sql.azure.com/v1api20211101

APIVersion

Value	Description
“2021-11-01”

Server

Generator information: - Generated from: /sql/resource-manager/Microsoft.Sql/stable/2021-11-01/Servers.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}

Used by: ServerList.

Property	Description	Type
metav1.TypeMeta
metav1.ObjectMeta
spec		Server_Spec Optional
status		Server_STATUS Optional

Server_Spec

Property	Description	Type
administratorLogin	Administrator username for the server. Once created it cannot be changed.	string Optional
administratorLoginPassword	The administrator login password (required for server creation).	genruntime.SecretReference Optional
administrators	The Azure Active Directory administrator of the server.	ServerExternalAdministrator Optional
azureName	The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.	string Optional
federatedClientId	The Client id used for cross tenant CMK scenario	string Optional
identity	The Azure Active Directory identity of the server.	ResourceIdentity Optional
keyId	A CMK URI of the key to use for encryption.	string Optional
location	Resource location.	string Required
minimalTlsVersion	Minimal TLS version. Allowed values: ‘1.0’, ‘1.1’, ‘1.2’	string Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServerOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup resource	genruntime.KnownResourceReference Required
primaryUserAssignedIdentityReference	The resource id of a user assigned identity to be used by default.	genruntime.ResourceReference Optional
publicNetworkAccess	Whether or not public endpoint access is allowed for this server. Value is optional but if passed in, must be ‘Enabled’ or ‘Disabled’	ServerProperties_PublicNetworkAccess Optional
restrictOutboundNetworkAccess	Whether or not to restrict outbound network access for this server. Value is optional but if passed in, must be ‘Enabled’ or ‘Disabled’	ServerProperties_RestrictOutboundNetworkAccess Optional
tags	Resource tags.	map[string]string Optional
version	The version of the server.	string Optional

Server_STATUS

Property	Description	Type
administratorLogin	Administrator username for the server. Once created it cannot be changed.	string Optional
administrators	The Azure Active Directory administrator of the server.	ServerExternalAdministrator_STATUS Optional
conditions	The observed state of the resource	conditions.Condition[] Optional
federatedClientId	The Client id used for cross tenant CMK scenario	string Optional
fullyQualifiedDomainName	The fully qualified domain name of the server.	string Optional
id	Resource ID.	string Optional
identity	The Azure Active Directory identity of the server.	ResourceIdentity_STATUS Optional
keyId	A CMK URI of the key to use for encryption.	string Optional
kind	Kind of sql server. This is metadata used for the Azure portal experience.	string Optional
location	Resource location.	string Optional
minimalTlsVersion	Minimal TLS version. Allowed values: ‘1.0’, ‘1.1’, ‘1.2’	string Optional
name	Resource name.	string Optional
primaryUserAssignedIdentityId	The resource id of a user assigned identity to be used by default.	string Optional
privateEndpointConnections	List of private endpoint connections on a server	ServerPrivateEndpointConnection_STATUS[] Optional
publicNetworkAccess	Whether or not public endpoint access is allowed for this server. Value is optional but if passed in, must be ‘Enabled’ or ‘Disabled’	ServerProperties_PublicNetworkAccess_STATUS Optional
restrictOutboundNetworkAccess	Whether or not to restrict outbound network access for this server. Value is optional but if passed in, must be ‘Enabled’ or ‘Disabled’	ServerProperties_RestrictOutboundNetworkAccess_STATUS Optional
state	The state of the server.	string Optional
tags	Resource tags.	map[string]string Optional
type	Resource type.	string Optional
version	The version of the server.	string Optional
workspaceFeature	Whether or not existing server has a workspace created and if it allows connection from workspace	ServerProperties_WorkspaceFeature_STATUS Optional

ServerList

Property	Description	Type
metav1.TypeMeta
metav1.ListMeta
items		Server[] Optional

ServersAdministrator

Generator information: - Generated from: /sql/resource-manager/Microsoft.Sql/stable/2021-11-01/ServerAzureADAdministrators.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/administrators/{administratorName}

Used by: ServersAdministratorList.

Property	Description	Type
metav1.TypeMeta
metav1.ObjectMeta
spec		ServersAdministrator_Spec Optional
status		ServersAdministrator_STATUS Optional

ServersAdministrator_Spec

Property	Description	Type
administratorType	Type of the sever administrator.	AdministratorProperties_AdministratorType Required
login	Login name of the server administrator.	string Required
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersAdministratorOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource	genruntime.KnownResourceReference Required
sid	SID (object ID) of the server administrator.	string Optional
sidFromConfig	SID (object ID) of the server administrator.	genruntime.ConfigMapReference Optional
tenantId	Tenant ID of the administrator.	string Optional
tenantIdFromConfig	Tenant ID of the administrator.	genruntime.ConfigMapReference Optional

ServersAdministrator_STATUS

Property	Description	Type
administratorType	Type of the sever administrator.	AdministratorProperties_AdministratorType_STATUS Optional
azureADOnlyAuthentication	Azure Active Directory only Authentication enabled.	bool Optional
conditions	The observed state of the resource	conditions.Condition[] Optional
id	Resource ID.	string Optional
login	Login name of the server administrator.	string Optional
name	Resource name.	string Optional
sid	SID (object ID) of the server administrator.	string Optional
tenantId	Tenant ID of the administrator.	string Optional
type	Resource type.	string Optional

ServersAdministratorList

Property	Description	Type
metav1.TypeMeta
metav1.ListMeta
items		ServersAdministrator[] Optional

ServersAdvancedThreatProtectionSetting

Generator information: - Generated from: /sql/resource-manager/Microsoft.Sql/stable/2021-11-01/ServerAdvancedThreatProtectionSettings.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/advancedThreatProtectionSettings/Default

Used by: ServersAdvancedThreatProtectionSettingList.

Property	Description	Type
metav1.TypeMeta
metav1.ObjectMeta
spec		ServersAdvancedThreatProtectionSetting_Spec Optional
status		ServersAdvancedThreatProtectionSetting_STATUS Optional

ServersAdvancedThreatProtectionSetting_Spec

Property	Description	Type
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersAdvancedThreatProtectionSettingOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource	genruntime.KnownResourceReference Required
state	Specifies the state of the Advanced Threat Protection, whether it is enabled or disabled or a state has not been applied yet on the specific database or server.	AdvancedThreatProtectionProperties_State Required

ServersAdvancedThreatProtectionSetting_STATUS

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
creationTime	Specifies the UTC creation time of the policy.	string Optional
id	Resource ID.	string Optional
name	Resource name.	string Optional
state	Specifies the state of the Advanced Threat Protection, whether it is enabled or disabled or a state has not been applied yet on the specific database or server.	AdvancedThreatProtectionProperties_State_STATUS Optional
systemData	SystemData of AdvancedThreatProtectionResource.	SystemData_STATUS Optional
type	Resource type.	string Optional

ServersAdvancedThreatProtectionSettingList

Property	Description	Type
metav1.TypeMeta
metav1.ListMeta
items		ServersAdvancedThreatProtectionSetting[] Optional

ServersAuditingSetting

Generator information: - Generated from: /sql/resource-manager/Microsoft.Sql/stable/2021-11-01/BlobAuditing.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/auditingSettings/default

Used by: ServersAuditingSettingList.

Property	Description	Type
metav1.TypeMeta
metav1.ObjectMeta
spec		ServersAuditingSetting_Spec Optional
status		ServersAuditingSetting_STATUS Optional

ServersAuditingSetting_Spec

Property	Description	Type
auditActionsAndGroups	Specifies the Actions-Groups and Actions to audit. The recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins: BATCH_COMPLETED_GROUP, SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP. This above combination is also the set that is configured by default when enabling auditing from the Azure portal. The supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records): APPLICATION_ROLE_CHANGE_PASSWORD_GROUP BACKUP_RESTORE_GROUP DATABASE_LOGOUT_GROUP DATABASE_OBJECT_CHANGE_GROUP DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP DATABASE_OBJECT_PERMISSION_CHANGE_GROUP DATABASE_OPERATION_GROUP DATABASE_PERMISSION_CHANGE_GROUP DATABASE_PRINCIPAL_CHANGE_GROUP DATABASE_PRINCIPAL_IMPERSONATION_GROUP DATABASE_ROLE_MEMBER_CHANGE_GROUP FAILED_DATABASE_AUTHENTICATION_GROUP SCHEMA_OBJECT_ACCESS_GROUP SCHEMA_OBJECT_CHANGE_GROUP SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP USER_CHANGE_PASSWORD_GROUP BATCH_STARTED_GROUP BATCH_COMPLETED_GROUP DBCC_GROUP DATABASE_OWNERSHIP_CHANGE_GROUP DATABASE_CHANGE_GROUP LEDGER_OPERATION_GROUP These are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs. For more information, see Database-Level Audit Action Groups. For Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are: SELECT UPDATE INSERT DELETE EXECUTE RECEIVE REFERENCES The general form for defining an action to be audited is: {action} ON {object} BY {principal} Note that	string[] Optional
isAzureMonitorTargetEnabled	Specifies whether audit events are sent to Azure Monitor. In order to send the events to Azure Monitor, specify ‘State’ as ‘Enabled’ and ‘IsAzureMonitorTargetEnabled’ as true. When using REST API to configure auditing, Diagnostic Settings with ‘SQLSecurityAuditEvents’ diagnostic logs category on the database should be also created. Note that for server level audit you should use the ‘master’ database as {databaseName}. Diagnostic Settings URI format: PUT https://management.azure.com/&ZeroWidthSpace;subscriptions/&ZeroWidthSpace;{subscriptionId}/&ZeroWidthSpace;resourceGroups/&ZeroWidthSpace;{resourceGroup}/&ZeroWidthSpace;providers/&ZeroWidthSpace;Microsoft.Sql/servers/{serverName}/databases/{databaseName}/providers/microsoft.insights/diagnosticSettings/{settingsName}?api-version=2017-05-01-preview For more information, see Diagnostic Settings REST API or Diagnostic Settings PowerShell	bool Optional
isDevopsAuditEnabled	Specifies the state of devops audit. If state is Enabled, devops logs will be sent to Azure Monitor. In order to send the events to Azure Monitor, specify ‘State’ as ‘Enabled’, ‘IsAzureMonitorTargetEnabled’ as true and ‘IsDevopsAuditEnabled’ as true When using REST API to configure auditing, Diagnostic Settings with ‘DevOpsOperationsAudit’ diagnostic logs category on the master database should also be created. Diagnostic Settings URI format: PUT https://management.azure.com/&ZeroWidthSpace;subscriptions/&ZeroWidthSpace;{subscriptionId}/&ZeroWidthSpace;resourceGroups/&ZeroWidthSpace;{resourceGroup}/&ZeroWidthSpace;providers/&ZeroWidthSpace;Microsoft.Sql/servers/{serverName}/databases/master/providers/microsoft.insights/diagnosticSettings/{settingsName}?api-version=2017-05-01-preview For more information, see Diagnostic Settings REST API or Diagnostic Settings PowerShell	bool Optional
isManagedIdentityInUse	Specifies whether Managed Identity is used to access blob storage	bool Optional
isStorageSecondaryKeyInUse	Specifies whether storageAccountAccessKey value is the storage’s secondary key.	bool Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersAuditingSettingOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource	genruntime.KnownResourceReference Required
queueDelayMs	Specifies the amount of time in milliseconds that can elapse before audit actions are forced to be processed. The default minimum value is 1000 (1 second). The maximum is 2,147,483,647.	int Optional
retentionDays	Specifies the number of days to keep in the audit logs in the storage account.	int Optional
state	Specifies the state of the audit. If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required.	ServerBlobAuditingPolicyProperties_State Required
storageAccountAccessKey	Specifies the identifier key of the auditing storage account. If state is Enabled and storageEndpoint is specified, not specifying the storageAccountAccessKey will use SQL server system-assigned managed identity to access the storage. Prerequisites for using managed identity authentication: 1. Assign SQL Server a system-assigned managed identity in Azure Active Directory (AAD). 2. Grant SQL Server identity access to the storage account by adding ‘Storage Blob Data Contributor’ RBAC role to the server identity. For more information, see Auditing to storage using Managed Identity authentication	genruntime.SecretReference Optional
storageAccountSubscriptionId	Specifies the blob storage subscription Id.	string Optional
storageEndpoint	Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled is required.	string Optional

ServersAuditingSetting_STATUS

Property	Description	Type
auditActionsAndGroups	Specifies the Actions-Groups and Actions to audit. The recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins: BATCH_COMPLETED_GROUP, SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP. This above combination is also the set that is configured by default when enabling auditing from the Azure portal. The supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records): APPLICATION_ROLE_CHANGE_PASSWORD_GROUP BACKUP_RESTORE_GROUP DATABASE_LOGOUT_GROUP DATABASE_OBJECT_CHANGE_GROUP DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP DATABASE_OBJECT_PERMISSION_CHANGE_GROUP DATABASE_OPERATION_GROUP DATABASE_PERMISSION_CHANGE_GROUP DATABASE_PRINCIPAL_CHANGE_GROUP DATABASE_PRINCIPAL_IMPERSONATION_GROUP DATABASE_ROLE_MEMBER_CHANGE_GROUP FAILED_DATABASE_AUTHENTICATION_GROUP SCHEMA_OBJECT_ACCESS_GROUP SCHEMA_OBJECT_CHANGE_GROUP SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP USER_CHANGE_PASSWORD_GROUP BATCH_STARTED_GROUP BATCH_COMPLETED_GROUP DBCC_GROUP DATABASE_OWNERSHIP_CHANGE_GROUP DATABASE_CHANGE_GROUP LEDGER_OPERATION_GROUP These are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs. For more information, see Database-Level Audit Action Groups. For Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are: SELECT UPDATE INSERT DELETE EXECUTE RECEIVE REFERENCES The general form for defining an action to be audited is: {action} ON {object} BY {principal} Note that	string[] Optional
conditions	The observed state of the resource	conditions.Condition[] Optional
id	Resource ID.	string Optional
isAzureMonitorTargetEnabled	Specifies whether audit events are sent to Azure Monitor. In order to send the events to Azure Monitor, specify ‘State’ as ‘Enabled’ and ‘IsAzureMonitorTargetEnabled’ as true. When using REST API to configure auditing, Diagnostic Settings with ‘SQLSecurityAuditEvents’ diagnostic logs category on the database should be also created. Note that for server level audit you should use the ‘master’ database as {databaseName}. Diagnostic Settings URI format: PUT https://management.azure.com/&ZeroWidthSpace;subscriptions/&ZeroWidthSpace;{subscriptionId}/&ZeroWidthSpace;resourceGroups/&ZeroWidthSpace;{resourceGroup}/&ZeroWidthSpace;providers/&ZeroWidthSpace;Microsoft.Sql/servers/{serverName}/databases/{databaseName}/providers/microsoft.insights/diagnosticSettings/{settingsName}?api-version=2017-05-01-preview For more information, see Diagnostic Settings REST API or Diagnostic Settings PowerShell	bool Optional
isDevopsAuditEnabled	Specifies the state of devops audit. If state is Enabled, devops logs will be sent to Azure Monitor. In order to send the events to Azure Monitor, specify ‘State’ as ‘Enabled’, ‘IsAzureMonitorTargetEnabled’ as true and ‘IsDevopsAuditEnabled’ as true When using REST API to configure auditing, Diagnostic Settings with ‘DevOpsOperationsAudit’ diagnostic logs category on the master database should also be created. Diagnostic Settings URI format: PUT https://management.azure.com/&ZeroWidthSpace;subscriptions/&ZeroWidthSpace;{subscriptionId}/&ZeroWidthSpace;resourceGroups/&ZeroWidthSpace;{resourceGroup}/&ZeroWidthSpace;providers/&ZeroWidthSpace;Microsoft.Sql/servers/{serverName}/databases/master/providers/microsoft.insights/diagnosticSettings/{settingsName}?api-version=2017-05-01-preview For more information, see Diagnostic Settings REST API or Diagnostic Settings PowerShell	bool Optional
isManagedIdentityInUse	Specifies whether Managed Identity is used to access blob storage	bool Optional
isStorageSecondaryKeyInUse	Specifies whether storageAccountAccessKey value is the storage’s secondary key.	bool Optional
name	Resource name.	string Optional
queueDelayMs	Specifies the amount of time in milliseconds that can elapse before audit actions are forced to be processed. The default minimum value is 1000 (1 second). The maximum is 2,147,483,647.	int Optional
retentionDays	Specifies the number of days to keep in the audit logs in the storage account.	int Optional
state	Specifies the state of the audit. If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required.	ServerBlobAuditingPolicyProperties_State_STATUS Optional
storageAccountSubscriptionId	Specifies the blob storage subscription Id.	string Optional
storageEndpoint	Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled is required.	string Optional
type	Resource type.	string Optional

ServersAuditingSettingList

Property	Description	Type
metav1.TypeMeta
metav1.ListMeta
items		ServersAuditingSetting[] Optional

ServersAzureADOnlyAuthentication

Generator information: - Generated from: /sql/resource-manager/Microsoft.Sql/stable/2021-11-01/ServerAzureADOnlyAuthentications.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/azureADOnlyAuthentications/Default

Used by: ServersAzureADOnlyAuthenticationList.

Property	Description	Type
metav1.TypeMeta
metav1.ObjectMeta
spec		ServersAzureADOnlyAuthentication_Spec Optional
status		ServersAzureADOnlyAuthentication_STATUS Optional

ServersAzureADOnlyAuthentication_Spec

Property	Description	Type
azureADOnlyAuthentication	Azure Active Directory only Authentication enabled.	bool Required
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersAzureADOnlyAuthenticationOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource	genruntime.KnownResourceReference Required

ServersAzureADOnlyAuthentication_STATUS

Property	Description	Type
azureADOnlyAuthentication	Azure Active Directory only Authentication enabled.	bool Optional
conditions	The observed state of the resource	conditions.Condition[] Optional
id	Resource ID.	string Optional
name	Resource name.	string Optional
type	Resource type.	string Optional

ServersAzureADOnlyAuthenticationList

Property	Description	Type
metav1.TypeMeta
metav1.ListMeta
items		ServersAzureADOnlyAuthentication[] Optional

ServersConnectionPolicy

Generator information: - Generated from: /sql/resource-manager/Microsoft.Sql/stable/2021-11-01/ServerConnectionPolicies.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/connectionPolicies/default

Used by: ServersConnectionPolicyList.

Property	Description	Type
metav1.TypeMeta
metav1.ObjectMeta
spec		ServersConnectionPolicy_Spec Optional
status		ServersConnectionPolicy_STATUS Optional

ServersConnectionPolicy_Spec

Property	Description	Type
connectionType	The server connection type.	ServerConnectionPolicyProperties_ConnectionType Required
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersConnectionPolicyOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource	genruntime.KnownResourceReference Required

ServersConnectionPolicy_STATUS

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
connectionType	The server connection type.	ServerConnectionPolicyProperties_ConnectionType_STATUS Optional
id	Resource ID.	string Optional
kind	Metadata used for the Azure portal experience.	string Optional
location	Resource location.	string Optional
name	Resource name.	string Optional
type	Resource type.	string Optional

ServersConnectionPolicyList

Property	Description	Type
metav1.TypeMeta
metav1.ListMeta
items		ServersConnectionPolicy[] Optional

ServersDatabase

Generator information: - Generated from: /sql/resource-manager/Microsoft.Sql/stable/2021-11-01/Databases.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}

Used by: ServersDatabaseList.

