diff --git a/schemas/2021-05-01-preview/Microsoft.Sql.json b/schemas/2021-05-01-preview/Microsoft.Sql.json new file mode 100644 index 0000000000..e4960f2ed7 --- /dev/null +++ b/schemas/2021-05-01-preview/Microsoft.Sql.json @@ -0,0 +1,9448 @@ +{ + "id": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.Sql", + "description": "Microsoft Sql Resource Types", + "resourceDefinitions": { + "instancePools": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "location": { + "type": "string", + "description": "Resource location." + }, + "name": { + "type": "string", + "description": "The name of the instance pool to be created or updated." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/InstancePoolProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of an instance pool." + }, + "sku": { + "oneOf": [ + { + "$ref": "#/definitions/Sku" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "An ARM Resource SKU." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Resource tags." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/instancePools" + ] + } + }, + "required": [ + "apiVersion", + "location", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/instancePools" + }, + "locations_instanceFailoverGroups": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the failover group." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/InstanceFailoverGroupProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a instance failover group." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/locations/instanceFailoverGroups" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/locations/instanceFailoverGroups" + }, + "locations_serverTrustGroups": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the server trust group." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ServerTrustGroupProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a server trust group." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/locations/serverTrustGroups" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/locations/serverTrustGroups" + }, + "managedInstances": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "identity": { + "oneOf": [ + { + "$ref": "#/definitions/ResourceIdentity" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Azure Active Directory identity configuration for a resource." + }, + "location": { + "type": "string", + "description": "Resource location." + }, + "name": { + "type": "string", + "description": "The name of the managed instance." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedInstanceProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The properties of a managed instance." + }, + "resources": { + "type": "array", + "items": { + "oneOf": [ + { + "$ref": "#/definitions/managedInstances_distributedAvailabilityGroups_childResource" + }, + { + "$ref": "#/definitions/managedInstances_databases_childResource" + }, + { + "$ref": "#/definitions/managedInstances_administrators_childResource" + }, + { + "$ref": "#/definitions/managedInstances_azureADOnlyAuthentications_childResource" + }, + { + "$ref": "#/definitions/managedInstances_encryptionProtector_childResource" + }, + { + "$ref": "#/definitions/managedInstances_keys_childResource" + }, + { + "$ref": "#/definitions/managedInstances_privateEndpointConnections_childResource" + }, + { + "$ref": "#/definitions/managedInstances_vulnerabilityAssessments_childResource" + }, + { + "$ref": "#/definitions/managedInstances_securityAlertPolicies_childResource" + }, + { + "$ref": "#/definitions/managedInstances_serverTrustCertificates_childResource" + }, + { + "$ref": "#/definitions/managedInstances_sqlAgent_childResource" + } + ] + } + }, + "sku": { + "oneOf": [ + { + "$ref": "#/definitions/Sku" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "An ARM Resource SKU." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Resource tags." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/managedInstances" + ] + } + }, + "required": [ + "apiVersion", + "location", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances" + }, + "managedInstances_administrators": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/ActiveDirectory$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedInstanceAdministratorProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The properties of a managed instance administrator." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/managedInstances/administrators" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/administrators" + }, + "managedInstances_azureADOnlyAuthentications": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/Default$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of server azure active directory only authentication." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedInstanceAzureADOnlyAuthProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a active directory only authentication for Managed Instance." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/managedInstances/azureADOnlyAuthentications" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/azureADOnlyAuthentications" + }, + "managedInstances_databases": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "location": { + "type": "string", + "description": "Resource location." + }, + "name": { + "type": "string", + "description": "The name of the database." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedDatabaseProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The managed database's properties." + }, + "resources": { + "type": "array", + "items": { + "oneOf": [ + { + "$ref": "#/definitions/managedInstances_databases_backupShortTermRetentionPolicies_childResource" + }, + { + "$ref": "#/definitions/managedInstances_databases_securityAlertPolicies_childResource" + }, + { + "$ref": "#/definitions/managedInstances_databases_transparentDataEncryption_childResource" + }, + { + "$ref": "#/definitions/managedInstances_databases_vulnerabilityAssessments_childResource" + }, + { + "$ref": "#/definitions/managedInstances_databases_backupLongTermRetentionPolicies_childResource" + } + ] + } + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Resource tags." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/managedInstances/databases" + ] + } + }, + "required": [ + "apiVersion", + "location", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/databases" + }, + "managedInstances_databases_backupLongTermRetentionPolicies": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/default$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The policy name. Should always be Default." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/BaseLongTermRetentionPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a long term retention policy" + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies" + }, + "managedInstances_databases_backupShortTermRetentionPolicies": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/default$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The policy name. Should always be \"default\"." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedBackupShortTermRetentionPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a short term retention policy" + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies" + }, + "managedInstances_databases_schemas_tables_columns_sensitivityLabels": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The source of the sensitivity label." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/SensitivityLabelProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a sensitivity label." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels" + }, + "managedInstances_databases_securityAlertPolicies": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/default$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of the security alert policy." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/SecurityAlertPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a security alert policy." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/managedInstances/databases/securityAlertPolicies" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/databases/securityAlertPolicies" + }, + "managedInstances_databases_transparentDataEncryption": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/current$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of the transparent data encryption configuration." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedTransparentDataEncryptionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a transparent data encryption." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/managedInstances/databases/transparentDataEncryption" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/databases/transparentDataEncryption" + }, + "managedInstances_databases_vulnerabilityAssessments": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/default$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of the vulnerability assessment." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/DatabaseVulnerabilityAssessmentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a database Vulnerability Assessment." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments" + }, + "managedInstances_databases_vulnerabilityAssessments_rules_baselines": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "enum": [ + "master", + "default" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of the vulnerability assessment rule baseline (default implies a baseline on a database level rule and master for server level rule)." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/DatabaseVulnerabilityAssessmentRuleBaselineProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a database Vulnerability Assessment rule baseline." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/rules/baselines" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/rules/baselines" + }, + "managedInstances_distributedAvailabilityGroups": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The distributed availability group name." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/DistributedAvailabilityGroupProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The properties of a distributed availability group." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/managedInstances/distributedAvailabilityGroups" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/distributedAvailabilityGroups" + }, + "managedInstances_encryptionProtector": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/current$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of the encryption protector to be updated." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedInstanceEncryptionProtectorProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties for an encryption protector execution." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/managedInstances/encryptionProtector" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/encryptionProtector" + }, + "managedInstances_keys": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the managed instance key to be operated on (updated or created)." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedInstanceKeyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties for a key execution." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/managedInstances/keys" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/keys" + }, + "managedInstances_privateEndpointConnections": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the private endpoint connection." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedInstancePrivateEndpointConnectionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a private endpoint connection." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/managedInstances/privateEndpointConnections" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/privateEndpointConnections" + }, + "managedInstances_restorableDroppedDatabases_backupShortTermRetentionPolicies": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/default$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The policy name. Should always be \"default\"." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedBackupShortTermRetentionPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a short term retention policy" + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/managedInstances/restorableDroppedDatabases/backupShortTermRetentionPolicies" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/restorableDroppedDatabases/backupShortTermRetentionPolicies" + }, + "managedInstances_securityAlertPolicies": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/default$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of the security alert policy." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/SecurityAlertsPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a security alert policy." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/managedInstances/securityAlertPolicies" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/securityAlertPolicies" + }, + "managedInstances_serverTrustCertificates": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "Name of of the certificate to upload." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ServerTrustCertificateProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The properties of a server trust certificate." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/managedInstances/serverTrustCertificates" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/serverTrustCertificates" + }, + "managedInstances_sqlAgent": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/current$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/SqlAgentConfigurationProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sql agent configuration properties." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/managedInstances/sqlAgent" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/sqlAgent" + }, + "managedInstances_vulnerabilityAssessments": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/default$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of the vulnerability assessment." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedInstanceVulnerabilityAssessmentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a managed instance vulnerability assessment." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/managedInstances/vulnerabilityAssessments" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/vulnerabilityAssessments" + }, + "servers": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "identity": { + "oneOf": [ + { + "$ref": "#/definitions/ResourceIdentity" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Azure Active Directory identity configuration for a resource." + }, + "location": { + "type": "string", + "description": "Resource location." + }, + "name": { + "type": "string", + "description": "The name of the server." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ServerProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The properties of a server." + }, + "resources": { + "type": "array", + "items": { + "oneOf": [ + { + "$ref": "#/definitions/servers_extendedAuditingSettings_childResource" + }, + { + "$ref": "#/definitions/servers_auditingSettings_childResource" + }, + { + "$ref": "#/definitions/servers_databases_childResource" + }, + { + "$ref": "#/definitions/servers_elasticPools_childResource" + }, + { + "$ref": "#/definitions/servers_encryptionProtector_childResource" + }, + { + "$ref": "#/definitions/servers_failoverGroups_childResource" + }, + { + "$ref": "#/definitions/servers_firewallRules_childResource" + }, + { + "$ref": "#/definitions/servers_jobAgents_childResource" + }, + { + "$ref": "#/definitions/servers_outboundFirewallRules_childResource" + }, + { + "$ref": "#/definitions/servers_privateEndpointConnections_childResource" + }, + { + "$ref": "#/definitions/servers_administrators_childResource" + }, + { + "$ref": "#/definitions/servers_azureADOnlyAuthentications_childResource" + }, + { + "$ref": "#/definitions/servers_connectionPolicies_childResource" + }, + { + "$ref": "#/definitions/servers_devOpsAuditingSettings_childResource" + }, + { + "$ref": "#/definitions/servers_dnsAliases_childResource" + }, + { + "$ref": "#/definitions/servers_keys_childResource" + }, + { + "$ref": "#/definitions/servers_securityAlertPolicies_childResource" + }, + { + "$ref": "#/definitions/servers_vulnerabilityAssessments_childResource" + }, + { + "$ref": "#/definitions/servers_syncAgents_childResource" + }, + { + "$ref": "#/definitions/servers_virtualNetworkRules_childResource" + } + ] + } + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Resource tags." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers" + ] + } + }, + "required": [ + "apiVersion", + "location", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers" + }, + "servers_administrators": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/ActiveDirectory$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of server active directory administrator." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/AdministratorProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a active directory administrator." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/administrators" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/administrators" + }, + "servers_auditingSettings": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/default$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of the blob auditing policy." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ServerBlobAuditingPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a server blob auditing policy." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/auditingSettings" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/auditingSettings" + }, + "servers_azureADOnlyAuthentications": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/Default$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of server azure active directory only authentication." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/AzureADOnlyAuthProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a active directory only authentication." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/azureADOnlyAuthentications" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/azureADOnlyAuthentications" + }, + "servers_connectionPolicies": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/default$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of the connection policy." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ServerConnectionPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The properties of a server connection policy." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/connectionPolicies" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/connectionPolicies" + }, + "servers_databases": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "identity": { + "oneOf": [ + { + "$ref": "#/definitions/DatabaseIdentity" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Azure Active Directory identity configuration for a resource." + }, + "location": { + "type": "string", + "description": "Resource location." + }, + "name": { + "type": "string", + "description": "The name of the database." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/DatabaseProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The database's properties." + }, + "resources": { + "type": "array", + "items": { + "oneOf": [ + { + "$ref": "#/definitions/servers_databases_backupShortTermRetentionPolicies_childResource" + }, + { + "$ref": "#/definitions/servers_databases_extendedAuditingSettings_childResource" + }, + { + "$ref": "#/definitions/servers_databases_auditingSettings_childResource" + }, + { + "$ref": "#/definitions/servers_databases_extensions_childResource" + }, + { + "$ref": "#/definitions/servers_databases_securityAlertPolicies_childResource" + }, + { + "$ref": "#/definitions/servers_databases_vulnerabilityAssessments_childResource" + }, + { + "$ref": "#/definitions/servers_databases_ledgerDigestUploads_childResource" + }, + { + "$ref": "#/definitions/servers_databases_backupLongTermRetentionPolicies_childResource" + }, + { + "$ref": "#/definitions/servers_databases_maintenanceWindows_childResource" + }, + { + "$ref": "#/definitions/servers_databases_syncGroups_childResource" + }, + { + "$ref": "#/definitions/servers_databases_transparentDataEncryption_childResource" + }, + { + "$ref": "#/definitions/servers_databases_workloadGroups_childResource" + } + ] + } + }, + "sku": { + "oneOf": [ + { + "$ref": "#/definitions/Sku" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "An ARM Resource SKU." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Resource tags." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/databases" + ] + } + }, + "required": [ + "apiVersion", + "location", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/databases" + }, + "servers_databases_auditingSettings": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/default$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of the blob auditing policy." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/DatabaseBlobAuditingPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a database blob auditing policy." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/databases/auditingSettings" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/databases/auditingSettings" + }, + "servers_databases_backupLongTermRetentionPolicies": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/default$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The policy name. Should always be Default." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/BaseLongTermRetentionPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a long term retention policy" + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies" + }, + "servers_databases_backupShortTermRetentionPolicies": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/default$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The policy name. Should always be \"default\"." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/BackupShortTermRetentionPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a short term retention policy" + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/databases/backupShortTermRetentionPolicies" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/databases/backupShortTermRetentionPolicies" + }, + "servers_databases_extendedAuditingSettings": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/default$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of the blob auditing policy." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ExtendedDatabaseBlobAuditingPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of an extended database blob auditing policy." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/databases/extendedAuditingSettings" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/databases/extendedAuditingSettings" + }, + "servers_databases_extensions": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string" + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/DatabaseExtensionsProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Contains the database information after a successful Import, Export, or PolybaseImport" + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/databases/extensions" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/databases/extensions" + }, + "servers_databases_ledgerDigestUploads": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/current$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/LedgerDigestUploadsProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The properties of a database ledger digest upload settings." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/databases/ledgerDigestUploads" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/databases/ledgerDigestUploads" + }, + "servers_databases_maintenanceWindows": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/current$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/MaintenanceWindowsProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Maintenance windows resource properties." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/databases/maintenanceWindows" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/databases/maintenanceWindows" + }, + "servers_databases_schemas_tables_columns_sensitivityLabels": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The source of the sensitivity label." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/SensitivityLabelProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a sensitivity label." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels" + }, + "servers_databases_securityAlertPolicies": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/default$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of the security alert policy." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/SecurityAlertsPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a security alert policy." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/databases/securityAlertPolicies" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/databases/securityAlertPolicies" + }, + "servers_databases_syncGroups": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the sync group." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/SyncGroupProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a sync group." + }, + "resources": { + "type": "array", + "items": { + "oneOf": [ + { + "$ref": "#/definitions/servers_databases_syncGroups_syncMembers_childResource" + } + ] + } + }, + "sku": { + "oneOf": [ + { + "$ref": "#/definitions/Sku" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "An ARM Resource SKU." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/databases/syncGroups" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/databases/syncGroups" + }, + "servers_databases_syncGroups_syncMembers": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the sync member." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/SyncMemberProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a sync member." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/databases/syncGroups/syncMembers" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/databases/syncGroups/syncMembers" + }, + "servers_databases_transparentDataEncryption": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/current$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of the transparent data encryption configuration." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/TransparentDataEncryptionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a transparent data encryption." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/databases/transparentDataEncryption" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/databases/transparentDataEncryption" + }, + "servers_databases_vulnerabilityAssessments": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/default$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of the vulnerability assessment." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/DatabaseVulnerabilityAssessmentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a database Vulnerability Assessment." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/databases/vulnerabilityAssessments" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/databases/vulnerabilityAssessments" + }, + "servers_databases_vulnerabilityAssessments_rules_baselines": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "enum": [ + "master", + "default" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of the vulnerability assessment rule baseline (default implies a baseline on a database level rule and master for server level rule)." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/DatabaseVulnerabilityAssessmentRuleBaselineProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a database Vulnerability Assessment rule baseline." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/databases/vulnerabilityAssessments/rules/baselines" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/databases/vulnerabilityAssessments/rules/baselines" + }, + "servers_databases_workloadGroups": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the workload group." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/WorkloadGroupProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Workload group definition. For more information look at sys.workload_management_workload_groups (DMV)." + }, + "resources": { + "type": "array", + "items": { + "oneOf": [ + { + "$ref": "#/definitions/servers_databases_workloadGroups_workloadClassifiers_childResource" + } + ] + } + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/databases/workloadGroups" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/databases/workloadGroups" + }, + "servers_databases_workloadGroups_workloadClassifiers": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the workload classifier to create/update." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/WorkloadClassifierProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Workload classifier definition. For more information look at sys.workload_management_workload_classifiers (DMV)." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/databases/workloadGroups/workloadClassifiers" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/databases/workloadGroups/workloadClassifiers" + }, + "servers_devOpsAuditingSettings": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the devops audit settings. This should always be 'default'." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ServerDevOpsAuditSettingsProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a server DevOps audit settings." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/devOpsAuditingSettings" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/devOpsAuditingSettings" + }, + "servers_dnsAliases": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the server dns alias." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/dnsAliases" + ] + } + }, + "required": [ + "apiVersion", + "name", + "type" + ], + "description": "Microsoft.Sql/servers/dnsAliases" + }, + "servers_elasticPools": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "location": { + "type": "string", + "description": "Resource location." + }, + "name": { + "type": "string", + "description": "The name of the elastic pool." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ElasticPoolProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of an elastic pool" + }, + "sku": { + "oneOf": [ + { + "$ref": "#/definitions/Sku" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "An ARM Resource SKU." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Resource tags." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/elasticPools" + ] + } + }, + "required": [ + "apiVersion", + "location", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/elasticPools" + }, + "servers_encryptionProtector": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/current$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of the encryption protector to be updated." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/EncryptionProtectorProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties for an encryption protector execution." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/encryptionProtector" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/encryptionProtector" + }, + "servers_extendedAuditingSettings": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/default$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of the blob auditing policy." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ExtendedServerBlobAuditingPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of an extended server blob auditing policy." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/extendedAuditingSettings" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/extendedAuditingSettings" + }, + "servers_failoverGroups": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the failover group." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/FailoverGroupProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a failover group." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Resource tags." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/failoverGroups" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/failoverGroups" + }, + "servers_firewallRules": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the firewall rule." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ServerFirewallRuleProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The properties of a server firewall rule." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/firewallRules" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/firewallRules" + }, + "servers_jobAgents": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "location": { + "type": "string", + "description": "Resource location." + }, + "name": { + "type": "string", + "description": "The name of the job agent to be created or updated." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/JobAgentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a job agent." + }, + "resources": { + "type": "array", + "items": { + "oneOf": [ + { + "$ref": "#/definitions/servers_jobAgents_credentials_childResource" + }, + { + "$ref": "#/definitions/servers_jobAgents_jobs_childResource" + }, + { + "$ref": "#/definitions/servers_jobAgents_targetGroups_childResource" + } + ] + } + }, + "sku": { + "oneOf": [ + { + "$ref": "#/definitions/Sku" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "An ARM Resource SKU." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Resource tags." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/jobAgents" + ] + } + }, + "required": [ + "apiVersion", + "location", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/jobAgents" + }, + "servers_jobAgents_credentials": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the credential." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/JobCredentialProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a job credential." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/jobAgents/credentials" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/jobAgents/credentials" + }, + "servers_jobAgents_jobs": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the job to get." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/JobProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a job." + }, + "resources": { + "type": "array", + "items": { + "oneOf": [ + { + "$ref": "#/definitions/servers_jobAgents_jobs_executions_childResource" + }, + { + "$ref": "#/definitions/servers_jobAgents_jobs_steps_childResource" + } + ] + } + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/jobAgents/jobs" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/jobAgents/jobs" + }, + "servers_jobAgents_jobs_executions": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The job execution id to create the job execution under." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/jobAgents/jobs/executions" + ] + } + }, + "required": [ + "apiVersion", + "name", + "type" + ], + "description": "Microsoft.Sql/servers/jobAgents/jobs/executions" + }, + "servers_jobAgents_jobs_steps": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the job step." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/JobStepProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a job step." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/jobAgents/jobs/steps" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/jobAgents/jobs/steps" + }, + "servers_jobAgents_targetGroups": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the target group." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/JobTargetGroupProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of job target group." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/jobAgents/targetGroups" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/jobAgents/targetGroups" + }, + "servers_keys": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the server key to be operated on (updated or created). The key name is required to be in the format of 'vault_key_version'. For example, if the keyId is https://YourVaultName.vault.azure.net/keys/YourKeyName/YourKeyVersion, then the server key name should be formatted as: YourVaultName_YourKeyName_YourKeyVersion" + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ServerKeyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties for a server key execution." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/keys" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/keys" + }, + "servers_outboundFirewallRules": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string" + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/outboundFirewallRules" + ] + } + }, + "required": [ + "apiVersion", + "name", + "type" + ], + "description": "Microsoft.Sql/servers/outboundFirewallRules" + }, + "servers_privateEndpointConnections": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the private endpoint connection." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/PrivateEndpointConnectionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a private endpoint connection." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/privateEndpointConnections" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/privateEndpointConnections" + }, + "servers_securityAlertPolicies": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/default$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of the threat detection policy." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/SecurityAlertsPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a security alert policy." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/securityAlertPolicies" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/securityAlertPolicies" + }, + "servers_syncAgents": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the sync agent." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/SyncAgentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of an Azure SQL Database sync agent." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/syncAgents" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/syncAgents" + }, + "servers_virtualNetworkRules": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the virtual network rule." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/VirtualNetworkRuleProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a virtual network rule." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/virtualNetworkRules" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/virtualNetworkRules" + }, + "servers_vulnerabilityAssessments": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^.*/default$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of the vulnerability assessment." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ServerVulnerabilityAssessmentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a server Vulnerability Assessment." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Sql/servers/vulnerabilityAssessments" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/vulnerabilityAssessments" + } + }, + "definitions": { + "AdministratorProperties": { + "type": "object", + "properties": { + "administratorType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "ActiveDirectory" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Type of the sever administrator." + }, + "login": { + "type": "string", + "description": "Login name of the server administrator." + }, + "sid": { + "oneOf": [ + { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "SID (object ID) of the server administrator." + }, + "tenantId": { + "oneOf": [ + { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Tenant ID of the administrator." + } + }, + "required": [ + "administratorType", + "login", + "sid" + ], + "description": "Properties of a active directory administrator." + }, + "AzureADOnlyAuthProperties": { + "type": "object", + "properties": { + "azureADOnlyAuthentication": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Azure Active Directory only Authentication enabled." + } + }, + "required": [ + "azureADOnlyAuthentication" + ], + "description": "Properties of a active directory only authentication." + }, + "BackupShortTermRetentionPolicyProperties": { + "type": "object", + "properties": { + "diffBackupIntervalInHours": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The differential backup interval in hours. This is how many interval hours between each differential backup will be supported. This is only applicable to live databases but not dropped databases." + }, + "retentionDays": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The backup retention period in days. This is how many days Point-in-Time Restore will be supported." + } + }, + "description": "Properties of a short term retention policy" + }, + "BaseLongTermRetentionPolicyProperties": { + "type": "object", + "properties": { + "monthlyRetention": { + "type": "string", + "description": "The monthly retention policy for an LTR backup in an ISO 8601 format." + }, + "weeklyRetention": { + "type": "string", + "description": "The weekly retention policy for an LTR backup in an ISO 8601 format." + }, + "weekOfYear": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The week of year to take the yearly backup in an ISO 8601 format." + }, + "yearlyRetention": { + "type": "string", + "description": "The yearly retention policy for an LTR backup in an ISO 8601 format." + } + }, + "description": "Properties of a long term retention policy" + }, + "DatabaseBlobAuditingPolicyProperties": { + "type": "object", + "properties": { + "auditActionsAndGroups": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\nDBCC_GROUP\r\nDATABASE_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_CHANGE_GROUP\r\nLEDGER_OPERATION_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n{action} ON {object} BY {principal}\r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)" + }, + "isAzureMonitorTargetEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies whether audit events are sent to Azure Monitor. \r\nIn order to send the events to Azure Monitor, specify 'State' as 'Enabled' and 'IsAzureMonitorTargetEnabled' as true.\r\n\r\nWhen using REST API to configure auditing, Diagnostic Settings with 'SQLSecurityAuditEvents' diagnostic logs category on the database should be also created.\r\nNote that for server level audit you should use the 'master' database as {databaseName}.\r\n\r\nDiagnostic Settings URI format:\r\nPUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/providers/microsoft.insights/diagnosticSettings/{settingsName}?api-version=2017-05-01-preview\r\n\r\nFor more information, see [Diagnostic Settings REST API](https://go.microsoft.com/fwlink/?linkid=2033207)\r\nor [Diagnostic Settings PowerShell](https://go.microsoft.com/fwlink/?linkid=2033043)\r\n" + }, + "isStorageSecondaryKeyInUse": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies whether storageAccountAccessKey value is the storage's secondary key." + }, + "queueDelayMs": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the amount of time in milliseconds that can elapse before audit actions are forced to be processed.\r\nThe default minimum value is 1000 (1 second). The maximum is 2,147,483,647." + }, + "retentionDays": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the number of days to keep in the audit logs in the storage account." + }, + "state": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Enabled", + "Disabled" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the state of the audit. If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required." + }, + "storageAccountAccessKey": { + "type": "string", + "description": "Specifies the identifier key of the auditing storage account. \r\nIf state is Enabled and storageEndpoint is specified, not specifying the storageAccountAccessKey will use SQL server system-assigned managed identity to access the storage.\r\nPrerequisites for using managed identity authentication:\r\n1. Assign SQL Server a system-assigned managed identity in Azure Active Directory (AAD).\r\n2. Grant SQL Server identity access to the storage account by adding 'Storage Blob Data Contributor' RBAC role to the server identity.\r\nFor more information, see [Auditing to storage using Managed Identity authentication](https://go.microsoft.com/fwlink/?linkid=2114355)" + }, + "storageAccountSubscriptionId": { + "oneOf": [ + { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the blob storage subscription Id." + }, + "storageEndpoint": { + "type": "string", + "description": "Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled is required." + } + }, + "required": [ + "state" + ], + "description": "Properties of a database blob auditing policy." + }, + "DatabaseExtensionsProperties": { + "type": "object", + "properties": { + "administratorLogin": { + "type": "string", + "description": "Administrator login name." + }, + "administratorLoginPassword": { + "type": "string", + "description": "Administrator login password." + }, + "authenticationType": { + "type": "string", + "description": "Authentication type: SQL authentication or AD password." + }, + "databaseEdition": { + "type": "string", + "description": "Database edition for the newly created database in the case of an import operation." + }, + "maxSizeBytes": { + "type": "string", + "description": "Database max size in bytes for the newly created database in the case of an import operation." + }, + "networkIsolation": { + "oneOf": [ + { + "$ref": "#/definitions/NetworkIsolationSettings" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Contains the ARM resources for which to create private endpoint connection." + }, + "operationMode": { + "oneOf": [ + { + "type": "string", + "enum": [ + "PolybaseImport", + "Import", + "Export" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Operation mode of the operation: Import, Export, or PolybaseImport." + }, + "serviceObjectiveName": { + "type": "string", + "description": "Database service level objective for the newly created database in the case of an import operation." + }, + "storageKey": { + "type": "string", + "description": "Storage key for the storage account." + }, + "storageKeyType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "SharedAccessKey", + "StorageAccessKey" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Storage key type: StorageAccessKey or SharedAccessKey." + }, + "storageUri": { + "type": "string", + "description": "Storage Uri for the storage account." + } + }, + "required": [ + "operationMode", + "storageKey", + "storageKeyType", + "storageUri" + ], + "description": "Contains the database information after a successful Import, Export, or PolybaseImport" + }, + "DatabaseIdentity": { + "type": "object", + "properties": { + "delegatedResources": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/Delegation" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Resources delegated to the database - Internal Use Only" + }, + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "None", + "UserAssigned" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The identity type." + }, + "userAssignedIdentities": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/DatabaseUserIdentity" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The resource ids of the user assigned identities to use" + } + }, + "description": "Azure Active Directory identity configuration for a resource." + }, + "DatabaseProperties": { + "type": "object", + "properties": { + "autoPauseDelay": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Time in minutes after which database is automatically paused. A value of -1 means that automatic pause is disabled" + }, + "catalogCollation": { + "oneOf": [ + { + "type": "string", + "enum": [ + "DATABASE_DEFAULT", + "SQL_Latin1_General_CP1_CI_AS" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Collation of the metadata catalog." + }, + "collation": { + "type": "string", + "description": "The collation of the database." + }, + "createMode": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Default", + "Copy", + "Secondary", + "PointInTimeRestore", + "Restore", + "Recovery", + "RestoreExternalBackup", + "RestoreExternalBackupSecondary", + "RestoreLongTermRetentionBackup", + "OnlineSecondary" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the mode of database creation.\r\n\r\nDefault: regular database creation.\r\n\r\nCopy: creates a database as a copy of an existing database. sourceDatabaseId must be specified as the resource ID of the source database.\r\n\r\nSecondary: creates a database as a secondary replica of an existing database. sourceDatabaseId must be specified as the resource ID of the existing primary database.\r\n\r\nPointInTimeRestore: Creates a database by restoring a point in time backup of an existing database. sourceDatabaseId must be specified as the resource ID of the existing database, and restorePointInTime must be specified.\r\n\r\nRecovery: Creates a database by restoring a geo-replicated backup. sourceDatabaseId must be specified as the recoverable database resource ID to restore.\r\n\r\nRestore: Creates a database by restoring a backup of a deleted database. sourceDatabaseId must be specified. If sourceDatabaseId is the database's original resource ID, then sourceDatabaseDeletionDate must be specified. Otherwise sourceDatabaseId must be the restorable dropped database resource ID and sourceDatabaseDeletionDate is ignored. restorePointInTime may also be specified to restore from an earlier point in time.\r\n\r\nRestoreLongTermRetentionBackup: Creates a database by restoring from a long term retention vault. recoveryServicesRecoveryPointResourceId must be specified as the recovery point resource ID.\r\n\r\nCopy, Secondary, and RestoreLongTermRetentionBackup are not supported for DataWarehouse edition." + }, + "elasticPoolId": { + "type": "string", + "description": "The resource identifier of the elastic pool containing this database." + }, + "federatedClientId": { + "oneOf": [ + { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Client id used for cross tenant per database CMK scenario" + }, + "highAvailabilityReplicaCount": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The number of secondary replicas associated with the database that are used to provide high availability." + }, + "isLedgerOn": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Whether or not this database is a ledger database, which means all tables in the database are ledger tables. Note: the value of this property cannot be changed after the database has been created." + }, + "licenseType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "LicenseIncluded", + "BasePrice" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The license type to apply for this database. `LicenseIncluded` if you need a license, or `BasePrice` if you have a license and are eligible for the Azure Hybrid Benefit." + }, + "longTermRetentionBackupResourceId": { + "type": "string", + "description": "The resource identifier of the long term retention backup associated with create operation of this database." + }, + "maintenanceConfigurationId": { + "type": "string", + "description": "Maintenance configuration id assigned to the database. This configuration defines the period when the maintenance updates will occur." + }, + "maxSizeBytes": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The max size of the database expressed in bytes." + }, + "minCapacity": { + "oneOf": [ + { + "type": "number" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Minimal capacity that database will always have allocated, if not paused" + }, + "primaryDelegatedIdentityClientId": { + "oneOf": [ + { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Primary Delegated Identity Client id used for per database CMK - for internal use only" + }, + "readScale": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Enabled", + "Disabled" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The state of read-only routing. If enabled, connections that have application intent set to readonly in their connection string may be routed to a readonly secondary replica in the same region." + }, + "recoverableDatabaseId": { + "type": "string", + "description": "The resource identifier of the recoverable database associated with create operation of this database." + }, + "recoveryServicesRecoveryPointId": { + "type": "string", + "description": "The resource identifier of the recovery point associated with create operation of this database." + }, + "requestedBackupStorageRedundancy": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Geo", + "Local", + "Zone", + "GeoZone" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The storage account type to be used to store backups for this database." + }, + "restorableDroppedDatabaseId": { + "type": "string", + "description": "The resource identifier of the restorable dropped database associated with create operation of this database." + }, + "restorePointInTime": { + "type": "string", + "format": "date-time", + "description": "Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database." + }, + "sampleName": { + "oneOf": [ + { + "type": "string", + "enum": [ + "AdventureWorksLT", + "WideWorldImportersStd", + "WideWorldImportersFull" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The name of the sample schema to apply when creating this database." + }, + "secondaryType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Geo", + "Named" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The secondary type of the database if it is a secondary. Valid values are Geo and Named." + }, + "sourceDatabaseDeletionDate": { + "type": "string", + "format": "date-time", + "description": "Specifies the time that the database was deleted." + }, + "sourceDatabaseId": { + "type": "string", + "description": "The resource identifier of the source database associated with create operation of this database." + }, + "zoneRedundant": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Whether or not this database is zone redundant, which means the replicas of this database will be spread across multiple availability zones." + } + }, + "description": "The database's properties." + }, + "DatabaseUserIdentity": { + "type": "object", + "properties": {}, + "description": "Azure Active Directory identity configuration for a resource." + }, + "DatabaseVulnerabilityAssessmentProperties": { + "type": "object", + "properties": { + "recurringScans": { + "oneOf": [ + { + "$ref": "#/definitions/VulnerabilityAssessmentRecurringScansProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a Vulnerability Assessment recurring scans." + }, + "storageAccountAccessKey": { + "type": "string", + "description": "Specifies the identifier key of the storage account for vulnerability assessment scan results. If 'StorageContainerSasKey' isn't specified, storageAccountAccessKey is required. Applies only if the storage account is not behind a Vnet or a firewall" + }, + "storageContainerPath": { + "type": "string", + "description": "A blob storage container path to hold the scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/). It is required if server level vulnerability assessment policy doesn't set" + }, + "storageContainerSasKey": { + "type": "string", + "description": "A shared access signature (SAS Key) that has write access to the blob container specified in 'storageContainerPath' parameter. If 'storageAccountAccessKey' isn't specified, StorageContainerSasKey is required. Applies only if the storage account is not behind a Vnet or a firewall" + } + }, + "description": "Properties of a database Vulnerability Assessment." + }, + "DatabaseVulnerabilityAssessmentRuleBaselineItem": { + "type": "object", + "properties": { + "result": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The rule baseline result" + } + }, + "required": [ + "result" + ], + "description": "Properties for an Azure SQL Database Vulnerability Assessment rule baseline's result." + }, + "DatabaseVulnerabilityAssessmentRuleBaselineProperties": { + "type": "object", + "properties": { + "baselineResults": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/DatabaseVulnerabilityAssessmentRuleBaselineItem" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The rule baseline result" + } + }, + "required": [ + "baselineResults" + ], + "description": "Properties of a database Vulnerability Assessment rule baseline." + }, + "Delegation": { + "type": "object", + "properties": { + "resourceId": { + "type": "string", + "description": "The resource id of the source resource - Internal Use Only" + } + }, + "description": "Delegated Resource Properties - Internal Use Only" + }, + "DistributedAvailabilityGroupProperties": { + "type": "object", + "properties": { + "primaryAvailabilityGroupName": { + "type": "string", + "description": "The primary availability group name" + }, + "replicationMode": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Async", + "Sync" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The replication mode of a distributed availability group. Parameter will be ignored during link creation." + }, + "secondaryAvailabilityGroupName": { + "type": "string", + "description": "The secondary availability group name" + }, + "sourceEndpoint": { + "type": "string", + "description": "The source endpoint" + }, + "targetDatabase": { + "type": "string", + "description": "The name of the target database" + } + }, + "description": "The properties of a distributed availability group." + }, + "ElasticPoolPerDatabaseSettings": { + "type": "object", + "properties": { + "maxCapacity": { + "oneOf": [ + { + "type": "number" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The maximum capacity any one database can consume." + }, + "minCapacity": { + "oneOf": [ + { + "type": "number" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The minimum capacity all databases are guaranteed." + } + }, + "description": "Per database settings of an elastic pool." + }, + "ElasticPoolProperties": { + "type": "object", + "properties": { + "licenseType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "LicenseIncluded", + "BasePrice" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The license type to apply for this elastic pool." + }, + "maintenanceConfigurationId": { + "type": "string", + "description": "Maintenance configuration id assigned to the elastic pool. This configuration defines the period when the maintenance updates will will occur." + }, + "maxSizeBytes": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The storage limit for the database elastic pool in bytes." + }, + "perDatabaseSettings": { + "oneOf": [ + { + "$ref": "#/definitions/ElasticPoolPerDatabaseSettings" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Per database settings of an elastic pool." + }, + "zoneRedundant": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Whether or not this elastic pool is zone redundant, which means the replicas of this elastic pool will be spread across multiple availability zones." + } + }, + "description": "Properties of an elastic pool" + }, + "EncryptionProtectorProperties": { + "type": "object", + "properties": { + "autoRotationEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Key auto rotation opt-in flag. Either true or false." + }, + "serverKeyName": { + "type": "string", + "description": "The name of the server key." + }, + "serverKeyType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "ServiceManaged", + "AzureKeyVault" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The encryption protector type like 'ServiceManaged', 'AzureKeyVault'." + } + }, + "required": [ + "serverKeyType" + ], + "description": "Properties for an encryption protector execution." + }, + "ExtendedDatabaseBlobAuditingPolicyProperties": { + "type": "object", + "properties": { + "auditActionsAndGroups": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\nDBCC_GROUP\r\nDATABASE_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_CHANGE_GROUP\r\nLEDGER_OPERATION_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n{action} ON {object} BY {principal}\r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)" + }, + "isAzureMonitorTargetEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies whether audit events are sent to Azure Monitor. \r\nIn order to send the events to Azure Monitor, specify 'State' as 'Enabled' and 'IsAzureMonitorTargetEnabled' as true.