internal void RemoveAuditingSettings(ServerAuditModel model) { model.BlobStorageTargetState = AuditStateType.Disabled; model.EventHubTargetState = AuditStateType.Disabled; model.LogAnalyticsTargetState = AuditStateType.Disabled; DisableDiagnosticsAuditWhenDiagnosticsEnablingAuditCategoryDoNotExist(model); Exception exception = null; while (model.DiagnosticsEnablingAuditCategory != null && model.DiagnosticsEnablingAuditCategory.Any()) { DiagnosticSettingsResource settings = model.DiagnosticsEnablingAuditCategory.First(); if (IsAnotherCategoryEnabled(settings)) { if (DisableAuditCategory(model, settings) == false) { exception = DefinitionsCommon.UpdateDiagnosticSettingsException; } } else { if (RemoveFirstDiagnosticSettings(model) == false) { exception = DefinitionsCommon.RemoveDiagnosticSettingsException; } } } if (exception != null) { throw exception; } }
private void EnableDiagnosticsAuditWhenDiagnosticsEnablingAuditCategoryDoNotExist( ServerAuditModel model) { if (CreateDiagnosticSettings( model.EventHubTargetState == AuditStateType.Enabled ? model.EventHubName : null, model.EventHubTargetState == AuditStateType.Enabled ? model.EventHubAuthorizationRuleResourceId : null, model.LogAnalyticsTargetState == AuditStateType.Enabled ? model.WorkspaceResourceId : null, model) == false) { throw DefinitionsCommon.CreateDiagnosticSettingsException; } try { model.IsAzureMonitorTargetEnabled = true; if (CreateOrUpdateAudit(model) == false) { throw DefinitionsCommon.SetAuditingSettingsException; } } catch (Exception) { try { RemoveFirstDiagnosticSettings(model); } catch (Exception) { } throw; } }
private void DisableDiagnosticsAuditWhenOnlyAuditCategoryIsEnabled( ServerAuditModel model, DiagnosticSettingsResource settings, string oldEventHubName, string oldEventHubAuthorizationRuleId, string oldWorkspaceId) { if (RemoveFirstDiagnosticSettings(model) == false) { throw DefinitionsCommon.RemoveDiagnosticSettingsException; } try { DisableDiagnosticsAuditWhenDiagnosticsEnablingAuditCategoryDoNotExist(model); } catch (Exception) { try { CreateDiagnosticSettings(oldEventHubName, oldEventHubAuthorizationRuleId, oldWorkspaceId, model); } catch (Exception) { } throw; } }
internal bool CreateDiagnosticSettings( string eventHubName, string eventHubAuthorizationRuleId, string workspaceId, ServerAuditModel model) { DiagnosticSettingsResource settings; if (model is DatabaseAuditModel databaseAuditModel) { settings = Communicator.CreateDiagnosticSettings(databaseAuditModel.NextDiagnosticSettingsName, eventHubName, eventHubAuthorizationRuleId, workspaceId, databaseAuditModel.ResourceGroupName, databaseAuditModel.ServerName, databaseAuditModel.DatabaseName); } else { settings = Communicator.CreateDiagnosticSettings(model.NextDiagnosticSettingsName, eventHubName, eventHubAuthorizationRuleId, workspaceId, model.ResourceGroupName, model.ServerName); } if (settings == null) { return(false); } IList <DiagnosticSettingsResource> diagnosticsEnablingAuditCategory = model.DiagnosticsEnablingAuditCategory; if (diagnosticsEnablingAuditCategory == null) { diagnosticsEnablingAuditCategory = new List <DiagnosticSettingsResource>(); } diagnosticsEnablingAuditCategory.Add(settings); model.DiagnosticsEnablingAuditCategory = diagnosticsEnablingAuditCategory; return(true); }