Property	Description	Type
metav1.TypeMeta
metav1.ObjectMeta
spec		ServersDatabase_Spec Optional
status		ServersDatabase_STATUS Optional

ServersDatabase_Spec

Property	Description	Type
autoPauseDelay	Time in minutes after which database is automatically paused. A value of -1 means that automatic pause is disabled	int Optional
azureName	The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.	string Optional
catalogCollation	Collation of the metadata catalog.	DatabaseProperties_CatalogCollation Optional
collation	The collation of the database.	string Optional
createMode	Specifies the mode of database creation. Default: regular database creation. Copy: creates a database as a copy of an existing database. sourceDatabaseId must be specified as the resource ID of the source database. Secondary: creates a database as a secondary replica of an existing database. sourceDatabaseId must be specified as the resource ID of the existing primary database. PointInTimeRestore: Creates a database by restoring a point in time backup of an existing database. sourceDatabaseId must be specified as the resource ID of the existing database, and restorePointInTime must be specified. Recovery: Creates a database by restoring a geo-replicated backup. sourceDatabaseId must be specified as the recoverable database resource ID to restore. Restore: Creates a database by restoring a backup of a deleted database. sourceDatabaseId must be specified. If sourceDatabaseId is the database’s original resource ID, then sourceDatabaseDeletionDate must be specified. Otherwise sourceDatabaseId must be the restorable dropped database resource ID and sourceDatabaseDeletionDate is ignored. restorePointInTime may also be specified to restore from an earlier point in time. RestoreLongTermRetentionBackup: Creates a database by restoring from a long term retention vault. recoveryServicesRecoveryPointResourceId must be specified as the recovery point resource ID. Copy, Secondary, and RestoreLongTermRetentionBackup are not supported for DataWarehouse edition.	DatabaseProperties_CreateMode Optional
elasticPoolReference	The resource identifier of the elastic pool containing this database.	genruntime.ResourceReference Optional
federatedClientId	The Client id used for cross tenant per database CMK scenario	string Optional
highAvailabilityReplicaCount	The number of secondary replicas associated with the database that are used to provide high availability. Not applicable to a Hyperscale database within an elastic pool.	int Optional
identity	The Azure Active Directory identity of the database.	DatabaseIdentity Optional
isLedgerOn	Whether or not this database is a ledger database, which means all tables in the database are ledger tables. Note: the value of this property cannot be changed after the database has been created.	bool Optional
licenseType	The license type to apply for this database. `LicenseIncluded` if you need a license, or `BasePrice` if you have a license and are eligible for the Azure Hybrid Benefit.	DatabaseProperties_LicenseType Optional
location	Resource location.	string Required
longTermRetentionBackupResourceReference	The resource identifier of the long term retention backup associated with create operation of this database.	genruntime.ResourceReference Optional
maintenanceConfigurationId	Maintenance configuration id assigned to the database. This configuration defines the period when the maintenance updates will occur.	string Optional
maxSizeBytes	The max size of the database expressed in bytes.	int Optional
minCapacity	Minimal capacity that database will always have allocated, if not paused	float64 Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersDatabaseOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource	genruntime.KnownResourceReference Required
readScale	The state of read-only routing. If enabled, connections that have application intent set to readonly in their connection string may be routed to a readonly secondary replica in the same region. Not applicable to a Hyperscale database within an elastic pool.	DatabaseProperties_ReadScale Optional
recoverableDatabaseReference	The resource identifier of the recoverable database associated with create operation of this database.	genruntime.ResourceReference Optional
recoveryServicesRecoveryPointReference	The resource identifier of the recovery point associated with create operation of this database.	genruntime.ResourceReference Optional
requestedBackupStorageRedundancy	The storage account type to be used to store backups for this database.	DatabaseProperties_RequestedBackupStorageRedundancy Optional
restorableDroppedDatabaseReference	The resource identifier of the restorable dropped database associated with create operation of this database.	genruntime.ResourceReference Optional
restorePointInTime	Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database.	string Optional
sampleName	The name of the sample schema to apply when creating this database.	DatabaseProperties_SampleName Optional
secondaryType	The secondary type of the database if it is a secondary. Valid values are Geo and Named.	DatabaseProperties_SecondaryType Optional
sku	The database SKU. The list of SKUs may vary by region and support offer. To determine the SKUs (including the SKU name, tier/edition, family, and capacity) that are available to your subscription in an Azure region, use the `Capabilities_ListByLocation` REST API or one of the following commands: azurecli az sql db list-editions -l <location> -o table``powershell Get-AzSqlServerServiceObjective -Location <location>``	Sku Optional
sourceDatabaseDeletionDate	Specifies the time that the database was deleted.	string Optional
sourceDatabaseReference	The resource identifier of the source database associated with create operation of this database.	genruntime.ResourceReference Optional
sourceResourceReference	The resource identifier of the source associated with the create operation of this database. This property is only supported for DataWarehouse edition and allows to restore across subscriptions. When sourceResourceId is specified, sourceDatabaseId, recoverableDatabaseId, restorableDroppedDatabaseId and sourceDatabaseDeletionDate must not be specified and CreateMode must be PointInTimeRestore, Restore or Recover. When createMode is PointInTimeRestore, sourceResourceId must be the resource ID of the existing database or existing sql pool, and restorePointInTime must be specified. When createMode is Restore, sourceResourceId must be the resource ID of restorable dropped database or restorable dropped sql pool. When createMode is Recover, sourceResourceId must be the resource ID of recoverable database or recoverable sql pool. When source subscription belongs to a different tenant than target subscription, “x-ms-authorization-auxiliary” header must contain authentication token for the source tenant. For more details about “x-ms-authorization-auxiliary” header see https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/authenticate-multi-tenant	genruntime.ResourceReference Optional
tags	Resource tags.	map[string]string Optional
zoneRedundant	Whether or not this database is zone redundant, which means the replicas of this database will be spread across multiple availability zones.	bool Optional

ServersDatabase_STATUS

Property	Description	Type
autoPauseDelay	Time in minutes after which database is automatically paused. A value of -1 means that automatic pause is disabled	int Optional
catalogCollation	Collation of the metadata catalog.	DatabaseProperties_CatalogCollation_STATUS Optional
collation	The collation of the database.	string Optional
conditions	The observed state of the resource	conditions.Condition[] Optional
createMode	Specifies the mode of database creation. Default: regular database creation. Copy: creates a database as a copy of an existing database. sourceDatabaseId must be specified as the resource ID of the source database. Secondary: creates a database as a secondary replica of an existing database. sourceDatabaseId must be specified as the resource ID of the existing primary database. PointInTimeRestore: Creates a database by restoring a point in time backup of an existing database. sourceDatabaseId must be specified as the resource ID of the existing database, and restorePointInTime must be specified. Recovery: Creates a database by restoring a geo-replicated backup. sourceDatabaseId must be specified as the recoverable database resource ID to restore. Restore: Creates a database by restoring a backup of a deleted database. sourceDatabaseId must be specified. If sourceDatabaseId is the database’s original resource ID, then sourceDatabaseDeletionDate must be specified. Otherwise sourceDatabaseId must be the restorable dropped database resource ID and sourceDatabaseDeletionDate is ignored. restorePointInTime may also be specified to restore from an earlier point in time. RestoreLongTermRetentionBackup: Creates a database by restoring from a long term retention vault. recoveryServicesRecoveryPointResourceId must be specified as the recovery point resource ID. Copy, Secondary, and RestoreLongTermRetentionBackup are not supported for DataWarehouse edition.	DatabaseProperties_CreateMode_STATUS Optional
creationDate	The creation date of the database (ISO8601 format).	string Optional
currentBackupStorageRedundancy	The storage account type used to store backups for this database.	DatabaseProperties_CurrentBackupStorageRedundancy_STATUS Optional
currentServiceObjectiveName	The current service level objective name of the database.	string Optional
currentSku	The name and tier of the SKU.	Sku_STATUS Optional
databaseId	The ID of the database.	string Optional
defaultSecondaryLocation	The default secondary region for this database.	string Optional
earliestRestoreDate	This records the earliest start date and time that restore is available for this database (ISO8601 format).	string Optional
elasticPoolId	The resource identifier of the elastic pool containing this database.	string Optional
failoverGroupId	Failover Group resource identifier that this database belongs to.	string Optional
federatedClientId	The Client id used for cross tenant per database CMK scenario	string Optional
highAvailabilityReplicaCount	The number of secondary replicas associated with the database that are used to provide high availability. Not applicable to a Hyperscale database within an elastic pool.	int Optional
id	Resource ID.	string Optional
identity	The Azure Active Directory identity of the database.	DatabaseIdentity_STATUS Optional
isInfraEncryptionEnabled	Infra encryption is enabled for this database.	bool Optional
isLedgerOn	Whether or not this database is a ledger database, which means all tables in the database are ledger tables. Note: the value of this property cannot be changed after the database has been created.	bool Optional
kind	Kind of database. This is metadata used for the Azure portal experience.	string Optional
licenseType	The license type to apply for this database. `LicenseIncluded` if you need a license, or `BasePrice` if you have a license and are eligible for the Azure Hybrid Benefit.	DatabaseProperties_LicenseType_STATUS Optional
location	Resource location.	string Optional
longTermRetentionBackupResourceId	The resource identifier of the long term retention backup associated with create operation of this database.	string Optional
maintenanceConfigurationId	Maintenance configuration id assigned to the database. This configuration defines the period when the maintenance updates will occur.	string Optional
managedBy	Resource that manages the database.	string Optional
maxLogSizeBytes	The max log size for this database.	int Optional
maxSizeBytes	The max size of the database expressed in bytes.	int Optional
minCapacity	Minimal capacity that database will always have allocated, if not paused	float64 Optional
name	Resource name.	string Optional
pausedDate	The date when database was paused by user configuration or action(ISO8601 format). Null if the database is ready.	string Optional
readScale	The state of read-only routing. If enabled, connections that have application intent set to readonly in their connection string may be routed to a readonly secondary replica in the same region. Not applicable to a Hyperscale database within an elastic pool.	DatabaseProperties_ReadScale_STATUS Optional
recoverableDatabaseId	The resource identifier of the recoverable database associated with create operation of this database.	string Optional
recoveryServicesRecoveryPointId	The resource identifier of the recovery point associated with create operation of this database.	string Optional
requestedBackupStorageRedundancy	The storage account type to be used to store backups for this database.	DatabaseProperties_RequestedBackupStorageRedundancy_STATUS Optional
requestedServiceObjectiveName	The requested service level objective name of the database.	string Optional
restorableDroppedDatabaseId	The resource identifier of the restorable dropped database associated with create operation of this database.	string Optional
restorePointInTime	Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database.	string Optional
resumedDate	The date when database was resumed by user action or database login (ISO8601 format). Null if the database is paused.	string Optional
sampleName	The name of the sample schema to apply when creating this database.	DatabaseProperties_SampleName_STATUS Optional
secondaryType	The secondary type of the database if it is a secondary. Valid values are Geo and Named.	DatabaseProperties_SecondaryType_STATUS Optional
sku	The database SKU. The list of SKUs may vary by region and support offer. To determine the SKUs (including the SKU name, tier/edition, family, and capacity) that are available to your subscription in an Azure region, use the `Capabilities_ListByLocation` REST API or one of the following commands: azurecli az sql db list-editions -l <location> -o table``powershell Get-AzSqlServerServiceObjective -Location <location>``	Sku_STATUS Optional
sourceDatabaseDeletionDate	Specifies the time that the database was deleted.	string Optional
sourceDatabaseId	The resource identifier of the source database associated with create operation of this database.	string Optional
sourceResourceId	The resource identifier of the source associated with the create operation of this database. This property is only supported for DataWarehouse edition and allows to restore across subscriptions. When sourceResourceId is specified, sourceDatabaseId, recoverableDatabaseId, restorableDroppedDatabaseId and sourceDatabaseDeletionDate must not be specified and CreateMode must be PointInTimeRestore, Restore or Recover. When createMode is PointInTimeRestore, sourceResourceId must be the resource ID of the existing database or existing sql pool, and restorePointInTime must be specified. When createMode is Restore, sourceResourceId must be the resource ID of restorable dropped database or restorable dropped sql pool. When createMode is Recover, sourceResourceId must be the resource ID of recoverable database or recoverable sql pool. When source subscription belongs to a different tenant than target subscription, “x-ms-authorization-auxiliary” header must contain authentication token for the source tenant. For more details about “x-ms-authorization-auxiliary” header see https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/authenticate-multi-tenant	string Optional
status	The status of the database.	DatabaseProperties_Status_STATUS Optional
tags	Resource tags.	map[string]string Optional
type	Resource type.	string Optional
zoneRedundant	Whether or not this database is zone redundant, which means the replicas of this database will be spread across multiple availability zones.	bool Optional

ServersDatabaseList

Property	Description	Type
metav1.TypeMeta
metav1.ListMeta
items		ServersDatabase[] Optional

ServersDatabasesAdvancedThreatProtectionSetting

Generator information: - Generated from: /sql/resource-manager/Microsoft.Sql/stable/2021-11-01/DatabaseAdvancedThreatProtectionSettings.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/advancedThreatProtectionSettings/Default

Used by: ServersDatabasesAdvancedThreatProtectionSettingList.

Property	Description	Type
metav1.TypeMeta
metav1.ObjectMeta
spec		ServersDatabasesAdvancedThreatProtectionSetting_Spec Optional
status		ServersDatabasesAdvancedThreatProtectionSetting_STATUS Optional

ServersDatabasesAdvancedThreatProtectionSetting_Spec

Property	Description	Type
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersDatabasesAdvancedThreatProtectionSettingOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/ServersDatabase resource	genruntime.KnownResourceReference Required
state	Specifies the state of the Advanced Threat Protection, whether it is enabled or disabled or a state has not been applied yet on the specific database or server.	AdvancedThreatProtectionProperties_State Required

ServersDatabasesAdvancedThreatProtectionSetting_STATUS

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
creationTime	Specifies the UTC creation time of the policy.	string Optional
id	Resource ID.	string Optional
name	Resource name.	string Optional
state	Specifies the state of the Advanced Threat Protection, whether it is enabled or disabled or a state has not been applied yet on the specific database or server.	AdvancedThreatProtectionProperties_State_STATUS Optional
systemData	SystemData of AdvancedThreatProtectionResource.	SystemData_STATUS Optional
type	Resource type.	string Optional

ServersDatabasesAdvancedThreatProtectionSettingList

Property	Description	Type
metav1.TypeMeta
metav1.ListMeta
items		ServersDatabasesAdvancedThreatProtectionSetting[] Optional

ServersDatabasesAuditingSetting

Used by: ServersDatabasesAuditingSettingList.

Property	Description	Type
metav1.TypeMeta
metav1.ObjectMeta
spec		ServersDatabasesAuditingSetting_Spec Optional
status		ServersDatabasesAuditingSetting_STATUS Optional

ServersDatabasesAuditingSetting_Spec

Property	Description	Type
auditActionsAndGroups	Specifies the Actions-Groups and Actions to audit. The recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins: BATCH_COMPLETED_GROUP, SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP. This above combination is also the set that is configured by default when enabling auditing from the Azure portal. The supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records): APPLICATION_ROLE_CHANGE_PASSWORD_GROUP BACKUP_RESTORE_GROUP DATABASE_LOGOUT_GROUP DATABASE_OBJECT_CHANGE_GROUP DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP DATABASE_OBJECT_PERMISSION_CHANGE_GROUP DATABASE_OPERATION_GROUP DATABASE_PERMISSION_CHANGE_GROUP DATABASE_PRINCIPAL_CHANGE_GROUP DATABASE_PRINCIPAL_IMPERSONATION_GROUP DATABASE_ROLE_MEMBER_CHANGE_GROUP FAILED_DATABASE_AUTHENTICATION_GROUP SCHEMA_OBJECT_ACCESS_GROUP SCHEMA_OBJECT_CHANGE_GROUP SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP USER_CHANGE_PASSWORD_GROUP BATCH_STARTED_GROUP BATCH_COMPLETED_GROUP DBCC_GROUP DATABASE_OWNERSHIP_CHANGE_GROUP DATABASE_CHANGE_GROUP LEDGER_OPERATION_GROUP These are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs. For more information, see Database-Level Audit Action Groups. For Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are: SELECT UPDATE INSERT DELETE EXECUTE RECEIVE REFERENCES The general form for defining an action to be audited is: {action} ON {object} BY {principal} Note that	string[] Optional
isAzureMonitorTargetEnabled	Specifies whether audit events are sent to Azure Monitor. In order to send the events to Azure Monitor, specify ‘State’ as ‘Enabled’ and ‘IsAzureMonitorTargetEnabled’ as true. When using REST API to configure auditing, Diagnostic Settings with ‘SQLSecurityAuditEvents’ diagnostic logs category on the database should be also created. Note that for server level audit you should use the ‘master’ database as {databaseName}. Diagnostic Settings URI format: PUT https://management.azure.com/&ZeroWidthSpace;subscriptions/&ZeroWidthSpace;{subscriptionId}/&ZeroWidthSpace;resourceGroups/&ZeroWidthSpace;{resourceGroup}/&ZeroWidthSpace;providers/&ZeroWidthSpace;Microsoft.Sql/servers/{serverName}/databases/{databaseName}/providers/microsoft.insights/diagnosticSettings/{settingsName}?api-version=2017-05-01-preview For more information, see Diagnostic Settings REST API or Diagnostic Settings PowerShell	bool Optional
isManagedIdentityInUse	Specifies whether Managed Identity is used to access blob storage	bool Optional
isStorageSecondaryKeyInUse	Specifies whether storageAccountAccessKey value is the storage’s secondary key.	bool Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersDatabasesAuditingSettingOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/ServersDatabase resource	genruntime.KnownResourceReference Required
queueDelayMs	Specifies the amount of time in milliseconds that can elapse before audit actions are forced to be processed. The default minimum value is 1000 (1 second). The maximum is 2,147,483,647.	int Optional
retentionDays	Specifies the number of days to keep in the audit logs in the storage account.	int Optional
state	Specifies the state of the audit. If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required.	DatabaseBlobAuditingPolicyProperties_State Required
storageAccountAccessKey	Specifies the identifier key of the auditing storage account. If state is Enabled and storageEndpoint is specified, not specifying the storageAccountAccessKey will use SQL server system-assigned managed identity to access the storage. Prerequisites for using managed identity authentication: 1. Assign SQL Server a system-assigned managed identity in Azure Active Directory (AAD). 2. Grant SQL Server identity access to the storage account by adding ‘Storage Blob Data Contributor’ RBAC role to the server identity. For more information, see Auditing to storage using Managed Identity authentication	genruntime.SecretReference Optional
storageAccountSubscriptionId	Specifies the blob storage subscription Id.	string Optional
storageEndpoint	Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled is required.	string Optional

