[Hunts] Add hunts to Sentinel 2023-04-01-preview version #23139
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Hi, @yummyblabla Thanks for your PR. I am workflow bot for review process. Here are some small tips. Any feedback about review process or workflow bot, pls contact swagger and tools team. vscswagger@microsoft.com |
Swagger Validation Report
|
| compared tags (via openapi-validator v2.0.0) | new version | base version |
|---|---|---|
| package-preview-2023-04 | package-preview-2023-04(4b20a3a) | package-preview-2023-04(release-Sentinel-2023-04-01-preview) |
️️✔️Avocado succeeded [Detail] [Expand]
Validation passes for Avocado.
️️✔️SwaggerAPIView succeeded [Detail] [Expand]
️️✔️CadlAPIView succeeded [Detail] [Expand]
️️✔️ModelValidation succeeded [Detail] [Expand]
Validation passes for ModelValidation.
️️✔️SemanticValidation succeeded [Detail] [Expand]
Validation passes for SemanticValidation.
️️✔️PrettierCheck succeeded [Detail] [Expand]
Validation passes for PrettierCheck.
️️✔️SpellCheck succeeded [Detail] [Expand]
Validation passes for SpellCheck.
️️✔️CadlValidation succeeded [Detail] [Expand]
Validation passes for CadlValidation.
️️✔️PR Summary succeeded [Detail] [Expand]
Validation passes for Summary.
openapi-workflow-bot
bot
added
ARMReview
WaitForARMFeedback
Swagger Generation Artifacts
|
Generated ApiView
|
|
Hi, @yummyblabla your PR are labelled with WaitForARMFeedback. A notification email will be sent out shortly afterwards to notify ARM review board(armapireview@microsoft.com). |
This was referenced Mar 16, 2023
|
Swagger ApiDocReview check is in progress for almost a day, but logs within the check indicate that there are no issues. |
raosuhas
reviewed
Mar 22, 2023
...tyinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/Hunts.json
Show resolved
Hide resolved
raosuhas
reviewed
Mar 22, 2023
| "HuntRelationProperties": { | ||
| "description": "Describes hunt relation properties", | ||
| "properties": { | ||
| "relatedResourceId": { |
There was a problem hiding this comment.
Can you please explain a bit about the scenario here ? When the user creates the huntrelation is he expected to have permissions over this related resoruce id ? How does your service get permissions over this resource ? Do you plan to include linked access checks to ensure that the user also has access to this ?
There was a problem hiding this comment.
When a hunt relation is created, they should already have access to the related resource id. In certain scenarios, the original resource is duplicated to prevent modifying the original. As of now, this is only a one-way linkage to the related resource, as the resources are stored differently (graph store vs cosmosdb). There may be future plans to address this issue.
There was a problem hiding this comment.
How do you ensure that they have access to the related resource id ? Do you do a linked access check : https://armwiki.azurewebsites.net/authorization/RBACLinkedAccessCheck.html
There was a problem hiding this comment.
From the UX perspective, the user should already have access to the resource through RBAC, and they will be able to make relations PUT call with that resource's id.
From our API's point of view, we are only returning the string of the resource's id, not the resource itself. It is up to the user to make the request to that resource's API to get more information.
There was a problem hiding this comment.
The issue I am trying to point out is that when the user passes in the relatedResourceId in the PUT call , that user may not have access to that particular resource id from azure RBAC, yet by running this operation they are able to influence it. To avoid this you need to add the linked access check for this resource.
There was a problem hiding this comment.
Even if the user does not have access to the related resource, they are not able to influence that related resource by creating it here through the PUT request. They still need to make an actual GET request to that API to get the resource.
We are only creating a one-way link to the related resource and we are storing the related resource id string. If the related resource permission's get revoked, or gets deleted, our API does not get notified of this as the relation still persists until the relation gets deleted.
There was a problem hiding this comment.
SO what do you do with the related resource once it gets created .. I assume there would be more to the operation than just storing it on your side ? (Note : Feel free to email me to get this resolved a bit quicker)
There was a problem hiding this comment.
