import * as pulumi from "@pulumi/pulumi";
/**
 * Manages a MS SQL Server Extended Auditing Policy.
 *
 * ## Example Usage
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as azure from "@pulumi/azure";
 *
 * const example = new azure.core.ResourceGroup("example", {
 *     name: "example-resources",
 *     location: "West Europe",
 * });
 * const exampleServer = new azure.mssql.Server("example", {
 *     name: "example-sqlserver",
 *     resourceGroupName: example.name,
 *     location: example.location,
 *     version: "12.0",
 *     administratorLogin: "missadministrator",
 *     administratorLoginPassword: "AdminPassword123!",
 * });
 * const exampleAccount = new azure.storage.Account("example", {
 *     name: "examplesa",
 *     resourceGroupName: example.name,
 *     location: example.location,
 *     accountTier: "Standard",
 *     accountReplicationType: "LRS",
 * });
 * const exampleServerExtendedAuditingPolicy = new azure.mssql.ServerExtendedAuditingPolicy("example", {
 *     serverId: exampleServer.id,
 *     storageEndpoint: exampleAccount.primaryBlobEndpoint,
 *     storageAccountAccessKey: exampleAccount.primaryAccessKey,
 *     storageAccountAccessKeyIsSecondary: false,
 *     retentionInDays: 6,
 * });
 * ```
 *
 * ### With Storage Account Behind VNet And Firewall
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as azure from "@pulumi/azure";
 * import * as azurerm from "@pulumi/azurerm";
 *
 * const primary = azure.core.getSubscription({});
 * const example = azure.core.getClientConfig({});
 * const exampleResourceGroup = new azure.core.ResourceGroup("example", {
 *     name: "example",
 *     location: "West Europe",
 * });
 * const exampleVirtualNetwork = new azure.network.VirtualNetwork("example", {
 *     name: "virtnetname-1",
 *     addressSpaces: ["10.0.0.0/16"],
 *     location: exampleResourceGroup.location,
 *     resourceGroupName: exampleResourceGroup.name,
 * });
 * const exampleSubnet = new azure.network.Subnet("example", {
 *     name: "subnetname-1",
 *     resourceGroupName: exampleResourceGroup.name,
 *     virtualNetworkName: exampleVirtualNetwork.name,
 *     addressPrefixes: ["10.0.2.0/24"],
 *     serviceEndpoints: [
 *         "Microsoft.Sql",
 *         "Microsoft.Storage",
 *     ],
 *     enforcePrivateLinkEndpointNetworkPolicies: true,
 * });
 * const exampleServer = new azure.mssql.Server("example", {
 *     name: "example-sqlserver",
 *     resourceGroupName: exampleResourceGroup.name,
 *     location: exampleResourceGroup.location,
 *     version: "12.0",
 *     administratorLogin: "missadministrator",
 *     administratorLoginPassword: "AdminPassword123!",
 *     minimumTlsVersion: "1.2",
 *     identity: {
 *         type: "SystemAssigned",
 *     },
 * });
 * const exampleAssignment = new azure.authorization.Assignment("example", {
 *     scope: primary.then(primary => primary.id),
 *     roleDefinitionName: "Storage Blob Data Contributor",
 *     principalId: exampleServer.identity.apply(identity => identity?.principalId),
 * });
 * const sqlvnetrule = new azurerm.index.SqlVirtualNetworkRule("sqlvnetrule", {
 *     name: "sql-vnet-rule",
 *     resourceGroupName: exampleResourceGroup.name,
 *     serverName: exampleServer.name,
 *     subnetId: exampleSubnet.id,
 * });
 * const exampleSqlFirewallRule = new azurerm.index.SqlFirewallRule("example", {
 *     name: "FirewallRule1",
 *     resourceGroupName: exampleResourceGroup.name,
 *     serverName: exampleServer.name,
 *     startIpAddress: "0.0.0.0",
 *     endIpAddress: "0.0.0.0",
 * });
 * const exampleAccount = new azure.storage.Account("example", {
 *     name: "examplesa",
 *     resourceGroupName: exampleResourceGroup.name,
 *     location: exampleResourceGroup.location,
 *     accountTier: "Standard",
 *     accountReplicationType: "LRS",
 *     accountKind: "StorageV2",