ServersDatabasesAuditingSetting_STATUS

Property	Description	Type
auditActionsAndGroups	Specifies the Actions-Groups and Actions to audit. The recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins: BATCH_COMPLETED_GROUP, SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP. This above combination is also the set that is configured by default when enabling auditing from the Azure portal. The supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records): APPLICATION_ROLE_CHANGE_PASSWORD_GROUP BACKUP_RESTORE_GROUP DATABASE_LOGOUT_GROUP DATABASE_OBJECT_CHANGE_GROUP DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP DATABASE_OBJECT_PERMISSION_CHANGE_GROUP DATABASE_OPERATION_GROUP DATABASE_PERMISSION_CHANGE_GROUP DATABASE_PRINCIPAL_CHANGE_GROUP DATABASE_PRINCIPAL_IMPERSONATION_GROUP DATABASE_ROLE_MEMBER_CHANGE_GROUP FAILED_DATABASE_AUTHENTICATION_GROUP SCHEMA_OBJECT_ACCESS_GROUP SCHEMA_OBJECT_CHANGE_GROUP SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP USER_CHANGE_PASSWORD_GROUP BATCH_STARTED_GROUP BATCH_COMPLETED_GROUP DBCC_GROUP DATABASE_OWNERSHIP_CHANGE_GROUP DATABASE_CHANGE_GROUP LEDGER_OPERATION_GROUP These are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs. For more information, see Database-Level Audit Action Groups. For Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are: SELECT UPDATE INSERT DELETE EXECUTE RECEIVE REFERENCES The general form for defining an action to be audited is: {action} ON {object} BY {principal} Note that	string[] Optional
conditions	The observed state of the resource	conditions.Condition[] Optional
id	Resource ID.	string Optional
isAzureMonitorTargetEnabled	Specifies whether audit events are sent to Azure Monitor. In order to send the events to Azure Monitor, specify ‘State’ as ‘Enabled’ and ‘IsAzureMonitorTargetEnabled’ as true. When using REST API to configure auditing, Diagnostic Settings with ‘SQLSecurityAuditEvents’ diagnostic logs category on the database should be also created. Note that for server level audit you should use the ‘master’ database as {databaseName}. Diagnostic Settings URI format: PUT https://management.azure.com/&ZeroWidthSpace;subscriptions/&ZeroWidthSpace;{subscriptionId}/&ZeroWidthSpace;resourceGroups/&ZeroWidthSpace;{resourceGroup}/&ZeroWidthSpace;providers/&ZeroWidthSpace;Microsoft.Sql/servers/{serverName}/databases/{databaseName}/providers/microsoft.insights/diagnosticSettings/{settingsName}?api-version=2017-05-01-preview For more information, see Diagnostic Settings REST API or Diagnostic Settings PowerShell	bool Optional
isManagedIdentityInUse	Specifies whether Managed Identity is used to access blob storage	bool Optional
isStorageSecondaryKeyInUse	Specifies whether storageAccountAccessKey value is the storage’s secondary key.	bool Optional
kind	Resource kind.	string Optional
name	Resource name.	string Optional
queueDelayMs	Specifies the amount of time in milliseconds that can elapse before audit actions are forced to be processed. The default minimum value is 1000 (1 second). The maximum is 2,147,483,647.	int Optional
retentionDays	Specifies the number of days to keep in the audit logs in the storage account.	int Optional
state	Specifies the state of the audit. If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required.	DatabaseBlobAuditingPolicyProperties_State_STATUS Optional
storageAccountSubscriptionId	Specifies the blob storage subscription Id.	string Optional
storageEndpoint	Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled is required.	string Optional
type	Resource type.	string Optional

ServersDatabasesAuditingSettingList

Property	Description	Type
metav1.TypeMeta
metav1.ListMeta
items		ServersDatabasesAuditingSetting[] Optional

ServersDatabasesBackupLongTermRetentionPolicy

Generator information: - Generated from: /sql/resource-manager/Microsoft.Sql/stable/2021-11-01/LongTermRetentionPolicies.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/backupLongTermRetentionPolicies/default

Used by: ServersDatabasesBackupLongTermRetentionPolicyList.

Property	Description	Type
metav1.TypeMeta
metav1.ObjectMeta
spec		ServersDatabasesBackupLongTermRetentionPolicy_Spec Optional
status		ServersDatabasesBackupLongTermRetentionPolicy_STATUS Optional

ServersDatabasesBackupLongTermRetentionPolicy_Spec

Property	Description	Type
monthlyRetention	The monthly retention policy for an LTR backup in an ISO 8601 format.	string Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersDatabasesBackupLongTermRetentionPolicyOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/ServersDatabase resource	genruntime.KnownResourceReference Required
weeklyRetention	The weekly retention policy for an LTR backup in an ISO 8601 format.	string Optional
weekOfYear	The week of year to take the yearly backup in an ISO 8601 format.	int Optional
yearlyRetention	The yearly retention policy for an LTR backup in an ISO 8601 format.	string Optional

ServersDatabasesBackupLongTermRetentionPolicy_STATUS

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
id	Resource ID.	string Optional
monthlyRetention	The monthly retention policy for an LTR backup in an ISO 8601 format.	string Optional
name	Resource name.	string Optional
type	Resource type.	string Optional
weeklyRetention	The weekly retention policy for an LTR backup in an ISO 8601 format.	string Optional
weekOfYear	The week of year to take the yearly backup in an ISO 8601 format.	int Optional
yearlyRetention	The yearly retention policy for an LTR backup in an ISO 8601 format.	string Optional

ServersDatabasesBackupLongTermRetentionPolicyList

Property	Description	Type
metav1.TypeMeta
metav1.ListMeta
items		ServersDatabasesBackupLongTermRetentionPolicy[] Optional

ServersDatabasesBackupShortTermRetentionPolicy

Generator information: - Generated from: /sql/resource-manager/Microsoft.Sql/stable/2021-11-01/BackupShortTermRetentionPolicies.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/backupShortTermRetentionPolicies/default

Used by: ServersDatabasesBackupShortTermRetentionPolicyList.

Property	Description	Type
metav1.TypeMeta
metav1.ObjectMeta
spec		ServersDatabasesBackupShortTermRetentionPolicy_Spec Optional
status		ServersDatabasesBackupShortTermRetentionPolicy_STATUS Optional

ServersDatabasesBackupShortTermRetentionPolicy_Spec

Property	Description	Type
diffBackupIntervalInHours	The differential backup interval in hours. This is how many interval hours between each differential backup will be supported. This is only applicable to live databases but not dropped databases.	BackupShortTermRetentionPolicyProperties_DiffBackupIntervalInHours Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersDatabasesBackupShortTermRetentionPolicyOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/ServersDatabase resource	genruntime.KnownResourceReference Required
retentionDays	The backup retention period in days. This is how many days Point-in-Time Restore will be supported.	int Optional

ServersDatabasesBackupShortTermRetentionPolicy_STATUS

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
diffBackupIntervalInHours	The differential backup interval in hours. This is how many interval hours between each differential backup will be supported. This is only applicable to live databases but not dropped databases.	BackupShortTermRetentionPolicyProperties_DiffBackupIntervalInHours_STATUS Optional
id	Resource ID.	string Optional
name	Resource name.	string Optional
retentionDays	The backup retention period in days. This is how many days Point-in-Time Restore will be supported.	int Optional
type	Resource type.	string Optional

ServersDatabasesBackupShortTermRetentionPolicyList

Property	Description	Type
metav1.TypeMeta
metav1.ListMeta
items		ServersDatabasesBackupShortTermRetentionPolicy[] Optional

ServersDatabasesSecurityAlertPolicy

Generator information: - Generated from: /sql/resource-manager/Microsoft.Sql/stable/2021-11-01/DatabaseSecurityAlertPolicies.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/securityAlertPolicies/default

Used by: ServersDatabasesSecurityAlertPolicyList.

Property	Description	Type
metav1.TypeMeta
metav1.ObjectMeta
spec		ServersDatabasesSecurityAlertPolicy_Spec Optional
status		ServersDatabasesSecurityAlertPolicy_STATUS Optional

ServersDatabasesSecurityAlertPolicy_Spec

Property	Description	Type
disabledAlerts	Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action, Brute_Force	string[] Optional
emailAccountAdmins	Specifies that the alert is sent to the account administrators.	bool Optional
emailAddresses	Specifies an array of e-mail addresses to which the alert is sent.	string[] Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersDatabasesSecurityAlertPolicyOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/ServersDatabase resource	genruntime.KnownResourceReference Required
retentionDays	Specifies the number of days to keep in the Threat Detection audit logs.	int Optional
state	Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database.	DatabaseSecurityAlertPoliciesSecurityAlertsPolicyProperties_State Required
storageAccountAccessKey	Specifies the identifier key of the Threat Detection audit storage account.	genruntime.SecretReference Optional
storageEndpoint	Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.	string Optional

ServersDatabasesSecurityAlertPolicy_STATUS

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
creationTime	Specifies the UTC creation time of the policy.	string Optional
disabledAlerts	Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action, Brute_Force	string[] Optional
emailAccountAdmins	Specifies that the alert is sent to the account administrators.	bool Optional
emailAddresses	Specifies an array of e-mail addresses to which the alert is sent.	string[] Optional
id	Resource ID.	string Optional
name	Resource name.	string Optional
retentionDays	Specifies the number of days to keep in the Threat Detection audit logs.	int Optional
state	Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database.	DatabaseSecurityAlertPoliciesSecurityAlertsPolicyProperties_State_STATUS Optional
storageEndpoint	Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.	string Optional
systemData	SystemData of SecurityAlertPolicyResource.	SystemData_STATUS Optional
type	Resource type.	string Optional

ServersDatabasesSecurityAlertPolicyList

Property	Description	Type
metav1.TypeMeta
metav1.ListMeta
items		ServersDatabasesSecurityAlertPolicy[] Optional

ServersDatabasesTransparentDataEncryption

Generator information: - Generated from: /sql/resource-manager/Microsoft.Sql/stable/2021-11-01/TransparentDataEncryptions.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/transparentDataEncryption/{tdeName}

Used by: ServersDatabasesTransparentDataEncryptionList.

Property	Description	Type
metav1.TypeMeta
metav1.ObjectMeta
spec		ServersDatabasesTransparentDataEncryption_Spec Optional
status		ServersDatabasesTransparentDataEncryption_STATUS Optional

ServersDatabasesTransparentDataEncryption_Spec

Property	Description	Type
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersDatabasesTransparentDataEncryptionOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/ServersDatabase resource	genruntime.KnownResourceReference Required
state	Specifies the state of the transparent data encryption.	TransparentDataEncryptionProperties_State Required

ServersDatabasesTransparentDataEncryption_STATUS

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
id	Resource ID.	string Optional
name	Resource name.	string Optional
state	Specifies the state of the transparent data encryption.	TransparentDataEncryptionProperties_State_STATUS Optional
type	Resource type.	string Optional

ServersDatabasesTransparentDataEncryptionList

Property	Description	Type
metav1.TypeMeta
metav1.ListMeta
items		ServersDatabasesTransparentDataEncryption[] Optional

ServersDatabasesVulnerabilityAssessment

Generator information: - Generated from: /sql/resource-manager/Microsoft.Sql/stable/2021-11-01/DatabaseVulnerabilityAssessments.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/vulnerabilityAssessments/default

Used by: ServersDatabasesVulnerabilityAssessmentList.

Property	Description	Type
metav1.TypeMeta
metav1.ObjectMeta
spec		ServersDatabasesVulnerabilityAssessment_Spec Optional
status		ServersDatabasesVulnerabilityAssessment_STATUS Optional

ServersDatabasesVulnerabilityAssessment_Spec

Property	Description	Type
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersDatabasesVulnerabilityAssessmentOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/ServersDatabase resource	genruntime.KnownResourceReference Required
recurringScans	The recurring scans settings	VulnerabilityAssessmentRecurringScansProperties Optional
storageAccountAccessKey	Specifies the identifier key of the storage account for vulnerability assessment scan results. If ‘StorageContainerSasKey’ isn’t specified, storageAccountAccessKey is required. Applies only if the storage account is not behind a Vnet or a firewall	genruntime.SecretReference Optional
storageContainerPath	A blob storage container path to hold the scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/). It is required if server level vulnerability assessment policy doesn’t set	string Optional
storageContainerPathFromConfig	A blob storage container path to hold the scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/). It is required if server level vulnerability assessment policy doesn’t set	genruntime.ConfigMapReference Optional
storageContainerSasKey	A shared access signature (SAS Key) that has write access to the blob container specified in ‘storageContainerPath’ parameter. If ‘storageAccountAccessKey’ isn’t specified, StorageContainerSasKey is required. Applies only if the storage account is not behind a Vnet or a firewall	genruntime.SecretReference Optional

ServersDatabasesVulnerabilityAssessment_STATUS

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
id	Resource ID.	string Optional
name	Resource name.	string Optional
recurringScans	The recurring scans settings	VulnerabilityAssessmentRecurringScansProperties_STATUS Optional
storageContainerPath	A blob storage container path to hold the scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/). It is required if server level vulnerability assessment policy doesn’t set	string Optional
type	Resource type.	string Optional

ServersDatabasesVulnerabilityAssessmentList

Property	Description	Type
metav1.TypeMeta
metav1.ListMeta
items		ServersDatabasesVulnerabilityAssessment[] Optional

ServersElasticPool

Generator information: - Generated from: /sql/resource-manager/Microsoft.Sql/stable/2021-11-01/ElasticPools.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/elasticPools/{elasticPoolName}

Used by: ServersElasticPoolList.

Property	Description	Type
metav1.TypeMeta
metav1.ObjectMeta
spec		ServersElasticPool_Spec Optional
status		ServersElasticPool_STATUS Optional

ServersElasticPool_Spec

Property	Description	Type
azureName	The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.	string Optional
highAvailabilityReplicaCount	The number of secondary replicas associated with the elastic pool that are used to provide high availability. Applicable only to Hyperscale elastic pools.	int Optional
licenseType	The license type to apply for this elastic pool.	ElasticPoolProperties_LicenseType Optional
location	Resource location.	string Required
maintenanceConfigurationId	Maintenance configuration id assigned to the elastic pool. This configuration defines the period when the maintenance updates will will occur.	string Optional
maxSizeBytes	The storage limit for the database elastic pool in bytes.	int Optional
minCapacity	Minimal capacity that serverless pool will not shrink below, if not paused	float64 Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersElasticPoolOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource	genruntime.KnownResourceReference Required
perDatabaseSettings	The per database settings for the elastic pool.	ElasticPoolPerDatabaseSettings Optional
sku	The elastic pool SKU. The list of SKUs may vary by region and support offer. To determine the SKUs (including the SKU name, tier/edition, family, and capacity) that are available to your subscription in an Azure region, use the `Capabilities_ListByLocation` REST API or the following command: `azurecli az sql elastic-pool list-editions -l <location> -o table``	Sku Optional
tags	Resource tags.	map[string]string Optional
zoneRedundant	Whether or not this elastic pool is zone redundant, which means the replicas of this elastic pool will be spread across multiple availability zones.	bool Optional

ServersElasticPool_STATUS

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
creationDate	The creation date of the elastic pool (ISO8601 format).	string Optional
highAvailabilityReplicaCount	The number of secondary replicas associated with the elastic pool that are used to provide high availability. Applicable only to Hyperscale elastic pools.	int Optional
id	Resource ID.	string Optional
kind	Kind of elastic pool. This is metadata used for the Azure portal experience.	string Optional
licenseType	The license type to apply for this elastic pool.	ElasticPoolProperties_LicenseType_STATUS Optional
location	Resource location.	string Optional
maintenanceConfigurationId	Maintenance configuration id assigned to the elastic pool. This configuration defines the period when the maintenance updates will will occur.	string Optional
maxSizeBytes	The storage limit for the database elastic pool in bytes.	int Optional
minCapacity	Minimal capacity that serverless pool will not shrink below, if not paused	float64 Optional
name	Resource name.	string Optional
perDatabaseSettings	The per database settings for the elastic pool.	ElasticPoolPerDatabaseSettings_STATUS Optional
sku	The elastic pool SKU. The list of SKUs may vary by region and support offer. To determine the SKUs (including the SKU name, tier/edition, family, and capacity) that are available to your subscription in an Azure region, use the `Capabilities_ListByLocation` REST API or the following command: `azurecli az sql elastic-pool list-editions -l <location> -o table``	Sku_STATUS Optional
state	The state of the elastic pool.	ElasticPoolProperties_State_STATUS Optional
tags	Resource tags.	map[string]string Optional
type	Resource type.	string Optional
zoneRedundant	Whether or not this elastic pool is zone redundant, which means the replicas of this elastic pool will be spread across multiple availability zones.	bool Optional

ServersElasticPoolList

Property	Description	Type
metav1.TypeMeta
metav1.ListMeta
items		ServersElasticPool[] Optional

ServersFailoverGroup

Generator information: - Generated from: /sql/resource-manager/Microsoft.Sql/stable/2021-11-01/FailoverGroups.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/failoverGroups/{failoverGroupName}

Used by: ServersFailoverGroupList.

Property	Description	Type
metav1.TypeMeta
metav1.ObjectMeta
spec		ServersFailoverGroup_Spec Optional
status		ServersFailoverGroup_STATUS Optional

ServersFailoverGroup_Spec

Property	Description	Type
azureName	The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.	string Optional
databasesReferences	List of databases in the failover group.	genruntime.ResourceReference[] Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersFailoverGroupOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource	genruntime.KnownResourceReference Required
partnerServers	List of partner server information for the failover group.	PartnerInfo[] Required
readOnlyEndpoint	Read-only endpoint of the failover group instance.	FailoverGroupReadOnlyEndpoint Optional
readWriteEndpoint	Read-write endpoint of the failover group instance.	FailoverGroupReadWriteEndpoint Required
tags	Resource tags.	map[string]string Optional

ServersFailoverGroup_STATUS

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
databases	List of databases in the failover group.	string[] Optional
id	Resource ID.	string Optional
location	Resource location.	string Optional
name	Resource name.	string Optional
partnerServers	List of partner server information for the failover group.	PartnerInfo_STATUS[] Optional
readOnlyEndpoint	Read-only endpoint of the failover group instance.	FailoverGroupReadOnlyEndpoint_STATUS Optional
readWriteEndpoint	Read-write endpoint of the failover group instance.	FailoverGroupReadWriteEndpoint_STATUS Optional
replicationRole	Local replication role of the failover group instance.	FailoverGroupProperties_ReplicationRole_STATUS Optional
replicationState	Replication state of the failover group instance.	string Optional
tags	Resource tags.	map[string]string Optional
type	Resource type.	string Optional

ServersFailoverGroupList

Property	Description	Type
metav1.TypeMeta
metav1.ListMeta
items		ServersFailoverGroup[] Optional

ServersFirewallRule

Generator information: - Generated from: /sql/resource-manager/Microsoft.Sql/stable/2021-11-01/FirewallRules.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/firewallRules/{firewallRuleName}

Used by: ServersFirewallRuleList.

