diff --git a/cSpell.json b/cSpell.json
index 8cf7fe1c77ee..21bf185fc445 100644
--- a/cSpell.json
+++ b/cSpell.json
@@ -2,6 +2,7 @@
"version": "0.1",
"language": "en",
"words": [
+ "Creds"
],
"dictionaryDefinitions": [
{
@@ -636,4 +637,4 @@
]
}
]
-}
+}
\ No newline at end of file
diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2020-01-01-preview/connectors.json b/specification/security/resource-manager/Microsoft.Security/preview/2020-01-01-preview/connectors.json
new file mode 100644
index 000000000000..665e132c03d2
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/preview/2020-01-01-preview/connectors.json
@@ -0,0 +1,618 @@
+{
+ "swagger": "2.0",
+ "info": {
+ "title": "Security Center",
+ "description": "API spec for Microsoft.Security (Azure Security Center) resource provider",
+ "version": "2020-01-01-preview"
+ },
+ "host": "management.azure.com",
+ "schemes": [
+ "https"
+ ],
+ "consumes": [
+ "application/json"
+ ],
+ "produces": [
+ "application/json"
+ ],
+ "security": [
+ {
+ "azure_auth": [
+ "user_impersonation"
+ ]
+ }
+ ],
+ "securityDefinitions": {
+ "azure_auth": {
+ "type": "oauth2",
+ "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize",
+ "flow": "implicit",
+ "description": "Azure Active Directory OAuth2 Flow",
+ "scopes": {
+ "user_impersonation": "impersonate your user account"
+ }
+ }
+ },
+ "paths": {
+ "/subscriptions/{subscriptionId}/providers/Microsoft.Security/connectors": {
+ "get": {
+ "x-ms-examples": {
+ "Get all Cloud accounts connectors of a subscription": {
+ "$ref": "./examples/Connectors/GetListConnectorSubscription_example.json"
+ }
+ },
+ "tags": [
+ "Connectors"
+ ],
+ "description": "Cloud accounts connectors of a subscription",
+ "operationId": "Connectors_List",
+ "parameters": [
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/ApiVersion"
+ },
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "OK",
+ "schema": {
+ "$ref": "#/definitions/ConnectorSettingList"
+ }
+ },
+ "default": {
+ "description": "Error response describing why the operation failed.",
+ "schema": {
+ "$ref": "../../../common/v1/types.json#/definitions/CloudError"
+ }
+ }
+ },
+ "x-ms-pageable": {
+ "nextLinkName": "nextLink"
+ }
+ }
+ },
+ "/subscriptions/{subscriptionId}/providers/Microsoft.Security/connectors/{connectorName}": {
+ "get": {
+ "x-ms-examples": {
+ "Details of a specific cloud account connector": {
+ "$ref": "./examples/Connectors/GetConnectorSubscription_example.json"
+ }
+ },
+ "tags": [
+ "Connectors"
+ ],
+ "description": "Details of a specific cloud account connector",
+ "operationId": "Connectors_Get",
+ "parameters": [
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/ApiVersion"
+ },
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId"
+ },
+ {
+ "$ref": "#/parameters/ConnectorName"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "OK",
+ "schema": {
+ "$ref": "#/definitions/ConnectorSetting"
+ }
+ },
+ "default": {
+ "description": "Error response describing why the operation failed.",
+ "schema": {
+ "$ref": "../../../common/v1/types.json#/definitions/CloudError"
+ }
+ }
+ }
+ },
+ "put": {
+ "x-ms-examples": {
+ "AwsCred - Create a cloud account connector for a subscription": {
+ "$ref": "./examples/Connectors/CreateUpdateAwsCredConnectorSubscription_example.json"
+ },
+ "AwsAssumeRole - Create a cloud account connector for a subscription": {
+ "$ref": "./examples/Connectors/CreateUpdateAwsAssumeRoleConnectorSubscription_example.json"
+ },
+ "gcpCredentials - Create a cloud account connector for a subscription": {
+ "$ref": "./examples/Connectors/CreateUpdateGcpCredentialsConnectorSubscription_example.json"
+ }
+ },
+ "tags": [
+ "Connectors"
+ ],
+ "description": "Create a cloud account connector or update an existing one. Connect to your AWS cloud account using either account credentials or role-based authentication.",
+ "operationId": "Connectors_CreateOrUpdate",
+ "parameters": [
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/ApiVersion"
+ },
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId"
+ },
+ {
+ "$ref": "#/parameters/ConnectorName"
+ },
+ {
+ "$ref": "#/parameters/ConnectorSetting"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "OK",
+ "schema": {
+ "$ref": "#/definitions/ConnectorSetting"
+ }
+ },
+ "default": {
+ "description": "Error response describing why the operation failed.",
+ "schema": {
+ "$ref": "../../../common/v1/types.json#/definitions/CloudError"
+ }
+ }
+ }
+ },
+ "delete": {
+ "x-ms-examples": {
+ "Delete a cloud account connector from a subscription": {
+ "$ref": "./examples/Connectors/DeleteConnectorSubscription_example.json"
+ }
+ },
+ "tags": [
+ "Connectors"
+ ],
+ "description": "Delete a cloud account connector from a subscription",
+ "operationId": "Connectors_Delete",
+ "parameters": [
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/ApiVersion"
+ },
+ {
+ "$ref": "../../../common/v1/types.json#/parameters/SubscriptionId"
+ },
+ {
+ "$ref": "#/parameters/ConnectorName"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "OK"
+ },
+ "204": {
+ "description": "The connector is not found"
+ },
+ "default": {
+ "description": "Error response describing why the operation failed.",
+ "schema": {
+ "$ref": "../../../common/v1/types.json#/definitions/CloudError"
+ }
+ }
+ }
+ }
+ }
+ },
+ "definitions": {
+ "ConnectorSettingList": {
+ "type": "object",
+ "description": "For a subscription, list of all cloud account connectors and their settings",
+ "properties": {
+ "value": {
+ "description": "List of all the cloud account connector settings",
+ "type": "array",
+ "items": {
+ "$ref": "#/definitions/ConnectorSetting"
+ }
+ },
+ "nextLink": {
+ "readOnly": true,
+ "type": "string",
+ "description": "The URI to fetch the next page."
