in src/azure-cli/azure/cli/command_modules/security/aaz/latest/security/security_connector/_update.py [0:0]
def _build_arguments_schema(cls, *args, **kwargs):
if cls._args_schema is not None:
return cls._args_schema
cls._args_schema = super()._build_arguments_schema(*args, **kwargs)
# define Arg Group ""
_args_schema = cls._args_schema
_args_schema.resource_group = AAZResourceGroupNameArg(
required=True,
)
_args_schema.security_connector_name = AAZStrArg(
options=["-n", "--name", "--security-connector-name"],
help="The security connector name.",
required=True,
id_part="name",
)
# define Arg Group "Properties"
_args_schema = cls._args_schema
_args_schema.environment_data = AAZObjectArg(
options=["--environment-data"],
arg_group="Properties",
help="The security connector environment data.",
nullable=True,
)
_args_schema.environment_name = AAZStrArg(
options=["--environment-name"],
arg_group="Properties",
help="The multi cloud resource's cloud name.",
nullable=True,
enum={"AWS": "AWS", "Azure": "Azure", "AzureDevOps": "AzureDevOps", "GCP": "GCP", "GitLab": "GitLab", "Github": "Github"},
)
_args_schema.offerings = AAZListArg(
options=["--offerings"],
arg_group="Properties",
help="A collection of offerings for the security connector.",
nullable=True,
)
environment_data = cls._args_schema.environment_data
environment_data.aws_account = AAZObjectArg(
options=["aws-account"],
help="AWS Account",
)
environment_data.azuredevops_scope = AAZObjectArg(
options=["azuredevops-scope"],
help="AzureDevOps Scope",
blank={},
)
environment_data.gcp_project = AAZObjectArg(
options=["gcp-project"],
help="GCP Project",
)
environment_data.github_scope = AAZObjectArg(
options=["github-scope"],
help="GitHub Scope",
blank={},
)
environment_data.gitlab_scope = AAZObjectArg(
options=["gitlab-scope"],
help="GitLab Scope",
blank={},
)
aws_account = cls._args_schema.environment_data.aws_account
aws_account.organizational_data = AAZObjectArg(
options=["organizational-data"],
help="The AWS account's organizational data",
nullable=True,
)
aws_account.regions = AAZListArg(
options=["regions"],
help="list of regions to scan",
nullable=True,
)
aws_account.scan_interval = AAZIntArg(
options=["scan-interval"],
help="Scan interval in hours (value should be between 1-hour to 24-hours)",
nullable=True,
)
organizational_data = cls._args_schema.environment_data.aws_account.organizational_data
organizational_data.member = AAZObjectArg(
options=["member"],
)
organizational_data.organization = AAZObjectArg(
options=["organization"],
)
member = cls._args_schema.environment_data.aws_account.organizational_data.member
member.parent_hierarchy_id = AAZStrArg(
options=["parent-hierarchy-id"],
help="If the multi cloud account is not of membership type organization, this will be the ID of the account's parent",
nullable=True,
)
organization = cls._args_schema.environment_data.aws_account.organizational_data.organization
organization.excluded_account_ids = AAZListArg(
options=["excluded-account-ids"],
help="If the multi cloud account is of membership type organization, list of accounts excluded from offering",
nullable=True,
)
organization.stackset_name = AAZStrArg(
options=["stackset-name"],
help="If the multi cloud account is of membership type organization, this will be the name of the onboarding stackset",
nullable=True,
)
excluded_account_ids = cls._args_schema.environment_data.aws_account.organizational_data.organization.excluded_account_ids
excluded_account_ids.Element = AAZStrArg(
nullable=True,
)
regions = cls._args_schema.environment_data.aws_account.regions
regions.Element = AAZStrArg(
nullable=True,
)
gcp_project = cls._args_schema.environment_data.gcp_project
gcp_project.organizational_data = AAZObjectArg(
options=["organizational-data"],
help="The Gcp project's organizational data",
nullable=True,
)
gcp_project.project_details = AAZObjectArg(
options=["project-details"],
help="The Gcp project's details",
nullable=True,
)
gcp_project.scan_interval = AAZIntArg(
options=["scan-interval"],
help="Scan interval in hours (value should be between 1-hour to 24-hours)",
nullable=True,
)
organizational_data = cls._args_schema.environment_data.gcp_project.organizational_data
organizational_data.member = AAZObjectArg(
options=["member"],
)
organizational_data.organization = AAZObjectArg(
options=["organization"],
)
member = cls._args_schema.environment_data.gcp_project.organizational_data.member
member.management_project_number = AAZStrArg(
options=["management-project-number"],
help="The GCP management project number from organizational onboarding",
nullable=True,
)
member.parent_hierarchy_id = AAZStrArg(
options=["parent-hierarchy-id"],
help="If the multi cloud account is not of membership type organization, this will be the ID of the project's parent",
nullable=True,
)
organization = cls._args_schema.environment_data.gcp_project.organizational_data.organization
organization.excluded_project_numbers = AAZListArg(
options=["excluded-project-numbers"],
help="If the multi cloud account is of membership type organization, list of accounts excluded from offering",
nullable=True,
)
organization.service_account_email_address = AAZStrArg(
options=["service-account-email-address"],