Property	Description	Type
metav1.TypeMeta
metav1.ObjectMeta
spec		ServersFirewallRule_Spec Optional
status		ServersFirewallRule_STATUS Optional

ServersFirewallRule_Spec

Property	Description	Type
azureName	The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.	string Optional
endIpAddress	The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value ‘0.0.0.0’ for all Azure-internal IP addresses.	string Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersFirewallRuleOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource	genruntime.KnownResourceReference Required
startIpAddress	The start IP address of the firewall rule. Must be IPv4 format. Use value ‘0.0.0.0’ for all Azure-internal IP addresses.	string Optional

ServersFirewallRule_STATUS

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
endIpAddress	The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value ‘0.0.0.0’ for all Azure-internal IP addresses.	string Optional
id	Resource ID.	string Optional
name	Resource name.	string Optional
startIpAddress	The start IP address of the firewall rule. Must be IPv4 format. Use value ‘0.0.0.0’ for all Azure-internal IP addresses.	string Optional
type	Resource type.	string Optional

ServersFirewallRuleList

Property	Description	Type
metav1.TypeMeta
metav1.ListMeta
items		ServersFirewallRule[] Optional

ServersIPV6FirewallRule

Generator information: - Generated from: /sql/resource-manager/Microsoft.Sql/stable/2021-11-01/IPv6FirewallRules.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/ipv6FirewallRules/{firewallRuleName}

Used by: ServersIPV6FirewallRuleList.

Property	Description	Type
metav1.TypeMeta
metav1.ObjectMeta
spec		ServersIPV6FirewallRule_Spec Optional
status		ServersIPV6FirewallRule_STATUS Optional

ServersIPV6FirewallRule_Spec

Property	Description	Type
azureName	The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.	string Optional
endIPv6Address	The end IP address of the firewall rule. Must be IPv6 format. Must be greater than or equal to startIpAddress.	string Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersIPV6FirewallRuleOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource	genruntime.KnownResourceReference Required
startIPv6Address	The start IP address of the firewall rule. Must be IPv6 format.	string Optional

ServersIPV6FirewallRule_STATUS

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
endIPv6Address	The end IP address of the firewall rule. Must be IPv6 format. Must be greater than or equal to startIpAddress.	string Optional
id	Resource ID.	string Optional
name	Resource name.	string Optional
startIPv6Address	The start IP address of the firewall rule. Must be IPv6 format.	string Optional
type	Resource type.	string Optional

ServersIPV6FirewallRuleList

Property	Description	Type
metav1.TypeMeta
metav1.ListMeta
items		ServersIPV6FirewallRule[] Optional

ServersOutboundFirewallRule

Generator information: - Generated from: /sql/resource-manager/Microsoft.Sql/stable/2021-11-01/OutboundFirewallRules.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/outboundFirewallRules/{outboundRuleFqdn}

Used by: ServersOutboundFirewallRuleList.

Property	Description	Type
metav1.TypeMeta
metav1.ObjectMeta
spec		ServersOutboundFirewallRule_Spec Optional
status		ServersOutboundFirewallRule_STATUS Optional

ServersOutboundFirewallRule_Spec

Property	Description	Type
azureName	The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.	string Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersOutboundFirewallRuleOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource	genruntime.KnownResourceReference Required

ServersOutboundFirewallRule_STATUS

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
id	Resource ID.	string Optional
name	Resource name.	string Optional
provisioningState	The state of the outbound rule.	string Optional
type	Resource type.	string Optional

ServersOutboundFirewallRuleList

Property	Description	Type
metav1.TypeMeta
metav1.ListMeta
items		ServersOutboundFirewallRule[] Optional

ServersSecurityAlertPolicy

Generator information: - Generated from: /sql/resource-manager/Microsoft.Sql/stable/2021-11-01/ServerSecurityAlertPolicies.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/securityAlertPolicies/Default

Used by: ServersSecurityAlertPolicyList.

Property	Description	Type
metav1.TypeMeta
metav1.ObjectMeta
spec		ServersSecurityAlertPolicy_Spec Optional
status		ServersSecurityAlertPolicy_STATUS Optional

ServersSecurityAlertPolicy_Spec

Property	Description	Type
disabledAlerts	Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action, Brute_Force	string[] Optional
emailAccountAdmins	Specifies that the alert is sent to the account administrators.	bool Optional
emailAddresses	Specifies an array of e-mail addresses to which the alert is sent.	string[] Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersSecurityAlertPolicyOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource	genruntime.KnownResourceReference Required
retentionDays	Specifies the number of days to keep in the Threat Detection audit logs.	int Optional
state	Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database.	ServerSecurityAlertPoliciesSecurityAlertsPolicyProperties_State Required
storageAccountAccessKey	Specifies the identifier key of the Threat Detection audit storage account.	genruntime.SecretReference Optional
storageEndpoint	Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.	string Optional

ServersSecurityAlertPolicy_STATUS

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
creationTime	Specifies the UTC creation time of the policy.	string Optional
disabledAlerts	Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action, Brute_Force	string[] Optional
emailAccountAdmins	Specifies that the alert is sent to the account administrators.	bool Optional
emailAddresses	Specifies an array of e-mail addresses to which the alert is sent.	string[] Optional
id	Resource ID.	string Optional
name	Resource name.	string Optional
retentionDays	Specifies the number of days to keep in the Threat Detection audit logs.	int Optional
state	Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database.	ServerSecurityAlertPoliciesSecurityAlertsPolicyProperties_State_STATUS Optional
storageEndpoint	Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.	string Optional
systemData	SystemData of SecurityAlertPolicyResource.	SystemData_STATUS Optional
type	Resource type.	string Optional

ServersSecurityAlertPolicyList

Property	Description	Type
metav1.TypeMeta
metav1.ListMeta
items		ServersSecurityAlertPolicy[] Optional

ServersVirtualNetworkRule

Generator information: - Generated from: /sql/resource-manager/Microsoft.Sql/stable/2021-11-01/VirtualNetworkRules.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/virtualNetworkRules/{virtualNetworkRuleName}

Used by: ServersVirtualNetworkRuleList.

Property	Description	Type
metav1.TypeMeta
metav1.ObjectMeta
spec		ServersVirtualNetworkRule_Spec Optional
status		ServersVirtualNetworkRule_STATUS Optional

ServersVirtualNetworkRule_Spec

Property	Description	Type
azureName	The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.	string Optional
ignoreMissingVnetServiceEndpoint	Create firewall rule before the virtual network has vnet service endpoint enabled.	bool Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersVirtualNetworkRuleOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource	genruntime.KnownResourceReference Required
virtualNetworkSubnetReference	The ARM resource id of the virtual network subnet.	genruntime.ResourceReference Required

ServersVirtualNetworkRule_STATUS

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
id	Resource ID.	string Optional
ignoreMissingVnetServiceEndpoint	Create firewall rule before the virtual network has vnet service endpoint enabled.	bool Optional
name	Resource name.	string Optional
state	Virtual Network Rule State	VirtualNetworkRuleProperties_State_STATUS Optional
type	Resource type.	string Optional
virtualNetworkSubnetId	The ARM resource id of the virtual network subnet.	string Optional

ServersVirtualNetworkRuleList

Property	Description	Type
metav1.TypeMeta
metav1.ListMeta
items		ServersVirtualNetworkRule[] Optional

ServersVulnerabilityAssessment

Generator information: - Generated from: /sql/resource-manager/Microsoft.Sql/stable/2021-11-01/ServerVulnerabilityAssessments.json - ARM URI: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/vulnerabilityAssessments/default

Used by: ServersVulnerabilityAssessmentList.

Property	Description	Type
metav1.TypeMeta
metav1.ObjectMeta
spec		ServersVulnerabilityAssessment_Spec Optional
status		ServersVulnerabilityAssessment_STATUS Optional

ServersVulnerabilityAssessment_Spec

Property	Description	Type
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersVulnerabilityAssessmentOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource	genruntime.KnownResourceReference Required
recurringScans	The recurring scans settings	VulnerabilityAssessmentRecurringScansProperties Optional
storageAccountAccessKey	Specifies the identifier key of the storage account for vulnerability assessment scan results. If ‘StorageContainerSasKey’ isn’t specified, storageAccountAccessKey is required. Applies only if the storage account is not behind a Vnet or a firewall	genruntime.SecretReference Optional
storageContainerPath	A blob storage container path to hold the scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/).	string Optional
storageContainerPathFromConfig	A blob storage container path to hold the scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/).	genruntime.ConfigMapReference Optional
storageContainerSasKey	A shared access signature (SAS Key) that has write access to the blob container specified in ‘storageContainerPath’ parameter. If ‘storageAccountAccessKey’ isn’t specified, StorageContainerSasKey is required. Applies only if the storage account is not behind a Vnet or a firewall	genruntime.SecretReference Optional

ServersVulnerabilityAssessment_STATUS

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
id	Resource ID.	string Optional
name	Resource name.	string Optional
recurringScans	The recurring scans settings	VulnerabilityAssessmentRecurringScansProperties_STATUS Optional
storageContainerPath	A blob storage container path to hold the scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/).	string Optional
type	Resource type.	string Optional

ServersVulnerabilityAssessmentList

Property	Description	Type
metav1.TypeMeta
metav1.ListMeta
items		ServersVulnerabilityAssessment[] Optional

Server_Spec

Used by: Server.

Property	Description	Type
administratorLogin	Administrator username for the server. Once created it cannot be changed.	string Optional
administratorLoginPassword	The administrator login password (required for server creation).	genruntime.SecretReference Optional
administrators	The Azure Active Directory administrator of the server.	ServerExternalAdministrator Optional
azureName	The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.	string Optional
federatedClientId	The Client id used for cross tenant CMK scenario	string Optional
identity	The Azure Active Directory identity of the server.	ResourceIdentity Optional
keyId	A CMK URI of the key to use for encryption.	string Optional
location	Resource location.	string Required
minimalTlsVersion	Minimal TLS version. Allowed values: ‘1.0’, ‘1.1’, ‘1.2’	string Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServerOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a resources.azure.com/ResourceGroup resource	genruntime.KnownResourceReference Required
primaryUserAssignedIdentityReference	The resource id of a user assigned identity to be used by default.	genruntime.ResourceReference Optional
publicNetworkAccess	Whether or not public endpoint access is allowed for this server. Value is optional but if passed in, must be ‘Enabled’ or ‘Disabled’	ServerProperties_PublicNetworkAccess Optional
restrictOutboundNetworkAccess	Whether or not to restrict outbound network access for this server. Value is optional but if passed in, must be ‘Enabled’ or ‘Disabled’	ServerProperties_RestrictOutboundNetworkAccess Optional
tags	Resource tags.	map[string]string Optional
version	The version of the server.	string Optional

Server_STATUS

An Azure SQL Database server.

Used by: Server.

Property	Description	Type
administratorLogin	Administrator username for the server. Once created it cannot be changed.	string Optional
administrators	The Azure Active Directory administrator of the server.	ServerExternalAdministrator_STATUS Optional
conditions	The observed state of the resource	conditions.Condition[] Optional
federatedClientId	The Client id used for cross tenant CMK scenario	string Optional
fullyQualifiedDomainName	The fully qualified domain name of the server.	string Optional
id	Resource ID.	string Optional
identity	The Azure Active Directory identity of the server.	ResourceIdentity_STATUS Optional
keyId	A CMK URI of the key to use for encryption.	string Optional
kind	Kind of sql server. This is metadata used for the Azure portal experience.	string Optional
location	Resource location.	string Optional
minimalTlsVersion	Minimal TLS version. Allowed values: ‘1.0’, ‘1.1’, ‘1.2’	string Optional
name	Resource name.	string Optional
primaryUserAssignedIdentityId	The resource id of a user assigned identity to be used by default.	string Optional
privateEndpointConnections	List of private endpoint connections on a server	ServerPrivateEndpointConnection_STATUS[] Optional
publicNetworkAccess	Whether or not public endpoint access is allowed for this server. Value is optional but if passed in, must be ‘Enabled’ or ‘Disabled’	ServerProperties_PublicNetworkAccess_STATUS Optional
restrictOutboundNetworkAccess	Whether or not to restrict outbound network access for this server. Value is optional but if passed in, must be ‘Enabled’ or ‘Disabled’	ServerProperties_RestrictOutboundNetworkAccess_STATUS Optional
state	The state of the server.	string Optional
tags	Resource tags.	map[string]string Optional
type	Resource type.	string Optional
version	The version of the server.	string Optional
workspaceFeature	Whether or not existing server has a workspace created and if it allows connection from workspace	ServerProperties_WorkspaceFeature_STATUS Optional

ServersAdministrator_Spec

Used by: ServersAdministrator.

Property	Description	Type
administratorType	Type of the sever administrator.	AdministratorProperties_AdministratorType Required
login	Login name of the server administrator.	string Required
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersAdministratorOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource	genruntime.KnownResourceReference Required
sid	SID (object ID) of the server administrator.	string Optional
sidFromConfig	SID (object ID) of the server administrator.	genruntime.ConfigMapReference Optional
tenantId	Tenant ID of the administrator.	string Optional
tenantIdFromConfig	Tenant ID of the administrator.	genruntime.ConfigMapReference Optional

ServersAdministrator_STATUS

Used by: ServersAdministrator.

Property	Description	Type
administratorType	Type of the sever administrator.	AdministratorProperties_AdministratorType_STATUS Optional
azureADOnlyAuthentication	Azure Active Directory only Authentication enabled.	bool Optional
conditions	The observed state of the resource	conditions.Condition[] Optional
id	Resource ID.	string Optional
login	Login name of the server administrator.	string Optional
name	Resource name.	string Optional
sid	SID (object ID) of the server administrator.	string Optional
tenantId	Tenant ID of the administrator.	string Optional
type	Resource type.	string Optional

ServersAdvancedThreatProtectionSetting_Spec

Used by: ServersAdvancedThreatProtectionSetting.

Property	Description	Type
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersAdvancedThreatProtectionSettingOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource	genruntime.KnownResourceReference Required
state	Specifies the state of the Advanced Threat Protection, whether it is enabled or disabled or a state has not been applied yet on the specific database or server.	AdvancedThreatProtectionProperties_State Required

ServersAdvancedThreatProtectionSetting_STATUS

Used by: ServersAdvancedThreatProtectionSetting.

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
creationTime	Specifies the UTC creation time of the policy.	string Optional
id	Resource ID.	string Optional
name	Resource name.	string Optional
state	Specifies the state of the Advanced Threat Protection, whether it is enabled or disabled or a state has not been applied yet on the specific database or server.	AdvancedThreatProtectionProperties_State_STATUS Optional
systemData	SystemData of AdvancedThreatProtectionResource.	SystemData_STATUS Optional
type	Resource type.	string Optional

ServersAuditingSetting_Spec

Used by: ServersAuditingSetting.

Property	Description	Type
auditActionsAndGroups	Specifies the Actions-Groups and Actions to audit. The recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins: BATCH_COMPLETED_GROUP, SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP. This above combination is also the set that is configured by default when enabling auditing from the Azure portal. The supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records): APPLICATION_ROLE_CHANGE_PASSWORD_GROUP BACKUP_RESTORE_GROUP DATABASE_LOGOUT_GROUP DATABASE_OBJECT_CHANGE_GROUP DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP DATABASE_OBJECT_PERMISSION_CHANGE_GROUP DATABASE_OPERATION_GROUP DATABASE_PERMISSION_CHANGE_GROUP DATABASE_PRINCIPAL_CHANGE_GROUP DATABASE_PRINCIPAL_IMPERSONATION_GROUP DATABASE_ROLE_MEMBER_CHANGE_GROUP FAILED_DATABASE_AUTHENTICATION_GROUP SCHEMA_OBJECT_ACCESS_GROUP SCHEMA_OBJECT_CHANGE_GROUP SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP USER_CHANGE_PASSWORD_GROUP BATCH_STARTED_GROUP BATCH_COMPLETED_GROUP DBCC_GROUP DATABASE_OWNERSHIP_CHANGE_GROUP DATABASE_CHANGE_GROUP LEDGER_OPERATION_GROUP These are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs. For more information, see Database-Level Audit Action Groups. For Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are: SELECT UPDATE INSERT DELETE EXECUTE RECEIVE REFERENCES The general form for defining an action to be audited is: {action} ON {object} BY {principal} Note that	string[] Optional
isAzureMonitorTargetEnabled	Specifies whether audit events are sent to Azure Monitor. In order to send the events to Azure Monitor, specify ‘State’ as ‘Enabled’ and ‘IsAzureMonitorTargetEnabled’ as true. When using REST API to configure auditing, Diagnostic Settings with ‘SQLSecurityAuditEvents’ diagnostic logs category on the database should be also created. Note that for server level audit you should use the ‘master’ database as {databaseName}. Diagnostic Settings URI format: PUT https://management.azure.com/&ZeroWidthSpace;subscriptions/&ZeroWidthSpace;{subscriptionId}/&ZeroWidthSpace;resourceGroups/&ZeroWidthSpace;{resourceGroup}/&ZeroWidthSpace;providers/&ZeroWidthSpace;Microsoft.Sql/servers/{serverName}/databases/{databaseName}/providers/microsoft.insights/diagnosticSettings/{settingsName}?api-version=2017-05-01-preview For more information, see Diagnostic Settings REST API or Diagnostic Settings PowerShell	bool Optional
isDevopsAuditEnabled	Specifies the state of devops audit. If state is Enabled, devops logs will be sent to Azure Monitor. In order to send the events to Azure Monitor, specify ‘State’ as ‘Enabled’, ‘IsAzureMonitorTargetEnabled’ as true and ‘IsDevopsAuditEnabled’ as true When using REST API to configure auditing, Diagnostic Settings with ‘DevOpsOperationsAudit’ diagnostic logs category on the master database should also be created. Diagnostic Settings URI format: PUT https://management.azure.com/&ZeroWidthSpace;subscriptions/&ZeroWidthSpace;{subscriptionId}/&ZeroWidthSpace;resourceGroups/&ZeroWidthSpace;{resourceGroup}/&ZeroWidthSpace;providers/&ZeroWidthSpace;Microsoft.Sql/servers/{serverName}/databases/master/providers/microsoft.insights/diagnosticSettings/{settingsName}?api-version=2017-05-01-preview For more information, see Diagnostic Settings REST API or Diagnostic Settings PowerShell	bool Optional
isManagedIdentityInUse	Specifies whether Managed Identity is used to access blob storage	bool Optional
isStorageSecondaryKeyInUse	Specifies whether storageAccountAccessKey value is the storage’s secondary key.	bool Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersAuditingSettingOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource	genruntime.KnownResourceReference Required
queueDelayMs	Specifies the amount of time in milliseconds that can elapse before audit actions are forced to be processed. The default minimum value is 1000 (1 second). The maximum is 2,147,483,647.	int Optional
retentionDays	Specifies the number of days to keep in the audit logs in the storage account.	int Optional
state	Specifies the state of the audit. If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required.	ServerBlobAuditingPolicyProperties_State Required
storageAccountAccessKey	Specifies the identifier key of the auditing storage account. If state is Enabled and storageEndpoint is specified, not specifying the storageAccountAccessKey will use SQL server system-assigned managed identity to access the storage. Prerequisites for using managed identity authentication: 1. Assign SQL Server a system-assigned managed identity in Azure Active Directory (AAD). 2. Grant SQL Server identity access to the storage account by adding ‘Storage Blob Data Contributor’ RBAC role to the server identity. For more information, see Auditing to storage using Managed Identity authentication	genruntime.SecretReference Optional
storageAccountSubscriptionId	Specifies the blob storage subscription Id.	string Optional
storageEndpoint	Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled is required.	string Optional

ServersAuditingSetting_STATUS

Used by: ServersAuditingSetting.