+ }
+ }
+ },
+ "ConnectorSetting": {
+ "type": "object",
+ "description": "The connector setting",
+ "properties": {
+ "properties": {
+ "x-ms-client-flatten": true,
+ "description": "Connector setting data",
+ "$ref": "#/definitions/ConnectorSettingProperties"
+ }
+ },
+ "allOf": [
+ {
+ "$ref": "../../../common/v1/types.json#/definitions/Resource"
+ }
+ ]
+ },
+ "ConnectorSettingProperties": {
+ "type": "object",
+ "description": "Describes properties of an connector setting",
+ "properties": {
+ "hybridComputeSettings": {
+ "description": "Settings for hybrid compute management, these settings are relevant only Arc autoProvision (Hybrid Compute).",
+ "type": "object",
+ "$ref": "#/definitions/HybridComputeSettingsProperties"
+ },
+ "authenticationDetails": {
+ "description": "Settings for authentication management, these settings are relevant only for the cloud connector.",
+ "type": "object",
+ "$ref": "#/definitions/AuthenticationDetailsProperties"
+ }
+ }
+ },
+ "HybridComputeSettingsProperties": {
+ "type": "object",
+ "description": "Settings for hybrid compute management",
+ "properties": {
+ "hybridComputeProvisioningState": {
+ "description": "State of the service principal and its secret",
+ "type": "string",
+ "readOnly": true,
+ "enum": [
+ "Valid",
+ "Invalid",
+ "Expired"
+ ],
+ "x-ms-enum": {
+ "name": "hybridComputeProvisioningState",
+ "modelAsString": true,
+ "values": [
+ {
+ "value": "Valid",
+ "description": "Valid service principal details."
+ },
+ {
+ "value": "Invalid",
+ "description": "Invalid service principal details."
+ },
+ {
+ "value": "Expired",
+ "description": "the service principal details are expired"
+ }
+ ]
+ }
+ },
+ "autoProvision": {
+ "type": "string",
+ "description": "Whether or not to automatically install Azure Arc (hybrid compute) agents on machines",
+ "enum": [
+ "On",
+ "Off"
+ ],
+ "x-ms-enum": {
+ "name": "autoProvision",
+ "modelAsString": true,
+ "values": [
+ {
+ "value": "On",
+ "description": "Install missing Azure Arc agent on VMs automatically"
+ },
+ {
+ "value": "Off",
+ "description": "Do not install Azure Arc agent on the VMs automatically"
+ }
+ ]
+ }
+ },
+ "resourceGroupName": {
+ "type": "string",
+ "description": "The name of the resource group where Arc (Hybrid Compute) connectors are connected."
+ },
+ "region": {
+ "type": "string",
+ "description": "The location where the meta data of machines will be stored",
+ "x-ms-mutability": [
+ "create",
+ "read"
+ ]
+ },
+ "proxyServer": {
+ "type": "object",
+ "description": "For a non-Azure machine that is not connected directly to the internet, specify a proxy server that the non-Azure machine can use.",
+ "$ref": "#/definitions/ProxyServerProperties"
+ },
+ "servicePrincipal": {
+ "description": "An object to access resources that are secured by an Azure AD tenant.",
+ "type": "object",
+ "$ref": "#/definitions/ServicePrincipalProperties"
+ }
+ },
+ "required": [
+ "autoProvision"
+ ]
+ },
+ "ServicePrincipalProperties": {
+ "type": "object",
+ "description": "Details of the service principal.",
+ "properties": {
+ "applicationId": {
+ "type": "string",
+ "description": "Application id of service principal."
+ },
+ "secret": {
+ "type": "string",
+ "description": "A secret string that the application uses to prove its identity, also can be referred to as application password (write only)."
