/// <summary>
/// Updates the given model element with the cmdlet specific operation
/// </summary>
/// <param name="model">A model object</param>
protected override ServerBlobAuditingSettingsModel ApplyUserInputToModel(ServerBlobAuditingSettingsModel model)
{
base.ApplyUserInputToModel(model);
model.AuditState = State == SecurityConstants.Enabled ? AuditStateType.Enabled : AuditStateType.Disabled;
if (RetentionInDays != null)
{
model.RetentionInDays = RetentionInDays;
}
if (StorageAccountName != null)
{
model.StorageAccountName = StorageAccountName;
}
if (MyInvocation.BoundParameters.ContainsKey(SecurityConstants.StorageKeyType)) // the user enter a key type - we use it (and running over the previously defined key type)
{
model.StorageKeyType = (StorageKeyType == SecurityConstants.Primary) ? StorageKeyKind.Primary : StorageKeyKind.Secondary;
}
if (AuditActionGroup != null && AuditActionGroup.Length != 0)
{
model.AuditActionGroup = AuditActionGroup;
}
if (!StorageAccountSubscriptionId.Equals(Guid.Empty))
{
model.StorageAccountSubscriptionId = StorageAccountSubscriptionId;
}
else if (StorageAccountName != null)
{
model.StorageAccountSubscriptionId = Guid.Parse(DefaultProfile.DefaultContext.Subscription.Id);
}
return(model);
}
/// <summary>
/// Transforms the given server policy object to its cmdlet model representation
/// </summary>
private void ModelizeServerAuditPolicy(BlobAuditingPolicy policy, ServerBlobAuditingSettingsModel serverPolicyModel)
{
var properties = policy.Properties;
serverPolicyModel.AuditState = ModelizeAuditState(properties.State);
ModelizeStorageInfo(serverPolicyModel, properties.StorageEndpoint, properties.IsStorageSecondaryKeyInUse);
ModelizeAuditActionGroups(serverPolicyModel, properties.AuditActionsAndGroups);
ModelizeRetentionInfo(serverPolicyModel, properties.RetentionDays);
}
private void ModelizeServerAuditPolicy(ServerBlobAuditingSettingsModel model, ExtendedServerBlobAuditingPolicy policy)
{
model.IsGlobalAuditEnabled = policy.State == BlobAuditingPolicyState.Enabled;
model.IsAzureMonitorTargetEnabled = policy.IsAzureMonitorTargetEnabled;
model.PredicateExpression = policy.PredicateExpression;
ModelizeAuditActionGroups(model, policy.AuditActionsAndGroups);
ModelizeStorageInfo(model, policy.StorageEndpoint, policy.IsStorageSecondaryKeyInUse, policy.StorageAccountSubscriptionId);
ModelizeRetentionInfo(model, policy.RetentionDays);
}
/// <summary>
/// Provides a database server audit policy model for the given database
/// </summary>
public void GetServerBlobAuditingPolicyV2(string resourceGroup, string serverName, out ServerBlobAuditingSettingsModel model)
{
BlobAuditingPolicy policy;
model = new ServerBlobAuditingSettingsModel();
Communicator.GetServerAuditingPolicy(resourceGroup, serverName, out policy);
ModelizeServerAuditPolicy(policy, model);
model.ResourceGroupName = resourceGroup;
model.ServerName = serverName;
}
internal bool RemoveDiagnosticSettings(ServerBlobAuditingSettingsModel model)
{
DiagnosticSettingsResource settings = model.DiagnosticsEnablingAuditCategory.FirstOrDefault();
if (settings == null ||
(model is DatabaseBlobAuditingSettingsModel dbModel ?
