protected override SqlPoolSensitivityClassificationModel ApplyUserInputToModel(SqlPoolSensitivityClassificationModel model)
{
InformationProtectionPolicy informationProtectionPolicy = ModelAdapter.RetrieveInformationProtectionPolicyAsync().Result;
if (ParameterSetName == DataClassificationCommon.ColumnParameterSet ||
ParameterSetName == DataClassificationCommon.SqlPoolObjectColumnParameterSet)
{
SensitivityLabelModel sensitivityLabelModel = model.SensitivityLabels.FirstOrDefault();
if (sensitivityLabelModel == null)
{
sensitivityLabelModel = new SensitivityLabelModel
{
SchemaName = SchemaName,
TableName = TableName,
ColumnName = ColumnName,
};
model.SensitivityLabels.Add(sensitivityLabelModel);
}
sensitivityLabelModel.ApplyInput(InformationType, SensitivityLabel, informationProtectionPolicy);
}
else
{
model.ApplyModel(ClassificationObject, informationProtectionPolicy);
}
return(model);
}
private static List <SensitivityLabelModel> MergeSensitivityLabels(
List <SensitivityLabelModel> existingLabels,
List <SensitivityLabelModel> newLabels,
InformationProtectionPolicy informationProtectionPolicy)
{
List <SensitivityLabelModel> mergedLabels = new List <SensitivityLabelModel>();
if (newLabels == null)
{
return(mergedLabels);
}
if (existingLabels == null)
{
return(newLabels);
}
IComparer <SensitivityLabelModel> comparer = new SortComparer();
existingLabels.Sort(comparer);
newLabels.Sort(comparer);
int existingLabelsIndex = 0;
int existingLabelsCount = existingLabels.Count();
int newLabelsIndex = 0;
int newLabelsCount = newLabels.Count();
while (existingLabelsIndex < existingLabelsCount && newLabelsIndex < newLabelsCount)
{
SensitivityLabelModel existingLabel = existingLabels.ElementAt(existingLabelsIndex);
SensitivityLabelModel newLabel = newLabels.ElementAt(newLabelsIndex);
int labelsCompared = comparer.Compare(existingLabel, newLabel);
if (labelsCompared < 0)
{
existingLabelsIndex++;
}
else if (labelsCompared > 0)
{
mergedLabels.Add(newLabel);
newLabelsIndex++;
}
else
{
existingLabel.ApplyModel(newLabel, informationProtectionPolicy);
mergedLabels.Add(existingLabel);
existingLabelsIndex++;
newLabelsIndex++;
}
}
while (newLabelsIndex < newLabelsCount)
{
mergedLabels.Add(newLabels.ElementAt(newLabelsIndex++));
}
return(mergedLabels);
}
internal void ApplyInput(string informationType, string sensitivityLabel, InformationProtectionPolicy informationProtectionPolicy)
{
if (string.IsNullOrEmpty(informationType) && string.IsNullOrEmpty(sensitivityLabel))
{
throw new Exception("Value is not specified neither for InformationType parameter nor for SensitivityLabel parameter");
}
ApplyInformationType(informationType, informationProtectionPolicy);
ApplySensitivityLabel(sensitivityLabel, informationProtectionPolicy);
}
internal async Task <InformationProtectionPolicy> RetrieveInformationProtectionPolicyAsync(Guid tenantId)
{
string endpoint = Context.Environment.GetEndpointAsUri(AzureEnvironment.Endpoint.ResourceManager).ToString();
string uri = $"{endpoint}providers/Microsoft.Management/managementGroups/{tenantId}/providers/Microsoft.Security/informationprotectionpolicies/effective?api-version=2017-08-01-preview";
Exception exception = new Exception(
string.Format(Properties.Resources.DataClassificationFailedToRetrieveInformationProtectionPolicy,
tenantId));
JToken policyToken = await SendAsync(uri, HttpMethod.Get, exception);
return(InformationProtectionPolicy.ToInformationProtectionPolicy(policyToken));
}
private void ApplyInformationType(string newInformationType, InformationProtectionPolicy informationProtectionPolicy)
{
if (!string.IsNullOrEmpty(newInformationType) &&
!string.Equals(InformationType, newInformationType))
{
if (informationProtectionPolicy.InformationTypes.TryGetValue(newInformationType, out Guid informationTypeId))
{