+ }
+ }
+ },
+ "AuthenticationDetailsProperties": {
+ "type": "object",
+ "description": "Settings for cloud authentication management",
+ "discriminator": "authenticationType",
+ "properties": {
+ "authenticationProvisioningState": {
+ "description": "State of the multi-cloud connector",
+ "type": "string",
+ "readOnly": true,
+ "enum": [
+ "Valid",
+ "Invalid",
+ "Expired",
+ "IncorrectPolicy"
+ ],
+ "x-ms-enum": {
+ "name": "authenticationProvisioningState",
+ "modelAsString": true,
+ "values": [
+ {
+ "value": "Valid",
+ "description": "Valid connector"
+ },
+ {
+ "value": "Invalid",
+ "description": "Invalid connector"
+ },
+ {
+ "value": "Expired",
+ "description": "the connection is expired"
+ },
+ {
+ "value": "IncorrectPolicy",
+ "description": "Incorrect policy of the connector"
+ }
+ ]
+ }
+ },
+ "grantedPermissions": {
+ "description": "The permissions detected in the cloud account.",
+ "type": "array",
+ "readOnly": true,
+ "items": {
+ "$ref": "#/definitions/PermissionProperty"
+ }
+ },
+ "authenticationType": {
+ "description": "Connect to your cloud account, for AWS use either account credentials or role-based authentication. For GCP use account organization credentials.",
+ "type": "string",
+ "enum": [
+ "awsCreds",
+ "awsAssumeRole",
+ "gcpCredentials"
+ ],
+ "x-ms-enum": {
+ "name": "authenticationType",
+ "modelAsString": true,
+ "values": [
+ {
+ "value": "awsCreds",
+ "description": "AWS cloud account connector user credentials authentication"
+ },
+ {
+ "value": "awsAssumeRole",
+ "description": "AWS account connector assume role authentication"
+ },
+ {
+ "value": "gcpCredentials",
+ "description": "GCP account connector service to service authentication"
+ }
+ ]
+ }
+ }
+ },
+ "required": [
+ "authenticationType"
+ ]
+ },
+ "AwsCredsAuthenticationDetailsProperties": {
+ "type": "object",
+ "description": "AWS cloud account connector based credentials, the credentials is composed of access key id and secret key, for more details, refer to Creating an IAM User in Your AWS Account (write only)",
+ "x-ms-discriminator-value": "awsCreds",
+ "allOf": [
+ {
+ "$ref": "#/definitions/AuthenticationDetailsProperties"
+ }
+ ],
+ "properties": {
+ "accountId": {
+ "description": "The ID of the cloud account",
+ "type": "string",
+ "readOnly": true
+ },
+ "awsAccessKeyId": {
+ "type": "string",
+ "description": "Public key element of the AWS credential object (write only)"
+ },
+ "awsSecretAccessKey": {
+ "type": "string",
+ "description": "Secret key element of the AWS credential object (write only)"
+ }
+ },
+ "required": [
+ "awsAccessKeyId",
+ "awsSecretAccessKey"
+ ]
+ },
+ "AwAssumeRoleAuthenticationDetailsProperties": {
+ "type": "object",
+ "description": "AWS cloud account connector based assume role, the role enables delegating access to your AWS resources. The role is composed of role arn and external id, for more details, refer to Creating a Role to Delegate Permissions to an IAM User (write only)",
+ "x-ms-discriminator-value": "awsAssumeRole",
+ "allOf": [
+ {
+ "$ref": "#/definitions/AuthenticationDetailsProperties"
+ }
+ ],
+ "properties": {
+ "accountId": {
+ "description": "The ID of the cloud account",
+ "type": "string",
+ "readOnly": true
+ },
+ "awsAssumeRoleArn": {
+ "type": "string",
+ "description": "Assumed role ID is an identifier that you can use to create temporary security credentials."
+ },
+ "awsExternalId": {
+ "type": "string",
+ "description": "A unique identifier that is required when you assume a role in another account."