Property	Description	Type
auditActionsAndGroups	Specifies the Actions-Groups and Actions to audit. The recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins: BATCH_COMPLETED_GROUP, SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP. This above combination is also the set that is configured by default when enabling auditing from the Azure portal. The supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records): APPLICATION_ROLE_CHANGE_PASSWORD_GROUP BACKUP_RESTORE_GROUP DATABASE_LOGOUT_GROUP DATABASE_OBJECT_CHANGE_GROUP DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP DATABASE_OBJECT_PERMISSION_CHANGE_GROUP DATABASE_OPERATION_GROUP DATABASE_PERMISSION_CHANGE_GROUP DATABASE_PRINCIPAL_CHANGE_GROUP DATABASE_PRINCIPAL_IMPERSONATION_GROUP DATABASE_ROLE_MEMBER_CHANGE_GROUP FAILED_DATABASE_AUTHENTICATION_GROUP SCHEMA_OBJECT_ACCESS_GROUP SCHEMA_OBJECT_CHANGE_GROUP SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP USER_CHANGE_PASSWORD_GROUP BATCH_STARTED_GROUP BATCH_COMPLETED_GROUP DBCC_GROUP DATABASE_OWNERSHIP_CHANGE_GROUP DATABASE_CHANGE_GROUP LEDGER_OPERATION_GROUP These are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs. For more information, see Database-Level Audit Action Groups. For Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are: SELECT UPDATE INSERT DELETE EXECUTE RECEIVE REFERENCES The general form for defining an action to be audited is: {action} ON {object} BY {principal} Note that	string[] Optional
conditions	The observed state of the resource	conditions.Condition[] Optional
id	Resource ID.	string Optional
isAzureMonitorTargetEnabled	Specifies whether audit events are sent to Azure Monitor. In order to send the events to Azure Monitor, specify ‘State’ as ‘Enabled’ and ‘IsAzureMonitorTargetEnabled’ as true. When using REST API to configure auditing, Diagnostic Settings with ‘SQLSecurityAuditEvents’ diagnostic logs category on the database should be also created. Note that for server level audit you should use the ‘master’ database as {databaseName}. Diagnostic Settings URI format: PUT https://management.azure.com/&ZeroWidthSpace;subscriptions/&ZeroWidthSpace;{subscriptionId}/&ZeroWidthSpace;resourceGroups/&ZeroWidthSpace;{resourceGroup}/&ZeroWidthSpace;providers/&ZeroWidthSpace;Microsoft.Sql/servers/{serverName}/databases/{databaseName}/providers/microsoft.insights/diagnosticSettings/{settingsName}?api-version=2017-05-01-preview For more information, see Diagnostic Settings REST API or Diagnostic Settings PowerShell	bool Optional
isDevopsAuditEnabled	Specifies the state of devops audit. If state is Enabled, devops logs will be sent to Azure Monitor. In order to send the events to Azure Monitor, specify ‘State’ as ‘Enabled’, ‘IsAzureMonitorTargetEnabled’ as true and ‘IsDevopsAuditEnabled’ as true When using REST API to configure auditing, Diagnostic Settings with ‘DevOpsOperationsAudit’ diagnostic logs category on the master database should also be created. Diagnostic Settings URI format: PUT https://management.azure.com/&ZeroWidthSpace;subscriptions/&ZeroWidthSpace;{subscriptionId}/&ZeroWidthSpace;resourceGroups/&ZeroWidthSpace;{resourceGroup}/&ZeroWidthSpace;providers/&ZeroWidthSpace;Microsoft.Sql/servers/{serverName}/databases/master/providers/microsoft.insights/diagnosticSettings/{settingsName}?api-version=2017-05-01-preview For more information, see Diagnostic Settings REST API or Diagnostic Settings PowerShell	bool Optional
isManagedIdentityInUse	Specifies whether Managed Identity is used to access blob storage	bool Optional
isStorageSecondaryKeyInUse	Specifies whether storageAccountAccessKey value is the storage’s secondary key.	bool Optional
name	Resource name.	string Optional
queueDelayMs	Specifies the amount of time in milliseconds that can elapse before audit actions are forced to be processed. The default minimum value is 1000 (1 second). The maximum is 2,147,483,647.	int Optional
retentionDays	Specifies the number of days to keep in the audit logs in the storage account.	int Optional
state	Specifies the state of the audit. If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required.	ServerBlobAuditingPolicyProperties_State_STATUS Optional
storageAccountSubscriptionId	Specifies the blob storage subscription Id.	string Optional
storageEndpoint	Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled is required.	string Optional
type	Resource type.	string Optional

ServersAzureADOnlyAuthentication_Spec

Used by: ServersAzureADOnlyAuthentication.

Property	Description	Type
azureADOnlyAuthentication	Azure Active Directory only Authentication enabled.	bool Required
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersAzureADOnlyAuthenticationOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource	genruntime.KnownResourceReference Required

ServersAzureADOnlyAuthentication_STATUS

Used by: ServersAzureADOnlyAuthentication.

Property	Description	Type
azureADOnlyAuthentication	Azure Active Directory only Authentication enabled.	bool Optional
conditions	The observed state of the resource	conditions.Condition[] Optional
id	Resource ID.	string Optional
name	Resource name.	string Optional
type	Resource type.	string Optional

ServersConnectionPolicy_Spec

Used by: ServersConnectionPolicy.

Property	Description	Type
connectionType	The server connection type.	ServerConnectionPolicyProperties_ConnectionType Required
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersConnectionPolicyOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource	genruntime.KnownResourceReference Required

ServersConnectionPolicy_STATUS

Used by: ServersConnectionPolicy.

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
connectionType	The server connection type.	ServerConnectionPolicyProperties_ConnectionType_STATUS Optional
id	Resource ID.	string Optional
kind	Metadata used for the Azure portal experience.	string Optional
location	Resource location.	string Optional
name	Resource name.	string Optional
type	Resource type.	string Optional

ServersDatabase_Spec

Used by: ServersDatabase.

Property	Description	Type
autoPauseDelay	Time in minutes after which database is automatically paused. A value of -1 means that automatic pause is disabled	int Optional
azureName	The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.	string Optional
catalogCollation	Collation of the metadata catalog.	DatabaseProperties_CatalogCollation Optional
collation	The collation of the database.	string Optional
createMode	Specifies the mode of database creation. Default: regular database creation. Copy: creates a database as a copy of an existing database. sourceDatabaseId must be specified as the resource ID of the source database. Secondary: creates a database as a secondary replica of an existing database. sourceDatabaseId must be specified as the resource ID of the existing primary database. PointInTimeRestore: Creates a database by restoring a point in time backup of an existing database. sourceDatabaseId must be specified as the resource ID of the existing database, and restorePointInTime must be specified. Recovery: Creates a database by restoring a geo-replicated backup. sourceDatabaseId must be specified as the recoverable database resource ID to restore. Restore: Creates a database by restoring a backup of a deleted database. sourceDatabaseId must be specified. If sourceDatabaseId is the database’s original resource ID, then sourceDatabaseDeletionDate must be specified. Otherwise sourceDatabaseId must be the restorable dropped database resource ID and sourceDatabaseDeletionDate is ignored. restorePointInTime may also be specified to restore from an earlier point in time. RestoreLongTermRetentionBackup: Creates a database by restoring from a long term retention vault. recoveryServicesRecoveryPointResourceId must be specified as the recovery point resource ID. Copy, Secondary, and RestoreLongTermRetentionBackup are not supported for DataWarehouse edition.	DatabaseProperties_CreateMode Optional
elasticPoolReference	The resource identifier of the elastic pool containing this database.	genruntime.ResourceReference Optional
federatedClientId	The Client id used for cross tenant per database CMK scenario	string Optional
highAvailabilityReplicaCount	The number of secondary replicas associated with the database that are used to provide high availability. Not applicable to a Hyperscale database within an elastic pool.	int Optional
identity	The Azure Active Directory identity of the database.	DatabaseIdentity Optional
isLedgerOn	Whether or not this database is a ledger database, which means all tables in the database are ledger tables. Note: the value of this property cannot be changed after the database has been created.	bool Optional
licenseType	The license type to apply for this database. `LicenseIncluded` if you need a license, or `BasePrice` if you have a license and are eligible for the Azure Hybrid Benefit.	DatabaseProperties_LicenseType Optional
location	Resource location.	string Required
longTermRetentionBackupResourceReference	The resource identifier of the long term retention backup associated with create operation of this database.	genruntime.ResourceReference Optional
maintenanceConfigurationId	Maintenance configuration id assigned to the database. This configuration defines the period when the maintenance updates will occur.	string Optional
maxSizeBytes	The max size of the database expressed in bytes.	int Optional
minCapacity	Minimal capacity that database will always have allocated, if not paused	float64 Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersDatabaseOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource	genruntime.KnownResourceReference Required
readScale	The state of read-only routing. If enabled, connections that have application intent set to readonly in their connection string may be routed to a readonly secondary replica in the same region. Not applicable to a Hyperscale database within an elastic pool.	DatabaseProperties_ReadScale Optional
recoverableDatabaseReference	The resource identifier of the recoverable database associated with create operation of this database.	genruntime.ResourceReference Optional
recoveryServicesRecoveryPointReference	The resource identifier of the recovery point associated with create operation of this database.	genruntime.ResourceReference Optional
requestedBackupStorageRedundancy	The storage account type to be used to store backups for this database.	DatabaseProperties_RequestedBackupStorageRedundancy Optional
restorableDroppedDatabaseReference	The resource identifier of the restorable dropped database associated with create operation of this database.	genruntime.ResourceReference Optional
restorePointInTime	Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database.	string Optional
sampleName	The name of the sample schema to apply when creating this database.	DatabaseProperties_SampleName Optional
secondaryType	The secondary type of the database if it is a secondary. Valid values are Geo and Named.	DatabaseProperties_SecondaryType Optional
sku	The database SKU. The list of SKUs may vary by region and support offer. To determine the SKUs (including the SKU name, tier/edition, family, and capacity) that are available to your subscription in an Azure region, use the `Capabilities_ListByLocation` REST API or one of the following commands: azurecli az sql db list-editions -l <location> -o table``powershell Get-AzSqlServerServiceObjective -Location <location>``	Sku Optional
sourceDatabaseDeletionDate	Specifies the time that the database was deleted.	string Optional
sourceDatabaseReference	The resource identifier of the source database associated with create operation of this database.	genruntime.ResourceReference Optional
sourceResourceReference	The resource identifier of the source associated with the create operation of this database. This property is only supported for DataWarehouse edition and allows to restore across subscriptions. When sourceResourceId is specified, sourceDatabaseId, recoverableDatabaseId, restorableDroppedDatabaseId and sourceDatabaseDeletionDate must not be specified and CreateMode must be PointInTimeRestore, Restore or Recover. When createMode is PointInTimeRestore, sourceResourceId must be the resource ID of the existing database or existing sql pool, and restorePointInTime must be specified. When createMode is Restore, sourceResourceId must be the resource ID of restorable dropped database or restorable dropped sql pool. When createMode is Recover, sourceResourceId must be the resource ID of recoverable database or recoverable sql pool. When source subscription belongs to a different tenant than target subscription, “x-ms-authorization-auxiliary” header must contain authentication token for the source tenant. For more details about “x-ms-authorization-auxiliary” header see https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/authenticate-multi-tenant	genruntime.ResourceReference Optional
tags	Resource tags.	map[string]string Optional
zoneRedundant	Whether or not this database is zone redundant, which means the replicas of this database will be spread across multiple availability zones.	bool Optional

ServersDatabase_STATUS

Used by: ServersDatabase.

Property	Description	Type
autoPauseDelay	Time in minutes after which database is automatically paused. A value of -1 means that automatic pause is disabled	int Optional
catalogCollation	Collation of the metadata catalog.	DatabaseProperties_CatalogCollation_STATUS Optional
collation	The collation of the database.	string Optional
conditions	The observed state of the resource	conditions.Condition[] Optional
createMode	Specifies the mode of database creation. Default: regular database creation. Copy: creates a database as a copy of an existing database. sourceDatabaseId must be specified as the resource ID of the source database. Secondary: creates a database as a secondary replica of an existing database. sourceDatabaseId must be specified as the resource ID of the existing primary database. PointInTimeRestore: Creates a database by restoring a point in time backup of an existing database. sourceDatabaseId must be specified as the resource ID of the existing database, and restorePointInTime must be specified. Recovery: Creates a database by restoring a geo-replicated backup. sourceDatabaseId must be specified as the recoverable database resource ID to restore. Restore: Creates a database by restoring a backup of a deleted database. sourceDatabaseId must be specified. If sourceDatabaseId is the database’s original resource ID, then sourceDatabaseDeletionDate must be specified. Otherwise sourceDatabaseId must be the restorable dropped database resource ID and sourceDatabaseDeletionDate is ignored. restorePointInTime may also be specified to restore from an earlier point in time. RestoreLongTermRetentionBackup: Creates a database by restoring from a long term retention vault. recoveryServicesRecoveryPointResourceId must be specified as the recovery point resource ID. Copy, Secondary, and RestoreLongTermRetentionBackup are not supported for DataWarehouse edition.	DatabaseProperties_CreateMode_STATUS Optional
creationDate	The creation date of the database (ISO8601 format).	string Optional
currentBackupStorageRedundancy	The storage account type used to store backups for this database.	DatabaseProperties_CurrentBackupStorageRedundancy_STATUS Optional
currentServiceObjectiveName	The current service level objective name of the database.	string Optional
currentSku	The name and tier of the SKU.	Sku_STATUS Optional
databaseId	The ID of the database.	string Optional
defaultSecondaryLocation	The default secondary region for this database.	string Optional
earliestRestoreDate	This records the earliest start date and time that restore is available for this database (ISO8601 format).	string Optional
elasticPoolId	The resource identifier of the elastic pool containing this database.	string Optional
failoverGroupId	Failover Group resource identifier that this database belongs to.	string Optional
federatedClientId	The Client id used for cross tenant per database CMK scenario	string Optional
highAvailabilityReplicaCount	The number of secondary replicas associated with the database that are used to provide high availability. Not applicable to a Hyperscale database within an elastic pool.	int Optional
id	Resource ID.	string Optional
identity	The Azure Active Directory identity of the database.	DatabaseIdentity_STATUS Optional
isInfraEncryptionEnabled	Infra encryption is enabled for this database.	bool Optional
isLedgerOn	Whether or not this database is a ledger database, which means all tables in the database are ledger tables. Note: the value of this property cannot be changed after the database has been created.	bool Optional
kind	Kind of database. This is metadata used for the Azure portal experience.	string Optional
licenseType	The license type to apply for this database. `LicenseIncluded` if you need a license, or `BasePrice` if you have a license and are eligible for the Azure Hybrid Benefit.	DatabaseProperties_LicenseType_STATUS Optional
location	Resource location.	string Optional
longTermRetentionBackupResourceId	The resource identifier of the long term retention backup associated with create operation of this database.	string Optional
maintenanceConfigurationId	Maintenance configuration id assigned to the database. This configuration defines the period when the maintenance updates will occur.	string Optional
managedBy	Resource that manages the database.	string Optional
maxLogSizeBytes	The max log size for this database.	int Optional
maxSizeBytes	The max size of the database expressed in bytes.	int Optional
minCapacity	Minimal capacity that database will always have allocated, if not paused	float64 Optional
name	Resource name.	string Optional
pausedDate	The date when database was paused by user configuration or action(ISO8601 format). Null if the database is ready.	string Optional
readScale	The state of read-only routing. If enabled, connections that have application intent set to readonly in their connection string may be routed to a readonly secondary replica in the same region. Not applicable to a Hyperscale database within an elastic pool.	DatabaseProperties_ReadScale_STATUS Optional
recoverableDatabaseId	The resource identifier of the recoverable database associated with create operation of this database.	string Optional
recoveryServicesRecoveryPointId	The resource identifier of the recovery point associated with create operation of this database.	string Optional
requestedBackupStorageRedundancy	The storage account type to be used to store backups for this database.	DatabaseProperties_RequestedBackupStorageRedundancy_STATUS Optional
requestedServiceObjectiveName	The requested service level objective name of the database.	string Optional
restorableDroppedDatabaseId	The resource identifier of the restorable dropped database associated with create operation of this database.	string Optional
restorePointInTime	Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database.	string Optional
resumedDate	The date when database was resumed by user action or database login (ISO8601 format). Null if the database is paused.	string Optional
sampleName	The name of the sample schema to apply when creating this database.	DatabaseProperties_SampleName_STATUS Optional
secondaryType	The secondary type of the database if it is a secondary. Valid values are Geo and Named.	DatabaseProperties_SecondaryType_STATUS Optional
sku	The database SKU. The list of SKUs may vary by region and support offer. To determine the SKUs (including the SKU name, tier/edition, family, and capacity) that are available to your subscription in an Azure region, use the `Capabilities_ListByLocation` REST API or one of the following commands: azurecli az sql db list-editions -l <location> -o table``powershell Get-AzSqlServerServiceObjective -Location <location>``	Sku_STATUS Optional
sourceDatabaseDeletionDate	Specifies the time that the database was deleted.	string Optional
sourceDatabaseId	The resource identifier of the source database associated with create operation of this database.	string Optional
sourceResourceId	The resource identifier of the source associated with the create operation of this database. This property is only supported for DataWarehouse edition and allows to restore across subscriptions. When sourceResourceId is specified, sourceDatabaseId, recoverableDatabaseId, restorableDroppedDatabaseId and sourceDatabaseDeletionDate must not be specified and CreateMode must be PointInTimeRestore, Restore or Recover. When createMode is PointInTimeRestore, sourceResourceId must be the resource ID of the existing database or existing sql pool, and restorePointInTime must be specified. When createMode is Restore, sourceResourceId must be the resource ID of restorable dropped database or restorable dropped sql pool. When createMode is Recover, sourceResourceId must be the resource ID of recoverable database or recoverable sql pool. When source subscription belongs to a different tenant than target subscription, “x-ms-authorization-auxiliary” header must contain authentication token for the source tenant. For more details about “x-ms-authorization-auxiliary” header see https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/authenticate-multi-tenant	string Optional
status	The status of the database.	DatabaseProperties_Status_STATUS Optional
tags	Resource tags.	map[string]string Optional
type	Resource type.	string Optional
zoneRedundant	Whether or not this database is zone redundant, which means the replicas of this database will be spread across multiple availability zones.	bool Optional

ServersDatabasesAdvancedThreatProtectionSetting_Spec

Used by: ServersDatabasesAdvancedThreatProtectionSetting.

