From 719420a7243fc9366133d8fffb4476b56dd86fa5 Mon Sep 17 00:00:00 2001 From: crl-gh-actions-pr-bot Date: Thu, 9 Jul 2026 21:47:40 +0000 Subject: [PATCH] Add Azure Log Analytics V2 log export support Add AZURE_LOG_ANALYTICS_V2 log export type for exporting to Azure Monitor via the Logs Ingestion API and DCR-based ingestion, replacing the legacy AZURE_LOG_ANALYTICS path (retiring 2026-09-14). New Azure V2 configuration fields added to EnableLogExportBody and LogExportClusterSpecification: azure_client_id, azure_client_secret, azure_tenant_id, azure_dce_endpoint, azure_dcr_immutable_id, azure_dcr_resource_id, and azure_workspace_resource_id. Breaking change: auth_principal is no longer required on EnableLogExportBody, as AZURE_LOG_ANALYTICS_V2 does not use it. The field is now optional (pointer type). Deprecate AZURE_LOG_ANALYTICS in favor of AZURE_LOG_ANALYTICS_V2 and azure_shared_key in favor of azure_client_secret. Add UPDATE_BACKUP_CONFIGURATION audit log action. Add CLUSTER_DEVELOPER role to private endpoint and egress private endpoint read operations (ListAwsEndpointConnections, ListPrivateEndpointConnections, ListPrivateEndpointServices, ListEgressPrivateEndpoints, GetEgressPrivateEndpoint). Managed-service-pr-url: https://github.com/cockroachlabs/managed-service/pull/24511 --- CHANGELOG.md | 16 ++ README.md | 1 + docs/AuditLogAction.md | 2 + docs/EgressPrivateEndpointsApi.md | 2 + docs/EnableLogExportBody.md | 97 +++++++++++- docs/LogExportApi.md | 2 +- docs/LogExportClusterSpecification.md | 95 +++++++++++- docs/LogExportType.md | 4 +- docs/PrivateEndpointServicesApi.md | 3 + docs/README.md | 1 + .../api/openapi-modified.json | 87 +++++++++-- internal/openapi-generator/api/openapi.yaml | 138 +++++++++++++++--- internal/spec/openapi.json | 90 ++++++++++-- pkg/client/model_audit_log_action.go | 2 + pkg/client/model_enable_log_export_body.go | 131 +++++++++++++++-- .../model_log_export_cluster_specification.go | 116 ++++++++++++++- pkg/client/model_log_export_type.go | 10 +- 17 files changed, 728 insertions(+), 69 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cba61e36..202a0dd7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,22 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Added + +- Add `AZURE_LOG_ANALYTICS_V2` log export type for exporting to Azure Monitor via the Logs Ingestion API and DCR-based ingestion. +- Add Azure V2 log export configuration fields: `AzureClientId`, `AzureClientSecret`, `AzureTenantId`, `AzureDceEndpoint`, `AzureDcrImmutableId`, `AzureDcrResourceId`, and `AzureWorkspaceResourceId`. +- Add `UPDATE_BACKUP_CONFIGURATION` audit log action. +- Add `CLUSTER_DEVELOPER` role to private endpoint and egress private endpoint read operations. + +### Changed + +- Breaking Change: `AuthPrincipal` is no longer required on `EnableLogExportBody`; it is now optional to support the new `AZURE_LOG_ANALYTICS_V2` type which does not use it. + +### Deprecated + +- Deprecate `AZURE_LOG_ANALYTICS` log export type in favor of `AZURE_LOG_ANALYTICS_V2` (retiring 2026-09-14). +- Deprecate `AzureSharedKey` field on log export models in favor of `AzureClientSecret`. + ### Fixed - Fix the OpenAPI sync workflow's changelog generation step, which failed on large diff --git a/README.md b/README.md index 638f0f76..608bfaf3 100644 --- a/README.md +++ b/README.md @@ -212,3 +212,4 @@ API | Method | HTTP request | Description ## Author support@cockroachlabs.com + diff --git a/docs/AuditLogAction.md b/docs/AuditLogAction.md index 334d468e..e7936675 100644 --- a/docs/AuditLogAction.md +++ b/docs/AuditLogAction.md @@ -212,6 +212,8 @@ * `DELETE_MIGRATION_ASSISTANT` (value: `"AUDIT_LOG_ACTION_DELETE_MIGRATION_ASSISTANT"`) +* `UPDATE_BACKUP_CONFIGURATION` (value: `"AUDIT_LOG_ACTION_UPDATE_BACKUP_CONFIGURATION"`) + [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/docs/EgressPrivateEndpointsApi.md b/docs/EgressPrivateEndpointsApi.md index 3d6c51f2..5a55e46d 100644 --- a/docs/EgressPrivateEndpointsApi.md +++ b/docs/EgressPrivateEndpointsApi.md @@ -165,6 +165,7 @@ Get egress private endpoint Can be used by the following roles assigned at the organization, folder or cluster scope: - CLUSTER_ADMIN - CLUSTER_OPERATOR_WRITER +- CLUSTER_DEVELOPER ### Example @@ -237,6 +238,7 @@ List egress private endpoints Can be used by the following roles assigned at the organization, folder or cluster scope: - CLUSTER_ADMIN - CLUSTER_OPERATOR_WRITER +- CLUSTER_DEVELOPER ### Example diff --git a/docs/EnableLogExportBody.md b/docs/EnableLogExportBody.md index 709e0f3f..9b2519d0 100644 --- a/docs/EnableLogExportBody.md +++ b/docs/EnableLogExportBody.md @@ -4,9 +4,16 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**AuthPrincipal** | **string** | | +**AuthPrincipal** | Pointer to **string** | auth_principal is used in different contexts based on integration. CloudWatch: AWS Role ARN that identifies a role that the cluster account can assume to write to CloudWatch GCP Cloud Logging: GCP Project ID that the cluster service account has permissions to write to for cloud logging. Azure Log Analytics (AZURE_LOG_ANALYTICS): CustomerID or WorkspaceID. Required for AWS_CLOUDWATCH, GCP_CLOUD_LOGGING, and AZURE_LOG_ANALYTICS. Not used for AZURE_LOG_ANALYTICS_V2. | [optional] **AwsExternalId** | Pointer to **string** | aws_external_id to include when assuming the IAM role specified by role_arn. Optional. A specific value may be required by the role's trust policy. Only supported for Advanced clusters on AWS. If provided for a Standard cluster, the request is rejected. | [optional] -**AzureSharedKey** | Pointer to **string** | The primary or the secondary connected sources client authentication key. This is used to export logs to Azure Log Analytics. | [optional] +**AzureClientId** | Pointer to **string** | Azure client ID for the app registration used by the Logs Ingestion API. | [optional] +**AzureClientSecret** | Pointer to **string** | Azure client secret for the app registration used by the Logs Ingestion API. | [optional] +**AzureDceEndpoint** | Pointer to **string** | Logs ingestion endpoint of the Azure Data Collection Endpoint (DCE). For example, https://{dce-name}.{region}.ingest.monitor.azure.com. | [optional] +**AzureDcrImmutableId** | Pointer to **string** | Immutable ID of the Azure Data Collection Rule (DCR), for example dcr-... | [optional] +**AzureDcrResourceId** | Pointer to **string** | Full ARM resource ID of the Azure Data Collection Rule (DCR). Cockroach Cloud reads and updates this DCR to add streams for each configured log group. For example, /subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Insights/dataCollectionRules/{dcr-name}. | [optional] +**AzureSharedKey** | Pointer to **string** | The primary or the secondary connected sources client authentication key. This is used to export logs to Azure Log Analytics via the legacy HTTP Data Collector API. Deprecated: use azure_client_secret instead. | [optional] +**AzureTenantId** | Pointer to **string** | Azure tenant ID for the app registration used by the Logs Ingestion API. | [optional] +**AzureWorkspaceResourceId** | Pointer to **string** | Full ARM resource ID of the Log Analytics workspace. Cockroach Cloud creates or updates the required custom tables for each configured log group. For example, /subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.OperationalInsights/workspaces/{workspace-name}. | [optional] **Groups** | Pointer to [**[]LogExportGroup**](LogExportGroup.md) | groups is a collection of log group configurations that allows the customer to define collections of CRDB log channels that are aggregated separately at the target sink. | [optional] **LogName** | **string** | log_name is an identifier for the logs in the customer's log sink. | **OmittedChannels** | Pointer to **[]string** | omitted_channels is a list of channels that the user does not want to export logs for. | [optional] @@ -18,7 +25,7 @@ Name | Type | Description | Notes ### NewEnableLogExportBody -`func NewEnableLogExportBody(authPrincipal string, logName string, type_ LogExportType, ) *EnableLogExportBody` +`func NewEnableLogExportBody(logName string, type_ LogExportType, ) *EnableLogExportBody` NewEnableLogExportBody instantiates a new EnableLogExportBody object. This constructor will assign default values to properties that have it defined, @@ -57,6 +64,66 @@ GetAwsExternalId returns the AwsExternalId field if non-nil, zero value otherwis SetAwsExternalId sets AwsExternalId field to given value. +### GetAzureClientId + +`func (o *EnableLogExportBody) GetAzureClientId() string` + +GetAzureClientId returns the AzureClientId field if non-nil, zero value otherwise. + +### SetAzureClientId + +`func (o *EnableLogExportBody) SetAzureClientId(v string)` + +SetAzureClientId sets AzureClientId field to given value. + +### GetAzureClientSecret + +`func (o *EnableLogExportBody) GetAzureClientSecret() string` + +GetAzureClientSecret returns the AzureClientSecret field if non-nil, zero value otherwise. + +### SetAzureClientSecret + +`func (o *EnableLogExportBody) SetAzureClientSecret(v string)` + +SetAzureClientSecret