help="The service account email address which represents the organization level permissions container.",
nullable=True,
)
organization.workload_identity_provider_id = AAZStrArg(
options=["workload-identity-provider-id"],
help="The GCP workload identity provider id which represents the permissions required to auto provision security connectors",
nullable=True,
)
excluded_project_numbers = cls._args_schema.environment_data.gcp_project.organizational_data.organization.excluded_project_numbers
excluded_project_numbers.Element = AAZStrArg(
nullable=True,
)
project_details = cls._args_schema.environment_data.gcp_project.project_details
project_details.project_id = AAZStrArg(
options=["project-id"],
help="The GCP Project id",
nullable=True,
)
project_details.project_number = AAZStrArg(
options=["project-number"],
help="The unique GCP Project number",
nullable=True,
)
offerings = cls._args_schema.offerings
offerings.Element = AAZObjectArg(
nullable=True,
)
_element = cls._args_schema.offerings.Element
_element.cspm_monitor_aws = AAZObjectArg(
options=["cspm-monitor-aws"],
help="CspmMonitorAWS Offering",
)
_element.cspm_monitor_azuredevops = AAZObjectArg(
options=["cspm-monitor-azuredevops"],
help="CspmMonitorAzureDevOps Offering",
blank={},
)
_element.cspm_monitor_gcp = AAZObjectArg(
options=["cspm-monitor-gcp"],
help="CspmMonitorGCP Offering",
)
_element.cspm_monitor_gitlab = AAZObjectArg(
options=["cspm-monitor-gitlab"],
help="CspmMonitorGitLab Offering",
blank={},
)
_element.cspm_monitor_github = AAZObjectArg(
options=["cspm-monitor-github"],
help="CspmMonitorGitHub Offering",
blank={},
)
_element.defender_cspm_aws = AAZObjectArg(
options=["defender-cspm-aws"],
help="DefenderCspmAWS Offering",
)
_element.defender_cspm_gcp = AAZObjectArg(
options=["defender-cspm-gcp"],
help="DefenderCspmGCP Offering",
)
_element.defender_for_containers_aws = AAZObjectArg(
options=["defender-for-containers-aws"],
)
_element.defender_for_containers_gcp = AAZObjectArg(
options=["defender-for-containers-gcp"],
)
_element.defender_for_databases_aws = AAZObjectArg(
options=["defender-for-databases-aws"],
)
_element.defender_for_databases_gcp = AAZObjectArg(
options=["defender-for-databases-gcp"],
)
_element.defender_for_servers_aws = AAZObjectArg(
options=["defender-for-servers-aws"],
)
_element.defender_for_servers_gcp = AAZObjectArg(
options=["defender-for-servers-gcp"],
)
_element.information_protection_aws = AAZObjectArg(
options=["information-protection-aws"],
)
cspm_monitor_aws = cls._args_schema.offerings.Element.cspm_monitor_aws
cspm_monitor_aws.native_cloud_connection = AAZObjectArg(
options=["native-cloud-connection"],
help="The native cloud connection configuration",
nullable=True,
)
native_cloud_connection = cls._args_schema.offerings.Element.cspm_monitor_aws.native_cloud_connection
native_cloud_connection.cloud_role_arn = AAZStrArg(
options=["cloud-role-arn"],
help="The cloud role ARN in AWS for this feature",
nullable=True,
)
cspm_monitor_gcp = cls._args_schema.offerings.Element.cspm_monitor_gcp
cspm_monitor_gcp.native_cloud_connection = AAZObjectArg(
options=["native-cloud-connection"],
help="The native cloud connection configuration",
nullable=True,
)
native_cloud_connection = cls._args_schema.offerings.Element.cspm_monitor_gcp.native_cloud_connection
native_cloud_connection.service_account_email_address = AAZStrArg(
options=["service-account-email-address"],
help="The service account email address in GCP for this offering",
nullable=True,
)
native_cloud_connection.workload_identity_provider_id = AAZStrArg(
options=["workload-identity-provider-id"],
help="The GCP workload identity provider id for the offering",
nullable=True,
)
defender_cspm_aws = cls._args_schema.offerings.Element.defender_cspm_aws
defender_cspm_aws.ciem = AAZObjectArg(
options=["ciem"],
help="Defenders CSPM Cloud infrastructure entitlement management (CIEM) offering configurations",
nullable=True,
)
defender_cspm_aws.data_sensitivity_discovery = AAZObjectArg(
options=["data-sensitivity-discovery"],
help="The Microsoft Defender Data Sensitivity discovery configuration",
nullable=True,
)
defender_cspm_aws.databases_dspm = AAZObjectArg(
options=["databases-dspm"],
help="The databases DSPM configuration",
nullable=True,
)
defender_cspm_aws.mdc_containers_agentless_discovery_k8s = AAZObjectArg(
options=["mdc-containers-agentless-discovery-k8s"],
help="The Microsoft Defender container agentless discovery K8s configuration",
nullable=True,
)
defender_cspm_aws.mdc_containers_image_assessment = AAZObjectArg(
options=["mdc-containers-image-assessment"],
help="The Microsoft Defender container image assessment configuration",
nullable=True,
)
defender_cspm_aws.vm_scanners = AAZObjectArg(
options=["vm-scanners"],
help="The Microsoft Defender for Server VM scanning configuration",
nullable=True,
)
ciem = cls._args_schema.offerings.Element.defender_cspm_aws.ciem
ciem.ciem_discovery = AAZObjectArg(
options=["ciem-discovery"],
help="Defender CSPM CIEM discovery configuration",
nullable=True,
)
ciem.ciem_oidc = AAZObjectArg(
options=["ciem-oidc"],
help="Defender CSPM CIEM AWS OIDC (open id connect) configuration",
nullable=True,
)
ciem_discovery = cls._args_schema.offerings.Element.defender_cspm_aws.ciem.ciem_discovery
ciem_discovery.cloud_role_arn = AAZStrArg(
