Skip to content

Commit

Permalink
[Security] Initialize Security Autogenerated Modules (#24162)
Browse files Browse the repository at this point in the history 
* Generate SecurityConnectors and ApiCollections cmdlets

* Add Get-* integration tests

* Regenerate tests

* Update docs and examples. Rename subject *Repos to *Repo.

* Remove depricated offering

* Fix static analysis errors

* Fix one more static analysis issue
  • Loading branch information
@ivadim
ivadim authored Feb 27, 2024
1 parent 334dcea commit ea30029
Show file tree
Hide file tree
Showing 193 changed files with 18,165 additions and 0 deletions.
1 change: 1 addition & 0 deletions src/Security/Security.Autorest/.gitattributes
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
* text=auto
16 changes: 16 additions & 0 deletions src/Security/Security.Autorest/.gitignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
bin
obj
.vs
generated
internal
exports
tools
custom/*.psm1
custom/autogen-model-cmdlets
test/*-TestResults.xml
/*.ps1
/*.ps1xml
/*.psm1
/*.snk
/*.csproj
/*.nuspec
23 changes: 23 additions & 0 deletions src/Security/Security.Autorest/Az.Security.psd1
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
@{
GUID = '6f1c0dfd-dfcd-4e5b-b77c-a64a9d355ebf'
RootModule = './Az.Security.psm1'
ModuleVersion = '1.5.1'
CompatiblePSEditions = 'Core', 'Desktop'
Author = 'Microsoft Corporation'
CompanyName = 'Microsoft Corporation'
Copyright = 'Microsoft Corporation. All rights reserved.'
Description = 'Microsoft Azure PowerShell: Security cmdlets'
PowerShellVersion = '5.1'
DotNetFrameworkVersion = '4.7.2'
RequiredAssemblies = './bin/Az.Security.private.dll'
FormatsToProcess = './Az.Security.format.ps1xml'
FunctionsToExport = 'Get-AzSecurityApiCollection', 'Get-AzSecurityConnector', 'Get-AzSecurityConnectorAzureDevOpsOrg', 'Get-AzSecurityConnectorAzureDevOpsOrgAvailable', 'Get-AzSecurityConnectorAzureDevOpsProject', 'Get-AzSecurityConnectorAzureDevOpsRepo', 'Get-AzSecurityConnectorDevOpsConfiguration', 'Get-AzSecurityConnectorGitHubOwner', 'Get-AzSecurityConnectorGitHubOwnerAvailable', 'Get-AzSecurityConnectorGitHubRepo', 'Get-AzSecurityConnectorGitLabGroup', 'Get-AzSecurityConnectorGitLabGroupAvailable', 'Get-AzSecurityConnectorGitLabProject', 'Get-AzSecurityConnectorGitLabSubgroup', 'Invoke-AzSecurityApiCollectionApimOffboard', 'Invoke-AzSecurityApiCollectionApimOnboard', 'New-AzSecurityAwsEnvironmentObject', 'New-AzSecurityAwsOrganizationalDataMasterObject', 'New-AzSecurityAwsOrganizationalDataMemberObject', 'New-AzSecurityAzureDevOpsScopeEnvironmentObject', 'New-AzSecurityConnector', 'New-AzSecurityConnectorActionableRemediationObject', 'New-AzSecurityConnectorDevOpsConfiguration', 'New-AzSecurityCspmMonitorAwsOfferingObject', 'New-AzSecurityCspmMonitorAzureDevOpsOfferingObject', 'New-AzSecurityCspmMonitorGcpOfferingObject', 'New-AzSecurityCspmMonitorGithubOfferingObject', 'New-AzSecurityCspmMonitorGitLabOfferingObject', 'New-AzSecurityDefenderCspmAwsOfferingObject', 'New-AzSecurityDefenderCspmGcpOfferingObject', 'New-AzSecurityDefenderForContainersAwsOfferingObject', 'New-AzSecurityDefenderForContainersGcpOfferingObject', 'New-AzSecurityDefenderForDatabasesAwsOfferingObject', 'New-AzSecurityDefenderForDatabasesGcpOfferingObject', 'New-AzSecurityDefenderForServersAwsOfferingObject', 'New-AzSecurityDefenderForServersGcpOfferingObject', 'New-AzSecurityGcpOrganizationalDataMemberObject', 'New-AzSecurityGcpOrganizationalDataOrganizationObject', 'New-AzSecurityGcpProjectEnvironmentObject', 'New-AzSecurityGitHubScopeEnvironmentObject', 'New-AzSecurityGitLabScopeEnvironmentObject', 'New-AzSecurityInformationProtectionAwsOfferingObject', 'Remove-AzSecurityConnector', 'Remove-AzSecurityConnectorDevOpsConfiguration', 'Update-AzSecurityConnector', 'Update-AzSecurityConnectorAzureDevOpsOrg', 'Update-AzSecurityConnectorAzureDevOpsProject', 'Update-AzSecurityConnectorAzureDevOpsRepo', 'Update-AzSecurityConnectorDevOpsConfiguration'
PrivateData = @{
PSData = @{
Tags = 'Azure', 'ResourceManager', 'ARM', 'PSModule', 'Security'
LicenseUri = 'https://aka.ms/azps-license'
ProjectUri = 'https://github.com/Azure/azure-powershell'
ReleaseNotes = ''
}
}
}
187 changes: 187 additions & 0 deletions src/Security/Security.Autorest/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,187 @@
<!-- region Generated -->
# Az.Security
This directory contains the PowerShell module for the Security service.