InformationType = newInformationType;
InformationTypeId = informationTypeId.ToString();
}
else
{
throw new Exception($"Information Type '{newInformationType}' is not part of Information Protection Policy. Please add '{newInformationType}' to the Information Protection Policy, or use one of the following: {ToString(informationProtectionPolicy.InformationTypes.Keys)}");
}
}
}
private void ApplySensitivityLabel(string newSensitivityLabel, InformationProtectionPolicy informationProtectionPolicy)
{
if (!string.IsNullOrEmpty(newSensitivityLabel) ||
!string.Equals(SensitivityLabel, newSensitivityLabel))
{
if (informationProtectionPolicy.SensitivityLabels.TryGetValue(newSensitivityLabel, out Guid sensitivityLabelId))
{
SensitivityLabel = newSensitivityLabel;
SensitivityLabelId = sensitivityLabelId.ToString();
}
else
{
throw new Exception($"Sensitivity Label '{newSensitivityLabel}' is not part of Information Protection Policy. Please add '{newSensitivityLabel}' to the Information Protection Policy, or use one of the following: {ToString(informationProtectionPolicy.InformationTypes.Keys)}");
}
}
}
private void ApplySensitivityLabel(string newSensitivityLabel, InformationProtectionPolicy informationProtectionPolicy)
{
if (!string.IsNullOrEmpty(newSensitivityLabel) &&
!string.Equals(SensitivityLabel, newSensitivityLabel))
{
if (informationProtectionPolicy.SensitivityLabels.TryGetValue(newSensitivityLabel, out Tuple <Guid, SensitivityRank> idRankTuple))
{
SensitivityLabel = newSensitivityLabel;
SensitivityLabelId = idRankTuple.Item1.ToString();
Rank = idRankTuple.Item2;
}
else
{
throw new Exception($"Sensitivity Label '{newSensitivityLabel}' is not part of Information Protection Policy. Please add '{newSensitivityLabel}' to the Information Protection Policy, or use one of the following: {ToString(informationProtectionPolicy.SensitivityLabels.Keys)}");
}
}
}
internal void ApplyModel(SensitivityLabelModel sensitivityLabel, InformationProtectionPolicy informationProtectionPolicy)
{
ApplyInput(sensitivityLabel.InformationType, sensitivityLabel.SensitivityLabel, informationProtectionPolicy);
}
public static PSSqlInformationProtectionPolicy ConverToPSType(this InformationProtectionPolicy policy) => new PSSqlInformationProtectionPolicy
{
Version = policy.Version,
InformationTypes = policy.InformationTypes.ToDictionary(kvp => kvp.Key, kvp => kvp.Value.ConvertToPSType()),
Labels = policy.Labels.ToDictionary(kvp => kvp.Key, kvp => kvp.Value.ConverToPSType())
};
/// <summary>
/// Details of the information protection policy.
/// </summary>
/// <param name='scope'>
/// Scope of the query, can be subscription
/// (/subscriptions/0b06d9ea-afe6-4779-bd59-30e5c2d9d13f) or management group
/// (/providers/Microsoft.Management/managementGroups/mgName).
/// </param>
/// <param name='informationProtectionPolicyName'>
/// Name of the information protection policy. Possible values include:
/// 'effective', 'custom'
/// </param>
/// <param name='labels'>
/// Dictionary of sensitivity labels.
/// </param>
/// <param name='informationTypes'>
/// The sensitivity information types.
/// </param>
/// <param name='customHeaders'>
/// Headers that will be added to request.
/// </param>
/// <param name='cancellationToken'>
/// The cancellation token.
/// </param>
/// <exception cref="CloudException">
/// Thrown when the operation returned an invalid status code
/// </exception>
/// <exception cref="SerializationException">
/// Thrown when unable to deserialize the response
/// </exception>
/// <exception cref="ValidationException">
/// Thrown when a required parameter is null
/// </exception>
/// <exception cref="System.ArgumentNullException">
/// Thrown when a required parameter is null
/// </exception>
/// <return>
/// A response object containing the response body and response headers.