Communicator.RemoveDiagnosticSettings(settings.Name, dbModel.ResourceGroupName, dbModel.ServerName, dbModel.DatabaseName) :
Communicator.RemoveDiagnosticSettings(settings.Name, model.ResourceGroupName, model.ServerName)) == false)
{
return(false);
}
model.DiagnosticsEnablingAuditCategory = null;
return(true);
}
internal void GetAuditingSettings(
string resourceGroup, string serverName, ServerBlobAuditingSettingsModel model)
{
ExtendedServerBlobAuditingPolicy policy = Communicator.GetAuditingPolicy(resourceGroup, serverName);
ModelizeServerAuditPolicy(model, policy);
if (model is ServerDiagnosticAuditingSettingsModel diagnosticModel)
{
diagnosticModel.DiagnosticsEnablingAuditCategory =
Communicator.GetDiagnosticsEnablingAuditCategory(out string nextDiagnosticSettingsName,
resourceGroup, serverName);
diagnosticModel.NextDiagnosticSettingsName = nextDiagnosticSettingsName;
}
model.DetermineAuditState();
}
private void PolicizeStorageInfo(ServerBlobAuditingSettingsModel model, dynamic policy)
{
string storageEndpointSuffix = Context.Environment.GetEndpoint(AzureEnvironment.Endpoint.StorageEndpointSuffix);
policy.StorageEndpoint = GetStorageAccountEndpoint(model.StorageAccountName, storageEndpointSuffix);
policy.StorageAccountAccessKey = Subscription.GetId().Equals(model.StorageAccountSubscriptionId) ?
ExtractStorageAccountKey(model.StorageAccountName, model.StorageKeyType) :
ExtractStorageAccountKey(model.StorageAccountSubscriptionId, model.StorageAccountName, model.StorageKeyType);
policy.IsStorageSecondaryKeyInUse = model.StorageKeyType == StorageKeyKind.Secondary;
policy.StorageAccountSubscriptionId = model.StorageAccountSubscriptionId;
if (model.RetentionInDays != null)
{
policy.RetentionDays = (int)model.RetentionInDays;
}
}
internal bool UpdateDiagnosticSettings(DiagnosticSettingsResource settings, ServerBlobAuditingSettingsModel model)
{
DiagnosticSettingsResource updatedSettings = model is DatabaseBlobAuditingSettingsModel dbModel?
Communicator.UpdateDiagnosticSettings(settings, dbModel.ResourceGroupName, dbModel.ServerName, dbModel.DatabaseName) :
Communicator.UpdateDiagnosticSettings(settings, model.ResourceGroupName, model.ServerName);
if (updatedSettings == null)
{
return(false);
}
model.DiagnosticsEnablingAuditCategory = AuditingEndpointsCommunicator.IsAuditCategoryEnabled(updatedSettings) ?
new List <DiagnosticSettingsResource> {
updatedSettings
} : null;
return(true);
}
/// <summary>
/// Takes the cmdlets model object and transform it to the policy as expected by the endpoint
/// </summary>
/// <param name="model">The AuditingPolicy model object</param>
/// <param name="policy">The policy to be modified</param>
/// <returns>The communication model object</returns>
private void PolicizeAuditingSettingsModel(ServerBlobAuditingSettingsModel model, dynamic policy)
{
policy.State = model.IsGlobalAuditEnabled ? BlobAuditingPolicyState.Enabled : BlobAuditingPolicyState.Disabled;
policy.IsAzureMonitorTargetEnabled = model.IsAzureMonitorTargetEnabled;
if (model is DatabaseBlobAuditingSettingsModel dbModel)
{
policy.AuditActionsAndGroups = ExtractAuditActionsAndGroups(dbModel.AuditActionGroup, dbModel.AuditAction);
}
else
{
policy.AuditActionsAndGroups = ExtractAuditActionsAndGroups(model.AuditActionGroup);
}
if (model.AuditState == AuditStateType.Enabled && !string.IsNullOrEmpty(model.StorageAccountName))
{
PolicizeStorageInfo(model, policy);
}
}
private static void ModelizeStorageInfo(ServerBlobAuditingSettingsModel model,
string storageEndpoint, bool?isSecondary, Guid?storageAccountSubscriptionId,