sets AzureClientSecret field to given value. + +### GetAzureDceEndpoint + +`func (o *EnableLogExportBody) GetAzureDceEndpoint() string` + +GetAzureDceEndpoint returns the AzureDceEndpoint field if non-nil, zero value otherwise. + +### SetAzureDceEndpoint + +`func (o *EnableLogExportBody) SetAzureDceEndpoint(v string)` + +SetAzureDceEndpoint sets AzureDceEndpoint field to given value. + +### GetAzureDcrImmutableId + +`func (o *EnableLogExportBody) GetAzureDcrImmutableId() string` + +GetAzureDcrImmutableId returns the AzureDcrImmutableId field if non-nil, zero value otherwise. + +### SetAzureDcrImmutableId + +`func (o *EnableLogExportBody) SetAzureDcrImmutableId(v string)` + +SetAzureDcrImmutableId sets AzureDcrImmutableId field to given value. + +### GetAzureDcrResourceId + +`func (o *EnableLogExportBody) GetAzureDcrResourceId() string` + +GetAzureDcrResourceId returns the AzureDcrResourceId field if non-nil, zero value otherwise. + +### SetAzureDcrResourceId + +`func (o *EnableLogExportBody) SetAzureDcrResourceId(v string)` + +SetAzureDcrResourceId sets AzureDcrResourceId field to given value. + ### GetAzureSharedKey `func (o *EnableLogExportBody) GetAzureSharedKey() string` @@ -69,6 +136,30 @@ GetAzureSharedKey returns the AzureSharedKey field if non-nil, zero value otherw SetAzureSharedKey sets AzureSharedKey field to given value. +### GetAzureTenantId + +`func (o *EnableLogExportBody) GetAzureTenantId() string` + +GetAzureTenantId returns the AzureTenantId field if non-nil, zero value otherwise. + +### SetAzureTenantId + +`func (o *EnableLogExportBody) SetAzureTenantId(v string)` + +SetAzureTenantId sets AzureTenantId field to given value. + +### GetAzureWorkspaceResourceId + +`func (o *EnableLogExportBody) GetAzureWorkspaceResourceId() string` + +GetAzureWorkspaceResourceId returns the AzureWorkspaceResourceId field if non-nil, zero value otherwise. + +### SetAzureWorkspaceResourceId + +`func (o *EnableLogExportBody) SetAzureWorkspaceResourceId(v string)` + +SetAzureWorkspaceResourceId sets AzureWorkspaceResourceId field to given value. + ### GetGroups `func (o *EnableLogExportBody) GetGroups() []LogExportGroup` diff --git a/docs/LogExportApi.md b/docs/LogExportApi.md index 29436003..53d6bb06 100644 --- a/docs/LogExportApi.md +++ b/docs/LogExportApi.md @@ -106,7 +106,7 @@ import ( func main() { clusterId := "clusterId_example" // string | - enableLogExportBody := *openapiclient.NewEnableLogExportBody("AuthPrincipal_example", "LogName_example", openapiclient.LogExportType("AWS_CLOUDWATCH")) // EnableLogExportBody | + enableLogExportBody := *openapiclient.NewEnableLogExportBody("LogName_example", openapiclient.LogExportType("AWS_CLOUDWATCH")) // EnableLogExportBody | configuration := openapiclient.NewConfiguration() api_client := openapiclient.NewClient(configuration) diff --git a/docs/LogExportClusterSpecification.md b/docs/LogExportClusterSpecification.md index 78cf532f..06d0d8d7 100644 --- a/docs/LogExportClusterSpecification.md +++ b/docs/LogExportClusterSpecification.md @@ -4,9 +4,16 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**AuthPrincipal** | Pointer to **string** | auth_principal is either the AWS Role ARN that identifies a role that the cluster account can assume to write to CloudWatch or the GCP Project ID that the cluster service account has permissions to write to for cloud logging. | [optional] +**AuthPrincipal** | Pointer to **string** | auth_principal is used in different contexts based on integration. CloudWatch: AWS Role ARN that identifies a role that the cluster account can assume to write to CloudWatch GCP Cloud Logging: GCP Project ID that the cluster service account has permissions to write to for cloud logging. Azure Log Analytics (AZURE_LOG_ANALYTICS): CustomerID or WorkspaceID. Not used for AZURE_LOG_ANALYTICS_V2. | [optional] **AwsExternalId** | Pointer to **string** | aws_external_id, if set, is included when assuming the IAM role. Supported for Advanced clusters on AWS only. | [optional] -**AzureSharedKey** | Pointer to **string** | The primary or the secondary connected sources client authentication key. This is used to export logs to Azure Log Analytics. | [optional] +**AzureClientId** | Pointer to **string** | Azure client ID for the app registration used by the Logs Ingestion API. | [optional] +**AzureClientSecret** | Pointer to **string** | Azure client secret for the app registration used by the Logs Ingestion API. | [optional] +**AzureDceEndpoint** | Pointer to **string** | Logs ingestion endpoint of the Azure Data Collection Endpoint (DCE). For example, https://{dce-name}.{region}.ingest.monitor.azure.com. | [optional] +**AzureDcrImmutableId** | Pointer to **string** | Immutable ID of the Azure Data Collection Rule (DCR), for example dcr-... | [optional] +**AzureDcrResourceId** | Pointer to **string** | Full ARM resource ID of the Azure Data Collection Rule (DCR). Cockroach Cloud reads and updates this DCR to add streams for each configured log group. For example, /subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Insights/dataCollectionRules/{dcr-name}. | [optional] +**AzureSharedKey** | Pointer to **string** | The primary or the secondary connected sources client authentication key. This is used to export logs to Azure Log Analytics via the legacy HTTP Data Collector API. Deprecated: use azure_client_secret instead. | [optional] +**AzureTenantId** | Pointer to **string** | Azure tenant ID for the app registration used by the Logs Ingestion API. | [optional] +**AzureWorkspaceResourceId** | Pointer to **string** | Full ARM resource ID of the Log Analytics workspace. Cockroach Cloud creates or updates the required custom tables for each configured log group. For example, /subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.OperationalInsights/workspaces/{workspace-name}. | [optional] **Groups** | Pointer to [**[]LogExportGroup**](LogExportGroup.md) | groups is a collection of log group configurations to customize which CRDB channels get aggregated into different groups at the target sink. Unconfigured channels will be sent to the default locations via the settings above. | [optional] **LogName** | Pointer to **string** | log_name is an identifier for the logs in the customer's log sink. | [optional] **OmittedChannels** | Pointer to **[]string** | omitted_channels is a list of channels that the user does not want to export logs for. | [optional] @@ -49,6 +56,66 @@ GetAwsExternalId returns the AwsExternalId field if non-nil, zero value otherwis SetAwsExternalId sets AwsExternalId field to given value. +### GetAzureClientId + +`func (o *LogExportClusterSpecification) GetAzureClientId() string` + +GetAzureClientId returns the AzureClientId field if non-nil, zero value otherwise. + +### SetAzureClientId + +`func (o *LogExportClusterSpecification) SetAzureClientId(v string)` + +SetAzureClientId sets AzureClientId field to given value. + +### GetAzureClientSecret + +`func (o *LogExportClusterSpecification) GetAzureClientSecret() string` + +GetAzureClientSecret returns the AzureClientSecret field if non-nil, zero value otherwise. + +### SetAzureClientSecret + +`func (o *LogExportClusterSpecification) SetAzureClientSecret(v string)` + +SetAzureClientSecret sets AzureClientSecret field to given value. + +### GetAzureDceEndpoint + +`func (o *LogExportClusterSpecification) GetAzureDceEndpoint() string` + +GetAzureDceEndpoint returns the AzureDceEndpoint field if non-nil, zero value otherwise. + +### SetAzureDceEndpoint + +`func (o *LogExportClusterSpecification) SetAzureDceEndpoint(v string)` + +SetAzureDceEndpoint sets AzureDceEndpoint field to given value. + +### GetAzureDcrImmutableId + +`func (o *LogExportClusterSpecification) GetAzureDcrImmutableId() string` + +GetAzureDcrImmutableId returns the AzureDcrImmutableId field if non-nil, zero value otherwise. + +### SetAzureDcrImmutableId + +`func (o *LogExportClusterSpecification) SetAzureDcrImmutableId(v string)` + +SetAzureDcrImmutableId sets AzureDcrImmutableId field to given value. + +### GetAzureDcrResourceId + +`func (o *LogExportClusterSpecification) GetAzureDcrResourceId() string` + +GetAzureDcrResourceId returns the AzureDcrResourceId field if non-nil, zero value otherwise. + +### SetAzureDcrResourceId + +`func (o *LogExportClusterSpecification) SetAzureDcrResourceId(v string)` + +SetAzureDcrResourceId sets AzureDcrResourceId field to given value. + ### GetAzureSharedKey `func (o *LogExportClusterSpecification) GetAzureSharedKey() string` @@ -61,6 +128,30 @@ GetAzureSharedKey returns the AzureSharedKey field if non-nil, zero value otherw SetAzureSharedKey sets AzureSharedKey field to given value. +### GetAzureTenantId + +`func (o *LogExportClusterSpecification) GetAzureTenantId() string` + +GetAzureTenantId returns the AzureTenantId field if non-nil, zero value otherwise. + +### SetAzureTenantId + +`func (o *LogExportClusterSpecification) SetAzureTenantId(v string)` + +SetAzureTenantId sets AzureTenantId field to given value. + +### GetAzureWorkspaceResourceId + +`func (o *LogExportClusterSpecification) GetAzureWorkspaceResourceId() string` + +GetAzureWorkspaceResourceId