From 17dc295c84264fa23c35a75a6f9e1591282aec5b Mon Sep 17 00:00:00 2001 From: Sai Sujith Reddy Mankala Date: Mon, 25 Jan 2021 18:57:57 -0800 Subject: [PATCH] Insights on Firewall Policy (#12509) * Adds base for updating Microsoft.Network from version stable/2020-07-01 to version 2020-08-01 * Updates readme * Updates API version in new specs and examples * add patch operation for express route gateway (#11553) * add patch * fix example * Added new cloud service NIC and PIP APIs (#11650) Co-authored-by: Richa Jain * Adding support for Vpn Link Connection Mode (#11574) Co-authored-by: Abhishek Shah * Reverting the changes made for address space update as the changes in service code are not in yet (#11754) Co-authored-by: Hari Prasad Perabattula * VPN NAT for Virtual WAN feature changes (#11815) * VPN NAT for Virtual WAN feature changes * PrettierCheck fixes * Incorporate review comments and update examples * Add edge zone parameters for networking resources and add extendedLocation property to customIpPrefix (#11933) * Add extendedLocation property to customIpPrefix * Fix the directory * Address linting errors * Fix another linting error * Add edge zone parameter for network interfaces * Looks like edgeZone parameter is working when creating network interfaces * EdgeZone parameter for load balancer * Add edge zone parameter for public IP address * Add edge zone parameter for public IP prefix * Add edgeZone parameter for virtual networks * Add edge zone parameter for custom IP prefix Co-authored-by: Will Ehrich * Add location parameter to Loadbalancer Backend Address Pool Properties Format (#11919) * adding location parameter to backendaddresspoolpropertiesformat * ran prettier * Support for Listing IKE Security Associations for Virtual Network Gateway Connections (#11572) * Support to List IKE SAs on VNG Connection * Updating GetIkeSas * Update virtualNetworkGateway.json * Added location headers * Update virtualNetworkGateway.json * Prettier fix * Update custom-words.txt * Update virtualNetworkGateway.json * Update custom-words.txt * Update virtualNetworkGateway.json * Update virtualNetworkGateway.json * Update virtualNetworkGateway.json Co-authored-by: Abhishek Shah * [Fix] GetIkeSas returns result as string (#12225) * Removing IkeSaParameters * Update custom-words.txt * Update virtualNetworkGateway.json * Update virtualNetworkGateway.json * Update VirtualNetworkGatewayConnectionGetIkeSas.json * Update virtualNetworkGateway.json * Update VirtualNetworkGatewayConnectionGetIkeSas.json Co-authored-by: Abhishek Shah * Add extended location properties for private link service and private endpoints and remove edge zone properties (#12039) * Remove edge zone parameter * Add extended location for private endpoint and private link service * Add examples * Capitalization * Prettier Co-authored-by: Will Ehrich * Add missing properties of SecurityRule, Route and RouteTable (#12215) * Add missing properties of SecurityRule Route and RouteTable * Set resourceGuid field to be read only Co-authored-by: Xu Wang * Added placeholder instead of password (#12299) * resolving conflicts * resolving conflicts * new api version * resolving conflicts * fixing network validation * running prettier * fixing network valdiation * fixing network valdiation Co-authored-by: Mikhail Co-authored-by: nimaller <71352534+nimaller@users.noreply.github.com> Co-authored-by: Richa Jain Co-authored-by: Richa Jain Co-authored-by: Abhishek Shah Co-authored-by: Abhishek Shah Co-authored-by: Hari Prasad Perabattula Co-authored-by: Hari Prasad Perabattula Co-authored-by: Nilambari Co-authored-by: William Ehrich Co-authored-by: Will Ehrich Co-authored-by: Kayden Wilkinson <69224099+Kawilki-M@users.noreply.github.com> Co-authored-by: Xu Wang Co-authored-by: Xu Wang --- .../examples/FirewallPolicyGet.json | 17 +++++++ .../examples/FirewallPolicyPut.json | 51 +++++++++++++++++++ .../stable/2020-11-01/firewallPolicy.json | 40 +++++++++++++++ 3 files changed, 108 insertions(+) diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2020-11-01/examples/FirewallPolicyGet.json b/specification/network/resource-manager/Microsoft.Network/stable/2020-11-01/examples/FirewallPolicyGet.json index 6f9d73984225..0041022738f2 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2020-11-01/examples/FirewallPolicyGet.