private void VerifyAuditBeforePersistChanges(ServerAuditModel model) { if (model.BlobStorageTargetState == AuditStateType.Enabled && string.IsNullOrEmpty(model.StorageAccountResourceId)) { throw DefinitionsCommon.StorageAccountNameParameterException; } if (model.EventHubTargetState == AuditStateType.Enabled && string.IsNullOrEmpty(model.EventHubAuthorizationRuleResourceId)) { throw DefinitionsCommon.EventHubAuthorizationRuleResourceIdParameterException; } if (model.LogAnalyticsTargetState == AuditStateType.Enabled && string.IsNullOrEmpty(model.WorkspaceResourceId)) { throw DefinitionsCommon.WorkspaceResourceIdParameterException; } if (model.DiagnosticsEnablingAuditCategory != null && model.DiagnosticsEnablingAuditCategory.Count > 1) { throw DefinitionsCommon.MultipleDiagnosticsException; } }
private void ModelizeStorageInfo(ServerAuditModel model, string storageEndpoint, bool?isSecondary, Guid?storageAccountSubscriptionId, bool isAuditEnabled, int?retentionDays) { if (string.IsNullOrEmpty(storageEndpoint)) { return; } model.StorageKeyType = GetStorageKeyKind(isSecondary); if (isAuditEnabled) { if (storageAccountSubscriptionId == null || Guid.Empty.Equals(storageAccountSubscriptionId)) { storageAccountSubscriptionId = Subscription.GetId(); } model.StorageAccountResourceId = AzureCommunicator.RetrieveStorageAccountIdAsync( storageAccountSubscriptionId.Value, GetStorageAccountName(storageEndpoint)).GetAwaiter().GetResult(); ModelizeRetentionInfo(model, retentionDays); } }
protected override ServerAuditModel PersistChanges(ServerAuditModel entity) { entity.BlobStorageTargetState = AuditStateType.Disabled; entity.EventHubTargetState = AuditStateType.Disabled; entity.LogAnalyticsTargetState = AuditStateType.Disabled; ModelAdapter.PersistAuditChanges(entity); return(null); }
private void DisableDiagnosticsAuditWhenDiagnosticsEnablingAuditCategoryDoNotExist( ServerAuditModel model) { model.IsAzureMonitorTargetEnabled = null; if (CreateOrUpdateAudit(model) == false) { throw DefinitionsCommon.SetAuditingSettingsException; } }
private static void DetermineTargetsState( ServerAuditModel model, BlobAuditingPolicyState policyState) { if (policyState == BlobAuditingPolicyState.Disabled) { model.BlobStorageTargetState = AuditStateType.Disabled; model.EventHubTargetState = AuditStateType.Disabled; model.LogAnalyticsTargetState = AuditStateType.Disabled; } else { if (string.IsNullOrEmpty(model.StorageAccountResourceId)) { model.BlobStorageTargetState = AuditStateType.Disabled; } else { model.BlobStorageTargetState = AuditStateType.Enabled; } if (model.IsAzureMonitorTargetEnabled == null || model.IsAzureMonitorTargetEnabled == false || model.DiagnosticsEnablingAuditCategory == null) { model.EventHubTargetState = AuditStateType.Disabled; model.LogAnalyticsTargetState = AuditStateType.Disabled; } else { DiagnosticSettingsResource eventHubSettings = model.DiagnosticsEnablingAuditCategory.FirstOrDefault( settings => !string.IsNullOrEmpty(settings.EventHubAuthorizationRuleId)); if (eventHubSettings == null) { model.EventHubTargetState = AuditStateType.Disabled; } else { model.EventHubTargetState = AuditStateType.Enabled; model.EventHubName = eventHubSettings.EventHubName; model.EventHubAuthorizationRuleResourceId = eventHubSettings.EventHubAuthorizationRuleId; } DiagnosticSettingsResource logAnalyticsSettings = model.DiagnosticsEnablingAuditCategory.FirstOrDefault( settings => !string.IsNullOrEmpty(settings.WorkspaceId)); if (logAnalyticsSettings == null) { model.LogAnalyticsTargetState = AuditStateType.Disabled; } else { model.LogAnalyticsTargetState = AuditStateType.Enabled; model.WorkspaceResourceId = logAnalyticsSettings.WorkspaceId; } } } }