returns the AzureWorkspaceResourceId field if non-nil, zero value otherwise. + +### SetAzureWorkspaceResourceId + +`func (o *LogExportClusterSpecification) SetAzureWorkspaceResourceId(v string)` + +SetAzureWorkspaceResourceId sets AzureWorkspaceResourceId field to given value. + ### GetGroups `func (o *LogExportClusterSpecification) GetGroups() []LogExportGroup` diff --git a/docs/LogExportType.md b/docs/LogExportType.md index c413465a..4b97edb8 100644 --- a/docs/LogExportType.md +++ b/docs/LogExportType.md @@ -1,7 +1,7 @@ # LogExportType ## Enum -> LogExportType encodes the cloud selection that we're exporting to along with the cloud logging platform. Currently, each cloud has a single logging platform. +> LogExportType encodes the cloud selection that we're exporting to along with the cloud logging platform. Currently, each cloud has a single logging platform. - AZURE_LOG_ANALYTICS: AZURE_LOG_ANALYTICS is the legacy Azure export path via Fluent Bit's HTTP Data Collector API (retiring 2026-09-14). Deprecated: use AZURE_LOG_ANALYTICS_V2 instead. - AZURE_LOG_ANALYTICS_V2: AZURE_LOG_ANALYTICS_V2 exports to Azure Monitor via the Logs Ingestion API and DCR-based ingestion (OTel pipeline), replacing the deprecated AZURE_LOG_ANALYTICS path that uses Fluent Bit's HTTP Data Collector API (retiring 2026-09-14). V2 authenticates with a tenant/client/secret + DCR endpoint and rule, whereas the legacy type uses a workspace ID + shared key. * `AWS_CLOUDWATCH` (value: `"AWS_CLOUDWATCH"`) @@ -9,6 +9,8 @@ * `AZURE_LOG_ANALYTICS` (value: `"AZURE_LOG_ANALYTICS"`) +* `AZURE_LOG_ANALYTICS_V2` (value: `"AZURE_LOG_ANALYTICS_V2"`) + [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/docs/PrivateEndpointServicesApi.md b/docs/PrivateEndpointServicesApi.md index fb0a5c8b..e1479902 100644 --- a/docs/PrivateEndpointServicesApi.md +++ b/docs/PrivateEndpointServicesApi.md @@ -383,6 +383,7 @@ List all AwsEndpointConnections for a cluster Can be used by the following roles assigned at the organization, folder or cluster scope: - CLUSTER_ADMIN - CLUSTER_OPERATOR_WRITER +- CLUSTER_DEVELOPER ### Example @@ -452,6 +453,7 @@ List all connections to a cluster's private endpoint service. Can be used by the following roles assigned at the organization, folder or cluster scope: - CLUSTER_ADMIN - CLUSTER_OPERATOR_WRITER +- CLUSTER_DEVELOPER ### Example @@ -523,6 +525,7 @@ The internal_dns property from the regions field in the ListClusters response ca Can be used by the following roles assigned at the organization, folder or cluster scope: - CLUSTER_ADMIN - CLUSTER_OPERATOR_WRITER +- CLUSTER_DEVELOPER ### Example diff --git a/docs/README.md b/docs/README.md index 638f0f76..608bfaf3 100644 --- a/docs/README.md +++ b/docs/README.md @@ -212,3 +212,4 @@ API | Method | HTTP request | Description ## Author support@cockroachlabs.com + diff --git a/internal/openapi-generator/api/openapi-modified.json b/internal/openapi-generator/api/openapi-modified.json index 1e2981c2..d0c5010a 100644 --- a/internal/openapi-generator/api/openapi-modified.json +++ b/internal/openapi-generator/api/openapi-modified.json @@ -8220,7 +8220,7 @@ "get": { "operationId": "CockroachCloud_ListAwsEndpointConnections", "summary": "List all AwsEndpointConnections for a cluster", - "description": "Can be used by the following roles assigned at the organization, folder or cluster scope:\n- CLUSTER_ADMIN\n- CLUSTER_OPERATOR_WRITER\n", + "description": "Can be used by the following roles assigned at the organization, folder or cluster scope:\n- CLUSTER_ADMIN\n- CLUSTER_OPERATOR_WRITER\n- CLUSTER_DEVELOPER\n", "parameters": [ { "name": "cluster_id", @@ -8417,7 +8417,7 @@ "get": { "operationId": "CockroachCloud_ListEgressPrivateEndpoints", "summary": "List egress private endpoints", - "description": "Can be used by the following roles assigned at the organization, folder or cluster scope:\n- CLUSTER_ADMIN\n- CLUSTER_OPERATOR_WRITER\n", + "description": "Can be used by the following roles assigned at the organization, folder or cluster scope:\n- CLUSTER_ADMIN\n- CLUSTER_OPERATOR_WRITER\n- CLUSTER_DEVELOPER\n", "parameters": [ { "name": "cluster_id", @@ -8752,7 +8752,7 @@ "get": { "operationId": "CockroachCloud_GetEgressPrivateEndpoint", "summary": "Get egress private endpoint", - "description": "Can be used by the following roles assigned at the organization, folder or cluster scope:\n- CLUSTER_ADMIN\n- CLUSTER_OPERATOR_WRITER\n", + "description": "Can be used by the following roles assigned at the organization, folder or cluster scope:\n- CLUSTER_ADMIN\n- CLUSTER_OPERATOR_WRITER\n- CLUSTER_DEVELOPER\n", "parameters": [ { "name": "cluster_id", @@ -9747,7 +9747,7 @@ "get": { "operationId": "CockroachCloud_ListPrivateEndpointConnections", "summary": "List all connections to a cluster's private endpoint service.", - "description": "Can be used by the following roles assigned at the organization, folder or cluster scope:\n- CLUSTER_ADMIN\n- CLUSTER_OPERATOR_WRITER\n", + "description": "Can be used by the following roles assigned at the organization, folder or cluster scope:\n- CLUSTER_ADMIN\n- CLUSTER_OPERATOR_WRITER\n- CLUSTER_DEVELOPER\n", "parameters": [ { "name": "cluster_id", @@ -10049,7 +10049,7 @@ "get": { "operationId": "CockroachCloud_ListPrivateEndpointServices", "summary": "List all PrivateEndpointServices for a cluster", - "description": "The internal_dns property from the regions field in the ListClusters response can be used to connect to PrivateEndpointServices.\n\nCan be used by the following roles assigned at the organization, folder or cluster scope:\n- CLUSTER_ADMIN\n- CLUSTER_OPERATOR_WRITER\n", + "description": "The internal_dns property from the regions field in the ListClusters response can be used to connect to PrivateEndpointServices.\n\nCan be used by the following roles assigned at the organization, folder or cluster scope:\n- CLUSTER_ADMIN\n- CLUSTER_OPERATOR_WRITER\n- CLUSTER_DEVELOPER\n", "parameters": [ { "name": "cluster_id", @@ -15118,7 +15118,8 @@ "AUDIT_LOG_ACTION_ENROLL_USER_MFA", "AUDIT_LOG_ACTION_REGENERATE_RECOVERY_CODES", "AUDIT_LOG_ACTION_CREATE_MIGRATION_ASSISTANT", - "AUDIT_LOG_ACTION_DELETE_MIGRATION_ASSISTANT" + "AUDIT_LOG_ACTION_DELETE_MIGRATION_ASSISTANT", + "AUDIT_LOG_ACTION_UPDATE_BACKUP_CONFIGURATION" ] }, "AuditLogEntry": { @@ -17062,15 +17063,43 @@ "type": "object", "properties": { "auth_principal": { - "type": "string", - "title": "auth_principal is used in different contexts based on integration.\nCloudWatch: AWS Role ARN that identifies a role\nthat the cluster account can assume to write to CloudWatch\nGCP Cloud Logging: GCP Project ID that the cluster service account\nhas permissions to write to for cloud logging.\nAzure Log Analytics: CustomerID or WorkspaceID" + "description": "auth_principal is used in different contexts based on integration.\nCloudWatch: AWS Role ARN that identifies a role\nthat the cluster account can assume to write to CloudWatch\nGCP Cloud Logging: GCP Project ID that the cluster service account\nhas permissions to write to for cloud logging.\nAzure Log Analytics (AZURE_LOG_ANALYTICS): CustomerID or WorkspaceID.\nRequired for AWS_CLOUDWATCH, GCP_CLOUD_LOGGING, and AZURE_LOG_ANALYTICS.\nNot used for AZURE_LOG_ANALYTICS_V2.", + "type": "string" }, "aws_external_id": { "description": "aws_external_id to include when assuming the IAM role specified by role_arn.\nOptional. A specific value may be required by the role's trust policy.\nOnly supported for Advanced clusters on AWS. If provided for a Standard cluster,\nthe request is rejected.", "type": "string" }, + "azure_client_id": { + "description": "Azure client ID for the app registration used by the Logs Ingestion API.", + "type": "string" + }, + "azure_client_secret": { + "description": "Azure client secret for the app registration used by the Logs Ingestion API.", + "type": "string" + }, + "azure_dce_endpoint": { + "description": "Logs ingestion endpoint of the Azure Data Collection Endpoint (DCE). For\nexample, https://{dce-name}.{region}.ingest.monitor.azure.com.", + "type": "string" + }, + "azure_dcr_immutable_id": { + "description": "Immutable ID of the Azure Data Collection Rule (DCR), for example dcr-...", + "type": "string" + }, + "azure_dcr_resource_id": { + "description": "Full ARM resource ID of the Azure Data Collection Rule (DCR). Cockroach\nCloud reads and updates this DCR to add streams for each configured log\ngroup. For example,\n/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Insights/dataCollectionRules/{dcr-name}.", + "type": "string" + }, "azure_shared_key": { - "description": "The primary or the secondary connected sources client authentication key.\nThis is used to export logs to Azure Log Analytics.", + "description": "The primary or the secondary connected sources client authentication key.