 *     allowNestedItemsToBePublic: false,
 *     networkRules: {
 *         defaultAction: "Deny",
 *         ipRules: ["127.0.0.1"],
 *         virtualNetworkSubnetIds: [exampleSubnet.id],
 *         bypasses: ["AzureServices"],
 *     },
 *     identity: {
 *         type: "SystemAssigned",
 *     },
 * });
 * const exampleServerExtendedAuditingPolicy = new azure.mssql.ServerExtendedAuditingPolicy("example", {
 *     storageEndpoint: exampleAccount.primaryBlobEndpoint,
 *     serverId: exampleServer.id,
 *     retentionInDays: 6,
 *     logMonitoringEnabled: false,
 *     storageAccountSubscriptionId: primaryAzurermSubscription.subscriptionId,
 * }, {
 *     dependsOn: [
 *         exampleAssignment,
 *         exampleAccount,
 *     ],
 * });
 * ```
 *
 * ## Import
 *
 * MS SQL Server Extended Auditing Policies can be imported using the `resource id`, e.g.
 *
 * ```sh
 * $ pulumi import azure:mssql/serverExtendedAuditingPolicy:ServerExtendedAuditingPolicy example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Sql/servers/sqlServer1/extendedAuditingSettings/default
 * ```
 */
export declare class ServerExtendedAuditingPolicy extends pulumi.CustomResource {
    /**
     * Get an existing ServerExtendedAuditingPolicy resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param state Any extra arguments used during the lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ServerExtendedAuditingPolicyState, opts?: pulumi.CustomResourceOptions): ServerExtendedAuditingPolicy;
    /**
     * Returns true if the given object is an instance of ServerExtendedAuditingPolicy.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj: any): obj is ServerExtendedAuditingPolicy;
    /**
     * A list of Actions-Groups and Actions to audit.
     */
    readonly auditActionsAndGroups: pulumi.Output<string[]>;
    /**
     * Whether to enable the extended auditing policy. Possible values are `true` and `false`. Defaults to `true`.
     *
     * > **Note:** If `enabled` is `true`, `storageEndpoint` or `logMonitoringEnabled` are required.
     */
    readonly enabled: pulumi.Output<boolean | undefined>;
    /**
     * Enable audit events to Azure Monitor? To enable server audit events to Azure Monitor, please enable its main database audit events to Azure Monitor. Defaults to `true`.
     */
    readonly logMonitoringEnabled: pulumi.Output<boolean | undefined>;
    /**
     * Specifies condition of where clause when creating an audit.
     */
    readonly predicateExpression: pulumi.Output<string | undefined>;
    /**
     * The number of days to retain logs for in the storage account. Defaults to `0`.
     */
    readonly retentionInDays: pulumi.Output<number | undefined>;
    /**
     * The ID of the SQL Server to set the extended auditing policy. Changing this forces a new resource to be created.
     */
    readonly serverId: pulumi.Output<string>;
    /**
     * The access key to use for the auditing storage account.
     */
    readonly storageAccountAccessKey: pulumi.Output<string | undefined>;
    /**
     * Is `storageAccountAccessKey` value the storage's secondary key?
     */
    readonly storageAccountAccessKeyIsSecondary: pulumi.Output<boolean | undefined>;
    /**
     * The ID of the Subscription containing the Storage Account.
     */
    readonly storageAccountSubscriptionId: pulumi.Output<string | undefined>;
    /**
     * The blob storage endpoint (e.g. <https://example.blob.core.windows.net>). This blob storage will hold all extended auditing logs.
     */
    readonly storageEndpoint: pulumi.Output<string | undefined>;
    /**
     * Create a ServerExtendedAuditingPolicy resource with the given unique name, arguments, and options.
     *
     * @param name The _unique_ name of the resource.
     * @param args The arguments to use to populate this resource's properties.
