public override void ExecuteCmdlet()
{
if (this.IsParameterBound(c => c.InputObject))
{
var resourceIdentifier = new ResourceIdentifier(this.InputObject.Id);
this.ResourceGroupName = resourceIdentifier.ResourceGroupName;
this.WorkspaceName = this.InputObject.Name;
}
if (this.IsParameterBound(c => c.ResourceId))
{
var resourceIdentifier = new ResourceIdentifier(this.ResourceId);
this.ResourceGroupName = resourceIdentifier.ResourceGroupName;
this.WorkspaceName = resourceIdentifier.ResourceName;
}
if (string.IsNullOrEmpty(this.ResourceGroupName))
{
this.ResourceGroupName = this.SynapseAnalyticsClient.GetResourceGroupByWorkspaceName(this.WorkspaceName);
}
var result = new VulnerabilityAssessmentSettingsModel(SynapseAnalyticsClient.GetWorkspaceVulnerabilityAssessmentSettings(this.ResourceGroupName, this.WorkspaceName),
this.ResourceGroupName, this.WorkspaceName);
WriteObject(result);
}
/// <summary>
/// Remove the Vulnerability Assessment
/// </summary>
public void ClearVulnerabilityAssessmentSettings(VulnerabilityAssessmentSettingsModel model, string serverName, string databaseName, ApplyToType applyToType)
{
if (applyToType == ApplyToType.Database)
{
VulnerabilityAssessmentCommunicator.ClearDatabaseVulnerabilityAssessmentSettings(model.ResourceGroupName, serverName, databaseName);
}
else
{
VulnerabilityAssessmentCommunicator.ClearManagedDatabaseVulnerabilityAssessmentSettings(model.ResourceGroupName, serverName, databaseName);
}
}
public ServerVulnerabilityAssessmentSettingsModel(VulnerabilityAssessmentSettingsModel model, string serverName)
{
ResourceGroupName = model.ResourceGroupName;
StorageAccountName = model.StorageAccountName;
ScanResultsContainerName = model.ScanResultsContainerName;
RecurringScansInterval = model.RecurringScansInterval;
EmailAdmins = model.EmailAdmins;
NotificationEmail = model.NotificationEmail;
ServerName = serverName;
}
public ManagedDatabaseVulnerabilityAssessmentSettingsModel(VulnerabilityAssessmentSettingsModel model, string instanceName, string databaseName)
{
ResourceGroupName = model.ResourceGroupName;
StorageAccountName = model.StorageAccountName;
ScanResultsContainerName = model.ScanResultsContainerName;
RecurringScansInterval = model.RecurringScansInterval;
EmailAdmins = model.EmailAdmins;
NotificationEmail = model.NotificationEmail;
InstanceName = instanceName;
DatabaseName = databaseName;
}
/// <summary>
/// Provides a Vulnerability Assessment settings model for the given database
/// </summary>
public VulnerabilityAssessmentSettingsModel ConvertSettingsToModel(string resourceGroup, string serverName, string databaseName, DatabaseVulnerabilityAssessment settings)
{
if (settings.RecurringScans == null)
{
// This should never happen
settings.RecurringScans = new VulnerabilityAssessmentRecurringScansProperties
{
IsEnabled = false,
EmailSubscriptionAdmins = true,
Emails = null
};
}
// Getting storage info from StorageContainerPath
var storageAccountName = string.Empty;
var storageBlobContainerName = string.Empty;
if (!string.IsNullOrEmpty(settings.StorageContainerPath))
{
// StorageContainerPath is in the format of : "https://va1storage.blob.core.windows.net/vulnerability-assessment"
var storageAccountNamePart = settings.StorageContainerPath.Split(new[] { "https://" }, StringSplitOptions.RemoveEmptyEntries)[0];