\nThis is used to export logs to Azure Log Analytics via the legacy\nHTTP Data Collector API. Deprecated: use azure_client_secret instead.", + "type": "string" + }, + "azure_tenant_id": { + "description": "Azure tenant ID for the app registration used by the Logs Ingestion API.", + "type": "string" + }, + "azure_workspace_resource_id": { + "description": "Full ARM resource ID of the Log Analytics workspace. Cockroach Cloud creates\nor updates the required custom tables for each configured log group. For\nexample, /subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.OperationalInsights/workspaces/{workspace-name}.", "type": "string" }, "groups": { @@ -17126,8 +17155,7 @@ }, "required": [ "type", - "log_name", - "auth_principal" + "log_name" ], "title": "EnableLogExportRequest" }, @@ -18139,15 +18167,43 @@ "type": "object", "properties": { "auth_principal": { - "description": "auth_principal is either the AWS Role ARN that identifies a role\nthat the cluster account can assume to write to CloudWatch or the\nGCP Project ID that the cluster service account has permissions to\nwrite to for cloud logging.", + "description": "auth_principal is used in different contexts based on integration.\nCloudWatch: AWS Role ARN that identifies a role\nthat the cluster account can assume to write to CloudWatch\nGCP Cloud Logging: GCP Project ID that the cluster service account\nhas permissions to write to for cloud logging.\nAzure Log Analytics (AZURE_LOG_ANALYTICS): CustomerID or WorkspaceID.\nNot used for AZURE_LOG_ANALYTICS_V2.", "type": "string" }, "aws_external_id": { "description": "aws_external_id, if set, is included when assuming the IAM role. Supported for\nAdvanced clusters on AWS only.", "type": "string" }, + "azure_client_id": { + "description": "Azure client ID for the app registration used by the Logs Ingestion API.", + "type": "string" + }, + "azure_client_secret": { + "description": "Azure client secret for the app registration used by the Logs Ingestion API.", + "type": "string" + }, + "azure_dce_endpoint": { + "description": "Logs ingestion endpoint of the Azure Data Collection Endpoint (DCE). For\nexample, https://{dce-name}.{region}.ingest.monitor.azure.com.", + "type": "string" + }, + "azure_dcr_immutable_id": { + "description": "Immutable ID of the Azure Data Collection Rule (DCR), for example dcr-...", + "type": "string" + }, + "azure_dcr_resource_id": { + "description": "Full ARM resource ID of the Azure Data Collection Rule (DCR). Cockroach\nCloud reads and updates this DCR to add streams for each configured log\ngroup. For example,\n/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Insights/dataCollectionRules/{dcr-name}.", + "type": "string" + }, "azure_shared_key": { - "description": "The primary or the secondary connected sources client authentication key.\nThis is used to export logs to Azure Log Analytics.", + "description": "The primary or the secondary connected sources client authentication key.\nThis is used to export logs to Azure Log Analytics via the legacy\nHTTP Data Collector API. Deprecated: use azure_client_secret instead.", + "type": "string" + }, + "azure_tenant_id": { + "description": "Azure tenant ID for the app registration used by the Logs Ingestion API.", + "type": "string" + }, + "azure_workspace_resource_id": { + "description": "Full ARM resource ID of the Log Analytics workspace. Cockroach Cloud creates\nor updates the required custom tables for each configured log group. For\nexample, /subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.OperationalInsights/workspaces/{workspace-name}.", "type": "string" }, "groups": { @@ -18227,12 +18283,13 @@ ] }, "LogExportType": { - "description": "LogExportType encodes the cloud selection that we're exporting to\nalong with the cloud logging platform.\n\nCurrently, each cloud has a single logging platform.", + "description": "LogExportType encodes the cloud selection that we're exporting to\nalong with the cloud logging platform.\n\nCurrently, each cloud has a single logging platform.\n\n - AZURE_LOG_ANALYTICS: AZURE_LOG_ANALYTICS is the legacy Azure export path via Fluent Bit's HTTP\nData Collector API (retiring 2026-09-14). Deprecated: use\nAZURE_LOG_ANALYTICS_V2 instead.\n - AZURE_LOG_ANALYTICS_V2: AZURE_LOG_ANALYTICS_V2 exports to Azure Monitor via the Logs Ingestion API\nand DCR-based ingestion (OTel pipeline), replacing the deprecated\nAZURE_LOG_ANALYTICS path that uses Fluent Bit's HTTP Data Collector API\n(retiring 2026-09-14). V2 authenticates with a tenant/client/secret + DCR\nendpoint and rule, whereas the legacy type uses a workspace ID + shared key.", "type": "string", "enum": [ "AWS_CLOUDWATCH", "GCP_CLOUD_LOGGING", - "AZURE_LOG_ANALYTICS" + "AZURE_LOG_ANALYTICS", + "AZURE_LOG_ANALYTICS_V2" ] }, "LogLevel.Type": { diff --git a/internal/openapi-generator/api/openapi.yaml b/internal/openapi-generator/api/openapi.yaml index 94bb0fec..033e9547 100644 --- a/internal/openapi-generator/api/openapi.yaml +++ b/internal/openapi-generator/api/openapi.yaml @@ -6098,6 +6098,7 @@ paths: Can be used by the following roles assigned at the organization, folder or cluster scope: - CLUSTER_ADMIN - CLUSTER_OPERATOR_WRITER + - CLUSTER_DEVELOPER operationId: CockroachCloud_ListAwsEndpointConnections parameters: - description: cluster_id is the ID for the cluster. @@ -6245,6 +6246,7 @@ paths: Can be used by the following roles assigned at the organization, folder or cluster scope: - CLUSTER_ADMIN - CLUSTER_OPERATOR_WRITER + - CLUSTER_DEVELOPER operationId: CockroachCloud_ListEgressPrivateEndpoints parameters: - description: cluster_id identifies the CockroachDB Cloud cluster whose egress @@ -6499,6 +6501,7 @@ paths: Can be used by the following roles assigned at the organization, folder or cluster scope: - CLUSTER_ADMIN - CLUSTER_OPERATOR_WRITER + - CLUSTER_DEVELOPER operationId: CockroachCloud_GetEgressPrivateEndpoint parameters: - description: cluster_id identifies the CockroachDB Cloud cluster owning the @@ -7247,6 +7250,7 @@ paths: Can be used by the following roles assigned at the organization, folder or cluster scope: - CLUSTER_ADMIN - CLUSTER_OPERATOR_WRITER + - CLUSTER_DEVELOPER operationId: CockroachCloud_ListPrivateEndpointConnections parameters: - description: cluster_id is the ID for the cluster. @@ -7472,6 +7476,7 @@ paths: Can be used by the following roles assigned at the organization, folder or cluster scope: - CLUSTER_ADMIN - CLUSTER_OPERATOR_WRITER + - CLUSTER_DEVELOPER operationId: CockroachCloud_ListPrivateEndpointServices parameters: - description: cluster_id is the ID for the cluster. @@ -11450,6 +11455,7 @@ components: - AUDIT_LOG_ACTION_REGENERATE_RECOVERY_CODES - AUDIT_LOG_ACTION_CREATE_MIGRATION_ASSISTANT - AUDIT_LOG_ACTION_DELETE_MIGRATION_ASSISTANT + - AUDIT_LOG_ACTION_UPDATE_BACKUP_CONFIGURATION type: string AuditLogEntry: description: |- @@ -13481,13 +13487,15 @@ components: type: GCP_CLOUD_LOGGING properties: auth_principal: - title: |- + description: |- auth_principal is used in different contexts based on integration. CloudWatch: AWS Role ARN that identifies a role that the cluster account can assume to write to CloudWatch GCP Cloud Logging: GCP Project ID that the cluster service account has permissions to write to for cloud logging. - Azure Log Analytics: CustomerID or WorkspaceID + Azure Log Analytics (AZURE_LOG_ANALYTICS): CustomerID or WorkspaceID. + Required for AWS_CLOUDWATCH, GCP_CLOUD_LOGGING, and AZURE_LOG_ANALYTICS. + Not used for AZURE_LOG_ANALYTICS_V2. type: string aws_external_id: description: |- @@ -13496,10 +13504,45 @@ components: Only supported for Advanced clusters on AWS. If provided for a Standard cluster, the request is rejected. type: string + azure_client_id: + description: Azure client ID for the app registration used by the Logs Ingestion + API. + type: string + azure_client_secret: + description: Azure client secret for the app registration used by the Logs + Ingestion API. + type: string + azure_dce_endpoint: + description: |- + Logs ingestion endpoint of the Azure Data Collection Endpoint (DCE). For + example, https://{dce-name}.