     * @param opts A bag of options that control this resource's behavior.
     */
    constructor(name: string, args: ServerExtendedAuditingPolicyArgs, opts?: pulumi.CustomResourceOptions);
}
/**
 * Input properties used for looking up and filtering ServerExtendedAuditingPolicy resources.
 */
export interface ServerExtendedAuditingPolicyState {
    /**
     * A list of Actions-Groups and Actions to audit.
     */
    auditActionsAndGroups?: pulumi.Input<pulumi.Input<string>[]>;
    /**
     * Whether to enable the extended auditing policy. Possible values are `true` and `false`. Defaults to `true`.
     *
     * > **Note:** If `enabled` is `true`, `storageEndpoint` or `logMonitoringEnabled` are required.
     */
    enabled?: pulumi.Input<boolean>;
    /**
     * Enable audit events to Azure Monitor? To enable server audit events to Azure Monitor, please enable its main database audit events to Azure Monitor. Defaults to `true`.
     */
    logMonitoringEnabled?: pulumi.Input<boolean>;
    /**
     * Specifies condition of where clause when creating an audit.
     */
    predicateExpression?: pulumi.Input<string>;
    /**
     * The number of days to retain logs for in the storage account. Defaults to `0`.
     */
    retentionInDays?: pulumi.Input<number>;
    /**
     * The ID of the SQL Server to set the extended auditing policy. Changing this forces a new resource to be created.
     */
    serverId?: pulumi.Input<string>;
    /**
     * The access key to use for the auditing storage account.
     */
    storageAccountAccessKey?: pulumi.Input<string>;
    /**
     * Is `storageAccountAccessKey` value the storage's secondary key?
     */
    storageAccountAccessKeyIsSecondary?: pulumi.Input<boolean>;
    /**
     * The ID of the Subscription containing the Storage Account.
     */
    storageAccountSubscriptionId?: pulumi.Input<string>;
    /**
     * The blob storage endpoint (e.g. <https://example.blob.core.windows.net>). This blob storage will hold all extended auditing logs.
     */
    storageEndpoint?: pulumi.Input<string>;
}
/**
 * The set of arguments for constructing a ServerExtendedAuditingPolicy resource.
 */
export interface ServerExtendedAuditingPolicyArgs {
    /**
     * A list of Actions-Groups and Actions to audit.
     */
    auditActionsAndGroups?: pulumi.Input<pulumi.Input<string>[]>;
    /**
     * Whether to enable the extended auditing policy. Possible values are `true` and `false`. Defaults to `true`.
     *
     * > **Note:** If `enabled` is `true`, `storageEndpoint` or `logMonitoringEnabled` are required.
     */
    enabled?: pulumi.Input<boolean>;
    /**
     * Enable audit events to Azure Monitor? To enable server audit events to Azure Monitor, please enable its main database audit events to Azure Monitor. Defaults to `true`.
     */
    logMonitoringEnabled?: pulumi.Input<boolean>;
    /**
     * Specifies condition of where clause when creating an audit.
     */
    predicateExpression?: pulumi.Input<string>;
    /**
     * The number of days to retain logs for in the storage account. Defaults to `0`.
     */
    retentionInDays?: pulumi.Input<number>;
    /**
     * The ID of the SQL Server to set the extended auditing policy. Changing this forces a new resource to be created.
     */
    serverId: pulumi.Input<string>;
    /**
     * The access key to use for the auditing storage account.
     */
    storageAccountAccessKey?: pulumi.Input<string>;
    /**
     * Is `storageAccountAccessKey` value the storage's secondary key?
     */
    storageAccountAccessKeyIsSecondary?: pulumi.Input<boolean>;
    /**
     * The ID of the Subscription containing the Storage Account.
     */
    storageAccountSubscriptionId?: pulumi.Input<string>;
    /**
     * The blob storage endpoint (e.g. <https://example.blob.core.windows.net>). This blob storage will hold all extended auditing logs.
     */
    storageEndpoint?: pulumi.Input<string>;
}