if (!string.IsNullOrEmpty(storageAccountNamePart))
{
storageAccountName = storageAccountNamePart.Split(new[] { "." }, StringSplitOptions.RemoveEmptyEntries)[0];
}
storageBlobContainerName = settings.StorageContainerPath.Split(new[] { "/" }, StringSplitOptions.RemoveEmptyEntries).LastOrDefault();
}
var vulnerabilityAssessmentSettingsModel = new VulnerabilityAssessmentSettingsModel
{
ResourceGroupName = resourceGroup,
StorageAccountName = storageAccountName,
ScanResultsContainerName = storageBlobContainerName,
RecurringScansInterval = settings.RecurringScans.IsEnabled.Value
? RecurringScansInterval.Weekly
: RecurringScansInterval.None,
EmailAdmins = settings.RecurringScans.EmailSubscriptionAdmins.Value,
NotificationEmail = settings.RecurringScans.Emails?.ToArray()
};
return(vulnerabilityAssessmentSettingsModel);
}
/// <summary>
/// Remove the Vulnerability Assessment
/// </summary>
public void ClearVulnerabilityAssessmentSettings(VulnerabilityAssessmentSettingsModel model, string serverName, string databaseName, ApplyToType applyToType)
{
switch (applyToType)
{
case ApplyToType.Database:
VulnerabilityAssessmentCommunicator.ClearDatabaseVulnerabilityAssessmentSettings(model.ResourceGroupName, serverName, databaseName);
break;
case ApplyToType.ManagedDatabase:
VulnerabilityAssessmentCommunicator.ClearManagedDatabaseVulnerabilityAssessmentSettings(model.ResourceGroupName, serverName, databaseName);
break;
case ApplyToType.Server:
VulnerabilityAssessmentCommunicator.ClearServerVulnerabilityAssessmentSettings(model.ResourceGroupName, serverName);
break;
case ApplyToType.ManagedInstance:
VulnerabilityAssessmentCommunicator.ClearManagedInstanceVulnerabilityAssessmentSettings(model.ResourceGroupName, serverName);
break;
default:
throw new ArgumentOutOfRangeException(nameof(applyToType), applyToType, null);
}
}
/// <summary>
/// Transforms the given model object to be an object that is written out
/// </summary>
/// <param name="model">The about to be written model object</param>
/// <returns>The prepared object to be written out</returns>
protected override object TransformModelToOutputObject(VulnerabilityAssessmentSettingsModel model)
{
return(new ManagedInstanceVulnerabilityAssessmentSettingsModel(model, GetServerName()));
}
/// <summary>
/// Set settings with storage access key
/// </summary>
public VulnerabilityAssessmentSettingsModel SetVulnerabilityAssessmentSettingsWithStorageAccessKey(VulnerabilityAssessmentSettingsModel model, string serverName, string databaseName, ApplyToType applyToType)
{
var resourceGroupName = AzureCommunicator.GetStorageResourceGroup(model.StorageAccountName);
var storageContainerInfo = VulnerabilityAssessmentCommunicator.GetStorageContainerInfo(resourceGroupName, model.StorageAccountName,
model.ScanResultsContainerName);
DatabaseVulnerabilityAssessment settings = new DatabaseVulnerabilityAssessment
{
StorageContainerPath = storageContainerInfo.StorageContainerPath,
StorageAccountAccessKey = storageContainerInfo.StorageAccountAccessKey,
RecurringScans = new VulnerabilityAssessmentRecurringScansProperties()
{
IsEnabled = model.RecurringScansInterval != RecurringScansInterval.None,
EmailSubscriptionAdmins = model.EmailAdmins,
Emails = model.NotificationEmail
}
};
var vulnerabilityAssessmentSettings = (applyToType == ApplyToType.Database) ?
