT device operating system IO_T_DEVICE_OPERATING_SYSTEM = "IoTDeviceOperatingSystem" - #: The IP address. + #: The IP address IP_ADDRESS = "IPAddress" - #: The mailbox display name. + #: The mailbox display name MAILBOX_DISPLAY_NAME = "MailboxDisplayName" - #: The mailbox primary address. + #: The mailbox primary address MAILBOX_PRIMARY_ADDRESS = "MailboxPrimaryAddress" - #: The mailbox user principal name. + #: The mailbox user principal name MAILBOX_UPN = "MailboxUPN" - #: The mail message delivery action. + #: The mail message delivery action MAIL_MESSAGE_DELIVERY_ACTION = "MailMessageDeliveryAction" - #: The mail message delivery location. + #: The mail message delivery location MAIL_MESSAGE_DELIVERY_LOCATION = "MailMessageDeliveryLocation" - #: The mail message recipient. + #: The mail message recipient MAIL_MESSAGE_RECIPIENT = "MailMessageRecipient" - #: The mail message sender IP address. + #: The mail message sender IP address MAIL_MESSAGE_SENDER_IP = "MailMessageSenderIP" - #: The mail message subject. + #: The mail message subject MAIL_MESSAGE_SUBJECT = "MailMessageSubject" - #: The mail message P1 sender. + #: The mail message P1 sender MAIL_MESSAGE_P1_SENDER = "MailMessageP1Sender" - #: The mail message P2 sender. + #: The mail message P2 sender MAIL_MESSAGE_P2_SENDER = "MailMessageP2Sender" - #: The malware category. + #: The malware category MALWARE_CATEGORY = "MalwareCategory" - #: The malware name. + #: The malware name MALWARE_NAME = "MalwareName" - #: The process execution command line. + #: The process execution command line PROCESS_COMMAND_LINE = "ProcessCommandLine" - #: The process id. + #: The process id PROCESS_ID = "ProcessId" - #: The registry key path. + #: The registry key path REGISTRY_KEY = "RegistryKey" - #: The registry key value in string formatted representation. + #: The registry key value in string formatted representation REGISTRY_VALUE_DATA = "RegistryValueData" - #: The url. + #: The url URL = "Url" + class ConditionType(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """ConditionType.""" - #: Evaluate an object property value. + #: Evaluate an object property value PROPERTY = "Property" + #: Evaluate an object array property value + PROPERTY_ARRAY = "PropertyArray" + #: Evaluate an object property changed value + PROPERTY_CHANGED = "PropertyChanged" + #: Evaluate an object array property changed value + PROPERTY_ARRAY_CHANGED = "PropertyArrayChanged" + #: Apply a boolean operator (e.g AND, OR) to conditions + BOOLEAN = "Boolean" + class ConfidenceLevel(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The confidence level of this alert. - """ + """The confidence level of this alert.""" - #: Unknown confidence, the is the default value. + #: Unknown confidence, the is the default value UNKNOWN = "Unknown" - #: Low confidence, meaning we have some doubts this is indeed malicious or part of an attack. + #: Low confidence, meaning we have some doubts this is indeed malicious or part of an attack LOW = "Low" - #: High confidence that the alert is true positive malicious. + #: High confidence that the alert is true positive malicious HIGH = "High" + class ConfidenceScoreStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): """The confidence score calculation status, i.e. indicating if score calculation is pending for this alert, not applicable or final. """ - #: Score will not be calculated for this alert as it is not supported by virtual analyst. + #: Score will not be calculated for this alert as it is not supported by virtual analyst NOT_APPLICABLE = "NotApplicable" - #: No score was set yet and calculation is in progress. + #: No score was set yet and calculation is in progress IN_PROCESS = "InProcess" #: Score is calculated and shown as part of the alert, but may be updated again at a later time - #: following the processing of additional data. + #: following the processing of additional data NOT_FINAL = "NotFinal" - #: Final score was calculated and available. + #: Final score was calculated and available FINAL = "Final" + +class ConnectAuthKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The authentication kind used to poll the data.""" + + BASIC = "Basic" + O_AUTH2 = "OAuth2" + API_KEY = "APIKey" + + +class ConnectivityType(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """type of connectivity.""" + + IS_CONNECTED_QUERY = "IsConnectedQuery" + + +class ContentType(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The content type of a source control path.""" + + ANALYTIC_RULE = "AnalyticRule" + WORKBOOK = "Workbook" + + class CreatedByType(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The type of identity that created the resource. - """ + """The type of identity that created the resource.""" USER = "User" APPLICATION = "Application" MANAGED_IDENTITY = "ManagedIdentity" KEY = "Key" + +class CustomEntityQueryKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The kind of the entity query that supports put request.""" + + ACTIVITY = "Activity" + + +class DataConnectorAuthorizationState(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """Describes the state of user's authorization for a connector kind.""" + + VALID = "Valid" + INVALID = "Invalid" + + class DataConnectorKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The kind of the data connector - """ + """The kind of the data connector.""" AZURE_ACTIVE_DIRECTORY = "AzureActiveDirectory" AZURE_SECURITY_CENTER = "AzureSecurityCenter" MICROSOFT_CLOUD_APP_SECURITY = "MicrosoftCloudAppSecurity" THREAT_INTELLIGENCE = "ThreatIntelligence" + THREAT_INTELLIGENCE_TAXII = "ThreatIntelligenceTaxii" OFFICE365 = "Office365" + OFFICE_ATP = "OfficeATP" + OFFICE_IRM = "OfficeIRM" + OFFICE365_PROJECT = "Office365Project" + OFFICE_POWER_BI = "OfficePowerBI" AMAZON_WEB_SERVICES_CLOUD_TRAIL = "AmazonWebServicesCloudTrail" + AMAZON_WEB_SERVICES_S3 = "AmazonWebServicesS3" AZURE_ADVANCED_THREAT_PROTECTION = "AzureAdvancedThreatProtection" MICROSOFT_DEFENDER_ADVANCED_THREAT_PROTECTION = "MicrosoftDefenderAdvancedThreatProtection" + DYNAMICS365 = "Dynamics365" + MICROSOFT_THREAT_PROTECTION = "MicrosoftThreatProtection" + MICROSOFT_THREAT_INTELLIGENCE = "MicrosoftThreatIntelligence" + GENERIC_UI = "GenericUI" + API_POLLING = "APIPolling" + IOT = "IOT" + + +class DataConnectorLicenseState(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """Describes the state of user's license for a connector kind.""" + + VALID = "Valid" + INVALID = "Invalid" + UNKNOWN = "Unknown" + class DataTypeState(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """Describe whether this data type connection is enabled or not. - """ + """Describe whether this data type connection is enabled or not.""" ENABLED = "Enabled" DISABLED = "Disabled" + +class DeleteStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """Indicates whether the file was deleted from the storage account.""" + + #: The file was deleted. + DELETED = "Deleted" + #: The file was not deleted. + NOT_DELETED = "NotDeleted" + #: Unspecified + UNSPECIFIED = "Unspecified" + + class DeliveryAction(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The delivery action of this mail message like Delivered, Blocked, Replaced etc - """ + """The delivery action of this mail message like Delivered, Blocked, Replaced etc.""" - #: Unknown. + #: Unknown UNKNOWN = "Unknown" - #: DeliveredAsSpam. + #: DeliveredAsSpam DELIVERED_AS_SPAM = "DeliveredAsSpam" - #: Delivered. + #: Delivered DELIVERED = "Delivered" - #: Blocked. + #: Blocked BLOCKED = "Blocked" - #: Replaced. + #: Replaced REPLACED = "Replaced" + class DeliveryLocation(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The delivery location of this mail message like Inbox, JunkFolder etc - """ + """The delivery location of this mail message like Inbox, JunkFolder etc.""" - #: Unknown. + #: Unknown UNKNOWN = "Unknown" - #: Inbox. + #: Inbox INBOX = "Inbox" - #: JunkFolder. + #: JunkFolder JUNK_FOLDER = "JunkFolder" - #: DeletedFolder. + #: DeletedFolder DELETED_FOLDER = "DeletedFolder" - #: Quarantine. + #: Quarantine QUARANTINE = "Quarantine" - #: External. + #: External EXTERNAL = "External" - #: Failed. + #: Failed FAILED = "Failed" - #: Dropped. + #: Dropped DROPPED = "Dropped" - #: Forwarded. + #: Forwarded FORWARDED = "Forwarded" + +class DeploymentFetchStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """Status while trying to fetch the deployment information.""" + + SUCCESS = "Success" + UNAUTHORIZED = "Unauthorized" + NOT_FOUND = "NotFound" + + +class DeploymentResult(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """Status while trying to fetch the deployment information.""" + + SUCCESS = "Success" + CANCELED = "Canceled" + FAILED = "Failed" + + +class DeploymentState(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The current state of the deployment.""" + + IN_PROGRESS = "In_Progress" + COMPLETED = "Completed" + QUEUED = "Queued" + CANCELING = "Canceling" + + +class DeviceImportance(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """Device importance, determines if the device classified as 'crown jewel'.""" + + #: Unknown - Default value + UNKNOWN = "Unknown" + #: Low + LOW = "Low" + #: Normal + NORMAL = "Normal" + #: High + HIGH = "High" + + class ElevationToken(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The elevation token associated with the process. - """ + """The elevation token associated with the process.""" - #: Default elevation token. + #: Default elevation token DEFAULT = "Default" - #: Full elevation token. + #: Full elevation token FULL = "Full" - #: Limited elevation token. + #: Limited elevation token LIMITED = "Limited" -class EntityKindEnum(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The kind of the entity - """ + +class EntityItemQueryKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """EntityItemQueryKind.""" + + #: insight + INSIGHT = "Insight" + + +class EntityKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The kind of the entity.""" #: Entity represents account in the system. ACCOUNT = "Account" @@ -382,132 +584,289 @@ class EntityKindEnum(str, Enum, metaclass=CaseInsensitiveEnumMeta): MAILBOX = "Mailbox" #: Entity represents submission mail in the system. SUBMISSION_MAIL = "SubmissionMail" + #: Entity represents network interface in the system. + NIC = "Nic" + class EntityMappingType(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The V3 type of the mapped entity - """ + """The V3 type of the mapped entity.""" - #: User account entity type. + #: User account entity type ACCOUNT = "Account" - #: Host entity type. + #: Host entity type HOST = "Host" - #: IP address entity type. + #: IP address entity type IP = "IP" - #: Malware entity type. + #: Malware entity type MALWARE = "Malware" - #: System file entity type. + #: System file entity type FILE = "File" - #: Process entity type. + #: Process entity type PROCESS = "Process" - #: Cloud app entity type. + #: Cloud app entity type CLOUD_APPLICATION = "CloudApplication" - #: DNS entity type. + #: DNS entity type DNS = "DNS" - #: Azure resource entity type. + #: Azure resource entity type AZURE_RESOURCE = "AzureResource" - #: File-hash entity type. + #: File-hash entity type FILE_HASH = "FileHash" - #: Registry key entity type. + #: Registry key entity type REGISTRY_KEY = "RegistryKey" - #: Registry value entity type. + #: Registry value entity type REGISTRY_VALUE = "RegistryValue" - #: Security group entity type. + #: Security group entity type SECURITY_GROUP = "SecurityGroup" - #: URL entity type. + #: URL entity type URL = "URL" - #: Mailbox entity type. + #: Mailbox entity type MAILBOX = "Mailbox" - #: Mail cluster entity type. + #: Mail cluster entity type MAIL_CLUSTER = "MailCluster" - #: Mail message entity type. + #: Mail message entity type MAIL_MESSAGE = "MailMessage" - #: Submission mail entity type. + #: Submission mail entity type SUBMISSION_MAIL = "SubmissionMail" + +class EntityProviders(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The entity provider that is synced.""" + + ACTIVE_DIRECTORY = "ActiveDirectory" + AZURE_ACTIVE_DIRECTORY = "AzureActiveDirectory" + + +class EntityQueryKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The kind of the entity query.""" + + EXPANSION = "Expansion" + INSIGHT = "Insight" + ACTIVITY = "Activity" + + +class EntityQueryTemplateKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The kind of the entity query template.""" + + ACTIVITY = "Activity" + + +class EntityTimelineKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The entity query kind.""" + + #: activity + ACTIVITY = "Activity" + #: bookmarks + BOOKMARK = "Bookmark" + #: security alerts + SECURITY_ALERT = "SecurityAlert" + #: anomaly + ANOMALY = "Anomaly" + + +class EntityType(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The type of the entity.""" + + #: Entity represents account in the system. + ACCOUNT = "Account" + #: Entity represents host in the system. + HOST = "Host" + #: Entity represents file in the system. + FILE = "File" + #: Entity represents azure resource in the system. + AZURE_RESOURCE = "AzureResource" + #: Entity represents cloud application in the system. + CLOUD_APPLICATION = "CloudApplication" + #: Entity represents dns in the system. + DNS = "DNS" + #: Entity represents file hash in the system. + FILE_HASH = "FileHash" + #: Entity represents ip in the system. + IP = "IP" + #: Entity represents malware in the system. + MALWARE = "Malware" + #: Entity represents process in the system. + PROCESS = "Process" + #: Entity represents registry key in the system. + REGISTRY_KEY = "RegistryKey" + #: Entity represents registry value in the system. + REGISTRY_VALUE = "RegistryValue" + #: Entity represents security group in the system. + SECURITY_GROUP = "SecurityGroup" + #: Entity represents url in the system. + URL = "URL" + #: Entity represents IoT device in the system. + IO_T_DEVICE = "IoTDevice" + #: Entity represents security alert in the system. + SECURITY_ALERT = "SecurityAlert" + #: Entity represents HuntingBookmark in the system. + HUNTING_BOOKMARK = "HuntingBookmark" + #: Entity represents mail cluster in the system. + MAIL_CLUSTER = "MailCluster" + #: Entity represents mail message in the system. + MAIL_MESSAGE = "MailMessage" + #: Entity represents mailbox in the system. + MAILBOX = "Mailbox" + #: Entity represents submission mail in the system. + SUBMISSION_MAIL = "SubmissionMail" + #: Entity represents network interface in the system. + NIC = "Nic" + + +class Enum13(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """Enum13.""" + + EXPANSION = "Expansion" + ACTIVITY = "Activity" + + +class Enum15(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """Enum15.""" + + ACTIVITY = "Activity" + + class EventGroupingAggregationKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The event grouping aggregation kinds - """ + """The event grouping aggregation kinds.""" SINGLE_ALERT = "SingleAlert" ALERT_PER_RESULT = "AlertPerResult" + +class FileFormat(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The format of the file.""" + + #: A CSV file. + CSV = "CSV" + #: A JSON file. + JSON = "JSON" + #: A file of other format. + UNSPECIFIED = "Unspecified" + + class FileHashAlgorithm(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The hash algorithm type. - """ + """The hash algorithm type.""" - #: Unknown hash algorithm. + #: Unknown hash algorithm UNKNOWN = "Unknown" - #: MD5 hash type. + #: MD5 hash type MD5 = "MD5" - #: SHA1 hash type. + #: SHA1 hash type SHA1 = "SHA1" - #: SHA256 hash type. + #: SHA256 hash type SHA256 = "SHA256" - #: SHA256 Authenticode hash type. + #: SHA256 Authenticode hash type SHA256_AC = "SHA256AC" + +class FileImportContentType(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The content type of this file.""" + + #: File containing records with the core fields of an indicator, plus the observables to construct + #: the STIX pattern. + BASIC_INDICATOR = "BasicIndicator" + #: File containing STIX indicators. + STIX_INDICATOR = "StixIndicator" + #: File containing other records. + UNSPECIFIED = "Unspecified" + + +class FileImportState(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The state of the file import.""" + + #: A fatal error has occurred while ingesting the file. + FATAL_ERROR = "FatalError" + #: The file has been ingested. + INGESTED = "Ingested" + #: The file has been ingested with errors. + INGESTED_WITH_ERRORS = "IngestedWithErrors" + #: The file ingestion is in progress. + IN_PROGRESS = "InProgress" + #: The file is invalid. + INVALID = "Invalid" + #: Waiting for the file to be uploaded. + WAITING_FOR_UPLOAD = "WaitingForUpload" + #: Unspecified state. + UNSPECIFIED = "Unspecified" + + +class GetInsightsError(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """the query kind.""" + + INSIGHT = "Insight" + + class IncidentClassification(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The reason the incident was closed - """ + """The reason the incident was closed.""" - #: Incident classification was undetermined. + #: Incident classification was undetermined UNDETERMINED = "Undetermined" - #: Incident was true positive. + #: Incident was true positive TRUE_POSITIVE = "TruePositive" - #: Incident was benign positive. + #: Incident was benign positive BENIGN_POSITIVE = "BenignPositive" - #: Incident was false positive. + #: Incident was false positive FALSE_POSITIVE = "FalsePositive" + class IncidentClassificationReason(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The classification reason the incident was closed with - """ + """The classification reason the incident was closed with.""" - #: Classification reason was suspicious activity. + #: Classification reason was suspicious activity SUSPICIOUS_ACTIVITY = "SuspiciousActivity" - #: Classification reason was suspicious but expected. + #: Classification reason was suspicious but expected SUSPICIOUS_BUT_EXPECTED = "SuspiciousButExpected" - #: Classification reason was incorrect alert logic. + #: Classification reason was incorrect alert logic INCORRECT_ALERT_LOGIC = "IncorrectAlertLogic" - #: Classification reason was inaccurate data. + #: Classification reason was inaccurate data INACCURATE_DATA = "InaccurateData" + class IncidentLabelType(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The type of the label - """ + """The type of the label.""" - #: Label manually created by a user. + #: Label manually created by a user USER = "User" - #: Label automatically created by the system. + #: Label automatically created by the system AUTO_ASSIGNED = "AutoAssigned" + class IncidentSeverity(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The severity of the incident - """ + """The severity of the incident.""" - #: High severity. + #: High severity HIGH = "High" - #: Medium severity. + #: Medium severity MEDIUM = "Medium" - #: Low severity. + #: Low severity LOW = "Low" - #: Informational severity. + #: Informational severity INFORMATIONAL = "Informational" + class IncidentStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The status of the incident - """ + """The status of the incident.""" - #: An active incident which isn't being handled currently. + #: An active incident which isn't being handled currently NEW = "New" - #: An active incident which is being handled. + #: An active incident which is being handled ACTIVE = "Active" - #: A non-active incident. + #: A non-active incident CLOSED = "Closed" + +class IngestionMode(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """Describes how to ingest the records in the file.""" + + #: No records should be ingested when invalid records are detected. + INGEST_ONLY_IF_ALL_ARE_VALID = "IngestOnlyIfAllAreValid" + #: Valid records should still be ingested when invalid records are detected. + INGEST_ANY_VALID_RECORDS = "IngestAnyValidRecords" + #: Unspecified + UNSPECIFIED = "Unspecified" + + class KillChainIntent(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """Holds the alert intent stage(s) mapping for this alert. - """ + """Holds the alert intent stage(s) mapping for this alert.""" #: The default value. UNKNOWN = "Unknown" @@ -578,32 +937,64 @@ class KillChainIntent(str, Enum, metaclass=CaseInsensitiveEnumMeta): #: manipulation and others. IMPACT = "Impact" + +class Kind(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The kind of content the metadata is for.""" + + DATA_CONNECTOR = "DataConnector" + DATA_TYPE = "DataType" + WORKBOOK = "Workbook" + WORKBOOK_TEMPLATE = "WorkbookTemplate" + PLAYBOOK = "Playbook" + PLAYBOOK_TEMPLATE = "PlaybookTemplate" + ANALYTICS_RULE_TEMPLATE = "AnalyticsRuleTemplate" + ANALYTICS_RULE = "AnalyticsRule" + HUNTING_QUERY = "HuntingQuery" + INVESTIGATION_QUERY = "InvestigationQuery" + PARSER = "Parser" + WATCHLIST = "Watchlist" + WATCHLIST_TEMPLATE = "WatchlistTemplate" + SOLUTION = "Solution" + AZURE_FUNCTION = "AzureFunction" + LOGIC_APPS_CUSTOM_CONNECTOR = "LogicAppsCustomConnector" + AUTOMATION_RULE = "AutomationRule" + + class MatchingMethod(str, Enum, metaclass=CaseInsensitiveEnumMeta): """Grouping matching method. When method is Selected at least one of groupByEntities, groupByAlertDetails, groupByCustomDetails must be provided and not empty. """ - #: Grouping alerts into a single incident if all the entities match. + #: Grouping alerts into a single incident if all the entities match ALL_ENTITIES = "AllEntities" - #: Grouping any alerts triggered by this rule into a single incident. + #: Grouping any alerts triggered by this rule into a single incident ANY_ALERT = "AnyAlert" #: Grouping alerts into a single incident if the selected entities, custom details and alert - #: details match. + #: details match SELECTED = "Selected" + class MicrosoftSecurityProductName(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The alerts' productName on which the cases will be generated - """ + """The alerts' productName on which the cases will be generated.""" MICROSOFT_CLOUD_APP_SECURITY = "Microsoft Cloud App Security" AZURE_SECURITY_CENTER = "Azure Security Center" AZURE_ADVANCED_THREAT_PROTECTION = "Azure Advanced Threat Protection" AZURE_ACTIVE_DIRECTORY_IDENTITY_PROTECTION = "Azure Active Directory Identity Protection" AZURE_SECURITY_CENTER_FOR_IO_T = "Azure Security Center for IoT" + OFFICE365_ADVANCED_THREAT_PROTECTION = "Office 365 Advanced Threat Protection" + MICROSOFT_DEFENDER_ADVANCED_THREAT_PROTECTION = "Microsoft Defender Advanced Threat Protection" + + +class Operator(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """Operator used for list of dependencies in criteria array.""" + + AND = "AND" + OR = "OR" + class OSFamily(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The operating system type. - """ + """The operating system type.""" #: Host with Linux operating system. LINUX = "Linux" @@ -616,112 +1007,232 @@ class OSFamily(str, Enum, metaclass=CaseInsensitiveEnumMeta): #: Host with Unknown operating system. UNKNOWN = "Unknown" + +class OutputType(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """Insights Column type.""" + + NUMBER = "Number" + STRING = "String" + DATE = "Date" + ENTITY = "Entity" + + class OwnerType(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The type of the owner the incident is assigned to. - """ + """The type of the owner the incident is assigned to.""" - #: The incident owner type is unknown. + #: The incident owner type is unknown UNKNOWN = "Unknown" - #: The incident owner type is an AAD user. + #: The incident owner type is an AAD user USER = "User" - #: The incident owner type is an AAD group. + #: The incident owner type is an AAD group GROUP = "Group" + +class PermissionProviderScope(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """Permission provider scope.""" + + RESOURCE_GROUP = "ResourceGroup" + SUBSCRIPTION = "Subscription" + WORKSPACE = "Workspace" + + +class PollingFrequency(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The polling frequency for the TAXII server.""" + + #: Once a minute + ONCE_A_MINUTE = "OnceAMinute" + #: Once an hour + ONCE_AN_HOUR = "OnceAnHour" + #: Once a day + ONCE_A_DAY = "OnceADay" + + +class ProviderName(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """Provider name.""" + + MICROSOFT_OPERATIONAL_INSIGHTS_SOLUTIONS = "Microsoft.OperationalInsights/solutions" + MICROSOFT_OPERATIONAL_INSIGHTS_WORKSPACES = "Microsoft.OperationalInsights/workspaces" + MICROSOFT_OPERATIONAL_INSIGHTS_WORKSPACES_DATASOURCES = "Microsoft.OperationalInsights/workspaces/datasources" + MICROSOFT_AADIAM_DIAGNOSTIC_SETTINGS = "microsoft.aadiam/diagnosticSettings" + MICROSOFT_OPERATIONAL_INSIGHTS_WORKSPACES_SHARED_KEYS = "Microsoft.OperationalInsights/workspaces/sharedKeys" + MICROSOFT_AUTHORIZATION_POLICY_ASSIGNMENTS = "Microsoft.Authorization/policyAssignments" + + class RegistryHive(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """the hive that holds the registry key. - """ + """the hive that holds the registry key.""" - #: HKEY_LOCAL_MACHINE. + #: HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE = "HKEY_LOCAL_MACHINE" - #: HKEY_CLASSES_ROOT. + #: HKEY_CLASSES_ROOT HKEY_CLASSES_ROOT = "HKEY_CLASSES_ROOT" - #: HKEY_CURRENT_CONFIG. + #: HKEY_CURRENT_CONFIG HKEY_CURRENT_CONFIG = "HKEY_CURRENT_CONFIG" - #: HKEY_USERS. + #: HKEY_USERS HKEY_USERS = "HKEY_USERS" - #: HKEY_CURRENT_USER_LOCAL_SETTINGS. + #: HKEY_CURRENT_USER_LOCAL_SETTINGS HKEY_CURRENT_USER_LOCAL_SETTINGS = "HKEY_CURRENT_USER_LOCAL_SETTINGS" - #: HKEY_PERFORMANCE_DATA. + #: HKEY_PERFORMANCE_DATA HKEY_PERFORMANCE_DATA = "HKEY_PERFORMANCE_DATA" - #: HKEY_PERFORMANCE_NLSTEXT. + #: HKEY_PERFORMANCE_NLSTEXT HKEY_PERFORMANCE_NLSTEXT = "HKEY_PERFORMANCE_NLSTEXT" - #: HKEY_PERFORMANCE_TEXT. + #: HKEY_PERFORMANCE_TEXT HKEY_PERFORMANCE_TEXT = "HKEY_PERFORMANCE_TEXT" - #: HKEY_A. + #: HKEY_A HKEY_A = "HKEY_A" - #: HKEY_CURRENT_USER. + #: HKEY_CURRENT_USER HKEY_CURRENT_USER = "HKEY_CURRENT_USER" + class RegistryValueKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): """Specifies the data types to use when storing values in the registry, or identifies the data type of a value in the registry. """ - #: None. + #: None NONE = "None" - #: Unknown value type. + #: Unknown value type UNKNOWN = "Unknown" - #: String value type. + #: String value type STRING = "String" - #: ExpandString value type. + #: ExpandString value type EXPAND_STRING = "ExpandString" - #: Binary value type. + #: Binary value type BINARY = "Binary" - #: DWord value type. + #: DWord value type D_WORD = "DWord" - #: MultiString value type. + #: MultiString value type MULTI_STRING = "MultiString" - #: QWord value type. + #: QWord value type Q_WORD = "QWord" -class Source(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The source of the watchlist - """ + +class RepoType(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The type of repository.""" + + GITHUB = "Github" + DEV_OPS = "DevOps" + + +class SecurityMLAnalyticsSettingsKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The kind of security ML analytics settings.""" + + ANOMALY = "Anomaly" + + +class SettingKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The kind of the setting.""" + + ANOMALIES = "Anomalies" + EYES_ON = "EyesOn" + ENTITY_ANALYTICS = "EntityAnalytics" + UEBA = "Ueba" + + +class SettingsStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The anomaly SecurityMLAnalyticsSettings status.""" + + #: Anomaly settings status in Production mode + PRODUCTION = "Production" + #: Anomaly settings status in Flighting mode + FLIGHTING = "Flighting" + + +class SettingType(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The kind of the setting.""" + + COPYABLE_LABEL = "CopyableLabel" + INSTRUCTION_STEPS_GROUP = "InstructionStepsGroup" + INFO_MESSAGE = "InfoMessage" + + +class SourceKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """Source type of the content.""" + + LOCAL_WORKSPACE = "LocalWorkspace" + COMMUNITY = "Community" + SOLUTION = "Solution" + SOURCE_REPOSITORY = "SourceRepository" + + +class SourceType(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The sourceType of the watchlist.""" LOCAL_FILE = "Local file" REMOTE_STORAGE = "Remote storage" + +class SupportTier(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """Type of support for content item.""" + + MICROSOFT = "Microsoft" + PARTNER = "Partner" + COMMUNITY = "Community" + + class TemplateStatus(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The alert rule template status. - """ + """The alert rule template status.""" - #: Alert rule template installed. and can not use more then once. + #: Alert rule template installed. and can not use more then once INSTALLED = "Installed" #: Alert rule template is available. AVAILABLE = "Available" - #: Alert rule template is not available. + #: Alert rule template is not available NOT_AVAILABLE = "NotAvailable" -class ThreatIntelligenceResourceInnerKind(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The kind of the threat intelligence entity - """ + +class ThreatIntelligenceResourceKindEnum(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The kind of the threat intelligence entity.""" #: Entity represents threat intelligence indicator in the system. INDICATOR = "indicator" -class ThreatIntelligenceSortingOrder(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """Sorting order (ascending/descending/unsorted). - """ + +class ThreatIntelligenceSortingCriteriaEnum(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """Sorting order (ascending/descending/unsorted).""" UNSORTED = "unsorted" ASCENDING = "ascending" DESCENDING = "descending" + class TriggerOperator(str, Enum, metaclass=CaseInsensitiveEnumMeta): - """The operation against the threshold that triggers alert rule. - """ + """The operation against the threshold that triggers alert rule.""" GREATER_THAN = "GreaterThan" LESS_THAN = "LessThan" EQUAL = "Equal" NOT_EQUAL = "NotEqual" + class TriggersOn(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """TriggersOn.""" - #: Trigger on Incidents. + #: Trigger on Incidents INCIDENTS = "Incidents" + #: Trigger on Alerts + ALERTS = "Alerts" + class TriggersWhen(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """TriggersWhen.""" - #: Trigger on created objects. + #: Trigger on created objects CREATED = "Created" + #: Trigger on updated objects + UPDATED = "Updated" + + +class UebaDataSources(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The data source that enriched by ueba.""" + + AUDIT_LOGS = "AuditLogs" + AZURE_ACTIVITY = "AzureActivity" + SECURITY_EVENT = "SecurityEvent" + SIGNIN_LOGS = "SigninLogs" + + +class Version(str, Enum, metaclass=CaseInsensitiveEnumMeta): + """The version of the source control.""" + + V1 = "V1" + V2 = "V2" diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/__init__.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/__init__.py index 0faea3999df9..918cd7e781bc 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/__init__.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/__init__.py @@ -6,43 +6,80 @@ # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- +from ._alert_rules_operations import AlertRulesOperations +from ._actions_operations import ActionsOperations +from ._alert_rule_templates_operations import AlertRuleTemplatesOperations +from ._automation_rules_operations import AutomationRulesOperations from ._incidents_operations import IncidentsOperations +from ._bookmarks_operations import BookmarksOperations +from ._bookmark_relations_operations import BookmarkRelationsOperations +from ._bookmark_operations import BookmarkOperations +from ._ip_geodata_operations import IPGeodataOperations +from ._domain_whois_operations import DomainWhoisOperations +from ._entities_operations import EntitiesOperations +from ._entities_get_timeline_operations import EntitiesGetTimelineOperations +from ._entities_relations_operations import EntitiesRelationsOperations +from ._entity_relations_operations import EntityRelationsOperations +from ._entity_queries_operations import EntityQueriesOperations +from ._entity_query_templates_operations import EntityQueryTemplatesOperations +from ._file_imports_operations import FileImportsOperations from ._incident_comments_operations import IncidentCommentsOperations from ._incident_relations_operations import IncidentRelationsOperations +from ._metadata_operations import MetadataOperations +from ._office_consents_operations import OfficeConsentsOperations +from ._sentinel_onboarding_states_operations import SentinelOnboardingStatesOperations +from ._security_ml_analytics_settings_operations import SecurityMLAnalyticsSettingsOperations +from ._product_settings_operations import ProductSettingsOperations +from ._source_control_operations import SourceControlOperations +from ._source_controls_operations import SourceControlsOperations from ._threat_intelligence_indicator_operations import ThreatIntelligenceIndicatorOperations from ._threat_intelligence_indicators_operations import ThreatIntelligenceIndicatorsOperations from ._threat_intelligence_indicator_metrics_operations import ThreatIntelligenceIndicatorMetricsOperations from ._watchlists_operations import WatchlistsOperations from ._watchlist_items_operations import WatchlistItemsOperations -from ._operations import Operations -from ._sentinel_onboarding_states_operations import SentinelOnboardingStatesOperations -from ._alert_rules_operations import AlertRulesOperations -from ._actions_operations import ActionsOperations -from ._alert_rule_templates_operations import AlertRuleTemplatesOperations -from ._bookmarks_operations import BookmarksOperations from ._data_connectors_operations import DataConnectorsOperations -from ._automation_rules_operations import AutomationRulesOperations +from ._data_connectors_check_requirements_operations import DataConnectorsCheckRequirementsOperations +from ._operations import Operations from ._patch import __all__ as _patch_all from ._patch import * # type: ignore # pylint: disable=unused-wildcard-import from ._patch import patch_sdk as _patch_sdk + __all__ = [ - 'IncidentsOperations', - 'IncidentCommentsOperations', - 'IncidentRelationsOperations', - 'ThreatIntelligenceIndicatorOperations', - 'ThreatIntelligenceIndicatorsOperations', - 'ThreatIntelligenceIndicatorMetricsOperations', - 'WatchlistsOperations', - 'WatchlistItemsOperations', - 'Operations', - 'SentinelOnboardingStatesOperations', - 'AlertRulesOperations', - 'ActionsOperations', - 'AlertRuleTemplatesOperations', - 'BookmarksOperations', - 'DataConnectorsOperations', - 'AutomationRulesOperations', + "AlertRulesOperations", + "ActionsOperations", + "AlertRuleTemplatesOperations", + "AutomationRulesOperations", + "IncidentsOperations", + "BookmarksOperations", + "BookmarkRelationsOperations", + "BookmarkOperations", + "IPGeodataOperations", + "DomainWhoisOperations", + "EntitiesOperations", + "EntitiesGetTimelineOperations", + "EntitiesRelationsOperations", + "EntityRelationsOperations", + "EntityQueriesOperations", + "EntityQueryTemplatesOperations", + "FileImportsOperations", + "IncidentCommentsOperations", + "IncidentRelationsOperations", + "MetadataOperations", + "OfficeConsentsOperations", + "SentinelOnboardingStatesOperations", + "SecurityMLAnalyticsSettingsOperations", + "ProductSettingsOperations", + "SourceControlOperations", + "SourceControlsOperations", + "ThreatIntelligenceIndicatorOperations", + "ThreatIntelligenceIndicatorsOperations", + "ThreatIntelligenceIndicatorMetricsOperations", + "WatchlistsOperations", + "WatchlistItemsOperations", + "DataConnectorsOperations", + "DataConnectorsCheckRequirementsOperations", + "Operations", ] __all__.extend([p for p in _patch_all if p not in __all__]) -_patch_sdk() \ No newline at end of file +_patch_sdk() diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_actions_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_actions_operations.py index 458d2b52a9e9..4778a7828b0b 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_actions_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_actions_operations.py @@ -6,11 +6,16 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -from typing import Any, Callable, Dict, Iterable, Optional, TypeVar - -from msrest import Serializer - -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) from azure.core.paging import ItemPaged from azure.core.pipeline import PipelineResponse from azure.core.pipeline.transport import HttpResponse @@ -20,181 +25,157 @@ from azure.mgmt.core.exceptions import ARMErrorFormat from .. import models as _models +from .._serialization import Serializer from .._vendor import _convert_request, _format_url_section -T = TypeVar('T') + +T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] _SERIALIZER = Serializer() _SERIALIZER.client_side_validation = False + def build_list_by_alert_rule_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - rule_id: str, - **kwargs: Any + resource_group_name: str, workspace_name: str, rule_id: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "ruleId": _SERIALIZER.url("rule_id", rule_id, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "ruleId": _SERIALIZER.url("rule_id", rule_id, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="GET", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) def build_get_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - rule_id: str, - action_id: str, - **kwargs: Any + resource_group_name: str, workspace_name: str, rule_id: str, action_id: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "ruleId": _SERIALIZER.url("rule_id", rule_id, 'str'), - "actionId": _SERIALIZER.url("action_id", action_id, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "ruleId": _SERIALIZER.url("rule_id", rule_id, "str"), + "actionId": _SERIALIZER.url("action_id", action_id, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="GET", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) def build_create_or_update_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - rule_id: str, - action_id: str, - *, - json: Optional[_models.ActionRequest] = None, - content: Any = None, - **kwargs: Any + resource_group_name: str, workspace_name: str, rule_id: str, action_id: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', None)) # type: Optional[str] - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "ruleId": _SERIALIZER.url("rule_id", rule_id, 'str'), - "actionId": _SERIALIZER.url("action_id", action_id, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "ruleId": _SERIALIZER.url("rule_id", rule_id, "str"), + "actionId": _SERIALIZER.url("action_id", action_id, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers if content_type is not None: - _headers['Content-Type'] = _SERIALIZER.header("content_type", content_type, 'str') - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="PUT", - url=_url, - params=_params, - headers=_headers, - json=json, - content=content, - **kwargs - ) + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) def build_delete_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - rule_id: str, - action_id: str, - **kwargs: Any + resource_group_name: str, workspace_name: str, rule_id: str, action_id: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "ruleId": _SERIALIZER.url("rule_id", rule_id, 'str'), - "actionId": _SERIALIZER.url("action_id", action_id, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "ruleId": _SERIALIZER.url("rule_id", rule_id, "str"), + "actionId": _SERIALIZER.url("action_id", action_id, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) - return HttpRequest( - method="DELETE", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) class ActionsOperations: """ @@ -215,48 +196,43 @@ def __init__(self, *args, **kwargs): self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - @distributed_trace def list_by_alert_rule( - self, - resource_group_name: str, - workspace_name: str, - rule_id: str, - **kwargs: Any - ) -> Iterable[_models.ActionsList]: + self, resource_group_name: str, workspace_name: str, rule_id: str, **kwargs: Any + ) -> Iterable["_models.ActionResponse"]: """Gets all actions of alert rule. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param rule_id: Alert rule ID. + :param rule_id: Alert rule ID. Required. :type rule_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either ActionsList or the result of cls(response) - :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.ActionsList] - :raises: ~azure.core.exceptions.HttpResponseError + :return: An iterator like instance of either ActionResponse or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.ActionResponse] + :raises ~azure.core.exceptions.HttpResponseError: """ _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.ActionsList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.ActionsList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) def prepare_request(next_link=None): if not next_link: - + request = build_list_by_alert_rule_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, rule_id=rule_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.list_by_alert_rule.metadata['url'], + template_url=self.list_by_alert_rule.metadata["url"], headers=_headers, params=_params, ) @@ -264,17 +240,11 @@ def prepare_request(next_link=None): request.url = self._client.format_url(request.url) # type: ignore else: - - request = build_list_by_alert_rule_request( - subscription_id=self._config.subscription_id, - resource_group_name=resource_group_name, - workspace_name=workspace_name, - rule_id=rule_id, - api_version=api_version, - template_url=next_link, - headers=_headers, - params=_params, - ) + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) request = _convert_request(request) request.url = self._client.format_url(request.url) # type: ignore request.method = "GET" @@ -290,10 +260,8 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) - pipeline_response = self._client._pipeline.run( # pylint: disable=protected-access - request, - stream=False, - **kwargs + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs ) response = pipeline_response.http_response @@ -303,56 +271,47 @@ def get_next(next_link=None): return pipeline_response + return ItemPaged(get_next, extract_data) - return ItemPaged( - get_next, extract_data - ) - list_by_alert_rule.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions"} # type: ignore + list_by_alert_rule.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions"} # type: ignore @distributed_trace def get( - self, - resource_group_name: str, - workspace_name: str, - rule_id: str, - action_id: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, rule_id: str, action_id: str, **kwargs: Any ) -> _models.ActionResponse: """Gets the action of alert rule. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param rule_id: Alert rule ID. + :param rule_id: Alert rule ID. Required. :type rule_id: str - :param action_id: Action ID. + :param action_id: Action ID. Required. :type action_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: ActionResponse, or the result of cls(response) + :return: ActionResponse or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.ActionResponse - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.ActionResponse] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.ActionResponse] - request = build_get_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, rule_id=rule_id, action_id=action_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.get.metadata['url'], + template_url=self.get.metadata["url"], headers=_headers, params=_params, ) @@ -360,27 +319,25 @@ def get( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('ActionResponse', pipeline_response) + deserialized = self._deserialize("ActionResponse", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - get.