\r\n\r\nWhen using REST API to configure auditing, Diagnostic Settings with 'SQLSecurityAuditEvents' diagnostic logs category on the database should be also created.\r\nNote that for server level audit you should use the 'master' database as {databaseName}.\r\n\r\nDiagnostic Settings URI format:\r\nPUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/providers/microsoft.insights/diagnosticSettings/{settingsName}?api-version=2017-05-01-preview\r\n\r\nFor more information, see [Diagnostic Settings REST API](https://go.microsoft.com/fwlink/?linkid=2033207)\r\nor [Diagnostic Settings PowerShell](https://go.microsoft.com/fwlink/?linkid=2033043)\r\n" + }, + "isStorageSecondaryKeyInUse": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies whether storageAccountAccessKey value is the storage's secondary key." + }, + "predicateExpression": { + "type": "string", + "description": "Specifies condition of where clause when creating an audit." + }, + "queueDelayMs": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the amount of time in milliseconds that can elapse before audit actions are forced to be processed.\r\nThe default minimum value is 1000 (1 second). The maximum is 2,147,483,647." + }, + "retentionDays": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the number of days to keep in the audit logs in the storage account." + }, + "state": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Enabled", + "Disabled" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the state of the audit. If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required." + }, + "storageAccountAccessKey": { + "type": "string", + "description": "Specifies the identifier key of the auditing storage account. \r\nIf state is Enabled and storageEndpoint is specified, not specifying the storageAccountAccessKey will use SQL server system-assigned managed identity to access the storage.\r\nPrerequisites for using managed identity authentication:\r\n1. Assign SQL Server a system-assigned managed identity in Azure Active Directory (AAD).\r\n2. Grant SQL Server identity access to the storage account by adding 'Storage Blob Data Contributor' RBAC role to the server identity.\r\nFor more information, see [Auditing to storage using Managed Identity authentication](https://go.microsoft.com/fwlink/?linkid=2114355)" + }, + "storageAccountSubscriptionId": { + "oneOf": [ + { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the blob storage subscription Id." + }, + "storageEndpoint": { + "type": "string", + "description": "Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled is required." + } + }, + "required": [ + "state" + ], + "description": "Properties of an extended database blob auditing policy." + }, + "ExtendedServerBlobAuditingPolicyProperties": { + "type": "object", + "properties": { + "auditActionsAndGroups": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\nDBCC_GROUP\r\nDATABASE_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_CHANGE_GROUP\r\nLEDGER_OPERATION_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n{action} ON {object} BY {principal}\r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)" + }, + "isAzureMonitorTargetEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies whether audit events are sent to Azure Monitor. \r\nIn order to send the events to Azure Monitor, specify 'State' as 'Enabled' and 'IsAzureMonitorTargetEnabled' as true.\r\n\r\nWhen using REST API to configure auditing, Diagnostic Settings with 'SQLSecurityAuditEvents' diagnostic logs category on the database should be also created.\r\nNote that for server level audit you should use the 'master' database as {databaseName}.\r\n\r\nDiagnostic Settings URI format:\r\nPUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/providers/microsoft.insights/diagnosticSettings/{settingsName}?api-version=2017-05-01-preview\r\n\r\nFor more information, see [Diagnostic Settings REST API](https://go.microsoft.com/fwlink/?linkid=2033207)\r\nor [Diagnostic Settings PowerShell](https://go.microsoft.com/fwlink/?linkid=2033043)\r\n" + }, + "isDevopsAuditEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the state of devops audit. If state is Enabled, devops logs will be sent to Azure Monitor.\r\nIn order to send the events to Azure Monitor, specify 'State' as 'Enabled', 'IsAzureMonitorTargetEnabled' as true and 'IsDevopsAuditEnabled' as true\r\n\r\nWhen using REST API to configure auditing, Diagnostic Settings with 'DevOpsOperationsAudit' diagnostic logs category on the master database should also be created.\r\n\r\nDiagnostic Settings URI format:\r\nPUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Sql/servers/{serverName}/databases/master/providers/microsoft.insights/diagnosticSettings/{settingsName}?api-version=2017-05-01-preview\r\n\r\nFor more information, see [Diagnostic Settings REST API](https://go.microsoft.com/fwlink/?linkid=2033207)\r\nor [Diagnostic Settings PowerShell](https://go.microsoft.com/fwlink/?linkid=2033043)\r\n" + }, + "isStorageSecondaryKeyInUse": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies whether storageAccountAccessKey value is the storage's secondary key." + }, + "predicateExpression": { + "type": "string", + "description": "Specifies condition of where clause when creating an audit." + }, + "queueDelayMs": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the amount of time in milliseconds that can elapse before audit actions are forced to be processed.\r\nThe default minimum value is 1000 (1 second). The maximum is 2,147,483,647." + }, + "retentionDays": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the number of days to keep in the audit logs in the storage account." + }, + "state": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Enabled", + "Disabled" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the state of the audit. If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required." + }, + "storageAccountAccessKey": { + "type": "string", + "description": "Specifies the identifier key of the auditing storage account. \r\nIf state is Enabled and storageEndpoint is specified, not specifying the storageAccountAccessKey will use SQL server system-assigned managed identity to access the storage.\r\nPrerequisites for using managed identity authentication:\r\n1. Assign SQL Server a system-assigned managed identity in Azure Active Directory (AAD).\r\n2. Grant SQL Server identity access to the storage account by adding 'Storage Blob Data Contributor' RBAC role to the server identity.\r\nFor more information, see [Auditing to storage using Managed Identity authentication](https://go.microsoft.com/fwlink/?linkid=2114355)" + }, + "storageAccountSubscriptionId": { + "oneOf": [ + { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the blob storage subscription Id." + }, + "storageEndpoint": { + "type": "string", + "description": "Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled is required." + } + }, + "required": [ + "state" + ], + "description": "Properties of an extended server blob auditing policy." + }, + "FailoverGroupProperties": { + "type": "object", + "properties": { + "databases": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "List of databases in the failover group." + }, + "partnerServers": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/PartnerInfo" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "List of partner server information for the failover group." + }, + "readOnlyEndpoint": { + "oneOf": [ + { + "$ref": "#/definitions/FailoverGroupReadOnlyEndpoint" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Read-only endpoint of the failover group instance." + }, + "readWriteEndpoint": { + "oneOf": [ + { + "$ref": "#/definitions/FailoverGroupReadWriteEndpoint" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Read-write endpoint of the failover group instance." + } + }, + "required": [ + "partnerServers", + "readWriteEndpoint" + ], + "description": "Properties of a failover group." + }, + "FailoverGroupReadOnlyEndpoint": { + "type": "object", + "properties": { + "failoverPolicy": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Disabled", + "Enabled" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Failover policy of the read-only endpoint for the failover group." + } + }, + "description": "Read-only endpoint of the failover group instance." + }, + "FailoverGroupReadWriteEndpoint": { + "type": "object", + "properties": { + "failoverPolicy": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Manual", + "Automatic" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Failover policy of the read-write endpoint for the failover group. If failoverPolicy is Automatic then failoverWithDataLossGracePeriodMinutes is required." + }, + "failoverWithDataLossGracePeriodMinutes": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Grace period before failover with data loss is attempted for the read-write endpoint. If failoverPolicy is Automatic then failoverWithDataLossGracePeriodMinutes is required." + } + }, + "required": [ + "failoverPolicy" + ], + "description": "Read-write endpoint of the failover group instance." + }, + "FirewallRule": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Resource name." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ServerFirewallRuleProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The properties of a server firewall rule." + } + }, + "description": "A server firewall rule." + }, + "InstanceFailoverGroupProperties": { + "type": "object", + "properties": { + "managedInstancePairs": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/ManagedInstancePairInfo" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "List of managed instance pairs in the failover group." + }, + "partnerRegions": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/PartnerRegionInfo" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Partner region information for the failover group." + }, + "readOnlyEndpoint": { + "oneOf": [ + { + "$ref": "#/definitions/InstanceFailoverGroupReadOnlyEndpoint" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Read-only endpoint of the failover group instance." + }, + "readWriteEndpoint": { + "oneOf": [ + { + "$ref": "#/definitions/InstanceFailoverGroupReadWriteEndpoint" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Read-write endpoint of the failover group instance." + } + }, + "required": [ + "managedInstancePairs", + "partnerRegions", + "readWriteEndpoint" + ], + "description": "Properties of a instance failover group." + }, + "InstanceFailoverGroupReadOnlyEndpoint": { + "type": "object", + "properties": { + "failoverPolicy": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Disabled", + "Enabled" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Failover policy of the read-only endpoint for the failover group." + } + }, + "description": "Read-only endpoint of the failover group instance." + }, + "InstanceFailoverGroupReadWriteEndpoint": { + "type": "object", + "properties": { + "failoverPolicy": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Manual", + "Automatic" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Failover policy of the read-write endpoint for the failover group. If failoverPolicy is Automatic then failoverWithDataLossGracePeriodMinutes is required." + }, + "failoverWithDataLossGracePeriodMinutes": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Grace period before failover with data loss is attempted for the read-write endpoint. If failoverPolicy is Automatic then failoverWithDataLossGracePeriodMinutes is required." + } + }, + "required": [ + "failoverPolicy" + ], + "description": "Read-write endpoint of the failover group instance." + }, + "InstancePoolProperties": { + "type": "object", + "properties": { + "licenseType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "LicenseIncluded", + "BasePrice" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The license type. Possible values are 'LicenseIncluded' (price for SQL license is included) and 'BasePrice' (without SQL license price)." + }, + "subnetId": { + "type": "string", + "description": "Resource ID of the subnet to place this instance pool in." + }, + "vCores": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Count of vCores belonging to this instance pool." + } + }, + "required": [ + "licenseType", + "subnetId", + "vCores" + ], + "description": "Properties of an instance pool." + }, + "JobAgentProperties": { + "type": "object", + "properties": { + "databaseId": { + "type": "string", + "description": "Resource ID of the database to store job metadata in." + } + }, + "required": [ + "databaseId" + ], + "description": "Properties of a job agent." + }, + "JobCredentialProperties": { + "type": "object", + "properties": { + "password": { + "type": "string", + "description": "The credential password." + }, + "username": { + "type": "string", + "description": "The credential user name." + } + }, + "required": [ + "password", + "username" + ], + "description": "Properties of a job credential." + }, + "JobProperties": { + "type": "object", + "properties": { + "description": { + "type": "string", + "default": "", + "description": "User-defined description of the job." + }, + "schedule": { + "oneOf": [ + { + "$ref": "#/definitions/JobSchedule" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Scheduling properties of a job." + } + }, + "description": "Properties of a job." + }, + "JobSchedule": { + "type": "object", + "properties": { + "enabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Whether or not the schedule is enabled." + }, + "endTime": { + "type": "string", + "default": "9999-12-31T11:59:59+00:00", + "format": "date-time", + "description": "Schedule end time." + }, + "interval": { + "type": "string", + "description": "Value of the schedule's recurring interval, if the ScheduleType is recurring. ISO8601 duration format." + }, + "startTime": { + "type": "string", + "default": "0001-01-01T00:00:00+00:00", + "format": "date-time", + "description": "Schedule start time." + }, + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Once", + "Recurring" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Schedule interval type." + } + }, + "description": "Scheduling properties of a job." + }, + "JobStepAction": { + "type": "object", + "properties": { + "source": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Inline" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The source of the action to execute." + }, + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "TSql" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Type of action being executed by the job step." + }, + "value": { + "type": "string", + "description": "The action value, for example the text of the T-SQL script to execute." + } + }, + "required": [ + "value" + ], + "description": "The action to be executed by a job step." + }, + "JobStepExecutionOptions": { + "type": "object", + "properties": { + "initialRetryIntervalSeconds": { + "oneOf": [ + { + "type": "integer", + "default": "1" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Initial delay between retries for job step execution." + }, + "maximumRetryIntervalSeconds": { + "oneOf": [ + { + "type": "integer", + "default": "120" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The maximum amount of time to wait between retries for job step execution." + }, + "retryAttempts": { + "oneOf": [ + { + "type": "integer", + "default": "10" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Maximum number of times the job step will be reattempted if the first attempt fails." + }, + "retryIntervalBackoffMultiplier": { + "oneOf": [ + { + "type": "number", + "default": 2 + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The backoff multiplier for the time between retries." + }, + "timeoutSeconds": { + "oneOf": [ + { + "type": "integer", + "default": "43200" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Execution timeout for the job step." + } + }, + "description": "The execution options of a job step." + }, + "JobStepOutput": { + "type": "object", + "properties": { + "credential": { + "type": "string", + "description": "The resource ID of the credential to use to connect to the output destination." + }, + "databaseName": { + "type": "string", + "description": "The output destination database." + }, + "resourceGroupName": { + "type": "string", + "description": "The output destination resource group." + }, + "schemaName": { + "type": "string", + "default": "dbo", + "description": "The output destination schema." + }, + "serverName": { + "type": "string", + "description": "The output destination server name." + }, + "subscriptionId": { + "oneOf": [ + { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The output destination subscription id." + }, + "tableName": { + "type": "string", + "description": "The output destination table." + }, + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "SqlDatabase" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The output destination type." + } + }, + "required": [ + "credential", + "databaseName", + "serverName", + "tableName" + ], + "description": "The output configuration of a job step." + }, + "JobStepProperties": { + "type": "object", + "properties": { + "action": { + "oneOf": [ + { + "$ref": "#/definitions/JobStepAction" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The action to be executed by a job step." + }, + "credential": { + "type": "string", + "description": "The resource ID of the job credential that will be used to connect to the targets." + }, + "executionOptions": { + "oneOf": [ + { + "$ref": "#/definitions/JobStepExecutionOptions" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The execution options of a job step." + }, + "output": { + "oneOf": [ + { + "$ref": "#/definitions/JobStepOutput" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The output configuration of a job step." + }, + "stepId": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The job step's index within the job. If not specified when creating the job step, it will be created as the last step. If not specified when updating the job step, the step id is not modified." + }, + "targetGroup": { + "type": "string", + "description": "The resource ID of the target group that the job step will be executed on." + } + }, + "required": [ + "action", + "credential", + "targetGroup" + ], + "description": "Properties of a job step." + }, + "JobTarget": { + "type": "object", + "properties": { + "databaseName": { + "type": "string", + "description": "The target database name." + }, + "elasticPoolName": { + "type": "string", + "description": "The target elastic pool name." + }, + "membershipType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Include", + "Exclude" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Whether the target is included or excluded from the group." + }, + "refreshCredential": { + "type": "string", + "description": "The resource ID of the credential that is used during job execution to connect to the target and determine the list of databases inside the target." + }, + "serverName": { + "type": "string", + "description": "The target server name." + }, + "shardMapName": { + "type": "string", + "description": "The target shard map." + }, + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "TargetGroup", + "SqlDatabase", + "SqlElasticPool", + "SqlShardMap", + "SqlServer" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The target type." + } + }, + "required": [ + "type" + ], + "description": "A job target, for example a specific database or a container of databases that is evaluated during job execution." + }, + "JobTargetGroupProperties": { + "type": "object", + "properties": { + "members": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/JobTarget" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Members of the target group." + } + }, + "required": [ + "members" + ], + "description": "Properties of job target group." + }, + "LedgerDigestUploadsProperties": { + "type": "object", + "properties": { + "digestStorageEndpoint": { + "type": "string", + "description": "The digest storage endpoint, which must be either an Azure blob storage endpoint or an URI for Azure Confidential Ledger." + } + }, + "description": "The properties of a database ledger digest upload settings." + }, + "MaintenanceWindowsProperties": { + "type": "object", + "properties": { + "timeRanges": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/MaintenanceWindowTimeRange" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + } + }, + "description": "Maintenance windows resource properties." + }, + "MaintenanceWindowTimeRange": { + "type": "object", + "properties": { + "dayOfWeek": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Sunday", + "Monday", + "Tuesday", + "Wednesday", + "Thursday", + "Friday", + "Saturday" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Day of maintenance window." + }, + "duration": { + "type": "string", + "description": "Duration of maintenance window in minutes." + }, + "startTime": { + "type": "string", + "description": "Start time minutes offset from 12am." + } + }, + "description": "Maintenance window time range." + }, + "ManagedBackupShortTermRetentionPolicyProperties": { + "type": "object", + "properties": { + "retentionDays": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The backup retention period in days. This is how many days Point-in-Time Restore will be supported." + } + }, + "description": "Properties of a short term retention policy" + }, + "ManagedDatabaseProperties": { + "type": "object", + "properties": { + "autoCompleteRestore": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Whether to auto complete restore of this managed database." + }, + "catalogCollation": { + "oneOf": [ + { + "type": "string", + "enum": [ + "DATABASE_DEFAULT", + "SQL_Latin1_General_CP1_CI_AS" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Collation of the metadata catalog." + }, + "collation": { + "type": "string", + "description": "Collation of the managed database." + }, + "createMode": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Default", + "RestoreExternalBackup", + "PointInTimeRestore", + "Recovery", + "RestoreLongTermRetentionBackup" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Managed database create mode. PointInTimeRestore: Create a database by restoring a point in time backup of an existing database. SourceDatabaseName, SourceManagedInstanceName and PointInTime must be specified. RestoreExternalBackup: Create a database by restoring from external backup files. Collation, StorageContainerUri and StorageContainerSasToken must be specified. Recovery: Creates a database by restoring a geo-replicated backup. RecoverableDatabaseId must be specified as the recoverable database resource ID to restore. RestoreLongTermRetentionBackup: Create a database by restoring from a long term retention backup (longTermRetentionBackupResourceId required)." + }, + "lastBackupName": { + "type": "string", + "description": "Last backup file name for restore of this managed database." + }, + "longTermRetentionBackupResourceId": { + "type": "string", + "description": "The name of the Long Term Retention backup to be used for restore of this managed database." + }, + "recoverableDatabaseId": { + "type": "string", + "description": "The resource identifier of the recoverable database associated with create operation of this database." + }, + "restorableDroppedDatabaseId": { + "type": "string", + "description": "The restorable dropped database resource id to restore when creating this database." + }, + "restorePointInTime": { + "type": "string", + "format": "date-time", + "description": "Conditional. If createMode is PointInTimeRestore, this value is required. Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database." + }, + "sourceDatabaseId": { + "type": "string", + "description": "The resource identifier of the source database associated with create operation of this database." + }, + "storageContainerSasToken": { + "type": "string", + "description": "Conditional. If createMode is RestoreExternalBackup, this value is required. Specifies the storage container sas token." + }, + "storageContainerUri": { + "type": "string", + "description": "Conditional. If createMode is RestoreExternalBackup, this value is required. Specifies the uri of the storage container where backups for this restore are stored." + } + }, + "description": "The managed database's properties." + }, + "ManagedInstanceAdministratorProperties": { + "type": "object", + "properties": { + "administratorType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "ActiveDirectory" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Type of the managed instance administrator." + }, + "login": { + "type": "string", + "description": "Login name of the managed instance administrator." + }, + "sid": { + "oneOf": [ + { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "SID (object ID) of the managed instance administrator." + }, + "tenantId": { + "oneOf": [ + { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Tenant ID of the managed instance administrator." + } + }, + "required": [ + "administratorType", + "login", + "sid" + ], + "description": "The properties of a managed instance administrator." + }, + "ManagedInstanceAzureADOnlyAuthProperties": { + "type": "object", + "properties": { + "azureADOnlyAuthentication": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Azure Active Directory only Authentication enabled." + } + }, + "required": [ + "azureADOnlyAuthentication" + ], + "description": "Properties of a active directory only authentication for Managed Instance." + }, + "ManagedInstanceEncryptionProtectorProperties": { + "type": "object", + "properties": { + "autoRotationEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Key auto rotation opt-in flag. Either true or false." + }, + "serverKeyName": { + "type": "string", + "description": "The name of the managed instance key." + }, + "serverKeyType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "ServiceManaged", + "AzureKeyVault" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The encryption protector type like 'ServiceManaged', 'AzureKeyVault'." + } + }, + "required": [ + "serverKeyType" + ], + "description": "Properties for an encryption protector execution." + }, + "ManagedInstanceExternalAdministrator": { + "type": "object", + "properties": { + "administratorType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "ActiveDirectory" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Type of the sever administrator." + }, + "azureADOnlyAuthentication": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Azure Active Directory only Authentication enabled." + }, + "login": { + "type": "string", + "description": "Login name of the server administrator." + }, + "principalType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "User", + "Group", + "Application" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Principal Type of the sever administrator." + }, + "sid": { + "oneOf": [ + { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "SID (object ID) of the server administrator." + }, + "tenantId": { + "oneOf": [ + { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Tenant ID of the administrator." + } + }, + "description": "Properties of a active directory administrator." + }, + "ManagedInstanceKeyProperties": { + "type": "object", + "properties": { + "serverKeyType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "ServiceManaged", + "AzureKeyVault" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The key type like 'ServiceManaged', 'AzureKeyVault'." + }, + "uri": { + "type": "string", + "description": "The URI of the key. If the ServerKeyType is AzureKeyVault, then the URI is required." + } + }, + "required": [ + "serverKeyType" + ], + "description": "Properties for a key execution." + }, + "ManagedInstancePairInfo": { + "type": "object", + "properties": { + "partnerManagedInstanceId": { + "type": "string", + "description": "Id of Partner Managed Instance in pair." + }, + "primaryManagedInstanceId": { + "type": "string", + "description": "Id of Primary Managed Instance in pair." + } + }, + "description": "Pairs of Managed Instances in the failover group." + }, + "ManagedInstancePrivateEndpointConnectionProperties": { + "type": "object", + "properties": { + "privateEndpoint": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedInstancePrivateEndpointProperty" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "privateLinkServiceConnectionState": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedInstancePrivateLinkServiceConnectionStateProperty" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + } + }, + "description": "Properties of a private endpoint connection." + }, + "ManagedInstancePrivateEndpointProperty": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Resource id of the private endpoint." + } + } + }, + "ManagedInstancePrivateLinkServiceConnectionStateProperty": { + "type": "object", + "properties": { + "description": { + "type": "string", + "description": "The private link service connection description." + }, + "status": { + "type": "string", + "description": "The private link service connection status." + } + }, + "required": [ + "description", + "status" + ] + }, + "ManagedInstanceProperties": { + "type": "object", + "properties": { + "administratorLogin": { + "type": "string", + "description": "Administrator username for the managed instance. Can only be specified when the managed instance is being created (and is required for creation)." + }, + "administratorLoginPassword": { + "type": "string", + "description": "The administrator login password (required for managed instance creation)." + }, + "administrators": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedInstanceExternalAdministrator" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a active directory administrator." + }, + "collation": { + "type": "string", + "description": "Collation of the managed instance." + }, + "dnsZonePartner": { + "type": "string", + "description": "The resource id of another managed instance whose DNS zone this managed instance will share after creation." + }, + "instancePoolId": { + "type": "string", + "description": "The Id of the instance pool this managed server belongs to." + }, + "keyId": { + "type": "string", + "description": "A CMK URI of the key to use for encryption." + }, + "licenseType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "LicenseIncluded", + "BasePrice" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The license type. Possible values are 'LicenseIncluded' (regular price inclusive of a new SQL license) and 'BasePrice' (discounted AHB price for bringing your own SQL licenses)." + }, + "maintenanceConfigurationId": { + "type": "string", + "description": "Specifies maintenance configuration id to apply to this managed instance." + }, + "managedInstanceCreateMode": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Default", + "PointInTimeRestore" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the mode of database creation.\r\n\r\nDefault: Regular instance creation.\r\n\r\nRestore: Creates an instance by restoring a set of backups to specific point in time. RestorePointInTime and SourceManagedInstanceId must be specified." + }, + "minimalTlsVersion": { + "type": "string", + "description": "Minimal TLS version. Allowed values: 'None', '1.0', '1.1', '1.2'" + }, + "primaryUserAssignedIdentityId": { + "type": "string", + "description": "The resource id of a user assigned identity to be used by default." + }, + "proxyOverride": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Proxy", + "Redirect", + "Default" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Connection type used for connecting to the instance." + }, + "publicDataEndpointEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Whether or not the public data endpoint is enabled." + }, + "requestedBackupStorageRedundancy": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Geo", + "Local", + "Zone", + "GeoZone" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The storage account type to be used to store backups for this instance. The options are Local (LocallyRedundantStorage), Zone (ZoneRedundantStorage), Geo (GeoRedundantStorage) and GeoZone(GeoZoneRedundantStorage)." + }, + "restorePointInTime": { + "type": "string", + "format": "date-time", + "description": "Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database." + }, + "servicePrincipal": { + "oneOf": [ + { + "$ref": "#/definitions/ServicePrincipal" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The managed instance's service principal configuration for a resource." + }, + "sourceManagedInstanceId": { + "type": "string", + "description": "The resource identifier of the source managed instance associated with create operation of this instance." + }, + "storageSizeInGB": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Storage size in GB. Minimum value: 32. Maximum value: 8192. Increments of 32 GB allowed only." + }, + "subnetId": { + "type": "string", + "description": "Subnet resource ID for the managed instance." + }, + "timezoneId": { + "type": "string", + "description": "Id of the timezone. Allowed values are timezones supported by Windows.\r\nWindows keeps details on supported timezones, including the id, in registry under\r\nKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones.\r\nYou can get those registry values via SQL Server by querying SELECT name AS timezone_id FROM sys.time_zone_info.\r\nList of Ids can also be obtained by executing [System.TimeZoneInfo]::GetSystemTimeZones() in PowerShell.\r\nAn example of valid timezone id is \"Pacific Standard Time\" or \"W. Europe Standard Time\"." + }, + "vCores": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The number of vCores. Allowed values: 8, 16, 24, 32, 40, 64, 80." + }, + "zoneRedundant": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Whether or not the multi-az is enabled." + } + }, + "description": "The properties of a managed instance." + }, + "managedInstances_administrators_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "enum": [ + "ActiveDirectory" + ] + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedInstanceAdministratorProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The properties of a managed instance administrator." + }, + "type": { + "type": "string", + "enum": [ + "administrators" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/administrators" + }, + "managedInstances_azureADOnlyAuthentications_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "enum": [ + "Default" + ], + "description": "The name of server azure active directory only authentication." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedInstanceAzureADOnlyAuthProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a active directory only authentication for Managed Instance." + }, + "type": { + "type": "string", + "enum": [ + "azureADOnlyAuthentications" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/azureADOnlyAuthentications" + }, + "managedInstances_databases_backupLongTermRetentionPolicies_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "enum": [ + "default" + ], + "description": "The policy name. Should always be Default." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/BaseLongTermRetentionPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a long term retention policy" + }, + "type": { + "type": "string", + "enum": [ + "backupLongTermRetentionPolicies" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies" + }, + "managedInstances_databases_backupShortTermRetentionPolicies_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "enum": [ + "default" + ], + "description": "The policy name. Should always be \"default\"." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedBackupShortTermRetentionPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a short term retention policy" + }, + "type": { + "type": "string", + "enum": [ + "backupShortTermRetentionPolicies" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/databases/backupShortTermRetentionPolicies" + }, + "managedInstances_databases_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "location": { + "type": "string", + "description": "Resource location." + }, + "name": { + "type": "string", + "description": "The name of the database." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedDatabaseProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The managed database's properties." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Resource tags." + }, + "type": { + "type": "string", + "enum": [ + "databases" + ] + } + }, + "required": [ + "apiVersion", + "location", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/databases" + }, + "managedInstances_databases_securityAlertPolicies_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "enum": [ + "default" + ], + "description": "The name of the security alert policy." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/SecurityAlertPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a security alert policy." + }, + "type": { + "type": "string", + "enum": [ + "securityAlertPolicies" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/databases/securityAlertPolicies" + }, + "managedInstances_databases_transparentDataEncryption_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "enum": [ + "current" + ], + "description": "The name of the transparent data encryption configuration." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedTransparentDataEncryptionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a transparent data encryption." + }, + "type": { + "type": "string", + "enum": [ + "transparentDataEncryption" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/databases/transparentDataEncryption" + }, + "managedInstances_databases_vulnerabilityAssessments_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "enum": [ + "default" + ], + "description": "The name of the vulnerability assessment." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/DatabaseVulnerabilityAssessmentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a database Vulnerability Assessment." + }, + "type": { + "type": "string", + "enum": [ + "vulnerabilityAssessments" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments" + }, + "managedInstances_distributedAvailabilityGroups_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The distributed availability group name." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/DistributedAvailabilityGroupProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The properties of a distributed availability group." + }, + "type": { + "type": "string", + "enum": [ + "distributedAvailabilityGroups" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/distributedAvailabilityGroups" + }, + "managedInstances_encryptionProtector_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "enum": [ + "current" + ], + "description": "The name of the encryption protector to be updated." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedInstanceEncryptionProtectorProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties for an encryption protector execution." + }, + "type": { + "type": "string", + "enum": [ + "encryptionProtector" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/encryptionProtector" + }, + "managedInstances_keys_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the managed instance key to be operated on (updated or created)." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedInstanceKeyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties for a key execution." + }, + "type": { + "type": "string", + "enum": [ + "keys" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/keys" + }, + "managedInstances_privateEndpointConnections_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the private endpoint connection." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedInstancePrivateEndpointConnectionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a private endpoint connection." + }, + "type": { + "type": "string", + "enum": [ + "privateEndpointConnections" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/privateEndpointConnections" + }, + "managedInstances_securityAlertPolicies_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "enum": [ + "default" + ], + "description": "The name of the security alert policy." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/SecurityAlertsPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a security alert policy." + }, + "type": { + "type": "string", + "enum": [ + "securityAlertPolicies" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/securityAlertPolicies" + }, + "managedInstances_serverTrustCertificates_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "Name of of the certificate to upload." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ServerTrustCertificateProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The properties of a server trust certificate." + }, + "type": { + "type": "string", + "enum": [ + "serverTrustCertificates" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/serverTrustCertificates" + }, + "managedInstances_sqlAgent_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "enum": [ + "current" + ] + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/SqlAgentConfigurationProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sql agent configuration properties." + }, + "type": { + "type": "string", + "enum": [ + "sqlAgent" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/sqlAgent" + }, + "managedInstances_vulnerabilityAssessments_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "enum": [ + "default" + ], + "description": "The name of the vulnerability assessment." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ManagedInstanceVulnerabilityAssessmentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a managed instance vulnerability assessment." + }, + "type": { + "type": "string", + "enum": [ + "vulnerabilityAssessments" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/managedInstances/vulnerabilityAssessments" + }, + "ManagedInstanceVulnerabilityAssessmentProperties": { + "type": "object", + "properties": { + "recurringScans": { + "oneOf": [ + { + "$ref": "#/definitions/VulnerabilityAssessmentRecurringScansProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a Vulnerability Assessment recurring scans." + }, + "storageAccountAccessKey": { + "type": "string", + "description": "Specifies the identifier key of the storage account for vulnerability assessment scan results. If 'StorageContainerSasKey' isn't specified, storageAccountAccessKey is required. Applies only if the storage account is not behind a Vnet or a firewall" + }, + "storageContainerPath": { + "type": "string", + "description": "A blob storage container path to hold the scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/)." + }, + "storageContainerSasKey": { + "type": "string", + "description": "A shared access signature (SAS Key) that has write access to the blob container specified in 'storageContainerPath' parameter. If 'storageAccountAccessKey' isn't specified, StorageContainerSasKey is required. Applies only if the storage account is not behind a Vnet or a firewall" + } + }, + "required": [ + "storageContainerPath" + ], + "description": "Properties of a managed instance vulnerability assessment." + }, + "ManagedTransparentDataEncryptionProperties": { + "type": "object", + "properties": { + "state": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Enabled", + "Disabled" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the state of the transparent data encryption." + } + }, + "required": [ + "state" + ], + "description": "Properties of a transparent data encryption." + }, + "NetworkIsolationSettings": { + "type": "object", + "properties": { + "sqlServerResourceId": { + "type": "string", + "description": "The resource id for the SQL server which is the target of this request. If set, private endpoint connection will be created for the SQL server. Must match server which is target of the operation." + }, + "storageAccountResourceId": { + "type": "string", + "description": "The resource id for the storage account used to store BACPAC file. If set, private endpoint connection will be created for the storage account. Must match storage account used for StorageUri parameter." + } + }, + "description": "Contains the ARM resources for which to create private endpoint connection." + }, + "PartnerInfo": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Resource identifier of the partner server." + } + }, + "required": [ + "id" + ], + "description": "Partner server information for the failover group." + }, + "PartnerRegionInfo": { + "type": "object", + "properties": { + "location": { + "type": "string", + "description": "Geo location of the partner managed instances." + } + }, + "description": "Partner region information for the failover group." + }, + "PrivateEndpointConnectionProperties": { + "type": "object", + "properties": { + "privateEndpoint": { + "oneOf": [ + { + "$ref": "#/definitions/PrivateEndpointProperty" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + }, + "privateLinkServiceConnectionState": { + "oneOf": [ + { + "$ref": "#/definitions/PrivateLinkServiceConnectionStateProperty" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + } + }, + "description": "Properties of a private endpoint connection." + }, + "PrivateEndpointProperty": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Resource id of the private endpoint." + } + } + }, + "PrivateLinkServiceConnectionStateProperty": { + "type": "object", + "properties": { + "description": { + "type": "string", + "description": "The private link service connection description." + }, + "status": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Approved", + "Pending", + "Rejected", + "Disconnected" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The private link service connection status." + } + }, + "required": [ + "description", + "status" + ] + }, + "ResourceIdentity": { + "type": "object", + "properties": { + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "None", + "SystemAssigned", + "UserAssigned", + "SystemAssigned,UserAssigned" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The identity type. Set this to 'SystemAssigned' in order to automatically create and assign an Azure Active Directory principal for the resource." + }, + "userAssignedIdentities": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/UserIdentity" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The resource ids of the user assigned identities to use" + } + }, + "description": "Azure Active Directory identity configuration for a resource." + }, + "SecurityAlertPolicyProperties": { + "type": "object", + "properties": { + "disabledAlerts": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action, Brute_Force" + }, + "emailAccountAdmins": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies that the alert is sent to the account administrators." + }, + "emailAddresses": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies an array of e-mail addresses to which the alert is sent." + }, + "retentionDays": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the number of days to keep in the Threat Detection audit logs." + }, + "state": { + "oneOf": [ + { + "type": "string", + "enum": [ + "New", + "Enabled", + "Disabled" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database." + }, + "storageAccountAccessKey": { + "type": "string", + "description": "Specifies the identifier key of the Threat Detection audit storage account." + }, + "storageEndpoint": { + "type": "string", + "description": "Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs." + } + }, + "required": [ + "state" + ], + "description": "Properties of a security alert policy." + }, + "SecurityAlertsPolicyProperties": { + "type": "object", + "properties": { + "disabledAlerts": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action, Brute_Force" + }, + "emailAccountAdmins": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies that the alert is sent to the account administrators." + }, + "emailAddresses": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies an array of e-mail addresses to which the alert is sent." + }, + "retentionDays": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the number of days to keep in the Threat Detection audit logs." + }, + "state": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Enabled", + "Disabled" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database." + }, + "storageAccountAccessKey": { + "type": "string", + "description": "Specifies the identifier key of the Threat Detection audit storage account." + }, + "storageEndpoint": { + "type": "string", + "description": "Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs." + } + }, + "required": [ + "state" + ], + "description": "Properties of a security alert policy." + }, + "SensitivityLabelProperties": { + "type": "object", + "properties": { + "informationType": { + "type": "string", + "description": "The information type." + }, + "informationTypeId": { + "type": "string", + "description": "The information type ID." + }, + "labelId": { + "type": "string", + "description": "The label ID." + }, + "labelName": { + "type": "string", + "description": "The label name." + }, + "rank": { + "oneOf": [ + { + "type": "string", + "enum": [ + "None", + "Low", + "Medium", + "High", + "Critical" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ] + } + }, + "description": "Properties of a sensitivity label." + }, + "ServerBlobAuditingPolicyProperties": { + "type": "object", + "properties": { + "auditActionsAndGroups": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the Actions-Groups and Actions to audit.\r\n\r\nThe recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins:\r\n\r\nBATCH_COMPLETED_GROUP,\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,\r\nFAILED_DATABASE_AUTHENTICATION_GROUP.\r\n\r\nThis above combination is also the set that is configured by default when enabling auditing from the Azure portal.\r\n\r\nThe supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records):\r\n\r\nAPPLICATION_ROLE_CHANGE_PASSWORD_GROUP\r\nBACKUP_RESTORE_GROUP\r\nDATABASE_LOGOUT_GROUP\r\nDATABASE_OBJECT_CHANGE_GROUP\r\nDATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_OBJECT_PERMISSION_CHANGE_GROUP\r\nDATABASE_OPERATION_GROUP\r\nDATABASE_PERMISSION_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_CHANGE_GROUP\r\nDATABASE_PRINCIPAL_IMPERSONATION_GROUP\r\nDATABASE_ROLE_MEMBER_CHANGE_GROUP\r\nFAILED_DATABASE_AUTHENTICATION_GROUP\r\nSCHEMA_OBJECT_ACCESS_GROUP\r\nSCHEMA_OBJECT_CHANGE_GROUP\r\nSCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP\r\nSCHEMA_OBJECT_PERMISSION_CHANGE_GROUP\r\nSUCCESSFUL_DATABASE_AUTHENTICATION_GROUP\r\nUSER_CHANGE_PASSWORD_GROUP\r\nBATCH_STARTED_GROUP\r\nBATCH_COMPLETED_GROUP\r\nDBCC_GROUP\r\nDATABASE_OWNERSHIP_CHANGE_GROUP\r\nDATABASE_CHANGE_GROUP\r\nLEDGER_OPERATION_GROUP\r\n\r\nThese are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs.\r\n\r\nFor more information, see [Database-Level Audit Action Groups](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-action-groups).\r\n\r\nFor Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are:\r\nSELECT\r\nUPDATE\r\nINSERT\r\nDELETE\r\nEXECUTE\r\nRECEIVE\r\nREFERENCES\r\n\r\nThe general form for defining an action to be audited is:\r\n{action} ON {object} BY {principal}\r\n\r\nNote that in the above format can refer to an object like a table, view, or stored procedure, or an entire database or schema. For the latter cases, the forms DATABASE::{db_name} and SCHEMA::{schema_name} are used, respectively.\r\n\r\nFor example:\r\nSELECT on dbo.myTable by public\r\nSELECT on DATABASE::myDatabase by public\r\nSELECT on SCHEMA::mySchema by public\r\n\r\nFor more information, see [Database-Level Audit Actions](https://docs.microsoft.com/en-us/sql/relational-databases/security/auditing/sql-server-audit-action-groups-and-actions#database-level-audit-actions)" + }, + "isAzureMonitorTargetEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies whether audit events are sent to Azure Monitor. \r\nIn order to send the events to Azure Monitor, specify 'State' as 'Enabled' and 'IsAzureMonitorTargetEnabled' as true.\r\n\r\nWhen using REST API to configure auditing, Diagnostic Settings with 'SQLSecurityAuditEvents' diagnostic logs category on the database should be also created.\r\nNote that for server level audit you should use the 'master' database as {databaseName}.\r\n\r\nDiagnostic Settings URI format:\r\nPUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/providers/microsoft.insights/diagnosticSettings/{settingsName}?api-version=2017-05-01-preview\r\n\r\nFor more information, see [Diagnostic Settings REST API](https://go.microsoft.com/fwlink/?linkid=2033207)\r\nor [Diagnostic Settings PowerShell](https://go.microsoft.com/fwlink/?linkid=2033043)\r\n" + }, + "isDevopsAuditEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the state of devops audit. If state is Enabled, devops logs will be sent to Azure Monitor.\r\nIn order to send the events to Azure Monitor, specify 'State' as 'Enabled', 'IsAzureMonitorTargetEnabled' as true and 'IsDevopsAuditEnabled' as true\r\n\r\nWhen using REST API to configure auditing, Diagnostic Settings with 'DevOpsOperationsAudit' diagnostic logs category on the master database should also be created.\r\n\r\nDiagnostic Settings URI format:\r\nPUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Sql/servers/{serverName}/databases/master/providers/microsoft.insights/diagnosticSettings/{settingsName}?api-version=2017-05-01-preview\r\n\r\nFor more information, see [Diagnostic Settings REST API](https://go.microsoft.com/fwlink/?linkid=2033207)\r\nor [Diagnostic Settings PowerShell](https://go.microsoft.com/fwlink/?linkid=2033043)\r\n" + }, + "isStorageSecondaryKeyInUse": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies whether storageAccountAccessKey value is the storage's secondary key." + }, + "queueDelayMs": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the amount of time in milliseconds that can elapse before audit actions are forced to be processed.\r\nThe default minimum value is 1000 (1 second). The maximum is 2,147,483,647." + }, + "retentionDays": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the number of days to keep in the audit logs in the storage account." + }, + "state": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Enabled", + "Disabled" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the state of the audit. If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required." + }, + "storageAccountAccessKey": { + "type": "string", + "description": "Specifies the identifier key of the auditing storage account. \r\nIf state is Enabled and storageEndpoint is specified, not specifying the storageAccountAccessKey will use SQL server system-assigned managed identity to access the storage.\r\nPrerequisites for using managed identity authentication:\r\n1. Assign SQL Server a system-assigned managed identity in Azure Active Directory (AAD).\r\n2. Grant SQL Server identity access to the storage account by adding 'Storage Blob Data Contributor' RBAC role to the server identity.\r\nFor more information, see [Auditing to storage using Managed Identity authentication](https://go.microsoft.com/fwlink/?linkid=2114355)" + }, + "storageAccountSubscriptionId": { + "oneOf": [ + { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the blob storage subscription Id." + }, + "storageEndpoint": { + "type": "string", + "description": "Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled is required." + } + }, + "required": [ + "state" + ], + "description": "Properties of a server blob auditing policy." + }, + "ServerConnectionPolicyProperties": { + "type": "object", + "properties": { + "connectionType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Default", + "Redirect", + "Proxy" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The server connection type." + } + }, + "required": [ + "connectionType" + ], + "description": "The properties of a server connection policy." + }, + "ServerDevOpsAuditSettingsProperties": { + "type": "object", + "properties": { + "isAzureMonitorTargetEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies whether DevOps audit events are sent to Azure Monitor. \r\nIn order to send the events to Azure Monitor, specify 'State' as 'Enabled' and 'IsAzureMonitorTargetEnabled' as true.\r\n\r\nWhen using REST API to configure DevOps audit, Diagnostic Settings with 'DevOpsOperationsAudit' diagnostic logs category on the master database should be also created.\r\n\r\nDiagnostic Settings URI format:\r\nPUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Sql/servers/{serverName}/databases/master/providers/microsoft.insights/diagnosticSettings/{settingsName}?api-version=2017-05-01-preview\r\n\r\nFor more information, see [Diagnostic Settings REST API](https://go.microsoft.com/fwlink/?linkid=2033207)\r\nor [Diagnostic Settings PowerShell](https://go.microsoft.com/fwlink/?linkid=2033043)\r\n" + }, + "state": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Enabled", + "Disabled" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the state of the audit. If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required." + }, + "storageAccountAccessKey": { + "type": "string", + "description": "Specifies the identifier key of the auditing storage account. \r\nIf state is Enabled and storageEndpoint is specified, not specifying the storageAccountAccessKey will use SQL server system-assigned managed identity to access the storage.\r\nPrerequisites for using managed identity authentication:\r\n1. Assign SQL Server a system-assigned managed identity in Azure Active Directory (AAD).\r\n2. Grant SQL Server identity access to the storage account by adding 'Storage Blob Data Contributor' RBAC role to the server identity.