options=["cloud-role-arn"],
help="The cloud role ARN in AWS for CIEM discovery",
nullable=True,
)
ciem_oidc = cls._args_schema.offerings.Element.defender_cspm_aws.ciem.ciem_oidc
ciem_oidc.azure_active_directory_app_name = AAZStrArg(
options=["azure-active-directory-app-name"],
help="the azure active directory app name used of authenticating against AWS",
nullable=True,
)
ciem_oidc.cloud_role_arn = AAZStrArg(
options=["cloud-role-arn"],
help="The cloud role ARN in AWS for CIEM oidc connection",
nullable=True,
)
data_sensitivity_discovery = cls._args_schema.offerings.Element.defender_cspm_aws.data_sensitivity_discovery
data_sensitivity_discovery.cloud_role_arn = AAZStrArg(
options=["cloud-role-arn"],
help="The cloud role ARN in AWS for this feature",
nullable=True,
)
data_sensitivity_discovery.enabled = AAZBoolArg(
options=["enabled"],
help="Is Microsoft Defender Data Sensitivity discovery enabled",
nullable=True,
)
databases_dspm = cls._args_schema.offerings.Element.defender_cspm_aws.databases_dspm
databases_dspm.cloud_role_arn = AAZStrArg(
options=["cloud-role-arn"],
help="The cloud role ARN in AWS for this feature",
nullable=True,
)
databases_dspm.enabled = AAZBoolArg(
options=["enabled"],
help="Is databases DSPM protection enabled",
nullable=True,
)
mdc_containers_agentless_discovery_k8s = cls._args_schema.offerings.Element.defender_cspm_aws.mdc_containers_agentless_discovery_k8s
mdc_containers_agentless_discovery_k8s.cloud_role_arn = AAZStrArg(
options=["cloud-role-arn"],
help="The cloud role ARN in AWS for this feature",
nullable=True,
)
mdc_containers_agentless_discovery_k8s.enabled = AAZBoolArg(
options=["enabled"],
help="Is Microsoft Defender container agentless discovery K8s enabled",
nullable=True,
)
mdc_containers_image_assessment = cls._args_schema.offerings.Element.defender_cspm_aws.mdc_containers_image_assessment
mdc_containers_image_assessment.cloud_role_arn = AAZStrArg(
options=["cloud-role-arn"],
help="The cloud role ARN in AWS for this feature",
nullable=True,
)
mdc_containers_image_assessment.enabled = AAZBoolArg(
options=["enabled"],
help="Is Microsoft Defender container image assessment enabled",
nullable=True,
)
vm_scanners = cls._args_schema.offerings.Element.defender_cspm_aws.vm_scanners
vm_scanners.configuration = AAZObjectArg(
options=["configuration"],
help="configuration for Microsoft Defender for Server VM scanning",
nullable=True,
)
vm_scanners.enabled = AAZBoolArg(
options=["enabled"],
help="Is Microsoft Defender for Server VM scanning enabled",
nullable=True,
)
configuration = cls._args_schema.offerings.Element.defender_cspm_aws.vm_scanners.configuration
configuration.cloud_role_arn = AAZStrArg(
options=["cloud-role-arn"],
help="The cloud role ARN in AWS for this feature",
nullable=True,
)
configuration.exclusion_tags = AAZDictArg(
options=["exclusion-tags"],
help="VM tags that indicates that VM should not be scanned",
nullable=True,
)
configuration.scanning_mode = AAZStrArg(
options=["scanning-mode"],
help="The scanning mode for the VM scan.",
nullable=True,
enum={"Default": "Default"},
)
exclusion_tags = cls._args_schema.offerings.Element.defender_cspm_aws.vm_scanners.configuration.exclusion_tags
exclusion_tags.Element = AAZStrArg(
nullable=True,
)
defender_cspm_gcp = cls._args_schema.offerings.Element.defender_cspm_gcp
defender_cspm_gcp.ciem_discovery = AAZObjectArg(
options=["ciem-discovery"],
help="GCP Defenders CSPM Cloud infrastructure entitlement management (CIEM) discovery offering configurations",
nullable=True,
)
defender_cspm_gcp.data_sensitivity_discovery = AAZObjectArg(
options=["data-sensitivity-discovery"],
help="The Microsoft Defender Data Sensitivity discovery configuration",
nullable=True,
)
defender_cspm_gcp.mdc_containers_agentless_discovery_k8s = AAZObjectArg(
options=["mdc-containers-agentless-discovery-k8s"],
help="The Microsoft Defender Container agentless discovery configuration",
nullable=True,
)
defender_cspm_gcp.mdc_containers_image_assessment = AAZObjectArg(
options=["mdc-containers-image-assessment"],
help="The Microsoft Defender Container image assessment configuration",
nullable=True,
)
defender_cspm_gcp.vm_scanners = AAZObjectArg(
options=["vm-scanners"],
help="The Microsoft Defender for Server VM scanning configuration",
nullable=True,
)
ciem_discovery = cls._args_schema.offerings.Element.defender_cspm_gcp.ciem_discovery
ciem_discovery.azure_active_directory_app_name = AAZStrArg(
options=["azure-active-directory-app-name"],
help="the azure active directory app name used of authenticating against GCP workload identity federation",
nullable=True,
)
ciem_discovery.service_account_email_address = AAZStrArg(
options=["service-account-email-address"],
help="The service account email address in GCP for CIEM discovery offering",
nullable=True,
)
ciem_discovery.workload_identity_provider_id = AAZStrArg(
options=["workload-identity-provider-id"],
help="The GCP workload identity provider id for CIEM discovery offering",
nullable=True,
)
data_sensitivity_discovery = cls._args_schema.offerings.Element.defender_cspm_gcp.data_sensitivity_discovery
data_sensitivity_discovery.enabled = AAZBoolArg(
options=["enabled"],
help="Is Microsoft Defender Data Sensitivity discovery enabled",
nullable=True,
)