+ }
+ },
+ "required": [
+ "awsAssumeRoleArn",
+ "awsExternalId"
+ ]
+ },
+ "GcpCredentialsDetailsProperties": {
+ "type": "object",
+ "description": "GCP cloud account connector based service to service credentials, the credentials is composed of organization id and json api key (write only)",
+ "x-ms-discriminator-value": "gcpCredentials",
+ "allOf": [
+ {
+ "$ref": "#/definitions/AuthenticationDetailsProperties"
+ }
+ ],
+ "properties": {
+ "organizationId": {
+ "description": "The Organization ID of the GCP cloud account",
+ "type": "string"
+ },
+ "type": {
+ "type": "string",
+ "description": "Type field of the API key (write only)"
+ },
+ "projectId": {
+ "type": "string",
+ "description": "Project Id field of the API key (write only)"
+ },
+ "privateKeyId": {
+ "type": "string",
+ "description": "Private key Id field of the API key (write only)"
+ },
+ "privateKey": {
+ "type": "string",
+ "description": "Private key field of the API key (write only)"
+ },
+ "clientEmail": {
+ "type": "string",
+ "description": "Client email field of the API key (write only)"
+ },
+ "clientId": {
+ "type": "string",
+ "description": "Client Id field of the API key (write only)"
+ },
+ "authUri": {
+ "type": "string",
+ "description": "Auth Uri field of the API key (write only)"
+ },
+ "tokenUri": {
+ "type": "string",
+ "description": "Token Uri field of the API key (write only)"
+ },
+ "authProviderX509CertUrl": {
+ "type": "string",
+ "description": "Auth provider x509 certificate url field of the API key (write only)"
+ },
+ "clientX509CertUrl": {
+ "type": "string",
+ "description": "Client x509 certificate url field of the API key (write only)"
+ }
+ },
+ "required": [
+ "organizationId",
+ "type",
+ "projectId",
+ "privateKeyId",
+ "privateKey",
+ "clientEmail",
+ "clientId",
+ "authUri",
+ "tokenUri",
+ "authProviderX509CertUrl",
+ "clientX509CertUrl"
+ ]
+ },
+ "PermissionProperty": {
+ "description": "A permission detected in the cloud account.",
+ "type": "string",
+ "readOnly": true,
+ "enum": [
+ "AWS::AWSSecurityHubReadOnlyAccess",
+ "AWS::SecurityAudit",
+ "AWS::AmazonSSMAutomationRole",
+ "GCP::Security Center Admin Viewer"
+ ],
+ "x-ms-enum": {
+ "name": "PermissionProperty",
+ "modelAsString": true,
+ "values": [
+ {
+ "value": "AWS::AWSSecurityHubReadOnlyAccess",
+ "description": "This permission provides read only access to AWS Security Hub resources."
+ },
+ {
+ "value": "AWS::SecurityAudit",
+ "description": "This permission grants access to read security configuration metadata."
+ },
+ {
+ "value": "AWS::AmazonSSMAutomationRole",
+ "description": "The permission provides for EC2 Automation service to execute activities defined within Automation documents."
+ },
+ {
+ "value": "GCP::Security Center Admin Viewer",
+ "description": "This permission provides read only access to GCP Security Command Center."
+ }
+ ]
+ }
+ },
+ "ProxyServerProperties": {
+ "type": "object",
+ "description": "For a non-Azure machine that is not connected directly to the internet, specify a proxy server that the non-Azure machine can use.",
+ "properties": {
+ "ip": {
+ "type": "string",
+ "description": "Proxy server IP"
+ },
+ "port": {
+ "type": "string",
+ "description": "Proxy server port"
+ }
+ }
+ }
+ },
+ "parameters": {
+ "ConnectorName": {
+ "name": "connectorName",
+ "in": "path",
+ "required": true,
+ "type": "string",
+ "description": "Name of the cloud account connector",
+ "x-ms-parameter-location": "method"
+ },
+ "ConnectorSetting": {
+ "name": "connectorSetting",
+ "in": "body",
+ "required": true,
+ "description": "Settings for the cloud account connector",
+ "schema": {
+ "$ref": "#/definitions/ConnectorSetting"
+ },
+ "x-ms-parameter-location": "method"
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2020-01-01-preview/examples/Connectors/CreateUpdateAwsAssumeRoleConnectorSubscription_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2020-01-01-preview/examples/Connectors/CreateUpdateAwsAssumeRoleConnectorSubscription_example.json
new file mode 100644
index 000000000000..a4405f77bf03
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/preview/2020-01-01-preview/examples/Connectors/CreateUpdateAwsAssumeRoleConnectorSubscription_example.json
@@ -0,0 +1,65 @@
+{
+ "parameters": {
+ "api-version": "2020-01-01-preview",
+ "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+ "connectorName": "aws_dev2",
+ "connectorSetting": {
+ "properties": {
+ "hybridComputeSettings": {
+ "autoProvision": "On",
+ "resourceGroupName": "AwsConnectorRG",
+ "region": "West US 2",
+ "proxyServer": {
+ "ip": "167.220.197.140",
+ "port": "34"
+ },
+ "servicePrincipal": {
+ "applicationId": "ad9bcd79-be9c-45ab-abd8-80ca1654a7d1",
+ "secret": "x2yS:FnCHssRkH0@CJY5pATzlEs@r5m."