private void ModelizeServerAuditPolicy( ServerAuditModel model, ExtendedServerBlobAuditingPolicy policy) { model.IsAzureMonitorTargetEnabled = policy.IsAzureMonitorTargetEnabled; model.PredicateExpression = policy.PredicateExpression; model.AuditActionGroup = ExtractAuditActionGroups(policy.AuditActionsAndGroups); ModelizeStorageInfo(model, policy.StorageEndpoint, policy.IsStorageSecondaryKeyInUse, policy.StorageAccountSubscriptionId, IsAuditEnabled(policy.State), policy.RetentionDays); DetermineTargetsState(model, policy.State); }
internal void GetAuditingSettings( string resourceGroup, string serverName, ServerAuditModel model) { ExtendedServerBlobAuditingPolicy policy = Communicator.GetAuditingPolicy(resourceGroup, serverName); model.DiagnosticsEnablingAuditCategory = Communicator.GetDiagnosticsEnablingAuditCategory(out string nextDiagnosticSettingsName, resourceGroup, serverName); model.NextDiagnosticSettingsName = nextDiagnosticSettingsName; ModelizeServerAuditPolicy(model, policy); }
private void ChangeAuditWhenDiagnosticsEnablingAuditCategoryDoNotExist( ServerAuditModel model) { if (model.EventHubTargetState == AuditStateType.Enabled || model.LogAnalyticsTargetState == AuditStateType.Enabled) { EnableDiagnosticsAuditWhenDiagnosticsEnablingAuditCategoryDoNotExist(model); } else { DisableDiagnosticsAuditWhenDiagnosticsEnablingAuditCategoryDoNotExist(model); } }
private void ChangeAuditWhenDiagnosticsEnablingAuditCategoryExist( ServerAuditModel model, DiagnosticSettingsResource settings) { if (IsAnotherCategoryEnabled(settings)) { ChangeAuditWhenMultipleCategoriesAreEnabled(model, settings); } else { ChangeAuditWhenOnlyAuditCategoryIsEnabled(model, settings); } }
internal void PersistAuditChanges(ServerAuditModel model) { VerifyAuditBeforePersistChanges(model); DiagnosticSettingsResource currentSettings = model.DiagnosticsEnablingAuditCategory?.FirstOrDefault(); if (currentSettings == null) { ChangeAuditWhenDiagnosticsEnablingAuditCategoryDoNotExist(model); } else { ChangeAuditWhenDiagnosticsEnablingAuditCategoryExist(model, currentSettings); } }
private void PolicizeStorageInfo(ServerAuditModel model, dynamic policy) { ExtractStorageAccountProperties(model.StorageAccountResourceId, out string storageAccountName, out Guid storageAccountSubscriptionId); string storageEndpointSuffix = Context.Environment.GetEndpoint(AzureEnvironment.Endpoint.StorageEndpointSuffix); policy.StorageEndpoint = GetStorageAccountEndpoint(storageAccountName, storageEndpointSuffix); policy.StorageAccountAccessKey = AzureCommunicator.RetrieveStorageKeysAsync(model.StorageAccountResourceId).GetAwaiter().GetResult()[model.StorageKeyType]; policy.IsStorageSecondaryKeyInUse = model.StorageKeyType == StorageKeyKind.Secondary; policy.StorageAccountSubscriptionId = storageAccountSubscriptionId; if (model.RetentionInDays != null) { policy.RetentionDays = (int)model.RetentionInDays; } }
private bool SetAudit(ServerAuditModel model) { if (string.IsNullOrEmpty(model.PredicateExpression)) { var policy = new ServerBlobAuditingPolicy(); PolicizeAuditModel(model, policy); return(Communicator.SetAuditingPolicy(model.ResourceGroupName, model.ServerName, policy)); } else { var policy = new ExtendedServerBlobAuditingPolicy { PredicateExpression = model.PredicateExpression }; PolicizeAuditModel(model, policy); return(Communicator.SetExtendedAuditingPolicy(model.ResourceGroupName, model.ServerName, policy)); } }