Signing off based on offline conversation. Team agrees to add linked access checks for the scenario.
raosuhas
reviewed
Mar 22, 2023
...tyinsights/resource-manager/Microsoft.SecurityInsights/preview/2023-04-01-preview/Hunts.json
Outdated
Show resolved
Hide resolved
raosuhas
added
the
ARMChangesRequested
|
Please ensure to respond feedbacks from the ARM API reviewer. When you are ready to continue the ARM API review, please remove |
openapi-workflow-bot
bot
removed
the
WaitForARMFeedback
yummyblabla
removed
the
ARMChangesRequested
openapi-workflow-bot
bot
added
the
WaitForARMFeedback
raosuhas
added
the
ARMChangesRequested
openapi-workflow-bot
bot
removed
the
WaitForARMFeedback
|
Hi @yummyblabla, Your PR has some issues. Please fix the CI sequentially by following the order of
|
yummyblabla
removed
the
ARMChangesRequested
openapi-workflow-bot
bot
added
the
WaitForARMFeedback
raosuhas
added
the
ARMChangesRequested
openapi-workflow-bot
bot
removed
the
WaitForARMFeedback
yummyblabla
removed
the
ARMChangesRequested
openapi-workflow-bot
bot
added
the
WaitForARMFeedback
raosuhas
added
the
ARMChangesRequested
openapi-workflow-bot
bot
removed
the
WaitForARMFeedback
raosuhas
added
the
ARMSignedOff
openapi-workflow-bot
bot
removed
the
ARMChangesRequested
ArcturusZhang
approved these changes
Mar 27, 2023
tadelesh
pushed a commit
that referenced
this pull request
Apr 14, 2023
* Adds base for updating Microsoft.SecurityInsights from version preview/2023-03-01-preview to version 2023-04-01-preview * Updates readme * Updates API version in new specs and examples * Workspace Manager Members (#23134) * Adds base for updating Microsoft.SecurityInsights from version preview/2023-02-01-preview to version 2023-04-01-preview * Updates readme * Updates API version in new specs and examples * Workspace Manager Members * udpate pattern * Workspace manager configurations (#23133) * Adds base for updating Microsoft.SecurityInsights from version preview/2023-02-01-preview to version 2023-04-01-preview * Updates readme * Updates API version in new specs and examples * adding april configurations swagger * update pattern * prettier update * update readme * Workspace manager assignments (#23130) * Adds base for updating Microsoft.SecurityInsights from version preview/2023-02-01-preview to version 2023-04-01-preview * Updates readme * Updates API version in new specs and examples * Workspace Manager Assignments/Jobs * update readme * updated from comments * update from lint diff errors * updated descriptions * Workspace manager groups (#23135) * Adds base for updating Microsoft.SecurityInsights from version preview/2023-02-01-preview to version 2023-04-01-preview * Updates readme * Updates API version in new specs and examples * april swagger for groups * update path name & pattern * [Hunts] Add hunts to Sentinel 2023-04-01-preview version (#23139) * Add hunts files * Include update in 200 description and add defaults * Add back 201 * Update relation properties * Update example --------- Co-authored-by: Derrick Lee <derricklee@microsoft.com> * Add readonly flag to providerName property (#23259) * sentinel content hub package and template API (#23151) * commit for content template and content package API * fix issues reported by swagger lint * add 201 for put requests in template service * resolve the comments * resolve comments in packageId * resolve comments * update descriptions due to lint error (#23392) * Fix policheck issue by updating the description. (#23415) * Fix polich issue by updating the description. * update the description to fix a typo. * Release sentinel 2023 04 01 preview (#23420) * Fix polich issue by updating the description. * update the description to fix a typo. * fix policheck by updating description * rename enum name to stable version to fix cross-version breaking change failure. * fix typo (#23463) --------- Co-authored-by: rheabansal <93624991+rheabansal@users.noreply.github.com> Co-authored-by: Derrick Lee <derricklee91@gmail.com> Co-authored-by: Derrick Lee <derricklee@microsoft.com> Co-authored-by: Anat Gilenson <53407600+anat-gilenson@users.noreply.github.com> Co-authored-by: xuhumsft <116764429+xuhumsft@users.noreply.github.com> Co-authored-by: Nan Zang <nazang@microsoft.com>
JoshLove-msft
pushed a commit
to JoshLove-msft/azure-rest-api-specs
that referenced
this pull request
Apr 25, 2023