\r\nFor more information, see [Auditing to storage using Managed Identity authentication](https://go.microsoft.com/fwlink/?linkid=2114355)" + }, + "storageAccountSubscriptionId": { + "oneOf": [ + { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the blob storage subscription Id." + }, + "storageEndpoint": { + "type": "string", + "description": "Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled is required." + } + }, + "required": [ + "state" + ], + "description": "Properties of a server DevOps audit settings." + }, + "ServerExternalAdministrator": { + "type": "object", + "properties": { + "administratorType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "ActiveDirectory" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Type of the sever administrator." + }, + "azureADOnlyAuthentication": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Azure Active Directory only Authentication enabled." + }, + "login": { + "type": "string", + "description": "Login name of the server administrator." + }, + "principalType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "User", + "Group", + "Application" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Principal Type of the sever administrator." + }, + "sid": { + "oneOf": [ + { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "SID (object ID) of the server administrator." + }, + "tenantId": { + "oneOf": [ + { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Tenant ID of the administrator." + } + }, + "description": "Properties of a active directory administrator." + }, + "ServerFirewallRuleProperties": { + "type": "object", + "properties": { + "endIpAddress": { + "type": "string", + "description": "The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value '0.0.0.0' for all Azure-internal IP addresses." + }, + "startIpAddress": { + "type": "string", + "description": "The start IP address of the firewall rule. Must be IPv4 format. Use value '0.0.0.0' for all Azure-internal IP addresses." + } + }, + "description": "The properties of a server firewall rule." + }, + "ServerInfo": { + "type": "object", + "properties": { + "serverId": { + "type": "string", + "description": "Server Id." + } + }, + "required": [ + "serverId" + ], + "description": "Server info for the server trust group." + }, + "ServerKeyProperties": { + "type": "object", + "properties": { + "serverKeyType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "ServiceManaged", + "AzureKeyVault" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The server key type like 'ServiceManaged', 'AzureKeyVault'." + }, + "uri": { + "type": "string", + "description": "The URI of the server key. If the ServerKeyType is AzureKeyVault, then the URI is required." + } + }, + "required": [ + "serverKeyType" + ], + "description": "Properties for a server key execution." + }, + "ServerProperties": { + "type": "object", + "properties": { + "administratorLogin": { + "type": "string", + "description": "Administrator username for the server. Once created it cannot be changed." + }, + "administratorLoginPassword": { + "type": "string", + "description": "The administrator login password (required for server creation)." + }, + "administrators": { + "oneOf": [ + { + "$ref": "#/definitions/ServerExternalAdministrator" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a active directory administrator." + }, + "federatedClientId": { + "oneOf": [ + { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The Client id used for cross tenant CMK scenario" + }, + "keyId": { + "type": "string", + "description": "A CMK URI of the key to use for encryption." + }, + "minimalTlsVersion": { + "type": "string", + "description": "Minimal TLS version. Allowed values: '1.0', '1.1', '1.2'" + }, + "primaryUserAssignedIdentityId": { + "type": "string", + "description": "The resource id of a user assigned identity to be used by default." + }, + "publicNetworkAccess": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Enabled", + "Disabled" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Whether or not public endpoint access is allowed for this server. Value is optional but if passed in, must be 'Enabled' or 'Disabled'." + }, + "restrictOutboundNetworkAccess": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Enabled", + "Disabled" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Whether or not to restrict outbound network access for this server. Value is optional but if passed in, must be 'Enabled' or 'Disabled'." + }, + "version": { + "type": "string", + "description": "The version of the server." + } + }, + "description": "The properties of a server." + }, + "servers_administrators_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "enum": [ + "ActiveDirectory" + ], + "description": "The name of server active directory administrator." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/AdministratorProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a active directory administrator." + }, + "type": { + "type": "string", + "enum": [ + "administrators" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/administrators" + }, + "servers_auditingSettings_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "enum": [ + "default" + ], + "description": "The name of the blob auditing policy." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ServerBlobAuditingPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a server blob auditing policy." + }, + "type": { + "type": "string", + "enum": [ + "auditingSettings" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/auditingSettings" + }, + "servers_azureADOnlyAuthentications_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "enum": [ + "Default" + ], + "description": "The name of server azure active directory only authentication." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/AzureADOnlyAuthProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a active directory only authentication." + }, + "type": { + "type": "string", + "enum": [ + "azureADOnlyAuthentications" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/azureADOnlyAuthentications" + }, + "servers_connectionPolicies_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "enum": [ + "default" + ], + "description": "The name of the connection policy." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ServerConnectionPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The properties of a server connection policy." + }, + "type": { + "type": "string", + "enum": [ + "connectionPolicies" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/connectionPolicies" + }, + "servers_databases_auditingSettings_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "enum": [ + "default" + ], + "description": "The name of the blob auditing policy." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/DatabaseBlobAuditingPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a database blob auditing policy." + }, + "type": { + "type": "string", + "enum": [ + "auditingSettings" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/databases/auditingSettings" + }, + "servers_databases_backupLongTermRetentionPolicies_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "enum": [ + "default" + ], + "description": "The policy name. Should always be Default." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/BaseLongTermRetentionPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a long term retention policy" + }, + "type": { + "type": "string", + "enum": [ + "backupLongTermRetentionPolicies" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies" + }, + "servers_databases_backupShortTermRetentionPolicies_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "enum": [ + "default" + ], + "description": "The policy name. Should always be \"default\"." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/BackupShortTermRetentionPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a short term retention policy" + }, + "type": { + "type": "string", + "enum": [ + "backupShortTermRetentionPolicies" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/databases/backupShortTermRetentionPolicies" + }, + "servers_databases_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "identity": { + "oneOf": [ + { + "$ref": "#/definitions/DatabaseIdentity" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Azure Active Directory identity configuration for a resource." + }, + "location": { + "type": "string", + "description": "Resource location." + }, + "name": { + "type": "string", + "description": "The name of the database." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/DatabaseProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The database's properties." + }, + "sku": { + "oneOf": [ + { + "$ref": "#/definitions/Sku" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "An ARM Resource SKU." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Resource tags." + }, + "type": { + "type": "string", + "enum": [ + "databases" + ] + } + }, + "required": [ + "apiVersion", + "location", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/databases" + }, + "servers_databases_extendedAuditingSettings_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "enum": [ + "default" + ], + "description": "The name of the blob auditing policy." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ExtendedDatabaseBlobAuditingPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of an extended database blob auditing policy." + }, + "type": { + "type": "string", + "enum": [ + "extendedAuditingSettings" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/databases/extendedAuditingSettings" + }, + "servers_databases_extensions_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string" + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/DatabaseExtensionsProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Contains the database information after a successful Import, Export, or PolybaseImport" + }, + "type": { + "type": "string", + "enum": [ + "extensions" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/databases/extensions" + }, + "servers_databases_ledgerDigestUploads_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "enum": [ + "current" + ] + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/LedgerDigestUploadsProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The properties of a database ledger digest upload settings." + }, + "type": { + "type": "string", + "enum": [ + "ledgerDigestUploads" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/databases/ledgerDigestUploads" + }, + "servers_databases_maintenanceWindows_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "enum": [ + "current" + ] + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/MaintenanceWindowsProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Maintenance windows resource properties." + }, + "type": { + "type": "string", + "enum": [ + "maintenanceWindows" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/databases/maintenanceWindows" + }, + "servers_databases_securityAlertPolicies_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "enum": [ + "default" + ], + "description": "The name of the security alert policy." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/SecurityAlertsPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a security alert policy." + }, + "type": { + "type": "string", + "enum": [ + "securityAlertPolicies" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/databases/securityAlertPolicies" + }, + "servers_databases_syncGroups_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the sync group." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/SyncGroupProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a sync group." + }, + "sku": { + "oneOf": [ + { + "$ref": "#/definitions/Sku" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "An ARM Resource SKU." + }, + "type": { + "type": "string", + "enum": [ + "syncGroups" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/databases/syncGroups" + }, + "servers_databases_syncGroups_syncMembers_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the sync member." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/SyncMemberProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a sync member." + }, + "type": { + "type": "string", + "enum": [ + "syncMembers" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/databases/syncGroups/syncMembers" + }, + "servers_databases_transparentDataEncryption_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "enum": [ + "current" + ], + "description": "The name of the transparent data encryption configuration." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/TransparentDataEncryptionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a transparent data encryption." + }, + "type": { + "type": "string", + "enum": [ + "transparentDataEncryption" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/databases/transparentDataEncryption" + }, + "servers_databases_vulnerabilityAssessments_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "enum": [ + "default" + ], + "description": "The name of the vulnerability assessment." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/DatabaseVulnerabilityAssessmentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a database Vulnerability Assessment." + }, + "type": { + "type": "string", + "enum": [ + "vulnerabilityAssessments" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/databases/vulnerabilityAssessments" + }, + "servers_databases_workloadGroups_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the workload group." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/WorkloadGroupProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Workload group definition. For more information look at sys.workload_management_workload_groups (DMV)." + }, + "type": { + "type": "string", + "enum": [ + "workloadGroups" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/databases/workloadGroups" + }, + "servers_databases_workloadGroups_workloadClassifiers_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the workload classifier to create/update." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/WorkloadClassifierProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Workload classifier definition. For more information look at sys.workload_management_workload_classifiers (DMV)." + }, + "type": { + "type": "string", + "enum": [ + "workloadClassifiers" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/databases/workloadGroups/workloadClassifiers" + }, + "servers_devOpsAuditingSettings_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the devops audit settings. This should always be 'default'." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ServerDevOpsAuditSettingsProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a server DevOps audit settings." + }, + "type": { + "type": "string", + "enum": [ + "devOpsAuditingSettings" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/devOpsAuditingSettings" + }, + "servers_dnsAliases_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the server dns alias." + }, + "type": { + "type": "string", + "enum": [ + "dnsAliases" + ] + } + }, + "required": [ + "apiVersion", + "name", + "type" + ], + "description": "Microsoft.Sql/servers/dnsAliases" + }, + "servers_elasticPools_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "location": { + "type": "string", + "description": "Resource location." + }, + "name": { + "type": "string", + "description": "The name of the elastic pool." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ElasticPoolProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of an elastic pool" + }, + "sku": { + "oneOf": [ + { + "$ref": "#/definitions/Sku" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "An ARM Resource SKU." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Resource tags." + }, + "type": { + "type": "string", + "enum": [ + "elasticPools" + ] + } + }, + "required": [ + "apiVersion", + "location", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/elasticPools" + }, + "servers_encryptionProtector_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "enum": [ + "current" + ], + "description": "The name of the encryption protector to be updated." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/EncryptionProtectorProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties for an encryption protector execution." + }, + "type": { + "type": "string", + "enum": [ + "encryptionProtector" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/encryptionProtector" + }, + "servers_extendedAuditingSettings_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "enum": [ + "default" + ], + "description": "The name of the blob auditing policy." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ExtendedServerBlobAuditingPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of an extended server blob auditing policy." + }, + "type": { + "type": "string", + "enum": [ + "extendedAuditingSettings" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/extendedAuditingSettings" + }, + "servers_failoverGroups_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the failover group." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/FailoverGroupProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a failover group." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Resource tags." + }, + "type": { + "type": "string", + "enum": [ + "failoverGroups" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/failoverGroups" + }, + "servers_firewallRules_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the firewall rule." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ServerFirewallRuleProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The properties of a server firewall rule." + }, + "type": { + "type": "string", + "enum": [ + "firewallRules" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/firewallRules" + }, + "servers_jobAgents_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "location": { + "type": "string", + "description": "Resource location." + }, + "name": { + "type": "string", + "description": "The name of the job agent to be created or updated." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/JobAgentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a job agent." + }, + "sku": { + "oneOf": [ + { + "$ref": "#/definitions/Sku" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "An ARM Resource SKU." + }, + "tags": { + "oneOf": [ + { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "properties": {} + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Resource tags." + }, + "type": { + "type": "string", + "enum": [ + "jobAgents" + ] + } + }, + "required": [ + "apiVersion", + "location", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/jobAgents" + }, + "servers_jobAgents_credentials_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the credential." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/JobCredentialProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a job credential." + }, + "type": { + "type": "string", + "enum": [ + "credentials" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/jobAgents/credentials" + }, + "servers_jobAgents_jobs_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the job to get." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/JobProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a job." + }, + "type": { + "type": "string", + "enum": [ + "jobs" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/jobAgents/jobs" + }, + "servers_jobAgents_jobs_executions_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "oneOf": [ + { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The job execution id to create the job execution under." + }, + "type": { + "type": "string", + "enum": [ + "executions" + ] + } + }, + "required": [ + "apiVersion", + "name", + "type" + ], + "description": "Microsoft.Sql/servers/jobAgents/jobs/executions" + }, + "servers_jobAgents_jobs_steps_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the job step." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/JobStepProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a job step." + }, + "type": { + "type": "string", + "enum": [ + "steps" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/jobAgents/jobs/steps" + }, + "servers_jobAgents_targetGroups_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the target group." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/JobTargetGroupProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of job target group." + }, + "type": { + "type": "string", + "enum": [ + "targetGroups" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/jobAgents/targetGroups" + }, + "servers_keys_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the server key to be operated on (updated or created). The key name is required to be in the format of 'vault_key_version'. For example, if the keyId is https://YourVaultName.vault.azure.net/keys/YourKeyName/YourKeyVersion, then the server key name should be formatted as: YourVaultName_YourKeyName_YourKeyVersion" + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ServerKeyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties for a server key execution." + }, + "type": { + "type": "string", + "enum": [ + "keys" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/keys" + }, + "servers_outboundFirewallRules_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string" + }, + "type": { + "type": "string", + "enum": [ + "outboundFirewallRules" + ] + } + }, + "required": [ + "apiVersion", + "name", + "type" + ], + "description": "Microsoft.Sql/servers/outboundFirewallRules" + }, + "servers_privateEndpointConnections_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the private endpoint connection." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/PrivateEndpointConnectionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a private endpoint connection." + }, + "type": { + "type": "string", + "enum": [ + "privateEndpointConnections" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/privateEndpointConnections" + }, + "servers_securityAlertPolicies_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "enum": [ + "default" + ], + "description": "The name of the threat detection policy." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/SecurityAlertsPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a security alert policy." + }, + "type": { + "type": "string", + "enum": [ + "securityAlertPolicies" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/securityAlertPolicies" + }, + "servers_syncAgents_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the sync agent." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/SyncAgentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of an Azure SQL Database sync agent." + }, + "type": { + "type": "string", + "enum": [ + "syncAgents" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/syncAgents" + }, + "servers_virtualNetworkRules_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the virtual network rule." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/VirtualNetworkRuleProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a virtual network rule." + }, + "type": { + "type": "string", + "enum": [ + "virtualNetworkRules" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/virtualNetworkRules" + }, + "servers_vulnerabilityAssessments_childResource": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-05-01-preview" + ] + }, + "name": { + "type": "string", + "enum": [ + "default" + ], + "description": "The name of the vulnerability assessment." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/ServerVulnerabilityAssessmentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a server Vulnerability Assessment." + }, + "type": { + "type": "string", + "enum": [ + "vulnerabilityAssessments" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Sql/servers/vulnerabilityAssessments" + }, + "ServerTrustCertificateProperties": { + "type": "object", + "properties": { + "publicBlob": { + "type": "string", + "description": "The certificate public blob" + } + }, + "description": "The properties of a server trust certificate." + }, + "ServerTrustGroupProperties": { + "type": "object", + "properties": { + "groupMembers": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/ServerInfo" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Group members information for the server trust group." + }, + "trustScopes": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string", + "enum": [ + "GlobalTransactions", + "ServiceBroker" + ] + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Trust scope of the server trust group." + } + }, + "required": [ + "groupMembers", + "trustScopes" + ], + "description": "Properties of a server trust group." + }, + "ServerVulnerabilityAssessmentProperties": { + "type": "object", + "properties": { + "recurringScans": { + "oneOf": [ + { + "$ref": "#/definitions/VulnerabilityAssessmentRecurringScansProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a Vulnerability Assessment recurring scans." + }, + "storageAccountAccessKey": { + "type": "string", + "description": "Specifies the identifier key of the storage account for vulnerability assessment scan results. If 'StorageContainerSasKey' isn't specified, storageAccountAccessKey is required. Applies only if the storage account is not behind a Vnet or a firewall" + }, + "storageContainerPath": { + "type": "string", + "description": "A blob storage container path to hold the scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/)." + }, + "storageContainerSasKey": { + "type": "string", + "description": "A shared access signature (SAS Key) that has write access to the blob container specified in 'storageContainerPath' parameter. If 'storageAccountAccessKey' isn't specified, StorageContainerSasKey is required. Applies only if the storage account is not behind a Vnet or a firewall" + } + }, + "required": [ + "storageContainerPath" + ], + "description": "Properties of a server Vulnerability Assessment." + }, + "ServicePrincipal": { + "type": "object", + "properties": { + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "None", + "SystemAssigned" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Service principal type." + } + }, + "description": "The managed instance's service principal configuration for a resource." + }, + "Sku": { + "type": "object", + "properties": { + "capacity": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Capacity of the particular SKU." + }, + "family": { + "type": "string", + "description": "If the service has different generations of hardware, for the same SKU, then that can be captured here." + }, + "name": { + "type": "string", + "description": "The name of the SKU, typically, a letter + Number code, e.g. P3." + }, + "size": { + "type": "string", + "description": "Size of the particular SKU" + }, + "tier": { + "type": "string", + "description": "The tier or edition of the particular SKU, e.g. Basic, Premium." + } + }, + "required": [ + "name" + ], + "description": "An ARM Resource SKU." + }, + "SqlAgentConfigurationProperties": { + "type": "object", + "properties": { + "state": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Enabled", + "Disabled" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The state of Sql Agent." + } + }, + "description": "Sql agent configuration properties." + }, + "SyncAgentProperties": { + "type": "object", + "properties": { + "syncDatabaseId": { + "type": "string", + "description": "ARM resource id of the sync database in the sync agent." + } + }, + "description": "Properties of an Azure SQL Database sync agent." + }, + "SyncGroupProperties": { + "type": "object", + "properties": { + "conflictLoggingRetentionInDays": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Conflict logging retention period." + }, + "conflictResolutionPolicy": { + "oneOf": [ + { + "type": "string", + "enum": [ + "HubWin", + "MemberWin" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Conflict resolution policy of the sync group." + }, + "enableConflictLogging": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "If conflict logging is enabled." + }, + "hubDatabasePassword": { + "type": "string", + "description": "Password for the sync group hub database credential." + }, + "hubDatabaseUserName": { + "type": "string", + "description": "User name for the sync group hub database credential." + }, + "interval": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sync interval of the sync group." + }, + "schema": { + "oneOf": [ + { + "$ref": "#/definitions/SyncGroupSchema" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of sync group schema." + }, + "syncDatabaseId": { + "type": "string", + "description": "ARM resource id of the sync database in the sync group." + }, + "usePrivateLinkConnection": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "If use private link connection is enabled." + } + }, + "description": "Properties of a sync group." + }, + "SyncGroupSchema": { + "type": "object", + "properties": { + "masterSyncMemberName": { + "type": "string", + "description": "Name of master sync member where the schema is from." + }, + "tables": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/SyncGroupSchemaTable" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "List of tables in sync group schema." + } + }, + "description": "Properties of sync group schema." + }, + "SyncGroupSchemaTable": { + "type": "object", + "properties": { + "columns": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/SyncGroupSchemaTableColumn" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "List of columns in sync group schema." + }, + "quotedName": { + "type": "string", + "description": "Quoted name of sync group schema table." + } + }, + "description": "Properties of table in sync group schema." + }, + "SyncGroupSchemaTableColumn": { + "type": "object", + "properties": { + "dataSize": { + "type": "string", + "description": "Data size of the column." + }, + "dataType": { + "type": "string", + "description": "Data type of the column." + }, + "quotedName": { + "type": "string", + "description": "Quoted name of sync group table column." + } + }, + "description": "Properties of column in sync group table." + }, + "SyncMemberProperties": { + "type": "object", + "properties": { + "databaseName": { + "type": "string", + "description": "Database name of the member database in the sync member." + }, + "databaseType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "AzureSqlDatabase", + "SqlServerDatabase" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Database type of the sync member." + }, + "password": { + "type": "string", + "description": "Password of the member database in the sync member." + }, + "serverName": { + "type": "string", + "description": "Server name of the member database in the sync member" + }, + "sqlServerDatabaseId": { + "oneOf": [ + { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "SQL Server database id of the sync member." + }, + "syncAgentId": { + "type": "string", + "description": "ARM resource id of the sync agent in the sync member." + }, + "syncDirection": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Bidirectional", + "OneWayMemberToHub", + "OneWayHubToMember" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Sync direction of the sync member." + }, + "syncMemberAzureDatabaseResourceId": { + "type": "string", + "description": "ARM resource id of the sync member logical database, for sync members in Azure." + }, + "usePrivateLinkConnection": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Whether to use private link connection." + }, + "userName": { + "type": "string", + "description": "User name of the member database in the sync member." + } + }, + "description": "Properties of a sync member." + }, + "TransparentDataEncryptionProperties": { + "type": "object", + "properties": { + "state": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Enabled", + "Disabled" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies the state of the transparent data encryption." + } + }, + "required": [ + "state" + ], + "description": "Properties of a transparent data encryption." + }, + "UserIdentity": { + "type": "object", + "properties": {}, + "description": "Azure Active Directory identity configuration for a resource." + }, + "VirtualNetworkRuleProperties": { + "type": "object", + "properties": { + "ignoreMissingVnetServiceEndpoint": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Create firewall rule before the virtual network has vnet service endpoint enabled." + }, + "virtualNetworkSubnetId": { + "type": "string", + "description": "The ARM resource id of the virtual network subnet." + } + }, + "required": [ + "virtualNetworkSubnetId" + ], + "description": "Properties of a virtual network rule." + }, + "VulnerabilityAssessmentRecurringScansProperties": { + "type": "object", + "properties": { + "emails": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies an array of e-mail addresses to which the scan notification is sent." + }, + "emailSubscriptionAdmins": { + "oneOf": [ + { + "type": "boolean", + "default": true + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies that the schedule scan notification will be is sent to the subscription administrators." + }, + "isEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Recurring scans state." + } + }, + "description": "Properties of a Vulnerability Assessment recurring scans." + }, + "WorkloadClassifierProperties": { + "type": "object", + "properties": { + "context": { + "type": "string", + "description": "The workload classifier context." + }, + "endTime": { + "type": "string", + "description": "The workload classifier end time for classification." + }, + "importance": { + "type": "string", + "description": "The workload classifier importance." + }, + "label": { + "type": "string", + "description": "The workload classifier label." + }, + "memberName": { + "type": "string", + "description": "The workload classifier member name." + }, + "startTime": { + "type": "string", + "description": "The workload classifier start time for classification." + } + }, + "required": [ + "memberName" + ], + "description": "Workload classifier definition. For more information look at sys.workload_management_workload_classifiers (DMV)." + }, + "WorkloadGroupProperties": { + "type": "object", + "properties": { + "importance": { + "type": "string", + "description": "The workload group importance level." + }, + "maxResourcePercent": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The workload group cap percentage resource." + }, + "maxResourcePercentPerRequest": { + "oneOf": [ + { + "type": "number" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The workload group request maximum grant percentage." + }, + "minResourcePercent": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The workload group minimum percentage resource." + }, + "minResourcePercentPerRequest": { + "oneOf": [ + { + "type": "number" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The workload group request minimum grant percentage." + }, + "queryExecutionTimeout": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The workload group query execution timeout." + } + }, + "required": [ + "maxResourcePercent", + "minResourcePercent", + "minResourcePercentPerRequest" + ], + "description": "Workload group definition. For more information look at sys.workload_management_workload_groups (DMV)." + } + } +} \ No newline at end of file diff --git a/schemas/common/autogeneratedResources.json b/schemas/common/autogeneratedResources.json index f90fe77e13..041c5d12f1 100644 --- a/schemas/common/autogeneratedResources.json +++ b/schemas/common/autogeneratedResources.json @@ -10645,6 +10645,201 @@ { "$ref": "https://schema.management.azure.com/schemas/2021-02-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_vulnerabilityAssessments" }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/instancePools" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/locations_instanceFailoverGroups" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/locations_serverTrustGroups" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/managedInstances" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/managedInstances_administrators" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/managedInstances_azureADOnlyAuthentications" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/managedInstances_databases" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/managedInstances_databases_backupLongTermRetentionPolicies" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/managedInstances_databases_backupShortTermRetentionPolicies" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/managedInstances_databases_schemas_tables_columns_sensitivityLabels" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/managedInstances_databases_securityAlertPolicies" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/managedInstances_databases_transparentDataEncryption" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/managedInstances_databases_vulnerabilityAssessments" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/managedInstances_databases_vulnerabilityAssessments_rules_baselines" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/managedInstances_distributedAvailabilityGroups" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/managedInstances_encryptionProtector" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/managedInstances_keys" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/managedInstances_privateEndpointConnections" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/managedInstances_restorableDroppedDatabases_backupShortTermRetentionPolicies" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/managedInstances_securityAlertPolicies" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/managedInstances_serverTrustCertificates" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/managedInstances_sqlAgent" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/managedInstances_vulnerabilityAssessments" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_administrators" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_auditingSettings" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_azureADOnlyAuthentications" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_connectionPolicies" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_databases" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_databases_auditingSettings" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_databases_backupLongTermRetentionPolicies" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_databases_backupShortTermRetentionPolicies" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_databases_extendedAuditingSettings" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_databases_extensions" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_databases_ledgerDigestUploads" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_databases_maintenanceWindows" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_databases_schemas_tables_columns_sensitivityLabels" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_databases_securityAlertPolicies" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_databases_syncGroups" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_databases_syncGroups_syncMembers" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_databases_transparentDataEncryption" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_databases_vulnerabilityAssessments" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_databases_vulnerabilityAssessments_rules_baselines" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_databases_workloadGroups" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_databases_workloadGroups_workloadClassifiers" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_devOpsAuditingSettings" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_dnsAliases" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_elasticPools" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_encryptionProtector" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_extendedAuditingSettings" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_failoverGroups" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_firewallRules" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_jobAgents" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_jobAgents_credentials" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_jobAgents_jobs" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_jobAgents_jobs_executions" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_jobAgents_jobs_steps" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_jobAgents_targetGroups" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_keys" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_outboundFirewallRules" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_privateEndpointConnections" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_securityAlertPolicies" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_syncAgents" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_virtualNetworkRules" + }, + { + "$ref": "https://schema.management.azure.com/schemas/2021-05-01-preview/Microsoft.Sql.json#/resourceDefinitions/servers_vulnerabilityAssessments" + }, { "$ref": "https://schema.management.azure.com/schemas/2017-03-01-preview/Microsoft.SqlVirtualMachine.json#/resourceDefinitions/sqlVirtualMachineGroups" },