bool isAuditEnabled, int?retentionDays)
{
if (string.IsNullOrEmpty(storageEndpoint))
{
return;
}
if (isAuditEnabled)
{
model.StorageKeyType = GetStorageKeyKind(isSecondary);
model.StorageAccountName = GetStorageAccountName(storageEndpoint);
model.StorageAccountSubscriptionId = storageAccountSubscriptionId ?? Guid.Empty;
ModelizeRetentionInfo(model, retentionDays);
}
}
/// <summary>
/// Transforms the given model to its endpoints acceptable structure and sends it to the endpoint
/// </summary>
public void SetServerAuditingPolicy(ServerBlobAuditingSettingsModel model, string storageEndpointSuffix)
{
if (string.IsNullOrEmpty(model.PredicateExpression))
{
var policy = new Management.Sql.Models.ServerBlobAuditingPolicy();
PolicizeBlobAuditingModel(model, storageEndpointSuffix, policy);
Communicator.SetServerAuditingPolicy(model.ResourceGroupName, model.ServerName, policy);
}
else
{
var policy = new Management.Sql.Models.ExtendedServerBlobAuditingPolicy
{
PredicateExpression = model.PredicateExpression
};
PolicizeBlobAuditingModel(model, storageEndpointSuffix, policy);
Communicator.SetExtendedServerAuditingPolicy(model.ResourceGroupName, model.ServerName, policy);
}
}
public bool SetAuditingPolicy(ServerBlobAuditingSettingsModel model)
{
if (string.IsNullOrEmpty(model.PredicateExpression))
{
var policy = new ServerBlobAuditingPolicy();
PolicizeAuditingSettingsModel(model, policy);
return(Communicator.SetAuditingPolicy(model.ResourceGroupName, model.ServerName, policy));
}
else
{
var policy = new ExtendedServerBlobAuditingPolicy
{
PredicateExpression = model.PredicateExpression
};
PolicizeAuditingSettingsModel(model, policy);
return(Communicator.SetExtendedAuditingPolicy(model.ResourceGroupName, model.ServerName, policy));
}
}
internal bool CreateDiagnosticSettings(string eventHubName, string eventHubAuthorizationRuleId, string workspaceId,
ServerBlobAuditingSettingsModel model)
{
DiagnosticSettingsResource settings = model is DatabaseBlobAuditingSettingsModel dbModel?
Communicator.CreateDiagnosticSettings(dbModel.NextDiagnosticSettingsName,
eventHubName, eventHubAuthorizationRuleId, workspaceId,
dbModel.ResourceGroupName, dbModel.ServerName, dbModel.DatabaseName) :
Communicator.CreateDiagnosticSettings(model.NextDiagnosticSettingsName,
eventHubName, eventHubAuthorizationRuleId, workspaceId,
model.ResourceGroupName, model.ServerName);
if (settings == null)
{
return(false);
}
model.DiagnosticsEnablingAuditCategory = new List <DiagnosticSettingsResource> {
settings
};
return(true);
}
/// <summary>
/// Transforms the given model to its endpoints acceptable structure and sends it to the endpoint
/// </summary>
public void SetServerAuditingPolicy(ServerBlobAuditingSettingsModel model, string storageEndpointSuffix)
{
var parameters = PolicizeBlobAuditingModel(model, storageEndpointSuffix);
Communicator.SetServerAuditingPolicy(model.ResourceGroupName, model.ServerName, parameters);
}
/// <summary>
/// Provides a database server audit policy model for the given database
/// </summary>
internal void GetServerBlobAuditingPolicy(string resourceGroup, string serverName, ServerBlobAuditingSettingsModel model)
{
Management.Sql.Models.ExtendedServerBlobAuditingPolicy policy;
Communicator.GetExtendedServerAuditingPolicy(resourceGroup, serverName, out policy);
ModelizeServerAuditPolicy(policy, model);
model.ResourceGroupName = resourceGroup;
model.ServerName = serverName;
}
/// <summary>
/// Transforms the given server policy object to its cmdlet model representation
/// </summary>