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}"} # type: ignore + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}"} # type: ignore - - @distributed_trace + @overload def create_or_update( self, resource_group_name: str, @@ -388,49 +345,126 @@ def create_or_update( rule_id: str, action_id: str, action: _models.ActionRequest, + *, + content_type: str = "application/json", **kwargs: Any ) -> _models.ActionResponse: """Creates or updates the action of alert rule. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param rule_id: Alert rule ID. + :param rule_id: Alert rule ID. Required. :type rule_id: str - :param action_id: Action ID. + :param action_id: Action ID. Required. :type action_id: str - :param action: The action. + :param action: The action. Required. :type action: ~azure.mgmt.securityinsight.models.ActionRequest + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: ActionResponse, or the result of cls(response) + :return: ActionResponse or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.ActionResponse - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + action_id: str, + action: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.ActionResponse: + """Creates or updates the action of alert rule. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param rule_id: Alert rule ID. Required. + :type rule_id: str + :param action_id: Action ID. Required. + :type action_id: str + :param action: The action. Required. + :type action: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ActionResponse or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.ActionResponse + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + action_id: str, + action: Union[_models.ActionRequest, IO], + **kwargs: Any + ) -> _models.ActionResponse: + """Creates or updates the action of alert rule. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param rule_id: Alert rule ID. Required. + :type rule_id: str + :param action_id: Action ID. Required. + :type action_id: str + :param action: The action. Is either a model type or a IO type. Required. + :type action: ~azure.mgmt.securityinsight.models.ActionRequest or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ActionResponse or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.ActionResponse + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', "application/json")) # type: Optional[str] - cls = kwargs.pop('cls', None) # type: ClsType[_models.ActionResponse] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.ActionResponse] - _json = self._serialize.body(action, 'ActionRequest') + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(action, (IO, bytes)): + _content = action + else: + _json = self._serialize.body(action, "ActionRequest") request = build_create_or_update_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, rule_id=rule_id, action_id=action_id, + subscription_id=self._config.subscription_id, api_version=api_version, content_type=content_type, json=_json, - template_url=self.create_or_update.metadata['url'], + content=_content, + template_url=self.create_or_update.metadata["url"], headers=_headers, params=_params, ) @@ -438,10 +472,9 @@ def create_or_update( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 201]: @@ -449,63 +482,55 @@ def create_or_update( raise HttpResponseError(response=response, error_format=ARMErrorFormat) if response.status_code == 200: - deserialized = self._deserialize('ActionResponse', pipeline_response) + deserialized = self._deserialize("ActionResponse", pipeline_response) if response.status_code == 201: - deserialized = self._deserialize('ActionResponse', pipeline_response) + deserialized = self._deserialize("ActionResponse", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - create_or_update.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}"} # type: ignore - + create_or_update.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}"} # type: ignore @distributed_trace def delete( # pylint: disable=inconsistent-return-statements - self, - resource_group_name: str, - workspace_name: str, - rule_id: str, - action_id: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, rule_id: str, action_id: str, **kwargs: Any ) -> None: """Delete the action of alert rule. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param rule_id: Alert rule ID. + :param rule_id: Alert rule ID. Required. :type rule_id: str - :param action_id: Action ID. + :param action_id: Action ID. Required. :type action_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: None, or the result of cls(response) + :return: None or the result of cls(response) :rtype: None - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[None] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] - request = build_delete_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, rule_id=rule_id, action_id=action_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.delete.metadata['url'], + template_url=self.delete.metadata["url"], headers=_headers, params=_params, ) @@ -513,10 +538,9 @@ def delete( # pylint: disable=inconsistent-return-statements request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 204]: @@ -526,5 +550,4 @@ def delete( # pylint: disable=inconsistent-return-statements if cls: return cls(pipeline_response, None, {}) - delete.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}"} # type: ignore - + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}/actions/{actionId}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rule_templates_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rule_templates_operations.py index e62def98746c..d8ddd80516fc 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rule_templates_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rule_templates_operations.py @@ -7,10 +7,15 @@ # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- from typing import Any, Callable, Dict, Iterable, Optional, TypeVar - -from msrest import Serializer - -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) from azure.core.paging import ItemPaged from azure.core.pipeline import PipelineResponse from azure.core.pipeline.transport import HttpResponse @@ -20,87 +25,82 @@ from azure.mgmt.core.exceptions import ARMErrorFormat from .. import models as _models +from .._serialization import Serializer from .._vendor import _convert_request, _format_url_section -T = TypeVar('T') + +T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] _SERIALIZER = Serializer() _SERIALIZER.client_side_validation = False + def build_list_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - **kwargs: Any + resource_group_name: str, workspace_name: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="GET", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) def build_get_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - alert_rule_template_id: str, - **kwargs: Any + resource_group_name: str, workspace_name: str, alert_rule_template_id: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates/{alertRuleTemplateId}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates/{alertRuleTemplateId}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "alertRuleTemplateId": _SERIALIZER.url("alert_rule_template_id", alert_rule_template_id, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "alertRuleTemplateId": _SERIALIZER.url("alert_rule_template_id", alert_rule_template_id, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) - return HttpRequest( - method="GET", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) class AlertRuleTemplatesOperations: """ @@ -121,45 +121,40 @@ def __init__(self, *args, **kwargs): self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - @distributed_trace def list( - self, - resource_group_name: str, - workspace_name: str, - **kwargs: Any - ) -> Iterable[_models.AlertRuleTemplatesList]: + self, resource_group_name: str, workspace_name: str, **kwargs: Any + ) -> Iterable["_models.AlertRuleTemplate"]: """Gets all alert rule templates. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either AlertRuleTemplatesList or the result of - cls(response) - :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.AlertRuleTemplatesList] - :raises: ~azure.core.exceptions.HttpResponseError + :return: An iterator like instance of either AlertRuleTemplate or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.AlertRuleTemplate] + :raises ~azure.core.exceptions.HttpResponseError: """ _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.AlertRuleTemplatesList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.AlertRuleTemplatesList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) def prepare_request(next_link=None): if not next_link: - + request = build_list_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.list.metadata['url'], + template_url=self.list.metadata["url"], headers=_headers, params=_params, ) @@ -167,16 +162,11 @@ def prepare_request(next_link=None): request.url = self._client.format_url(request.url) # type: ignore else: - - request = build_list_request( - subscription_id=self._config.subscription_id, - resource_group_name=resource_group_name, - workspace_name=workspace_name, - api_version=api_version, - template_url=next_link, - headers=_headers, - params=_params, - ) + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) request = _convert_request(request) request.url = self._client.format_url(request.url) # type: ignore request.method = "GET" @@ -192,10 +182,8 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) - pipeline_response = self._client._pipeline.run( # pylint: disable=protected-access - request, - stream=False, - **kwargs + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs ) response = pipeline_response.http_response @@ -205,52 +193,44 @@ def get_next(next_link=None): return pipeline_response + return ItemPaged(get_next, extract_data) - return ItemPaged( - get_next, extract_data - ) - list.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates"} # type: ignore + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates"} # type: ignore @distributed_trace def get( - self, - resource_group_name: str, - workspace_name: str, - alert_rule_template_id: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, alert_rule_template_id: str, **kwargs: Any ) -> _models.AlertRuleTemplate: """Gets the alert rule template. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param alert_rule_template_id: Alert rule template ID. + :param alert_rule_template_id: Alert rule template ID. Required. :type alert_rule_template_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: AlertRuleTemplate, or the result of cls(response) + :return: AlertRuleTemplate or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.AlertRuleTemplate - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.AlertRuleTemplate] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.AlertRuleTemplate] - request = build_get_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, alert_rule_template_id=alert_rule_template_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.get.metadata['url'], + template_url=self.get.metadata["url"], headers=_headers, params=_params, ) @@ -258,22 +238,20 @@ def get( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('AlertRuleTemplate', pipeline_response) + deserialized = self._deserialize("AlertRuleTemplate", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - get.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates/{alertRuleTemplateId}"} # type: ignore - + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRuleTemplates/{alertRuleTemplateId}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rules_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rules_operations.py index 2b3405c6ed6d..57c1596e7dea 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rules_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_alert_rules_operations.py @@ -6,11 +6,16 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -from typing import Any, Callable, Dict, Iterable, Optional, TypeVar - -from msrest import Serializer - -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) from azure.core.paging import ItemPaged from azure.core.pipeline import PipelineResponse from azure.core.pipeline.transport import HttpResponse @@ -20,173 +25,153 @@ from azure.mgmt.core.exceptions import ARMErrorFormat from .. import models as _models +from .._serialization import Serializer from .._vendor import _convert_request, _format_url_section -T = TypeVar('T') + +T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] _SERIALIZER = Serializer() _SERIALIZER.client_side_validation = False + def build_list_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - **kwargs: Any + resource_group_name: str, workspace_name: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="GET", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) def build_get_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - rule_id: str, - **kwargs: Any + resource_group_name: str, workspace_name: str, rule_id: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "ruleId": _SERIALIZER.url("rule_id", rule_id, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "ruleId": _SERIALIZER.url("rule_id", rule_id, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="GET", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) def build_create_or_update_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - rule_id: str, - *, - json: Optional[_models.AlertRule] = None, - content: Any = None, - **kwargs: Any + resource_group_name: str, workspace_name: str, rule_id: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', None)) # type: Optional[str] - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "ruleId": _SERIALIZER.url("rule_id", rule_id, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "ruleId": _SERIALIZER.url("rule_id", rule_id, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers if content_type is not None: - _headers['Content-Type'] = _SERIALIZER.header("content_type", content_type, 'str') - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="PUT", - url=_url, - params=_params, - headers=_headers, - json=json, - content=content, - **kwargs - ) + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) def build_delete_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - rule_id: str, - **kwargs: Any + resource_group_name: str, workspace_name: str, rule_id: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "ruleId": _SERIALIZER.url("rule_id", rule_id, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "ruleId": _SERIALIZER.url("rule_id", rule_id, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) - return HttpRequest( - method="DELETE", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) class AlertRulesOperations: """ @@ -207,44 +192,38 @@ def __init__(self, *args, **kwargs): self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - @distributed_trace - def list( - self, - resource_group_name: str, - workspace_name: str, - **kwargs: Any - ) -> Iterable[_models.AlertRulesList]: + def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> Iterable["_models.AlertRule"]: """Gets all alert rules. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either AlertRulesList or the result of cls(response) - :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.AlertRulesList] - :raises: ~azure.core.exceptions.HttpResponseError + :return: An iterator like instance of either AlertRule or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.AlertRule] + :raises ~azure.core.exceptions.HttpResponseError: """ _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.AlertRulesList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.AlertRulesList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) def prepare_request(next_link=None): if not next_link: - + request = build_list_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.list.metadata['url'], + template_url=self.list.metadata["url"], headers=_headers, params=_params, ) @@ -252,16 +231,11 @@ def prepare_request(next_link=None): request.url = self._client.format_url(request.url) # type: ignore else: - - request = build_list_request( - subscription_id=self._config.subscription_id, - resource_group_name=resource_group_name, - workspace_name=workspace_name, - api_version=api_version, - template_url=next_link, - headers=_headers, - params=_params, - ) + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) request = _convert_request(request) request.url = self._client.format_url(request.url) # type: ignore request.method = "GET" @@ -277,10 +251,8 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) - pipeline_response = self._client._pipeline.run( # pylint: disable=protected-access - request, - stream=False, - **kwargs + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs ) response = pipeline_response.http_response @@ -290,52 +262,42 @@ def get_next(next_link=None): return pipeline_response + return ItemPaged(get_next, extract_data) - return ItemPaged( - get_next, extract_data - ) - list.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules"} # type: ignore + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules"} # type: ignore @distributed_trace - def get( - self, - resource_group_name: str, - workspace_name: str, - rule_id: str, - **kwargs: Any - ) -> _models.AlertRule: + def get(self, resource_group_name: str, workspace_name: str, rule_id: str, **kwargs: Any) -> _models.AlertRule: """Gets the alert rule. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param rule_id: Alert rule ID. + :param rule_id: Alert rule ID. Required. :type rule_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: AlertRule, or the result of cls(response) + :return: AlertRule or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.AlertRule - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.AlertRule] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.AlertRule] - request = build_get_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, rule_id=rule_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.get.metadata['url'], + template_url=self.get.metadata["url"], headers=_headers, params=_params, ) @@ -343,73 +305,142 @@ def get( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('AlertRule', pipeline_response) + deserialized = self._deserialize("AlertRule", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - get.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}"} # type: ignore - + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}"} # type: ignore - @distributed_trace + @overload def create_or_update( self, resource_group_name: str, workspace_name: str, rule_id: str, alert_rule: _models.AlertRule, + *, + content_type: str = "application/json", **kwargs: Any ) -> _models.AlertRule: """Creates or updates the alert rule. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param rule_id: Alert rule ID. + :param rule_id: Alert rule ID. Required. :type rule_id: str - :param alert_rule: The alert rule. + :param alert_rule: The alert rule. Required. :type alert_rule: ~azure.mgmt.securityinsight.models.AlertRule + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: AlertRule or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.AlertRule + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + alert_rule: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.AlertRule: + """Creates or updates the alert rule. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param rule_id: Alert rule ID. Required. + :type rule_id: str + :param alert_rule: The alert rule. Required. + :type alert_rule: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: AlertRule, or the result of cls(response) + :return: AlertRule or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.AlertRule - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + + @distributed_trace + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + rule_id: str, + alert_rule: Union[_models.AlertRule, IO], + **kwargs: Any + ) -> _models.AlertRule: + """Creates or updates the alert rule. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param rule_id: Alert rule ID. Required. + :type rule_id: str + :param alert_rule: The alert rule. Is either a model type or a IO type. Required. + :type alert_rule: ~azure.mgmt.securityinsight.models.AlertRule or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: AlertRule or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.AlertRule + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', "application/json")) # type: Optional[str] - cls = kwargs.pop('cls', None) # type: ClsType[_models.AlertRule] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.AlertRule] - _json = self._serialize.body(alert_rule, 'AlertRule') + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(alert_rule, (IO, bytes)): + _content = alert_rule + else: + _json = self._serialize.body(alert_rule, "AlertRule") request = build_create_or_update_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, rule_id=rule_id, + subscription_id=self._config.subscription_id, api_version=api_version, content_type=content_type, json=_json, - template_url=self.create_or_update.metadata['url'], + content=_content, + template_url=self.create_or_update.metadata["url"], headers=_headers, params=_params, ) @@ -417,10 +448,9 @@ def create_or_update( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 201]: @@ -428,59 +458,52 @@ def create_or_update( raise HttpResponseError(response=response, error_format=ARMErrorFormat) if response.status_code == 200: - deserialized = self._deserialize('AlertRule', pipeline_response) + deserialized = self._deserialize("AlertRule", pipeline_response) if response.status_code == 201: - deserialized = self._deserialize('AlertRule', pipeline_response) + deserialized = self._deserialize("AlertRule", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - create_or_update.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}"} # type: ignore - + create_or_update.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}"} # type: ignore @distributed_trace def delete( # pylint: disable=inconsistent-return-statements - self, - resource_group_name: str, - workspace_name: str, - rule_id: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, rule_id: str, **kwargs: Any ) -> None: """Delete the alert rule. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param rule_id: Alert rule ID. + :param rule_id: Alert rule ID. Required. :type rule_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: None, or the result of cls(response) + :return: None or the result of cls(response) :rtype: None - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[None] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] - request = build_delete_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, rule_id=rule_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.delete.metadata['url'], + template_url=self.delete.metadata["url"], headers=_headers, params=_params, ) @@ -488,10 +511,9 @@ def delete( # pylint: disable=inconsistent-return-statements request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 204]: @@ -501,5 +523,4 @@ def delete( # pylint: disable=inconsistent-return-statements if cls: return cls(pipeline_response, None, {}) - delete.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}"} # type: ignore - + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/alertRules/{ruleId}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_automation_rules_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_automation_rules_operations.py index 3c94ffaa56fa..de1ffff91ed1 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_automation_rules_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_automation_rules_operations.py @@ -6,11 +6,17 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -from typing import Any, Callable, Dict, Iterable, Optional, TypeVar - -from msrest import Serializer - -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +import sys +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) from azure.core.paging import ItemPaged from azure.core.pipeline import PipelineResponse from azure.core.pipeline.transport import HttpResponse @@ -20,173 +26,158 @@ from azure.mgmt.core.exceptions import ARMErrorFormat from .. import models as _models +from .._serialization import Serializer from .._vendor import _convert_request, _format_url_section -T = TypeVar('T') + +if sys.version_info >= (3, 9): + from collections.abc import MutableMapping +else: + from typing import MutableMapping # type: ignore # pylint: disable=ungrouped-imports +JSON = MutableMapping[str, Any] # pylint: disable=unsubscriptable-object +T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] _SERIALIZER = Serializer() _SERIALIZER.client_side_validation = False + def build_get_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - automation_rule_id: str, - **kwargs: Any + resource_group_name: str, workspace_name: str, automation_rule_id: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "automationRuleId": _SERIALIZER.url("automation_rule_id", automation_rule_id, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "automationRuleId": _SERIALIZER.url("automation_rule_id", automation_rule_id, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="GET", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) def build_create_or_update_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - automation_rule_id: str, - *, - json: Optional[_models.AutomationRule] = None, - content: Any = None, - **kwargs: Any + resource_group_name: str, workspace_name: str, automation_rule_id: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', None)) # type: Optional[str] - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "automationRuleId": _SERIALIZER.url("automation_rule_id", automation_rule_id, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "automationRuleId": _SERIALIZER.url("automation_rule_id", automation_rule_id, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers if content_type is not None: - _headers['Content-Type'] = _SERIALIZER.header("content_type", content_type, 'str') - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="PUT", - url=_url, - params=_params, - headers=_headers, - json=json, - content=content, - **kwargs - ) + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) def build_delete_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - automation_rule_id: str, - **kwargs: Any + resource_group_name: str, workspace_name: str, automation_rule_id: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "automationRuleId": _SERIALIZER.url("automation_rule_id", automation_rule_id, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "automationRuleId": _SERIALIZER.url("automation_rule_id", automation_rule_id, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="DELETE", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) def build_list_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - **kwargs: Any + resource_group_name: str, workspace_name: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) - return HttpRequest( - method="GET", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) class AutomationRulesOperations: """ @@ -207,47 +198,40 @@ def __init__(self, *args, **kwargs): self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - @distributed_trace def get( - self, - resource_group_name: str, - workspace_name: str, - automation_rule_id: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, automation_rule_id: str, **kwargs: Any ) -> _models.AutomationRule: """Gets the automation rule. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param automation_rule_id: Automation rule ID. + :param automation_rule_id: Automation rule ID. Required. :type automation_rule_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: AutomationRule, or the result of cls(response) + :return: AutomationRule or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.AutomationRule - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.AutomationRule] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.AutomationRule] - request = build_get_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, automation_rule_id=automation_rule_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.get.metadata['url'], + template_url=self.get.metadata["url"], headers=_headers, params=_params, ) @@ -255,76 +239,146 @@ def get( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('AutomationRule', pipeline_response) + deserialized = self._deserialize("AutomationRule", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - get.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}"} # type: ignore + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}"} # type: ignore - - @distributed_trace + @overload def create_or_update( self, resource_group_name: str, workspace_name: str, automation_rule_id: str, automation_rule_to_upsert: Optional[_models.AutomationRule] = None, + *, + content_type: str = "application/json", **kwargs: Any ) -> _models.AutomationRule: """Creates or updates the automation rule. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param automation_rule_id: Automation rule ID. + :param automation_rule_id: Automation rule ID. Required. :type automation_rule_id: str :param automation_rule_to_upsert: The automation rule. Default value is None. :type automation_rule_to_upsert: ~azure.mgmt.securityinsight.models.AutomationRule + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: AutomationRule or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.AutomationRule + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + automation_rule_id: str, + automation_rule_to_upsert: Optional[IO] = None, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.AutomationRule: + """Creates or updates the automation rule. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param automation_rule_id: Automation rule ID. Required. + :type automation_rule_id: str + :param automation_rule_to_upsert: The automation rule. Default value is None. + :type automation_rule_to_upsert: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: AutomationRule, or the result of cls(response) + :return: AutomationRule or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.AutomationRule - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + + @distributed_trace + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + automation_rule_id: str, + automation_rule_to_upsert: Optional[Union[_models.AutomationRule, IO]] = None, + **kwargs: Any + ) -> _models.AutomationRule: + """Creates or updates the automation rule. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param automation_rule_id: Automation rule ID. Required. + :type automation_rule_id: str + :param automation_rule_to_upsert: The automation rule. Is either a model type or a IO type. + Default value is None. + :type automation_rule_to_upsert: ~azure.mgmt.securityinsight.models.AutomationRule or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: AutomationRule or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.AutomationRule + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', "application/json")) # type: Optional[str] - cls = kwargs.pop('cls', None) # type: ClsType[_models.AutomationRule] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.AutomationRule] - if automation_rule_to_upsert is not None: - _json = self._serialize.body(automation_rule_to_upsert, 'AutomationRule') + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(automation_rule_to_upsert, (IO, bytes)): + _content = automation_rule_to_upsert else: - _json = None + if automation_rule_to_upsert is not None: + _json = self._serialize.body(automation_rule_to_upsert, "AutomationRule") + else: + _json = None request = build_create_or_update_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, automation_rule_id=automation_rule_id, + subscription_id=self._config.subscription_id, api_version=api_version, content_type=content_type, json=_json, - template_url=self.create_or_update.metadata['url'], + content=_content, + template_url=self.create_or_update.metadata["url"], headers=_headers, params=_params, ) @@ -332,10 +386,9 @@ def create_or_update( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 201]: @@ -343,59 +396,50 @@ def create_or_update( raise HttpResponseError(response=response, error_format=ARMErrorFormat) if response.status_code == 200: - deserialized = self._deserialize('AutomationRule', pipeline_response) + deserialized = self._deserialize("AutomationRule", pipeline_response) if response.status_code == 201: - deserialized = self._deserialize('AutomationRule', pipeline_response) + deserialized = self._deserialize("AutomationRule", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - create_or_update.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}"} # type: ignore - + create_or_update.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}"} # type: ignore @distributed_trace - def delete( - self, - resource_group_name: str, - workspace_name: str, - automation_rule_id: str, - **kwargs: Any - ) -> Any: + def delete(self, resource_group_name: str, workspace_name: str, automation_rule_id: str, **kwargs: Any) -> JSON: """Delete the automation rule. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param automation_rule_id: Automation rule ID. + :param automation_rule_id: Automation rule ID. Required. :type automation_rule_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: any, or the result of cls(response) - :rtype: any - :raises: ~azure.core.exceptions.HttpResponseError + :return: JSON or the result of cls(response) + :rtype: JSON + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[Any] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[JSON] - request = build_delete_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, automation_rule_id=automation_rule_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.delete.metadata['url'], + template_url=self.delete.metadata["url"], headers=_headers, params=_params, ) @@ -403,10 +447,9 @@ def delete( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 204]: @@ -414,56 +457,50 @@ def delete( raise HttpResponseError(response=response, error_format=ARMErrorFormat) if response.status_code == 200: - deserialized = self._deserialize('object', pipeline_response) + deserialized = self._deserialize("object", pipeline_response) if response.status_code == 204: - deserialized = self._deserialize('object', pipeline_response) + deserialized = self._deserialize("object", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - delete.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}"} # type: ignore - + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules/{automationRuleId}"} # type: ignore @distributed_trace - def list( - self, - resource_group_name: str, - workspace_name: str, - **kwargs: Any - ) -> Iterable[_models.AutomationRulesList]: + def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> Iterable["_models.AutomationRule"]: """Gets all automation rules. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either AutomationRulesList or the result of cls(response) - :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.AutomationRulesList] - :raises: ~azure.core.exceptions.HttpResponseError + :return: An iterator like instance of either AutomationRule or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.AutomationRule] + :raises ~azure.core.exceptions.HttpResponseError: """ _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.AutomationRulesList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.AutomationRulesList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) def prepare_request(next_link=None): if not next_link: - + request = build_list_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.list.metadata['url'], + template_url=self.list.metadata["url"], headers=_headers, params=_params, ) @@ -471,16 +508,11 @@ def prepare_request(next_link=None): request.url = self._client.format_url(request.url) # type: ignore else: - - request = build_list_request( - subscription_id=self._config.subscription_id, - resource_group_name=resource_group_name, - workspace_name=workspace_name, - api_version=api_version, - template_url=next_link, - headers=_headers, - params=_params, - ) + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) request = _convert_request(request) request.url = self._client.format_url(request.url) # type: ignore request.method = "GET" @@ -496,10 +528,8 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) - pipeline_response = self._client._pipeline.run( # pylint: disable=protected-access - request, - stream=False, - **kwargs + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs ) response = pipeline_response.http_response @@ -509,8 +539,6 @@ def get_next(next_link=None): return pipeline_response + return ItemPaged(get_next, extract_data) - return ItemPaged( - get_next, extract_data - ) - list.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules"} # type: ignore + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/automationRules"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmark_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmark_operations.py new file mode 100644 index 000000000000..aa47e84158d5 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmark_operations.py @@ -0,0 +1,236 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request, _format_url_section + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_expand_request( + resource_group_name: str, workspace_name: str, bookmark_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/expand", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "bookmarkId": _SERIALIZER.url("bookmark_id", bookmark_id, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, **kwargs) + + +class BookmarkOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`bookmark` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @overload + def expand( + self, + resource_group_name: str, + workspace_name: str, + bookmark_id: str, + parameters: _models.BookmarkExpandParameters, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.BookmarkExpandResponse: + """Expand an bookmark. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param bookmark_id: Bookmark ID. Required. + :type bookmark_id: str + :param parameters: The parameters required to execute an expand operation on the given + bookmark. Required. + :type parameters: ~azure.mgmt.securityinsight.models.BookmarkExpandParameters + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: BookmarkExpandResponse or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.BookmarkExpandResponse + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def expand( + self, + resource_group_name: str, + workspace_name: str, + bookmark_id: str, + parameters: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.BookmarkExpandResponse: + """Expand an bookmark. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param bookmark_id: Bookmark ID. Required. + :type bookmark_id: str + :param parameters: The parameters required to execute an expand operation on the given + bookmark. Required. + :type parameters: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: BookmarkExpandResponse or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.BookmarkExpandResponse + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def expand( + self, + resource_group_name: str, + workspace_name: str, + bookmark_id: str, + parameters: Union[_models.BookmarkExpandParameters, IO], + **kwargs: Any + ) -> _models.BookmarkExpandResponse: + """Expand an bookmark. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param bookmark_id: Bookmark ID. Required. + :type bookmark_id: str + :param parameters: The parameters required to execute an expand operation on the given + bookmark. Is either a model type or a IO type. Required. + :type parameters: ~azure.mgmt.securityinsight.models.BookmarkExpandParameters or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: BookmarkExpandResponse or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.BookmarkExpandResponse + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.BookmarkExpandResponse] + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(parameters, (IO, bytes)): + _content = parameters + else: + _json = self._serialize.body(parameters, "BookmarkExpandParameters") + + request = build_expand_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + bookmark_id=bookmark_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.expand.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("BookmarkExpandResponse", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + expand.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/expand"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmark_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmark_relations_operations.py new file mode 100644 index 000000000000..ef7dbd22b44b --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmark_relations_operations.py @@ -0,0 +1,609 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request, _format_url_section + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, + workspace_name: str, + bookmark_id: str, + subscription_id: str, + *, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "bookmarkId": _SERIALIZER.url("bookmark_id", bookmark_id, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + if filter is not None: + _params["$filter"] = _SERIALIZER.query("filter", filter, "str") + if orderby is not None: + _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") + if top is not None: + _params["$top"] = _SERIALIZER.query("top", top, "int") + if skip_token is not None: + _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_request( + resource_group_name: str, + workspace_name: str, + bookmark_id: str, + relation_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "bookmarkId": _SERIALIZER.url("bookmark_id", bookmark_id, "str"), + "relationName": _SERIALIZER.url("relation_name", relation_name, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_create_or_update_request( + resource_group_name: str, + workspace_name: str, + bookmark_id: str, + relation_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "bookmarkId": _SERIALIZER.url("bookmark_id", bookmark_id, "str"), + "relationName": _SERIALIZER.url("relation_name", relation_name, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_delete_request( + resource_group_name: str, + workspace_name: str, + bookmark_id: str, + relation_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "bookmarkId": _SERIALIZER.url("bookmark_id", bookmark_id, "str"), + "relationName": _SERIALIZER.url("relation_name", relation_name, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) + + +class BookmarkRelationsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`bookmark_relations` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + bookmark_id: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> Iterable["_models.Relation"]: + """Gets all bookmark relations. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param bookmark_id: Bookmark ID. Required. + :type bookmark_id: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either Relation or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.Relation] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.RelationList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + bookmark_id=bookmark_id, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + else: + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("RelationList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations"} # type: ignore + + @distributed_trace + def get( + self, resource_group_name: str, workspace_name: str, bookmark_id: str, relation_name: str, **kwargs: Any + ) -> _models.Relation: + """Gets a bookmark relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param bookmark_id: Bookmark ID. Required. + :type bookmark_id: str + :param relation_name: Relation Name. Required. + :type relation_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Relation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Relation + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.Relation] + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + bookmark_id=bookmark_id, + relation_name=relation_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("Relation", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}"} # type: ignore + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + bookmark_id: str, + relation_name: str, + relation: _models.Relation, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.Relation: + """Creates the bookmark relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param bookmark_id: Bookmark ID. Required. + :type bookmark_id: str + :param relation_name: Relation Name. Required. + :type relation_name: str + :param relation: The relation model. Required. + :type relation: ~azure.mgmt.securityinsight.models.Relation + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Relation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Relation + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + bookmark_id: str, + relation_name: str, + relation: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.Relation: + """Creates the bookmark relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param bookmark_id: Bookmark ID. Required. + :type bookmark_id: str + :param relation_name: Relation Name. Required. + :type relation_name: str + :param relation: The relation model. Required. + :type relation: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Relation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Relation + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + bookmark_id: str, + relation_name: str, + relation: Union[_models.Relation, IO], + **kwargs: Any + ) -> _models.Relation: + """Creates the bookmark relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param bookmark_id: Bookmark ID. Required. + :type bookmark_id: str + :param relation_name: Relation Name. Required. + :type relation_name: str + :param relation: The relation model. Is either a model type or a IO type. Required. + :type relation: ~azure.mgmt.securityinsight.models.Relation or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Relation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Relation + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.Relation] + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(relation, (IO, bytes)): + _content = relation + else: + _json = self._serialize.body(relation, "Relation") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + bookmark_id=bookmark_id, + relation_name=relation_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("Relation", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("Relation", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + create_or_update.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}"} # type: ignore + + @distributed_trace + def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, bookmark_id: str, relation_name: str, **kwargs: Any + ) -> None: + """Delete the bookmark relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param bookmark_id: Bookmark ID. Required. + :type bookmark_id: str + :param relation_name: Relation Name. Required. + :type relation_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + bookmark_id=bookmark_id, + relation_name=relation_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}/relations/{relationName}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmarks_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmarks_operations.py index 27fe6f580cca..e077b9401009 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmarks_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_bookmarks_operations.py @@ -6,11 +6,16 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -from typing import Any, Callable, Dict, Iterable, Optional, TypeVar - -from msrest import Serializer - -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) from azure.core.paging import ItemPaged from azure.core.pipeline import PipelineResponse from azure.core.pipeline.transport import HttpResponse @@ -20,173 +25,153 @@ from azure.mgmt.core.exceptions import ARMErrorFormat from .. import models as _models +from .._serialization import Serializer from .._vendor import _convert_request, _format_url_section -T = TypeVar('T') + +T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] _SERIALIZER = Serializer() _SERIALIZER.client_side_validation = False + def build_list_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - **kwargs: Any + resource_group_name: str, workspace_name: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="GET", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) def build_get_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - bookmark_id: str, - **kwargs: Any + resource_group_name: str, workspace_name: str, bookmark_id: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "bookmarkId": _SERIALIZER.url("bookmark_id", bookmark_id, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "bookmarkId": _SERIALIZER.url("bookmark_id", bookmark_id, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="GET", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) def build_create_or_update_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - bookmark_id: str, - *, - json: Optional[_models.Bookmark] = None, - content: Any = None, - **kwargs: Any + resource_group_name: str, workspace_name: str, bookmark_id: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', None)) # type: Optional[str] - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "bookmarkId": _SERIALIZER.url("bookmark_id", bookmark_id, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "bookmarkId": _SERIALIZER.url("bookmark_id", bookmark_id, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers if content_type is not None: - _headers['Content-Type'] = _SERIALIZER.header("content_type", content_type, 'str') - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="PUT", - url=_url, - params=_params, - headers=_headers, - json=json, - content=content, - **kwargs - ) + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) def build_delete_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - bookmark_id: str, - **kwargs: Any + resource_group_name: str, workspace_name: str, bookmark_id: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "bookmarkId": _SERIALIZER.url("bookmark_id", bookmark_id, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "bookmarkId": _SERIALIZER.url("bookmark_id", bookmark_id, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) - return HttpRequest( - method="DELETE", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) class BookmarksOperations: """ @@ -207,44 +192,38 @@ def __init__(self, *args, **kwargs): self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - @distributed_trace - def list( - self, - resource_group_name: str, - workspace_name: str, - **kwargs: Any - ) -> Iterable[_models.BookmarkList]: + def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> Iterable["_models.Bookmark"]: """Gets all bookmarks. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either BookmarkList or the result of cls(response) - :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.BookmarkList] - :raises: ~azure.core.exceptions.HttpResponseError + :return: An iterator like instance of either Bookmark or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.Bookmark] + :raises ~azure.core.exceptions.HttpResponseError: """ _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.BookmarkList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.BookmarkList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) def prepare_request(next_link=None): if not next_link: - + request = build_list_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.list.metadata['url'], + template_url=self.list.metadata["url"], headers=_headers, params=_params, ) @@ -252,16 +231,11 @@ def prepare_request(next_link=None): request.url = self._client.format_url(request.url) # type: ignore else: - - request = build_list_request( - subscription_id=self._config.subscription_id, - resource_group_name=resource_group_name, - workspace_name=workspace_name, - api_version=api_version, - template_url=next_link, - headers=_headers, - params=_params, - ) + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) request = _convert_request(request) request.url = self._client.format_url(request.url) # type: ignore request.method = "GET" @@ -277,10 +251,8 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) - pipeline_response = self._client._pipeline.run( # pylint: disable=protected-access - request, - stream=False, - **kwargs + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs ) response = pipeline_response.http_response @@ -290,52 +262,42 @@ def get_next(next_link=None): return pipeline_response + return ItemPaged(get_next, extract_data) - return ItemPaged( - get_next, extract_data - ) - list.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks"} # type: ignore + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks"} # type: ignore @distributed_trace - def get( - self, - resource_group_name: str, - workspace_name: str, - bookmark_id: str, - **kwargs: Any - ) -> _models.Bookmark: + def get(self, resource_group_name: str, workspace_name: str, bookmark_id: str, **kwargs: Any) -> _models.Bookmark: """Gets a bookmark. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param bookmark_id: Bookmark ID. + :param bookmark_id: Bookmark ID. Required. :type bookmark_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: Bookmark, or the result of cls(response) + :return: Bookmark or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.Bookmark - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.Bookmark] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.Bookmark] - request = build_get_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, bookmark_id=bookmark_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.get.metadata['url'], + template_url=self.get.metadata["url"], headers=_headers, params=_params, ) @@ -343,73 +305,142 @@ def get( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('Bookmark', pipeline_response) + deserialized = self._deserialize("Bookmark", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - get.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}"} # type: ignore - + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}"} # type: ignore - @distributed_trace + @overload def create_or_update( self, resource_group_name: str, workspace_name: str, bookmark_id: str, bookmark: _models.Bookmark, + *, + content_type: str = "application/json", **kwargs: Any ) -> _models.Bookmark: """Creates or updates the bookmark. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param bookmark_id: Bookmark ID. + :param bookmark_id: Bookmark ID. Required. :type bookmark_id: str - :param bookmark: The bookmark. + :param bookmark: The bookmark. Required. :type bookmark: ~azure.mgmt.securityinsight.models.Bookmark + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Bookmark or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Bookmark + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + bookmark_id: str, + bookmark: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.Bookmark: + """Creates or updates the bookmark. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param bookmark_id: Bookmark ID. Required. + :type bookmark_id: str + :param bookmark: The bookmark. Required. + :type bookmark: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: Bookmark, or the result of cls(response) + :return: Bookmark or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.Bookmark - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + + @distributed_trace + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + bookmark_id: str, + bookmark: Union[_models.Bookmark, IO], + **kwargs: Any + ) -> _models.Bookmark: + """Creates or updates the bookmark. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param bookmark_id: Bookmark ID. Required. + :type bookmark_id: str + :param bookmark: The bookmark. Is either a model type or a IO type. Required. + :type bookmark: ~azure.mgmt.securityinsight.models.Bookmark or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Bookmark or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Bookmark + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', "application/json")) # type: Optional[str] - cls = kwargs.pop('cls', None) # type: ClsType[_models.Bookmark] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.Bookmark] - _json = self._serialize.body(bookmark, 'Bookmark') + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(bookmark, (IO, bytes)): + _content = bookmark + else: + _json = self._serialize.body(bookmark, "Bookmark") request = build_create_or_update_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, bookmark_id=bookmark_id, + subscription_id=self._config.subscription_id, api_version=api_version, content_type=content_type, json=_json, - template_url=self.create_or_update.metadata['url'], + content=_content, + template_url=self.create_or_update.metadata["url"], headers=_headers, params=_params, ) @@ -417,10 +448,9 @@ def create_or_update( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 201]: @@ -428,59 +458,52 @@ def create_or_update( raise HttpResponseError(response=response, error_format=ARMErrorFormat) if response.status_code == 200: - deserialized = self._deserialize('Bookmark', pipeline_response) + deserialized = self._deserialize("Bookmark", pipeline_response) if response.status_code == 201: - deserialized = self._deserialize('Bookmark', pipeline_response) + deserialized = self._deserialize("Bookmark", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - create_or_update.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}"} # type: ignore - + create_or_update.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}"} # type: ignore @distributed_trace def delete( # pylint: disable=inconsistent-return-statements - self, - resource_group_name: str, - workspace_name: str, - bookmark_id: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, bookmark_id: str, **kwargs: Any ) -> None: """Delete the bookmark. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param bookmark_id: Bookmark ID. + :param bookmark_id: Bookmark ID. Required. :type bookmark_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: None, or the result of cls(response) + :return: None or the result of cls(response) :rtype: None - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[None] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] - request = build_delete_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, bookmark_id=bookmark_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.delete.metadata['url'], + template_url=self.delete.metadata["url"], headers=_headers, params=_params, ) @@ -488,10 +511,9 @@ def delete( # pylint: disable=inconsistent-return-statements request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 204]: @@ -501,5 +523,4 @@ def delete( # pylint: disable=inconsistent-return-statements if cls: return cls(pipeline_response, None, {}) - delete.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}"} # type: ignore - + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/bookmarks/{bookmarkId}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connectors_check_requirements_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connectors_check_requirements_operations.py new file mode 100644 index 000000000000..8fd558c9218d --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connectors_check_requirements_operations.py @@ -0,0 +1,227 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request, _format_url_section + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_post_request( + resource_group_name: str, workspace_name: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorsCheckRequirements", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, **kwargs) + + +class DataConnectorsCheckRequirementsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`data_connectors_check_requirements` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @overload + def post( + self, + resource_group_name: str, + workspace_name: str, + data_connectors_check_requirements: _models.DataConnectorsCheckRequirements, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.DataConnectorRequirementsState: + """Get requirements state for a data connector type. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connectors_check_requirements: The parameters for requirements check message. + Required. + :type data_connectors_check_requirements: + ~azure.mgmt.securityinsight.models.DataConnectorsCheckRequirements + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnectorRequirementsState or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.DataConnectorRequirementsState + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def post( + self, + resource_group_name: str, + workspace_name: str, + data_connectors_check_requirements: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.DataConnectorRequirementsState: + """Get requirements state for a data connector type. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connectors_check_requirements: The parameters for requirements check message. + Required. + :type data_connectors_check_requirements: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnectorRequirementsState or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.DataConnectorRequirementsState + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def post( + self, + resource_group_name: str, + workspace_name: str, + data_connectors_check_requirements: Union[_models.DataConnectorsCheckRequirements, IO], + **kwargs: Any + ) -> _models.DataConnectorRequirementsState: + """Get requirements state for a data connector type. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connectors_check_requirements: The parameters for requirements check message. Is + either a model type or a IO type. Required. + :type data_connectors_check_requirements: + ~azure.mgmt.securityinsight.models.DataConnectorsCheckRequirements or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnectorRequirementsState or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.DataConnectorRequirementsState + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.DataConnectorRequirementsState] + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(data_connectors_check_requirements, (IO, bytes)): + _content = data_connectors_check_requirements + else: + _json = self._serialize.body(data_connectors_check_requirements, "DataConnectorsCheckRequirements") + + request = build_post_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.post.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("DataConnectorRequirementsState", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + post.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectorsCheckRequirements"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connectors_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connectors_operations.py index 3af8142a305d..aa632f71e6a3 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connectors_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_data_connectors_operations.py @@ -6,11 +6,16 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -from typing import Any, Callable, Dict, Iterable, Optional, TypeVar - -from msrest import Serializer - -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) from azure.core.paging import ItemPaged from azure.core.pipeline import PipelineResponse from azure.core.pipeline.transport import HttpResponse @@ -20,173 +25,224 @@ from azure.mgmt.core.exceptions import ARMErrorFormat from .. import models as _models +from .._serialization import Serializer from .._vendor import _convert_request, _format_url_section -T = TypeVar('T') + +T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] _SERIALIZER = Serializer() _SERIALIZER.client_side_validation = False + def build_list_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - **kwargs: Any + resource_group_name: str, workspace_name: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="GET", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) def build_get_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - data_connector_id: str, - **kwargs: Any + resource_group_name: str, workspace_name: str, data_connector_id: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "dataConnectorId": _SERIALIZER.url("data_connector_id", data_connector_id, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "dataConnectorId": _SERIALIZER.url("data_connector_id", data_connector_id, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="GET", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) def build_create_or_update_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - data_connector_id: str, - *, - json: Optional[_models.DataConnector] = None, - content: Any = None, - **kwargs: Any + resource_group_name: str, workspace_name: str, data_connector_id: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', None)) # type: Optional[str] - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "dataConnectorId": _SERIALIZER.url("data_connector_id", data_connector_id, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "dataConnectorId": _SERIALIZER.url("data_connector_id", data_connector_id, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers if content_type is not None: - _headers['Content-Type'] = _SERIALIZER.header("content_type", content_type, 'str') - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="PUT", - url=_url, - params=_params, - headers=_headers, - json=json, - content=content, - **kwargs - ) + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) def build_delete_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - data_connector_id: str, - **kwargs: Any + resource_group_name: str, workspace_name: str, data_connector_id: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "dataConnectorId": _SERIALIZER.url("data_connector_id", data_connector_id, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "dataConnectorId": _SERIALIZER.url("data_connector_id", data_connector_id, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_connect_request( + resource_group_name: str, workspace_name: str, data_connector_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}/connect", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "dataConnectorId": _SERIALIZER.url("data_connector_id", data_connector_id, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_disconnect_request( + resource_group_name: str, workspace_name: str, data_connector_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}/disconnect", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "dataConnectorId": _SERIALIZER.url("data_connector_id", data_connector_id, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, **kwargs) - return HttpRequest( - method="DELETE", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) class DataConnectorsOperations: """ @@ -207,44 +263,38 @@ def __init__(self, *args, **kwargs): self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - @distributed_trace - def list( - self, - resource_group_name: str, - workspace_name: str, - **kwargs: Any - ) -> Iterable[_models.DataConnectorList]: + def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> Iterable["_models.DataConnector"]: """Gets all data connectors. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either DataConnectorList or the result of cls(response) - :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.DataConnectorList] - :raises: ~azure.core.exceptions.HttpResponseError + :return: An iterator like instance of either DataConnector or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.DataConnector] + :raises ~azure.core.exceptions.HttpResponseError: """ _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.DataConnectorList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.DataConnectorList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) def prepare_request(next_link=None): if not next_link: - + request = build_list_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.list.metadata['url'], + template_url=self.list.metadata["url"], headers=_headers, params=_params, ) @@ -252,16 +302,11 @@ def prepare_request(next_link=None): request.url = self._client.format_url(request.url) # type: ignore else: - - request = build_list_request( - subscription_id=self._config.subscription_id, - resource_group_name=resource_group_name, - workspace_name=workspace_name, - api_version=api_version, - template_url=next_link, - headers=_headers, - params=_params, - ) + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) request = _convert_request(request) request.url = self._client.format_url(request.url) # type: ignore request.method = "GET" @@ -277,10 +322,8 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) - pipeline_response = self._client._pipeline.run( # pylint: disable=protected-access - request, - stream=False, - **kwargs + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs ) response = pipeline_response.http_response @@ -290,52 +333,44 @@ def get_next(next_link=None): return pipeline_response + return ItemPaged(get_next, extract_data) - return ItemPaged( - get_next, extract_data - ) - list.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors"} # type: ignore + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors"} # type: ignore @distributed_trace def get( - self, - resource_group_name: str, - workspace_name: str, - data_connector_id: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, data_connector_id: str, **kwargs: Any ) -> _models.DataConnector: """Gets a data connector. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param data_connector_id: Connector ID. + :param data_connector_id: Connector ID. Required. :type data_connector_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: DataConnector, or the result of cls(response) + :return: DataConnector or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.DataConnector - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.DataConnector] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.DataConnector] - request = build_get_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, data_connector_id=data_connector_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.get.metadata['url'], + template_url=self.get.metadata["url"], headers=_headers, params=_params, ) @@ -343,73 +378,142 @@ def get( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('DataConnector', pipeline_response) + deserialized = self._deserialize("DataConnector", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - get.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}"} # type: ignore - + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}"} # type: ignore - @distributed_trace + @overload def create_or_update( self, resource_group_name: str, workspace_name: str, data_connector_id: str, data_connector: _models.DataConnector, + *, + content_type: str = "application/json", **kwargs: Any ) -> _models.DataConnector: """Creates or updates the data connector. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param data_connector_id: Connector ID. + :param data_connector_id: Connector ID. Required. :type data_connector_id: str - :param data_connector: The data connector. + :param data_connector: The data connector. Required. :type data_connector: ~azure.mgmt.securityinsight.models.DataConnector + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: DataConnector, or the result of cls(response) + :return: DataConnector or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.DataConnector - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + data_connector_id: str, + data_connector: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.DataConnector: + """Creates or updates the data connector. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connector_id: Connector ID. Required. + :type data_connector_id: str + :param data_connector: The data connector. Required. + :type data_connector: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnector or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.DataConnector + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + data_connector_id: str, + data_connector: Union[_models.DataConnector, IO], + **kwargs: Any + ) -> _models.DataConnector: + """Creates or updates the data connector. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connector_id: Connector ID. Required. + :type data_connector_id: str + :param data_connector: The data connector. Is either a model type or a IO type. Required. + :type data_connector: ~azure.mgmt.securityinsight.models.DataConnector or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: DataConnector or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.DataConnector + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', "application/json")) # type: Optional[str] - cls = kwargs.pop('cls', None) # type: ClsType[_models.DataConnector] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.DataConnector] - _json = self._serialize.body(data_connector, 'DataConnector') + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(data_connector, (IO, bytes)): + _content = data_connector + else: + _json = self._serialize.body(data_connector, "DataConnector") request = build_create_or_update_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, data_connector_id=data_connector_id, + subscription_id=self._config.subscription_id, api_version=api_version, content_type=content_type, json=_json, - template_url=self.create_or_update.metadata['url'], + content=_content, + template_url=self.create_or_update.metadata["url"], headers=_headers, params=_params, ) @@ -417,10 +521,9 @@ def create_or_update( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 201]: @@ -428,59 +531,191 @@ def create_or_update( raise HttpResponseError(response=response, error_format=ARMErrorFormat) if response.status_code == 200: - deserialized = self._deserialize('DataConnector', pipeline_response) + deserialized = self._deserialize("DataConnector", pipeline_response) if response.status_code == 201: - deserialized = self._deserialize('DataConnector', pipeline_response) + deserialized = self._deserialize("DataConnector", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - create_or_update.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}"} # type: ignore - + create_or_update.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}"} # type: ignore @distributed_trace def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, data_connector_id: str, **kwargs: Any + ) -> None: + """Delete the data connector. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connector_id: Connector ID. Required. + :type data_connector_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + data_connector_id=data_connector_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}"} # type: ignore + + @overload + def connect( # pylint: disable=inconsistent-return-statements self, resource_group_name: str, workspace_name: str, data_connector_id: str, + connect_body: _models.DataConnectorConnectBody, + *, + content_type: str = "application/json", **kwargs: Any ) -> None: - """Delete the data connector. + """Connects a data connector. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param data_connector_id: Connector ID. + :param data_connector_id: Connector ID. Required. :type data_connector_id: str + :param connect_body: The data connector. Required. + :type connect_body: ~azure.mgmt.securityinsight.models.DataConnectorConnectBody + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: None, or the result of cls(response) + :return: None or the result of cls(response) :rtype: None - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) - _headers = kwargs.pop("headers", {}) or {} + @overload + def connect( # pylint: disable=inconsistent-return-statements + self, + resource_group_name: str, + workspace_name: str, + data_connector_id: str, + connect_body: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> None: + """Connects a data connector. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connector_id: Connector ID. Required. + :type data_connector_id: str + :param connect_body: The data connector. Required. + :type connect_body: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def connect( # pylint: disable=inconsistent-return-statements + self, + resource_group_name: str, + workspace_name: str, + data_connector_id: str, + connect_body: Union[_models.DataConnectorConnectBody, IO], + **kwargs: Any + ) -> None: + """Connects a data connector. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connector_id: Connector ID. Required. + :type data_connector_id: str + :param connect_body: The data connector. Is either a model type or a IO type. Required. + :type connect_body: ~azure.mgmt.securityinsight.models.DataConnectorConnectBody or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[None] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[None] - - request = build_delete_request( - subscription_id=self._config.subscription_id, + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(connect_body, (IO, bytes)): + _content = connect_body + else: + _json = self._serialize.body(connect_body, "DataConnectorConnectBody") + + request = build_connect_request( resource_group_name=resource_group_name, workspace_name=workspace_name, data_connector_id=data_connector_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.delete.metadata['url'], + content_type=content_type, + json=_json, + content=_content, + template_url=self.connect.metadata["url"], headers=_headers, params=_params, ) @@ -488,18 +723,71 @@ def delete( # pylint: disable=inconsistent-return-statements request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response - if response.status_code not in [200, 204]: + if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) if cls: return cls(pipeline_response, None, {}) - delete.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}"} # type: ignore + connect.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}/connect"} # type: ignore + + @distributed_trace + def disconnect( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, data_connector_id: str, **kwargs: Any + ) -> None: + """Disconnect a data connector. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param data_connector_id: Connector ID. Required. + :type data_connector_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] + + request = build_disconnect_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + data_connector_id=data_connector_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.disconnect.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + disconnect.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}/disconnect"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_domain_whois_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_domain_whois_operations.py new file mode 100644 index 000000000000..bee8c756c36d --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_domain_whois_operations.py @@ -0,0 +1,138 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Optional, TypeVar + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request, _format_url_section + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_get_request(resource_group_name: str, subscription_id: str, *, domain: str, **kwargs: Any) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/domain/whois/", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + _params["domain"] = _SERIALIZER.query("domain", domain, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +class DomainWhoisOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`domain_whois` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def get(self, resource_group_name: str, domain: str, **kwargs: Any) -> _models.EnrichmentDomainWhois: + """Get whois information for a single domain name. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param domain: Domain name to be enriched. Required. + :type domain: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: EnrichmentDomainWhois or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.EnrichmentDomainWhois + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.EnrichmentDomainWhois] + + request = build_get_request( + resource_group_name=resource_group_name, + subscription_id=self._config.subscription_id, + domain=domain, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("EnrichmentDomainWhois", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/domain/whois/"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_get_timeline_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_get_timeline_operations.py new file mode 100644 index 000000000000..a982969e32de --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_get_timeline_operations.py @@ -0,0 +1,236 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request, _format_url_section + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, workspace_name: str, entity_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getTimeline", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "entityId": _SERIALIZER.url("entity_id", entity_id, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, **kwargs) + + +class EntitiesGetTimelineOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`entities_get_timeline` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @overload + def list( + self, + resource_group_name: str, + workspace_name: str, + entity_id: str, + parameters: _models.EntityTimelineParameters, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.EntityTimelineResponse: + """Timeline for an entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_id: entity ID. Required. + :type entity_id: str + :param parameters: The parameters required to execute an timeline operation on the given + entity. Required. + :type parameters: ~azure.mgmt.securityinsight.models.EntityTimelineParameters + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: EntityTimelineResponse or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.EntityTimelineResponse + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def list( + self, + resource_group_name: str, + workspace_name: str, + entity_id: str, + parameters: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.EntityTimelineResponse: + """Timeline for an entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_id: entity ID. Required. + :type entity_id: str + :param parameters: The parameters required to execute an timeline operation on the given + entity. Required. + :type parameters: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: EntityTimelineResponse or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.EntityTimelineResponse + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + entity_id: str, + parameters: Union[_models.EntityTimelineParameters, IO], + **kwargs: Any + ) -> _models.EntityTimelineResponse: + """Timeline for an entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_id: entity ID. Required. + :type entity_id: str + :param parameters: The parameters required to execute an timeline operation on the given + entity. Is either a model type or a IO type. Required. + :type parameters: ~azure.mgmt.securityinsight.models.EntityTimelineParameters or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: EntityTimelineResponse or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.EntityTimelineResponse + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.EntityTimelineResponse] + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(parameters, (IO, bytes)): + _content = parameters + else: + _json = self._serialize.body(parameters, "EntityTimelineParameters") + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + entity_id=entity_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("EntityTimelineResponse", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getTimeline"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_operations.py new file mode 100644 index 000000000000..e09e379254a2 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_operations.py @@ -0,0 +1,725 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request, _format_url_section + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, workspace_name: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_request( + resource_group_name: str, workspace_name: str, entity_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "entityId": _SERIALIZER.url("entity_id", entity_id, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_expand_request( + resource_group_name: str, workspace_name: str, entity_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/expand", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "entityId": _SERIALIZER.url("entity_id", entity_id, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_queries_request( + resource_group_name: str, + workspace_name: str, + entity_id: str, + subscription_id: str, + *, + kind: Union[str, "_models.EntityItemQueryKind"], + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/queries", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "entityId": _SERIALIZER.url("entity_id", entity_id, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + _params["kind"] = _SERIALIZER.query("kind", kind, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_insights_request( + resource_group_name: str, workspace_name: str, entity_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getInsights", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "entityId": _SERIALIZER.url("entity_id", entity_id, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, **kwargs) + + +class EntitiesOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`entities` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> Iterable["_models.Entity"]: + """Gets all entities. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either Entity or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.Entity] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.EntityList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + else: + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("EntityList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities"} # type: ignore + + @distributed_trace + def get(self, resource_group_name: str, workspace_name: str, entity_id: str, **kwargs: Any) -> _models.Entity: + """Gets an entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_id: entity ID. Required. + :type entity_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Entity or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Entity + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.Entity] + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + entity_id=entity_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("Entity", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}"} # type: ignore + + @overload + def expand( + self, + resource_group_name: str, + workspace_name: str, + entity_id: str, + parameters: _models.EntityExpandParameters, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.EntityExpandResponse: + """Expands an entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_id: entity ID. Required. + :type entity_id: str + :param parameters: The parameters required to execute an expand operation on the given entity. + Required. + :type parameters: ~azure.mgmt.securityinsight.models.EntityExpandParameters + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: EntityExpandResponse or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.EntityExpandResponse + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def expand( + self, + resource_group_name: str, + workspace_name: str, + entity_id: str, + parameters: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.EntityExpandResponse: + """Expands an entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_id: entity ID. Required. + :type entity_id: str + :param parameters: The parameters required to execute an expand operation on the given entity. + Required. + :type parameters: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: EntityExpandResponse or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.EntityExpandResponse + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def expand( + self, + resource_group_name: str, + workspace_name: str, + entity_id: str, + parameters: Union[_models.EntityExpandParameters, IO], + **kwargs: Any + ) -> _models.EntityExpandResponse: + """Expands an entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_id: entity ID. Required. + :type entity_id: str + :param parameters: The parameters required to execute an expand operation on the given entity. + Is either a model type or a IO type. Required. + :type parameters: ~azure.mgmt.securityinsight.models.EntityExpandParameters or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: EntityExpandResponse or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.EntityExpandResponse + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.EntityExpandResponse] + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(parameters, (IO, bytes)): + _content = parameters + else: + _json = self._serialize.body(parameters, "EntityExpandParameters") + + request = build_expand_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + entity_id=entity_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.expand.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("EntityExpandResponse", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + expand.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/expand"} # type: ignore + + @distributed_trace + def queries( + self, + resource_group_name: str, + workspace_name: str, + entity_id: str, + kind: Union[str, "_models.EntityItemQueryKind"], + **kwargs: Any + ) -> _models.GetQueriesResponse: + """Get Insights and Activities for an entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_id: entity ID. Required. + :type entity_id: str + :param kind: The Kind parameter for queries. "Insight" Required. + :type kind: str or ~azure.mgmt.securityinsight.models.EntityItemQueryKind + :keyword callable cls: A custom type or function that will be passed the direct response + :return: GetQueriesResponse or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.GetQueriesResponse + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.GetQueriesResponse] + + request = build_queries_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + entity_id=entity_id, + subscription_id=self._config.subscription_id, + kind=kind, + api_version=api_version, + template_url=self.queries.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("GetQueriesResponse", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + queries.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/queries"} # type: ignore + + @overload + def get_insights( + self, + resource_group_name: str, + workspace_name: str, + entity_id: str, + parameters: _models.EntityGetInsightsParameters, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.EntityGetInsightsResponse: + """Execute Insights for an entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_id: entity ID. Required. + :type entity_id: str + :param parameters: The parameters required to execute insights on the given entity. Required. + :type parameters: ~azure.mgmt.securityinsight.models.EntityGetInsightsParameters + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: EntityGetInsightsResponse or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.EntityGetInsightsResponse + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def get_insights( + self, + resource_group_name: str, + workspace_name: str, + entity_id: str, + parameters: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.EntityGetInsightsResponse: + """Execute Insights for an entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_id: entity ID. Required. + :type entity_id: str + :param parameters: The parameters required to execute insights on the given entity. Required. + :type parameters: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: EntityGetInsightsResponse or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.EntityGetInsightsResponse + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def get_insights( + self, + resource_group_name: str, + workspace_name: str, + entity_id: str, + parameters: Union[_models.EntityGetInsightsParameters, IO], + **kwargs: Any + ) -> _models.EntityGetInsightsResponse: + """Execute Insights for an entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_id: entity ID. Required. + :type entity_id: str + :param parameters: The parameters required to execute insights on the given entity. Is either a + model type or a IO type. Required. + :type parameters: ~azure.mgmt.securityinsight.models.EntityGetInsightsParameters or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: EntityGetInsightsResponse or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.EntityGetInsightsResponse + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.EntityGetInsightsResponse] + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(parameters, (IO, bytes)): + _content = parameters + else: + _json = self._serialize.body(parameters, "EntityGetInsightsParameters") + + request = build_get_insights_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + entity_id=entity_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.get_insights.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("EntityGetInsightsResponse", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get_insights.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/getInsights"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_relations_operations.py new file mode 100644 index 000000000000..e40bb76b622c --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entities_relations_operations.py @@ -0,0 +1,209 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Iterable, Optional, TypeVar +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request, _format_url_section + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, + workspace_name: str, + entity_id: str, + subscription_id: str, + *, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "entityId": _SERIALIZER.url("entity_id", entity_id, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + if filter is not None: + _params["$filter"] = _SERIALIZER.query("filter", filter, "str") + if orderby is not None: + _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") + if top is not None: + _params["$top"] = _SERIALIZER.query("top", top, "int") + if skip_token is not None: + _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +class EntitiesRelationsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`entities_relations` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + entity_id: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> Iterable["_models.Relation"]: + """Gets all relations of an entity. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_id: entity ID. Required. + :type entity_id: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either Relation or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.Relation] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.RelationList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + entity_id=entity_id, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + else: + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("RelationList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_queries_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_queries_operations.py new file mode 100644 index 000000000000..29b5be5d1bf3 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_queries_operations.py @@ -0,0 +1,546 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request, _format_url_section + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, + workspace_name: str, + subscription_id: str, + *, + kind: Optional[Union[str, "_models.Enum13"]] = None, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + if kind is not None: + _params["kind"] = _SERIALIZER.query("kind", kind, "str") + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_request( + resource_group_name: str, workspace_name: str, entity_query_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "entityQueryId": _SERIALIZER.url("entity_query_id", entity_query_id, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_create_or_update_request( + resource_group_name: str, workspace_name: str, entity_query_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "entityQueryId": _SERIALIZER.url("entity_query_id", entity_query_id, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_delete_request( + resource_group_name: str, workspace_name: str, entity_query_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "entityQueryId": _SERIALIZER.url("entity_query_id", entity_query_id, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) + + +class EntityQueriesOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`entity_queries` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + kind: Optional[Union[str, "_models.Enum13"]] = None, + **kwargs: Any + ) -> Iterable["_models.EntityQuery"]: + """Gets all entity queries. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param kind: The entity query kind we want to fetch. Known values are: "Expansion" and + "Activity". Default value is None. + :type kind: str or ~azure.mgmt.securityinsight.models.Enum13 + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either EntityQuery or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.EntityQuery] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.EntityQueryList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + kind=kind, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + else: + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("EntityQueryList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries"} # type: ignore + + @distributed_trace + def get( + self, resource_group_name: str, workspace_name: str, entity_query_id: str, **kwargs: Any + ) -> _models.EntityQuery: + """Gets an entity query. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_query_id: entity query ID. Required. + :type entity_query_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: EntityQuery or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.EntityQuery + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.EntityQuery] + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + entity_query_id=entity_query_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("EntityQuery", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}"} # type: ignore + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + entity_query_id: str, + entity_query: _models.CustomEntityQuery, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.EntityQuery: + """Creates or updates the entity query. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_query_id: entity query ID. Required. + :type entity_query_id: str + :param entity_query: The entity query we want to create or update. Required. + :type entity_query: ~azure.mgmt.securityinsight.models.CustomEntityQuery + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: EntityQuery or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.EntityQuery + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + entity_query_id: str, + entity_query: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.EntityQuery: + """Creates or updates the entity query. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_query_id: entity query ID. Required. + :type entity_query_id: str + :param entity_query: The entity query we want to create or update. Required. + :type entity_query: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: EntityQuery or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.EntityQuery + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + entity_query_id: str, + entity_query: Union[_models.CustomEntityQuery, IO], + **kwargs: Any + ) -> _models.EntityQuery: + """Creates or updates the entity query. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_query_id: entity query ID. Required. + :type entity_query_id: str + :param entity_query: The entity query we want to create or update. Is either a model type or a + IO type. Required. + :type entity_query: ~azure.mgmt.securityinsight.models.CustomEntityQuery or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: EntityQuery or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.EntityQuery + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.EntityQuery] + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(entity_query, (IO, bytes)): + _content = entity_query + else: + _json = self._serialize.body(entity_query, "CustomEntityQuery") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + entity_query_id=entity_query_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("EntityQuery", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("EntityQuery", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + create_or_update.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}"} # type: ignore + + @distributed_trace + def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, entity_query_id: str, **kwargs: Any + ) -> None: + """Delete the entity query. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_query_id: entity query ID. Required. + :type entity_query_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + entity_query_id=entity_query_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueries/{entityQueryId}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_query_templates_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_query_templates_operations.py new file mode 100644 index 000000000000..6dd68d1bf03d --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_query_templates_operations.py @@ -0,0 +1,271 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Iterable, Optional, TypeVar, Union +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request, _format_url_section + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, + workspace_name: str, + subscription_id: str, + *, + kind: Optional[Union[str, "_models.Enum15"]] = None, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueryTemplates", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + if kind is not None: + _params["kind"] = _SERIALIZER.query("kind", kind, "str") + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_request( + resource_group_name: str, workspace_name: str, entity_query_template_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueryTemplates/{entityQueryTemplateId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "entityQueryTemplateId": _SERIALIZER.url("entity_query_template_id", entity_query_template_id, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +class EntityQueryTemplatesOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`entity_query_templates` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + kind: Optional[Union[str, "_models.Enum15"]] = None, + **kwargs: Any + ) -> Iterable["_models.EntityQueryTemplate"]: + """Gets all entity query templates. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param kind: The entity template query kind we want to fetch. "Activity" Default value is None. + :type kind: str or ~azure.mgmt.securityinsight.models.Enum15 + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either EntityQueryTemplate or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.EntityQueryTemplate] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.EntityQueryTemplateList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + kind=kind, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + else: + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("EntityQueryTemplateList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueryTemplates"} # type: ignore + + @distributed_trace + def get( + self, resource_group_name: str, workspace_name: str, entity_query_template_id: str, **kwargs: Any + ) -> _models.EntityQueryTemplate: + """Gets an entity query. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_query_template_id: entity query template ID. Required. + :type entity_query_template_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: EntityQueryTemplate or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.EntityQueryTemplate + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.EntityQueryTemplate] + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + entity_query_template_id=entity_query_template_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("EntityQueryTemplate", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entityQueryTemplates/{entityQueryTemplateId}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_relations_operations.py new file mode 100644 index 000000000000..d7376cf8d8fd --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_entity_relations_operations.py @@ -0,0 +1,155 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Optional, TypeVar + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request, _format_url_section + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_get_relation_request( + resource_group_name: str, + workspace_name: str, + entity_id: str, + relation_name: str, + subscription_id: str, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations/{relationName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "entityId": _SERIALIZER.url("entity_id", entity_id, "str"), + "relationName": _SERIALIZER.url("relation_name", relation_name, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +class EntityRelationsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`entity_relations` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def get_relation( + self, resource_group_name: str, workspace_name: str, entity_id: str, relation_name: str, **kwargs: Any + ) -> _models.Relation: + """Gets an entity relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param entity_id: entity ID. Required. + :type entity_id: str + :param relation_name: Relation Name. Required. + :type relation_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Relation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Relation + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.Relation] + + request = build_get_relation_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + entity_id=entity_id, + relation_name=relation_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get_relation.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("Relation", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get_relation.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/entities/{entityId}/relations/{relationName}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_file_imports_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_file_imports_operations.py new file mode 100644 index 000000000000..d4871841673f --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_file_imports_operations.py @@ -0,0 +1,629 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, cast, overload +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.polling import LROPoller, NoPolling, PollingMethod +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat +from azure.mgmt.core.polling.arm_polling import ARMPolling + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request, _format_url_section + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, + workspace_name: str, + subscription_id: str, + *, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + if filter is not None: + _params["$filter"] = _SERIALIZER.query("filter", filter, "str") + if orderby is not None: + _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") + if top is not None: + _params["$top"] = _SERIALIZER.query("top", top, "int") + if skip_token is not None: + _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_request( + resource_group_name: str, workspace_name: str, file_import_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports/{fileImportId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "fileImportId": _SERIALIZER.url("file_import_id", file_import_id, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_create_request( + resource_group_name: str, workspace_name: str, file_import_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports/{fileImportId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "fileImportId": _SERIALIZER.url("file_import_id", file_import_id, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_delete_request( + resource_group_name: str, workspace_name: str, file_import_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports/{fileImportId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "fileImportId": _SERIALIZER.url("file_import_id", file_import_id, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) + + +class FileImportsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`file_imports` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip_token: Optional[str] = None, + **kwargs: Any + ) -> Iterable["_models.FileImport"]: + """Gets all file imports. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If + a previous response contains a nextLink element, the value of the nextLink element will include + a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. + Default value is None. + :type skip_token: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either FileImport or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.FileImport] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.FileImportList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + top=top, + skip_token=skip_token, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + else: + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("FileImportList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports"} # type: ignore + + @distributed_trace + def get( + self, resource_group_name: str, workspace_name: str, file_import_id: str, **kwargs: Any + ) -> _models.FileImport: + """Gets a file import. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param file_import_id: File import ID. Required. + :type file_import_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: FileImport or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.FileImport + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.FileImport] + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + file_import_id=file_import_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("FileImport", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports/{fileImportId}"} # type: ignore + + @overload + def create( + self, + resource_group_name: str, + workspace_name: str, + file_import_id: str, + file_import: _models.FileImport, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.FileImport: + """Creates the file import. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param file_import_id: File import ID. Required. + :type file_import_id: str + :param file_import: The file import. Required. + :type file_import: ~azure.mgmt.securityinsight.models.FileImport + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: FileImport or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.FileImport + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def create( + self, + resource_group_name: str, + workspace_name: str, + file_import_id: str, + file_import: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.FileImport: + """Creates the file import. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param file_import_id: File import ID. Required. + :type file_import_id: str + :param file_import: The file import. Required. + :type file_import: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: FileImport or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.FileImport + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def create( + self, + resource_group_name: str, + workspace_name: str, + file_import_id: str, + file_import: Union[_models.FileImport, IO], + **kwargs: Any + ) -> _models.FileImport: + """Creates the file import. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param file_import_id: File import ID. Required. + :type file_import_id: str + :param file_import: The file import. Is either a model type or a IO type. Required. + :type file_import: ~azure.mgmt.securityinsight.models.FileImport or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: FileImport or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.FileImport + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.FileImport] + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(file_import, (IO, bytes)): + _content = file_import + else: + _json = self._serialize.body(file_import, "FileImport") + + request = build_create_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + file_import_id=file_import_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("FileImport", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + create.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports/{fileImportId}"} # type: ignore + + def _delete_initial( + self, resource_group_name: str, workspace_name: str, file_import_id: str, **kwargs: Any + ) -> Optional[_models.FileImport]: + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[Optional[_models.FileImport]] + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + file_import_id=file_import_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self._delete_initial.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [202, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = None + if response.status_code == 202: + deserialized = self._deserialize("FileImport", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + _delete_initial.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports/{fileImportId}"} # type: ignore + + @distributed_trace + def begin_delete( + self, resource_group_name: str, workspace_name: str, file_import_id: str, **kwargs: Any + ) -> LROPoller[_models.FileImport]: + """Delete the file import. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param file_import_id: File import ID. Required. + :type file_import_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :keyword str continuation_token: A continuation token to restart a poller from a saved state. + :keyword polling: By default, your polling method will be ARMPolling. Pass in False for this + operation to not poll, or pass in your own initialized polling object for a personal polling + strategy. + :paramtype polling: bool or ~azure.core.polling.PollingMethod + :keyword int polling_interval: Default waiting time between two polls for LRO operations if no + Retry-After header is present. + :return: An instance of LROPoller that returns either FileImport or the result of cls(response) + :rtype: ~azure.core.polling.LROPoller[~azure.mgmt.securityinsight.models.FileImport] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.FileImport] + polling = kwargs.pop("polling", True) # type: Union[bool, PollingMethod] + lro_delay = kwargs.pop("polling_interval", self._config.polling_interval) + cont_token = kwargs.pop("continuation_token", None) # type: Optional[str] + if cont_token is None: + raw_result = self._delete_initial( # type: ignore + resource_group_name=resource_group_name, + workspace_name=workspace_name, + file_import_id=file_import_id, + api_version=api_version, + cls=lambda x, y, z: x, + headers=_headers, + params=_params, + **kwargs + ) + kwargs.pop("error_map", None) + + def get_long_running_output(pipeline_response): + deserialized = self._deserialize("FileImport", pipeline_response) + if cls: + return cls(pipeline_response, deserialized, {}) + return deserialized + + if polling is True: + polling_method = cast( + PollingMethod, ARMPolling(lro_delay, lro_options={"final-state-via": "location"}, **kwargs) + ) # type: PollingMethod + elif polling is False: + polling_method = cast(PollingMethod, NoPolling()) + else: + polling_method = polling + if cont_token: + return LROPoller.from_continuation_token( + polling_method=polling_method, + continuation_token=cont_token, + client=self._client, + deserialization_callback=get_long_running_output, + ) + return LROPoller(self._client, raw_result, get_long_running_output, polling_method) + + begin_delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/fileImports/{fileImportId}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_comments_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_comments_operations.py index 7569cf3ed85d..82072e9c9c46 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_comments_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_comments_operations.py @@ -6,11 +6,16 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -from typing import Any, Callable, Dict, Iterable, Optional, TypeVar - -from msrest import Serializer - -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) from azure.core.paging import ItemPaged from azure.core.pipeline import PipelineResponse from azure.core.pipeline.transport import HttpResponse @@ -20,18 +25,21 @@ from azure.mgmt.core.exceptions import ARMErrorFormat from .. import models as _models +from .._serialization import Serializer from .._vendor import _convert_request, _format_url_section -T = TypeVar('T') + +T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] _SERIALIZER = Serializer() _SERIALIZER.client_side_validation = False + def build_list_request( - subscription_id: str, resource_group_name: str, workspace_name: str, incident_id: str, + subscription_id: str, *, filter: Optional[str] = None, orderby: Optional[str] = None, @@ -42,172 +50,164 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "incidentId": _SERIALIZER.url("incident_id", incident_id, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") if filter is not None: - _params['$filter'] = _SERIALIZER.query("filter", filter, 'str') + _params["$filter"] = _SERIALIZER.query("filter", filter, "str") if orderby is not None: - _params['$orderby'] = _SERIALIZER.query("orderby", orderby, 'str') + _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") if top is not None: - _params['$top'] = _SERIALIZER.query("top", top, 'int') + _params["$top"] = _SERIALIZER.query("top", top, "int") if skip_token is not None: - _params['$skipToken'] = _SERIALIZER.query("skip_token", skip_token, 'str') + _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="GET", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) def build_get_request( - subscription_id: str, resource_group_name: str, workspace_name: str, incident_id: str, incident_comment_id: str, + subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "incidentId": _SERIALIZER.url("incident_id", incident_id, 'str'), - "incidentCommentId": _SERIALIZER.url("incident_comment_id", incident_comment_id, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), + "incidentCommentId": _SERIALIZER.url("incident_comment_id", incident_comment_id, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="GET", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) def build_create_or_update_request( - subscription_id: str, resource_group_name: str, workspace_name: str, incident_id: str, incident_comment_id: str, - *, - json: Optional[_models.IncidentComment] = None, - content: Any = None, + subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', None)) # type: Optional[str] - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "incidentId": _SERIALIZER.url("incident_id", incident_id, 'str'), - "incidentCommentId": _SERIALIZER.url("incident_comment_id", incident_comment_id, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), + "incidentCommentId": _SERIALIZER.url("incident_comment_id", incident_comment_id, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers if content_type is not None: - _headers['Content-Type'] = _SERIALIZER.header("content_type", content_type, 'str') - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="PUT", - url=_url, - params=_params, - headers=_headers, - json=json, - content=content, - **kwargs - ) + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) def build_delete_request( - subscription_id: str, resource_group_name: str, workspace_name: str, incident_id: str, incident_comment_id: str, + subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "incidentId": _SERIALIZER.url("incident_id", incident_id, 'str'), - "incidentCommentId": _SERIALIZER.url("incident_comment_id", incident_comment_id, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), + "incidentCommentId": _SERIALIZER.url("incident_comment_id", incident_comment_id, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) - return HttpRequest( - method="DELETE", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) class IncidentCommentsOperations: """ @@ -228,7 +228,6 @@ def __init__(self, *args, **kwargs): self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - @distributed_trace def list( self, @@ -240,14 +239,15 @@ def list( top: Optional[int] = None, skip_token: Optional[str] = None, **kwargs: Any - ) -> Iterable[_models.IncidentCommentList]: - """Gets all comments for a given incident. + ) -> Iterable["_models.IncidentComment"]: + """Gets all incident comments. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param incident_id: Incident ID. + :param incident_id: Incident ID. Required. :type incident_id: str :param filter: Filters the results, based on a Boolean condition. Optional. Default value is None. @@ -262,34 +262,33 @@ def list( Default value is None. :type skip_token: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either IncidentCommentList or the result of cls(response) - :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.IncidentCommentList] - :raises: ~azure.core.exceptions.HttpResponseError + :return: An iterator like instance of either IncidentComment or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.IncidentComment] + :raises ~azure.core.exceptions.HttpResponseError: """ _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.IncidentCommentList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.IncidentCommentList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) def prepare_request(next_link=None): if not next_link: - + request = build_list_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, incident_id=incident_id, - api_version=api_version, + subscription_id=self._config.subscription_id, filter=filter, orderby=orderby, top=top, skip_token=skip_token, - template_url=self.list.metadata['url'], + api_version=api_version, + template_url=self.list.metadata["url"], headers=_headers, params=_params, ) @@ -297,21 +296,11 @@ def prepare_request(next_link=None): request.url = self._client.format_url(request.url) # type: ignore else: - - request = build_list_request( - subscription_id=self._config.subscription_id, - resource_group_name=resource_group_name, - workspace_name=workspace_name, - incident_id=incident_id, - api_version=api_version, - filter=filter, - orderby=orderby, - top=top, - skip_token=skip_token, - template_url=next_link, - headers=_headers, - params=_params, - ) + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) request = _convert_request(request) request.url = self._client.format_url(request.url) # type: ignore request.method = "GET" @@ -327,10 +316,8 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) - pipeline_response = self._client._pipeline.run( # pylint: disable=protected-access - request, - stream=False, - **kwargs + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs ) response = pipeline_response.http_response @@ -340,56 +327,47 @@ def get_next(next_link=None): return pipeline_response + return ItemPaged(get_next, extract_data) - return ItemPaged( - get_next, extract_data - ) - list.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments"} # type: ignore + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments"} # type: ignore @distributed_trace def get( - self, - resource_group_name: str, - workspace_name: str, - incident_id: str, - incident_comment_id: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, incident_id: str, incident_comment_id: str, **kwargs: Any ) -> _models.IncidentComment: - """Gets a comment for a given incident. + """Gets an incident comment. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param incident_id: Incident ID. + :param incident_id: Incident ID. Required. :type incident_id: str - :param incident_comment_id: Incident comment ID. + :param incident_comment_id: Incident comment ID. Required. :type incident_comment_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: IncidentComment, or the result of cls(response) + :return: IncidentComment or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.IncidentComment - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.IncidentComment] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.IncidentComment] - request = build_get_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, incident_id=incident_id, incident_comment_id=incident_comment_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.get.metadata['url'], + template_url=self.get.metadata["url"], headers=_headers, params=_params, ) @@ -397,27 +375,25 @@ def get( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('IncidentComment', pipeline_response) + deserialized = self._deserialize("IncidentComment", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - get.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}"} # type: ignore - + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}"} # type: ignore - @distributed_trace + @overload def create_or_update( self, resource_group_name: str, @@ -425,49 +401,126 @@ def create_or_update( incident_id: str, incident_comment_id: str, incident_comment: _models.IncidentComment, + *, + content_type: str = "application/json", **kwargs: Any ) -> _models.IncidentComment: - """Creates or updates a comment for a given incident. + """Creates or updates the incident comment. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param incident_id: Incident ID. + :param incident_id: Incident ID. Required. :type incident_id: str - :param incident_comment_id: Incident comment ID. + :param incident_comment_id: Incident comment ID. Required. :type incident_comment_id: str - :param incident_comment: The incident comment. + :param incident_comment: The incident comment. Required. :type incident_comment: ~azure.mgmt.securityinsight.models.IncidentComment + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: IncidentComment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.IncidentComment + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + incident_id: str, + incident_comment_id: str, + incident_comment: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.IncidentComment: + """Creates or updates the incident comment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param incident_id: Incident ID. Required. + :type incident_id: str + :param incident_comment_id: Incident comment ID. Required. + :type incident_comment_id: str + :param incident_comment: The incident comment. Required. + :type incident_comment: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: IncidentComment, or the result of cls(response) + :return: IncidentComment or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.IncidentComment - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + + @distributed_trace + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + incident_id: str, + incident_comment_id: str, + incident_comment: Union[_models.IncidentComment, IO], + **kwargs: Any + ) -> _models.IncidentComment: + """Creates or updates the incident comment. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param incident_id: Incident ID. Required. + :type incident_id: str + :param incident_comment_id: Incident comment ID. Required. + :type incident_comment_id: str + :param incident_comment: The incident comment. Is either a model type or a IO type. Required. + :type incident_comment: ~azure.mgmt.securityinsight.models.IncidentComment or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: IncidentComment or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.IncidentComment + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', "application/json")) # type: Optional[str] - cls = kwargs.pop('cls', None) # type: ClsType[_models.IncidentComment] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.IncidentComment] - _json = self._serialize.body(incident_comment, 'IncidentComment') + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(incident_comment, (IO, bytes)): + _content = incident_comment + else: + _json = self._serialize.body(incident_comment, "IncidentComment") request = build_create_or_update_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, incident_id=incident_id, incident_comment_id=incident_comment_id, + subscription_id=self._config.subscription_id, api_version=api_version, content_type=content_type, json=_json, - template_url=self.create_or_update.metadata['url'], + content=_content, + template_url=self.create_or_update.metadata["url"], headers=_headers, params=_params, ) @@ -475,10 +528,9 @@ def create_or_update( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 201]: @@ -486,63 +538,55 @@ def create_or_update( raise HttpResponseError(response=response, error_format=ARMErrorFormat) if response.status_code == 200: - deserialized = self._deserialize('IncidentComment', pipeline_response) + deserialized = self._deserialize("IncidentComment", pipeline_response) if response.status_code == 201: - deserialized = self._deserialize('IncidentComment', pipeline_response) + deserialized = self._deserialize("IncidentComment", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - create_or_update.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}"} # type: ignore - + create_or_update.