private void ChangeAuditWhenOnlyAuditCategoryIsEnabled( ServerAuditModel model, DiagnosticSettingsResource settings) { string oldEventHubName = settings.EventHubName; string oldEventHubAuthorizationRuleId = settings.EventHubAuthorizationRuleId; string oldWorkspaceId = settings.WorkspaceId; if (model.EventHubTargetState == AuditStateType.Enabled || model.LogAnalyticsTargetState == AuditStateType.Enabled) { EnableDiagnosticsAuditWhenOnlyAuditCategoryIsEnabled(model, settings, oldEventHubName, oldEventHubAuthorizationRuleId, oldWorkspaceId); } else { DisableDiagnosticsAuditWhenOnlyAuditCategoryIsEnabled(model, settings, oldEventHubName, oldEventHubAuthorizationRuleId, oldWorkspaceId); } }
private void EnableDiagnosticsAuditWhenOnlyAuditCategoryIsEnabled( ServerAuditModel model, DiagnosticSettingsResource settings, string oldEventHubName, string oldEventHubAuthorizationRuleId, string oldWorkspaceId) { settings.EventHubName = model.EventHubTargetState == AuditStateType.Enabled ? model.EventHubName : null; settings.EventHubAuthorizationRuleId = model.EventHubTargetState == AuditStateType.Enabled ? model.EventHubAuthorizationRuleResourceId : null; settings.WorkspaceId = model.LogAnalyticsTargetState == AuditStateType.Enabled ? model.WorkspaceResourceId : null; if (UpdateDiagnosticSettings(settings, model) == false) { throw DefinitionsCommon.UpdateDiagnosticSettingsException; } try { model.IsAzureMonitorTargetEnabled = true; if (CreateOrUpdateAudit(model) == false) { throw DefinitionsCommon.SetAuditingSettingsException; } } catch (Exception) { try { settings.EventHubName = oldEventHubName; settings.EventHubAuthorizationRuleId = oldEventHubAuthorizationRuleId; settings.WorkspaceId = oldWorkspaceId; UpdateDiagnosticSettings(settings, model); } catch (Exception) { } throw; } }
internal bool UpdateDiagnosticSettings( DiagnosticSettingsResource settings, ServerAuditModel model) { DiagnosticSettingsResource modifiedSettings; if (model is DatabaseAuditModel databaseAuditModel) { modifiedSettings = Communicator.UpdateDiagnosticSettings(settings, databaseAuditModel.ResourceGroupName, databaseAuditModel.ServerName, databaseAuditModel.DatabaseName); } else { modifiedSettings = Communicator.UpdateDiagnosticSettings(settings, model.ResourceGroupName, model.ServerName); } if (modifiedSettings == null) { return(false); } List <DiagnosticSettingsResource> diagnosticsEnablingAuditCategory = new List <DiagnosticSettingsResource>(); foreach (DiagnosticSettingsResource existingSettings in model.DiagnosticsEnablingAuditCategory) { if (!string.Equals(modifiedSettings.Id, existingSettings.Id)) { diagnosticsEnablingAuditCategory.Add(existingSettings); } else if (AuditingEndpointsCommunicator.IsAuditCategoryEnabled(modifiedSettings)) { diagnosticsEnablingAuditCategory.Add(modifiedSettings); } } model.DiagnosticsEnablingAuditCategory = diagnosticsEnablingAuditCategory.Any() ? diagnosticsEnablingAuditCategory : null; return(true); }
private void PolicizeAuditModel(ServerAuditModel model, dynamic policy) { policy.State = model.BlobStorageTargetState == AuditStateType.Enabled || model.EventHubTargetState == AuditStateType.Enabled || model.LogAnalyticsTargetState == AuditStateType.Enabled ? BlobAuditingPolicyState.Enabled : BlobAuditingPolicyState.Disabled; policy.IsAzureMonitorTargetEnabled = model.IsAzureMonitorTargetEnabled; if (model is DatabaseAuditModel dbModel) { policy.AuditActionsAndGroups = ExtractAuditActionsAndGroups(dbModel.AuditActionGroup, dbModel.AuditAction); } else { policy.AuditActionsAndGroups = ExtractAuditActionsAndGroups(model.AuditActionGroup); } if (model.BlobStorageTargetState == AuditStateType.Enabled) { PolicizeStorageInfo(model, policy); } }