+ }
+ },
+ "authenticationDetails": {
+ "authenticationType": "awsAssumeRole",
+ "awsAssumeRoleArn": "arn:aws:iam::81231569658:role/AscConnector",
+ "awsExternalId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23"
+ }
+ }
+ }
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/connectors/aws_dev2",
+ "name": "aws_dev2",
+ "type": "Microsoft.Security/connectors",
+ "properties": {
+ "hybridComputeSettings": {
+ "hybridComputeProvisioningState": "Valid",
+ "autoProvision": "On",
+ "resourceGroupName": "AwsConnectorRG",
+ "region": "West US 2",
+ "proxyServer": {
+ "ip": "167.220.197.140",
+ "port": "34"
+ },
+ "servicePrincipal": {
+ "applicationId": "ad9bcd79-be9c-45ab-abd8-80ca1654a7d1"
+ }
+ },
+ "authenticationDetails": {
+ "authenticationProvisioningState": "Valid",
+ "grantedPermissions": [
+ "AWS::AWSSecurityHubReadOnlyAccess",
+ "AWS::SecurityAudit",
+ "AWS::AmazonSSMAutomationRole"
+ ],
+ "authenticationType": "awsAssumeRole",
+ "accountId": "81231569658",
+ "awsAssumeRoleArn": "arn:aws:iam::81231569658:role/AscConnector",
+ "awsExternalId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23"
+ }
+ }
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2020-01-01-preview/examples/Connectors/CreateUpdateAwsCredConnectorSubscription_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2020-01-01-preview/examples/Connectors/CreateUpdateAwsCredConnectorSubscription_example.json
new file mode 100644
index 000000000000..8e89a390a07c
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/preview/2020-01-01-preview/examples/Connectors/CreateUpdateAwsCredConnectorSubscription_example.json
@@ -0,0 +1,65 @@
+{
+ "parameters": {
+ "api-version": "2020-01-01-preview",
+ "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+ "connectorName": "aws_dev1",
+ "connectorSetting": {
+ "properties": {
+ "hybridComputeSettings": {
+ "autoProvision": "On",
+ "resourceGroupName": "AwsConnectorRG",
+ "region": "West US 2",
+ "proxyServer": {
+ "ip": "167.220.197.140",
+ "port": "34"
+ },
+ "servicePrincipal": {
+ "applicationId": "ad9bcd79-be9c-45ab-abd8-80ca1654a7d1",
+ "secret": "x2yS:FnCHssRkH0@CJY5pATzlEs@r5m."
+ }
+ },
+ "authenticationDetails": {
+ "authenticationType": "awsCreds",
+ "awsAccessKeyId": "AKIARPZCNODDNAEQFSOE",
+ "awsSecretAccessKey": "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"
+ }
+ }
+ }
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/connectors/aws_dev1",
+ "name": "aws_dev1",
+ "type": "Microsoft.Security/connectors",
+ "properties": {
+ "hybridComputeSettings": {
+ "hybridComputeProvisioningState": "Valid",
+ "autoProvision": "On",
+ "resourceGroupName": "AwsConnectorRG",
+ "region": "West US 2",
+ "proxyServer": {
+ "ip": "287.221.107.152",
+ "port": "34"
+ },
+ "servicePrincipal": {
+ "applicationId": "ad9bcd79-be9c-45ab-abd8-80ca1654a7d1"
+ }
+ },
+ "authenticationDetails": {
+ "authenticationProvisioningState": "Valid",
+ "grantedPermissions": [
+ "AWS::AWSSecurityHubReadOnlyAccess",
+ "AWS::SecurityAudit",
+ "AWS::AmazonSSMAutomationRole"
+ ],
+ "authenticationType": "awsCreds",
+ "accountId": "922315681122",
+ "awsAccessKeyId": "",
+ "awsSecretAccessKey": ""
+ }
+ }
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2020-01-01-preview/examples/Connectors/CreateUpdateGcpCredentialsConnectorSubscription_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2020-01-01-preview/examples/Connectors/CreateUpdateGcpCredentialsConnectorSubscription_example.json
new file mode 100644
index 000000000000..5574f86fbdb1
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/preview/2020-01-01-preview/examples/Connectors/CreateUpdateGcpCredentialsConnectorSubscription_example.json
@@ -0,0 +1,80 @@
+{
+ "parameters": {
+ "api-version": "2020-01-01-preview",
+ "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+ "connectorName": "gcp_dev",
+ "connectorSetting": {
+ "properties": {
+ "hybridComputeSettings": {
+ "autoProvision": "On",
+ "resourceGroupName": "GcpConnectorRG",
+ "region": "West US 2",
+ "proxyServer": {
+ "ip": "201.120.185.132",
+ "port": "34"
+ },
+ "servicePrincipal": {
+ "applicationId": "ad9bcd79-be9c-45ab-abd8-80ca1654a7d1",
+ "secret": "x2yS:FnCHssRkH0@CJY5pATzlEs@r5m."