{region}.ingest.monitor.azure.com. + type: string + azure_dcr_immutable_id: + description: "Immutable ID of the Azure Data Collection Rule (DCR), for\ + \ example dcr-..." + type: string + azure_dcr_resource_id: + description: |- + Full ARM resource ID of the Azure Data Collection Rule (DCR). Cockroach + Cloud reads and updates this DCR to add streams for each configured log + group. For example, + /subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Insights/dataCollectionRules/{dcr-name}. + type: string azure_shared_key: description: |- The primary or the secondary connected sources client authentication key. - This is used to export logs to Azure Log Analytics. + This is used to export logs to Azure Log Analytics via the legacy + HTTP Data Collector API. Deprecated: use azure_client_secret instead. + type: string + azure_tenant_id: + description: Azure tenant ID for the app registration used by the Logs Ingestion + API. + type: string + azure_workspace_resource_id: + description: |- + Full ARM resource ID of the Log Analytics workspace. Cockroach Cloud creates + or updates the required custom tables for each configured log group. For + example, /subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.OperationalInsights/workspaces/{workspace-name}. type: string groups: description: |- @@ -13535,7 +13578,6 @@ components: type: $ref: '#/components/schemas/LogExportType' required: - - auth_principal - log_name - type title: EnableLogExportRequest @@ -15694,13 +15736,11 @@ components: created_at: 2000-01-23T04:56:07.000+00:00 user_message: user_message spec: - omitted_channels: - - omitted_channels - - omitted_channels aws_external_id: aws_external_id auth_principal: auth_principal log_name: log_name redact: true + azure_workspace_resource_id: azure_workspace_resource_id groups: - channels: - channels @@ -15716,9 +15756,18 @@ components: redact: true enable_sending_queue: true min_level: null - region: region + azure_dce_endpoint: azure_dce_endpoint type: null + azure_client_id: azure_client_id + omitted_channels: + - omitted_channels + - omitted_channels + azure_dcr_immutable_id: azure_dcr_immutable_id + azure_dcr_resource_id: azure_dcr_resource_id + region: region + azure_client_secret: azure_client_secret azure_shared_key: azure_shared_key + azure_tenant_id: azure_tenant_id status: null properties: cluster_id: @@ -15743,13 +15792,11 @@ components: this data via the API and also receive it back when inspecting the state of their log export configuration. example: - omitted_channels: - - omitted_channels - - omitted_channels aws_external_id: aws_external_id auth_principal: auth_principal log_name: log_name redact: true + azure_workspace_resource_id: azure_workspace_resource_id groups: - channels: - channels @@ -15765,26 +15812,73 @@ components: redact: true enable_sending_queue: true min_level: null - region: region + azure_dce_endpoint: azure_dce_endpoint type: null + azure_client_id: azure_client_id + omitted_channels: + - omitted_channels + - omitted_channels + azure_dcr_immutable_id: azure_dcr_immutable_id + azure_dcr_resource_id: azure_dcr_resource_id + region: region + azure_client_secret: azure_client_secret azure_shared_key: azure_shared_key + azure_tenant_id: azure_tenant_id properties: auth_principal: description: |- - auth_principal is either the AWS Role ARN that identifies a role - that the cluster account can assume to write to CloudWatch or the - GCP Project ID that the cluster service account has permissions to - write to for cloud logging. + auth_principal is used in different contexts based on integration. + CloudWatch: AWS Role ARN that identifies a role + that the cluster account can assume to write to CloudWatch + GCP Cloud Logging: GCP Project ID that the cluster service account + has permissions to write to for cloud logging. + Azure Log Analytics (AZURE_LOG_ANALYTICS): CustomerID or WorkspaceID. + Not used for AZURE_LOG_ANALYTICS_V2. type: string aws_external_id: description: |- aws_external_id, if set, is included when assuming the IAM role. Supported for Advanced clusters on AWS only. type: string + azure_client_id: + description: Azure client ID for the app registration used by the Logs Ingestion + API. + type: string + azure_client_secret: + description: Azure client secret for the app registration used by the Logs + Ingestion API. + type: string + azure_dce_endpoint: + description: |- + Logs ingestion endpoint of the Azure Data Collection Endpoint (DCE). For + example, https://{dce-name}.{region}.ingest.monitor.azure.com. + type: string + azure_dcr_immutable_id: + description: "Immutable ID of the Azure Data Collection Rule (DCR), for\ + \ example dcr-..." + type: string + azure_dcr_resource_id: + description: |- + Full ARM resource ID of the Azure Data Collection Rule (DCR). Cockroach + Cloud reads and updates this DCR to add streams for each configured log + group. For example, + /subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Insights/dataCollectionRules/{dcr-name}. + type: string azure_shared_key: description: |- The primary or the secondary connected sources client authentication key. - This is used to export logs to Azure Log Analytics. + This is used to export logs to Azure Log Analytics via the legacy + HTTP Data Collector API. Deprecated: use azure_client_secret instead. + type: string + azure_tenant_id: + description: Azure tenant ID for the app registration used by the Logs Ingestion + API. + type: string + azure_workspace_resource_id: + description: |- + Full ARM resource ID of the Log Analytics workspace. Cockroach Cloud creates + or updates the required custom tables for each configured log group. For + example, /subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.OperationalInsights/workspaces/{workspace-name}. type: string groups: description: |- @@ -15879,10 +15973,20 @@ components: along with the cloud logging platform. Currently, each cloud has a single logging platform. + + - AZURE_LOG_ANALYTICS: AZURE_LOG_ANALYTICS is the legacy Azure export path via Fluent Bit's HTTP + Data Collector API (retiring 2026-09-14). Deprecated: use + AZURE_LOG_ANALYTICS_V2 instead. + - AZURE_LOG_ANALYTICS_V2: AZURE_LOG_ANALYTICS_V2 exports to Azure Monitor via the Logs Ingestion API + and DCR-based ingestion (OTel pipeline), replacing the deprecated + AZURE_LOG_ANALYTICS path that uses Fluent Bit's HTTP Data Collector API + (retiring 2026-09-14). V2 authenticates with a tenant/client/secret + DCR + endpoint and rule, whereas the legacy type uses a workspace ID + shared key. enum: - AWS_CLOUDWATCH - GCP_CLOUD_LOGGING - AZURE_LOG_ANALYTICS + - AZURE_LOG_ANALYTICS_V2 type: string LogLevel.Type: description: |2- diff --git a/internal/spec/openapi.json b/internal/spec/openapi.json index 5ed88bd7..388f7ee7 100644 --- a/internal/spec/openapi.json +++ b/internal/spec/openapi.json @@ -8011,7 +8011,7 @@ "get": { "operationId": "CockroachCloud_ListAwsEndpointConnections", "summary": "List all AwsEndpointConnections for a cluster", - "description": "Can be used by the following roles assigned at the organization, folder or cluster scope:\n- CLUSTER_ADMIN\n- CLUSTER_OPERATOR_WRITER\n", + "description": "Can be used by the following roles assigned at the organization, folder or cluster scope:\n- CLUSTER_ADMIN\n- CLUSTER_OPERATOR_WRITER\n- CLUSTER_DEVELOPER\n", "parameters": [ { "name": "cluster_id", @@ -8204,7 +8204,7 @@ "get": { "operationId": "CockroachCloud_ListEgressPrivateEndpoints", "summary": "List egress private endpoints", - "description": "Can be used by the following roles assigned at the organization, folder or cluster scope:\n- CLUSTER_ADMIN\n- CLUSTER_OPERATOR_WRITER\n", + "description": "Can be used by the following roles assigned at the organization, folder or cluster scope:\n- CLUSTER_ADMIN\n- CLUSTER_OPERATOR_WRITER\n- CLUSTER_DEVELOPER\n", "parameters": [ { "name": "cluster_id", @@ -8530,7 +8530,7 @@ "get": { "operationId": "CockroachCloud_GetEgressPrivateEndpoint", "summary": "Get egress private endpoint", - "description": "Can be used by the following roles assigned at the organization, folder or cluster scope:\n- CLUSTER_ADMIN\n- CLUSTER_OPERATOR_WRITER\n", + "description": "Can be used by the following roles assigned at the organization, folder or cluster scope:\n- CLUSTER_ADMIN\n- CLUSTER_OPERATOR_WRITER\n- CLUSTER_DEVELOPER\n", "parameters": [ { "name": "cluster_id", @@ -9504,7 +9504,7 @@ "get": { "operationId": "CockroachCloud_ListPrivateEndpointConnections", "summary": "List all connections to a cluster's private endpoint service.", - "description": "Can be used by the following roles assigned at the organization, folder or cluster scope:\n- CLUSTER_ADMIN\n- CLUSTER_OPERATOR_WRITER\n", + "description": "Can be used by the following roles assigned at the organization, folder or cluster scope:\n- CLUSTER_ADMIN\n- CLUSTER_OPERATOR_WRITER\n- CLUSTER_DEVELOPER\n", "parameters": [ { "name": "cluster_id", @@ -9800,7 +9800,7 @@ "get": { "operationId": "CockroachCloud_ListPrivateEndpointServices", "summary": "List all PrivateEndpointServices for a cluster", - "description": "The internal_dns property from the regions field in the ListClusters response can be used to connect to PrivateEndpointServices.\n\nCan be used by the following roles assigned at the organization, folder or cluster scope:\n- CLUSTER_ADMIN\n- CLUSTER_OPERATOR_WRITER\n", + "description": "The internal_dns property from the regions field in the ListClusters response can be used to connect to PrivateEndpointServices.\n\nCan be used by the following roles assigned at the organization, folder or cluster scope:\n- CLUSTER_ADMIN\n- CLUSTER_OPERATOR_WRITER\n- CLUSTER_DEVELOPER\n", "parameters": [ { "name": "cluster_id", @@ -14707,7 +14707,8 @@ "AUDIT_LOG_ACTION_ENROLL_USER_MFA", "AUDIT_LOG_ACTION_REGENERATE_RECOVERY_CODES", "AUDIT_LOG_ACTION_CREATE_MIGRATION_ASSISTANT", - "AUDIT_LOG_ACTION_DELETE_MIGRATION_ASSISTANT" + "AUDIT_LOG_ACTION_DELETE_MIGRATION_ASSISTANT", + "AUDIT_LOG_ACTION_UPDATE_BACKUP_CONFIGURATION" ] }, "AuditLogEntry": { @@ -16494,15 +16495,43 @@ "type": "object", "properties": { "auth_principal": { - "type": "string", - "title": "auth_principal is used in different contexts based on integration.\nCloudWatch: AWS Role ARN that identifies a role\nthat the cluster account can assume to write to CloudWatch\nGCP Cloud Logging: GCP Project ID that the cluster service account\nhas permissions to write to for cloud logging.