/// </return>
public async Task <AzureOperationResponse <InformationProtectionPolicy> > CreateOrUpdateWithHttpMessagesAsync(string scope, string informationProtectionPolicyName, IDictionary <string, SensitivityLabel> labels = default(IDictionary <string, SensitivityLabel>), IDictionary <string, InformationType> informationTypes = default(IDictionary <string, InformationType>), Dictionary <string, List <string> > customHeaders = null, CancellationToken cancellationToken = default(CancellationToken))
{
if (scope == null)
{
throw new ValidationException(ValidationRules.CannotBeNull, "scope");
}
if (informationProtectionPolicyName == null)
{
throw new ValidationException(ValidationRules.CannotBeNull, "informationProtectionPolicyName");
}
string apiVersion = "2017-08-01-preview";
InformationProtectionPolicy informationProtectionPolicy = new InformationProtectionPolicy();
if (labels != null || informationTypes != null)
{
informationProtectionPolicy.Labels = labels;
informationProtectionPolicy.InformationTypes = informationTypes;
}
// Tracing
bool _shouldTrace = ServiceClientTracing.IsEnabled;
string _invocationId = null;
if (_shouldTrace)
{
_invocationId = ServiceClientTracing.NextInvocationId.ToString();
Dictionary <string, object> tracingParameters = new Dictionary <string, object>();
tracingParameters.Add("apiVersion", apiVersion);
tracingParameters.Add("scope", scope);
tracingParameters.Add("informationProtectionPolicyName", informationProtectionPolicyName);
tracingParameters.Add("informationProtectionPolicy", informationProtectionPolicy);
tracingParameters.Add("cancellationToken", cancellationToken);
ServiceClientTracing.Enter(_invocationId, this, "CreateOrUpdate", tracingParameters);
}
// Construct URL
var _baseUrl = Client.BaseUri.AbsoluteUri;
var _url = new System.Uri(new System.Uri(_baseUrl + (_baseUrl.EndsWith("/") ? "" : "/")), "{scope}/providers/Microsoft.Security/informationProtectionPolicies/{informationProtectionPolicyName}").ToString();
_url = _url.Replace("{scope}", System.Uri.EscapeDataString(scope));
_url = _url.Replace("{informationProtectionPolicyName}", System.Uri.EscapeDataString(Rest.Serialization.SafeJsonConvert.SerializeObject(informationProtectionPolicyName, Client.SerializationSettings).Trim('"')));
List <string> _queryParameters = new List <string>();
if (apiVersion != null)
{
_queryParameters.Add(string.Format("api-version={0}", System.Uri.EscapeDataString(apiVersion)));
}
if (_queryParameters.Count > 0)
{
_url += (_url.Contains("?") ? "&" : "?") + string.Join("&", _queryParameters);
}
// Create HTTP transport objects
var _httpRequest = new HttpRequestMessage();
HttpResponseMessage _httpResponse = null;
_httpRequest.Method = new HttpMethod("PUT");
_httpRequest.RequestUri = new System.Uri(_url);
// Set Headers
if (Client.GenerateClientRequestId != null && Client.GenerateClientRequestId.Value)
{
_httpRequest.Headers.TryAddWithoutValidation("x-ms-client-request-id", System.Guid.NewGuid().ToString());
}
if (Client.AcceptLanguage != null)
{
if (_httpRequest.Headers.Contains("accept-language"))
{
_httpRequest.Headers.Remove("accept-language");
}
_httpRequest.Headers.TryAddWithoutValidation("accept-language", Client.AcceptLanguage);
}
if (customHeaders != null)
{
foreach (var _header in customHeaders)
{
if (_httpRequest.Headers.Contains(_header.Key))
{
_httpRequest.Headers.Remove(_header.Key);
}
_httpRequest.Headers.TryAddWithoutValidation(_header.Key, _header.Value);
}
}
// Serialize Request
string _requestContent = null;
if (informationProtectionPolicy != null)
{