+ }
+ },
+ "authenticationDetails": {
+ "authenticationType": "gcpCredentials",
+ "organizationId": "AscDemoOrg",
+ "type": "service_account",
+ "projectId": "asc-project-1234",
+ "privateKeyId": "6efg587hra2568as34d22326b044cc20dc2af",
+ "privateKey": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCpxYHcLzcDZ6/Q\nAeQZnQXM5GTb3p09Xsbjo2T2F61b6I7FZiQXBrbw3Zf0CUCkkqTTpD5xifl82yQ6\n89V7SAe8hxI7esAcVDhm/aJMqzVjHLISAU2L3li1sn0jjY2oYtndwN6bRivP8O6t\n9F+W6E0zMlbCxtpZEHLbb6WxlJJrwEQ0MPH2yOCwZUQi6NHksAtEzX2nNKJNyUC7\nQyBVHHMm34H2bmZwsuQp3y2otpcJ9tJnVmYfC3k/w4x2L+DIK7JnQP/C1wQqu2du\nc0w6sydF6RhLoHButrVdYRJTdfK4k03SsSTyMqZ+f7LNnKw3xenzw1VmEpk8mvoQ\nt08tCBOrAgMBAAECggEAByzz6iyMtLYjNjV+QJ7kad6VbL2iA8AHxANZ9xTVHPdd\nYXaJu/dqsA+NpqDlfI8+LDva782XH/HbPCqmMUnAGfXTjXQIvqnIoIHD5F2wKfpC\nhIRNlMXXFgbvRxtqi11yO+80+XcjzuwuCmgzyhsTeEB+bkkdXXpWgHPdmv3emnM6\nMQM9Zgrug0UndPmiUwKOcJSU4PlmlTpHEV4vA6JfA4bvphy9m1jxO5qWeah5yym2\n6FP5BRIDF98kFrDnSXJjajwgLCQ+MypFQXyax6XkxDxuKXbng1bv7eZDjqazIChk\nm0y14X0s0jnWc+AX8vfeSf7d+EsGdVinEwR1aAawEQKBgQDqDB0qxcIQ1oI1Kww8\n9vXefTiuWsf47F+fJ/DIOEbiRfE8IdCgmOABvcqJIoxW/DFMBEdLCcx73Km7pOmd\nKg1ddScnaO8cOj2v/Ub+fAqVrA4ki4ViYP0A7/Nogga3Jr/x3ey5bitrIfFImteS\nCgBHBzZvoQpvO4lB2tKVgo2P9wKBgQC5sgTEq4sasRGSAY6lIoJno0I8w28a/16D\nes60XQeY1ger8uTGwlT02v/u/arDUmRLPClpujXq6gK29KvtRCHy7JkpGbqW2bZs\nPFKKWR7Tk3XPKYyjv94AIi5/xoFeDhS4lpAvy3Z5tQhYS6wqWKvT6yZQ3kM+Hfxs\npHgvu3mU7QKBgQC9/E1k3hj1cBtMK4CIsHPPQljTd4+iacYJPPPAo6YuoVX8WPqw\nksgrwbN59Fh1d8xQh5yTtgWOegYx8uFMGcm1lpbM7+pBQKm4hWGuzGQPMRZd5f/F\nZzOZIi61I+9tlv/yxxIVR+/ozCm/pSneO04UWi9/F/uPZYW6tnWAtfRR6wKBgGsZ\n8MQaCK4JaI/klAhMghgSQnbXZXKVzUZaA3Rln6cX8u7KtgapOOTMlwaZie8Dy1LV\nTTFstAJcm9o3/h1nyYjZy3C4JTUyNpPwqs6enjf7edxVI4eidwFutZD+xcigqHTa\naikW2atSrZB3fMIjyF7+5meH+hKOqvNiXOty3qn1AoGAZuVxYQy5FVq3YZxzr3Aa\nAm0ShoXTF6QYIbsaUiUGoa/NlHcw9V/lj4AqBRbxbaYMD+hz2J/od9cb268eJKY8\n3b6MvaUqdNhNnWodJXLhgtmGEHDKmTppz2JSTx/tVzCfhFdcOC79StZvcKLhtoFQ\n+/3lEw6NCIXzm5E4+dtJG4k=\n-----END PRIVATE KEY-----\n",
+ "clientEmail": "asc-135@asc-project-1234.iam.gserviceaccount.com",
+ "clientId": "105889053725632919854",
+ "authUri": "https://accounts.google.com/o/oauth2/auth",
+ "tokenUri": "https://oauth2.googleapis.com/token",
+ "authProviderX509CertUrl": "https://www.googleapis.com/oauth2/v1/certs",
+ "clientX509CertUrl": "https://www.googleapis.com/robot/v1/metadata/x509/asc-135%40asc-project-1234.iam.gserviceaccount.com"
+ }
+ }
+ }
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/connectors/gcp_dev",
+ "name": "gcp_dev",
+ "type": "Microsoft.Security/connectors",
+ "properties": {
+ "hybridComputeSettings": {
+ "hybridComputeProvisioningState": "Valid",
+ "autoProvision": "On",
+ "resourceGroupName": "GcpConnectorRG",
+ "region": "West US 2",
+ "proxyServer": {
+ "ip": "201.120.185.132",
+ "port": "34"
+ },
+ "servicePrincipal": {
+ "applicationId": "ad9bcd79-be9c-45ab-abd8-80ca1654a7d1"
+ }
+ },
+ "authenticationDetails": {
+ "authenticationProvisioningState": "Valid",
+ "grantedPermissions": [
+ "GCP::Security Center Admin Viewer"
+ ],
+ "authenticationType": "gcpCredentials",
+ "organizationId": "AscDemoOrg",
+ "type": "",
+ "projectId": "",
+ "privateKeyId": "",
+ "privateKey": "",
+ "clientEmail": "",
+ "clientId": "",
+ "authUri": "",
+ "tokenUri": "",
+ "authProviderX509CertUrl": "",
+ "clientX509CertUrl": ""
+ }
+ }
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2020-01-01-preview/examples/Connectors/DeleteConnectorSubscription_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2020-01-01-preview/examples/Connectors/DeleteConnectorSubscription_example.json
new file mode 100644
index 000000000000..b387c969aaa5
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/preview/2020-01-01-preview/examples/Connectors/DeleteConnectorSubscription_example.json
@@ -0,0 +1,11 @@
+{
+ "parameters": {
+ "api-version": "2020-01-01-preview",
+ "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+ "connectorName": "aws_dev1"
+ },
+ "responses": {
+ "200": {},
+ "204": {}
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2020-01-01-preview/examples/Connectors/GetConnectorSubscription_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2020-01-01-preview/examples/Connectors/GetConnectorSubscription_example.json