Property	Description	Type
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersDatabasesAdvancedThreatProtectionSettingOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/ServersDatabase resource	genruntime.KnownResourceReference Required
state	Specifies the state of the Advanced Threat Protection, whether it is enabled or disabled or a state has not been applied yet on the specific database or server.	AdvancedThreatProtectionProperties_State Required

ServersDatabasesAdvancedThreatProtectionSetting_STATUS

Used by: ServersDatabasesAdvancedThreatProtectionSetting.

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
creationTime	Specifies the UTC creation time of the policy.	string Optional
id	Resource ID.	string Optional
name	Resource name.	string Optional
state	Specifies the state of the Advanced Threat Protection, whether it is enabled or disabled or a state has not been applied yet on the specific database or server.	AdvancedThreatProtectionProperties_State_STATUS Optional
systemData	SystemData of AdvancedThreatProtectionResource.	SystemData_STATUS Optional
type	Resource type.	string Optional

ServersDatabasesAuditingSetting_Spec

Used by: ServersDatabasesAuditingSetting.

Property	Description	Type
auditActionsAndGroups	Specifies the Actions-Groups and Actions to audit. The recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins: BATCH_COMPLETED_GROUP, SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP. This above combination is also the set that is configured by default when enabling auditing from the Azure portal. The supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records): APPLICATION_ROLE_CHANGE_PASSWORD_GROUP BACKUP_RESTORE_GROUP DATABASE_LOGOUT_GROUP DATABASE_OBJECT_CHANGE_GROUP DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP DATABASE_OBJECT_PERMISSION_CHANGE_GROUP DATABASE_OPERATION_GROUP DATABASE_PERMISSION_CHANGE_GROUP DATABASE_PRINCIPAL_CHANGE_GROUP DATABASE_PRINCIPAL_IMPERSONATION_GROUP DATABASE_ROLE_MEMBER_CHANGE_GROUP FAILED_DATABASE_AUTHENTICATION_GROUP SCHEMA_OBJECT_ACCESS_GROUP SCHEMA_OBJECT_CHANGE_GROUP SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP USER_CHANGE_PASSWORD_GROUP BATCH_STARTED_GROUP BATCH_COMPLETED_GROUP DBCC_GROUP DATABASE_OWNERSHIP_CHANGE_GROUP DATABASE_CHANGE_GROUP LEDGER_OPERATION_GROUP These are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs. For more information, see Database-Level Audit Action Groups. For Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are: SELECT UPDATE INSERT DELETE EXECUTE RECEIVE REFERENCES The general form for defining an action to be audited is: {action} ON {object} BY {principal} Note that	string[] Optional
isAzureMonitorTargetEnabled	Specifies whether audit events are sent to Azure Monitor. In order to send the events to Azure Monitor, specify ‘State’ as ‘Enabled’ and ‘IsAzureMonitorTargetEnabled’ as true. When using REST API to configure auditing, Diagnostic Settings with ‘SQLSecurityAuditEvents’ diagnostic logs category on the database should be also created. Note that for server level audit you should use the ‘master’ database as {databaseName}. Diagnostic Settings URI format: PUT https://management.azure.com/&ZeroWidthSpace;subscriptions/&ZeroWidthSpace;{subscriptionId}/&ZeroWidthSpace;resourceGroups/&ZeroWidthSpace;{resourceGroup}/&ZeroWidthSpace;providers/&ZeroWidthSpace;Microsoft.Sql/servers/{serverName}/databases/{databaseName}/providers/microsoft.insights/diagnosticSettings/{settingsName}?api-version=2017-05-01-preview For more information, see Diagnostic Settings REST API or Diagnostic Settings PowerShell	bool Optional
isManagedIdentityInUse	Specifies whether Managed Identity is used to access blob storage	bool Optional
isStorageSecondaryKeyInUse	Specifies whether storageAccountAccessKey value is the storage’s secondary key.	bool Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersDatabasesAuditingSettingOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/ServersDatabase resource	genruntime.KnownResourceReference Required
queueDelayMs	Specifies the amount of time in milliseconds that can elapse before audit actions are forced to be processed. The default minimum value is 1000 (1 second). The maximum is 2,147,483,647.	int Optional
retentionDays	Specifies the number of days to keep in the audit logs in the storage account.	int Optional
state	Specifies the state of the audit. If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required.	DatabaseBlobAuditingPolicyProperties_State Required
storageAccountAccessKey	Specifies the identifier key of the auditing storage account. If state is Enabled and storageEndpoint is specified, not specifying the storageAccountAccessKey will use SQL server system-assigned managed identity to access the storage. Prerequisites for using managed identity authentication: 1. Assign SQL Server a system-assigned managed identity in Azure Active Directory (AAD). 2. Grant SQL Server identity access to the storage account by adding ‘Storage Blob Data Contributor’ RBAC role to the server identity. For more information, see Auditing to storage using Managed Identity authentication	genruntime.SecretReference Optional
storageAccountSubscriptionId	Specifies the blob storage subscription Id.	string Optional
storageEndpoint	Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled is required.	string Optional

ServersDatabasesAuditingSetting_STATUS

Used by: ServersDatabasesAuditingSetting.

Property	Description	Type
auditActionsAndGroups	Specifies the Actions-Groups and Actions to audit. The recommended set of action groups to use is the following combination - this will audit all the queries and stored procedures executed against the database, as well as successful and failed logins: BATCH_COMPLETED_GROUP, SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP. This above combination is also the set that is configured by default when enabling auditing from the Azure portal. The supported action groups to audit are (note: choose only specific groups that cover your auditing needs. Using unnecessary groups could lead to very large quantities of audit records): APPLICATION_ROLE_CHANGE_PASSWORD_GROUP BACKUP_RESTORE_GROUP DATABASE_LOGOUT_GROUP DATABASE_OBJECT_CHANGE_GROUP DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP DATABASE_OBJECT_PERMISSION_CHANGE_GROUP DATABASE_OPERATION_GROUP DATABASE_PERMISSION_CHANGE_GROUP DATABASE_PRINCIPAL_CHANGE_GROUP DATABASE_PRINCIPAL_IMPERSONATION_GROUP DATABASE_ROLE_MEMBER_CHANGE_GROUP FAILED_DATABASE_AUTHENTICATION_GROUP SCHEMA_OBJECT_ACCESS_GROUP SCHEMA_OBJECT_CHANGE_GROUP SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP USER_CHANGE_PASSWORD_GROUP BATCH_STARTED_GROUP BATCH_COMPLETED_GROUP DBCC_GROUP DATABASE_OWNERSHIP_CHANGE_GROUP DATABASE_CHANGE_GROUP LEDGER_OPERATION_GROUP These are groups that cover all sql statements and stored procedures executed against the database, and should not be used in combination with other groups as this will result in duplicate audit logs. For more information, see Database-Level Audit Action Groups. For Database auditing policy, specific Actions can also be specified (note that Actions cannot be specified for Server auditing policy). The supported actions to audit are: SELECT UPDATE INSERT DELETE EXECUTE RECEIVE REFERENCES The general form for defining an action to be audited is: {action} ON {object} BY {principal} Note that	string[] Optional
conditions	The observed state of the resource	conditions.Condition[] Optional
id	Resource ID.	string Optional
isAzureMonitorTargetEnabled	Specifies whether audit events are sent to Azure Monitor. In order to send the events to Azure Monitor, specify ‘State’ as ‘Enabled’ and ‘IsAzureMonitorTargetEnabled’ as true. When using REST API to configure auditing, Diagnostic Settings with ‘SQLSecurityAuditEvents’ diagnostic logs category on the database should be also created. Note that for server level audit you should use the ‘master’ database as {databaseName}. Diagnostic Settings URI format: PUT https://management.azure.com/&ZeroWidthSpace;subscriptions/&ZeroWidthSpace;{subscriptionId}/&ZeroWidthSpace;resourceGroups/&ZeroWidthSpace;{resourceGroup}/&ZeroWidthSpace;providers/&ZeroWidthSpace;Microsoft.Sql/servers/{serverName}/databases/{databaseName}/providers/microsoft.insights/diagnosticSettings/{settingsName}?api-version=2017-05-01-preview For more information, see Diagnostic Settings REST API or Diagnostic Settings PowerShell	bool Optional
isManagedIdentityInUse	Specifies whether Managed Identity is used to access blob storage	bool Optional
isStorageSecondaryKeyInUse	Specifies whether storageAccountAccessKey value is the storage’s secondary key.	bool Optional
kind	Resource kind.	string Optional
name	Resource name.	string Optional
queueDelayMs	Specifies the amount of time in milliseconds that can elapse before audit actions are forced to be processed. The default minimum value is 1000 (1 second). The maximum is 2,147,483,647.	int Optional
retentionDays	Specifies the number of days to keep in the audit logs in the storage account.	int Optional
state	Specifies the state of the audit. If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled are required.	DatabaseBlobAuditingPolicyProperties_State_STATUS Optional
storageAccountSubscriptionId	Specifies the blob storage subscription Id.	string Optional
storageEndpoint	Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). If state is Enabled, storageEndpoint or isAzureMonitorTargetEnabled is required.	string Optional
type	Resource type.	string Optional

ServersDatabasesBackupLongTermRetentionPolicy_Spec

Used by: ServersDatabasesBackupLongTermRetentionPolicy.

Property	Description	Type
monthlyRetention	The monthly retention policy for an LTR backup in an ISO 8601 format.	string Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersDatabasesBackupLongTermRetentionPolicyOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/ServersDatabase resource	genruntime.KnownResourceReference Required
weeklyRetention	The weekly retention policy for an LTR backup in an ISO 8601 format.	string Optional
weekOfYear	The week of year to take the yearly backup in an ISO 8601 format.	int Optional
yearlyRetention	The yearly retention policy for an LTR backup in an ISO 8601 format.	string Optional

ServersDatabasesBackupLongTermRetentionPolicy_STATUS

Used by: ServersDatabasesBackupLongTermRetentionPolicy.

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
id	Resource ID.	string Optional
monthlyRetention	The monthly retention policy for an LTR backup in an ISO 8601 format.	string Optional
name	Resource name.	string Optional
type	Resource type.	string Optional
weeklyRetention	The weekly retention policy for an LTR backup in an ISO 8601 format.	string Optional
weekOfYear	The week of year to take the yearly backup in an ISO 8601 format.	int Optional
yearlyRetention	The yearly retention policy for an LTR backup in an ISO 8601 format.	string Optional

ServersDatabasesBackupShortTermRetentionPolicy_Spec

Used by: ServersDatabasesBackupShortTermRetentionPolicy.

Property	Description	Type
diffBackupIntervalInHours	The differential backup interval in hours. This is how many interval hours between each differential backup will be supported. This is only applicable to live databases but not dropped databases.	BackupShortTermRetentionPolicyProperties_DiffBackupIntervalInHours Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersDatabasesBackupShortTermRetentionPolicyOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/ServersDatabase resource	genruntime.KnownResourceReference Required
retentionDays	The backup retention period in days. This is how many days Point-in-Time Restore will be supported.	int Optional

ServersDatabasesBackupShortTermRetentionPolicy_STATUS

Used by: ServersDatabasesBackupShortTermRetentionPolicy.

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
diffBackupIntervalInHours	The differential backup interval in hours. This is how many interval hours between each differential backup will be supported. This is only applicable to live databases but not dropped databases.	BackupShortTermRetentionPolicyProperties_DiffBackupIntervalInHours_STATUS Optional
id	Resource ID.	string Optional
name	Resource name.	string Optional
retentionDays	The backup retention period in days. This is how many days Point-in-Time Restore will be supported.	int Optional
type	Resource type.	string Optional

ServersDatabasesSecurityAlertPolicy_Spec

Used by: ServersDatabasesSecurityAlertPolicy.

Property	Description	Type
disabledAlerts	Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action, Brute_Force	string[] Optional
emailAccountAdmins	Specifies that the alert is sent to the account administrators.	bool Optional
emailAddresses	Specifies an array of e-mail addresses to which the alert is sent.	string[] Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersDatabasesSecurityAlertPolicyOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/ServersDatabase resource	genruntime.KnownResourceReference Required
retentionDays	Specifies the number of days to keep in the Threat Detection audit logs.	int Optional
state	Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database.	DatabaseSecurityAlertPoliciesSecurityAlertsPolicyProperties_State Required
storageAccountAccessKey	Specifies the identifier key of the Threat Detection audit storage account.	genruntime.SecretReference Optional
storageEndpoint	Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.	string Optional

ServersDatabasesSecurityAlertPolicy_STATUS

Used by: ServersDatabasesSecurityAlertPolicy.

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
creationTime	Specifies the UTC creation time of the policy.	string Optional
disabledAlerts	Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action, Brute_Force	string[] Optional
emailAccountAdmins	Specifies that the alert is sent to the account administrators.	bool Optional
emailAddresses	Specifies an array of e-mail addresses to which the alert is sent.	string[] Optional
id	Resource ID.	string Optional
name	Resource name.	string Optional
retentionDays	Specifies the number of days to keep in the Threat Detection audit logs.	int Optional
state	Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database.	DatabaseSecurityAlertPoliciesSecurityAlertsPolicyProperties_State_STATUS Optional
storageEndpoint	Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.	string Optional
systemData	SystemData of SecurityAlertPolicyResource.	SystemData_STATUS Optional
type	Resource type.	string Optional

ServersDatabasesTransparentDataEncryption_Spec

Used by: ServersDatabasesTransparentDataEncryption.

Property	Description	Type
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersDatabasesTransparentDataEncryptionOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/ServersDatabase resource	genruntime.KnownResourceReference Required
state	Specifies the state of the transparent data encryption.	TransparentDataEncryptionProperties_State Required

ServersDatabasesTransparentDataEncryption_STATUS

Used by: ServersDatabasesTransparentDataEncryption.

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
id	Resource ID.	string Optional
name	Resource name.	string Optional
state	Specifies the state of the transparent data encryption.	TransparentDataEncryptionProperties_State_STATUS Optional
type	Resource type.	string Optional

ServersDatabasesVulnerabilityAssessment_Spec

Used by: ServersDatabasesVulnerabilityAssessment.

Property	Description	Type
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersDatabasesVulnerabilityAssessmentOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/ServersDatabase resource	genruntime.KnownResourceReference Required
recurringScans	The recurring scans settings	VulnerabilityAssessmentRecurringScansProperties Optional
storageAccountAccessKey	Specifies the identifier key of the storage account for vulnerability assessment scan results. If ‘StorageContainerSasKey’ isn’t specified, storageAccountAccessKey is required. Applies only if the storage account is not behind a Vnet or a firewall	genruntime.SecretReference Optional
storageContainerPath	A blob storage container path to hold the scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/). It is required if server level vulnerability assessment policy doesn’t set	string Optional
storageContainerPathFromConfig	A blob storage container path to hold the scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/). It is required if server level vulnerability assessment policy doesn’t set	genruntime.ConfigMapReference Optional
storageContainerSasKey	A shared access signature (SAS Key) that has write access to the blob container specified in ‘storageContainerPath’ parameter. If ‘storageAccountAccessKey’ isn’t specified, StorageContainerSasKey is required. Applies only if the storage account is not behind a Vnet or a firewall	genruntime.SecretReference Optional

ServersDatabasesVulnerabilityAssessment_STATUS

Used by: ServersDatabasesVulnerabilityAssessment.

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
id	Resource ID.	string Optional
name	Resource name.	string Optional
recurringScans	The recurring scans settings	VulnerabilityAssessmentRecurringScansProperties_STATUS Optional
storageContainerPath	A blob storage container path to hold the scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/). It is required if server level vulnerability assessment policy doesn’t set	string Optional
type	Resource type.	string Optional

ServersElasticPool_Spec

Used by: ServersElasticPool.

Property	Description	Type
azureName	The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.	string Optional
highAvailabilityReplicaCount	The number of secondary replicas associated with the elastic pool that are used to provide high availability. Applicable only to Hyperscale elastic pools.	int Optional
licenseType	The license type to apply for this elastic pool.	ElasticPoolProperties_LicenseType Optional
location	Resource location.	string Required
maintenanceConfigurationId	Maintenance configuration id assigned to the elastic pool. This configuration defines the period when the maintenance updates will will occur.	string Optional
maxSizeBytes	The storage limit for the database elastic pool in bytes.	int Optional
minCapacity	Minimal capacity that serverless pool will not shrink below, if not paused	float64 Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersElasticPoolOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource	genruntime.KnownResourceReference Required
perDatabaseSettings	The per database settings for the elastic pool.	ElasticPoolPerDatabaseSettings Optional
sku	The elastic pool SKU. The list of SKUs may vary by region and support offer. To determine the SKUs (including the SKU name, tier/edition, family, and capacity) that are available to your subscription in an Azure region, use the `Capabilities_ListByLocation` REST API or the following command: `azurecli az sql elastic-pool list-editions -l <location> -o table``	Sku Optional
tags	Resource tags.	map[string]string Optional
zoneRedundant	Whether or not this elastic pool is zone redundant, which means the replicas of this elastic pool will be spread across multiple availability zones.	bool Optional

ServersElasticPool_STATUS

Used by: ServersElasticPool.

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
creationDate	The creation date of the elastic pool (ISO8601 format).	string Optional
highAvailabilityReplicaCount	The number of secondary replicas associated with the elastic pool that are used to provide high availability. Applicable only to Hyperscale elastic pools.	int Optional
id	Resource ID.	string Optional
kind	Kind of elastic pool. This is metadata used for the Azure portal experience.	string Optional
licenseType	The license type to apply for this elastic pool.	ElasticPoolProperties_LicenseType_STATUS Optional
location	Resource location.	string Optional
maintenanceConfigurationId	Maintenance configuration id assigned to the elastic pool. This configuration defines the period when the maintenance updates will will occur.	string Optional
maxSizeBytes	The storage limit for the database elastic pool in bytes.	int Optional
minCapacity	Minimal capacity that serverless pool will not shrink below, if not paused	float64 Optional
name	Resource name.	string Optional
perDatabaseSettings	The per database settings for the elastic pool.	ElasticPoolPerDatabaseSettings_STATUS Optional
sku	The elastic pool SKU. The list of SKUs may vary by region and support offer. To determine the SKUs (including the SKU name, tier/edition, family, and capacity) that are available to your subscription in an Azure region, use the `Capabilities_ListByLocation` REST API or the following command: `azurecli az sql elastic-pool list-editions -l <location> -o table``	Sku_STATUS Optional
state	The state of the elastic pool.	ElasticPoolProperties_State_STATUS Optional
tags	Resource tags.	map[string]string Optional
type	Resource type.	string Optional
zoneRedundant	Whether or not this elastic pool is zone redundant, which means the replicas of this elastic pool will be spread across multiple availability zones.	bool Optional

ServersFailoverGroup_Spec

Used by: ServersFailoverGroup.

Property	Description	Type
azureName	The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.	string Optional
databasesReferences	List of databases in the failover group.	genruntime.ResourceReference[] Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersFailoverGroupOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource	genruntime.KnownResourceReference Required
partnerServers	List of partner server information for the failover group.	PartnerInfo[] Required
readOnlyEndpoint	Read-only endpoint of the failover group instance.	FailoverGroupReadOnlyEndpoint Optional
readWriteEndpoint	Read-write endpoint of the failover group instance.	FailoverGroupReadWriteEndpoint Required
tags	Resource tags.	map[string]string Optional

ServersFailoverGroup_STATUS

Used by: ServersFailoverGroup.