data_sensitivity_discovery.service_account_email_address = AAZStrArg(
options=["service-account-email-address"],
help="The service account email address in GCP for this feature",
nullable=True,
)
data_sensitivity_discovery.workload_identity_provider_id = AAZStrArg(
options=["workload-identity-provider-id"],
help="The workload identity provider id in GCP for this feature",
nullable=True,
)
mdc_containers_agentless_discovery_k8s = cls._args_schema.offerings.Element.defender_cspm_gcp.mdc_containers_agentless_discovery_k8s
mdc_containers_agentless_discovery_k8s.enabled = AAZBoolArg(
options=["enabled"],
help="Is Microsoft Defender container agentless discovery enabled",
nullable=True,
)
mdc_containers_agentless_discovery_k8s.service_account_email_address = AAZStrArg(
options=["service-account-email-address"],
help="The service account email address in GCP for this feature",
nullable=True,
)
mdc_containers_agentless_discovery_k8s.workload_identity_provider_id = AAZStrArg(
options=["workload-identity-provider-id"],
help="The workload identity provider id in GCP for this feature",
nullable=True,
)
mdc_containers_image_assessment = cls._args_schema.offerings.Element.defender_cspm_gcp.mdc_containers_image_assessment
mdc_containers_image_assessment.enabled = AAZBoolArg(
options=["enabled"],
help="Is Microsoft Defender container image assessment enabled",
nullable=True,
)
mdc_containers_image_assessment.service_account_email_address = AAZStrArg(
options=["service-account-email-address"],
help="The service account email address in GCP for this feature",
nullable=True,
)
mdc_containers_image_assessment.workload_identity_provider_id = AAZStrArg(
options=["workload-identity-provider-id"],
help="The workload identity provider id in GCP for this feature",
nullable=True,
)
vm_scanners = cls._args_schema.offerings.Element.defender_cspm_gcp.vm_scanners
vm_scanners.configuration = AAZObjectArg(
options=["configuration"],
help="configuration for Microsoft Defender for Server VM scanning",
nullable=True,
)
vm_scanners.enabled = AAZBoolArg(
options=["enabled"],
help="Is Microsoft Defender for Server VM scanning enabled",
nullable=True,
)
configuration = cls._args_schema.offerings.Element.defender_cspm_gcp.vm_scanners.configuration
configuration.exclusion_tags = AAZDictArg(
options=["exclusion-tags"],
help="VM tags that indicates that VM should not be scanned",
nullable=True,
)
configuration.scanning_mode = AAZStrArg(
options=["scanning-mode"],
help="The scanning mode for the VM scan.",
nullable=True,
enum={"Default": "Default"},
)
exclusion_tags = cls._args_schema.offerings.Element.defender_cspm_gcp.vm_scanners.configuration.exclusion_tags
exclusion_tags.Element = AAZStrArg(
nullable=True,
)
defender_for_containers_aws = cls._args_schema.offerings.Element.defender_for_containers_aws
defender_for_containers_aws.auto_provisioning = AAZBoolArg(
options=["auto-provisioning"],
help="Is audit logs pipeline auto provisioning enabled",
nullable=True,
)
defender_for_containers_aws.cloud_watch_to_kinesis = AAZObjectArg(
options=["cloud-watch-to-kinesis"],
help="The cloudwatch to kinesis connection configuration",
nullable=True,
)
defender_for_containers_aws.container_vulnerability_assessment = AAZObjectArg(
options=["container-vulnerability-assessment"],
help="The container vulnerability assessment configuration",
nullable=True,
)
defender_for_containers_aws.container_vulnerability_assessment_task = AAZObjectArg(
options=["container-vulnerability-assessment-task"],
help="The container vulnerability assessment task configuration",
nullable=True,
)
defender_for_containers_aws.enable_container_vulnerability_assessment = AAZBoolArg(
options=["enable-container-vulnerability-assessment"],
help="Enable container vulnerability assessment feature",
nullable=True,
)
defender_for_containers_aws.kinesis_to_s3 = AAZObjectArg(
options=["kinesis-to-s3"],
help="The kinesis to s3 connection configuration",
nullable=True,
)
defender_for_containers_aws.kube_audit_retention_time = AAZIntArg(
options=["kube-audit-retention-time"],
help="The retention time in days of kube audit logs set on the CloudWatch log group",
nullable=True,
)
defender_for_containers_aws.kubernetes_scuba_reader = AAZObjectArg(
options=["kubernetes-scuba-reader"],
help="The kubernetes to scuba connection configuration",
nullable=True,
)
defender_for_containers_aws.kubernetes_service = AAZObjectArg(
options=["kubernetes-service"],
help="The kubernetes service connection configuration",
nullable=True,
)
defender_for_containers_aws.mdc_containers_agentless_discovery_k8s = AAZObjectArg(
options=["mdc-containers-agentless-discovery-k8s"],
help="The Microsoft Defender container agentless discovery K8s configuration",
nullable=True,
)
defender_for_containers_aws.mdc_containers_image_assessment = AAZObjectArg(
options=["mdc-containers-image-assessment"],
help="The Microsoft Defender container image assessment configuration",
nullable=True,
)
defender_for_containers_aws.scuba_external_id = AAZStrArg(
options=["scuba-external-id"],
help="The externalId used by the data reader to prevent the confused deputy attack",
nullable=True,
)
cloud_watch_to_kinesis = cls._args_schema.offerings.Element.defender_for_containers_aws.cloud_watch_to_kinesis
cloud_watch_to_kinesis.cloud_role_arn = AAZStrArg(
