com.pulumi.azurenative.sql.DatabaseBlobAuditingPolicy Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of azure-native Show documentation
Show all versions of azure-native Show documentation
A native Pulumi package for creating and managing Azure resources.
// *** WARNING: this file was generated by pulumi-java-gen. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
package com.pulumi.azurenative.sql;
import com.pulumi.azurenative.Utilities;
import com.pulumi.azurenative.sql.DatabaseBlobAuditingPolicyArgs;
import com.pulumi.core.Alias;
import com.pulumi.core.Output;
import com.pulumi.core.annotations.Export;
import com.pulumi.core.annotations.ResourceType;
import com.pulumi.core.internal.Codegen;
import java.lang.Boolean;
import java.lang.Integer;
import java.lang.String;
import java.util.List;
import java.util.Optional;
import javax.annotation.Nullable;
/**
* A database blob auditing policy.
* Azure REST API version: 2021-11-01. Prior API version in Azure Native 1.x: 2020-11-01-preview.
*
* Other available API versions: 2022-11-01-preview, 2023-02-01-preview, 2023-05-01-preview, 2023-08-01-preview, 2024-05-01-preview.
*
* ## Example Usage
* ### Create or update a database's azure monitor auditing policy with minimal parameters
*
*
* {@code
* package generated_program;
*
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azurenative.sql.DatabaseBlobAuditingPolicy;
* import com.pulumi.azurenative.sql.DatabaseBlobAuditingPolicyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
*
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
*
* public static void stack(Context ctx) {
* var databaseBlobAuditingPolicy = new DatabaseBlobAuditingPolicy("databaseBlobAuditingPolicy", DatabaseBlobAuditingPolicyArgs.builder()
* .blobAuditingPolicyName("default")
* .databaseName("testdb")
* .isAzureMonitorTargetEnabled(true)
* .resourceGroupName("blobauditingtest-4799")
* .serverName("blobauditingtest-6440")
* .state("Enabled")
* .build());
*
* }
* }
*
* }
*
* ### Create or update a database's blob auditing policy with all parameters
*
*
* {@code
* package generated_program;
*
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azurenative.sql.DatabaseBlobAuditingPolicy;
* import com.pulumi.azurenative.sql.DatabaseBlobAuditingPolicyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
*
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
*
* public static void stack(Context ctx) {
* var databaseBlobAuditingPolicy = new DatabaseBlobAuditingPolicy("databaseBlobAuditingPolicy", DatabaseBlobAuditingPolicyArgs.builder()
* .auditActionsAndGroups(
* "DATABASE_LOGOUT_GROUP",
* "DATABASE_ROLE_MEMBER_CHANGE_GROUP",
* "UPDATE on database::TestDatabaseName by public")
* .blobAuditingPolicyName("default")
* .databaseName("testdb")
* .isAzureMonitorTargetEnabled(true)
* .isStorageSecondaryKeyInUse(false)
* .queueDelayMs(4000)
* .resourceGroupName("blobauditingtest-4799")
* .retentionDays(6)
* .serverName("blobauditingtest-6440")
* .state("Enabled")
* .storageAccountAccessKey("sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==")
* .storageAccountSubscriptionId("00000000-1234-0000-5678-000000000000")
* .storageEndpoint("https://mystorage.blob.core.windows.net")
* .build());
*
* }
* }
*
* }
*
* ### Create or update a database's blob auditing policy with minimal parameters
*
*
* {@code
* package generated_program;
*
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azurenative.sql.DatabaseBlobAuditingPolicy;
* import com.pulumi.azurenative.sql.DatabaseBlobAuditingPolicyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
*
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
*
* public static void stack(Context ctx) {
* var databaseBlobAuditingPolicy = new DatabaseBlobAuditingPolicy("databaseBlobAuditingPolicy", DatabaseBlobAuditingPolicyArgs.builder()
* .blobAuditingPolicyName("default")
* .databaseName("testdb")
* .resourceGroupName("blobauditingtest-4799")
* .serverName("blobauditingtest-6440")
* .state("Enabled")
* .storageAccountAccessKey("sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==")
* .storageEndpoint("https://mystorage.blob.core.windows.net")
* .build());
*
* }
* }
*
* }
*
*
* ## Import
*
* An existing resource can be imported using its type token, name, and identifier, e.g.
*
* ```sh
* $ pulumi import azure-native:sql:DatabaseBlobAuditingPolicy default /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/auditingSettings/{blobAuditingPolicyName}
* ```
*
*/
@ResourceType(type="azure-native:sql:DatabaseBlobAuditingPolicy")
public class DatabaseBlobAuditingPolicy extends com.pulumi.resources.CustomResource {
/**
* Specifies the Actions-Groups and Actions to audit.