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2020-11-01/examples/FirewallPolicyGet.json @@ -32,6 +32,23 @@ "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1" } ], + "insights": { + "isEnabled": true, + "retentionDays": 100, + "logAnalyticsResources": { + "workspaceIds": [ + { + "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1" + }, + { + "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2" + } + ], + "defaultWorkspaceId": { + "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace" + } + } + }, "firewalls": [], "snat": { "privateRanges": [ diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2020-11-01/examples/FirewallPolicyPut.json b/specification/network/resource-manager/Microsoft.Network/stable/2020-11-01/examples/FirewallPolicyPut.json index 10935f0f83f8..c12e14e91651 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2020-11-01/examples/FirewallPolicyPut.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2020-11-01/examples/FirewallPolicyPut.json @@ -19,6 +19,23 @@ "*.microsoft.com" ] }, + "insights": { + "isEnabled": true, + "retentionDays": 100, + "logAnalyticsResources": { + "workspaceIds": [ + { + "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1" + }, + { + "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2" + } + ], + "defaultWorkspaceId": { + "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace" + } + } + }, "snat": { "privateRanges": [ "IANAPrivateRanges" @@ -100,6 +117,23 @@ "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup2" } ], + "insights": { + "isEnabled": true, + "retentionDays": 100, + "logAnalyticsResources": { + "workspaceIds": [ + { + "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1" + }, + { + "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2" + } + ], + "defaultWorkspaceId": { + "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace" + } + } + }, "firewalls": [], "snat": { "privateRanges": [ @@ -181,6 +215,23 @@ "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup2" } ], + "insights": { + "isEnabled": true, + "retentionDays": 100, + "logAnalyticsResources": { + "workspaceIds": [ + { + "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1" + }, + { + "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2" + } + ], + "defaultWorkspaceId": { + "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace" + } + } + }, "firewalls": [], "snat": { "privateRanges": [ diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2020-11-01/firewallPolicy.json b/specification/network/resource-manager/Microsoft.Network/stable/2020-11-01/firewallPolicy.json index e96788fbb414..3ddd2720b4e6 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2020-11-01/firewallPolicy.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2020-11-01/firewallPolicy.json @@ -638,6 +638,10 @@ "description": "ThreatIntel Whitelist for Firewall Policy.", "$ref": "#/definitions/FirewallPolicyThreatIntelWhitelist" }, + "insights": { + "description": "Insights on Firewall Policy.", + "$ref": "#/definitions/FirewallPolicyInsights" + }, "snat": { "description": "The private IP addresses/IP ranges to which traffic will not be SNAT.", "$ref": "#/definitions/FirewallPolicySNAT" @@ -1150,6 +1154,25 @@ } } }, + "FirewallPolicyInsights": { + "description": "Firewall Policy Insights.", + "x-ms-discriminator-value": "FirewallPolicyInsights", + "properties": { + "isEnabled": { + "type": "boolean", + "description": "A flag to indicate if the insights are enabled on the policy." + }, + "retentionDays": { + "type": "integer", + "format": "int32", + "description": "Number of days the insights should be enabled on the policy." + }, + "logAnalyticsResources": { + "description": "Workspaces needed to configure the Firewall Policy Insights.", + "$ref": "#/definitions/FirewallPolicyLogAnalyticsResources" + } + } + }, "FirewallPolicySNAT": { "description": "The private IP addresses/IP ranges to which traffic will not be SNAT.", "x-ms-discriminator-value": "FirewallPolicySNAT", @@ -1348,6 +1371,23 @@ } }, "description": "SKU of Firewall policy." + }, + "FirewallPolicyLogAnalyticsResources": { + "description": "Log Analytics Resources for Firewall Policy Insights.", + "x-ms-discriminator-value": "FirewallPolicyLogAnalyticsResources", + "properties": { + "workspaceIds": { + "type": "array", + "description": "List of workspace Ids for Firewall Policy Insights.", + "items": { + "$ref": "./network.json#/definitions/SubResource" + } + }, + "defaultWorkspaceId": { + "$ref": "./network.json#/definitions/SubResource", + "description": "The default workspace Id for Firewall Policy Insights." + } + } } } }