options=["cloud-role-arn"],
help="The cloud role ARN in AWS used by CloudWatch to transfer data into Kinesis",
nullable=True,
)
container_vulnerability_assessment = cls._args_schema.offerings.Element.defender_for_containers_aws.container_vulnerability_assessment
container_vulnerability_assessment.cloud_role_arn = AAZStrArg(
options=["cloud-role-arn"],
help="The cloud role ARN in AWS for this feature",
nullable=True,
)
container_vulnerability_assessment_task = cls._args_schema.offerings.Element.defender_for_containers_aws.container_vulnerability_assessment_task
container_vulnerability_assessment_task.cloud_role_arn = AAZStrArg(
options=["cloud-role-arn"],
help="The cloud role ARN in AWS for this feature",
nullable=True,
)
kinesis_to_s3 = cls._args_schema.offerings.Element.defender_for_containers_aws.kinesis_to_s3
kinesis_to_s3.cloud_role_arn = AAZStrArg(
options=["cloud-role-arn"],
help="The cloud role ARN in AWS used by Kinesis to transfer data into S3",
nullable=True,
)
kubernetes_scuba_reader = cls._args_schema.offerings.Element.defender_for_containers_aws.kubernetes_scuba_reader
kubernetes_scuba_reader.cloud_role_arn = AAZStrArg(
options=["cloud-role-arn"],
help="The cloud role ARN in AWS for this feature used for reading data",
nullable=True,
)
kubernetes_service = cls._args_schema.offerings.Element.defender_for_containers_aws.kubernetes_service
kubernetes_service.cloud_role_arn = AAZStrArg(
options=["cloud-role-arn"],
help="The cloud role ARN in AWS for this feature used for provisioning resources",
nullable=True,
)
mdc_containers_agentless_discovery_k8s = cls._args_schema.offerings.Element.defender_for_containers_aws.mdc_containers_agentless_discovery_k8s
mdc_containers_agentless_discovery_k8s.cloud_role_arn = AAZStrArg(
options=["cloud-role-arn"],
help="The cloud role ARN in AWS for this feature",
nullable=True,
)
mdc_containers_agentless_discovery_k8s.enabled = AAZBoolArg(
options=["enabled"],
help="Is Microsoft Defender container agentless discovery K8s enabled",
nullable=True,
)
mdc_containers_image_assessment = cls._args_schema.offerings.Element.defender_for_containers_aws.mdc_containers_image_assessment
mdc_containers_image_assessment.cloud_role_arn = AAZStrArg(
options=["cloud-role-arn"],
help="The cloud role ARN in AWS for this feature",
nullable=True,
)
mdc_containers_image_assessment.enabled = AAZBoolArg(
options=["enabled"],
help="Is Microsoft Defender container image assessment enabled",
nullable=True,
)
defender_for_containers_gcp = cls._args_schema.offerings.Element.defender_for_containers_gcp
defender_for_containers_gcp.audit_logs_auto_provisioning_flag = AAZBoolArg(
options=["audit-logs-auto-provisioning-flag"],
help="Is audit logs data collection enabled",
nullable=True,
)
defender_for_containers_gcp.data_pipeline_native_cloud_connection = AAZObjectArg(
options=["data-pipeline-native-cloud-connection"],
help="The native cloud connection configuration",
nullable=True,
)
defender_for_containers_gcp.defender_agent_auto_provisioning_flag = AAZBoolArg(
options=["defender-agent-auto-provisioning-flag"],
help="Is Microsoft Defender for Cloud Kubernetes agent auto provisioning enabled",
nullable=True,
)
defender_for_containers_gcp.mdc_containers_agentless_discovery_k8s = AAZObjectArg(
options=["mdc-containers-agentless-discovery-k8s"],
help="The Microsoft Defender Container agentless discovery configuration",
nullable=True,
)
defender_for_containers_gcp.mdc_containers_image_assessment = AAZObjectArg(
options=["mdc-containers-image-assessment"],
help="The Microsoft Defender Container image assessment configuration",
nullable=True,
)
defender_for_containers_gcp.native_cloud_connection = AAZObjectArg(
options=["native-cloud-connection"],
help="The native cloud connection configuration",
nullable=True,
)
defender_for_containers_gcp.policy_agent_auto_provisioning_flag = AAZBoolArg(
options=["policy-agent-auto-provisioning-flag"],
help="Is Policy Kubernetes agent auto provisioning enabled",
nullable=True,
)
data_pipeline_native_cloud_connection = cls._args_schema.offerings.Element.defender_for_containers_gcp.data_pipeline_native_cloud_connection
data_pipeline_native_cloud_connection.service_account_email_address = AAZStrArg(
options=["service-account-email-address"],
help="The data collection service account email address in GCP for this offering",
nullable=True,
)
data_pipeline_native_cloud_connection.workload_identity_provider_id = AAZStrArg(
options=["workload-identity-provider-id"],
help="The data collection GCP workload identity provider id for this offering",
nullable=True,
)
mdc_containers_agentless_discovery_k8s = cls._args_schema.offerings.Element.defender_for_containers_gcp.mdc_containers_agentless_discovery_k8s
mdc_containers_agentless_discovery_k8s.enabled = AAZBoolArg(
options=["enabled"],
help="Is Microsoft Defender container agentless discovery enabled",
nullable=True,
)
mdc_containers_agentless_discovery_k8s.service_account_email_address = AAZStrArg(
options=["service-account-email-address"],
help="The service account email address in GCP for this feature",
nullable=True,
)
mdc_containers_agentless_discovery_k8s.workload_identity_provider_id = AAZStrArg(
options=["workload-identity-provider-id"],