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
databases	List of databases in the failover group.	string[] Optional
id	Resource ID.	string Optional
location	Resource location.	string Optional
name	Resource name.	string Optional
partnerServers	List of partner server information for the failover group.	PartnerInfo_STATUS[] Optional
readOnlyEndpoint	Read-only endpoint of the failover group instance.	FailoverGroupReadOnlyEndpoint_STATUS Optional
readWriteEndpoint	Read-write endpoint of the failover group instance.	FailoverGroupReadWriteEndpoint_STATUS Optional
replicationRole	Local replication role of the failover group instance.	FailoverGroupProperties_ReplicationRole_STATUS Optional
replicationState	Replication state of the failover group instance.	string Optional
tags	Resource tags.	map[string]string Optional
type	Resource type.	string Optional

ServersFirewallRule_Spec

Used by: ServersFirewallRule.

Property	Description	Type
azureName	The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.	string Optional
endIpAddress	The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value ‘0.0.0.0’ for all Azure-internal IP addresses.	string Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersFirewallRuleOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource	genruntime.KnownResourceReference Required
startIpAddress	The start IP address of the firewall rule. Must be IPv4 format. Use value ‘0.0.0.0’ for all Azure-internal IP addresses.	string Optional

ServersFirewallRule_STATUS

Used by: ServersFirewallRule.

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
endIpAddress	The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value ‘0.0.0.0’ for all Azure-internal IP addresses.	string Optional
id	Resource ID.	string Optional
name	Resource name.	string Optional
startIpAddress	The start IP address of the firewall rule. Must be IPv4 format. Use value ‘0.0.0.0’ for all Azure-internal IP addresses.	string Optional
type	Resource type.	string Optional

ServersIPV6FirewallRule_Spec

Used by: ServersIPV6FirewallRule.

Property	Description	Type
azureName	The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.	string Optional
endIPv6Address	The end IP address of the firewall rule. Must be IPv6 format. Must be greater than or equal to startIpAddress.	string Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersIPV6FirewallRuleOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource	genruntime.KnownResourceReference Required
startIPv6Address	The start IP address of the firewall rule. Must be IPv6 format.	string Optional

ServersIPV6FirewallRule_STATUS

Used by: ServersIPV6FirewallRule.

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
endIPv6Address	The end IP address of the firewall rule. Must be IPv6 format. Must be greater than or equal to startIpAddress.	string Optional
id	Resource ID.	string Optional
name	Resource name.	string Optional
startIPv6Address	The start IP address of the firewall rule. Must be IPv6 format.	string Optional
type	Resource type.	string Optional

ServersOutboundFirewallRule_Spec

Used by: ServersOutboundFirewallRule.

Property	Description	Type
azureName	The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.	string Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersOutboundFirewallRuleOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource	genruntime.KnownResourceReference Required

ServersOutboundFirewallRule_STATUS

Used by: ServersOutboundFirewallRule.

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
id	Resource ID.	string Optional
name	Resource name.	string Optional
provisioningState	The state of the outbound rule.	string Optional
type	Resource type.	string Optional

ServersSecurityAlertPolicy_Spec

Used by: ServersSecurityAlertPolicy.

Property	Description	Type
disabledAlerts	Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action, Brute_Force	string[] Optional
emailAccountAdmins	Specifies that the alert is sent to the account administrators.	bool Optional
emailAddresses	Specifies an array of e-mail addresses to which the alert is sent.	string[] Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersSecurityAlertPolicyOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource	genruntime.KnownResourceReference Required
retentionDays	Specifies the number of days to keep in the Threat Detection audit logs.	int Optional
state	Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database.	ServerSecurityAlertPoliciesSecurityAlertsPolicyProperties_State Required
storageAccountAccessKey	Specifies the identifier key of the Threat Detection audit storage account.	genruntime.SecretReference Optional
storageEndpoint	Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.	string Optional

ServersSecurityAlertPolicy_STATUS

Used by: ServersSecurityAlertPolicy.

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
creationTime	Specifies the UTC creation time of the policy.	string Optional
disabledAlerts	Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action, Brute_Force	string[] Optional
emailAccountAdmins	Specifies that the alert is sent to the account administrators.	bool Optional
emailAddresses	Specifies an array of e-mail addresses to which the alert is sent.	string[] Optional
id	Resource ID.	string Optional
name	Resource name.	string Optional
retentionDays	Specifies the number of days to keep in the Threat Detection audit logs.	int Optional
state	Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database.	ServerSecurityAlertPoliciesSecurityAlertsPolicyProperties_State_STATUS Optional
storageEndpoint	Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.	string Optional
systemData	SystemData of SecurityAlertPolicyResource.	SystemData_STATUS Optional
type	Resource type.	string Optional

ServersVirtualNetworkRule_Spec

Used by: ServersVirtualNetworkRule.

Property	Description	Type
azureName	The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be.	string Optional
ignoreMissingVnetServiceEndpoint	Create firewall rule before the virtual network has vnet service endpoint enabled.	bool Optional
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersVirtualNetworkRuleOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource	genruntime.KnownResourceReference Required
virtualNetworkSubnetReference	The ARM resource id of the virtual network subnet.	genruntime.ResourceReference Required

ServersVirtualNetworkRule_STATUS

Used by: ServersVirtualNetworkRule.

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
id	Resource ID.	string Optional
ignoreMissingVnetServiceEndpoint	Create firewall rule before the virtual network has vnet service endpoint enabled.	bool Optional
name	Resource name.	string Optional
state	Virtual Network Rule State	VirtualNetworkRuleProperties_State_STATUS Optional
type	Resource type.	string Optional
virtualNetworkSubnetId	The ARM resource id of the virtual network subnet.	string Optional

ServersVulnerabilityAssessment_Spec

Used by: ServersVulnerabilityAssessment.

Property	Description	Type
operatorSpec	The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure	ServersVulnerabilityAssessmentOperatorSpec Optional
owner	The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. Owner is expected to be a reference to a sql.azure.com/Server resource	genruntime.KnownResourceReference Required
recurringScans	The recurring scans settings	VulnerabilityAssessmentRecurringScansProperties Optional
storageAccountAccessKey	Specifies the identifier key of the storage account for vulnerability assessment scan results. If ‘StorageContainerSasKey’ isn’t specified, storageAccountAccessKey is required. Applies only if the storage account is not behind a Vnet or a firewall	genruntime.SecretReference Optional
storageContainerPath	A blob storage container path to hold the scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/).	string Optional
storageContainerPathFromConfig	A blob storage container path to hold the scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/).	genruntime.ConfigMapReference Optional
storageContainerSasKey	A shared access signature (SAS Key) that has write access to the blob container specified in ‘storageContainerPath’ parameter. If ‘storageAccountAccessKey’ isn’t specified, StorageContainerSasKey is required. Applies only if the storage account is not behind a Vnet or a firewall	genruntime.SecretReference Optional

ServersVulnerabilityAssessment_STATUS

Used by: ServersVulnerabilityAssessment.

Property	Description	Type
conditions	The observed state of the resource	conditions.Condition[] Optional
id	Resource ID.	string Optional
name	Resource name.	string Optional
recurringScans	The recurring scans settings	VulnerabilityAssessmentRecurringScansProperties_STATUS Optional
storageContainerPath	A blob storage container path to hold the scan results (e.g. https://myStorage.blob.core.windows.net/VaScans/).	string Optional
type	Resource type.	string Optional

AdministratorProperties_AdministratorType

Used by: ServersAdministrator_Spec.

Value	Description
“ActiveDirectory”

AdministratorProperties_AdministratorType_STATUS

Used by: ServersAdministrator_STATUS.

Value	Description
“ActiveDirectory”

AdvancedThreatProtectionProperties_State

Used by: ServersAdvancedThreatProtectionSetting_Spec, and ServersDatabasesAdvancedThreatProtectionSetting_Spec.

Value	Description
“Disabled”
“Enabled”
“New”

AdvancedThreatProtectionProperties_State_STATUS

Used by: ServersAdvancedThreatProtectionSetting_STATUS, and ServersDatabasesAdvancedThreatProtectionSetting_STATUS.

Value	Description
“Disabled”
“Enabled”
“New”

BackupShortTermRetentionPolicyProperties_DiffBackupIntervalInHours

Used by: ServersDatabasesBackupShortTermRetentionPolicy_Spec.

Value	Description
12
24

BackupShortTermRetentionPolicyProperties_DiffBackupIntervalInHours_STATUS

Used by: ServersDatabasesBackupShortTermRetentionPolicy_STATUS.

Value	Description
12
24

DatabaseBlobAuditingPolicyProperties_State

Used by: ServersDatabasesAuditingSetting_Spec.

Value	Description
“Disabled”
“Enabled”

DatabaseBlobAuditingPolicyProperties_State_STATUS

Used by: ServersDatabasesAuditingSetting_STATUS.

Value	Description
“Disabled”
“Enabled”

DatabaseIdentity

Azure Active Directory identity configuration for a resource.

Used by: ServersDatabase_Spec.

Property	Description	Type
type	The identity type	DatabaseIdentity_Type Optional
userAssignedIdentities	The resource ids of the user assigned identities to use	UserAssignedIdentityDetails[] Optional

DatabaseIdentity_STATUS

Azure Active Directory identity configuration for a resource.

Used by: ServersDatabase_STATUS.

Property	Description	Type
tenantId	The Azure Active Directory tenant id.	string Optional
type	The identity type	DatabaseIdentity_Type_STATUS Optional
userAssignedIdentities	The resource ids of the user assigned identities to use	map[string]DatabaseUserIdentity_STATUS Optional

DatabaseProperties_CatalogCollation

Used by: ServersDatabase_Spec.

Value	Description
“DATABASE_DEFAULT”
“SQL_Latin1_General_CP1_CI_AS”

DatabaseProperties_CatalogCollation_STATUS

Used by: ServersDatabase_STATUS.

Value	Description
“DATABASE_DEFAULT”
“SQL_Latin1_General_CP1_CI_AS”

DatabaseProperties_CreateMode

Used by: ServersDatabase_Spec.

Value	Description
“Copy”
“Default”
“OnlineSecondary”
“PointInTimeRestore”
“Recovery”
“Restore”
“RestoreExternalBackup”
“RestoreExternalBackupSecondary”
“RestoreLongTermRetentionBackup”
“Secondary”

DatabaseProperties_CreateMode_STATUS

Used by: ServersDatabase_STATUS.

Value	Description
“Copy”
“Default”
“OnlineSecondary”
“PointInTimeRestore”
“Recovery”
“Restore”
“RestoreExternalBackup”
“RestoreExternalBackupSecondary”
“RestoreLongTermRetentionBackup”
“Secondary”

DatabaseProperties_CurrentBackupStorageRedundancy_STATUS

Used by: ServersDatabase_STATUS.

Value	Description
“Geo”
“GeoZone”
“Local”
“Zone”

DatabaseProperties_LicenseType

Used by: ServersDatabase_Spec.

Value	Description
“BasePrice”
“LicenseIncluded”

DatabaseProperties_LicenseType_STATUS

Used by: ServersDatabase_STATUS.

Value	Description
“BasePrice”
“LicenseIncluded”

DatabaseProperties_ReadScale

Used by: ServersDatabase_Spec.

Value	Description
“Disabled”
“Enabled”

DatabaseProperties_ReadScale_STATUS

Used by: ServersDatabase_STATUS.

Value	Description
“Disabled”
“Enabled”

DatabaseProperties_RequestedBackupStorageRedundancy

Used by: ServersDatabase_Spec.

Value	Description
“Geo”
“GeoZone”
“Local”
“Zone”

DatabaseProperties_RequestedBackupStorageRedundancy_STATUS

Used by: ServersDatabase_STATUS.

Value	Description
“Geo”
“GeoZone”
“Local”
“Zone”

DatabaseProperties_SampleName

Used by: ServersDatabase_Spec.

Value	Description
“AdventureWorksLT”
“WideWorldImportersFull”
“WideWorldImportersStd”

DatabaseProperties_SampleName_STATUS

Used by: ServersDatabase_STATUS.

Value	Description
“AdventureWorksLT”
“WideWorldImportersFull”
“WideWorldImportersStd”

DatabaseProperties_SecondaryType

Used by: ServersDatabase_Spec.

Value	Description
“Geo”
“Named”

DatabaseProperties_SecondaryType_STATUS

Used by: ServersDatabase_STATUS.

Value	Description
“Geo”
“Named”

DatabaseProperties_Status_STATUS

Used by: ServersDatabase_STATUS.

Value	Description
“AutoClosed”
“Copying”
“Creating”
“Disabled”
“EmergencyMode”
“Inaccessible”
“Offline”
“OfflineChangingDwPerformanceTiers”
“OfflineSecondary”
“Online”
“OnlineChangingDwPerformanceTiers”
“Paused”
“Pausing”
“Recovering”
“RecoveryPending”
“Restoring”
“Resuming”
“Scaling”
“Shutdown”
“Standby”
“Starting”
“Stopped”
“Stopping”
“Suspect”

DatabaseSecurityAlertPoliciesSecurityAlertsPolicyProperties_State

Used by: ServersDatabasesSecurityAlertPolicy_Spec.

Value	Description
“Disabled”
“Enabled”

DatabaseSecurityAlertPoliciesSecurityAlertsPolicyProperties_State_STATUS

Used by: ServersDatabasesSecurityAlertPolicy_STATUS.

Value	Description
“Disabled”
“Enabled”

ElasticPoolPerDatabaseSettings

Per database settings of an elastic pool.

Used by: ServersElasticPool_Spec.

Property	Description	Type
maxCapacity	The maximum capacity any one database can consume.	float64 Optional
minCapacity	The minimum capacity all databases are guaranteed.	float64 Optional

ElasticPoolPerDatabaseSettings_STATUS

Per database settings of an elastic pool.

Used by: ServersElasticPool_STATUS.

Property	Description	Type
maxCapacity	The maximum capacity any one database can consume.	float64 Optional
minCapacity	The minimum capacity all databases are guaranteed.	float64 Optional

ElasticPoolProperties_LicenseType

Used by: ServersElasticPool_Spec.

Value	Description
“BasePrice”
“LicenseIncluded”

ElasticPoolProperties_LicenseType_STATUS

Used by: ServersElasticPool_STATUS.

Value	Description
“BasePrice”
“LicenseIncluded”

ElasticPoolProperties_State_STATUS

Used by: ServersElasticPool_STATUS.

Value	Description
“Creating”
“Disabled”
“Ready”

FailoverGroupProperties_ReplicationRole_STATUS

Used by: ServersFailoverGroup_STATUS.

Value	Description
“Primary”
“Secondary”

FailoverGroupReadOnlyEndpoint

Read-only endpoint of the failover group instance.

Used by: ServersFailoverGroup_Spec.

Property	Description	Type
failoverPolicy	Failover policy of the read-only endpoint for the failover group.	FailoverGroupReadOnlyEndpoint_FailoverPolicy Optional

FailoverGroupReadOnlyEndpoint_STATUS

Read-only endpoint of the failover group instance.

Used by: ServersFailoverGroup_STATUS.

Property	Description	Type
failoverPolicy	Failover policy of the read-only endpoint for the failover group.	FailoverGroupReadOnlyEndpoint_FailoverPolicy_STATUS Optional

FailoverGroupReadWriteEndpoint

Read-write endpoint of the failover group instance.

Used by: ServersFailoverGroup_Spec.

Property	Description	Type
failoverPolicy	Failover policy of the read-write endpoint for the failover group. If failoverPolicy is Automatic then failoverWithDataLossGracePeriodMinutes is required.	FailoverGroupReadWriteEndpoint_FailoverPolicy Required
failoverWithDataLossGracePeriodMinutes	Grace period before failover with data loss is attempted for the read-write endpoint. If failoverPolicy is Automatic then failoverWithDataLossGracePeriodMinutes is required.	int Optional

FailoverGroupReadWriteEndpoint_STATUS

Read-write endpoint of the failover group instance.

Used by: ServersFailoverGroup_STATUS.

Property	Description	Type
failoverPolicy	Failover policy of the read-write endpoint for the failover group. If failoverPolicy is Automatic then failoverWithDataLossGracePeriodMinutes is required.	FailoverGroupReadWriteEndpoint_FailoverPolicy_STATUS Optional
failoverWithDataLossGracePeriodMinutes	Grace period before failover with data loss is attempted for the read-write endpoint. If failoverPolicy is Automatic then failoverWithDataLossGracePeriodMinutes is required.	int Optional

PartnerInfo

Partner server information for the failover group.

Used by: ServersFailoverGroup_Spec.

Property	Description	Type
reference	Resource identifier of the partner server.	genruntime.ResourceReference Required

PartnerInfo_STATUS

Partner server information for the failover group.

Used by: ServersFailoverGroup_STATUS.

Property	Description	Type
id	Resource identifier of the partner server.	string Optional
location	Geo location of the partner server.	string Optional
replicationRole	Replication role of the partner server.	PartnerInfo_ReplicationRole_STATUS Optional

ResourceIdentity

Azure Active Directory identity configuration for a resource.

Used by: Server_Spec.

Property	Description	Type
type	The identity type. Set this to ‘SystemAssigned’ in order to automatically create and assign an Azure Active Directory principal for the resource.	ResourceIdentity_Type Optional
userAssignedIdentities	The resource ids of the user assigned identities to use	UserAssignedIdentityDetails[] Optional

ResourceIdentity_STATUS

Azure Active Directory identity configuration for a resource.

Used by: Server_STATUS.

Property	Description	Type
principalId	The Azure Active Directory principal id.	string Optional
tenantId	The Azure Active Directory tenant id.	string Optional
type	The identity type. Set this to ‘SystemAssigned’ in order to automatically create and assign an Azure Active Directory principal for the resource.	ResourceIdentity_Type_STATUS Optional
userAssignedIdentities	The resource ids of the user assigned identities to use	map[string]UserIdentity_STATUS Optional

ServerBlobAuditingPolicyProperties_State

Used by: ServersAuditingSetting_Spec.

Value	Description
“Disabled”
“Enabled”

ServerBlobAuditingPolicyProperties_State_STATUS

Used by: ServersAuditingSetting_STATUS.

Value	Description
“Disabled”
“Enabled”

ServerConnectionPolicyProperties_ConnectionType

Used by: ServersConnectionPolicy_Spec.

Value	Description
“Default”
“Proxy”
“Redirect”

ServerConnectionPolicyProperties_ConnectionType_STATUS

Used by: ServersConnectionPolicy_STATUS.

Value	Description
“Default”
“Proxy”
“Redirect”

ServerExternalAdministrator

Properties of a active directory administrator.

Used by: Server_Spec.

Property	Description	Type
administratorType	Type of the sever administrator.	ServerExternalAdministrator_AdministratorType Optional
azureADOnlyAuthentication	Azure Active Directory only Authentication enabled.	bool Optional
login	Login name of the server administrator.	string Optional
principalType	Principal Type of the sever administrator.	ServerExternalAdministrator_PrincipalType Optional
sid	SID (object ID) of the server administrator.	string Optional
tenantId	Tenant ID of the administrator.	string Optional

ServerExternalAdministrator_STATUS

Properties of a active directory administrator.