---
## Status
[![Az.Security](https://img.shields.io/powershellgallery/v/Az.Security.svg?style=flat-square&label=Az.Security "Az.Security")](https://www.powershellgallery.com/packages/Az.Security/)

## Info
- Modifiable: yes
- Generated: all
- Committed: yes
- Packaged: yes

---
## Detail
This module was primarily generated via [AutoRest](https://github.com/Azure/autorest) using the [PowerShell](https://github.com/Azure/autorest.powershell) extension.

## Module Requirements
- [Az.Accounts module](https://www.powershellgallery.com/packages/Az.Accounts/), version 2.7.5 or greater

## Authentication
AutoRest does not generate authentication code for the module. Authentication is handled via Az.Accounts by altering the HTTP payload before it is sent.

## Development
For information on how to develop for `Az.Security`, see [how-to.md](how-to.md).
<!-- endregion -->

### AutoRest Configuration
> see https://aka.ms/autorest
###
``` yaml
commit: 6c4497e6b0aaad8127f2dd50fa8a29aaf68f24e6
require:
- $(this-folder)/../../readme.azure.noprofile.md
input-file:
- $(repo)/specification/security/resource-manager/Microsoft.Security/preview/2023-10-01-preview/securityConnectors.json
- $(repo)/specification/security/resource-manager/Microsoft.Security/preview/2023-09-01-preview/securityConnectorsDevOps.json
- $(repo)/specification/security/resource-manager/Microsoft.Security/stable/2023-11-15/apiCollections.json

title: Security
module-version: 1.5.1
subject-prefix: $(service-name)
enable-parent-pipeline-input: false

directive:
- rename-model:
from: EnvironmentData
to: SecurityConnectorEnvironment
- rename-model:
from: AwsEnvironmentData
to: AwsEnvironment
- rename-model:
from: GcpProjectEnvironmentData
to: GcpProjectEnvironment
- rename-model:
from: AzureDevOpsScopeEnvironmentData
to: AzureDevOpsScopeEnvironment
- rename-model:
from: GitlabScopeEnvironmentData
to: GitLabScopeEnvironment
- rename-model:
from: GithubScopeEnvironmentData
to: GitHubScopeEnvironment

- from: securityConnectors.json
where: $.definitions
debug: true
transform: >
$.defenderFoDatabasesAwsOffering['x-ms-client-name'] = 'DefenderForDatabasesAwsOffering'
- from: types.json
where: $.definitions.Kind
transform: >
$['x-ms-client-name'] = 'ResourceKind';
- from: apiCollections.json
where: $.paths..operationId
transform: >
return $.replace(/OffboardAzureApiManagementApi$/g, "ApiCollectionAPIM_Delete")
- where:
verb: Invoke
subject: ^AzureApiCollection$
set:
subject: ApiCollectionApimOnboard

- where:
verb: Remove
subject: ^ApiCollectionApim$
set:
verb: Invoke
subject: ApiCollectionApimOffboard

# New-* cmdlets, ViaIdentity is not required
- where:
variant: ^(Create|Update)(?!.*?Expanded|JsonFilePath|JsonString)
remove: true
- where:
variant: ^CreateViaIdentity.*$
remove: true

# Remove the set-* cmdlet
- where:
verb: Set
remove: true

- where:
subject: ^(DevOpsConfiguration|AzureDevOps|GitHub|GitLab)(.*)
set:
subject-prefix: SecurityConnector

- where:
subject: (.*)(AzureDevOpsRepos)$
set:
subject: $1AzureDevOpsRepo

- where:
subject: (.*)(GitHubRepos)$
set:
subject: $1GitHubRepo

- where:
verb: New
subject: ^(AzureDevOpsOrg|AzureDevOpsProject|AzureDevOpsRepo)(.*)
remove: true

- where:
subject: ^(DevOpsOperationResult)(.*)
remove: true

- where:
subject: ^(DevOpsConfiguration|AzureDevOps|GitHub|GitLab)(.*)
parameter-name: ProvisioningState
hide: true

- where:
verb: Update
subject: ^(AzureDevOps)(.*)
parameter-name: OnboardingState
hide: true

- where:
model-name: SecurityConnector
set:
format-table:
properties:
- Name
- ResourceGroupName
- EnvironmentName
- Location
- HierarchyIdentifier

- no-inline:
- SecurityConnectorEnvironment
- AwsOrganizationalData
- GcpOrganizationalData
- ActionableRemediation

- model-cmdlet:
- model-name: AwsEnvironment
- model-name: AwsOrganizationalDataMaster
- model-name: AwsOrganizationalDataMember
- model-name: GcpProjectEnvironment
- model-name: GcpOrganizationalDataOrganization
- model-name: GcpOrganizationalDataMember
- model-name: AzureDevOpsScopeEnvironment
- model-name: GitLabScopeEnvironment
- model-name: GitHubScopeEnvironment
- model-name: CspmMonitorAwsOffering
- model-name: CspmMonitorGcpOffering
- model-name: CspmMonitorGithubOffering
- model-name: CspmMonitorAzureDevOpsOffering
- model-name: CspmMonitorGitLabOffering
- model-name: DefenderCspmAwsOffering
- model-name: DefenderCspmGcpOffering
- model-name: DefenderForContainersAwsOffering
- model-name: DefenderForContainersGcpOffering
- model-name: DefenderForDatabasesAwsOffering
- model-name: DefenderForDatabasesGcpOffering
- model-name: DefenderForServersAwsOffering
- model-name: DefenderForServersGcpOffering
- model-name: InformationProtectionAwsOffering
- model-name: ActionableRemediation
cmdlet-name: New-AzSecurityConnectorActionableRemediationObject
```
138 changes: 138 additions & 0 deletions src/Security/Security.Autorest/UX/Microsoft.ApiManagement/service-apiCollections.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,138 @@
{
"resourceType": "service/apiCollections",
"apiVersion": "2023-11-15",
"learnMore": {
"url": "https://learn.microsoft.com/powershell/module/az.security"
},
"commands": [
{
"name": "Get-AzSecurityApiCollection",
"description": "Gets an Azure API Management API if it has been onboarded to Microsoft Defender for APIs.\nIf an Azure API Management API is onboarded to Microsoft Defender for APIs, the system will monitor the operations within the Azure API Management API for intrusive behaviors and provide alerts for attacks that have been detected.",
"path": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/providers/Microsoft.Security/apiCollections/{apiId}",
"help": {
"learnMore": {
"url": "https://learn.microsoft.com/powershell/module/az.security/get-azsecurityapicollection"
},
"parameterSets": [
{
"parameters": [
"-ApiId <String>",
"-ResourceGroupName <String>",
"-ServiceName <String>",
"[-SubscriptionId <String[]>]"
]
}
]
},
"examples": [
{