help="The workload identity provider id in GCP for this feature",
nullable=True,
)
mdc_containers_image_assessment = cls._args_schema.offerings.Element.defender_for_containers_gcp.mdc_containers_image_assessment
mdc_containers_image_assessment.enabled = AAZBoolArg(
options=["enabled"],
help="Is Microsoft Defender container image assessment enabled",
nullable=True,
)
mdc_containers_image_assessment.service_account_email_address = AAZStrArg(
options=["service-account-email-address"],
help="The service account email address in GCP for this feature",
nullable=True,
)
mdc_containers_image_assessment.workload_identity_provider_id = AAZStrArg(
options=["workload-identity-provider-id"],
help="The workload identity provider id in GCP for this feature",
nullable=True,
)
native_cloud_connection = cls._args_schema.offerings.Element.defender_for_containers_gcp.native_cloud_connection
native_cloud_connection.service_account_email_address = AAZStrArg(
options=["service-account-email-address"],
help="The service account email address in GCP for this offering",
nullable=True,
)
native_cloud_connection.workload_identity_provider_id = AAZStrArg(
options=["workload-identity-provider-id"],
help="The GCP workload identity provider id for this offering",
nullable=True,
)
defender_for_databases_aws = cls._args_schema.offerings.Element.defender_for_databases_aws
defender_for_databases_aws.arc_auto_provisioning = AAZObjectArg(
options=["arc-auto-provisioning"],
help="The ARC autoprovisioning configuration",
nullable=True,
)
defender_for_databases_aws.databases_dspm = AAZObjectArg(
options=["databases-dspm"],
help="The databases data security posture management (DSPM) configuration",
nullable=True,
)
defender_for_databases_aws.rds = AAZObjectArg(
options=["rds"],
help="The RDS configuration",
nullable=True,
)
arc_auto_provisioning = cls._args_schema.offerings.Element.defender_for_databases_aws.arc_auto_provisioning
arc_auto_provisioning.cloud_role_arn = AAZStrArg(
options=["cloud-role-arn"],
help="The cloud role ARN in AWS for this feature",
nullable=True,
)
arc_auto_provisioning.configuration = AAZObjectArg(
options=["configuration"],
help="Configuration for servers Arc auto provisioning",
nullable=True,
)
arc_auto_provisioning.enabled = AAZBoolArg(
options=["enabled"],
help="Is arc auto provisioning enabled",
nullable=True,
)
configuration = cls._args_schema.offerings.Element.defender_for_databases_aws.arc_auto_provisioning.configuration
configuration.private_link_scope = AAZStrArg(
options=["private-link-scope"],
help="Optional Arc private link scope resource id to link the Arc agent",
nullable=True,
)
configuration.proxy = AAZStrArg(
options=["proxy"],
help="Optional http proxy endpoint to use for the Arc agent",
nullable=True,
)
databases_dspm = cls._args_schema.offerings.Element.defender_for_databases_aws.databases_dspm
databases_dspm.cloud_role_arn = AAZStrArg(
options=["cloud-role-arn"],
help="The cloud role ARN in AWS for this feature",
nullable=True,
)
databases_dspm.enabled = AAZBoolArg(
options=["enabled"],
help="Is databases data security posture management (DSPM) protection enabled",
nullable=True,
)
rds = cls._args_schema.offerings.Element.defender_for_databases_aws.rds
rds.cloud_role_arn = AAZStrArg(
options=["cloud-role-arn"],
help="The cloud role ARN in AWS for this feature",
nullable=True,
)
rds.enabled = AAZBoolArg(
options=["enabled"],
help="Is RDS protection enabled",
nullable=True,
)
defender_for_databases_gcp = cls._args_schema.offerings.Element.defender_for_databases_gcp
defender_for_databases_gcp.arc_auto_provisioning = AAZObjectArg(
options=["arc-auto-provisioning"],
help="The ARC autoprovisioning configuration",
nullable=True,
)
defender_for_databases_gcp.defender_for_databases_arc_auto_provisioning = AAZObjectArg(
options=["defender-for-databases-arc-auto-provisioning"],
help="The native cloud connection configuration",
nullable=True,
)
arc_auto_provisioning = cls._args_schema.offerings.Element.defender_for_databases_gcp.arc_auto_provisioning
arc_auto_provisioning.configuration = AAZObjectArg(
options=["configuration"],
help="Configuration for servers Arc auto provisioning",
nullable=True,
)
arc_auto_provisioning.enabled = AAZBoolArg(
options=["enabled"],
help="Is arc auto provisioning enabled",
nullable=True,
)
configuration = cls._args_schema.offerings.Element.defender_for_databases_gcp.arc_auto_provisioning.configuration
configuration.private_link_scope = AAZStrArg(
options=["private-link-scope"],
help="Optional Arc private link scope resource id to link the Arc agent",
nullable=True,
)
configuration.proxy = AAZStrArg(
options=["proxy"],
help="Optional http proxy endpoint to use for the Arc agent",
nullable=True,
)
defender_for_databases_arc_auto_provisioning = cls._args_schema.offerings.Element.defender_for_databases_gcp.defender_for_databases_arc_auto_provisioning
defender_for_databases_arc_auto_provisioning.service_account_email_address = AAZStrArg(
options=["service-account-email-address"],
help="The service account email address in GCP for this offering",
nullable=True,
)
defender_for_databases_arc_auto_provisioning.workload_identity_provider_id = AAZStrArg(
options=["workload-identity-provider-id"],
help="The GCP workload identity provider id for this offering",
