PSRule.Rules.Azure
PSRule.Rules.Azure copied to clipboard
Azure
feat: Updated Azure.MySQL.DefenderCloud
PR Summary
Fixes #2904
Updated Azure.MySQL.DefenderCloud to also support the flexible deployment model.
PR Checklist
- [x] PR has a meaningful title
- [x] Summarized changes
- [x] Change is not breaking
- [x] This PR is ready to merge and is not Work in Progress
- Rule changes
- [x] Unit tests created/ updated
- [x] Rule documentation created/ updated
- [x] Link to a filed issue
- [x] Change log has been updated with change under unreleased section
- Other code changes
- [ ] Unit tests created/ updated
- [ ] Link to a filed issue
- [ ] Change log has been updated with change under unreleased section
Hi @BernieWhite. Check out, I've used quite some time to figure out how this works as the resource is read-only for us.
it is configured only via the portal for the resource within the resource blade (resource-level enablement) or via enabling the Defender servers plan (with the open-source relational databases resource type enabled) for the subscription where the flexible server is located at (subscription-level enablement).
Since this is the behavior, it will only run against exported data for the flexible servers.
Export-AzRuleData does not currently support exporting out the Microsoft.DBforMySQL/flexibleServers/advancedThreatProtectionSettings resource so we have to add support for that, I have tested it out.
Hi @BernieWhite. Check out, I've used quite some time to figure out how this works as the resource is read-only for us.
it is configured only via the portal for the resource within the resource blade
(resource-level enablement)or via enabling the Defender servers plan (with the open-source relational databases resource type enabled) for the subscription where the flexible server is located at(subscription-level enablement).Since this is the behavior, it will only run against exported data for the flexible servers.
Export-AzRuleDatadoes not currently support exporting out theMicrosoft.DBforMySQL/flexibleServers/advancedThreatProtectionSettingsresource so we have to add support for that, I have tested it out.
I'm going see if I can investigate this more internally. The REST API includes PUT operations so I don't think the sub-resource is readonly, it may be a documentation error with the spec.
https://learn.microsoft.com/en-us/rest/api/mysql/flexibleserver/advanced-threat-protection-settings/update-put?view=rest-mysql-flexibleserver-2023-12-30&tabs=HTTP
Hi @BernieWhite. Check out, I've used quite some time to figure out how this works as the resource is read-only for us. it is configured only via the portal for the resource within the resource blade
(resource-level enablement)or via enabling the Defender servers plan (with the open-source relational databases resource type enabled) for the subscription where the flexible server is located at(subscription-level enablement). Since this is the behavior, it will only run against exported data for the flexible servers.Export-AzRuleDatadoes not currently support exporting out theMicrosoft.DBforMySQL/flexibleServers/advancedThreatProtectionSettingsresource so we have to add support for that, I have tested it out.I'm going see if I can investigate this more internally. The REST API includes PUT operations so I don't think the sub-resource is readonly, it may be a documentation error with the spec.
https://learn.microsoft.com/en-us/rest/api/mysql/flexibleserver/advanced-threat-protection-settings/update-put?view=rest-mysql-flexibleserver-2023-12-30&tabs=HTTP
Doesn't look very readonly to me.
The thing is that the Bicep linter yields that it can be only used with the existing keyword.
Let me know what you are able to find out and we'll adjust accordingly.
Resource type "Microsoft.DBforMySQL/flexibleServers/advancedThreatProtectionSettings@2023-10-01-preview" can only be used with the 'existing' keyword.bicep(BCP245)
@BenjaminEngeset I've asked the question internally, let's park it for now. Should have a clear path in the next day or two.
@BenjaminEngeset there is still some ongoing discussions on this one, hope to have an update soon.
What is the current status here @BernieWhite? Still awaiting feedback?