Skip to content

Add SQL Vulnerability Assessment commands for Microsoft.Security 2026-04-01-preview#1021

Open
GalGoldi72 wants to merge 3 commits into
Azure:mainfrom
GalGoldi72:feature-security
Open

Add SQL Vulnerability Assessment commands for Microsoft.Security 2026-04-01-preview#1021
GalGoldi72 wants to merge 3 commits into
Azure:mainfrom
GalGoldi72:feature-security

Conversation

@GalGoldi72

@GalGoldi72 GalGoldi72 commented Jun 2, 2026

Copy link
Copy Markdown

Summary

Adds atomic az security va sql commands for Microsoft.Security at API version 2026-04-01-preview.

Companion to the TypeSpec PR Azure/azure-rest-api-specs#41888 (already merged).

Commands added

Group Commands
security va sql create, delete, show, update (SQL VA settings)
security va sql baseline add, create, delete, list, show, update
security va sql results list, show
security va sql scans initiate-scan, list, show
security va sql scans scan-operation-result show

Design

  • Single --resource-id argument identifies the assessed resource (was previously a 7-arg combination).
  • Optional --database-name for server-level scopes (e.g. master).
  • All commands tagged Preview (matches the preview API version).
  • The security va parent group is marked Preview because the only content under it is SQL VA preview.

Scopes supported

  • Azure SQL Server / SQL Managed Instance
  • Synapse Workspace
  • Azure VM (SQL on VM)
  • Arc-enabled SQL Server
  • Server-level variants of each (with --database-name)

Files

  • Commands/security/readme.md — added va subgroup link
  • Commands/security/va/ — new markdown command docs
  • Resources/mgmt-plane/<9 base64 dirs>/2026-04-01-preview.{json,xml} — operation metadata

Companion PR

Azure-CLI side: link will be added once opened.

@GalGoldi72
Add SQL Vulnerability Assessment commands for Microsoft.Security 2026…
d7aabf2 
…-04-01-preview

Adds atomic commands for 'az security va sql' based on TypeSpec PR Azure/azure-rest-api-specs#41888.

Commands added:
- security va sql {create, delete, show, update}                 # settings
- security va sql baseline {add, create, delete, list, show, update}
- security va sql results {list, show}
- security va sql scans {initiate-scan, list, show}
- security va sql scans scan-operation-result show

Single --resource-id argument replaces previous multi-arg combination.
All commands tagged Preview.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@GalGoldi72 GalGoldi72 mentioned this pull request Jun 2, 2026
Open
2 tasks
GalGoldi72 and others added 2 commits June 2, 2026 21:41
@GalGoldi72
[Security] Add --rule-id alias to security va sql results show
b751eb4 
Adds `rule-id` as a primary option for the scanResultId argument on
`az security va sql results show`, with `scan-result-id` kept as a
secondary alias. This aligns with the `baseline` commands which use
`--rule-id` for the same logical concept and matches Copilot review
feedback on Azure/azure-cli#33482.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@GalGoldi72
[Security] Remove security va sql baseline update
4fcbef4 
The AAZ-generated `update` command uses the standard GET -> patch instance -> PUT
flow. The Microsoft.Security `sqlVulnerabilityAssessments/default/baselineRules`
service has an asymmetric request/response shape: PUT accepts only a flat
`{ latestScan, results }` body, but GET returns the ARM-canonical
`{ properties: { latestScan, results }, ... }` shape. The generic-update flow
therefore PUTs a mixed payload that the service rejects with
`400 UnsupportedProperties: 'properties'`.

Verified directly against the live API:
  PUT { latestScan: true }                  -> 200 OK
  PUT { properties: { latestScan: true } }  -> 400 UnsupportedProperties

Because `baseline create` is the same PUT endpoint and is a full upsert,
removing `update` does not reduce functionality.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@GalGoldi72