*
* The recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:
*
* BATCH_COMPLETED_GROUP,
* SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,
* FAILED_DATABASE_AUTHENTICATION_GROUP.
*
* This above combination is also the set that is configured by default when enabling auditing from the Azure portal.
*
* The supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):
*
* APPLICATION_ROLE_CHANGE_PASSWORD_GROUP
* BACKUP_RESTORE_GROUP
* DATABASE_LOGOUT_GROUP
* DATABASE_OBJECT_CHANGE_GROUP
* DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP
* DATABASE_OBJECT_PERMISSION_CHANGE_GROUP
* DATABASE_OPERATION_GROUP
* DATABASE_PERMISSION_CHANGE_GROUP
* DATABASE_PRINCIPAL_CHANGE_GROUP
* DATABASE_PRINCIPAL_IMPERSONATION_GROUP
* DATABASE_ROLE_MEMBER_CHANGE_GROUP
* FAILED_DATABASE_AUTHENTICATION_GROUP
* SCHEMA_OBJECT_ACCESS_GROUP
* SCHEMA_OBJECT_CHANGE_GROUP
* SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP
* SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP
* SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP
* USER_CHANGE_PASSWORD_GROUP
* BATCH_STARTED_GROUP
* BATCH_COMPLETED_GROUP
* DBCC_GROUP
* DATABASE_OWNERSHIP_CHANGE_GROUP
* DATABASE_CHANGE_GROUP
* LEDGER_OPERATION_GROUP
*
* These are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.
*
* For more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).
*
* For Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:
* SELECT
* UPDATE
* INSERT
* DELETE
* EXECUTE
* RECEIVE
* REFERENCES
*
* The general form for defining an action to be audited is:
* {action} ON {object} BY {principal}
*
* Note that <object> in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.
*
* For example:
* SELECT on dbo.myTable by public
* SELECT on DATABASE::myDatabase by public
* SELECT on SCHEMA::mySchema by public
*
* For more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)
*
*/
@Export(name="auditActionsAndGroups", refs={List.class,String.class}, tree="[0,1]")
private Output> auditActionsAndGroups;
/**
* @return Specifies the Actions-Groups and Actions to audit.
*
* The recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:
*
* BATCH_COMPLETED_GROUP,
* SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,
* FAILED_DATABASE_AUTHENTICATION_GROUP.
*
* This above combination is also the set that is configured by default when enabling auditing from the Azure portal.
*
* The supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):
*
* APPLICATION_ROLE_CHANGE_PASSWORD_GROUP
* BACKUP_RESTORE_GROUP
* DATABASE_LOGOUT_GROUP
* DATABASE_OBJECT_CHANGE_GROUP
* DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP
* DATABASE_OBJECT_PERMISSION_CHANGE_GROUP
* DATABASE_OPERATION_GROUP
* DATABASE_PERMISSION_CHANGE_GROUP
* DATABASE_PRINCIPAL_CHANGE_GROUP
* DATABASE_PRINCIPAL_IMPERSONATION_GROUP
* DATABASE_ROLE_MEMBER_CHANGE_GROUP
* FAILED_DATABASE_AUTHENTICATION_GROUP
* SCHEMA_OBJECT_ACCESS_GROUP
* SCHEMA_OBJECT_CHANGE_GROUP
* SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP
* SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP
* SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP
* USER_CHANGE_PASSWORD_GROUP
* BATCH_STARTED_GROUP
* BATCH_COMPLETED_GROUP
* DBCC_GROUP
* DATABASE_OWNERSHIP_CHANGE_GROUP
* DATABASE_CHANGE_GROUP
* LEDGER_OPERATION_GROUP
*
* These are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.
*
* For more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).
*
* For Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:
* SELECT
* UPDATE
* INSERT
* DELETE
* EXECUTE
* RECEIVE
* REFERENCES
*
* The general form for defining an action to be audited is:
* {action} ON {object} BY {principal}
*
* Note that <object> in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.
*
* For example:
* SELECT on dbo.myTable by public
* SELECT on DATABASE::myDatabase by public
* SELECT on SCHEMA::mySchema by public
*
* For more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)
*
*/
public Output>> auditActionsAndGroups() {
return Codegen.optional(this.auditActionsAndGroups);
}
/**
* Specifies whether audit events are sent to Azure Monitor.
* In order to send the events to Azure Monitor, specify 'State' as 'Enabled' and 'IsAzureMonitorTargetEnabled' as true.