private void ModelizeServerAuditPolicy(Management.Sql.Models.ExtendedServerBlobAuditingPolicy policy, ServerBlobAuditingSettingsModel serverPolicyModel)
{
serverPolicyModel.AuditState = ModelizeAuditState(policy.State.ToString());
ModelizeStorageInfo(serverPolicyModel, policy.StorageEndpoint, policy.IsStorageSecondaryKeyInUse, policy.StorageAccountSubscriptionId);
ModelizeAuditActionGroups(serverPolicyModel, policy.AuditActionsAndGroups);
ModelizeRetentionInfo(serverPolicyModel, policy.RetentionDays);
serverPolicyModel.PredicateExpression = policy.PredicateExpression;
}
protected override ServerBlobAuditingSettingsModel PersistChanges(ServerBlobAuditingSettingsModel model)
{
model.PersistChanges(ModelAdapter);
return(null);
}
/// <summary>
/// Updates the given model element with the cmdlet specific operation
/// </summary>
/// <param name="model">A model object</param>
protected override ServerBlobAuditingSettingsModel ApplyUserInputToModel(ServerBlobAuditingSettingsModel model)
{
base.ApplyUserInputToModel(model);
model.AuditState = State == SecurityConstants.Enabled ? AuditStateType.Enabled : AuditStateType.Disabled;
if (AuditActionGroup != null)
{
model.AuditActionGroup = AuditActionGroup;
}
if (PredicateExpression != null)
{
model.PredicateExpression = PredicateExpression = PredicateExpression;
}
if (ParameterSetName == DefinitionsCommon.BlobStorageParameterSetName ||
ParameterSetName == DefinitionsCommon.StorageAccountSubscriptionIdParameterSetName ||
ParameterSetName == DefinitionsCommon.BlobStorageByParentResourceParameterSetName ||
ParameterSetName == DefinitionsCommon.StorageAccountSubscriptionIdByParentResourceParameterSetName)
{
if (RetentionInDays != null)
{
model.RetentionInDays = RetentionInDays;
}
if (StorageAccountName != null)
{
model.StorageAccountName = StorageAccountName;
}
if (MyInvocation.BoundParameters.ContainsKey(SecurityConstants.StorageKeyType)) // the user enter a key type - we use it (and running over the previously defined key type)
{
model.StorageKeyType = (StorageKeyType == SecurityConstants.Primary) ? StorageKeyKind.Primary : StorageKeyKind.Secondary;
}
if (!StorageAccountSubscriptionId.Equals(Guid.Empty))
{
model.StorageAccountSubscriptionId = StorageAccountSubscriptionId;
}
else if (StorageAccountName != null)
{
model.StorageAccountSubscriptionId = Guid.Parse(DefaultProfile.DefaultContext.Subscription.Id);
}
}
else if (ParameterSetName == DefinitionsCommon.EventHubParameterSetName ||
ParameterSetName == DefinitionsCommon.EventHubByParentResourceParameterSetName)
{
ServerEventHubAuditingSettingsModel eventHubModel = model as ServerEventHubAuditingSettingsModel;
if (EventHubName != null)
{
eventHubModel.EventHubName = EventHubName;
}
if (EventHubAuthorizationRuleResourceId != null)
{
eventHubModel.EventHubAuthorizationRuleResourceId = EventHubAuthorizationRuleResourceId;
}
}
else if (ParameterSetName == DefinitionsCommon.LogAnalyticsParameterSetName ||
ParameterSetName == DefinitionsCommon.LogAnalyticsByParentResourceParameterSetName)
{
ServerLogAnalyticsAuditingSettingsModel logAnalyticsModel = model as ServerLogAnalyticsAuditingSettingsModel;
if (WorkspaceResourceId != null)
{
logAnalyticsModel.WorkspaceResourceId = WorkspaceResourceId;
}
}
return(model);
}
/// <summary>
/// No sending is needed as this is a Get cmdlet
/// </summary>
/// <param name="model">The model object with the data to be sent to the REST endpoints</param>
protected override ServerBlobAuditingSettingsModel PersistChanges(ServerBlobAuditingSettingsModel model)
{
return(null);
}