VulnerabilityAssessmentCommunicator.SetDatabaseVulnerabilityAssessmentSettings(model.ResourceGroupName, serverName, databaseName, settings) :
VulnerabilityAssessmentCommunicator.SetManagedDatabaseVulnerabilityAssessmentSettings(model.ResourceGroupName, serverName, databaseName, settings);
return(ConvertSettingsToModel(model.ResourceGroupName, serverName, databaseName, vulnerabilityAssessmentSettings));
}
/// <summary>
/// Transforms the given model object to be an object that is written out
/// </summary>
/// <param name="model">The about to be written model object</param>
/// <returns>The prepared object to be written out</returns>
protected override object TransformModelToOutputObject(VulnerabilityAssessmentSettingsModel model)
{
return(new DatabaseVulnerabilityAssessmentSettingsModel(model, GetServerName(), GetDatabaseName()));
}
public override void ExecuteCmdlet()
{
if (this.IsParameterBound(c => c.InputObject))
{
var resourceIdentifier = new ResourceIdentifier(this.InputObject.Id);
this.ResourceGroupName = resourceIdentifier.ResourceGroupName;
this.WorkspaceName = this.InputObject.Name;
}
if (this.IsParameterBound(c => c.ResourceId))
{
var resourceIdentifier = new ResourceIdentifier(this.ResourceId);
this.ResourceGroupName = resourceIdentifier.ResourceGroupName;
this.WorkspaceName = resourceIdentifier.ResourceName;
}
if (string.IsNullOrEmpty(this.ResourceGroupName))
{
this.ResourceGroupName = this.SynapseAnalyticsClient.GetResourceGroupByWorkspaceName(this.WorkspaceName);
}
var parameters = SynapseAnalyticsClient.GetWorkspaceVulnerabilityAssessmentSettings(this.ResourceGroupName, this.WorkspaceName);
if (this.IsParameterBound(c => c.BlobStorageSasUri))
{
// In this case the user provided a full BlobStorageSasUri (e.g. "https://mystorage.blob.core.windows.net/vulnerability-assessment?st=XXXXXX" )
var storageContainerArgs = BlobStorageSasUri.AbsoluteUri.ToString().Split('?');
if (storageContainerArgs.Length < 2)
{
throw new Exception(Resources.InvalidBlobStorageSasUri);
}
parameters.StorageContainerPath = storageContainerArgs[0];
parameters.StorageContainerSasKey = storageContainerArgs[1];
}
else
{
if (this.IsParameterBound(c => c.StorageAccountName))
{
var storageResourceGroupName = SynapseAnalyticsClient.GetStorageResourceGroup(this.StorageAccountName);
var storageContainerInfo = SynapseAnalyticsClient.GetStorageContainerInfo(storageResourceGroupName, this.StorageAccountName, this.ScanResultsContainerName);
parameters.StorageContainerPath = storageContainerInfo.StorageContainerPath;
parameters.StorageAccountAccessKey = storageContainerInfo.StorageAccountAccessKey;
}
if (string.IsNullOrEmpty(parameters.StorageContainerPath))
{
throw new Exception(Resources.NoStorageAccountSpecified);
}
}
if (this.IsParameterBound(c => c.NotificationEmail))
{
if (!Utils.AreEmailAddressesInCorrectFormat(this.NotificationEmail))
{
throw new Exception(Resources.EmailsAreNotValid);
}
parameters.RecurringScans.Emails = this.NotificationEmail;
}
if (this.IsParameterBound(c => c.RecurringScansInterval))
{
parameters.RecurringScans.IsEnabled = this.RecurringScansInterval != RecurringScansInterval.None;
}
if (this.IsParameterBound(c => c.EmailAdmin))
{
parameters.RecurringScans.EmailSubscriptionAdmins = this.EmailAdmin;
}
if (this.ShouldProcess(this.WorkspaceName, string.Format(Resources.UpdatingVulnerabilityAssessmentSetting, this.WorkspaceName)))
{
var result = new VulnerabilityAssessmentSettingsModel(SynapseAnalyticsClient.CreateOrUpdateWorkspaceVulnerabilityAssessmentSettings(this.ResourceGroupName, this.WorkspaceName, parameters),
this.ResourceGroupName, this.WorkspaceName);
WriteObject(result);
}
}
public DatabaseVulnerabilityAssessmentSettingsModel(VulnerabilityAssessmentSettingsModel model, string serverName, string databaseName) : base(model, serverName)
{
DatabaseName = databaseName;
}
public ManagedDatabaseVulnerabilityAssessmentSettingsModel(VulnerabilityAssessmentSettingsModel model, string instanceName, string databaseName) : base(model, instanceName)
{
DatabaseName = databaseName;
}
/// <summary>
/// Set settings with storage SAS key
/// </summary>
public VulnerabilityAssessmentSettingsModel SetVulnerabilityAssessmentSettingsWithStorageSasKey(VulnerabilityAssessmentSettingsModel model, string storageContainerPath,
string storageAccountSasKey, string serverName, string databaseName, ApplyToType applyToType)
{
switch (applyToType)
{
case ApplyToType.Database:
DatabaseVulnerabilityAssessment vaDbSettings = new DatabaseVulnerabilityAssessment
{
StorageContainerPath = storageContainerPath,
StorageContainerSasKey = storageAccountSasKey,
RecurringScans = new VulnerabilityAssessmentRecurringScansProperties()
{
IsEnabled = model.RecurringScansInterval != RecurringScansInterval.None,
EmailSubscriptionAdmins = model.EmailAdmins,
Emails = model.NotificationEmail
}
};
vaDbSettings = VulnerabilityAssessmentCommunicator.SetDatabaseVulnerabilityAssessmentSettings(model.ResourceGroupName, serverName, databaseName, vaDbSettings);
return(ConvertSettingsToModel(model.ResourceGroupName, vaDbSettings.RecurringScans, vaDbSettings.StorageContainerPath));
case ApplyToType.ManagedDatabase:
DatabaseVulnerabilityAssessment vaManagedDbSettings = new DatabaseVulnerabilityAssessment
{
StorageContainerPath = storageContainerPath,
StorageContainerSasKey = storageAccountSasKey,
RecurringScans = new VulnerabilityAssessmentRecurringScansProperties()
{
IsEnabled = model.RecurringScansInterval != RecurringScansInterval.None,
EmailSubscriptionAdmins = model.EmailAdmins,
Emails = model.NotificationEmail
}
};
vaManagedDbSettings = VulnerabilityAssessmentCommunicator.SetManagedDatabaseVulnerabilityAssessmentSettings(model.ResourceGroupName, serverName, databaseName, vaManagedDbSettings);
return(ConvertSettingsToModel(model.ResourceGroupName, vaManagedDbSettings.RecurringScans, vaManagedDbSettings.StorageContainerPath));
case ApplyToType.Server:
ServerVulnerabilityAssessment vaServerSettings = new ServerVulnerabilityAssessment
{
StorageContainerPath = storageContainerPath,
StorageContainerSasKey = storageAccountSasKey,
RecurringScans = new VulnerabilityAssessmentRecurringScansProperties()
{
IsEnabled = model.RecurringScansInterval != RecurringScansInterval.None,
EmailSubscriptionAdmins = model.EmailAdmins,
Emails = model.NotificationEmail
}
};
vaServerSettings = VulnerabilityAssessmentCommunicator.SetServerVulnerabilityAssessmentSettings(model.ResourceGroupName, serverName, vaServerSettings);
return(ConvertSettingsToModel(model.ResourceGroupName, vaServerSettings.RecurringScans, vaServerSettings.StorageContainerPath));
case ApplyToType.ManagedInstance:
ManagedInstanceVulnerabilityAssessment vaManagedInstanceSettings = new ManagedInstanceVulnerabilityAssessment
{
StorageContainerPath = storageContainerPath,
StorageContainerSasKey = storageAccountSasKey,
RecurringScans = new VulnerabilityAssessmentRecurringScansProperties()
{
IsEnabled = model.RecurringScansInterval != RecurringScansInterval.None,
EmailSubscriptionAdmins = model.EmailAdmins,
Emails = model.NotificationEmail
}
};
vaManagedInstanceSettings = VulnerabilityAssessmentCommunicator.SetManagedInstanceVulnerabilityAssessmentSettings(model.ResourceGroupName, serverName, vaManagedInstanceSettings);
return(ConvertSettingsToModel(model.ResourceGroupName, vaManagedInstanceSettings.RecurringScans, vaManagedInstanceSettings.StorageContainerPath));
default:
throw new ArgumentOutOfRangeException(nameof(applyToType), applyToType, null);
}
}