*
* When using REST API to configure auditing, Diagnostic Settings with 'SQLSecurityAuditEvents' diagnostic logs category on the database should be also created.
* Note that for server level audit you should use the 'master' database as {databaseName}.
*
* Diagnostic Settings URI format:
* PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/providers/microsoft.insights/diagnosticSettings/{settingsName}?api-version=2017-05-01-preview
*
* For more information, see [Diagnostic Settings REST API](https://go.microsoft.com/fwlink/?linkid=2033207)
* or [Diagnostic Settings PowerShell](https://go.microsoft.com/fwlink/?linkid=2033043)
*
*/
@Export(name="isAzureMonitorTargetEnabled", refs={Boolean.class}, tree="[0]")
private Output isAzureMonitorTargetEnabled;
/**
* @return Specifies whether audit events are sent to Azure Monitor.
* In order to send the events to Azure Monitor, specify 'State' as 'Enabled' and 'IsAzureMonitorTargetEnabled' as true.
*
* When using REST API to configure auditing, Diagnostic Settings with 'SQLSecurityAuditEvents' diagnostic logs category on the database should be also created.
* Note that for server level audit you should use the 'master' database as {databaseName}.
*
* Diagnostic Settings URI format:
* PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/providers/microsoft.insights/diagnosticSettings/{settingsName}?api-version=2017-05-01-preview
*
* For more information, see [Diagnostic Settings REST API](https://go.microsoft.com/fwlink/?linkid=2033207)
* or [Diagnostic Settings PowerShell](https://go.microsoft.com/fwlink/?linkid=2033043)
*
*/
public Output> isAzureMonitorTargetEnabled() {
return Codegen.optional(this.isAzureMonitorTargetEnabled);
}
/**
* Specifies whether Managed Identity is used to access blob storage
*
*/
@Export(name="isManagedIdentityInUse", refs={Boolean.class}, tree="[0]")
private Output isManagedIdentityInUse;
/**
* @return Specifies whether Managed Identity is used to access blob storage
*
*/
public Output> isManagedIdentityInUse() {
return Codegen.optional(this.isManagedIdentityInUse);
}
/**
* Specifies whether storageAccountAccessKey value is the storage's secondary key.
*
*/
@Export(name="isStorageSecondaryKeyInUse", refs={Boolean.class}, tree="[0]")
private Output isStorageSecondaryKeyInUse;
/**
* @return Specifies whether storageAccountAccessKey value is the storage's secondary key.
*
*/
public Output> isStorageSecondaryKeyInUse() {
return Codegen.optional(this.isStorageSecondaryKeyInUse);
}
/**
* Resource kind.
*
*/
@Export(name="kind", refs={String.class}, tree="[0]")
private Output kind;
/**
* @return Resource kind.
*
*/
public Output kind() {
return this.kind;
}
/**
* Resource name.
*
*/
@Export(name="name", refs={String.class}, tree="[0]")
private Output name;
/**
* @return Resource name.
*
*/
public Output name() {
return this.name;
}
/**
* Specifies the amount of time in milliseconds that can elapse before audit actions are forced to be processed.
* The default minimum value is 1000 (1 second). The maximum is 2,147,483,647.
*
*/
@Export(name="queueDelayMs", refs={Integer.class}, tree="[0]")
private Output queueDelayMs;
/**
* @return Specifies the amount of time in milliseconds that can elapse before audit actions are forced to be processed.
* The default minimum value is 1000 (1 second). The maximum is 2,147,483,647.
*
*/
public Output> queueDelayMs() {
return Codegen.optional(this.queueDelayMs);
}
/**
* Specifies the number of days to keep in the audit logs in the storage account.
*
*/
@Export(name="retentionDays", refs={Integer.class}, tree="[0]")
private Output retentionDays;
/**
* @return Specifies the number of days to keep in the audit logs in the storage account.
*
*/
public Output> retentionDays() {
return Codegen.optional(this.retentionDays);
}
/**
* Specifies the state of the audit. If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required.
*
*/
@Export(name="state", refs={String.class}, tree="[0]")
private Output state;
/**
* @return Specifies the state of the audit. If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required.
*
*/
public Output state() {
return this.state;
}
/**
* Specifies the blob storage subscription Id.
*
*/
@Export(name="storageAccountSubscriptionId", refs={String.class}, tree="[0]")
private Output storageAccountSubscriptionId;
/**
* @return Specifies the blob storage subscription Id.
*
*/
public Output> storageAccountSubscriptionId() {
return Codegen.optional(this.storageAccountSubscriptionId);
}
/**
* Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled is required.