new file mode 100644
index 000000000000..d5dc6f6126dc
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/preview/2020-01-01-preview/examples/Connectors/GetConnectorSubscription_example.json
@@ -0,0 +1,43 @@
+{
+ "parameters": {
+ "api-version": "2020-01-01-preview",
+ "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+ "connectorName": "aws_dev1"
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/connectors/aws_dev1",
+ "name": "aws_dev1",
+ "type": "Microsoft.Security/connectors",
+ "properties": {
+ "hybridComputeSettings": {
+ "hybridComputeProvisioningState": "Valid",
+ "autoProvision": "On",
+ "resourceGroupName": "AwsConnectorRG",
+ "region": "West US 2",
+ "proxyServer": {
+ "ip": "287.221.107.152",
+ "port": "34"
+ },
+ "servicePrincipal": {
+ "applicationId": "ad9bcd79-be9c-45ab-abd8-80ca1654a7d1"
+ }
+ },
+ "authenticationDetails": {
+ "authenticationProvisioningState": "Valid",
+ "grantedPermissions": [
+ "AWS::AWSSecurityHubReadOnlyAccess",
+ "AWS::SecurityAudit",
+ "AWS::AmazonSSMAutomationRole"
+ ],
+ "authenticationType": "awsCreds",
+ "accountId": "922315681122",
+ "awsAccessKeyId": "",
+ "awsSecretAccessKey": ""
+ }
+ }
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2020-01-01-preview/examples/Connectors/GetListConnectorSubscription_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2020-01-01-preview/examples/Connectors/GetListConnectorSubscription_example.json
new file mode 100644
index 000000000000..3f2ffbc17f7a
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/preview/2020-01-01-preview/examples/Connectors/GetListConnectorSubscription_example.json
@@ -0,0 +1,116 @@
+{
+ "parameters": {
+ "api-version": "2020-01-01-preview",
+ "subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23"
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "value": [
+ {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/connectors/aws_dev1",
+ "name": "aws_dev1",
+ "type": "Microsoft.Security/connectors",
+ "properties": {
+ "hybridComputeSettings": {
+ "hybridComputeProvisioningState": "Valid",
+ "autoProvision": "On",
+ "resourceGroupName": "AwsConnectorRG",
+ "region": "West US 2",
+ "proxyServer": {
+ "ip": "287.221.107.152",
+ "port": "34"
+ },
+ "servicePrincipal": {
+ "applicationId": "ad9bcd79-be9c-45ab-abd8-80ca1654a7d1"
+ }
+ },
+ "authenticationDetails": {
+ "authenticationProvisioningState": "Valid",
+ "grantedPermissions": [
+ "AWS::AWSSecurityHubReadOnlyAccess",
+ "AWS::SecurityAudit",
+ "AWS::AmazonSSMAutomationRole"
+ ],
+ "authenticationType": "awsCreds",
+ "accountId": "922315681122",
+ "awsAccessKeyId": "",
+ "awsSecretAccessKey": ""
+ }
+ }
+ },
+ {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/connectors/aws_dev2",
+ "name": "aws_dev2",
+ "type": "Microsoft.Security/connectors",
+ "properties": {
+ "hybridComputeSettings": {
+ "hybridComputeProvisioningState": "Valid",
+ "autoProvision": "On",
+ "resourceGroupName": "AwsConnectorRG",
+ "region": "West US 2",
+ "proxyServer": {
+ "ip": "167.210.187.160",
+ "port": "34"
+ },
+ "servicePrincipal": {
+ "applicationId": "ad9bcd79-be9c-45ab-abd8-80ca1654a7d1"
+ }
+ },
+ "authenticationDetails": {
+ "authenticationProvisioningState": "Valid",
+ "grantedPermissions": [
+ "AWS::AWSSecurityHubReadOnlyAccess",
+ "AWS::SecurityAudit",
+ "AWS::AmazonSSMAutomationRole"
+ ],
+ "authenticationType": "awsAssumeRole",
+ "accountId": "81231569658",
+ "awsAssumeRoleArn": "arn:aws:iam::81231569658:role/AscConnector",
+ "awsExternalId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23"
+ }
+ }
+ },
+ {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/connectors/gcp_dev",
+ "name": "gcp_dev",
+ "type": "Microsoft.Security/connectors",
+ "properties": {
+ "hybridComputeSettings": {
+ "hybridComputeProvisioningState": "Valid",
+ "autoProvision": "On",
+ "resourceGroupName": "GcpConnectorRG",
+ "region": "West US 2",
+ "proxyServer": {
+ "ip": "201.120.185.132",
+ "port": "34"
+ },
+ "servicePrincipal": {
+ "applicationId": "ad9bcd79-be9c-45ab-abd8-80ca1654a7d1"
+ }
+ },