_requestContent = Rest.Serialization.SafeJsonConvert.SerializeObject(informationProtectionPolicy, Client.SerializationSettings);
_httpRequest.Content = new StringContent(_requestContent, System.Text.Encoding.UTF8);
_httpRequest.Content.Headers.ContentType = System.Net.Http.Headers.MediaTypeHeaderValue.Parse("application/json; charset=utf-8");
}
// Set Credentials
if (Client.Credentials != null)
{
cancellationToken.ThrowIfCancellationRequested();
await Client.Credentials.ProcessHttpRequestAsync(_httpRequest, cancellationToken).ConfigureAwait(false);
}
// Send Request
if (_shouldTrace)
{
ServiceClientTracing.SendRequest(_invocationId, _httpRequest);
}
cancellationToken.ThrowIfCancellationRequested();
_httpResponse = await Client.HttpClient.SendAsync(_httpRequest, cancellationToken).ConfigureAwait(false);
if (_shouldTrace)
{
ServiceClientTracing.ReceiveResponse(_invocationId, _httpResponse);
}
HttpStatusCode _statusCode = _httpResponse.StatusCode;
cancellationToken.ThrowIfCancellationRequested();
string _responseContent = null;
if ((int)_statusCode != 200 && (int)_statusCode != 201)
{
var ex = new CloudException(string.Format("Operation returned an invalid status code '{0}'", _statusCode));
try
{
_responseContent = await _httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false);
CloudError _errorBody = Rest.Serialization.SafeJsonConvert.DeserializeObject <CloudError>(_responseContent, Client.DeserializationSettings);
if (_errorBody != null)
{
ex = new CloudException(_errorBody.Message);
ex.Body = _errorBody;
}
}
catch (JsonException)
{
// Ignore the exception
}
ex.Request = new HttpRequestMessageWrapper(_httpRequest, _requestContent);
ex.Response = new HttpResponseMessageWrapper(_httpResponse, _responseContent);
if (_httpResponse.Headers.Contains("x-ms-request-id"))
{
ex.RequestId = _httpResponse.Headers.GetValues("x-ms-request-id").FirstOrDefault();
}
if (_shouldTrace)
{
ServiceClientTracing.Error(_invocationId, ex);
}
_httpRequest.Dispose();
if (_httpResponse != null)
{
_httpResponse.Dispose();
}
throw ex;
}
// Create Result
var _result = new AzureOperationResponse <InformationProtectionPolicy>();
_result.Request = _httpRequest;
_result.Response = _httpResponse;
if (_httpResponse.Headers.Contains("x-ms-request-id"))
{
_result.RequestId = _httpResponse.Headers.GetValues("x-ms-request-id").FirstOrDefault();
}
// Deserialize Response
if ((int)_statusCode == 200)
{
_responseContent = await _httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false);
try
{
_result.Body = Rest.Serialization.SafeJsonConvert.DeserializeObject <InformationProtectionPolicy>(_responseContent, Client.DeserializationSettings);
}
catch (JsonException ex)
{
_httpRequest.Dispose();
if (_httpResponse != null)
{
_httpResponse.Dispose();
}
throw new SerializationException("Unable to deserialize the response.", _responseContent, ex);
}
}
// Deserialize Response
if ((int)_statusCode == 201)
{
_responseContent = await _httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false);
try
{
_result.Body = Rest.Serialization.SafeJsonConvert.DeserializeObject <InformationProtectionPolicy>(_responseContent, Client.DeserializationSettings);
}
catch (JsonException ex)
{
_httpRequest.Dispose();
if (_httpResponse != null)
{
_httpResponse.Dispose();
}
throw new SerializationException("Unable to deserialize the response.", _responseContent, ex);
}
}
if (_shouldTrace)
{
ServiceClientTracing.Exit(_invocationId, _result);
}
return(_result);
}
internal void ApplyModel(SensitivityClassificationModel model, InformationProtectionPolicy policy)
{
SensitivityLabels = MergeSensitivityLabels(SensitivityLabels, model.SensitivityLabels, policy);
}