*
*/
@Export(name="storageEndpoint", refs={String.class}, tree="[0]")
private Output storageEndpoint;
/**
* @return Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled is required.
*
*/
public Output> storageEndpoint() {
return Codegen.optional(this.storageEndpoint);
}
/**
* Resource type.
*
*/
@Export(name="type", refs={String.class}, tree="[0]")
private Output type;
/**
* @return Resource type.
*
*/
public Output type() {
return this.type;
}
/**
*
* @param name The _unique_ name of the resulting resource.
*/
public DatabaseBlobAuditingPolicy(java.lang.String name) {
this(name, DatabaseBlobAuditingPolicyArgs.Empty);
}
/**
*
* @param name The _unique_ name of the resulting resource.
* @param args The arguments to use to populate this resource's properties.
*/
public DatabaseBlobAuditingPolicy(java.lang.String name, DatabaseBlobAuditingPolicyArgs args) {
this(name, args, null);
}
/**
*
* @param name The _unique_ name of the resulting resource.
* @param args The arguments to use to populate this resource's properties.
* @param options A bag of options that control this resource's behavior.
*/
public DatabaseBlobAuditingPolicy(java.lang.String name, DatabaseBlobAuditingPolicyArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) {
super("azure-native:sql:DatabaseBlobAuditingPolicy", name, makeArgs(args, options), makeResourceOptions(options, Codegen.empty()), false);
}
private DatabaseBlobAuditingPolicy(java.lang.String name, Output id, @Nullable com.pulumi.resources.CustomResourceOptions options) {
super("azure-native:sql:DatabaseBlobAuditingPolicy", name, null, makeResourceOptions(options, id), false);
}
private static DatabaseBlobAuditingPolicyArgs makeArgs(DatabaseBlobAuditingPolicyArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) {
if (options != null && options.getUrn().isPresent()) {
return null;
}
return args == null ? DatabaseBlobAuditingPolicyArgs.Empty : args;
}
private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) {
var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder()
.version(Utilities.getVersion())
.aliases(List.of(
Output.of(Alias.builder().type("azure-native:sql/v20150501preview:DatabaseBlobAuditingPolicy").build()),
Output.of(Alias.builder().type("azure-native:sql/v20170301preview:DatabaseBlobAuditingPolicy").build()),
Output.of(Alias.builder().type("azure-native:sql/v20200202preview:DatabaseBlobAuditingPolicy").build()),
Output.of(Alias.builder().type("azure-native:sql/v20200801preview:DatabaseBlobAuditingPolicy").build()),
Output.of(Alias.builder().type("azure-native:sql/v20201101preview:DatabaseBlobAuditingPolicy").build()),
Output.of(Alias.builder().type("azure-native:sql/v20210201preview:DatabaseBlobAuditingPolicy").build()),
Output.of(Alias.builder().type("azure-native:sql/v20210501preview:DatabaseBlobAuditingPolicy").build()),
Output.of(Alias.builder().type("azure-native:sql/v20210801preview:DatabaseBlobAuditingPolicy").build()),
Output.of(Alias.builder().type("azure-native:sql/v20211101:DatabaseBlobAuditingPolicy").build()),
Output.of(Alias.builder().type("azure-native:sql/v20211101preview:DatabaseBlobAuditingPolicy").build()),
Output.of(Alias.builder().type("azure-native:sql/v20220201preview:DatabaseBlobAuditingPolicy").build()),
Output.of(Alias.builder().type("azure-native:sql/v20220501preview:DatabaseBlobAuditingPolicy").build()),
Output.of(Alias.builder().type("azure-native:sql/v20220801preview:DatabaseBlobAuditingPolicy").build()),
Output.of(Alias.builder().type("azure-native:sql/v20221101preview:DatabaseBlobAuditingPolicy").build()),
Output.of(Alias.builder().type("azure-native:sql/v20230201preview:DatabaseBlobAuditingPolicy").build()),
Output.of(Alias.builder().type("azure-native:sql/v20230501preview:DatabaseBlobAuditingPolicy").build()),
Output.of(Alias.builder().type("azure-native:sql/v20230801preview:DatabaseBlobAuditingPolicy").build()),
Output.of(Alias.builder().type("azure-native:sql/v20240501preview:DatabaseBlobAuditingPolicy").build())
))
.build();
return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id);
}
/**
* Get an existing Host resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param options Optional settings to control the behavior of the CustomResource.
*/
public static DatabaseBlobAuditingPolicy get(java.lang.String name, Output id, @Nullable com.pulumi.resources.CustomResourceOptions options) {
return new DatabaseBlobAuditingPolicy(name, id, options);
}
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy