Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Updated Azure.MySQL.DefenderCloud #2905

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

feat: Updated Azure.MySQL.DefenderCloud #2905

wants to merge 3 commits into from

Conversation

BenjaminEngeset
Copy link
Contributor

PR Summary

Fixes #2904

Updated Azure.MySQL.DefenderCloud to also support the flexible deployment model.

PR Checklist

  • PR has a meaningful title
  • Summarized changes
  • Change is not breaking
  • This PR is ready to merge and is not Work in Progress
  • Rule changes
    • Unit tests created/ updated
    • Rule documentation created/ updated
    • Link to a filed issue
    • Change log has been updated with change under unreleased section
  • Other code changes
    • Unit tests created/ updated
    • Link to a filed issue
    • Change log has been updated with change under unreleased section

@BenjaminEngeset BenjaminEngeset requested a review from a team as a code owner June 1, 2024 16:18
@BenjaminEngeset
Copy link
Contributor Author

Hi @BernieWhite. Check out, I've used quite some time to figure out how this works as the resource is read-only for us.

it is configured only via the portal for the resource within the resource blade (resource-level enablement) or via enabling the Defender servers plan (with the open-source relational databases resource type enabled) for the subscription where the flexible server is located at (subscription-level enablement).

Since this is the behavior, it will only run against exported data for the flexible servers.

Export-AzRuleData does not currently support exporting out the Microsoft.DBforMySQL/flexibleServers/advancedThreatProtectionSettings resource so we have to add support for that, I have tested it out.

@BernieWhite
Copy link
Collaborator

Hi @BernieWhite. Check out, I've used quite some time to figure out how this works as the resource is read-only for us.

it is configured only via the portal for the resource within the resource blade (resource-level enablement) or via enabling the Defender servers plan (with the open-source relational databases resource type enabled) for the subscription where the flexible server is located at (subscription-level enablement).

Since this is the behavior, it will only run against exported data for the flexible servers.

Export-AzRuleData does not currently support exporting out the Microsoft.DBforMySQL/flexibleServers/advancedThreatProtectionSettings resource so we have to add support for that, I have tested it out.

I'm going see if I can investigate this more internally. The REST API includes PUT operations so I don't think the sub-resource is readonly, it may be a documentation error with the spec.

https://learn.microsoft.com/en-us/rest/api/mysql/flexibleserver/advanced-threat-protection-settings/update-put?view=rest-mysql-flexibleserver-2023-12-30&tabs=HTTP

@BenjaminEngeset
Copy link
Contributor Author

Hi @BernieWhite. Check out, I've used quite some time to figure out how this works as the resource is read-only for us.
it is configured only via the portal for the resource within the resource blade (resource-level enablement) or via enabling the Defender servers plan (with the open-source relational databases resource type enabled) for the subscription where the flexible server is located at (subscription-level enablement).
Since this is the behavior, it will only run against exported data for the flexible servers.
Export-AzRuleData does not currently support exporting out the Microsoft.DBforMySQL/flexibleServers/advancedThreatProtectionSettings resource so we have to add support for that, I have tested it out.

I'm going see if I can investigate this more internally. The REST API includes PUT operations so I don't think the sub-resource is readonly, it may be a documentation error with the spec.

https://learn.microsoft.com/en-us/rest/api/mysql/flexibleserver/advanced-threat-protection-settings/update-put?view=rest-mysql-flexibleserver-2023-12-30&tabs=HTTP

Doesn't look very readonly to me.

The thing is that the Bicep linter yields that it can be only used with the existing keyword.

Let me know what you are able to find out and we'll adjust accordingly.

Resource type "Microsoft.DBforMySQL/flexibleServers/advancedThreatProtectionSettings@2023-10-01-preview" can only be used with the 'existing' keyword.bicep(BCP245)

@BernieWhite
Copy link
Collaborator

@BenjaminEngeset I've asked the question internally, let's park it for now. Should have a clear path in the next day or two.

@BernieWhite
Copy link
Collaborator

@BenjaminEngeset there is still some ongoing discussions on this one, hope to have an update soon.

@BenjaminEngeset
Copy link
Contributor Author

What is the current status here @BernieWhite? Still awaiting feedback?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[RULE] Add support for Defender for Cloud for Azure Database for MySQL for the flexible deployment model
2 participants
@BenjaminEngeset @BernieWhite