\nAzure Log Analytics: CustomerID or WorkspaceID" + "description": "auth_principal is used in different contexts based on integration.\nCloudWatch: AWS Role ARN that identifies a role\nthat the cluster account can assume to write to CloudWatch\nGCP Cloud Logging: GCP Project ID that the cluster service account\nhas permissions to write to for cloud logging.\nAzure Log Analytics (AZURE_LOG_ANALYTICS): CustomerID or WorkspaceID.\nRequired for AWS_CLOUDWATCH, GCP_CLOUD_LOGGING, and AZURE_LOG_ANALYTICS.\nNot used for AZURE_LOG_ANALYTICS_V2.", + "type": "string" }, "aws_external_id": { "description": "aws_external_id to include when assuming the IAM role specified by role_arn.\nOptional. A specific value may be required by the role's trust policy.\nOnly supported for Advanced clusters on AWS. If provided for a Standard cluster,\nthe request is rejected.", "type": "string" }, + "azure_client_id": { + "description": "Azure client ID for the app registration used by the Logs Ingestion API.", + "type": "string" + }, + "azure_client_secret": { + "description": "Azure client secret for the app registration used by the Logs Ingestion API.", + "type": "string" + }, + "azure_dce_endpoint": { + "description": "Logs ingestion endpoint of the Azure Data Collection Endpoint (DCE). For\nexample, https://{dce-name}.{region}.ingest.monitor.azure.com.", + "type": "string" + }, + "azure_dcr_immutable_id": { + "description": "Immutable ID of the Azure Data Collection Rule (DCR), for example dcr-...", + "type": "string" + }, + "azure_dcr_resource_id": { + "description": "Full ARM resource ID of the Azure Data Collection Rule (DCR). Cockroach\nCloud reads and updates this DCR to add streams for each configured log\ngroup. For example,\n/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Insights/dataCollectionRules/{dcr-name}.", + "type": "string" + }, "azure_shared_key": { - "description": "The primary or the secondary connected sources client authentication key.\nThis is used to export logs to Azure Log Analytics.", + "description": "The primary or the secondary connected sources client authentication key.\nThis is used to export logs to Azure Log Analytics via the legacy\nHTTP Data Collector API. Deprecated: use azure_client_secret instead.", + "type": "string" + }, + "azure_tenant_id": { + "description": "Azure tenant ID for the app registration used by the Logs Ingestion API.", + "type": "string" + }, + "azure_workspace_resource_id": { + "description": "Full ARM resource ID of the Log Analytics workspace. Cockroach Cloud creates\nor updates the required custom tables for each configured log group. For\nexample, /subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.OperationalInsights/workspaces/{workspace-name}.", "type": "string" }, "groups": { @@ -16550,7 +16579,7 @@ "shared_key": "shared-key", "type": "GCP_CLOUD_LOGGING" }, - "required": ["type", "log_name", "auth_principal"], + "required": ["type", "log_name"], "title": "EnableLogExportRequest" }, "FolderResource": { @@ -17489,15 +17518,43 @@ "type": "object", "properties": { "auth_principal": { - "description": "auth_principal is either the AWS Role ARN that identifies a role\nthat the cluster account can assume to write to CloudWatch or the\nGCP Project ID that the cluster service account has permissions to\nwrite to for cloud logging.", + "description": "auth_principal is used in different contexts based on integration.\nCloudWatch: AWS Role ARN that identifies a role\nthat the cluster account can assume to write to CloudWatch\nGCP Cloud Logging: GCP Project ID that the cluster service account\nhas permissions to write to for cloud logging.\nAzure Log Analytics (AZURE_LOG_ANALYTICS): CustomerID or WorkspaceID.\nNot used for AZURE_LOG_ANALYTICS_V2.", "type": "string" }, "aws_external_id": { "description": "aws_external_id, if set, is included when assuming the IAM role. Supported for\nAdvanced clusters on AWS only.", "type": "string" }, + "azure_client_id": { + "description": "Azure client ID for the app registration used by the Logs Ingestion API.", + "type": "string" + }, + "azure_client_secret": { + "description": "Azure client secret for the app registration used by the Logs Ingestion API.", + "type": "string" + }, + "azure_dce_endpoint": { + "description": "Logs ingestion endpoint of the Azure Data Collection Endpoint (DCE). For\nexample, https://{dce-name}.{region}.ingest.monitor.azure.com.", + "type": "string" + }, + "azure_dcr_immutable_id": { + "description": "Immutable ID of the Azure Data Collection Rule (DCR), for example dcr-...", + "type": "string" + }, + "azure_dcr_resource_id": { + "description": "Full ARM resource ID of the Azure Data Collection Rule (DCR). Cockroach\nCloud reads and updates this DCR to add streams for each configured log\ngroup. For example,\n/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Insights/dataCollectionRules/{dcr-name}.", + "type": "string" + }, "azure_shared_key": { - "description": "The primary or the secondary connected sources client authentication key.\nThis is used to export logs to Azure Log Analytics.", + "description": "The primary or the secondary connected sources client authentication key.\nThis is used to export logs to Azure Log Analytics via the legacy\nHTTP Data Collector API. Deprecated: use azure_client_secret instead.", + "type": "string" + }, + "azure_tenant_id": { + "description": "Azure tenant ID for the app registration used by the Logs Ingestion API.", + "type": "string" + }, + "azure_workspace_resource_id": { + "description": "Full ARM resource ID of the Log Analytics workspace. Cockroach Cloud creates\nor updates the required custom tables for each configured log group. For\nexample, /subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.OperationalInsights/workspaces/{workspace-name}.", "type": "string" }, "groups": { @@ -17574,9 +17631,14 @@ ] }, "LogExportType": { - "description": "LogExportType encodes the cloud selection that we're exporting to\nalong with the cloud logging platform.\n\nCurrently, each cloud has a single logging platform.", + "description": "LogExportType encodes the cloud selection that we're exporting to\nalong with the cloud logging platform.\n\nCurrently, each cloud has a single logging platform.\n\n - AZURE_LOG_ANALYTICS: AZURE_LOG_ANALYTICS is the legacy Azure export path via Fluent Bit's HTTP\nData Collector API (retiring 2026-09-14). Deprecated: use\nAZURE_LOG_ANALYTICS_V2 instead.\n - AZURE_LOG_ANALYTICS_V2: AZURE_LOG_ANALYTICS_V2 exports to Azure Monitor via the Logs Ingestion API\nand DCR-based ingestion (OTel pipeline), replacing the deprecated\nAZURE_LOG_ANALYTICS path that uses Fluent Bit's HTTP Data Collector API\n(retiring 2026-09-14). V2 authenticates with a tenant/client/secret + DCR\nendpoint and rule, whereas the legacy type uses a workspace ID + shared key.", "type": "string", - "enum": ["AWS_CLOUDWATCH", "GCP_CLOUD_LOGGING", "AZURE_LOG_ANALYTICS"] + "enum": [ + "AWS_CLOUDWATCH", + "GCP_CLOUD_LOGGING", + "AZURE_LOG_ANALYTICS", + "AZURE_LOG_ANALYTICS_V2" + ] }, "LogLevel.Type": { "description": " - UNSPECIFIED: The unspecified log level includes all logs.\n - WARNING: The WARNING severity is used for situations which may require\nspecial handling, where normal operation is expected to resume\nautomatically.\n - ERROR: The ERROR severity is used for situations that require special\nhandling, where normal operation could not proceed as expected.\nOther operations can continue mostly unaffected.\n - FATAL: The FATAL severity is used for situations that require an\nimmediate, hard server shutdown. A report is also sent to\ntelemetry if telemetry is enabled.", diff --git a/pkg/client/model_audit_log_action.go b/pkg/client/model_audit_log_action.go index 750e1be9..2e774795 100644 --- a/pkg/client/model_audit_log_action.go +++ b/pkg/client/model_audit_log_action.go @@ -132,6 +132,7 @@ const ( AUDITLOGACTION_REGENERATE_RECOVERY_CODES AuditLogAction = "AUDIT_LOG_ACTION_REGENERATE_RECOVERY_CODES" AUDITLOGACTION_CREATE_MIGRATION_ASSISTANT AuditLogAction = "AUDIT_LOG_ACTION_CREATE_MIGRATION_ASSISTANT" AUDITLOGACTION_DELETE_MIGRATION_ASSISTANT AuditLogAction = "AUDIT_LOG_ACTION_DELETE_MIGRATION_ASSISTANT" + AUDITLOGACTION_UPDATE_BACKUP_CONFIGURATION AuditLogAction = "AUDIT_LOG_ACTION_UPDATE_BACKUP_CONFIGURATION" ) // All allowed values of AuditLogAction enum. @@ -241,6 +242,7 @@ var AllowedAuditLogActionEnumValues = []AuditLogAction{ "AUDIT_LOG_ACTION_REGENERATE_RECOVERY_CODES", "AUDIT_LOG_ACTION_CREATE_MIGRATION_ASSISTANT", "AUDIT_LOG_ACTION_DELETE_MIGRATION_ASSISTANT", + "AUDIT_LOG_ACTION_UPDATE_BACKUP_CONFIGURATION", } // NewAuditLogActionFromValue returns a pointer to a valid AuditLogAction diff --git a/pkg/client/model_enable_log_export_body.go b/pkg/client/model_enable_log_export_body.go index 8be9ae2f..10ec4219 100644 --- a/pkg/client/model_enable_log_export_body.go +++ b/pkg/client/model_enable_log_export_body.go @@ -20,11 +20,26 @@ package client // EnableLogExportBody struct for