/// <summary>
/// Updates the given model element with the cmdlet specific operation
/// </summary>
/// <param name="model">A model object</param>
protected override DatabaseAuditingPolicyModel ApplyUserInputToModel(DatabaseAuditingPolicyModel model)
{
base.ApplyUserInputToModel(model);
model.UseServerDefault = UseServerDefaultOptions.Enabled;
model.StorageAccountName = GetStorageAccountName();
return model;
}
/// <summary>
/// Updates the given model element with the cmdlet specific operation
/// </summary>
/// <param name="model">A model object</param>
protected override DatabaseAuditingPolicyModel ApplyUserInputToModel(DatabaseAuditingPolicyModel model)
{
base.ApplyUserInputToModel(model);
AuditStateType orgAuditStateType = model.AuditState;
model.AuditState = AuditStateType.Enabled;
model.UseServerDefault = UseServerDefaultOptions.Disabled;
if (StorageAccountName != null)
{
model.StorageAccountName = StorageAccountName;
ModelAdapter.ClearStorageDetailsCache();
}
if (!string.IsNullOrEmpty(StorageKeyType)) // the user enter a key type - we use it (and running over the previously defined key type)
{
model.StorageKeyType = (StorageKeyType == SecurityConstants.Primary) ? StorageKeyKind.Primary : StorageKeyKind.Secondary;
}
EventType = Util.ProcessAuditEvents(EventType);
if (EventType != null) // the user provided event types to audit
{
model.EventType = EventType.Select(s => SecurityConstants.AuditEventsToAuditEventType[s]).ToArray();
}
if (RetentionInDays != null)
{
model.RetentionInDays = RetentionInDays;
}
if (TableIdentifier == null)
{
if ((orgAuditStateType == AuditStateType.New) && (model.RetentionInDays > 0))
{
// If retention days is greater than 0 and no audit table identifier is supplied , we throw exception giving the user hint on the recommended TableIdentifier we got from the CSM
throw new Exception(string.Format(Microsoft.Azure.Commands.Sql.Properties.Resources.InvalidRetentionTypeSet, model.TableIdentifier));
}
}
else
{
model.TableIdentifier = TableIdentifier;
}
return model;
}
/// <summary>
/// Takes the cmdlets model object and transform it to the policy as expected by the endpoint
/// </summary>
/// <param name="model">The AuditingPolicy model object</param>
/// <returns>The communication model object</returns>
private DatabaseAuditingPolicyCreateOrUpdateParameters PolicizeDatabaseAuditingModel(DatabaseAuditingPolicyModel model)
{
DatabaseAuditingPolicyCreateOrUpdateParameters updateParameters = new DatabaseAuditingPolicyCreateOrUpdateParameters();
DatabaseAuditingPolicyProperties properties = new DatabaseAuditingPolicyProperties();
updateParameters.Properties = properties;
properties.AuditingState = PolicizeAuditState(model.AuditState);
properties.UseServerDefault = (model.UseServerDefault == UseServerDefaultOptions.Enabled) ? SecurityConstants.AuditingEndpoint.Enabled : SecurityConstants.AuditingEndpoint.Disabled;
properties.StorageAccountName = ExtractStorageAccountName(model);
properties.StorageAccountResourceGroupName = ExtractStorageAccountResourceGroup(properties.StorageAccountName);
properties.StorageAccountSubscriptionId = ExtractStorageAccountSubscriptionId(properties.StorageAccountName);
properties.StorageTableEndpoint = ExtractStorageAccountTableEndpoint(properties.StorageAccountName);
properties.StorageAccountKey = ExtractStorageAccountKey(properties.StorageAccountName, model, properties.StorageAccountResourceGroupName, StorageKeyKind.Primary);
properties.StorageAccountSecondaryKey = ExtractStorageAccountKey(properties.StorageAccountName, model, properties.StorageAccountResourceGroupName, StorageKeyKind.Secondary);
properties.EventTypesToAudit = ExtractEventTypes(model);
properties.RetentionDays = model.RetentionInDays.ToString();
properties.AuditLogsTableName = model.TableIdentifier;
return updateParameters;
}
private bool IsDatabaseInServiceTierForPolicy(DatabaseAuditingPolicyModel model, string clientId)
{
AzureSqlDatabaseCommunicator dbCommunicator = new AzureSqlDatabaseCommunicator(Profile, Subscription);
Management.Sql.Models.Database database = dbCommunicator.Get(model.ResourceGroupName, model.ServerName, model.DatabaseName, clientId);
DatabaseEdition edition = DatabaseEdition.None;
Enum.TryParse<DatabaseEdition>(database.Properties.Edition, true, out edition);
if(edition == DatabaseEdition.Basic || edition == DatabaseEdition.Standard || edition == DatabaseEdition.Premium || edition == DatabaseEdition.DataWarehouse)
{
return true;
}
return false;
}
/// <summary>
/// Transforms the given model to its endpoints acceptable structure and sends it to the endpoint
/// </summary>
public void SetDatabaseAuditingPolicy(DatabaseAuditingPolicyModel model, String clientId)
{
if (!IsDatabaseInServiceTierForPolicy(model, clientId))
{
throw new Exception(Resources.DatabaseNotInServiceTierForAuditingPolicy);
}
DatabaseAuditingPolicyCreateOrUpdateParameters parameters = PolicizeDatabaseAuditingModel(model);
Communicator.SetDatabaseAuditingPolicy(model.ResourceGroupName, model.ServerName, model.DatabaseName, clientId, parameters);
}
/// <summary>
/// Transforms the given database policy object to its cmdlet model representation
/// </summary>
private DatabaseAuditingPolicyModel ModelizeDatabaseAuditPolicy(DatabaseAuditingPolicy policy)
{
DatabaseAuditingPolicyModel dbPolicyModel = new DatabaseAuditingPolicyModel();
DatabaseAuditingPolicyProperties properties = policy.Properties;
dbPolicyModel.AuditState = ModelizeAuditState(properties.AuditingState);
dbPolicyModel.UseServerDefault = properties.UseServerDefault == SecurityConstants.AuditingEndpoint.Enabled ? UseServerDefaultOptions.Enabled : UseServerDefaultOptions.Disabled;
ModelizeStorageInfo(dbPolicyModel, properties.StorageAccountName, properties.StorageAccountKey, properties.StorageAccountSecondaryKey);
ModelizeEventTypesInfo(dbPolicyModel, properties.EventTypesToAudit);
ModelizeRetentionInfo(dbPolicyModel, properties.RetentionDays, properties.AuditLogsTableName);
return dbPolicyModel;
}
/// <summary>
/// Transforms the given model to its endpoints acceptable structure and sends it to the endpoint
/// </summary>
public void SetDatabaseAuditingPolicy(DatabaseAuditingPolicyModel model, String clientId, string storageEndpointSuffix)
{
if (!IsDatabaseInServiceTierForPolicy(model, clientId))
{
throw new Exception(Microsoft.Azure.Commands.Sql.Properties.Resources.DatabaseNotInServiceTierForAuditingPolicy);
}
DatabaseAuditingPolicyCreateOrUpdateParameters parameters = PolicizeDatabaseAuditingModel(model, storageEndpointSuffix);
Communicator.SetDatabaseAuditingPolicy(model.ResourceGroupName, model.ServerName, model.DatabaseName, clientId, parameters);
}
/// <summary>
/// This method is responsible to call the right API in the communication layer that will eventually send the information in the
/// object to the REST endpoint
/// </summary>
/// <param name="model">The model object with the data to be sent to the REST endpoints</param>
protected override DatabaseAuditingPolicyModel PersistChanges(DatabaseAuditingPolicyModel model)
{
ModelAdapter.IgnoreStorage = true;
base.PersistChanges(model);
return null;
}
/// <summary>
/// Updates the given model element with the cmdlet specific operation
/// </summary>
/// <param name="model">A model object</param>
protected override DatabaseAuditingPolicyModel ApplyUserInputToModel(DatabaseAuditingPolicyModel model)
{
base.ApplyUserInputToModel(model);
model.AuditState = AuditStateType.Disabled;
return model;
}
/// <summary>
/// Transforms the given model to its endpoints acceptable structure and sends it to the endpoint
/// </summary>
public void SetDatabaseAuditingPolicy(DatabaseAuditingPolicyModel model, string clientId, string storageEndpointSuffix)
{
if (!IsDatabaseInServiceTierForPolicy(model.ResourceGroupName, model.ServerName, model.DatabaseName, clientId))
{
throw new Exception(Properties.Resources.DatabaseNotInServiceTierForAuditingPolicy);
}
var parameters = PolicizeDatabaseAuditingModel(model, storageEndpointSuffix);
Communicator.SetDatabaseAuditingPolicy(model.ResourceGroupName, model.ServerName, model.DatabaseName, clientId, parameters);
}
/// <summary>
/// Provides a database audit policy model for the given database
/// </summary>
public void GetDatabaseAuditingPolicy(string resourceGroup, string serverName, string databaseName, string requestId, out DatabaseAuditingPolicyModel model)
{
DatabaseAuditingPolicy policy;
Communicator.GetDatabaseAuditingPolicy(resourceGroup, serverName, databaseName, requestId, out policy);
var dbPolicyModel = ModelizeDatabaseAuditPolicy(policy);
dbPolicyModel.ResourceGroupName = resourceGroup;
dbPolicyModel.ServerName = serverName;
dbPolicyModel.DatabaseName = databaseName;
FetchedStorageAccountName = policy.Properties.StorageAccountName;
FetchedStorageAccountResourceGroup = policy.Properties.StorageAccountResourceGroupName;
FetchedStorageAccountSubscription = policy.Properties.StorageAccountSubscriptionId;
FetchedStorageAccountTableEndpoint = policy.Properties.StorageTableEndpoint;
model = dbPolicyModel;
}
/// <summary>
/// No sending is needed as this is a Get cmdlet
/// </summary>
/// <param name="model">The model object with the data to be sent to the REST endpoints</param>
protected override DatabaseAuditingPolicyModel PersistChanges(DatabaseAuditingPolicyModel model)
{
return null;
}