* Adds base for updating Microsoft.SecurityInsights from version preview/2023-03-01-preview to version 2023-04-01-preview * Updates readme * Updates API version in new specs and examples * Workspace Manager Members (Azure#23134) * Adds base for updating Microsoft.SecurityInsights from version preview/2023-02-01-preview to version 2023-04-01-preview * Updates readme * Updates API version in new specs and examples * Workspace Manager Members * udpate pattern * Workspace manager configurations (Azure#23133) * Adds base for updating Microsoft.SecurityInsights from version preview/2023-02-01-preview to version 2023-04-01-preview * Updates readme * Updates API version in new specs and examples * adding april configurations swagger * update pattern * prettier update * update readme * Workspace manager assignments (Azure#23130) * Adds base for updating Microsoft.SecurityInsights from version preview/2023-02-01-preview to version 2023-04-01-preview * Updates readme * Updates API version in new specs and examples * Workspace Manager Assignments/Jobs * update readme * updated from comments * update from lint diff errors * updated descriptions * Workspace manager groups (Azure#23135) * Adds base for updating Microsoft.SecurityInsights from version preview/2023-02-01-preview to version 2023-04-01-preview * Updates readme * Updates API version in new specs and examples * april swagger for groups * update path name & pattern * [Hunts] Add hunts to Sentinel 2023-04-01-preview version (Azure#23139) * Add hunts files * Include update in 200 description and add defaults * Add back 201 * Update relation properties * Update example --------- Co-authored-by: Derrick Lee <derricklee@microsoft.com> * Add readonly flag to providerName property (Azure#23259) * sentinel content hub package and template API (Azure#23151) * commit for content template and content package API * fix issues reported by swagger lint * add 201 for put requests in template service * resolve the comments * resolve comments in packageId * resolve comments * update descriptions due to lint error (Azure#23392) * Fix policheck issue by updating the description. (Azure#23415) * Fix polich issue by updating the description. * update the description to fix a typo. * Release sentinel 2023 04 01 preview (Azure#23420) * Fix polich issue by updating the description. * update the description to fix a typo. * fix policheck by updating description * rename enum name to stable version to fix cross-version breaking change failure. * fix typo (Azure#23463) --------- Co-authored-by: rheabansal <93624991+rheabansal@users.noreply.github.com> Co-authored-by: Derrick Lee <derricklee91@gmail.com> Co-authored-by: Derrick Lee <derricklee@microsoft.com> Co-authored-by: Anat Gilenson <53407600+anat-gilenson@users.noreply.github.com> Co-authored-by: xuhumsft <116764429+xuhumsft@users.noreply.github.com> Co-authored-by: Nan Zang <nazang@microsoft.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
ARM API Information (Control Plane)
MSFT employees can try out our new experience at OpenAPI Hub - one location for using our validation tools and finding your workflow.
Azure 1st Party Service can try out the Shift Left experience to initiate API design review from ADO code repo. If you are interested, may request engineering support by filling in with the form https://aka.ms/ShiftLeftSupportForm.
Changelog
Add a changelog entry for this PR by answering the following questions:
Contribution checklist (MS Employees Only):
If any further question about AME onboarding or validation tools, please view the FAQ.
ARM API Review Checklist
Otherwise your PR may be subject to ARM review requirements. Complete the following:
Check this box if any of the following apply to the PR so that the label "ARMReview" and "WaitForARMFeedback" will be added by bot to kick off ARM API Review. Missing to check this box in the following scenario may result in delays to the ARM manifest review and deployment.
-[x] To review changes efficiently, ensure you copy the existing version into the new directory structure for first commit and then push new changes, including version updates, in separate commits. You can use OpenAPIHub to initialize the PR for adding a new version. For more details refer to the wiki.
Ensure you've reviewed following guidelines including ARM resource provider contract and REST guidelines. Estimated time (4 hours). This is required before you can request review from ARM API Review board.
If you are blocked on ARM review and want to get the PR merged with urgency, please get the ARM oncall for reviews (RP Manifest Approvers team under Azure Resource Manager service) from IcM and reach out to them.
Breaking Change Review Checklist
If you have any breaking changes as defined in the Breaking Change Policy, request approval from the Breaking Change Review Board.
Action: to initiate an evaluation of the breaking change, create a new intake using the template for breaking changes. Additional details on the process and office hours are on the Breaking Change Wiki.
NOTE: To update API(s) in public preview for over 1 year (refer to Retirement of Previews)
Please follow the link to find more details on PR review process.