nullable=True,
)
defender_for_servers_aws = cls._args_schema.offerings.Element.defender_for_servers_aws
defender_for_servers_aws.arc_auto_provisioning = AAZObjectArg(
options=["arc-auto-provisioning"],
help="The ARC autoprovisioning configuration",
nullable=True,
)
defender_for_servers_aws.defender_for_servers = AAZObjectArg(
options=["defender-for-servers"],
help="The Defender for servers connection configuration",
nullable=True,
)
defender_for_servers_aws.mde_auto_provisioning = AAZObjectArg(
options=["mde-auto-provisioning"],
help="The Microsoft Defender for Endpoint autoprovisioning configuration",
nullable=True,
)
defender_for_servers_aws.sub_plan = AAZObjectArg(
options=["sub-plan"],
help="configuration for the servers offering subPlan",
nullable=True,
)
defender_for_servers_aws.va_auto_provisioning = AAZObjectArg(
options=["va-auto-provisioning"],
help="The Vulnerability Assessment autoprovisioning configuration",
nullable=True,
)
defender_for_servers_aws.vm_scanners = AAZObjectArg(
options=["vm-scanners"],
help="The Microsoft Defender for Server VM scanning configuration",
nullable=True,
)
arc_auto_provisioning = cls._args_schema.offerings.Element.defender_for_servers_aws.arc_auto_provisioning
arc_auto_provisioning.cloud_role_arn = AAZStrArg(
options=["cloud-role-arn"],
help="The cloud role ARN in AWS for this feature",
nullable=True,
)
arc_auto_provisioning.configuration = AAZObjectArg(
options=["configuration"],
help="Configuration for servers Arc auto provisioning",
nullable=True,
)
arc_auto_provisioning.enabled = AAZBoolArg(
options=["enabled"],
help="Is arc auto provisioning enabled",
nullable=True,
)
configuration = cls._args_schema.offerings.Element.defender_for_servers_aws.arc_auto_provisioning.configuration
configuration.private_link_scope = AAZStrArg(
options=["private-link-scope"],
help="Optional Arc private link scope resource id to link the Arc agent",
nullable=True,
)
configuration.proxy = AAZStrArg(
options=["proxy"],
help="Optional HTTP proxy endpoint to use for the Arc agent",
nullable=True,
)
defender_for_servers = cls._args_schema.offerings.Element.defender_for_servers_aws.defender_for_servers
defender_for_servers.cloud_role_arn = AAZStrArg(
options=["cloud-role-arn"],
help="The cloud role ARN in AWS for this feature",
nullable=True,
)
mde_auto_provisioning = cls._args_schema.offerings.Element.defender_for_servers_aws.mde_auto_provisioning
mde_auto_provisioning.configuration = AAZObjectArg(
options=["configuration"],
help="configuration for Microsoft Defender for Endpoint autoprovisioning",
nullable=True,
blank={},
)
mde_auto_provisioning.enabled = AAZBoolArg(
options=["enabled"],
help="Is Microsoft Defender for Endpoint auto provisioning enabled",
nullable=True,
)
sub_plan = cls._args_schema.offerings.Element.defender_for_servers_aws.sub_plan
sub_plan.type = AAZStrArg(
options=["type"],
help="The available sub plans",
nullable=True,
enum={"P1": "P1", "P2": "P2"},
)
va_auto_provisioning = cls._args_schema.offerings.Element.defender_for_servers_aws.va_auto_provisioning
va_auto_provisioning.configuration = AAZObjectArg(
options=["configuration"],
help="configuration for Vulnerability Assessment autoprovisioning",
nullable=True,
)
va_auto_provisioning.enabled = AAZBoolArg(
options=["enabled"],
help="Is Vulnerability Assessment auto provisioning enabled",
nullable=True,
)
configuration = cls._args_schema.offerings.Element.defender_for_servers_aws.va_auto_provisioning.configuration
configuration.type = AAZStrArg(
options=["type"],
help="The Vulnerability Assessment solution to be provisioned. Can be either 'TVM' or 'Qualys'",
nullable=True,
enum={"Qualys": "Qualys", "TVM": "TVM"},
)
vm_scanners = cls._args_schema.offerings.Element.defender_for_servers_aws.vm_scanners
vm_scanners.configuration = AAZObjectArg(
options=["configuration"],
help="configuration for Microsoft Defender for Server VM scanning",
nullable=True,
)
vm_scanners.enabled = AAZBoolArg(
options=["enabled"],
help="Is Microsoft Defender for Server VM scanning enabled",
nullable=True,
)
configuration = cls._args_schema.offerings.Element.defender_for_servers_aws.vm_scanners.configuration
configuration.cloud_role_arn = AAZStrArg(
options=["cloud-role-arn"],
help="The cloud role ARN in AWS for this feature",
nullable=True,
)
configuration.exclusion_tags = AAZDictArg(
options=["exclusion-tags"],
help="VM tags that indicates that VM should not be scanned",
nullable=True,
)
configuration.scanning_mode = AAZStrArg(
options=["scanning-mode"],
help="The scanning mode for the VM scan.",
nullable=True,
enum={"Default": "Default"},
)
exclusion_tags = cls._args_schema.offerings.Element.defender_for_servers_aws.vm_scanners.configuration.exclusion_tags
exclusion_tags.Element = AAZStrArg(
nullable=True,
)
defender_for_servers_gcp = cls._args_schema.offerings.Element.defender_for_servers_gcp
defender_for_servers_gcp.arc_auto_provisioning = AAZObjectArg(
options=["arc-auto-provisioning"],
help="The ARC autoprovisioning configuration",
nullable=True,
)
defender_for_servers_gcp.defender_for_servers = AAZObjectArg(
options=["defender-for-servers"],
help="The Defender for servers connection configuration",
nullable=True,
)
defender_for_servers_gcp.mde_auto_provisioning = AAZObjectArg(