private void PolicizeStorageInfo(ServerAuditModel model, dynamic policy) { ExtractStorageAccountProperties(model.StorageAccountResourceId, out string storageAccountName, out Guid storageAccountSubscriptionId); policy.StorageEndpoint = GetStorageAccountEndpoint(storageAccountName); policy.StorageAccountSubscriptionId = storageAccountSubscriptionId; if (AzureCommunicator.IsStorageAccountInVNet(model.StorageAccountResourceId)) { Guid?principalId = Communicator.AssignServerIdentity(model.ResourceGroupName, model.ServerName); AzureCommunicator.AssignRoleForServerIdentityOnStorage(model.StorageAccountResourceId, principalId.Value, RoleAssignmentId); } else { policy.IsStorageSecondaryKeyInUse = model.StorageKeyType == StorageKeyKind.Secondary; policy.StorageAccountAccessKey = AzureCommunicator.RetrieveStorageKeysAsync(model.StorageAccountResourceId).GetAwaiter().GetResult()[model.StorageKeyType]; } if (model.RetentionInDays != null) { policy.RetentionDays = (int)model.RetentionInDays; } }
private void ChangeAuditWhenMultipleCategoriesAreEnabled( ServerAuditModel model, DiagnosticSettingsResource settings) { if (DisableAuditCategory(model, settings) == false) { throw DefinitionsCommon.UpdateDiagnosticSettingsException; } try { ChangeAuditWhenDiagnosticsEnablingAuditCategoryDoNotExist(model); } catch (Exception) { try { EnableAuditCategory(model, settings); } catch (Exception) { } throw; } }
protected override ServerAuditModel PersistChanges(ServerAuditModel entity) { ModelAdapter.RemoveAuditingSettings(entity); return(null); }
protected override ServerAuditModel ApplyUserInputToModel(ServerAuditModel model) { base.ApplyUserInputToModel(model); if (AuditActionGroup != null && AuditActionGroup.Length != 0) { model.AuditActionGroup = AuditActionGroup; } if (PredicateExpression != null) { model.PredicateExpression = PredicateExpression = PredicateExpression; } if (BlobStorageTargetState != null) { model.BlobStorageTargetState = BlobStorageTargetState == SecurityConstants.Enabled ? AuditStateType.Enabled : AuditStateType.Disabled; } if (StorageAccountResourceId != null) { model.StorageAccountResourceId = StorageAccountResourceId; } if (MyInvocation.BoundParameters.ContainsKey(SecurityConstants.StorageKeyType)) { model.StorageKeyType = (StorageKeyType == SecurityConstants.Primary) ? StorageKeyKind.Primary : StorageKeyKind.Secondary; } if (RetentionInDays != null) { model.RetentionInDays = RetentionInDays; } if (EventHubTargetState != null) { model.EventHubTargetState = EventHubTargetState == SecurityConstants.Enabled ? AuditStateType.Enabled : AuditStateType.Disabled; } if (EventHubName != null) { model.EventHubName = EventHubName; } if (EventHubAuthorizationRuleResourceId != null) { model.EventHubAuthorizationRuleResourceId = EventHubAuthorizationRuleResourceId; } if (LogAnalyticsTargetState != null) { model.LogAnalyticsTargetState = LogAnalyticsTargetState == SecurityConstants.Enabled ? AuditStateType.Enabled : AuditStateType.Disabled; } if (WorkspaceResourceId != null) { model.WorkspaceResourceId = WorkspaceResourceId; } return(model); }
protected override ServerAuditModel PersistChanges(ServerAuditModel entity) { ModelAdapter.PersistAuditChanges(entity); return(null); }
private bool CreateOrUpdateAudit(ServerAuditModel model) { return((model is DatabaseAuditModel dbModel) ? SetAudit(dbModel) : SetAudit(model)); }