+ "authenticationDetails": {
+ "authenticationProvisioningState": "Valid",
+ "grantedPermissions": [
+ "GCP::Security Center Admin Viewer"
+ ],
+ "authenticationType": "gcpCredentials",
+ "organizationId": "AscDemoOrg",
+ "type": "",
+ "projectId": "",
+ "privateKeyId": "",
+ "privateKey": "",
+ "clientEmail": "",
+ "clientId": "",
+ "authUri": "",
+ "tokenUri": "",
+ "authProviderX509CertUrl": "",
+ "clientX509CertUrl": ""
+ }
+ }
+ }
+ ]
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2020-01-01-preview/secureScore.json b/specification/security/resource-manager/Microsoft.Security/preview/2020-01-01-preview/secureScore.json
index 7d2ebe1a4e0c..3e742573ba4f 100644
--- a/specification/security/resource-manager/Microsoft.Security/preview/2020-01-01-preview/secureScore.json
+++ b/specification/security/resource-manager/Microsoft.Security/preview/2020-01-01-preview/secureScore.json
@@ -83,7 +83,7 @@
"tags": [
"Secure Score"
],
- "description": "Get secure score for a specific initiative within your current scope. For the ASC Default initiative, use 'ascScore'.",
+ "description": "Get secure score for a specific Security Center initiative within your current scope. For the ASC Default initiative, use 'ascScore'.",
"operationId": "SecureScores_Get",
"parameters": [
{
diff --git a/specification/security/resource-manager/readme.md b/specification/security/resource-manager/readme.md
index 982c3d005409..d3815618ea13 100644
--- a/specification/security/resource-manager/readme.md
+++ b/specification/security/resource-manager/readme.md
@@ -60,6 +60,7 @@ These settings apply only when `--tag=package-composite-v1` is specified on the
``` yaml $(tag) == 'package-composite-v1'
input-file:
- Microsoft.Security/preview/2020-01-01-preview/secureScore.json
+- Microsoft.Security/preview/2020-01-01-preview/connectors.json
- Microsoft.Security/preview/2019-01-01-preview/automations.json
- Microsoft.Security/preview/2019-01-01-preview/subAssessments.json
- Microsoft.Security/preview/2019-01-01-preview/regulatoryCompliance.json
@@ -97,6 +98,7 @@ These settings apply only when `--tag=package-composite-v2` is specified on the
``` yaml $(tag) == 'package-composite-v2'
input-file:
- Microsoft.Security/preview/2020-01-01-preview/secureScore.json
+- Microsoft.Security/preview/2020-01-01-preview/connectors.json
- Microsoft.Security/preview/2019-01-01-preview/automations.json
- Microsoft.Security/preview/2019-01-01-preview/subAssessments.json
- Microsoft.Security/preview/2019-01-01-preview/regulatoryCompliance.json
@@ -167,6 +169,7 @@ input-file:
- Microsoft.Security/stable/2020-01-01/discoveredSecuritySolutions.json
- Microsoft.Security/stable/2020-01-01/externalSecuritySolutions.json
- Microsoft.Security/preview/2020-01-01-preview/secureScore.json
+- Microsoft.Security/preview/2020-01-01-preview/connectors.json
# Needed when there is more than one input file
override-info:
@@ -242,6 +245,7 @@ These settings apply only when `--tag=package-2020-01-preview-only` is specified
``` yaml $(tag) == 'package-2020-01-preview-only'
input-file:
- Microsoft.Security/preview/2020-01-01-preview/secureScore.json
+- Microsoft.Security/preview/2020-01-01-preview/connectors.json
# Needed when there is more than one input file
override-info:
@@ -350,13 +354,15 @@ AutoRest V3 generators require the use of `--tag=all-api-versions` to select api
This block is updated by an automatic script. Edits may be lost!
-``` yaml $(tag) == 'all-api-versions' /* autogenerated */
+
+``` yaml $(tag) == 'all-api-versions' /*autogenerated*/
# include the azure profile definitions from the standard location
require: $(this-folder)/../../../profiles/readme.md
# all the input files across all versions
input-file:
- $(this-folder)/Microsoft.Security/preview/2020-01-01-preview/secureScore.json
+ - $(this-folder)/Microsoft.Security/preview/2020-01-01-preview/connectors.json
- $(this-folder)/Microsoft.Security/preview/2019-01-01-preview/automations.json
- $(this-folder)/Microsoft.Security/preview/2019-01-01-preview/subAssessments.json
- $(this-folder)/Microsoft.Security/preview/2019-01-01-preview/regulatoryCompliance.json