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}"} # type: ignore @distributed_trace def delete( # pylint: disable=inconsistent-return-statements - self, - resource_group_name: str, - workspace_name: str, - incident_id: str, - incident_comment_id: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, incident_id: str, incident_comment_id: str, **kwargs: Any ) -> None: - """Deletes a comment for a given incident. + """Delete the incident comment. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param incident_id: Incident ID. + :param incident_id: Incident ID. Required. :type incident_id: str - :param incident_comment_id: Incident comment ID. + :param incident_comment_id: Incident comment ID. Required. :type incident_comment_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: None, or the result of cls(response) + :return: None or the result of cls(response) :rtype: None - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[None] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] - request = build_delete_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, incident_id=incident_id, incident_comment_id=incident_comment_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.delete.metadata['url'], + template_url=self.delete.metadata["url"], headers=_headers, params=_params, ) @@ -550,10 +594,9 @@ def delete( # pylint: disable=inconsistent-return-statements request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 204]: @@ -563,5 +606,4 @@ def delete( # pylint: disable=inconsistent-return-statements if cls: return cls(pipeline_response, None, {}) - delete.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}"} # type: ignore - + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/comments/{incidentCommentId}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_relations_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_relations_operations.py index 09a7ca844b22..9832de403be5 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_relations_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incident_relations_operations.py @@ -6,11 +6,16 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -from typing import Any, Callable, Dict, Iterable, Optional, TypeVar - -from msrest import Serializer - -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) from azure.core.paging import ItemPaged from azure.core.pipeline import PipelineResponse from azure.core.pipeline.transport import HttpResponse @@ -20,18 +25,21 @@ from azure.mgmt.core.exceptions import ARMErrorFormat from .. import models as _models +from .._serialization import Serializer from .._vendor import _convert_request, _format_url_section -T = TypeVar('T') + +T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] _SERIALIZER = Serializer() _SERIALIZER.client_side_validation = False + def build_list_request( - subscription_id: str, resource_group_name: str, workspace_name: str, incident_id: str, + subscription_id: str, *, filter: Optional[str] = None, orderby: Optional[str] = None, @@ -42,172 +50,164 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "incidentId": _SERIALIZER.url("incident_id", incident_id, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") if filter is not None: - _params['$filter'] = _SERIALIZER.query("filter", filter, 'str') + _params["$filter"] = _SERIALIZER.query("filter", filter, "str") if orderby is not None: - _params['$orderby'] = _SERIALIZER.query("orderby", orderby, 'str') + _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") if top is not None: - _params['$top'] = _SERIALIZER.query("top", top, 'int') + _params["$top"] = _SERIALIZER.query("top", top, "int") if skip_token is not None: - _params['$skipToken'] = _SERIALIZER.query("skip_token", skip_token, 'str') + _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="GET", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) def build_get_request( - subscription_id: str, resource_group_name: str, workspace_name: str, incident_id: str, relation_name: str, + subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "incidentId": _SERIALIZER.url("incident_id", incident_id, 'str'), - "relationName": _SERIALIZER.url("relation_name", relation_name, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), + "relationName": _SERIALIZER.url("relation_name", relation_name, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="GET", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) def build_create_or_update_request( - subscription_id: str, resource_group_name: str, workspace_name: str, incident_id: str, relation_name: str, - *, - json: Optional[_models.Relation] = None, - content: Any = None, + subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', None)) # type: Optional[str] - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "incidentId": _SERIALIZER.url("incident_id", incident_id, 'str'), - "relationName": _SERIALIZER.url("relation_name", relation_name, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), + "relationName": _SERIALIZER.url("relation_name", relation_name, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers if content_type is not None: - _headers['Content-Type'] = _SERIALIZER.header("content_type", content_type, 'str') - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="PUT", - url=_url, - params=_params, - headers=_headers, - json=json, - content=content, - **kwargs - ) + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) def build_delete_request( - subscription_id: str, resource_group_name: str, workspace_name: str, incident_id: str, relation_name: str, + subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "incidentId": _SERIALIZER.url("incident_id", incident_id, 'str'), - "relationName": _SERIALIZER.url("relation_name", relation_name, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), + "relationName": _SERIALIZER.url("relation_name", relation_name, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) - return HttpRequest( - method="DELETE", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) class IncidentRelationsOperations: """ @@ -228,7 +228,6 @@ def __init__(self, *args, **kwargs): self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - @distributed_trace def list( self, @@ -240,14 +239,15 @@ def list( top: Optional[int] = None, skip_token: Optional[str] = None, **kwargs: Any - ) -> Iterable[_models.RelationList]: - """Gets all relations for a given incident. + ) -> Iterable["_models.Relation"]: + """Gets all incident relations. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param incident_id: Incident ID. + :param incident_id: Incident ID. Required. :type incident_id: str :param filter: Filters the results, based on a Boolean condition. Optional. Default value is None. @@ -262,34 +262,33 @@ def list( Default value is None. :type skip_token: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either RelationList or the result of cls(response) - :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.RelationList] - :raises: ~azure.core.exceptions.HttpResponseError + :return: An iterator like instance of either Relation or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.Relation] + :raises ~azure.core.exceptions.HttpResponseError: """ _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.RelationList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.RelationList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) def prepare_request(next_link=None): if not next_link: - + request = build_list_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, incident_id=incident_id, - api_version=api_version, + subscription_id=self._config.subscription_id, filter=filter, orderby=orderby, top=top, skip_token=skip_token, - template_url=self.list.metadata['url'], + api_version=api_version, + template_url=self.list.metadata["url"], headers=_headers, params=_params, ) @@ -297,21 +296,11 @@ def prepare_request(next_link=None): request.url = self._client.format_url(request.url) # type: ignore else: - - request = build_list_request( - subscription_id=self._config.subscription_id, - resource_group_name=resource_group_name, - workspace_name=workspace_name, - incident_id=incident_id, - api_version=api_version, - filter=filter, - orderby=orderby, - top=top, - skip_token=skip_token, - template_url=next_link, - headers=_headers, - params=_params, - ) + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) request = _convert_request(request) request.url = self._client.format_url(request.url) # type: ignore request.method = "GET" @@ -327,10 +316,8 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) - pipeline_response = self._client._pipeline.run( # pylint: disable=protected-access - request, - stream=False, - **kwargs + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs ) response = pipeline_response.http_response @@ -340,56 +327,47 @@ def get_next(next_link=None): return pipeline_response + return ItemPaged(get_next, extract_data) - return ItemPaged( - get_next, extract_data - ) - list.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations"} # type: ignore + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations"} # type: ignore @distributed_trace def get( - self, - resource_group_name: str, - workspace_name: str, - incident_id: str, - relation_name: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, incident_id: str, relation_name: str, **kwargs: Any ) -> _models.Relation: - """Gets a relation for a given incident. + """Gets an incident relation. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param incident_id: Incident ID. + :param incident_id: Incident ID. Required. :type incident_id: str - :param relation_name: Relation Name. + :param relation_name: Relation Name. Required. :type relation_name: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: Relation, or the result of cls(response) + :return: Relation or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.Relation - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.Relation] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.Relation] - request = build_get_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, incident_id=incident_id, relation_name=relation_name, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.get.metadata['url'], + template_url=self.get.metadata["url"], headers=_headers, params=_params, ) @@ -397,27 +375,25 @@ def get( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('Relation', pipeline_response) + deserialized = self._deserialize("Relation", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - get.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}"} # type: ignore - + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}"} # type: ignore - @distributed_trace + @overload def create_or_update( self, resource_group_name: str, @@ -425,49 +401,126 @@ def create_or_update( incident_id: str, relation_name: str, relation: _models.Relation, + *, + content_type: str = "application/json", **kwargs: Any ) -> _models.Relation: - """Creates or updates a relation for a given incident. + """Creates or updates the incident relation. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param incident_id: Incident ID. + :param incident_id: Incident ID. Required. :type incident_id: str - :param relation_name: Relation Name. + :param relation_name: Relation Name. Required. :type relation_name: str - :param relation: The relation model. + :param relation: The relation model. Required. :type relation: ~azure.mgmt.securityinsight.models.Relation + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Relation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Relation + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + incident_id: str, + relation_name: str, + relation: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.Relation: + """Creates or updates the incident relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param incident_id: Incident ID. Required. + :type incident_id: str + :param relation_name: Relation Name. Required. + :type relation_name: str + :param relation: The relation model. Required. + :type relation: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: Relation, or the result of cls(response) + :return: Relation or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.Relation - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + + @distributed_trace + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + incident_id: str, + relation_name: str, + relation: Union[_models.Relation, IO], + **kwargs: Any + ) -> _models.Relation: + """Creates or updates the incident relation. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param incident_id: Incident ID. Required. + :type incident_id: str + :param relation_name: Relation Name. Required. + :type relation_name: str + :param relation: The relation model. Is either a model type or a IO type. Required. + :type relation: ~azure.mgmt.securityinsight.models.Relation or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Relation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Relation + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', "application/json")) # type: Optional[str] - cls = kwargs.pop('cls', None) # type: ClsType[_models.Relation] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.Relation] - _json = self._serialize.body(relation, 'Relation') + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(relation, (IO, bytes)): + _content = relation + else: + _json = self._serialize.body(relation, "Relation") request = build_create_or_update_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, incident_id=incident_id, relation_name=relation_name, + subscription_id=self._config.subscription_id, api_version=api_version, content_type=content_type, json=_json, - template_url=self.create_or_update.metadata['url'], + content=_content, + template_url=self.create_or_update.metadata["url"], headers=_headers, params=_params, ) @@ -475,10 +528,9 @@ def create_or_update( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 201]: @@ -486,63 +538,55 @@ def create_or_update( raise HttpResponseError(response=response, error_format=ARMErrorFormat) if response.status_code == 200: - deserialized = self._deserialize('Relation', pipeline_response) + deserialized = self._deserialize("Relation", pipeline_response) if response.status_code == 201: - deserialized = self._deserialize('Relation', pipeline_response) + deserialized = self._deserialize("Relation", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - create_or_update.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}"} # type: ignore - + create_or_update.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}"} # type: ignore @distributed_trace def delete( # pylint: disable=inconsistent-return-statements - self, - resource_group_name: str, - workspace_name: str, - incident_id: str, - relation_name: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, incident_id: str, relation_name: str, **kwargs: Any ) -> None: - """Deletes a relation for a given incident. + """Delete the incident relation. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param incident_id: Incident ID. + :param incident_id: Incident ID. Required. :type incident_id: str - :param relation_name: Relation Name. + :param relation_name: Relation Name. Required. :type relation_name: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: None, or the result of cls(response) + :return: None or the result of cls(response) :rtype: None - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[None] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] - request = build_delete_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, incident_id=incident_id, relation_name=relation_name, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.delete.metadata['url'], + template_url=self.delete.metadata["url"], headers=_headers, params=_params, ) @@ -550,10 +594,9 @@ def delete( # pylint: disable=inconsistent-return-statements request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 204]: @@ -563,5 +606,4 @@ def delete( # pylint: disable=inconsistent-return-statements if cls: return cls(pipeline_response, None, {}) - delete.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}"} # type: ignore - + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/relations/{relationName}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incidents_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incidents_operations.py index 8799208ed0c7..27db7be2df13 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incidents_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_incidents_operations.py @@ -6,11 +6,17 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -from typing import Any, Callable, Dict, Iterable, Optional, TypeVar - -from msrest import Serializer - -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +import sys +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) from azure.core.paging import ItemPaged from azure.core.pipeline import PipelineResponse from azure.core.pipeline.transport import HttpResponse @@ -20,17 +26,62 @@ from azure.mgmt.core.exceptions import ARMErrorFormat from .. import models as _models +from .._serialization import Serializer from .._vendor import _convert_request, _format_url_section -T = TypeVar('T') + +if sys.version_info >= (3, 9): + from collections.abc import MutableMapping +else: + from typing import MutableMapping # type: ignore # pylint: disable=ungrouped-imports +JSON = MutableMapping[str, Any] # pylint: disable=unsubscriptable-object +T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] _SERIALIZER = Serializer() _SERIALIZER.client_side_validation = False + +def build_run_playbook_request( + resource_group_name: str, workspace_name: str, incident_identifier: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentIdentifier}/runPlaybook", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "incidentIdentifier": _SERIALIZER.url("incident_identifier", incident_identifier, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, **kwargs) + + def build_list_request( - subscription_id: str, resource_group_name: str, workspace_name: str, + subscription_id: str, *, filter: Optional[str] = None, orderby: Optional[str] = None, @@ -41,282 +92,284 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") if filter is not None: - _params['$filter'] = _SERIALIZER.query("filter", filter, 'str') + _params["$filter"] = _SERIALIZER.query("filter", filter, "str") if orderby is not None: - _params['$orderby'] = _SERIALIZER.query("orderby", orderby, 'str') + _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") if top is not None: - _params['$top'] = _SERIALIZER.query("top", top, 'int') + _params["$top"] = _SERIALIZER.query("top", top, "int") if skip_token is not None: - _params['$skipToken'] = _SERIALIZER.query("skip_token", skip_token, 'str') + _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="GET", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) def build_get_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - incident_id: str, - **kwargs: Any + resource_group_name: str, workspace_name: str, incident_id: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "incidentId": _SERIALIZER.url("incident_id", incident_id, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="GET", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) def build_create_or_update_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - incident_id: str, - *, - json: Optional[_models.Incident] = None, - content: Any = None, - **kwargs: Any + resource_group_name: str, workspace_name: str, incident_id: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', None)) # type: Optional[str] - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "incidentId": _SERIALIZER.url("incident_id", incident_id, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers if content_type is not None: - _headers['Content-Type'] = _SERIALIZER.header("content_type", content_type, 'str') - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="PUT", - url=_url, - params=_params, - headers=_headers, - json=json, - content=content, - **kwargs - ) + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) def build_delete_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - incident_id: str, - **kwargs: Any + resource_group_name: str, workspace_name: str, incident_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_create_team_request( + resource_group_name: str, workspace_name: str, incident_id: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/createTeam", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "incidentId": _SERIALIZER.url("incident_id", incident_id, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="DELETE", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) + return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, **kwargs) def build_list_alerts_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - incident_id: str, - **kwargs: Any + resource_group_name: str, workspace_name: str, incident_id: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/alerts") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/alerts", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "incidentId": _SERIALIZER.url("incident_id", incident_id, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="POST", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) + return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, **kwargs) def build_list_bookmarks_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - incident_id: str, - **kwargs: Any + resource_group_name: str, workspace_name: str, incident_id: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/bookmarks") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/bookmarks", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "incidentId": _SERIALIZER.url("incident_id", incident_id, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="POST", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) + return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, **kwargs) def build_list_entities_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - incident_id: str, - **kwargs: Any + resource_group_name: str, workspace_name: str, incident_id: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/entities") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/entities", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "incidentId": _SERIALIZER.url("incident_id", incident_id, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "incidentId": _SERIALIZER.url("incident_id", incident_id, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, **kwargs) - return HttpRequest( - method="POST", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) class IncidentsOperations: """ @@ -337,6 +390,151 @@ def __init__(self, *args, **kwargs): self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + @overload + def run_playbook( + self, + resource_group_name: str, + workspace_name: str, + incident_identifier: str, + request_body: Optional[_models.ManualTriggerRequestBody] = None, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> JSON: + """Triggers playbook on a specific incident. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param incident_identifier: Required. + :type incident_identifier: str + :param request_body: Default value is None. + :type request_body: ~azure.mgmt.securityinsight.models.ManualTriggerRequestBody + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: JSON or the result of cls(response) + :rtype: JSON + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def run_playbook( + self, + resource_group_name: str, + workspace_name: str, + incident_identifier: str, + request_body: Optional[IO] = None, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> JSON: + """Triggers playbook on a specific incident. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param incident_identifier: Required. + :type incident_identifier: str + :param request_body: Default value is None. + :type request_body: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: JSON or the result of cls(response) + :rtype: JSON + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def run_playbook( + self, + resource_group_name: str, + workspace_name: str, + incident_identifier: str, + request_body: Optional[Union[_models.ManualTriggerRequestBody, IO]] = None, + **kwargs: Any + ) -> JSON: + """Triggers playbook on a specific incident. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param incident_identifier: Required. + :type incident_identifier: str + :param request_body: Is either a model type or a IO type. Default value is None. + :type request_body: ~azure.mgmt.securityinsight.models.ManualTriggerRequestBody or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: JSON or the result of cls(response) + :rtype: JSON + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[JSON] + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(request_body, (IO, bytes)): + _content = request_body + else: + if request_body is not None: + _json = self._serialize.body(request_body, "ManualTriggerRequestBody") + else: + _json = None + + request = build_run_playbook_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + incident_identifier=incident_identifier, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.run_playbook.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("object", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + run_playbook.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentIdentifier}/runPlaybook"} # type: ignore @distributed_trace def list( @@ -348,12 +546,13 @@ def list( top: Optional[int] = None, skip_token: Optional[str] = None, **kwargs: Any - ) -> Iterable[_models.IncidentList]: + ) -> Iterable["_models.Incident"]: """Gets all incidents. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str :param filter: Filters the results, based on a Boolean condition. Optional. Default value is None. @@ -368,33 +567,32 @@ def list( Default value is None. :type skip_token: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either IncidentList or the result of cls(response) - :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.IncidentList] - :raises: ~azure.core.exceptions.HttpResponseError + :return: An iterator like instance of either Incident or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.Incident] + :raises ~azure.core.exceptions.HttpResponseError: """ _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.IncidentList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.IncidentList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) def prepare_request(next_link=None): if not next_link: - + request = build_list_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, - api_version=api_version, + subscription_id=self._config.subscription_id, filter=filter, orderby=orderby, top=top, skip_token=skip_token, - template_url=self.list.metadata['url'], + api_version=api_version, + template_url=self.list.metadata["url"], headers=_headers, params=_params, ) @@ -402,20 +600,11 @@ def prepare_request(next_link=None): request.url = self._client.format_url(request.url) # type: ignore else: - - request = build_list_request( - subscription_id=self._config.subscription_id, - resource_group_name=resource_group_name, - workspace_name=workspace_name, - api_version=api_version, - filter=filter, - orderby=orderby, - top=top, - skip_token=skip_token, - template_url=next_link, - headers=_headers, - params=_params, - ) + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) request = _convert_request(request) request.url = self._client.format_url(request.url) # type: ignore request.method = "GET" @@ -431,10 +620,8 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) - pipeline_response = self._client._pipeline.run( # pylint: disable=protected-access - request, - stream=False, - **kwargs + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs ) response = pipeline_response.http_response @@ -444,52 +631,42 @@ def get_next(next_link=None): return pipeline_response + return ItemPaged(get_next, extract_data) - return ItemPaged( - get_next, extract_data - ) - list.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents"} # type: ignore + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents"} # type: ignore @distributed_trace - def get( - self, - resource_group_name: str, - workspace_name: str, - incident_id: str, - **kwargs: Any - ) -> _models.Incident: - """Gets a given incident. + def get(self, resource_group_name: str, workspace_name: str, incident_id: str, **kwargs: Any) -> _models.Incident: + """Gets an incident. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param incident_id: Incident ID. + :param incident_id: Incident ID. Required. :type incident_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: Incident, or the result of cls(response) + :return: Incident or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.Incident - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.Incident] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.Incident] - request = build_get_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, incident_id=incident_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.get.metadata['url'], + template_url=self.get.metadata["url"], headers=_headers, params=_params, ) @@ -497,73 +674,142 @@ def get( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('Incident', pipeline_response) + deserialized = self._deserialize("Incident", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - get.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}"} # type: ignore + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}"} # type: ignore - - @distributed_trace + @overload def create_or_update( self, resource_group_name: str, workspace_name: str, incident_id: str, incident: _models.Incident, + *, + content_type: str = "application/json", **kwargs: Any ) -> _models.Incident: - """Creates or updates an incident. + """Creates or updates the incident. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param incident_id: Incident ID. + :param incident_id: Incident ID. Required. :type incident_id: str - :param incident: The incident. + :param incident: The incident. Required. :type incident: ~azure.mgmt.securityinsight.models.Incident + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Incident or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Incident + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + incident_id: str, + incident: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.Incident: + """Creates or updates the incident. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param incident_id: Incident ID. Required. + :type incident_id: str + :param incident: The incident. Required. + :type incident: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Incident or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Incident + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + incident_id: str, + incident: Union[_models.Incident, IO], + **kwargs: Any + ) -> _models.Incident: + """Creates or updates the incident. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param incident_id: Incident ID. Required. + :type incident_id: str + :param incident: The incident. Is either a model type or a IO type. Required. + :type incident: ~azure.mgmt.securityinsight.models.Incident or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: Incident, or the result of cls(response) + :return: Incident or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.Incident - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', "application/json")) # type: Optional[str] - cls = kwargs.pop('cls', None) # type: ClsType[_models.Incident] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.Incident] - _json = self._serialize.body(incident, 'Incident') + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(incident, (IO, bytes)): + _content = incident + else: + _json = self._serialize.body(incident, "Incident") request = build_create_or_update_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, incident_id=incident_id, + subscription_id=self._config.subscription_id, api_version=api_version, content_type=content_type, json=_json, - template_url=self.create_or_update.metadata['url'], + content=_content, + template_url=self.create_or_update.metadata["url"], headers=_headers, params=_params, ) @@ -571,10 +817,9 @@ def create_or_update( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 201]: @@ -582,59 +827,52 @@ def create_or_update( raise HttpResponseError(response=response, error_format=ARMErrorFormat) if response.status_code == 200: - deserialized = self._deserialize('Incident', pipeline_response) + deserialized = self._deserialize("Incident", pipeline_response) if response.status_code == 201: - deserialized = self._deserialize('Incident', pipeline_response) + deserialized = self._deserialize("Incident", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - create_or_update.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}"} # type: ignore - + create_or_update.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}"} # type: ignore @distributed_trace def delete( # pylint: disable=inconsistent-return-statements - self, - resource_group_name: str, - workspace_name: str, - incident_id: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, incident_id: str, **kwargs: Any ) -> None: - """Deletes a given incident. + """Delete the incident. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param incident_id: Incident ID. + :param incident_id: Incident ID. Required. :type incident_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: None, or the result of cls(response) + :return: None or the result of cls(response) :rtype: None - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[None] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] - request = build_delete_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, incident_id=incident_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.delete.metadata['url'], + template_url=self.delete.metadata["url"], headers=_headers, params=_params, ) @@ -642,10 +880,9 @@ def delete( # pylint: disable=inconsistent-return-statements request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 204]: @@ -655,49 +892,188 @@ def delete( # pylint: disable=inconsistent-return-statements if cls: return cls(pipeline_response, None, {}) - delete.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}"} # type: ignore + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}"} # type: ignore + + @overload + def create_team( + self, + resource_group_name: str, + workspace_name: str, + incident_id: str, + team_properties: _models.TeamProperties, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.TeamInformation: + """Creates a Microsoft team to investigate the incident by sharing information and insights + between participants. + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param incident_id: Incident ID. Required. + :type incident_id: str + :param team_properties: Team properties. Required. + :type team_properties: ~azure.mgmt.securityinsight.models.TeamProperties + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: TeamInformation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.TeamInformation + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def create_team( + self, + resource_group_name: str, + workspace_name: str, + incident_id: str, + team_properties: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.TeamInformation: + """Creates a Microsoft team to investigate the incident by sharing information and insights + between participants. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param incident_id: Incident ID. Required. + :type incident_id: str + :param team_properties: Team properties. Required. + :type team_properties: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: TeamInformation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.TeamInformation + :raises ~azure.core.exceptions.HttpResponseError: + """ @distributed_trace - def list_alerts( + def create_team( self, resource_group_name: str, workspace_name: str, incident_id: str, + team_properties: Union[_models.TeamProperties, IO], **kwargs: Any + ) -> _models.TeamInformation: + """Creates a Microsoft team to investigate the incident by sharing information and insights + between participants. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param incident_id: Incident ID. Required. + :type incident_id: str + :param team_properties: Team properties. Is either a model type or a IO type. Required. + :type team_properties: ~azure.mgmt.securityinsight.models.TeamProperties or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: TeamInformation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.TeamInformation + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.TeamInformation] + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(team_properties, (IO, bytes)): + _content = team_properties + else: + _json = self._serialize.body(team_properties, "TeamProperties") + + request = build_create_team_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + incident_id=incident_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_team.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("TeamInformation", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + create_team.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/createTeam"} # type: ignore + + @distributed_trace + def list_alerts( + self, resource_group_name: str, workspace_name: str, incident_id: str, **kwargs: Any ) -> _models.IncidentAlertList: - """Gets all alerts for an incident. + """Gets all incident alerts. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param incident_id: Incident ID. + :param incident_id: Incident ID. Required. :type incident_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: IncidentAlertList, or the result of cls(response) + :return: IncidentAlertList or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.IncidentAlertList - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.IncidentAlertList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.IncidentAlertList] - request = build_list_alerts_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, incident_id=incident_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.list_alerts.metadata['url'], + template_url=self.list_alerts.metadata["url"], headers=_headers, params=_params, ) @@ -705,66 +1081,58 @@ def list_alerts( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('IncidentAlertList', pipeline_response) + deserialized = self._deserialize("IncidentAlertList", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - list_alerts.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/alerts"} # type: ignore - + list_alerts.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/alerts"} # type: ignore @distributed_trace def list_bookmarks( - self, - resource_group_name: str, - workspace_name: str, - incident_id: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, incident_id: str, **kwargs: Any ) -> _models.IncidentBookmarkList: - """Gets all bookmarks for an incident. + """Gets all incident bookmarks. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param incident_id: Incident ID. + :param incident_id: Incident ID. Required. :type incident_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: IncidentBookmarkList, or the result of cls(response) + :return: IncidentBookmarkList or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.IncidentBookmarkList - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.IncidentBookmarkList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.IncidentBookmarkList] - request = build_list_bookmarks_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, incident_id=incident_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.list_bookmarks.metadata['url'], + template_url=self.list_bookmarks.metadata["url"], headers=_headers, params=_params, ) @@ -772,66 +1140,58 @@ def list_bookmarks( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('IncidentBookmarkList', pipeline_response) + deserialized = self._deserialize("IncidentBookmarkList", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - list_bookmarks.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/bookmarks"} # type: ignore - + list_bookmarks.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/bookmarks"} # type: ignore @distributed_trace def list_entities( - self, - resource_group_name: str, - workspace_name: str, - incident_id: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, incident_id: str, **kwargs: Any ) -> _models.IncidentEntitiesResponse: - """Gets all entities for an incident. + """Gets all incident related entities. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param incident_id: Incident ID. + :param incident_id: Incident ID. Required. :type incident_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: IncidentEntitiesResponse, or the result of cls(response) + :return: IncidentEntitiesResponse or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.IncidentEntitiesResponse - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.IncidentEntitiesResponse] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.IncidentEntitiesResponse] - request = build_list_entities_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, incident_id=incident_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.list_entities.metadata['url'], + template_url=self.list_entities.metadata["url"], headers=_headers, params=_params, ) @@ -839,22 +1199,20 @@ def list_entities( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('IncidentEntitiesResponse', pipeline_response) + deserialized = self._deserialize("IncidentEntitiesResponse", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - list_entities.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/entities"} # type: ignore - + list_entities.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents/{incidentId}/entities"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_ip_geodata_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_ip_geodata_operations.py new file mode 100644 index 000000000000..ef94043a91eb --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_ip_geodata_operations.py @@ -0,0 +1,138 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Optional, TypeVar + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request, _format_url_section + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_get_request(resource_group_name: str, subscription_id: str, *, ip_address: str, **kwargs: Any) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/ip/geodata/", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + _params["ipAddress"] = _SERIALIZER.query("ip_address", ip_address, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +class IPGeodataOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`ip_geodata` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def get(self, resource_group_name: str, ip_address: str, **kwargs: Any) -> _models.EnrichmentIpGeodata: + """Get geodata for a single IP address. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param ip_address: IP address (v4 or v6) to be enriched. Required. + :type ip_address: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: EnrichmentIpGeodata or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.EnrichmentIpGeodata + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.EnrichmentIpGeodata] + + request = build_get_request( + resource_group_name=resource_group_name, + subscription_id=self._config.subscription_id, + ip_address=ip_address, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("EnrichmentIpGeodata", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.SecurityInsights/enrichment/ip/geodata/"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_metadata_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_metadata_operations.py new file mode 100644 index 000000000000..fadd03fca501 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_metadata_operations.py @@ -0,0 +1,747 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request, _format_url_section + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, + workspace_name: str, + subscription_id: str, + *, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip: Optional[int] = None, + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + if filter is not None: + _params["$filter"] = _SERIALIZER.query("filter", filter, "str") + if orderby is not None: + _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") + if top is not None: + _params["$top"] = _SERIALIZER.query("top", top, "int") + if skip is not None: + _params["$skip"] = _SERIALIZER.query("skip", skip, "int") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_request( + resource_group_name: str, workspace_name: str, metadata_name: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "metadataName": _SERIALIZER.url("metadata_name", metadata_name, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_delete_request( + resource_group_name: str, workspace_name: str, metadata_name: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "metadataName": _SERIALIZER.url("metadata_name", metadata_name, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_create_request( + resource_group_name: str, workspace_name: str, metadata_name: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "metadataName": _SERIALIZER.url("metadata_name", metadata_name, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_update_request( + resource_group_name: str, workspace_name: str, metadata_name: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "metadataName": _SERIALIZER.url("metadata_name", metadata_name, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="PATCH", url=_url, params=_params, headers=_headers, **kwargs) + + +class MetadataOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`metadata` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, + resource_group_name: str, + workspace_name: str, + filter: Optional[str] = None, + orderby: Optional[str] = None, + top: Optional[int] = None, + skip: Optional[int] = None, + **kwargs: Any + ) -> Iterable["_models.MetadataModel"]: + """List of all metadata. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param filter: Filters the results, based on a Boolean condition. Optional. Default value is + None. + :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str + :param top: Returns only the first n results. Optional. Default value is None. + :type top: int + :param skip: Used to skip n elements in the OData query (offset). Returns a nextLink to the + next page of results if there are any left. Default value is None. + :type skip: int + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either MetadataModel or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.MetadataModel] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.MetadataList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + filter=filter, + orderby=orderby, + top=top, + skip=skip, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + else: + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("MetadataList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata"} # type: ignore + + @distributed_trace + def get( + self, resource_group_name: str, workspace_name: str, metadata_name: str, **kwargs: Any + ) -> _models.MetadataModel: + """Get a Metadata. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param metadata_name: The Metadata name. Required. + :type metadata_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: MetadataModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.MetadataModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.MetadataModel] + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + metadata_name=metadata_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("MetadataModel", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}"} # type: ignore + + @distributed_trace + def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, metadata_name: str, **kwargs: Any + ) -> None: + """Delete a Metadata. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param metadata_name: The Metadata name. Required. + :type metadata_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + metadata_name=metadata_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}"} # type: ignore + + @overload + def create( + self, + resource_group_name: str, + workspace_name: str, + metadata_name: str, + metadata: _models.MetadataModel, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.MetadataModel: + """Create a Metadata. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param metadata_name: The Metadata name. Required. + :type metadata_name: str + :param metadata: Metadata resource. Required. + :type metadata: ~azure.mgmt.securityinsight.models.MetadataModel + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: MetadataModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.MetadataModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def create( + self, + resource_group_name: str, + workspace_name: str, + metadata_name: str, + metadata: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.MetadataModel: + """Create a Metadata. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param metadata_name: The Metadata name. Required. + :type metadata_name: str + :param metadata: Metadata resource. Required. + :type metadata: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: MetadataModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.MetadataModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def create( + self, + resource_group_name: str, + workspace_name: str, + metadata_name: str, + metadata: Union[_models.MetadataModel, IO], + **kwargs: Any + ) -> _models.MetadataModel: + """Create a Metadata. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param metadata_name: The Metadata name. Required. + :type metadata_name: str + :param metadata: Metadata resource. Is either a model type or a IO type. Required. + :type metadata: ~azure.mgmt.securityinsight.models.MetadataModel or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: MetadataModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.MetadataModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.MetadataModel] + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(metadata, (IO, bytes)): + _content = metadata + else: + _json = self._serialize.body(metadata, "MetadataModel") + + request = build_create_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + metadata_name=metadata_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("MetadataModel", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("MetadataModel", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + create.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}"} # type: ignore + + @overload + def update( + self, + resource_group_name: str, + workspace_name: str, + metadata_name: str, + metadata_patch: _models.MetadataPatch, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.MetadataModel: + """Update an existing Metadata. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param metadata_name: The Metadata name. Required. + :type metadata_name: str + :param metadata_patch: Partial metadata request. Required. + :type metadata_patch: ~azure.mgmt.securityinsight.models.MetadataPatch + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: MetadataModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.MetadataModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def update( + self, + resource_group_name: str, + workspace_name: str, + metadata_name: str, + metadata_patch: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.MetadataModel: + """Update an existing Metadata. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param metadata_name: The Metadata name. Required. + :type metadata_name: str + :param metadata_patch: Partial metadata request. Required. + :type metadata_patch: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: MetadataModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.MetadataModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def update( + self, + resource_group_name: str, + workspace_name: str, + metadata_name: str, + metadata_patch: Union[_models.MetadataPatch, IO], + **kwargs: Any + ) -> _models.MetadataModel: + """Update an existing Metadata. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param metadata_name: The Metadata name. Required. + :type metadata_name: str + :param metadata_patch: Partial metadata request. Is either a model type or a IO type. Required. + :type metadata_patch: ~azure.mgmt.securityinsight.models.MetadataPatch or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: MetadataModel or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.MetadataModel + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.MetadataModel] + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(metadata_patch, (IO, bytes)): + _content = metadata_patch + else: + _json = self._serialize.body(metadata_patch, "MetadataPatch") + + request = build_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + metadata_name=metadata_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("MetadataModel", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + update.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/metadata/{metadataName}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_office_consents_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_office_consents_operations.py new file mode 100644 index 000000000000..ccb9573eea59 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_office_consents_operations.py @@ -0,0 +1,344 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Iterable, Optional, TypeVar +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request, _format_url_section + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, workspace_name: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_request( + resource_group_name: str, workspace_name: str, consent_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents/{consentId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "consentId": _SERIALIZER.url("consent_id", consent_id, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_delete_request( + resource_group_name: str, workspace_name: str, consent_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents/{consentId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "consentId": _SERIALIZER.url("consent_id", consent_id, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) + + +class OfficeConsentsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`office_consents` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> Iterable["_models.OfficeConsent"]: + """Gets all office365 consents. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either OfficeConsent or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.OfficeConsent] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.OfficeConsentList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + else: + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("OfficeConsentList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents"} # type: ignore + + @distributed_trace + def get( + self, resource_group_name: str, workspace_name: str, consent_id: str, **kwargs: Any + ) -> _models.OfficeConsent: + """Gets an office365 consent. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param consent_id: consent ID. Required. + :type consent_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: OfficeConsent or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.OfficeConsent + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.OfficeConsent] + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + consent_id=consent_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("OfficeConsent", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents/{consentId}"} # type: ignore + + @distributed_trace + def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, consent_id: str, **kwargs: Any + ) -> None: + """Delete the office365 consent. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param consent_id: consent ID. Required. + :type consent_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + consent_id=consent_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/officeConsents/{consentId}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_operations.py index 7e309e0859d5..81617625e688 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_operations.py @@ -7,10 +7,15 @@ # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- from typing import Any, Callable, Dict, Iterable, Optional, TypeVar - -from msrest import Serializer - -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) from azure.core.paging import ItemPaged from azure.core.pipeline import PipelineResponse from azure.core.pipeline.transport import HttpResponse @@ -20,38 +25,34 @@ from azure.mgmt.core.exceptions import ARMErrorFormat from .. import models as _models +from .._serialization import Serializer from .._vendor import _convert_request -T = TypeVar('T') + +T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] _SERIALIZER = Serializer() _SERIALIZER.client_side_validation = False -def build_list_request( - **kwargs: Any -) -> HttpRequest: + +def build_list_request(**kwargs: Any) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL _url = kwargs.pop("template_url", "/providers/Microsoft.SecurityInsights/operations") # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) - return HttpRequest( - method="GET", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) class Operations: """ @@ -72,35 +73,30 @@ def __init__(self, *args, **kwargs): self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - @distributed_trace - def list( - self, - **kwargs: Any - ) -> Iterable[_models.OperationsList]: + def list(self, **kwargs: Any) -> Iterable["_models.Operation"]: """Lists all operations available Azure Security Insights Resource Provider. :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either OperationsList or the result of cls(response) - :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.OperationsList] - :raises: ~azure.core.exceptions.HttpResponseError + :return: An iterator like instance of either Operation or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.Operation] + :raises ~azure.core.exceptions.HttpResponseError: """ _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.OperationsList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.OperationsList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) def prepare_request(next_link=None): if not next_link: - + request = build_list_request( api_version=api_version, - template_url=self.list.metadata['url'], + template_url=self.list.metadata["url"], headers=_headers, params=_params, ) @@ -108,13 +104,11 @@ def prepare_request(next_link=None): request.url = self._client.format_url(request.url) # type: ignore else: - - request = build_list_request( - api_version=api_version, - template_url=next_link, - headers=_headers, - params=_params, - ) + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) request = _convert_request(request) request.url = self._client.format_url(request.url) # type: ignore request.method = "GET" @@ -130,10 +124,8 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) - pipeline_response = self._client._pipeline.run( # pylint: disable=protected-access - request, - stream=False, - **kwargs + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs ) response = pipeline_response.http_response @@ -143,8 +135,6 @@ def get_next(next_link=None): return pipeline_response + return ItemPaged(get_next, extract_data) - return ItemPaged( - get_next, extract_data - ) - list.metadata = {'url': "/providers/Microsoft.SecurityInsights/operations"} # type: ignore + list.metadata = {"url": "/providers/Microsoft.SecurityInsights/operations"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_patch.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_patch.py index 0ad201a8c586..f7dd32510333 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_patch.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_patch.py @@ -10,6 +10,7 @@ __all__: List[str] = [] # Add all objects you want publicly available to users at this package level + def patch_sdk(): """Do not remove from this file. diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_settings_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_settings_operations.py new file mode 100644 index 000000000000..f82980f1bfc2 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_product_settings_operations.py @@ -0,0 +1,505 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request, _format_url_section + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, workspace_name: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_request( + resource_group_name: str, workspace_name: str, settings_name: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "settingsName": _SERIALIZER.url("settings_name", settings_name, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_delete_request( + resource_group_name: str, workspace_name: str, settings_name: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "settingsName": _SERIALIZER.url("settings_name", settings_name, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_update_request( + resource_group_name: str, workspace_name: str, settings_name: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "settingsName": _SERIALIZER.url("settings_name", settings_name, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) + + +class ProductSettingsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`product_settings` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> _models.SettingList: + """List of all the settings. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: SettingList or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.SettingList + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.SettingList] + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("SettingList", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings"} # type: ignore + + @distributed_trace + def get(self, resource_group_name: str, workspace_name: str, settings_name: str, **kwargs: Any) -> _models.Settings: + """Gets a setting. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param settings_name: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba. + Required. + :type settings_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Settings or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Settings + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.Settings] + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + settings_name=settings_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("Settings", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}"} # type: ignore + + @distributed_trace + def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, settings_name: str, **kwargs: Any + ) -> None: + """Delete setting of the product. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param settings_name: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba. + Required. + :type settings_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + settings_name=settings_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}"} # type: ignore + + @overload + def update( + self, + resource_group_name: str, + workspace_name: str, + settings_name: str, + settings: _models.Settings, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.Settings: + """Updates setting. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param settings_name: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba. + Required. + :type settings_name: str + :param settings: The setting. Required. + :type settings: ~azure.mgmt.securityinsight.models.Settings + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Settings or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Settings + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def update( + self, + resource_group_name: str, + workspace_name: str, + settings_name: str, + settings: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.Settings: + """Updates setting. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param settings_name: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba. + Required. + :type settings_name: str + :param settings: The setting. Required. + :type settings: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Settings or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Settings + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def update( + self, + resource_group_name: str, + workspace_name: str, + settings_name: str, + settings: Union[_models.Settings, IO], + **kwargs: Any + ) -> _models.Settings: + """Updates setting. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param settings_name: The setting name. Supports - Anomalies, EyesOn, EntityAnalytics, Ueba. + Required. + :type settings_name: str + :param settings: The setting. Is either a model type or a IO type. Required. + :type settings: ~azure.mgmt.securityinsight.models.Settings or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Settings or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Settings + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.Settings] + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(settings, (IO, bytes)): + _content = settings + else: + _json = self._serialize.body(settings, "Settings") + + request = build_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + settings_name=settings_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("Settings", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + update.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/settings/{settingsName}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_security_ml_analytics_settings_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_security_ml_analytics_settings_operations.py new file mode 100644 index 000000000000..0e13c5afd135 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_security_ml_analytics_settings_operations.py @@ -0,0 +1,535 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request, _format_url_section + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, workspace_name: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_request( + resource_group_name: str, workspace_name: str, settings_resource_name: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "settingsResourceName": _SERIALIZER.url("settings_resource_name", settings_resource_name, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_create_or_update_request( + resource_group_name: str, workspace_name: str, settings_resource_name: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "settingsResourceName": _SERIALIZER.url("settings_resource_name", settings_resource_name, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_delete_request( + resource_group_name: str, workspace_name: str, settings_resource_name: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "settingsResourceName": _SERIALIZER.url("settings_resource_name", settings_resource_name, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) + + +class SecurityMLAnalyticsSettingsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`security_ml_analytics_settings` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list( + self, resource_group_name: str, workspace_name: str, **kwargs: Any + ) -> Iterable["_models.SecurityMLAnalyticsSetting"]: + """Gets all Security ML Analytics Settings. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either SecurityMLAnalyticsSetting or the result of + cls(response) + :rtype: + ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSetting] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.SecurityMLAnalyticsSettingsList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + else: + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("SecurityMLAnalyticsSettingsList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings"} # type: ignore + + @distributed_trace + def get( + self, resource_group_name: str, workspace_name: str, settings_resource_name: str, **kwargs: Any + ) -> _models.SecurityMLAnalyticsSetting: + """Gets the Security ML Analytics Settings. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param settings_resource_name: Security ML Analytics Settings resource name. Required. + :type settings_resource_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: SecurityMLAnalyticsSetting or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSetting + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.SecurityMLAnalyticsSetting] + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + settings_resource_name=settings_resource_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("SecurityMLAnalyticsSetting", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName}"} # type: ignore + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + settings_resource_name: str, + security_ml_analytics_setting: _models.SecurityMLAnalyticsSetting, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.SecurityMLAnalyticsSetting: + """Creates or updates the Security ML Analytics Settings. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param settings_resource_name: Security ML Analytics Settings resource name. Required. + :type settings_resource_name: str + :param security_ml_analytics_setting: The security ML Analytics setting. Required. + :type security_ml_analytics_setting: + ~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSetting + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: SecurityMLAnalyticsSetting or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSetting + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + settings_resource_name: str, + security_ml_analytics_setting: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.SecurityMLAnalyticsSetting: + """Creates or updates the Security ML Analytics Settings. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param settings_resource_name: Security ML Analytics Settings resource name. Required. + :type settings_resource_name: str + :param security_ml_analytics_setting: The security ML Analytics setting. Required. + :type security_ml_analytics_setting: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: SecurityMLAnalyticsSetting or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSetting + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + settings_resource_name: str, + security_ml_analytics_setting: Union[_models.SecurityMLAnalyticsSetting, IO], + **kwargs: Any + ) -> _models.SecurityMLAnalyticsSetting: + """Creates or updates the Security ML Analytics Settings. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param settings_resource_name: Security ML Analytics Settings resource name. Required. + :type settings_resource_name: str + :param security_ml_analytics_setting: The security ML Analytics setting. Is either a model type + or a IO type. Required. + :type security_ml_analytics_setting: + ~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSetting or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: SecurityMLAnalyticsSetting or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.SecurityMLAnalyticsSetting + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.SecurityMLAnalyticsSetting] + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(security_ml_analytics_setting, (IO, bytes)): + _content = security_ml_analytics_setting + else: + _json = self._serialize.body(security_ml_analytics_setting, "SecurityMLAnalyticsSetting") + + request = build_create_or_update_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + settings_resource_name=settings_resource_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create_or_update.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("SecurityMLAnalyticsSetting", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("SecurityMLAnalyticsSetting", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + create_or_update.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName}"} # type: ignore + + @distributed_trace + def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, settings_resource_name: str, **kwargs: Any + ) -> None: + """Delete the Security ML Analytics Settings. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param settings_resource_name: Security ML Analytics Settings resource name. Required. + :type settings_resource_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + settings_resource_name=settings_resource_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/securityMLAnalyticsSettings/{settingsResourceName}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_sentinel_onboarding_states_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_sentinel_onboarding_states_operations.py index f93976eb7d84..23f6b3fba971 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_sentinel_onboarding_states_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_sentinel_onboarding_states_operations.py @@ -6,11 +6,15 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -from typing import Any, Callable, Dict, Optional, TypeVar - -from msrest import Serializer - -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from typing import Any, Callable, Dict, IO, Optional, TypeVar, Union, overload + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) from azure.core.pipeline import PipelineResponse from azure.core.pipeline.transport import HttpResponse from azure.core.rest import HttpRequest @@ -19,173 +23,171 @@ from azure.mgmt.core.exceptions import ARMErrorFormat from .. import models as _models +from .._serialization import Serializer from .._vendor import _convert_request, _format_url_section -T = TypeVar('T') + +T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] _SERIALIZER = Serializer() _SERIALIZER.client_side_validation = False + def build_get_request( - subscription_id: str, resource_group_name: str, workspace_name: str, sentinel_onboarding_state_name: str, + subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "sentinelOnboardingStateName": _SERIALIZER.url("sentinel_onboarding_state_name", sentinel_onboarding_state_name, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "sentinelOnboardingStateName": _SERIALIZER.url( + "sentinel_onboarding_state_name", sentinel_onboarding_state_name, "str" + ), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="GET", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) def build_create_request( - subscription_id: str, resource_group_name: str, workspace_name: str, sentinel_onboarding_state_name: str, - *, - json: Optional[_models.SentinelOnboardingState] = None, - content: Any = None, + subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', None)) # type: Optional[str] - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "sentinelOnboardingStateName": _SERIALIZER.url("sentinel_onboarding_state_name", sentinel_onboarding_state_name, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "sentinelOnboardingStateName": _SERIALIZER.url( + "sentinel_onboarding_state_name", sentinel_onboarding_state_name, "str" + ), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers if content_type is not None: - _headers['Content-Type'] = _SERIALIZER.header("content_type", content_type, 'str') - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="PUT", - url=_url, - params=_params, - headers=_headers, - json=json, - content=content, - **kwargs - ) + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) def build_delete_request( - subscription_id: str, resource_group_name: str, workspace_name: str, sentinel_onboarding_state_name: str, + subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "sentinelOnboardingStateName": _SERIALIZER.url("sentinel_onboarding_state_name", sentinel_onboarding_state_name, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "sentinelOnboardingStateName": _SERIALIZER.url( + "sentinel_onboarding_state_name", sentinel_onboarding_state_name, "str" + ), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="DELETE", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) def build_list_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - **kwargs: Any + resource_group_name: str, workspace_name: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) - return HttpRequest( - method="GET", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) class SentinelOnboardingStatesOperations: """ @@ -206,47 +208,41 @@ def __init__(self, *args, **kwargs): self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - @distributed_trace def get( - self, - resource_group_name: str, - workspace_name: str, - sentinel_onboarding_state_name: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, sentinel_onboarding_state_name: str, **kwargs: Any ) -> _models.SentinelOnboardingState: """Get Sentinel onboarding state. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str :param sentinel_onboarding_state_name: The Sentinel onboarding state name. Supports - default. + Required. :type sentinel_onboarding_state_name: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: SentinelOnboardingState, or the result of cls(response) + :return: SentinelOnboardingState or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.SentinelOnboardingState - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.SentinelOnboardingState] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.SentinelOnboardingState] - request = build_get_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, sentinel_onboarding_state_name=sentinel_onboarding_state_name, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.get.metadata['url'], + template_url=self.get.metadata["url"], headers=_headers, params=_params, ) @@ -254,78 +250,153 @@ def get( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('SentinelOnboardingState', pipeline_response) + deserialized = self._deserialize("SentinelOnboardingState", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - get.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}"} # type: ignore - + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}"} # type: ignore - @distributed_trace + @overload def create( self, resource_group_name: str, workspace_name: str, sentinel_onboarding_state_name: str, sentinel_onboarding_state_parameter: Optional[_models.SentinelOnboardingState] = None, + *, + content_type: str = "application/json", **kwargs: Any ) -> _models.SentinelOnboardingState: """Create Sentinel onboarding state. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str :param sentinel_onboarding_state_name: The Sentinel onboarding state name. Supports - default. + Required. :type sentinel_onboarding_state_name: str :param sentinel_onboarding_state_parameter: The Sentinel onboarding state parameter. Default value is None. :type sentinel_onboarding_state_parameter: ~azure.mgmt.securityinsight.models.SentinelOnboardingState + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: SentinelOnboardingState, or the result of cls(response) + :return: SentinelOnboardingState or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.SentinelOnboardingState - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + + @overload + def create( + self, + resource_group_name: str, + workspace_name: str, + sentinel_onboarding_state_name: str, + sentinel_onboarding_state_parameter: Optional[IO] = None, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.SentinelOnboardingState: + """Create Sentinel onboarding state. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param sentinel_onboarding_state_name: The Sentinel onboarding state name. Supports - default. + Required. + :type sentinel_onboarding_state_name: str + :param sentinel_onboarding_state_parameter: The Sentinel onboarding state parameter. Default + value is None. + :type sentinel_onboarding_state_parameter: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: SentinelOnboardingState or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.SentinelOnboardingState + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def create( + self, + resource_group_name: str, + workspace_name: str, + sentinel_onboarding_state_name: str, + sentinel_onboarding_state_parameter: Optional[Union[_models.SentinelOnboardingState, IO]] = None, + **kwargs: Any + ) -> _models.SentinelOnboardingState: + """Create Sentinel onboarding state. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param sentinel_onboarding_state_name: The Sentinel onboarding state name. Supports - default. + Required. + :type sentinel_onboarding_state_name: str + :param sentinel_onboarding_state_parameter: The Sentinel onboarding state parameter. Is either + a model type or a IO type. Default value is None. + :type sentinel_onboarding_state_parameter: + ~azure.mgmt.securityinsight.models.SentinelOnboardingState or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: SentinelOnboardingState or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.SentinelOnboardingState + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', "application/json")) # type: Optional[str] - cls = kwargs.pop('cls', None) # type: ClsType[_models.SentinelOnboardingState] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.SentinelOnboardingState] - if sentinel_onboarding_state_parameter is not None: - _json = self._serialize.body(sentinel_onboarding_state_parameter, 'SentinelOnboardingState') + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(sentinel_onboarding_state_parameter, (IO, bytes)): + _content = sentinel_onboarding_state_parameter else: - _json = None + if sentinel_onboarding_state_parameter is not None: + _json = self._serialize.body(sentinel_onboarding_state_parameter, "SentinelOnboardingState") + else: + _json = None request = build_create_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, sentinel_onboarding_state_name=sentinel_onboarding_state_name, + subscription_id=self._config.subscription_id, api_version=api_version, content_type=content_type, json=_json, - template_url=self.create.metadata['url'], + content=_content, + template_url=self.create.metadata["url"], headers=_headers, params=_params, ) @@ -333,10 +404,9 @@ def create( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 201]: @@ -344,59 +414,53 @@ def create( raise HttpResponseError(response=response, error_format=ARMErrorFormat) if response.status_code == 200: - deserialized = self._deserialize('SentinelOnboardingState', pipeline_response) + deserialized = self._deserialize("SentinelOnboardingState", pipeline_response) if response.status_code == 201: - deserialized = self._deserialize('SentinelOnboardingState', pipeline_response) + deserialized = self._deserialize("SentinelOnboardingState", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - create.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}"} # type: ignore - + create.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}"} # type: ignore @distributed_trace def delete( # pylint: disable=inconsistent-return-statements - self, - resource_group_name: str, - workspace_name: str, - sentinel_onboarding_state_name: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, sentinel_onboarding_state_name: str, **kwargs: Any ) -> None: """Delete Sentinel onboarding state. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str :param sentinel_onboarding_state_name: The Sentinel onboarding state name. Supports - default. + Required. :type sentinel_onboarding_state_name: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: None, or the result of cls(response) + :return: None or the result of cls(response) :rtype: None - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[None] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] - request = build_delete_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, sentinel_onboarding_state_name=sentinel_onboarding_state_name, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.delete.metadata['url'], + template_url=self.delete.metadata["url"], headers=_headers, params=_params, ) @@ -404,10 +468,9 @@ def delete( # pylint: disable=inconsistent-return-statements request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 204]: @@ -417,45 +480,39 @@ def delete( # pylint: disable=inconsistent-return-statements if cls: return cls(pipeline_response, None, {}) - delete.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}"} # type: ignore - + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates/{sentinelOnboardingStateName}"} # type: ignore @distributed_trace def list( - self, - resource_group_name: str, - workspace_name: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, **kwargs: Any ) -> _models.SentinelOnboardingStatesList: """Gets all Sentinel onboarding states. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: SentinelOnboardingStatesList, or the result of cls(response) + :return: SentinelOnboardingStatesList or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.SentinelOnboardingStatesList - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.SentinelOnboardingStatesList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.SentinelOnboardingStatesList] - request = build_list_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.list.metadata['url'], + template_url=self.list.metadata["url"], headers=_headers, params=_params, ) @@ -463,22 +520,20 @@ def list( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('SentinelOnboardingStatesList', pipeline_response) + deserialized = self._deserialize("SentinelOnboardingStatesList", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - list.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates"} # type: ignore - + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/onboardingStates"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_source_control_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_source_control_operations.py new file mode 100644 index 000000000000..c88ef9087287 --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_source_control_operations.py @@ -0,0 +1,178 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, Iterable, Optional, TypeVar, Union +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request, _format_url_section + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_repositories_request( + resource_group_name: str, + workspace_name: str, + subscription_id: str, + *, + json: Union[str, "_models.RepoType"], + **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/listRepositories", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, json=json, **kwargs) + + +class SourceControlOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`source_control` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list_repositories( + self, resource_group_name: str, workspace_name: str, repo_type: Union[str, "_models.RepoType"], **kwargs: Any + ) -> Iterable["_models.Repo"]: + """Gets a list of repositories metadata. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param repo_type: The repo type. Known values are: "Github" and "DevOps". Required. + :type repo_type: str or ~azure.mgmt.securityinsight.models.RepoType + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either Repo or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.Repo] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", "application/json")) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.RepoList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + _json = self._serialize.body(repo_type, "str") + + request = build_list_repositories_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + template_url=self.list_repositories.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + else: + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("RepoList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list_repositories.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/listRepositories"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_source_controls_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_source_controls_operations.py new file mode 100644 index 000000000000..ae3f4cb2122f --- /dev/null +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_source_controls_operations.py @@ -0,0 +1,528 @@ +# pylint: disable=too-many-lines +# coding=utf-8 +# -------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See License.txt in the project root for license information. +# Code generated by Microsoft (R) AutoRest Code Generator. +# Changes may cause incorrect behavior and will be lost if the code is regenerated. +# -------------------------------------------------------------------------- +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) +from azure.core.paging import ItemPaged +from azure.core.pipeline import PipelineResponse +from azure.core.pipeline.transport import HttpResponse +from azure.core.rest import HttpRequest +from azure.core.tracing.decorator import distributed_trace +from azure.core.utils import case_insensitive_dict +from azure.mgmt.core.exceptions import ARMErrorFormat + +from .. import models as _models +from .._serialization import Serializer +from .._vendor import _convert_request, _format_url_section + +T = TypeVar("T") +ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] + +_SERIALIZER = Serializer() +_SERIALIZER.client_side_validation = False + + +def build_list_request( + resource_group_name: str, workspace_name: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_get_request( + resource_group_name: str, workspace_name: str, source_control_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "sourceControlId": _SERIALIZER.url("source_control_id", source_control_id, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_delete_request( + resource_group_name: str, workspace_name: str, source_control_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "sourceControlId": _SERIALIZER.url("source_control_id", source_control_id, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) + + +def build_create_request( + resource_group_name: str, workspace_name: str, source_control_id: str, subscription_id: str, **kwargs: Any +) -> HttpRequest: + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + accept = _headers.pop("Accept", "application/json") + + # Construct URL + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}", + ) # pylint: disable=line-too-long + path_format_arguments = { + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "sourceControlId": _SERIALIZER.url("source_control_id", source_control_id, "str"), + } + + _url = _format_url_section(_url, **path_format_arguments) + + # Construct parameters + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") + + # Construct headers + if content_type is not None: + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) + + +class SourceControlsOperations: + """ + .. warning:: + **DO NOT** instantiate this class directly. + + Instead, you should access the following operations through + :class:`~azure.mgmt.securityinsight.SecurityInsights`'s + :attr:`source_controls` attribute. + """ + + models = _models + + def __init__(self, *args, **kwargs): + input_args = list(args) + self._client = input_args.pop(0) if input_args else kwargs.pop("client") + self._config = input_args.pop(0) if input_args else kwargs.pop("config") + self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") + self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") + + @distributed_trace + def list(self, resource_group_name: str, workspace_name: str, **kwargs: Any) -> Iterable["_models.SourceControl"]: + """Gets all source controls, without source control items. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either SourceControl or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.SourceControl] + :raises ~azure.core.exceptions.HttpResponseError: + """ + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.SourceControlList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + def prepare_request(next_link=None): + if not next_link: + + request = build_list_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.list.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + else: + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + request.method = "GET" + return request + + def extract_data(pipeline_response): + deserialized = self._deserialize("SourceControlList", pipeline_response) + list_of_elem = deserialized.value + if cls: + list_of_elem = cls(list_of_elem) + return deserialized.next_link or None, iter(list_of_elem) + + def get_next(next_link=None): + request = prepare_request(next_link) + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + return pipeline_response + + return ItemPaged(get_next, extract_data) + + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols"} # type: ignore + + @distributed_trace + def get( + self, resource_group_name: str, workspace_name: str, source_control_id: str, **kwargs: Any + ) -> _models.SourceControl: + """Gets a source control byt its identifier. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param source_control_id: Source control Id. Required. + :type source_control_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: SourceControl or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.SourceControl + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.SourceControl] + + request = build_get_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + source_control_id=source_control_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.get.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + deserialized = self._deserialize("SourceControl", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}"} # type: ignore + + @distributed_trace + def delete( # pylint: disable=inconsistent-return-statements + self, resource_group_name: str, workspace_name: str, source_control_id: str, **kwargs: Any + ) -> None: + """Delete a source control. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param source_control_id: Source control Id. Required. + :type source_control_id: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = kwargs.pop("headers", {}) or {} + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] + + request = build_delete_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + source_control_id=source_control_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + template_url=self.delete.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 204]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if cls: + return cls(pipeline_response, None, {}) + + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}"} # type: ignore + + @overload + def create( + self, + resource_group_name: str, + workspace_name: str, + source_control_id: str, + source_control: _models.SourceControl, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.SourceControl: + """Creates a source control. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param source_control_id: Source control Id. Required. + :type source_control_id: str + :param source_control: The SourceControl. Required. + :type source_control: ~azure.mgmt.securityinsight.models.SourceControl + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: SourceControl or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.SourceControl + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def create( + self, + resource_group_name: str, + workspace_name: str, + source_control_id: str, + source_control: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.SourceControl: + """Creates a source control. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param source_control_id: Source control Id. Required. + :type source_control_id: str + :param source_control: The SourceControl. Required. + :type source_control: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: SourceControl or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.SourceControl + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def create( + self, + resource_group_name: str, + workspace_name: str, + source_control_id: str, + source_control: Union[_models.SourceControl, IO], + **kwargs: Any + ) -> _models.SourceControl: + """Creates a source control. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param source_control_id: Source control Id. Required. + :type source_control_id: str + :param source_control: The SourceControl. Is either a model type or a IO type. Required. + :type source_control: ~azure.mgmt.securityinsight.models.SourceControl or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: SourceControl or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.SourceControl + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + + _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) + _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) + + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.SourceControl] + + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(source_control, (IO, bytes)): + _content = source_control + else: + _json = self._serialize.body(source_control, "SourceControl") + + request = build_create_request( + resource_group_name=resource_group_name, + workspace_name=workspace_name, + source_control_id=source_control_id, + subscription_id=self._config.subscription_id, + api_version=api_version, + content_type=content_type, + json=_json, + content=_content, + template_url=self.create.metadata["url"], + headers=_headers, + params=_params, + ) + request = _convert_request(request) + request.url = self._client.format_url(request.url) # type: ignore + + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs + ) + + response = pipeline_response.http_response + + if response.status_code not in [200, 201]: + map_error(status_code=response.status_code, response=response, error_map=error_map) + raise HttpResponseError(response=response, error_format=ARMErrorFormat) + + if response.status_code == 200: + deserialized = self._deserialize("SourceControl", pipeline_response) + + if response.status_code == 201: + deserialized = self._deserialize("SourceControl", pipeline_response) + + if cls: + return cls(pipeline_response, deserialized, {}) + + return deserialized + + create.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/sourcecontrols/{sourceControlId}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicator_metrics_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicator_metrics_operations.py index 157b7803b9e3..ea1d7bf13626 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicator_metrics_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicator_metrics_operations.py @@ -8,9 +8,13 @@ # -------------------------------------------------------------------------- from typing import Any, Callable, Dict, Optional, TypeVar -from msrest import Serializer - -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) from azure.core.pipeline import PipelineResponse from azure.core.pipeline.transport import HttpResponse from azure.core.rest import HttpRequest @@ -19,48 +23,48 @@ from azure.mgmt.core.exceptions import ARMErrorFormat from .. import models as _models +from .._serialization import Serializer from .._vendor import _convert_request, _format_url_section -T = TypeVar('T') + +T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] _SERIALIZER = Serializer() _SERIALIZER.client_side_validation = False + def build_list_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - **kwargs: Any + resource_group_name: str, workspace_name: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/metrics") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/metrics", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) - return HttpRequest( - method="GET", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) class ThreatIntelligenceIndicatorMetricsOperations: """ @@ -81,43 +85,37 @@ def __init__(self, *args, **kwargs): self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - @distributed_trace def list( - self, - resource_group_name: str, - workspace_name: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, **kwargs: Any ) -> _models.ThreatIntelligenceMetricsList: """Get threat intelligence indicators metrics (Indicators counts by Type, Threat Type, Source). :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: ThreatIntelligenceMetricsList, or the result of cls(response) + :return: ThreatIntelligenceMetricsList or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.ThreatIntelligenceMetricsList - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.ThreatIntelligenceMetricsList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.ThreatIntelligenceMetricsList] - request = build_list_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.list.metadata['url'], + template_url=self.list.metadata["url"], headers=_headers, params=_params, ) @@ -125,22 +123,20 @@ def list( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('ThreatIntelligenceMetricsList', pipeline_response) + deserialized = self._deserialize("ThreatIntelligenceMetricsList", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - list.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/metrics"} # type: ignore - + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/metrics"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicator_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicator_operations.py index ea16e1457dd2..6daaf67384a5 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicator_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicator_operations.py @@ -6,11 +6,16 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -from typing import Any, Callable, Dict, Iterable, Optional, TypeVar - -from msrest import Serializer - -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) from azure.core.paging import ItemPaged from azure.core.pipeline import PipelineResponse from azure.core.pipeline.transport import HttpResponse @@ -20,320 +25,266 @@ from azure.mgmt.core.exceptions import ARMErrorFormat from .. import models as _models +from .._serialization import Serializer from .._vendor import _convert_request, _format_url_section -T = TypeVar('T') + +T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] _SERIALIZER = Serializer() _SERIALIZER.client_side_validation = False + def build_create_indicator_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - *, - json: Optional[_models.ThreatIntelligenceIndicatorModel] = None, - content: Any = None, - **kwargs: Any + resource_group_name: str, workspace_name: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', None)) # type: Optional[str] - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/createIndicator") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/createIndicator", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers if content_type is not None: - _headers['Content-Type'] = _SERIALIZER.header("content_type", content_type, 'str') - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="POST", - url=_url, - params=_params, - headers=_headers, - json=json, - content=content, - **kwargs - ) + return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, **kwargs) def build_get_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - name: str, - **kwargs: Any + resource_group_name: str, workspace_name: str, name: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "name": _SERIALIZER.url("name", name, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "name": _SERIALIZER.url("name", name, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="GET", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) def build_create_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - name: str, - *, - json: Optional[_models.ThreatIntelligenceIndicatorModel] = None, - content: Any = None, - **kwargs: Any + resource_group_name: str, workspace_name: str, name: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', None)) # type: Optional[str] - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "name": _SERIALIZER.url("name", name, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "name": _SERIALIZER.url("name", name, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers if content_type is not None: - _headers['Content-Type'] = _SERIALIZER.header("content_type", content_type, 'str') - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="PUT", - url=_url, - params=_params, - headers=_headers, - json=json, - content=content, - **kwargs - ) + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) def build_delete_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - name: str, - **kwargs: Any + resource_group_name: str, workspace_name: str, name: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "name": _SERIALIZER.url("name", name, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "name": _SERIALIZER.url("name", name, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="DELETE", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) def build_query_indicators_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - *, - json: Optional[_models.ThreatIntelligenceFilteringCriteria] = None, - content: Any = None, - **kwargs: Any + resource_group_name: str, workspace_name: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', None)) # type: Optional[str] - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/queryIndicators") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/queryIndicators", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers if content_type is not None: - _headers['Content-Type'] = _SERIALIZER.header("content_type", content_type, 'str') - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="POST", - url=_url, - params=_params, - headers=_headers, - json=json, - content=content, - **kwargs - ) + return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, **kwargs) def build_append_tags_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - name: str, - *, - json: Optional[_models.ThreatIntelligenceAppendTags] = None, - content: Any = None, - **kwargs: Any + resource_group_name: str, workspace_name: str, name: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', None)) # type: Optional[str] - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/appendTags") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/appendTags", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "name": _SERIALIZER.url("name", name, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "name": _SERIALIZER.url("name", name, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers if content_type is not None: - _headers['Content-Type'] = _SERIALIZER.header("content_type", content_type, 'str') - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="POST", - url=_url, - params=_params, - headers=_headers, - json=json, - content=content, - **kwargs - ) + return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, **kwargs) def build_replace_tags_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - name: str, - *, - json: Optional[_models.ThreatIntelligenceIndicatorModel] = None, - content: Any = None, - **kwargs: Any + resource_group_name: str, workspace_name: str, name: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', None)) # type: Optional[str] - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/replaceTags") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/replaceTags", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "name": _SERIALIZER.url("name", name, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "name": _SERIALIZER.url("name", name, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers if content_type is not None: - _headers['Content-Type'] = _SERIALIZER.header("content_type", content_type, 'str') - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') - - return HttpRequest( - method="POST", - url=_url, - params=_params, - headers=_headers, - json=json, - content=content, - **kwargs - ) + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="POST", url=_url, params=_params, headers=_headers, **kwargs) + class ThreatIntelligenceIndicatorOperations: """ @@ -354,52 +305,119 @@ def __init__(self, *args, **kwargs): self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - - @distributed_trace + @overload def create_indicator( self, resource_group_name: str, workspace_name: str, threat_intelligence_properties: _models.ThreatIntelligenceIndicatorModel, + *, + content_type: str = "application/json", **kwargs: Any ) -> _models.ThreatIntelligenceInformation: """Create a new threat intelligence indicator. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str :param threat_intelligence_properties: Properties of threat intelligence indicators to create - and update. + and update. Required. :type threat_intelligence_properties: ~azure.mgmt.securityinsight.models.ThreatIntelligenceIndicatorModel + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: ThreatIntelligenceInformation, or the result of cls(response) + :return: ThreatIntelligenceInformation or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + + @overload + def create_indicator( + self, + resource_group_name: str, + workspace_name: str, + threat_intelligence_properties: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.ThreatIntelligenceInformation: + """Create a new threat intelligence indicator. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param threat_intelligence_properties: Properties of threat intelligence indicators to create + and update. Required. + :type threat_intelligence_properties: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ThreatIntelligenceInformation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def create_indicator( + self, + resource_group_name: str, + workspace_name: str, + threat_intelligence_properties: Union[_models.ThreatIntelligenceIndicatorModel, IO], + **kwargs: Any + ) -> _models.ThreatIntelligenceInformation: + """Create a new threat intelligence indicator. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param threat_intelligence_properties: Properties of threat intelligence indicators to create + and update. Is either a model type or a IO type. Required. + :type threat_intelligence_properties: + ~azure.mgmt.securityinsight.models.ThreatIntelligenceIndicatorModel or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ThreatIntelligenceInformation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', "application/json")) # type: Optional[str] - cls = kwargs.pop('cls', None) # type: ClsType[_models.ThreatIntelligenceInformation] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.ThreatIntelligenceInformation] - _json = self._serialize.body(threat_intelligence_properties, 'ThreatIntelligenceIndicatorModel') + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(threat_intelligence_properties, (IO, bytes)): + _content = threat_intelligence_properties + else: + _json = self._serialize.body(threat_intelligence_properties, "ThreatIntelligenceIndicatorModel") request = build_create_indicator_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, + subscription_id=self._config.subscription_id, api_version=api_version, content_type=content_type, json=_json, - template_url=self.create_indicator.metadata['url'], + content=_content, + template_url=self.create_indicator.metadata["url"], headers=_headers, params=_params, ) @@ -407,10 +425,9 @@ def create_indicator( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 201]: @@ -418,59 +435,52 @@ def create_indicator( raise HttpResponseError(response=response, error_format=ARMErrorFormat) if response.status_code == 200: - deserialized = self._deserialize('ThreatIntelligenceInformation', pipeline_response) + deserialized = self._deserialize("ThreatIntelligenceInformation", pipeline_response) if response.status_code == 201: - deserialized = self._deserialize('ThreatIntelligenceInformation', pipeline_response) + deserialized = self._deserialize("ThreatIntelligenceInformation", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - create_indicator.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/createIndicator"} # type: ignore - + create_indicator.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/createIndicator"} # type: ignore @distributed_trace def get( - self, - resource_group_name: str, - workspace_name: str, - name: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, name: str, **kwargs: Any ) -> _models.ThreatIntelligenceInformation: """View a threat intelligence indicator by name. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param name: Threat intelligence indicator name field. + :param name: Threat intelligence indicator name field. Required. :type name: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: ThreatIntelligenceInformation, or the result of cls(response) + :return: ThreatIntelligenceInformation or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.ThreatIntelligenceInformation] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.ThreatIntelligenceInformation] - request = build_get_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, name=name, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.get.metadata['url'], + template_url=self.get.metadata["url"], headers=_headers, params=_params, ) @@ -478,75 +488,147 @@ def get( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('ThreatIntelligenceInformation', pipeline_response) + deserialized = self._deserialize("ThreatIntelligenceInformation", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - get.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}"} # type: ignore + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}"} # type: ignore - - @distributed_trace + @overload def create( self, resource_group_name: str, workspace_name: str, name: str, threat_intelligence_properties: _models.ThreatIntelligenceIndicatorModel, + *, + content_type: str = "application/json", **kwargs: Any ) -> _models.ThreatIntelligenceInformation: """Update a threat Intelligence indicator. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param name: Threat intelligence indicator name field. + :param name: Threat intelligence indicator name field. Required. :type name: str :param threat_intelligence_properties: Properties of threat intelligence indicators to create - and update. + and update. Required. :type threat_intelligence_properties: ~azure.mgmt.securityinsight.models.ThreatIntelligenceIndicatorModel + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: ThreatIntelligenceInformation, or the result of cls(response) + :return: ThreatIntelligenceInformation or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + + @overload + def create( + self, + resource_group_name: str, + workspace_name: str, + name: str, + threat_intelligence_properties: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.ThreatIntelligenceInformation: + """Update a threat Intelligence indicator. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param name: Threat intelligence indicator name field. Required. + :type name: str + :param threat_intelligence_properties: Properties of threat intelligence indicators to create + and update. Required. + :type threat_intelligence_properties: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ThreatIntelligenceInformation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def create( + self, + resource_group_name: str, + workspace_name: str, + name: str, + threat_intelligence_properties: Union[_models.ThreatIntelligenceIndicatorModel, IO], + **kwargs: Any + ) -> _models.ThreatIntelligenceInformation: + """Update a threat Intelligence indicator. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param name: Threat intelligence indicator name field. Required. + :type name: str + :param threat_intelligence_properties: Properties of threat intelligence indicators to create + and update. Is either a model type or a IO type. Required. + :type threat_intelligence_properties: + ~azure.mgmt.securityinsight.models.ThreatIntelligenceIndicatorModel or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ThreatIntelligenceInformation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', "application/json")) # type: Optional[str] - cls = kwargs.pop('cls', None) # type: ClsType[_models.ThreatIntelligenceInformation] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.ThreatIntelligenceInformation] - _json = self._serialize.body(threat_intelligence_properties, 'ThreatIntelligenceIndicatorModel') + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(threat_intelligence_properties, (IO, bytes)): + _content = threat_intelligence_properties + else: + _json = self._serialize.body(threat_intelligence_properties, "ThreatIntelligenceIndicatorModel") request = build_create_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, name=name, + subscription_id=self._config.subscription_id, api_version=api_version, content_type=content_type, json=_json, - template_url=self.create.metadata['url'], + content=_content, + template_url=self.create.metadata["url"], headers=_headers, params=_params, ) @@ -554,10 +636,9 @@ def create( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 201]: @@ -565,59 +646,52 @@ def create( raise HttpResponseError(response=response, error_format=ARMErrorFormat) if response.status_code == 200: - deserialized = self._deserialize('ThreatIntelligenceInformation', pipeline_response) + deserialized = self._deserialize("ThreatIntelligenceInformation", pipeline_response) if response.status_code == 201: - deserialized = self._deserialize('ThreatIntelligenceInformation', pipeline_response) + deserialized = self._deserialize("ThreatIntelligenceInformation", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - create.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}"} # type: ignore - + create.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}"} # type: ignore @distributed_trace def delete( # pylint: disable=inconsistent-return-statements - self, - resource_group_name: str, - workspace_name: str, - name: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, name: str, **kwargs: Any ) -> None: """Delete a threat intelligence indicator. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param name: Threat intelligence indicator name field. + :param name: Threat intelligence indicator name field. Required. :type name: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: None, or the result of cls(response) + :return: None or the result of cls(response) :rtype: None - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[None] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] - request = build_delete_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, name=name, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.delete.metadata['url'], + template_url=self.delete.metadata["url"], headers=_headers, params=_params, ) @@ -625,10 +699,9 @@ def delete( # pylint: disable=inconsistent-return-statements request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 204]: @@ -638,57 +711,129 @@ def delete( # pylint: disable=inconsistent-return-statements if cls: return cls(pipeline_response, None, {}) - delete.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}"} # type: ignore + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}"} # type: ignore - - @distributed_trace + @overload def query_indicators( self, resource_group_name: str, workspace_name: str, threat_intelligence_filtering_criteria: _models.ThreatIntelligenceFilteringCriteria, + *, + content_type: str = "application/json", **kwargs: Any - ) -> Iterable[_models.ThreatIntelligenceInformationList]: + ) -> Iterable["_models.ThreatIntelligenceInformation"]: """Query threat intelligence indicators as per filtering criteria. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str :param threat_intelligence_filtering_criteria: Filtering criteria for querying threat - intelligence indicators. + intelligence indicators. Required. :type threat_intelligence_filtering_criteria: ~azure.mgmt.securityinsight.models.ThreatIntelligenceFilteringCriteria + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either ThreatIntelligenceInformation or the result of + cls(response) + :rtype: + ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation] + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def query_indicators( + self, + resource_group_name: str, + workspace_name: str, + threat_intelligence_filtering_criteria: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> Iterable["_models.ThreatIntelligenceInformation"]: + """Query threat intelligence indicators as per filtering criteria. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param threat_intelligence_filtering_criteria: Filtering criteria for querying threat + intelligence indicators. Required. + :type threat_intelligence_filtering_criteria: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either ThreatIntelligenceInformationList or the result of + :return: An iterator like instance of either ThreatIntelligenceInformation or the result of cls(response) :rtype: - ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.ThreatIntelligenceInformationList] - :raises: ~azure.core.exceptions.HttpResponseError + ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation] + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def query_indicators( + self, + resource_group_name: str, + workspace_name: str, + threat_intelligence_filtering_criteria: Union[_models.ThreatIntelligenceFilteringCriteria, IO], + **kwargs: Any + ) -> Iterable["_models.ThreatIntelligenceInformation"]: + """Query threat intelligence indicators as per filtering criteria. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param threat_intelligence_filtering_criteria: Filtering criteria for querying threat + intelligence indicators. Is either a model type or a IO type. Required. + :type threat_intelligence_filtering_criteria: + ~azure.mgmt.securityinsight.models.ThreatIntelligenceFilteringCriteria or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: An iterator like instance of either ThreatIntelligenceInformation or the result of + cls(response) + :rtype: + ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation] + :raises ~azure.core.exceptions.HttpResponseError: """ _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', "application/json")) # type: Optional[str] - cls = kwargs.pop('cls', None) # type: ClsType[_models.ThreatIntelligenceInformationList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.ThreatIntelligenceInformationList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(threat_intelligence_filtering_criteria, (IO, bytes)): + _content = threat_intelligence_filtering_criteria + else: + _json = self._serialize.body(threat_intelligence_filtering_criteria, "ThreatIntelligenceFilteringCriteria") - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) def prepare_request(next_link=None): if not next_link: - _json = self._serialize.body(threat_intelligence_filtering_criteria, 'ThreatIntelligenceFilteringCriteria') - + request = build_query_indicators_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, + subscription_id=self._config.subscription_id, api_version=api_version, content_type=content_type, json=_json, - template_url=self.query_indicators.metadata['url'], + content=_content, + template_url=self.query_indicators.metadata["url"], headers=_headers, params=_params, ) @@ -696,19 +841,11 @@ def prepare_request(next_link=None): request.url = self._client.format_url(request.url) # type: ignore else: - _json = self._serialize.body(threat_intelligence_filtering_criteria, 'ThreatIntelligenceFilteringCriteria') - - request = build_query_indicators_request( - subscription_id=self._config.subscription_id, - resource_group_name=resource_group_name, - workspace_name=workspace_name, - api_version=api_version, - content_type=content_type, - json=_json, - template_url=next_link, - headers=_headers, - params=_params, - ) + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) request = _convert_request(request) request.url = self._client.format_url(request.url) # type: ignore request.method = "GET" @@ -724,10 +861,8 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) - pipeline_response = self._client._pipeline.run( # pylint: disable=protected-access - request, - stream=False, - **kwargs + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs ) response = pipeline_response.http_response @@ -737,60 +872,133 @@ def get_next(next_link=None): return pipeline_response + return ItemPaged(get_next, extract_data) - return ItemPaged( - get_next, extract_data - ) - query_indicators.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/queryIndicators"} # type: ignore + query_indicators.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/queryIndicators"} # type: ignore - @distributed_trace + @overload def append_tags( # pylint: disable=inconsistent-return-statements self, resource_group_name: str, workspace_name: str, name: str, threat_intelligence_append_tags: _models.ThreatIntelligenceAppendTags, + *, + content_type: str = "application/json", **kwargs: Any ) -> None: """Append tags to a threat intelligence indicator. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param name: Threat intelligence indicator name field. + :param name: Threat intelligence indicator name field. Required. :type name: str :param threat_intelligence_append_tags: The threat intelligence append tags request body. + Required. :type threat_intelligence_append_tags: ~azure.mgmt.securityinsight.models.ThreatIntelligenceAppendTags + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def append_tags( # pylint: disable=inconsistent-return-statements + self, + resource_group_name: str, + workspace_name: str, + name: str, + threat_intelligence_append_tags: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> None: + """Append tags to a threat intelligence indicator. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param name: Threat intelligence indicator name field. Required. + :type name: str + :param threat_intelligence_append_tags: The threat intelligence append tags request body. + Required. + :type threat_intelligence_append_tags: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: None, or the result of cls(response) + :return: None or the result of cls(response) :rtype: None - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + + @distributed_trace + def append_tags( # pylint: disable=inconsistent-return-statements + self, + resource_group_name: str, + workspace_name: str, + name: str, + threat_intelligence_append_tags: Union[_models.ThreatIntelligenceAppendTags, IO], + **kwargs: Any + ) -> None: + """Append tags to a threat intelligence indicator. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param name: Threat intelligence indicator name field. Required. + :type name: str + :param threat_intelligence_append_tags: The threat intelligence append tags request body. Is + either a model type or a IO type. Required. + :type threat_intelligence_append_tags: + ~azure.mgmt.securityinsight.models.ThreatIntelligenceAppendTags or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: None or the result of cls(response) + :rtype: None + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', "application/json")) # type: Optional[str] - cls = kwargs.pop('cls', None) # type: ClsType[None] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[None] - _json = self._serialize.body(threat_intelligence_append_tags, 'ThreatIntelligenceAppendTags') + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(threat_intelligence_append_tags, (IO, bytes)): + _content = threat_intelligence_append_tags + else: + _json = self._serialize.body(threat_intelligence_append_tags, "ThreatIntelligenceAppendTags") request = build_append_tags_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, name=name, + subscription_id=self._config.subscription_id, api_version=api_version, content_type=content_type, json=_json, - template_url=self.append_tags.metadata['url'], + content=_content, + template_url=self.append_tags.metadata["url"], headers=_headers, params=_params, ) @@ -798,10 +1006,9 @@ def append_tags( # pylint: disable=inconsistent-return-statements request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: @@ -811,58 +1018,131 @@ def append_tags( # pylint: disable=inconsistent-return-statements if cls: return cls(pipeline_response, None, {}) - append_tags.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/appendTags"} # type: ignore - + append_tags.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/appendTags"} # type: ignore - @distributed_trace + @overload def replace_tags( self, resource_group_name: str, workspace_name: str, name: str, threat_intelligence_replace_tags: _models.ThreatIntelligenceIndicatorModel, + *, + content_type: str = "application/json", **kwargs: Any ) -> _models.ThreatIntelligenceInformation: """Replace tags added to a threat intelligence indicator. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param name: Threat intelligence indicator name field. + :param name: Threat intelligence indicator name field. Required. :type name: str :param threat_intelligence_replace_tags: Tags in the threat intelligence indicator to be - replaced. + replaced. Required. :type threat_intelligence_replace_tags: ~azure.mgmt.securityinsight.models.ThreatIntelligenceIndicatorModel + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ThreatIntelligenceInformation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def replace_tags( + self, + resource_group_name: str, + workspace_name: str, + name: str, + threat_intelligence_replace_tags: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.ThreatIntelligenceInformation: + """Replace tags added to a threat intelligence indicator. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param name: Threat intelligence indicator name field. Required. + :type name: str + :param threat_intelligence_replace_tags: Tags in the threat intelligence indicator to be + replaced. Required. + :type threat_intelligence_replace_tags: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: ThreatIntelligenceInformation or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @distributed_trace + def replace_tags( + self, + resource_group_name: str, + workspace_name: str, + name: str, + threat_intelligence_replace_tags: Union[_models.ThreatIntelligenceIndicatorModel, IO], + **kwargs: Any + ) -> _models.ThreatIntelligenceInformation: + """Replace tags added to a threat intelligence indicator. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param name: Threat intelligence indicator name field. Required. + :type name: str + :param threat_intelligence_replace_tags: Tags in the threat intelligence indicator to be + replaced. Is either a model type or a IO type. Required. + :type threat_intelligence_replace_tags: + ~azure.mgmt.securityinsight.models.ThreatIntelligenceIndicatorModel or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: ThreatIntelligenceInformation, or the result of cls(response) + :return: ThreatIntelligenceInformation or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', "application/json")) # type: Optional[str] - cls = kwargs.pop('cls', None) # type: ClsType[_models.ThreatIntelligenceInformation] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.ThreatIntelligenceInformation] - _json = self._serialize.body(threat_intelligence_replace_tags, 'ThreatIntelligenceIndicatorModel') + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(threat_intelligence_replace_tags, (IO, bytes)): + _content = threat_intelligence_replace_tags + else: + _json = self._serialize.body(threat_intelligence_replace_tags, "ThreatIntelligenceIndicatorModel") request = build_replace_tags_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, name=name, + subscription_id=self._config.subscription_id, api_version=api_version, content_type=content_type, json=_json, - template_url=self.replace_tags.metadata['url'], + content=_content, + template_url=self.replace_tags.metadata["url"], headers=_headers, params=_params, ) @@ -870,22 +1150,20 @@ def replace_tags( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('ThreatIntelligenceInformation', pipeline_response) + deserialized = self._deserialize("ThreatIntelligenceInformation", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - replace_tags.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/replaceTags"} # type: ignore - + replace_tags.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators/{name}/replaceTags"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicators_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicators_operations.py index e3799f80404a..17afdce7e7b1 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicators_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_threat_intelligence_indicators_operations.py @@ -7,10 +7,15 @@ # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- from typing import Any, Callable, Dict, Iterable, Optional, TypeVar - -from msrest import Serializer - -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) from azure.core.paging import ItemPaged from azure.core.pipeline import PipelineResponse from azure.core.pipeline.transport import HttpResponse @@ -20,61 +25,64 @@ from azure.mgmt.core.exceptions import ARMErrorFormat from .. import models as _models +from .._serialization import Serializer from .._vendor import _convert_request, _format_url_section -T = TypeVar('T') + +T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] _SERIALIZER = Serializer() _SERIALIZER.client_side_validation = False + def build_list_request( - subscription_id: str, resource_group_name: str, workspace_name: str, + subscription_id: str, *, filter: Optional[str] = None, + orderby: Optional[str] = None, top: Optional[int] = None, skip_token: Optional[str] = None, - orderby: Optional[str] = None, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") if filter is not None: - _params['$filter'] = _SERIALIZER.query("filter", filter, 'str') + _params["$filter"] = _SERIALIZER.query("filter", filter, "str") + if orderby is not None: + _params["$orderby"] = _SERIALIZER.query("orderby", orderby, "str") if top is not None: - _params['$top'] = _SERIALIZER.query("top", top, 'int') + _params["$top"] = _SERIALIZER.query("top", top, "int") if skip_token is not None: - _params['$skipToken'] = _SERIALIZER.query("skip_token", skip_token, 'str') - if orderby is not None: - _params['$orderby'] = _SERIALIZER.query("orderby", orderby, 'str') + _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) - return HttpRequest( - method="GET", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) class ThreatIntelligenceIndicatorsOperations: """ @@ -95,27 +103,29 @@ def __init__(self, *args, **kwargs): self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - @distributed_trace def list( self, resource_group_name: str, workspace_name: str, filter: Optional[str] = None, + orderby: Optional[str] = None, top: Optional[int] = None, skip_token: Optional[str] = None, - orderby: Optional[str] = None, **kwargs: Any - ) -> Iterable[_models.ThreatIntelligenceInformationList]: + ) -> Iterable["_models.ThreatIntelligenceInformation"]: """Get all threat intelligence indicators. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str :param filter: Filters the results, based on a Boolean condition. Optional. Default value is None. :type filter: str + :param orderby: Sorts the results. Optional. Default value is None. + :type orderby: str :param top: Returns only the first n results. Optional. Default value is None. :type top: int :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If @@ -123,38 +133,35 @@ def list( a skiptoken parameter that specifies a starting point to use for subsequent calls. Optional. Default value is None. :type skip_token: str - :param orderby: Sorts the results. Optional. Default value is None. - :type orderby: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either ThreatIntelligenceInformationList or the result of + :return: An iterator like instance of either ThreatIntelligenceInformation or the result of cls(response) :rtype: - ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.ThreatIntelligenceInformationList] - :raises: ~azure.core.exceptions.HttpResponseError + ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.ThreatIntelligenceInformation] + :raises ~azure.core.exceptions.HttpResponseError: """ _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.ThreatIntelligenceInformationList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.ThreatIntelligenceInformationList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) def prepare_request(next_link=None): if not next_link: - + request = build_list_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, - api_version=api_version, + subscription_id=self._config.subscription_id, filter=filter, + orderby=orderby, top=top, skip_token=skip_token, - orderby=orderby, - template_url=self.list.metadata['url'], + api_version=api_version, + template_url=self.list.metadata["url"], headers=_headers, params=_params, ) @@ -162,20 +169,11 @@ def prepare_request(next_link=None): request.url = self._client.format_url(request.url) # type: ignore else: - - request = build_list_request( - subscription_id=self._config.subscription_id, - resource_group_name=resource_group_name, - workspace_name=workspace_name, - api_version=api_version, - filter=filter, - top=top, - skip_token=skip_token, - orderby=orderby, - template_url=next_link, - headers=_headers, - params=_params, - ) + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) request = _convert_request(request) request.url = self._client.format_url(request.url) # type: ignore request.method = "GET" @@ -191,10 +189,8 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) - pipeline_response = self._client._pipeline.run( # pylint: disable=protected-access - request, - stream=False, - **kwargs + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs ) response = pipeline_response.http_response @@ -204,8 +200,6 @@ def get_next(next_link=None): return pipeline_response + return ItemPaged(get_next, extract_data) - return ItemPaged( - get_next, extract_data - ) - list.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators"} # type: ignore + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/threatIntelligence/main/indicators"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_watchlist_items_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_watchlist_items_operations.py index 880d80a7cc24..223a25289b72 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_watchlist_items_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_watchlist_items_operations.py @@ -6,11 +6,16 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -from typing import Any, Callable, Dict, Iterable, Optional, TypeVar - -from msrest import Serializer - -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) from azure.core.paging import ItemPaged from azure.core.pipeline import PipelineResponse from azure.core.pipeline.transport import HttpResponse @@ -20,18 +25,21 @@ from azure.mgmt.core.exceptions import ARMErrorFormat from .. import models as _models +from .._serialization import Serializer from .._vendor import _convert_request, _format_url_section -T = TypeVar('T') + +T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] _SERIALIZER = Serializer() _SERIALIZER.client_side_validation = False + def build_list_request( - subscription_id: str, resource_group_name: str, workspace_name: str, watchlist_alias: str, + subscription_id: str, *, skip_token: Optional[str] = None, **kwargs: Any @@ -39,166 +47,158 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "watchlistAlias": _SERIALIZER.url("watchlist_alias", watchlist_alias, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "watchlistAlias": _SERIALIZER.url("watchlist_alias", watchlist_alias, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") if skip_token is not None: - _params['$skipToken'] = _SERIALIZER.query("skip_token", skip_token, 'str') + _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="GET", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) def build_get_request( - subscription_id: str, resource_group_name: str, workspace_name: str, watchlist_alias: str, watchlist_item_id: str, + subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "watchlistAlias": _SERIALIZER.url("watchlist_alias", watchlist_alias, 'str'), - "watchlistItemId": _SERIALIZER.url("watchlist_item_id", watchlist_item_id, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "watchlistAlias": _SERIALIZER.url("watchlist_alias", watchlist_alias, "str"), + "watchlistItemId": _SERIALIZER.url("watchlist_item_id", watchlist_item_id, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="GET", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) def build_delete_request( - subscription_id: str, resource_group_name: str, workspace_name: str, watchlist_alias: str, watchlist_item_id: str, + subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "watchlistAlias": _SERIALIZER.url("watchlist_alias", watchlist_alias, 'str'), - "watchlistItemId": _SERIALIZER.url("watchlist_item_id", watchlist_item_id, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "watchlistAlias": _SERIALIZER.url("watchlist_alias", watchlist_alias, "str"), + "watchlistItemId": _SERIALIZER.url("watchlist_item_id", watchlist_item_id, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="DELETE", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) def build_create_or_update_request( - subscription_id: str, resource_group_name: str, workspace_name: str, watchlist_alias: str, watchlist_item_id: str, - *, - json: Optional[_models.WatchlistItem] = None, - content: Any = None, + subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', None)) # type: Optional[str] - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "watchlistAlias": _SERIALIZER.url("watchlist_alias", watchlist_alias, 'str'), - "watchlistItemId": _SERIALIZER.url("watchlist_item_id", watchlist_item_id, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "watchlistAlias": _SERIALIZER.url("watchlist_alias", watchlist_alias, "str"), + "watchlistItemId": _SERIALIZER.url("watchlist_item_id", watchlist_item_id, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers if content_type is not None: - _headers['Content-Type'] = _SERIALIZER.header("content_type", content_type, 'str') - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') - - return HttpRequest( - method="PUT", - url=_url, - params=_params, - headers=_headers, - json=json, - content=content, - **kwargs - ) + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) + class WatchlistItemsOperations: """ @@ -219,7 +219,6 @@ def __init__(self, *args, **kwargs): self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - @distributed_trace def list( self, @@ -228,14 +227,15 @@ def list( watchlist_alias: str, skip_token: Optional[str] = None, **kwargs: Any - ) -> Iterable[_models.WatchlistItemList]: - """Get all watchlist Items. + ) -> Iterable["_models.WatchlistItem"]: + """Gets all watchlist Items. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: The watchlist alias. + :param watchlist_alias: Watchlist Alias. Required. :type watchlist_alias: str :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include @@ -243,31 +243,30 @@ def list( Default value is None. :type skip_token: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either WatchlistItemList or the result of cls(response) - :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.WatchlistItemList] - :raises: ~azure.core.exceptions.HttpResponseError + :return: An iterator like instance of either WatchlistItem or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.WatchlistItem] + :raises ~azure.core.exceptions.HttpResponseError: """ _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.WatchlistItemList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.WatchlistItemList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) def prepare_request(next_link=None): if not next_link: - + request = build_list_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, watchlist_alias=watchlist_alias, - api_version=api_version, + subscription_id=self._config.subscription_id, skip_token=skip_token, - template_url=self.list.metadata['url'], + api_version=api_version, + template_url=self.list.metadata["url"], headers=_headers, params=_params, ) @@ -275,18 +274,11 @@ def prepare_request(next_link=None): request.url = self._client.format_url(request.url) # type: ignore else: - - request = build_list_request( - subscription_id=self._config.subscription_id, - resource_group_name=resource_group_name, - workspace_name=workspace_name, - watchlist_alias=watchlist_alias, - api_version=api_version, - skip_token=skip_token, - template_url=next_link, - headers=_headers, - params=_params, - ) + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) request = _convert_request(request) request.url = self._client.format_url(request.url) # type: ignore request.method = "GET" @@ -302,10 +294,8 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) - pipeline_response = self._client._pipeline.run( # pylint: disable=protected-access - request, - stream=False, - **kwargs + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs ) response = pipeline_response.http_response @@ -315,56 +305,47 @@ def get_next(next_link=None): return pipeline_response + return ItemPaged(get_next, extract_data) - return ItemPaged( - get_next, extract_data - ) - list.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems"} # type: ignore + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems"} # type: ignore @distributed_trace def get( - self, - resource_group_name: str, - workspace_name: str, - watchlist_alias: str, - watchlist_item_id: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, watchlist_alias: str, watchlist_item_id: str, **kwargs: Any ) -> _models.WatchlistItem: - """Get a watchlist item. + """Gets a watchlist, without its watchlist items. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: The watchlist alias. + :param watchlist_alias: Watchlist Alias. Required. :type watchlist_alias: str - :param watchlist_item_id: The watchlist item id (GUID). + :param watchlist_item_id: Watchlist Item Id (GUID). Required. :type watchlist_item_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: WatchlistItem, or the result of cls(response) + :return: WatchlistItem or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.WatchlistItem - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.WatchlistItem] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.WatchlistItem] - request = build_get_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, watchlist_alias=watchlist_alias, watchlist_item_id=watchlist_item_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.get.metadata['url'], + template_url=self.get.metadata["url"], headers=_headers, params=_params, ) @@ -372,70 +353,61 @@ def get( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('WatchlistItem', pipeline_response) + deserialized = self._deserialize("WatchlistItem", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - get.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}"} # type: ignore - + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}"} # type: ignore @distributed_trace def delete( # pylint: disable=inconsistent-return-statements - self, - resource_group_name: str, - workspace_name: str, - watchlist_alias: str, - watchlist_item_id: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, watchlist_alias: str, watchlist_item_id: str, **kwargs: Any ) -> None: """Delete a watchlist item. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: The watchlist alias. + :param watchlist_alias: Watchlist Alias. Required. :type watchlist_alias: str - :param watchlist_item_id: The watchlist item id (GUID). + :param watchlist_item_id: Watchlist Item Id (GUID). Required. :type watchlist_item_id: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: None, or the result of cls(response) + :return: None or the result of cls(response) :rtype: None - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[None] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] - request = build_delete_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, watchlist_alias=watchlist_alias, watchlist_item_id=watchlist_item_id, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.delete.metadata['url'], + template_url=self.delete.metadata["url"], headers=_headers, params=_params, ) @@ -443,10 +415,9 @@ def delete( # pylint: disable=inconsistent-return-statements request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 204]: @@ -456,10 +427,9 @@ def delete( # pylint: disable=inconsistent-return-statements if cls: return cls(pipeline_response, None, {}) - delete.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}"} # type: ignore - + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}"} # type: ignore - @distributed_trace + @overload def create_or_update( self, resource_group_name: str, @@ -467,49 +437,126 @@ def create_or_update( watchlist_alias: str, watchlist_item_id: str, watchlist_item: _models.WatchlistItem, + *, + content_type: str = "application/json", **kwargs: Any ) -> _models.WatchlistItem: - """Create or update a watchlist item. + """Creates or updates a watchlist item. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: The watchlist alias. + :param watchlist_alias: Watchlist Alias. Required. :type watchlist_alias: str - :param watchlist_item_id: The watchlist item id (GUID). + :param watchlist_item_id: Watchlist Item Id (GUID). Required. :type watchlist_item_id: str - :param watchlist_item: The watchlist item. + :param watchlist_item: The watchlist item. Required. :type watchlist_item: ~azure.mgmt.securityinsight.models.WatchlistItem + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WatchlistItem or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WatchlistItem + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + watchlist_alias: str, + watchlist_item_id: str, + watchlist_item: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.WatchlistItem: + """Creates or updates a watchlist item. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param watchlist_alias: Watchlist Alias. Required. + :type watchlist_alias: str + :param watchlist_item_id: Watchlist Item Id (GUID). Required. + :type watchlist_item_id: str + :param watchlist_item: The watchlist item. Required. + :type watchlist_item: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: WatchlistItem, or the result of cls(response) + :return: WatchlistItem or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.WatchlistItem - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + + @distributed_trace + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + watchlist_alias: str, + watchlist_item_id: str, + watchlist_item: Union[_models.WatchlistItem, IO], + **kwargs: Any + ) -> _models.WatchlistItem: + """Creates or updates a watchlist item. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param watchlist_alias: Watchlist Alias. Required. + :type watchlist_alias: str + :param watchlist_item_id: Watchlist Item Id (GUID). Required. + :type watchlist_item_id: str + :param watchlist_item: The watchlist item. Is either a model type or a IO type. Required. + :type watchlist_item: ~azure.mgmt.securityinsight.models.WatchlistItem or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: WatchlistItem or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.WatchlistItem + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', "application/json")) # type: Optional[str] - cls = kwargs.pop('cls', None) # type: ClsType[_models.WatchlistItem] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.WatchlistItem] - _json = self._serialize.body(watchlist_item, 'WatchlistItem') + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(watchlist_item, (IO, bytes)): + _content = watchlist_item + else: + _json = self._serialize.body(watchlist_item, "WatchlistItem") request = build_create_or_update_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, watchlist_alias=watchlist_alias, watchlist_item_id=watchlist_item_id, + subscription_id=self._config.subscription_id, api_version=api_version, content_type=content_type, json=_json, - template_url=self.create_or_update.metadata['url'], + content=_content, + template_url=self.create_or_update.metadata["url"], headers=_headers, params=_params, ) @@ -517,10 +564,9 @@ def create_or_update( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 201]: @@ -528,15 +574,14 @@ def create_or_update( raise HttpResponseError(response=response, error_format=ARMErrorFormat) if response.status_code == 200: - deserialized = self._deserialize('WatchlistItem', pipeline_response) + deserialized = self._deserialize("WatchlistItem", pipeline_response) if response.status_code == 201: - deserialized = self._deserialize('WatchlistItem', pipeline_response) + deserialized = self._deserialize("WatchlistItem", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - create_or_update.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}"} # type: ignore - + create_or_update.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}/watchlistItems/{watchlistItemId}"} # type: ignore diff --git a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_watchlists_operations.py b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_watchlists_operations.py index a785a93a3d3b..55a0661035c8 100644 --- a/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_watchlists_operations.py +++ b/sdk/securityinsight/azure-mgmt-securityinsight/azure/mgmt/securityinsight/operations/_watchlists_operations.py @@ -6,11 +6,16 @@ # Code generated by Microsoft (R) AutoRest Code Generator. # Changes may cause incorrect behavior and will be lost if the code is regenerated. # -------------------------------------------------------------------------- -from typing import Any, Callable, Dict, Iterable, Optional, TypeVar - -from msrest import Serializer - -from azure.core.exceptions import ClientAuthenticationError, HttpResponseError, ResourceExistsError, ResourceNotFoundError, map_error +from typing import Any, Callable, Dict, IO, Iterable, Optional, TypeVar, Union, overload +from urllib.parse import parse_qs, urljoin, urlparse + +from azure.core.exceptions import ( + ClientAuthenticationError, + HttpResponseError, + ResourceExistsError, + ResourceNotFoundError, + map_error, +) from azure.core.paging import ItemPaged from azure.core.pipeline import PipelineResponse from azure.core.pipeline.transport import HttpResponse @@ -20,17 +25,20 @@ from azure.mgmt.core.exceptions import ARMErrorFormat from .. import models as _models +from .._serialization import Serializer from .._vendor import _convert_request, _format_url_section -T = TypeVar('T') + +T = TypeVar("T") ClsType = Optional[Callable[[PipelineResponse[HttpRequest, HttpResponse], T, Dict[str, Any]], Any]] _SERIALIZER = Serializer() _SERIALIZER.client_side_validation = False + def build_list_request( - subscription_id: str, resource_group_name: str, workspace_name: str, + subscription_id: str, *, skip_token: Optional[str] = None, **kwargs: Any @@ -38,159 +46,139 @@ def build_list_request( _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") if skip_token is not None: - _params['$skipToken'] = _SERIALIZER.query("skip_token", skip_token, 'str') + _params["$skipToken"] = _SERIALIZER.query("skip_token", skip_token, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="GET", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) def build_get_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - watchlist_alias: str, - **kwargs: Any + resource_group_name: str, workspace_name: str, watchlist_alias: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "watchlistAlias": _SERIALIZER.url("watchlist_alias", watchlist_alias, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "watchlistAlias": _SERIALIZER.url("watchlist_alias", watchlist_alias, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="GET", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) + return HttpRequest(method="GET", url=_url, params=_params, headers=_headers, **kwargs) def build_delete_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - watchlist_alias: str, - **kwargs: Any + resource_group_name: str, workspace_name: str, watchlist_alias: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "watchlistAlias": _SERIALIZER.url("watchlist_alias", watchlist_alias, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "watchlistAlias": _SERIALIZER.url("watchlist_alias", watchlist_alias, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") - return HttpRequest( - method="DELETE", - url=_url, - params=_params, - headers=_headers, - **kwargs - ) + return HttpRequest(method="DELETE", url=_url, params=_params, headers=_headers, **kwargs) def build_create_or_update_request( - subscription_id: str, - resource_group_name: str, - workspace_name: str, - watchlist_alias: str, - *, - json: Optional[_models.Watchlist] = None, - content: Any = None, - **kwargs: Any + resource_group_name: str, workspace_name: str, watchlist_alias: str, subscription_id: str, **kwargs: Any ) -> HttpRequest: _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', None)) # type: Optional[str] - accept = _headers.pop('Accept', "application/json") + api_version = kwargs.pop("api_version", _params.pop("api-version", "2022-09-01-preview")) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + accept = _headers.pop("Accept", "application/json") # Construct URL - _url = kwargs.pop("template_url", "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}") # pylint: disable=line-too-long + _url = kwargs.pop( + "template_url", + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}", + ) # pylint: disable=line-too-long path_format_arguments = { - "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, 'str', min_length=1), - "resourceGroupName": _SERIALIZER.url("resource_group_name", resource_group_name, 'str', max_length=90, min_length=1), - "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, 'str', max_length=90, min_length=1), - "watchlistAlias": _SERIALIZER.url("watchlist_alias", watchlist_alias, 'str'), + "subscriptionId": _SERIALIZER.url("subscription_id", subscription_id, "str", min_length=1), + "resourceGroupName": _SERIALIZER.url( + "resource_group_name", resource_group_name, "str", max_length=90, min_length=1 + ), + "workspaceName": _SERIALIZER.url("workspace_name", workspace_name, "str", max_length=90, min_length=1), + "watchlistAlias": _SERIALIZER.url("watchlist_alias", watchlist_alias, "str"), } _url = _format_url_section(_url, **path_format_arguments) # Construct parameters - _params['api-version'] = _SERIALIZER.query("api_version", api_version, 'str') + _params["api-version"] = _SERIALIZER.query("api_version", api_version, "str") # Construct headers if content_type is not None: - _headers['Content-Type'] = _SERIALIZER.header("content_type", content_type, 'str') - _headers['Accept'] = _SERIALIZER.header("accept", accept, 'str') - - return HttpRequest( - method="PUT", - url=_url, - params=_params, - headers=_headers, - json=json, - content=content, - **kwargs - ) + _headers["Content-Type"] = _SERIALIZER.header("content_type", content_type, "str") + _headers["Accept"] = _SERIALIZER.header("accept", accept, "str") + + return HttpRequest(method="PUT", url=_url, params=_params, headers=_headers, **kwargs) + class WatchlistsOperations: """ @@ -211,20 +199,16 @@ def __init__(self, *args, **kwargs): self._serialize = input_args.pop(0) if input_args else kwargs.pop("serializer") self._deserialize = input_args.pop(0) if input_args else kwargs.pop("deserializer") - @distributed_trace def list( - self, - resource_group_name: str, - workspace_name: str, - skip_token: Optional[str] = None, - **kwargs: Any - ) -> Iterable[_models.WatchlistList]: - """Get all watchlists, without watchlist items. + self, resource_group_name: str, workspace_name: str, skip_token: Optional[str] = None, **kwargs: Any + ) -> Iterable["_models.Watchlist"]: + """Gets all watchlists, without watchlist items. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str :param skip_token: Skiptoken is only used if a previous operation returned a partial result. If a previous response contains a nextLink element, the value of the nextLink element will include @@ -232,30 +216,29 @@ def list( Default value is None. :type skip_token: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: An iterator like instance of either WatchlistList or the result of cls(response) - :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.WatchlistList] - :raises: ~azure.core.exceptions.HttpResponseError + :return: An iterator like instance of either Watchlist or the result of cls(response) + :rtype: ~azure.core.paging.ItemPaged[~azure.mgmt.securityinsight.models.Watchlist] + :raises ~azure.core.exceptions.HttpResponseError: """ _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.WatchlistList] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.WatchlistList] + + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) def prepare_request(next_link=None): if not next_link: - + request = build_list_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, - api_version=api_version, + subscription_id=self._config.subscription_id, skip_token=skip_token, - template_url=self.list.metadata['url'], + api_version=api_version, + template_url=self.list.metadata["url"], headers=_headers, params=_params, ) @@ -263,17 +246,11 @@ def prepare_request(next_link=None): request.url = self._client.format_url(request.url) # type: ignore else: - - request = build_list_request( - subscription_id=self._config.subscription_id, - resource_group_name=resource_group_name, - workspace_name=workspace_name, - api_version=api_version, - skip_token=skip_token, - template_url=next_link, - headers=_headers, - params=_params, - ) + # make call to next link with the client's api-version + _parsed_next_link = urlparse(next_link) + _next_request_params = case_insensitive_dict(parse_qs(_parsed_next_link.query)) + _next_request_params["api-version"] = self._config.api_version + request = HttpRequest("GET", urljoin(next_link, _parsed_next_link.path), params=_next_request_params) request = _convert_request(request) request.url = self._client.format_url(request.url) # type: ignore request.method = "GET" @@ -289,10 +266,8 @@ def extract_data(pipeline_response): def get_next(next_link=None): request = prepare_request(next_link) - pipeline_response = self._client._pipeline.run( # pylint: disable=protected-access - request, - stream=False, - **kwargs + pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access + request, stream=False, **kwargs ) response = pipeline_response.http_response @@ -302,52 +277,44 @@ def get_next(next_link=None): return pipeline_response + return ItemPaged(get_next, extract_data) - return ItemPaged( - get_next, extract_data - ) - list.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists"} # type: ignore + list.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists"} # type: ignore @distributed_trace def get( - self, - resource_group_name: str, - workspace_name: str, - watchlist_alias: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, watchlist_alias: str, **kwargs: Any ) -> _models.Watchlist: - """Get a watchlist, without its watchlist items. + """Gets a watchlist, without its watchlist items. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: The watchlist alias. + :param watchlist_alias: Watchlist Alias. Required. :type watchlist_alias: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: Watchlist, or the result of cls(response) + :return: Watchlist or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.Watchlist - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[_models.Watchlist] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[_models.Watchlist] - request = build_get_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, watchlist_alias=watchlist_alias, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.get.metadata['url'], + template_url=self.get.metadata["url"], headers=_headers, params=_params, ) @@ -355,66 +322,58 @@ def get( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - deserialized = self._deserialize('Watchlist', pipeline_response) + deserialized = self._deserialize("Watchlist", pipeline_response) if cls: return cls(pipeline_response, deserialized, {}) return deserialized - get.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}"} # type: ignore - + get.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}"} # type: ignore @distributed_trace def delete( # pylint: disable=inconsistent-return-statements - self, - resource_group_name: str, - workspace_name: str, - watchlist_alias: str, - **kwargs: Any + self, resource_group_name: str, workspace_name: str, watchlist_alias: str, **kwargs: Any ) -> None: """Delete a watchlist. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: The watchlist alias. + :param watchlist_alias: Watchlist Alias. Required. :type watchlist_alias: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: None, or the result of cls(response) + :return: None or the result of cls(response) :rtype: None - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = kwargs.pop("headers", {}) or {} _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - cls = kwargs.pop('cls', None) # type: ClsType[None] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + cls = kwargs.pop("cls", None) # type: ClsType[None] - request = build_delete_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, watchlist_alias=watchlist_alias, + subscription_id=self._config.subscription_id, api_version=api_version, - template_url=self.delete.metadata['url'], + template_url=self.delete.metadata["url"], headers=_headers, params=_params, ) @@ -422,71 +381,159 @@ def delete( # pylint: disable=inconsistent-return-statements request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 204]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) - if cls: - return cls(pipeline_response, None, {}) + response_headers = {} + if response.status_code == 200: + response_headers["Azure-AsyncOperation"] = self._deserialize( + "str", response.headers.get("Azure-AsyncOperation") + ) - delete.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}"} # type: ignore + if cls: + return cls(pipeline_response, None, response_headers) + delete.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}"} # type: ignore - @distributed_trace + @overload def create_or_update( self, resource_group_name: str, workspace_name: str, watchlist_alias: str, watchlist: _models.Watchlist, + *, + content_type: str = "application/json", **kwargs: Any ) -> _models.Watchlist: """Create or update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv - content type). To create a Watchlist and its Items, we should call this endpoint with - rawContent and contentType properties. + content type). To create a Watchlist and its Items, we should call this endpoint with either + rawContent or a valid SAR URI and contentType properties. The rawContent is mainly used for + small watchlist (content size below 3.8 MB). The SAS URI enables the creation of large + watchlist, where the content size can go up to 500 MB. The status of processing such large file + can be polled through the URL returned in Azure-AsyncOperation header. :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. :type resource_group_name: str - :param workspace_name: The name of the workspace. + :param workspace_name: The name of the workspace. Required. :type workspace_name: str - :param watchlist_alias: The watchlist alias. + :param watchlist_alias: Watchlist Alias. Required. :type watchlist_alias: str - :param watchlist: The watchlist. + :param watchlist: The watchlist. Required. :type watchlist: ~azure.mgmt.securityinsight.models.Watchlist + :keyword content_type: Body Parameter content-type. Content type parameter for JSON body. + Default value is "application/json". + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Watchlist or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Watchlist + :raises ~azure.core.exceptions.HttpResponseError: + """ + + @overload + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + watchlist_alias: str, + watchlist: IO, + *, + content_type: str = "application/json", + **kwargs: Any + ) -> _models.Watchlist: + """Create or update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv + content type). To create a Watchlist and its Items, we should call this endpoint with either + rawContent or a valid SAR URI and contentType properties. The rawContent is mainly used for + small watchlist (content size below 3.8 MB). The SAS URI enables the creation of large + watchlist, where the content size can go up to 500 MB. The status of processing such large file + can be polled through the URL returned in Azure-AsyncOperation header. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param watchlist_alias: Watchlist Alias. Required. + :type watchlist_alias: str + :param watchlist: The watchlist. Required. + :type watchlist: IO + :keyword content_type: Body Parameter content-type. Content type parameter for binary body. + Default value is "application/json". + :paramtype content_type: str :keyword callable cls: A custom type or function that will be passed the direct response - :return: Watchlist, or the result of cls(response) + :return: Watchlist or the result of cls(response) :rtype: ~azure.mgmt.securityinsight.models.Watchlist - :raises: ~azure.core.exceptions.HttpResponseError + :raises ~azure.core.exceptions.HttpResponseError: """ - error_map = { - 401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError - } - error_map.update(kwargs.pop('error_map', {}) or {}) + + @distributed_trace + def create_or_update( + self, + resource_group_name: str, + workspace_name: str, + watchlist_alias: str, + watchlist: Union[_models.Watchlist, IO], + **kwargs: Any + ) -> _models.Watchlist: + """Create or update a Watchlist and its Watchlist Items (bulk creation, e.g. through text/csv + content type). To create a Watchlist and its Items, we should call this endpoint with either + rawContent or a valid SAR URI and contentType properties. The rawContent is mainly used for + small watchlist (content size below 3.8 MB). The SAS URI enables the creation of large + watchlist, where the content size can go up to 500 MB. The status of processing such large file + can be polled through the URL returned in Azure-AsyncOperation header. + + :param resource_group_name: The name of the resource group. The name is case insensitive. + Required. + :type resource_group_name: str + :param workspace_name: The name of the workspace. Required. + :type workspace_name: str + :param watchlist_alias: Watchlist Alias. Required. + :type watchlist_alias: str + :param watchlist: The watchlist. Is either a model type or a IO type. Required. + :type watchlist: ~azure.mgmt.securityinsight.models.Watchlist or IO + :keyword content_type: Body Parameter content-type. Known values are: 'application/json'. + Default value is None. + :paramtype content_type: str + :keyword callable cls: A custom type or function that will be passed the direct response + :return: Watchlist or the result of cls(response) + :rtype: ~azure.mgmt.securityinsight.models.Watchlist + :raises ~azure.core.exceptions.HttpResponseError: + """ + error_map = {401: ClientAuthenticationError, 404: ResourceNotFoundError, 409: ResourceExistsError} + error_map.update(kwargs.pop("error_map", {}) or {}) _headers = case_insensitive_dict(kwargs.pop("headers", {}) or {}) _params = case_insensitive_dict(kwargs.pop("params", {}) or {}) - api_version = kwargs.pop('api_version', _params.pop('api-version', "2021-10-01")) # type: str - content_type = kwargs.pop('content_type', _headers.pop('Content-Type', "application/json")) # type: Optional[str] - cls = kwargs.pop('cls', None) # type: ClsType[_models.Watchlist] + api_version = kwargs.pop("api_version", _params.pop("api-version", self._config.api_version)) # type: str + content_type = kwargs.pop("content_type", _headers.pop("Content-Type", None)) # type: Optional[str] + cls = kwargs.pop("cls", None) # type: ClsType[_models.Watchlist] - _json = self._serialize.body(watchlist, 'Watchlist') + content_type = content_type or "application/json" + _json = None + _content = None + if isinstance(watchlist, (IO, bytes)): + _content = watchlist + else: + _json = self._serialize.body(watchlist, "Watchlist") request = build_create_or_update_request( - subscription_id=self._config.subscription_id, resource_group_name=resource_group_name, workspace_name=workspace_name, watchlist_alias=watchlist_alias, + subscription_id=self._config.subscription_id, api_version=api_version, content_type=content_type, json=_json, - template_url=self.create_or_update.metadata['url'], + content=_content, + template_url=self.create_or_update.metadata["url"], headers=_headers, params=_params, ) @@ -494,26 +541,29 @@ def create_or_update( request.url = self._client.format_url(request.url) # type: ignore pipeline_response = self._client._pipeline.run( # type: ignore # pylint: disable=protected-access - request, - stream=False, - **kwargs + request, stream=False, **kwargs ) + response = pipeline_response.http_response if response.status_code not in [200, 201]: map_error(status_code=response.status_code, response=response, error_map=error_map) raise HttpResponseError(response=response, error_format=ARMErrorFormat) + response_headers = {} if response.status_code == 200: - deserialized = self._deserialize('Watchlist', pipeline_response) + deserialized = self._deserialize("Watchlist", pipeline_response) if response.status_code == 201: - deserialized = self._deserialize('Watchlist', pipeline_response) + response_headers["Azure-AsyncOperation"] = self._deserialize( + "str", response.headers.get("Azure-AsyncOperation") + ) + + deserialized = self._deserialize("Watchlist", pipeline_response) if cls: - return cls(pipeline_response, deserialized, {}) + return cls(pipeline_response, deserialized, response_headers) return deserialized - create_or_update.metadata = {'url': "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}"} # type: ignore - + create_or_update.metadata = {"url": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/watchlists/{watchlistAlias}"} # type: ignore