Used by: Server_STATUS.

Property	Description	Type
administratorType	Type of the sever administrator.	ServerExternalAdministrator_AdministratorType_STATUS Optional
azureADOnlyAuthentication	Azure Active Directory only Authentication enabled.	bool Optional
login	Login name of the server administrator.	string Optional
principalType	Principal Type of the sever administrator.	ServerExternalAdministrator_PrincipalType_STATUS Optional
sid	SID (object ID) of the server administrator.	string Optional
tenantId	Tenant ID of the administrator.	string Optional

ServerOperatorSpec

Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure

Used by: Server_Spec.

Property	Description	Type
configMapExpressions	configures where to place operator written dynamic ConfigMaps (created with CEL expressions).	core.DestinationExpression[] Optional
configMaps	configures where to place operator written ConfigMaps.	ServerOperatorConfigMaps Optional
secretExpressions	configures where to place operator written dynamic secrets (created with CEL expressions).	core.DestinationExpression[] Optional

ServerPrivateEndpointConnection_STATUS

A private endpoint connection under a server

Used by: Server_STATUS.

Property	Description	Type
id	Resource ID.	string Optional
properties	Private endpoint connection properties	PrivateEndpointConnectionProperties_STATUS Optional

ServerProperties_PublicNetworkAccess

Used by: Server_Spec.

Value	Description
“Disabled”
“Enabled”

ServerProperties_PublicNetworkAccess_STATUS

Used by: Server_STATUS.

Value	Description
“Disabled”
“Enabled”

ServerProperties_RestrictOutboundNetworkAccess

Used by: Server_Spec.

Value	Description
“Disabled”
“Enabled”

ServerProperties_RestrictOutboundNetworkAccess_STATUS

Used by: Server_STATUS.

Value	Description
“Disabled”
“Enabled”

ServerProperties_WorkspaceFeature_STATUS

Used by: Server_STATUS.

Value	Description
“Connected”
“Disconnected”

ServersAdministratorOperatorSpec

Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure

Used by: ServersAdministrator_Spec.

Property	Description	Type
configMapExpressions	configures where to place operator written dynamic ConfigMaps (created with CEL expressions).	core.DestinationExpression[] Optional
secretExpressions	configures where to place operator written dynamic secrets (created with CEL expressions).	core.DestinationExpression[] Optional

ServersAdvancedThreatProtectionSettingOperatorSpec

Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure

Used by: ServersAdvancedThreatProtectionSetting_Spec.

Property	Description	Type
configMapExpressions	configures where to place operator written dynamic ConfigMaps (created with CEL expressions).	core.DestinationExpression[] Optional
secretExpressions	configures where to place operator written dynamic secrets (created with CEL expressions).	core.DestinationExpression[] Optional

ServersAuditingSettingOperatorSpec

Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure

Used by: ServersAuditingSetting_Spec.

Property	Description	Type
configMapExpressions	configures where to place operator written dynamic ConfigMaps (created with CEL expressions).	core.DestinationExpression[] Optional
secretExpressions	configures where to place operator written dynamic secrets (created with CEL expressions).	core.DestinationExpression[] Optional

ServersAzureADOnlyAuthenticationOperatorSpec

Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure

Used by: ServersAzureADOnlyAuthentication_Spec.

Property	Description	Type
configMapExpressions	configures where to place operator written dynamic ConfigMaps (created with CEL expressions).	core.DestinationExpression[] Optional
secretExpressions	configures where to place operator written dynamic secrets (created with CEL expressions).	core.DestinationExpression[] Optional

ServersConnectionPolicyOperatorSpec

Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure

Used by: ServersConnectionPolicy_Spec.

Property	Description	Type
configMapExpressions	configures where to place operator written dynamic ConfigMaps (created with CEL expressions).	core.DestinationExpression[] Optional
secretExpressions	configures where to place operator written dynamic secrets (created with CEL expressions).	core.DestinationExpression[] Optional

ServersDatabaseOperatorSpec

Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure

Used by: ServersDatabase_Spec.

Property	Description	Type
configMapExpressions	configures where to place operator written dynamic ConfigMaps (created with CEL expressions).	core.DestinationExpression[] Optional
secretExpressions	configures where to place operator written dynamic secrets (created with CEL expressions).	core.DestinationExpression[] Optional

ServersDatabasesAdvancedThreatProtectionSettingOperatorSpec

Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure

Used by: ServersDatabasesAdvancedThreatProtectionSetting_Spec.

Property	Description	Type
configMapExpressions	configures where to place operator written dynamic ConfigMaps (created with CEL expressions).	core.DestinationExpression[] Optional
secretExpressions	configures where to place operator written dynamic secrets (created with CEL expressions).	core.DestinationExpression[] Optional

ServersDatabasesAuditingSettingOperatorSpec

Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure

Used by: ServersDatabasesAuditingSetting_Spec.

Property	Description	Type
configMapExpressions	configures where to place operator written dynamic ConfigMaps (created with CEL expressions).	core.DestinationExpression[] Optional
secretExpressions	configures where to place operator written dynamic secrets (created with CEL expressions).	core.DestinationExpression[] Optional

ServersDatabasesBackupLongTermRetentionPolicyOperatorSpec

Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure

Used by: ServersDatabasesBackupLongTermRetentionPolicy_Spec.

Property	Description	Type
configMapExpressions	configures where to place operator written dynamic ConfigMaps (created with CEL expressions).	core.DestinationExpression[] Optional
secretExpressions	configures where to place operator written dynamic secrets (created with CEL expressions).	core.DestinationExpression[] Optional

ServersDatabasesBackupShortTermRetentionPolicyOperatorSpec

Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure

Used by: ServersDatabasesBackupShortTermRetentionPolicy_Spec.

Property	Description	Type
configMapExpressions	configures where to place operator written dynamic ConfigMaps (created with CEL expressions).	core.DestinationExpression[] Optional
secretExpressions	configures where to place operator written dynamic secrets (created with CEL expressions).	core.DestinationExpression[] Optional

ServersDatabasesSecurityAlertPolicyOperatorSpec

Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure

Used by: ServersDatabasesSecurityAlertPolicy_Spec.

Property	Description	Type
configMapExpressions	configures where to place operator written dynamic ConfigMaps (created with CEL expressions).	core.DestinationExpression[] Optional
secretExpressions	configures where to place operator written dynamic secrets (created with CEL expressions).	core.DestinationExpression[] Optional

ServersDatabasesTransparentDataEncryptionOperatorSpec

Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure

Used by: ServersDatabasesTransparentDataEncryption_Spec.

Property	Description	Type
configMapExpressions	configures where to place operator written dynamic ConfigMaps (created with CEL expressions).	core.DestinationExpression[] Optional
secretExpressions	configures where to place operator written dynamic secrets (created with CEL expressions).	core.DestinationExpression[] Optional

ServersDatabasesVulnerabilityAssessmentOperatorSpec

Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure

Used by: ServersDatabasesVulnerabilityAssessment_Spec.

Property	Description	Type
configMapExpressions	configures where to place operator written dynamic ConfigMaps (created with CEL expressions).	core.DestinationExpression[] Optional
secretExpressions	configures where to place operator written dynamic secrets (created with CEL expressions).	core.DestinationExpression[] Optional

ServerSecurityAlertPoliciesSecurityAlertsPolicyProperties_State

Used by: ServersSecurityAlertPolicy_Spec.

Value	Description
“Disabled”
“Enabled”

ServerSecurityAlertPoliciesSecurityAlertsPolicyProperties_State_STATUS

Used by: ServersSecurityAlertPolicy_STATUS.

Value	Description
“Disabled”
“Enabled”

ServersElasticPoolOperatorSpec

Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure

Used by: ServersElasticPool_Spec.

Property	Description	Type
configMapExpressions	configures where to place operator written dynamic ConfigMaps (created with CEL expressions).	core.DestinationExpression[] Optional
secretExpressions	configures where to place operator written dynamic secrets (created with CEL expressions).	core.DestinationExpression[] Optional

ServersFailoverGroupOperatorSpec

Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure

Used by: ServersFailoverGroup_Spec.

Property	Description	Type
configMapExpressions	configures where to place operator written dynamic ConfigMaps (created with CEL expressions).	core.DestinationExpression[] Optional
secretExpressions	configures where to place operator written dynamic secrets (created with CEL expressions).	core.DestinationExpression[] Optional

ServersFirewallRuleOperatorSpec

Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure

Used by: ServersFirewallRule_Spec.

Property	Description	Type
configMapExpressions	configures where to place operator written dynamic ConfigMaps (created with CEL expressions).	core.DestinationExpression[] Optional
secretExpressions	configures where to place operator written dynamic secrets (created with CEL expressions).	core.DestinationExpression[] Optional

ServersIPV6FirewallRuleOperatorSpec

Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure

Used by: ServersIPV6FirewallRule_Spec.

Property	Description	Type
configMapExpressions	configures where to place operator written dynamic ConfigMaps (created with CEL expressions).	core.DestinationExpression[] Optional
secretExpressions	configures where to place operator written dynamic secrets (created with CEL expressions).	core.DestinationExpression[] Optional

ServersOutboundFirewallRuleOperatorSpec

Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure

Used by: ServersOutboundFirewallRule_Spec.

Property	Description	Type
configMapExpressions	configures where to place operator written dynamic ConfigMaps (created with CEL expressions).	core.DestinationExpression[] Optional
secretExpressions	configures where to place operator written dynamic secrets (created with CEL expressions).	core.DestinationExpression[] Optional

ServersSecurityAlertPolicyOperatorSpec

Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure

Used by: ServersSecurityAlertPolicy_Spec.

Property	Description	Type
configMapExpressions	configures where to place operator written dynamic ConfigMaps (created with CEL expressions).	core.DestinationExpression[] Optional
secretExpressions	configures where to place operator written dynamic secrets (created with CEL expressions).	core.DestinationExpression[] Optional

ServersVirtualNetworkRuleOperatorSpec

Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure

Used by: ServersVirtualNetworkRule_Spec.

Property	Description	Type
configMapExpressions	configures where to place operator written dynamic ConfigMaps (created with CEL expressions).	core.DestinationExpression[] Optional
secretExpressions	configures where to place operator written dynamic secrets (created with CEL expressions).	core.DestinationExpression[] Optional

ServersVulnerabilityAssessmentOperatorSpec

Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure

Used by: ServersVulnerabilityAssessment_Spec.

Property	Description	Type
configMapExpressions	configures where to place operator written dynamic ConfigMaps (created with CEL expressions).	core.DestinationExpression[] Optional
secretExpressions	configures where to place operator written dynamic secrets (created with CEL expressions).	core.DestinationExpression[] Optional

Sku

An ARM Resource SKU.

Used by: ServersDatabase_Spec, and ServersElasticPool_Spec.

Property	Description	Type
capacity	Capacity of the particular SKU.	int Optional
family	If the service has different generations of hardware, for the same SKU, then that can be captured here.	string Optional
name	The name of the SKU, typically, a letter + Number code, e.g. P3.	string Required
size	Size of the particular SKU	string Optional
tier	The tier or edition of the particular SKU, e.g. Basic, Premium.	string Optional

Sku_STATUS

An ARM Resource SKU.

Used by: ServersDatabase_STATUS, ServersDatabase_STATUS, and ServersElasticPool_STATUS.

Property	Description	Type
capacity	Capacity of the particular SKU.	int Optional
family	If the service has different generations of hardware, for the same SKU, then that can be captured here.	string Optional
name	The name of the SKU, typically, a letter + Number code, e.g. P3.	string Optional
size	Size of the particular SKU	string Optional
tier	The tier or edition of the particular SKU, e.g. Basic, Premium.	string Optional

SystemData_STATUS

Metadata pertaining to creation and last modification of the resource.

Used by: ServersAdvancedThreatProtectionSetting_STATUS, ServersDatabasesAdvancedThreatProtectionSetting_STATUS, ServersDatabasesSecurityAlertPolicy_STATUS, and ServersSecurityAlertPolicy_STATUS.

Property	Description	Type
createdAt	The timestamp of resource creation (UTC).	string Optional
createdBy	The identity that created the resource.	string Optional
createdByType	The type of identity that created the resource.	SystemData_CreatedByType_STATUS Optional
lastModifiedAt	The timestamp of resource last modification (UTC)	string Optional
lastModifiedBy	The identity that last modified the resource.	string Optional
lastModifiedByType	The type of identity that last modified the resource.	SystemData_LastModifiedByType_STATUS Optional

TransparentDataEncryptionProperties_State

Used by: ServersDatabasesTransparentDataEncryption_Spec.

Value	Description
“Disabled”
“Enabled”

TransparentDataEncryptionProperties_State_STATUS

Used by: ServersDatabasesTransparentDataEncryption_STATUS.

Value	Description
“Disabled”
“Enabled”

VirtualNetworkRuleProperties_State_STATUS

Used by: ServersVirtualNetworkRule_STATUS.

Value	Description
“Deleting”
“Failed”
“InProgress”
“Initializing”
“Ready”
“Unknown”

VulnerabilityAssessmentRecurringScansProperties

Properties of a Vulnerability Assessment recurring scans.

Used by: ServersDatabasesVulnerabilityAssessment_Spec, and ServersVulnerabilityAssessment_Spec.

Property	Description	Type
emails	Specifies an array of e-mail addresses to which the scan notification is sent.	string[] Optional
emailSubscriptionAdmins	Specifies that the schedule scan notification will be is sent to the subscription administrators.	bool Optional
isEnabled	Recurring scans state.	bool Optional

VulnerabilityAssessmentRecurringScansProperties_STATUS

Properties of a Vulnerability Assessment recurring scans.

Used by: ServersDatabasesVulnerabilityAssessment_STATUS, and ServersVulnerabilityAssessment_STATUS.

Property	Description	Type
emails	Specifies an array of e-mail addresses to which the scan notification is sent.	string[] Optional
emailSubscriptionAdmins	Specifies that the schedule scan notification will be is sent to the subscription administrators.	bool Optional
isEnabled	Recurring scans state.	bool Optional

DatabaseIdentity_Type

Used by: DatabaseIdentity.

Value	Description
“None”
“UserAssigned”

DatabaseIdentity_Type_STATUS

Used by: DatabaseIdentity_STATUS.

Value	Description
“None”
“UserAssigned”

DatabaseUserIdentity_STATUS

Azure Active Directory identity configuration for a resource.

Used by: DatabaseIdentity_STATUS.

Property	Description	Type
clientId	The Azure Active Directory client id.	string Optional
principalId	The Azure Active Directory principal id.	string Optional

FailoverGroupReadOnlyEndpoint_FailoverPolicy

Used by: FailoverGroupReadOnlyEndpoint.

Value	Description
“Disabled”
“Enabled”

FailoverGroupReadOnlyEndpoint_FailoverPolicy_STATUS

Used by: FailoverGroupReadOnlyEndpoint_STATUS.

Value	Description
“Disabled”
“Enabled”

FailoverGroupReadWriteEndpoint_FailoverPolicy

Used by: FailoverGroupReadWriteEndpoint.

Value	Description
“Automatic”
“Manual”

FailoverGroupReadWriteEndpoint_FailoverPolicy_STATUS

Used by: FailoverGroupReadWriteEndpoint_STATUS.

Value	Description
“Automatic”
“Manual”

PartnerInfo_ReplicationRole_STATUS

Used by: PartnerInfo_STATUS.

Value	Description
“Primary”
“Secondary”

PrivateEndpointConnectionProperties_STATUS

Properties of a private endpoint connection.

Used by: ServerPrivateEndpointConnection_STATUS.

Property	Description	Type
groupIds	Group IDs.	string[] Optional
privateEndpoint	Private endpoint which the connection belongs to.	PrivateEndpointProperty_STATUS Optional
privateLinkServiceConnectionState	Connection state of the private endpoint connection.	PrivateLinkServiceConnectionStateProperty_STATUS Optional
provisioningState	State of the private endpoint connection.	PrivateEndpointConnectionProperties_ProvisioningState_STATUS Optional

ResourceIdentity_Type

Used by: ResourceIdentity.

Value	Description
“None”
“SystemAssigned”
“SystemAssigned,UserAssigned”
“UserAssigned”

ResourceIdentity_Type_STATUS

Used by: ResourceIdentity_STATUS.

Value	Description
“None”
“SystemAssigned”
“SystemAssigned,UserAssigned”
“UserAssigned”

ServerExternalAdministrator_AdministratorType

Used by: ServerExternalAdministrator.

Value	Description
“ActiveDirectory”

ServerExternalAdministrator_AdministratorType_STATUS

Used by: ServerExternalAdministrator_STATUS.

Value	Description
“ActiveDirectory”

ServerExternalAdministrator_PrincipalType

Used by: ServerExternalAdministrator.

Value	Description
“Application”
“Group”
“User”

ServerExternalAdministrator_PrincipalType_STATUS

Used by: ServerExternalAdministrator_STATUS.

Value	Description
“Application”
“Group”
“User”

ServerOperatorConfigMaps

Used by: ServerOperatorSpec.

Property	Description	Type
fullyQualifiedDomainName	indicates where the FullyQualifiedDomainName config map should be placed. If omitted, no config map will be created.	genruntime.ConfigMapDestination Optional

SystemData_CreatedByType_STATUS

Used by: SystemData_STATUS.

Value	Description
“Application”
“Key”
“ManagedIdentity”
“User”

SystemData_LastModifiedByType_STATUS

Used by: SystemData_STATUS.

Value	Description
“Application”
“Key”
“ManagedIdentity”
“User”

UserAssignedIdentityDetails

Information about the user assigned identity for the resource

Used by: DatabaseIdentity, and ResourceIdentity.

Property	Description	Type
reference		genruntime.ResourceReference Optional

UserIdentity_STATUS

Azure Active Directory identity configuration for a resource.

Used by: ResourceIdentity_STATUS.

Property	Description	Type
clientId	The Azure Active Directory client id.	string Optional
principalId	The Azure Active Directory principal id.	string Optional

PrivateEndpointConnectionProperties_ProvisioningState_STATUS

Used by: PrivateEndpointConnectionProperties_STATUS.

Value	Description
“Approving”
“Dropping”
“Failed”
“Ready”
“Rejecting”

PrivateEndpointProperty_STATUS

Used by: PrivateEndpointConnectionProperties_STATUS.

Property	Description	Type
id	Resource id of the private endpoint.	string Optional

PrivateLinkServiceConnectionStateProperty_STATUS

Used by: PrivateEndpointConnectionProperties_STATUS.

Property	Description	Type
actionsRequired	The actions required for private link service connection.	PrivateLinkServiceConnectionStateProperty_ActionsRequired_STATUS Optional
description	The private link service connection description.	string Optional
status	The private link service connection status.	PrivateLinkServiceConnectionStateProperty_Status_STATUS Optional

PrivateLinkServiceConnectionStateProperty_ActionsRequired_STATUS

Used by: PrivateLinkServiceConnectionStateProperty_STATUS.

Value	Description
“None”

PrivateLinkServiceConnectionStateProperty_Status_STATUS

Used by: PrivateLinkServiceConnectionStateProperty_STATUS.

Value	Description
“Approved”
“Disconnected”
“Pending”
“Rejected”