EnableLogExportBody. type EnableLogExportBody struct { - AuthPrincipal string `json:"auth_principal"` + // auth_principal is used in different contexts based on integration. CloudWatch: AWS Role ARN that identifies a role that the cluster account can assume to write to CloudWatch GCP Cloud Logging: GCP Project ID that the cluster service account has permissions to write to for cloud logging. Azure Log Analytics (AZURE_LOG_ANALYTICS): CustomerID or WorkspaceID. Required for AWS_CLOUDWATCH, GCP_CLOUD_LOGGING, and AZURE_LOG_ANALYTICS. Not used for AZURE_LOG_ANALYTICS_V2. + AuthPrincipal *string `json:"auth_principal,omitempty"` // aws_external_id to include when assuming the IAM role specified by role_arn. Optional. A specific value may be required by the role's trust policy. Only supported for Advanced clusters on AWS. If provided for a Standard cluster, the request is rejected. AwsExternalId *string `json:"aws_external_id,omitempty"` - // The primary or the secondary connected sources client authentication key. This is used to export logs to Azure Log Analytics. + // Azure client ID for the app registration used by the Logs Ingestion API. + AzureClientId *string `json:"azure_client_id,omitempty"` + // Azure client secret for the app registration used by the Logs Ingestion API. + AzureClientSecret *string `json:"azure_client_secret,omitempty"` + // Logs ingestion endpoint of the Azure Data Collection Endpoint (DCE). For example, https://{dce-name}.{region}.ingest.monitor.azure.com. + AzureDceEndpoint *string `json:"azure_dce_endpoint,omitempty"` + // Immutable ID of the Azure Data Collection Rule (DCR), for example dcr-... + AzureDcrImmutableId *string `json:"azure_dcr_immutable_id,omitempty"` + // Full ARM resource ID of the Azure Data Collection Rule (DCR). Cockroach Cloud reads and updates this DCR to add streams for each configured log group. For example, /subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Insights/dataCollectionRules/{dcr-name}. + AzureDcrResourceId *string `json:"azure_dcr_resource_id,omitempty"` + // The primary or the secondary connected sources client authentication key. This is used to export logs to Azure Log Analytics via the legacy HTTP Data Collector API. Deprecated: use azure_client_secret instead. AzureSharedKey *string `json:"azure_shared_key,omitempty"` + // Azure tenant ID for the app registration used by the Logs Ingestion API. + AzureTenantId *string `json:"azure_tenant_id,omitempty"` + // Full ARM resource ID of the Log Analytics workspace. Cockroach Cloud creates or updates the required custom tables for each configured log group. For example, /subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.OperationalInsights/workspaces/{workspace-name}. + AzureWorkspaceResourceId *string `json:"azure_workspace_resource_id,omitempty"` // groups is a collection of log group configurations that allows the customer to define collections of CRDB log channels that are aggregated separately at the target sink. Groups *[]LogExportGroup `json:"groups,omitempty"` // log_name is an identifier for the logs in the customer's log sink. @@ -42,9 +57,8 @@ type EnableLogExportBody struct { // This constructor will assign default values to properties that have it defined, // and makes sure properties required by API are set, but the set of arguments // will change when the set of required properties is changed -func NewEnableLogExportBody(authPrincipal string, logName string, type_ LogExportType) *EnableLogExportBody { +func NewEnableLogExportBody(logName string, type_ LogExportType) *EnableLogExportBody { p := EnableLogExportBody{} - p.AuthPrincipal = authPrincipal p.LogName = logName p.Type = type_ return &p @@ -58,19 +72,18 @@ func NewEnableLogExportBodyWithDefaults() *EnableLogExportBody { return &p } -// GetAuthPrincipal returns the AuthPrincipal field value. +// GetAuthPrincipal returns the AuthPrincipal field value if set, zero value otherwise. func (o *EnableLogExportBody) GetAuthPrincipal() string { - if o == nil { + if o == nil || o.AuthPrincipal == nil { var ret string return ret } - - return o.AuthPrincipal + return *o.AuthPrincipal } -// SetAuthPrincipal sets field value. +// SetAuthPrincipal gets a reference to the given string and assigns it to the AuthPrincipal field. func (o *EnableLogExportBody) SetAuthPrincipal(v string) { - o.AuthPrincipal = v + o.AuthPrincipal = &v } // GetAwsExternalId returns the AwsExternalId field value if set, zero value otherwise. @@ -87,6 +100,76 @@ func (o *EnableLogExportBody) SetAwsExternalId(v string) { o.AwsExternalId = &v } +// GetAzureClientId returns the AzureClientId field value if set, zero value otherwise. +func (o *EnableLogExportBody) GetAzureClientId() string { + if o == nil || o.AzureClientId == nil { + var ret string + return ret + } + return *o.AzureClientId +} + +// SetAzureClientId gets a reference to the given string and assigns it to the AzureClientId field. +func (o *EnableLogExportBody) SetAzureClientId(v string) { + o.AzureClientId = &v +} + +// GetAzureClientSecret returns the AzureClientSecret field value if set, zero value otherwise. +func (o *EnableLogExportBody) GetAzureClientSecret() string { + if o == nil || o.AzureClientSecret == nil { + var ret string + return ret + } + return *o.AzureClientSecret +} + +// SetAzureClientSecret gets a reference to the given string and assigns it to the AzureClientSecret field. +func (o *EnableLogExportBody) SetAzureClientSecret(v string) { + o.AzureClientSecret = &v +} + +// GetAzureDceEndpoint returns the AzureDceEndpoint field value if set, zero value otherwise. +func (o *EnableLogExportBody) GetAzureDceEndpoint() string { + if o == nil || o.AzureDceEndpoint == nil { + var ret string + return ret + } + return *o.AzureDceEndpoint +} + +// SetAzureDceEndpoint gets a reference to the given string and assigns it to the AzureDceEndpoint field. +func (o *EnableLogExportBody) SetAzureDceEndpoint(v string) { + o.AzureDceEndpoint = &v +} + +// GetAzureDcrImmutableId returns the AzureDcrImmutableId field value if set, zero value otherwise. +func (o *EnableLogExportBody) GetAzureDcrImmutableId() string { + if o == nil || o.AzureDcrImmutableId == nil { + var ret string + return ret + } + return *o.AzureDcrImmutableId +} + +// SetAzureDcrImmutableId gets a reference to the given string and assigns it to the AzureDcrImmutableId field. +func (o *EnableLogExportBody) SetAzureDcrImmutableId(v string) { + o.AzureDcrImmutableId = &v +} + +// GetAzureDcrResourceId returns the AzureDcrResourceId field value if set, zero value otherwise. +func (o *EnableLogExportBody) GetAzureDcrResourceId() string { + if o == nil || o.AzureDcrResourceId == nil { + var ret string + return ret + } + return *o.AzureDcrResourceId +} + +// SetAzureDcrResourceId gets a reference to the given string and assigns it to the AzureDcrResourceId field. +func (o *EnableLogExportBody) SetAzureDcrResourceId(v string) { + o.AzureDcrResourceId = &v +} + // GetAzureSharedKey returns the AzureSharedKey field value if set, zero value otherwise. func (o *EnableLogExportBody) GetAzureSharedKey() string { if o == nil || o.AzureSharedKey == nil { @@ -101,6 +184,34 @@ func (o *EnableLogExportBody) SetAzureSharedKey(v string) { o.AzureSharedKey = &v } +// GetAzureTenantId returns the AzureTenantId field value if set, zero value otherwise. +func (o *EnableLogExportBody) GetAzureTenantId() string { + if o == nil || o.AzureTenantId == nil { + var ret string + return ret + } + return *o.AzureTenantId +} + +// SetAzureTenantId gets a reference to the given string and assigns it to the AzureTenantId field. +func (o *EnableLogExportBody) SetAzureTenantId(v string) { + o.AzureTenantId = &v +} + +// GetAzureWorkspaceResourceId returns the AzureWorkspaceResourceId field value if set, zero value otherwise. +func (o *EnableLogExportBody) GetAzureWorkspaceResourceId() string { + if o == nil || o.AzureWorkspaceResourceId == nil { + var ret string + return ret + } + return *o.AzureWorkspaceResourceId +} + +// SetAzureWorkspaceResourceId gets a reference to the given string and assigns it to the AzureWorkspaceResourceId field. +func (o *EnableLogExportBody) SetAzureWorkspaceResourceId(v string) { + o.AzureWorkspaceResourceId = &v +} + // GetGroups returns the Groups field value if set, zero value otherwise. func (o *EnableLogExportBody) GetGroups() []LogExportGroup { if o == nil || o.Groups == nil { diff --git a/pkg/client/model_log_export_cluster_specification.go b/pkg/client/model_log_export_cluster_specification.go index 66d84e71..a5391108 100644 --- a/pkg/client/model_log_export_cluster_specification.go +++ b/pkg/client/model_log_export_cluster_specification.go @@ -20,12 +20,26 @@ package client // LogExportClusterSpecification LogExportClusterSpecification contains all the data necessary to configure log export for an individual cluster. Users would supply this data via the API and also receive it back when inspecting the state of their log export configuration.. type LogExportClusterSpecification struct { - // auth_principal is either the AWS Role ARN that identifies a role that the cluster account can assume to write to CloudWatch or the GCP Project ID that the cluster service account has permissions to write to for cloud logging. + // auth_principal is used in different contexts based on integration. CloudWatch: AWS Role ARN that identifies a role that the cluster account can assume to write to CloudWatch GCP Cloud Logging: GCP Project ID that the cluster service account has permissions to write to for cloud logging. Azure Log Analytics (AZURE_LOG_ANALYTICS): CustomerID or WorkspaceID. Not used for AZURE_LOG_ANALYTICS_V2. AuthPrincipal *string `json:"auth_principal,omitempty"` // aws_external_id, if set, is included when assuming the IAM role. Supported for Advanced clusters on AWS only. AwsExternalId *string `json:"aws_external_id,omitempty"` - // The primary or the secondary connected sources client authentication key. This is used to export logs to Azure Log Analytics. + // Azure client ID for the app registration used by the Logs Ingestion API. + AzureClientId *string `json:"azure_client_id,omitempty"` + // Azure client secret for the app registration used by the Logs Ingestion API. + AzureClientSecret *string `json:"azure_client_secret,omitempty"` + // Logs ingestion endpoint of the Azure Data Collection Endpoint (DCE). For example, https://{dce-name}.