public override void ExecuteCmdlet() { if (this.IsParameterBound(c => c.InputObject)) { this.ResourceGroupName = AzureIdUtilities.GetResourceGroup(this.InputObject.Id); this.WorkspaceName = AzureIdUtilities.GetWorkspaceName(this.InputObject.Id); this.AlertRuleId = AzureIdUtilities.GetAlertRuleName(this.InputObject.Id); this.ActionId = this.InputObject.Name; } if (this.IsParameterBound(c => c.ResourceId)) { var resourceIdentifier = new ResourceIdentifier(this.ResourceId); this.ResourceGroupName = resourceIdentifier.ResourceGroupName; this.WorkspaceName = AzureIdUtilities.GetWorkspaceName(this.ResourceId); this.AlertRuleId = AzureIdUtilities.GetAlertRuleName(this.ResourceId); this.ActionId = resourceIdentifier.ResourceName; } PSSentinelActionResponse alertRuleAction = null; try { alertRuleAction = this.SecurityInsightsClient.Actions.Get(ResourceGroupName, WorkspaceName, AlertRuleId, ActionId).ConvertToPSType(); } catch { alertRuleAction = null; } if (alertRuleAction == null) { throw new Exception(string.Format("An Alert Rule Action with ActionId '{0}' for Alert Rule '{1}' in resource group '{2}' under workspace '{3}' does not exist. Please use New-AzSentinelAlertRuleAction to create an Alert Rule Action with these properties.", this.ActionId, this.AlertRuleId, this.ResourceGroupName, this.WorkspaceName)); } PSSentinelActionRequest updateAlertRuleAction = new PSSentinelActionRequest { LogicAppResourceId = this.LogicAppResourceId, TriggerUri = this.TriggerUri }; if (this.ShouldProcess(this.ActionId, string.Format("Updating Action '{0}' for Alert Rule '{1}' in resource group '{2}' under workspace '{3}'.", this.ActionId, this.AlertRuleId, this.ResourceGroupName, this.WorkspaceName))) { var result = this.SecurityInsightsClient.Actions.CreateOrUpdate(this.ResourceGroupName, this.WorkspaceName, this.AlertRuleId, this.ActionId, updateAlertRuleAction.CreatePSType()).ConvertToPSType(); WriteObject(result); } }
public override void ExecuteCmdlet() { var name = ActionId; var alertrule = AlertRuleId; var resourcegroup = ResourceGroupName; var workspacename = WorkspaceName; switch (ParameterSetName) { case ParameterSetNames.ActionId: break; case ParameterSetNames.InputObject: name = InputObject.Name; alertrule = AzureIdUtilities.GetAlertRuleName(InputObject.Id); workspacename = AzureIdUtilities.GetWorkspaceName(InputObject.Id); resourcegroup = AzureIdUtilities.GetResourceGroup(InputObject.Id); break; default: throw new PSInvalidOperationException(); } if (ShouldProcess(name, VerbsCommon.Remove)) { var result = SecurityInsightsClient.AlertRules.DeleteActionWithHttpMessagesAsync(resourcegroup, workspacename, alertrule, name).Result; if (result.Response.StatusCode == (System.Net.HttpStatusCode) 200) { System.Console.WriteLine("success"); } else if (result.Response.StatusCode == (System.Net.HttpStatusCode) 204) { System.Console.WriteLine("success"); } } if (PassThru.IsPresent) { WriteObject(true); } }