"description": "Gets an Azure API Management API if it has been onboarded to Microsoft Defender for APIs. If an Azure API Management API is onboarded to Microsoft Defender for APIs, the system will monitor the operations within the Azure API Management API for intrusive behaviors and provide alerts for attacks that have been detected.",
"parameters": [
{
"name": "-ApiId",
"value": "[Path.apiId]"
},
{
"name": "-ResourceGroupName",
"value": "[Path.resourceGroupName]"
},
{
"name": "-ServiceName",
"value": "[Path.serviceName]"
},
{
"name": "-SubscriptionId",
"value": "[Path.subscriptionId]"
}
]
}
]
},
{
"name": "Invoke-AzSecurityApiCollectionApimOffboard",
"description": "Offboard an Azure API Management API from Microsoft Defender for APIs.\nThe system will stop monitoring the operations within the Azure API Management API for intrusive behaviors.",
"path": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/providers/Microsoft.Security/apiCollections/{apiId}",
"help": {
"learnMore": {
"url": "https://learn.microsoft.com/powershell/module/az.security/invoke-azsecurityapicollectionapimoffboard"
},
"parameterSets": [
{
"parameters": [
"-ApiId <String>",
"-ResourceGroupName <String>",
"-ServiceName <String>",
"[-SubscriptionId <String>]"
]
}
]
},
"examples": [
{
"description": "Offboard an Azure API Management API from Microsoft Defender for APIs. The system will stop monitoring the operations within the Azure API Management API for intrusive behaviors.",
"parameters": [
{
"name": "-ApiId",
"value": "[Path.apiId]"
},
{
"name": "-ResourceGroupName",
"value": "[Path.resourceGroupName]"
},
{
"name": "-ServiceName",
"value": "[Path.serviceName]"
},
{
"name": "-SubscriptionId",
"value": "[Path.subscriptionId]"
}
]
}
]
},
{
"name": "Invoke-AzSecurityApiCollectionApimOnboard",
"description": "Onboard an Azure API Management API to Microsoft Defender for APIs.\nThe system will start monitoring the operations within the Azure Management API for intrusive behaviors and provide alerts for attacks that have been detected.",
"path": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/providers/Microsoft.Security/apiCollections/{apiId}",
"help": {
"learnMore": {
"url": "https://learn.microsoft.com/powershell/module/az.security/invoke-azsecurityapicollectionapimonboard"
},
"parameterSets": [
{
"parameters": [
"-ApiId <String>",
"-ResourceGroupName <String>",
"-ServiceName <String>",
"[-SubscriptionId <String>]"
]
}
]
},
"examples": [
{
"description": "Onboard an Azure API Management API to Microsoft Defender for APIs. The system will start monitoring the operations within the Azure Management API for intrusive behaviors and provide alerts for attacks that have been detected.",
"parameters": [
{
"name": "-ApiId",
"value": "[Path.apiId]"
},
{
"name": "-ResourceGroupName",
"value": "[Path.resourceGroupName]"
},
{
"name": "-ServiceName",
"value": "[Path.serviceName]"
},
{
"name": "-SubscriptionId",
"value": "[Path.subscriptionId]"
}
]
}
]
}
]
}
Loading

0 comments on commit ea30029

Please sign in to comment.