{region}.ingest.monitor.azure.com. + AzureDceEndpoint *string `json:"azure_dce_endpoint,omitempty"` + // Immutable ID of the Azure Data Collection Rule (DCR), for example dcr-... + AzureDcrImmutableId *string `json:"azure_dcr_immutable_id,omitempty"` + // Full ARM resource ID of the Azure Data Collection Rule (DCR). Cockroach Cloud reads and updates this DCR to add streams for each configured log group. For example, /subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Insights/dataCollectionRules/{dcr-name}. + AzureDcrResourceId *string `json:"azure_dcr_resource_id,omitempty"` + // The primary or the secondary connected sources client authentication key. This is used to export logs to Azure Log Analytics via the legacy HTTP Data Collector API. Deprecated: use azure_client_secret instead. AzureSharedKey *string `json:"azure_shared_key,omitempty"` + // Azure tenant ID for the app registration used by the Logs Ingestion API. + AzureTenantId *string `json:"azure_tenant_id,omitempty"` + // Full ARM resource ID of the Log Analytics workspace. Cockroach Cloud creates or updates the required custom tables for each configured log group. For example, /subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.OperationalInsights/workspaces/{workspace-name}. + AzureWorkspaceResourceId *string `json:"azure_workspace_resource_id,omitempty"` // groups is a collection of log group configurations to customize which CRDB channels get aggregated into different groups at the target sink. Unconfigured channels will be sent to the default locations via the settings above. Groups *[]LogExportGroup `json:"groups,omitempty"` // log_name is an identifier for the logs in the customer's log sink. @@ -76,6 +90,76 @@ func (o *LogExportClusterSpecification) SetAwsExternalId(v string) { o.AwsExternalId = &v } +// GetAzureClientId returns the AzureClientId field value if set, zero value otherwise. +func (o *LogExportClusterSpecification) GetAzureClientId() string { + if o == nil || o.AzureClientId == nil { + var ret string + return ret + } + return *o.AzureClientId +} + +// SetAzureClientId gets a reference to the given string and assigns it to the AzureClientId field. +func (o *LogExportClusterSpecification) SetAzureClientId(v string) { + o.AzureClientId = &v +} + +// GetAzureClientSecret returns the AzureClientSecret field value if set, zero value otherwise. +func (o *LogExportClusterSpecification) GetAzureClientSecret() string { + if o == nil || o.AzureClientSecret == nil { + var ret string + return ret + } + return *o.AzureClientSecret +} + +// SetAzureClientSecret gets a reference to the given string and assigns it to the AzureClientSecret field. +func (o *LogExportClusterSpecification) SetAzureClientSecret(v string) { + o.AzureClientSecret = &v +} + +// GetAzureDceEndpoint returns the AzureDceEndpoint field value if set, zero value otherwise. +func (o *LogExportClusterSpecification) GetAzureDceEndpoint() string { + if o == nil || o.AzureDceEndpoint == nil { + var ret string + return ret + } + return *o.AzureDceEndpoint +} + +// SetAzureDceEndpoint gets a reference to the given string and assigns it to the AzureDceEndpoint field. +func (o *LogExportClusterSpecification) SetAzureDceEndpoint(v string) { + o.AzureDceEndpoint = &v +} + +// GetAzureDcrImmutableId returns the AzureDcrImmutableId field value if set, zero value otherwise. +func (o *LogExportClusterSpecification) GetAzureDcrImmutableId() string { + if o == nil || o.AzureDcrImmutableId == nil { + var ret string + return ret + } + return *o.AzureDcrImmutableId +} + +// SetAzureDcrImmutableId gets a reference to the given string and assigns it to the AzureDcrImmutableId field. +func (o *LogExportClusterSpecification) SetAzureDcrImmutableId(v string) { + o.AzureDcrImmutableId = &v +} + +// GetAzureDcrResourceId returns the AzureDcrResourceId field value if set, zero value otherwise. +func (o *LogExportClusterSpecification) GetAzureDcrResourceId() string { + if o == nil || o.AzureDcrResourceId == nil { + var ret string + return ret + } + return *o.AzureDcrResourceId +} + +// SetAzureDcrResourceId gets a reference to the given string and assigns it to the AzureDcrResourceId field. +func (o *LogExportClusterSpecification) SetAzureDcrResourceId(v string) { + o.AzureDcrResourceId = &v +} + // GetAzureSharedKey returns the AzureSharedKey field value if set, zero value otherwise. func (o *LogExportClusterSpecification) GetAzureSharedKey() string { if o == nil || o.AzureSharedKey == nil { @@ -90,6 +174,34 @@ func (o *LogExportClusterSpecification) SetAzureSharedKey(v string) { o.AzureSharedKey = &v } +// GetAzureTenantId returns the AzureTenantId field value if set, zero value otherwise. +func (o *LogExportClusterSpecification) GetAzureTenantId() string { + if o == nil || o.AzureTenantId == nil { + var ret string + return ret + } + return *o.AzureTenantId +} + +// SetAzureTenantId gets a reference to the given string and assigns it to the AzureTenantId field. +func (o *LogExportClusterSpecification) SetAzureTenantId(v string) { + o.AzureTenantId = &v +} + +// GetAzureWorkspaceResourceId returns the AzureWorkspaceResourceId field value if set, zero value otherwise. +func (o *LogExportClusterSpecification) GetAzureWorkspaceResourceId() string { + if o == nil || o.AzureWorkspaceResourceId == nil { + var ret string + return ret + } + return *o.AzureWorkspaceResourceId +} + +// SetAzureWorkspaceResourceId gets a reference to the given string and assigns it to the AzureWorkspaceResourceId field. +func (o *LogExportClusterSpecification) SetAzureWorkspaceResourceId(v string) { + o.AzureWorkspaceResourceId = &v +} + // GetGroups returns the Groups field value if set, zero value otherwise. func (o *LogExportClusterSpecification) GetGroups() []LogExportGroup { if o == nil || o.Groups == nil { diff --git a/pkg/client/model_log_export_type.go b/pkg/client/model_log_export_type.go index 6424d2aa..a4cd1d83 100644 --- a/pkg/client/model_log_export_type.go +++ b/pkg/client/model_log_export_type.go @@ -22,14 +22,15 @@ import ( "fmt" ) -// LogExportType LogExportType encodes the cloud selection that we're exporting to along with the cloud logging platform. Currently, each cloud has a single logging platform. +// LogExportType LogExportType encodes the cloud selection that we're exporting to along with the cloud logging platform. Currently, each cloud has a single logging platform. - AZURE_LOG_ANALYTICS: AZURE_LOG_ANALYTICS is the legacy Azure export path via Fluent Bit's HTTP Data Collector API (retiring 2026-09-14). Deprecated: use AZURE_LOG_ANALYTICS_V2 instead. - AZURE_LOG_ANALYTICS_V2: AZURE_LOG_ANALYTICS_V2 exports to Azure Monitor via the Logs Ingestion API and DCR-based ingestion (OTel pipeline), replacing the deprecated AZURE_LOG_ANALYTICS path that uses Fluent Bit's HTTP Data Collector API (retiring 2026-09-14). V2 authenticates with a tenant/client/secret + DCR endpoint and rule, whereas the legacy type uses a workspace ID + shared key. type LogExportType string // List of LogExportType. const ( - LOGEXPORTTYPE_AWS_CLOUDWATCH LogExportType = "AWS_CLOUDWATCH" - LOGEXPORTTYPE_GCP_CLOUD_LOGGING LogExportType = "GCP_CLOUD_LOGGING" - LOGEXPORTTYPE_AZURE_LOG_ANALYTICS LogExportType = "AZURE_LOG_ANALYTICS" + LOGEXPORTTYPE_AWS_CLOUDWATCH LogExportType = "AWS_CLOUDWATCH" + LOGEXPORTTYPE_GCP_CLOUD_LOGGING LogExportType = "GCP_CLOUD_LOGGING" + LOGEXPORTTYPE_AZURE_LOG_ANALYTICS LogExportType = "AZURE_LOG_ANALYTICS" + LOGEXPORTTYPE_AZURE_LOG_ANALYTICS_V2 LogExportType = "AZURE_LOG_ANALYTICS_V2" ) // All allowed values of LogExportType enum. @@ -37,6 +38,7 @@ var AllowedLogExportTypeEnumValues = []LogExportType{ "AWS_CLOUDWATCH", "GCP_CLOUD_LOGGING", "AZURE_LOG_ANALYTICS", + "AZURE_LOG_ANALYTICS_V2", } // NewLogExportTypeFromValue returns a pointer to a valid LogExportType