diff --git a/custom-words.txt b/custom-words.txt index 92f893c3a760..346031465131 100644 --- a/custom-words.txt +++ b/custom-words.txt @@ -2838,4 +2838,8 @@ serde onetoone onetomany manytoone -manytomany \ No newline at end of file +manytomany +stransparent +forceencryption +tlsciphers +tlsprotocols \ No newline at end of file diff --git a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/CreateOrUpdateSqlManagedInstance.json b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/CreateOrUpdateSqlManagedInstance.json index eb882a9d3cb9..a67f3dc45a95 100644 --- a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/CreateOrUpdateSqlManagedInstance.json +++ b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/CreateOrUpdateSqlManagedInstance.json @@ -53,6 +53,31 @@ } } } + }, + "security": { + "adminLoginSecret": "test-sql-login-secret", + "serviceCertificateSecret": "Service Certificate Secret", + "activeDirectory": { + "connector": { + "name": "Name of connector", + "namespace": "Namespace of connector" + }, + "accountName": "Account name", + "keytabSecret": "Key tab secret of account", + "encryptionTypes": [ + "Encryption type item1, Encryption type item2,..." + ] + }, + "transparentDataEncryption": { + "mode": "SystemManaged" + } + }, + "settings": { + "network": { + "forceencryption": 0, + "tlsciphers": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", + "tlsprotocols": "1.2" + } } } } @@ -94,6 +119,31 @@ } } } + }, + "security": { + "adminLoginSecret": "test-sql-login-secret", + "serviceCertificateSecret": "Service Certificate Secret", + "activeDirectory": { + "connector": { + "name": "Name of connector", + "namespace": "Namespace of connector" + }, + "accountName": "Account name", + "keytabSecret": "Key tab secret of account", + "encryptionTypes": [ + "Encryption type item1, Encryption type item2,..." + ] + }, + "transparentDataEncryption": { + "mode": "SystemManaged" + } + }, + "settings": { + "network": { + "forceencryption": 0, + "tlsciphers": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", + "tlsprotocols": "1.2" + } } } } @@ -158,6 +208,31 @@ } } } + }, + "security": { + "adminLoginSecret": "test-sql-login-secret", + "serviceCertificateSecret": "Service Certificate Secret", + "activeDirectory": { + "connector": { + "name": "Name of connector", + "namespace": "Namespace of connector" + }, + "accountName": "Account name", + "keytabSecret": "Key tab secret of account", + "encryptionTypes": [ + "Encryption type item1, Encryption type item2,..." + ] + }, + "transparentDataEncryption": { + "mode": "SystemManaged" + } + }, + "settings": { + "network": { + "forceencryption": 0, + "tlsciphers": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", + "tlsprotocols": "1.2" + } } } } diff --git a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/GetSqlManagedInstance.json b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/GetSqlManagedInstance.json index 1c2a682140b0..79bb311aedd4 100644 --- a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/GetSqlManagedInstance.json +++ b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/GetSqlManagedInstance.json @@ -40,6 +40,31 @@ } } } + }, + "security": { + "adminLoginSecret": "test-sql-login-secret", + "serviceCertificateSecret": "Service Certificate Secret", + "activeDirectory": { + "connector": { + "name": "Name of connector", + "namespace": "Namespace of connector" + }, + "accountName": "Account name", + "keytabSecret": "Key tab secret of account", + "encryptionTypes": [ + "Encryption type item1, Encryption type item2,..." + ] + }, + "transparentDataEncryption": { + "mode": "SystemManaged" + } + }, + "settings": { + "network": { + "forceencryption": 0, + "tlsciphers": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", + "tlsprotocols": "1.2" + } } } } diff --git a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/ListByResourceGroupSqlManagedInstance.json b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/ListByResourceGroupSqlManagedInstance.json index ff3a532df851..ff6a721aeee5 100644 --- a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/ListByResourceGroupSqlManagedInstance.json +++ b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/ListByResourceGroupSqlManagedInstance.json @@ -39,6 +39,31 @@ } } } + }, + "security": { + "adminLoginSecret": "test-sql-login-secret", + "serviceCertificateSecret": "Service Certificate Secret", + "activeDirectory": { + "connector": { + "name": "Name of connector", + "namespace": "Namespace of connector" + }, + "accountName": "Account name", + "keytabSecret": "Key tab secret of account", + "encryptionTypes": [ + "Encryption type item1, Encryption type item2,..." + ] + }, + "transparentDataEncryption": { + "mode": "SystemManaged" + } + }, + "settings": { + "network": { + "forceencryption": 0, + "tlsciphers": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", + "tlsprotocols": "1.2" + } } } } diff --git a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/ListSubscriptionSqlManagedInstance.json b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/ListSubscriptionSqlManagedInstance.json index 942a11f3853e..59a191f54c5d 100644 --- a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/ListSubscriptionSqlManagedInstance.json +++ b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/ListSubscriptionSqlManagedInstance.json @@ -40,6 +40,31 @@ } } } + }, + "security": { + "adminLoginSecret": "test-sql-login-secret", + "serviceCertificateSecret": "Service Certificate Secret", + "activeDirectory": { + "connector": { + "name": "Name of connector", + "namespace": "Namespace of connector" + }, + "accountName": "Account name", + "keytabSecret": "Key tab secret of account", + "encryptionTypes": [ + "Encryption type item1, Encryption type item2,..." + ] + }, + "transparentDataEncryption": { + "mode": "SystemManaged" + } + }, + "settings": { + "network": { + "forceencryption": 0, + "tlsciphers": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", + "tlsprotocols": "1.2" + } } } } diff --git a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/UpdateSqlManagedInstance.json b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/UpdateSqlManagedInstance.json index d5ff2b0ae598..02b246ec362a 100644 --- a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/UpdateSqlManagedInstance.json +++ b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/examples/UpdateSqlManagedInstance.json @@ -45,6 +45,31 @@ } } } + }, + "security": { + "adminLoginSecret": "test-sql-login-secret", + "serviceCertificateSecret": "Service Certificate Secret", + "activeDirectory": { + "connector": { + "name": "Name of connector", + "namespace": "Namespace of connector" + }, + "accountName": "Account name", + "keytabSecret": "Key tab secret of account", + "encryptionTypes": [ + "Encryption type item1, Encryption type item2,..." + ] + }, + "transparentDataEncryption": { + "mode": "SystemManaged" + } + }, + "settings": { + "network": { + "forceencryption": 0, + "tlsciphers": "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384", + "tlsprotocols": "1.2" + } } } } diff --git a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/sqlManagedInstances.json b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/sqlManagedInstances.json index 6145742e5826..b5e729802aff 100644 --- a/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/sqlManagedInstances.json +++ b/specification/azurearcdata/resource-manager/Microsoft.AzureArcData/preview/2023-01-15-preview/sqlManagedInstances.json @@ -185,6 +185,12 @@ "type": "integer", "format": "int32", "description": "This option specifies the number of SQL Managed Instance replicas that will be deployed in your Kubernetes cluster for high availability purposes. If sku.tier is BusinessCritical, allowed values are '2' or '3' with default of '3'. If sku.tier is GeneralPurpose, replicas must be '1'." + }, + "security": { + "$ref": "#/definitions/K8sSecurity" + }, + "settings": { + "$ref": "#/definitions/K8sSettings" } }, "additionalProperties": { @@ -238,6 +244,108 @@ "type": "object" } }, + "K8sSecurity": { + "type": "object", + "description": "The kubernetes security information.", + "properties": { + "adminLoginSecret": { + "type": "string", + "description": "Admin login secret key" + }, + "serviceCertificateSecret": { + "type": "string", + "description": "Service certificate secret used" + }, + "activeDirectory": { + "$ref": "#/definitions/K8sActiveDirectory" + }, + "transparentDataEncryption": { + "$ref": "#/definitions/k8stransparentDataEncryption" + } + }, + "additionalProperties": { + "type": "object" + } + }, + "K8sActiveDirectory": { + "type": "object", + "description": "The kubernetes active directory information.", + "properties": { + "connector": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name of the connector" + }, + "namespace": { + "type": "string", + "description": "Name space of the connector" + } + } + }, + "accountName": { + "type": "string", + "description": "Account name for AAD" + }, + "keytabSecret": { + "type": "string", + "description": "Keytab secret used to authenticate with Active Directory." + }, + "encryptionTypes": { + "type": "array", + "description": "An array of encryption types", + "items": { + "type": "string" + } + } + } + }, + "k8stransparentDataEncryption": { + "type": "object", + "description": "Transparent data encryption information.", + "properties": { + "mode": { + "type": "string", + "description": "Transparent data encryption mode. Can be Service Managed, Customer managed or disabled" + }, + "protectorSecret": { + "type": "string", + "description": "Protector secret for customer managed Transparent data encryption mode" + } + } + }, + "K8sSettings": { + "type": "object", + "description": "The kubernetes settings information.", + "properties": { + "network": { + "$ref": "#/definitions/K8sNetworkSettings" + } + }, + "additionalProperties": { + "type": "object" + } + }, + "K8sNetworkSettings": { + "type": "object", + "description": "The kubernetes network settings information.", + "properties": { + "forceencryption": { + "type": "integer", + "format": "int32", + "description": "If 1, then SQL Server forces all connections to be encrypted. By default, this option is 0" + }, + "tlsciphers": { + "type": "string", + "description": "Specifies which ciphers are allowed by SQL Server for TLS" + }, + "tlsprotocols": { + "type": "string", + "description": "A comma-separated list of which TLS protocols are allowed by SQL Server" + } + } + }, "KeytabInformation": { "type": "object", "description": "Keytab used for authenticate with Active Directory.",