options=["mde-auto-provisioning"],
help="The Microsoft Defender for Endpoint autoprovisioning configuration",
nullable=True,
)
defender_for_servers_gcp.sub_plan = AAZObjectArg(
options=["sub-plan"],
help="configuration for the servers offering subPlan",
nullable=True,
)
defender_for_servers_gcp.va_auto_provisioning = AAZObjectArg(
options=["va-auto-provisioning"],
help="The Vulnerability Assessment autoprovisioning configuration",
nullable=True,
)
defender_for_servers_gcp.vm_scanners = AAZObjectArg(
options=["vm-scanners"],
help="The Microsoft Defender for Server VM scanning configuration",
nullable=True,
)
arc_auto_provisioning = cls._args_schema.offerings.Element.defender_for_servers_gcp.arc_auto_provisioning
arc_auto_provisioning.configuration = AAZObjectArg(
options=["configuration"],
help="Configuration for servers Arc auto provisioning",
nullable=True,
)
arc_auto_provisioning.enabled = AAZBoolArg(
options=["enabled"],
help="Is arc auto provisioning enabled",
nullable=True,
)
configuration = cls._args_schema.offerings.Element.defender_for_servers_gcp.arc_auto_provisioning.configuration
configuration.private_link_scope = AAZStrArg(
options=["private-link-scope"],
help="Optional Arc private link scope resource id to link the Arc agent",
nullable=True,
)
configuration.proxy = AAZStrArg(
options=["proxy"],
help="Optional HTTP proxy endpoint to use for the Arc agent",
nullable=True,
)
defender_for_servers = cls._args_schema.offerings.Element.defender_for_servers_gcp.defender_for_servers
defender_for_servers.service_account_email_address = AAZStrArg(
options=["service-account-email-address"],
help="The service account email address in GCP for this feature",
nullable=True,
)
defender_for_servers.workload_identity_provider_id = AAZStrArg(
options=["workload-identity-provider-id"],
help="The workload identity provider id in GCP for this feature",
nullable=True,
)
mde_auto_provisioning = cls._args_schema.offerings.Element.defender_for_servers_gcp.mde_auto_provisioning
mde_auto_provisioning.configuration = AAZObjectArg(
options=["configuration"],
help="configuration for Microsoft Defender for Endpoint autoprovisioning",
nullable=True,
blank={},
)
mde_auto_provisioning.enabled = AAZBoolArg(
options=["enabled"],
help="Is Microsoft Defender for Endpoint auto provisioning enabled",
nullable=True,
)
sub_plan = cls._args_schema.offerings.Element.defender_for_servers_gcp.sub_plan
sub_plan.type = AAZStrArg(
options=["type"],
help="The available sub plans",
nullable=True,
enum={"P1": "P1", "P2": "P2"},
)
va_auto_provisioning = cls._args_schema.offerings.Element.defender_for_servers_gcp.va_auto_provisioning
va_auto_provisioning.configuration = AAZObjectArg(
options=["configuration"],
help="configuration for Vulnerability Assessment autoprovisioning",
nullable=True,
)
va_auto_provisioning.enabled = AAZBoolArg(
options=["enabled"],
help="Is Vulnerability Assessment auto provisioning enabled",
nullable=True,
)
configuration = cls._args_schema.offerings.Element.defender_for_servers_gcp.va_auto_provisioning.configuration
configuration.type = AAZStrArg(
options=["type"],
help="The Vulnerability Assessment solution to be provisioned. Can be either 'TVM' or 'Qualys'",
nullable=True,
enum={"Qualys": "Qualys", "TVM": "TVM"},
)
vm_scanners = cls._args_schema.offerings.Element.defender_for_servers_gcp.vm_scanners
vm_scanners.configuration = AAZObjectArg(
options=["configuration"],
help="configuration for Microsoft Defender for Server VM scanning",
nullable=True,
)
vm_scanners.enabled = AAZBoolArg(
options=["enabled"],
help="Is Microsoft Defender for Server VM scanning enabled",
nullable=True,
)
configuration = cls._args_schema.offerings.Element.defender_for_servers_gcp.vm_scanners.configuration
configuration.exclusion_tags = AAZDictArg(
options=["exclusion-tags"],
help="VM tags that indicate that VM should not be scanned",
nullable=True,
)
configuration.scanning_mode = AAZStrArg(
options=["scanning-mode"],
help="The scanning mode for the VM scan.",
nullable=True,
enum={"Default": "Default"},
)
exclusion_tags = cls._args_schema.offerings.Element.defender_for_servers_gcp.vm_scanners.configuration.exclusion_tags
exclusion_tags.Element = AAZStrArg(
nullable=True,
)
information_protection_aws = cls._args_schema.offerings.Element.information_protection_aws
information_protection_aws.information_protection = AAZObjectArg(
options=["information-protection"],
help="The native cloud connection configuration",
nullable=True,
)
information_protection = cls._args_schema.offerings.Element.information_protection_aws.information_protection
information_protection.cloud_role_arn = AAZStrArg(
options=["cloud-role-arn"],
help="The cloud role ARN in AWS for this feature",
nullable=True,
)
# define Arg Group "SecurityConnector"
_args_schema = cls._args_schema
_args_schema.location = AAZResourceLocationArg(
arg_group="SecurityConnector",
help="Location where the resource is stored",
nullable=True,
fmt=AAZResourceLocationArgFormat(
resource_group_arg="resource_group",
),
)
_args_schema.tags = AAZDictArg(
options=["--tags"],
arg_group="SecurityConnector",
help="A list of key value pairs that describe the resource.",
nullable=True,
)
tags = cls._args_schema.tags
tags.Element = AAZStrArg(
nullable=True,
)
return cls._args_schema