/// <summary> /// Updates the given model element with the cmdlet specific operation /// </summary> /// <param name="model">A model object</param> protected override DatabaseAuditingPolicyModel UpdateModel(DatabaseAuditingPolicyModel model) { base.UpdateModel(model); model.AuditState = AuditStateType.Enabled; model.UseServerDefault = UseServerDefaultOptions.Disabled; if (StorageAccountName != null) { model.StorageAccountName = StorageAccountName; } if (!string.IsNullOrEmpty(StorageKeyType)) // the user enter a key type - we use it (and running over the previously defined key type) { model.StorageKeyType = (StorageKeyType == Constants.Primary) ? StorageKeyKind.Primary : StorageKeyKind.Secondary; } ProcessShortcuts(); if (EventType != null) // the user provided event types to audit, we use it { Dictionary <string, AuditEventType> events = new Dictionary <string, AuditEventType>() { { Constants.DataAccess, AuditEventType.DataAccess }, { Constants.DataChanges, AuditEventType.DataChanges }, { Constants.SecurityExceptions, AuditEventType.SecurityExceptions }, { Constants.RevokePermissions, AuditEventType.RevokePermissions }, { Constants.SchemaChanges, AuditEventType.SchemaChanges } }; model.EventType = EventType.Select(s => events[s]).ToArray(); } return(model); }
/// <summary> /// Transforms the given model to its endpoints acceptable structure and sends it to the endpoint /// </summary> public void SetDatabaseThreatDetectionPolicy(DatabaseThreatDetectionPolicyModel model, String clientId) { if (model.ThreatDetectionState == ThreatDetectionStateType.Enabled) { if (!IsRightServerVersionForThreatDetection(model.ResourceGroupName, model.ServerName, clientId)) { throw new Exception(Properties.Resources.ServerNotApplicableForThreatDetection); } // Check that auditing is turned on: DatabaseAuditingPolicyModel databaseAuditingPolicyModel = AuditingAdapter.GetDatabaseAuditingPolicy(model.ResourceGroupName, model.ServerName, model.DatabaseName, clientId); AuditStateType auditingState = databaseAuditingPolicyModel.AuditState; if (databaseAuditingPolicyModel.UseServerDefault == UseServerDefaultOptions.Enabled) { ServerAuditingPolicyModel serverAuditingPolicyModel = AuditingAdapter.GetServerAuditingPolicy(model.ResourceGroupName, model.ServerName, clientId); auditingState = serverAuditingPolicyModel.AuditState; } if (auditingState != AuditStateType.Enabled) { throw new Exception(Properties.Resources.AuditingIsTurnedOff); } } DatabaseSecurityAlertPolicyCreateOrUpdateParameters databaseSecurityAlertPolicyParameters = PolicizeDatabaseSecurityAlertModel(model); ThreatDetectionCommunicator.SetDatabaseSecurityAlertPolicy(model.ResourceGroupName, model.ServerName, model.DatabaseName, clientId, databaseSecurityAlertPolicyParameters); }
/// <summary> /// Updates the given model element with the cmdlet specific operation /// </summary> /// <param name="model">A model object</param> protected override DatabaseAuditingPolicyModel ApplyUserInputToModel(DatabaseAuditingPolicyModel model) { base.ApplyUserInputToModel(model); model.UseServerDefault = UseServerDefaultOptions.Enabled; model.StorageAccountName = GetStorageAccountName(); return(model); }
/// <summary> /// Transforms the given model to its endpoints acceptable structure and sends it to the endpoint /// </summary> public void SetDatabaseAuditingPolicy(DatabaseAuditingPolicyModel model, String clientId, string storageEndpointSuffix) { if (!IsDatabaseInServiceTierForPolicy(model, clientId)) { throw new Exception(Microsoft.Azure.Commands.Sql.Properties.Resources.DatabaseNotInServiceTierForAuditingPolicy); } DatabaseAuditingPolicyCreateOrUpdateParameters parameters = PolicizeDatabaseAuditingModel(model, storageEndpointSuffix); Communicator.SetDatabaseAuditingPolicy(model.ResourceGroupName, model.ServerName, model.DatabaseName, clientId, parameters); }
private void ApplyUserInputToTableAuditingModel(DatabaseAuditingPolicyModel model) { if (model.AuditState == AuditStateType.New) { model.AuditState = AuditStateType.Enabled; } model.UseServerDefault = UseServerDefaultOptions.Enabled; model.StorageAccountName = GetStorageAccountName(); }
/// <summary> /// Transforms the given model to its endpoints acceptable structure and sends it to the endpoint /// </summary> public void SetDatabaseAuditingPolicy(DatabaseAuditingPolicyModel model, String clientId) { if (!IsDatabaseInServiceTierForPolicy(model, clientId)) { throw new Exception(Resources.DatabaseNotInServiceTierForAuditingPolicy); } DatabaseAuditingPolicyCreateOrUpdateParameters parameters = PolicizeDatabaseAuditingModel(model); Communicator.SetDatabaseAuditingPolicy(model.ResourceGroupName, model.ServerName, model.DatabaseName, clientId, parameters); }
/// <summary> /// Transforms the given model to its endpoints acceptable structure and sends it to the endpoint /// </summary> public void SetDatabaseAuditingPolicy(DatabaseAuditingPolicyModel model, string clientId, string storageEndpointSuffix) { if (!IsDatabaseInServiceTierForPolicy(model.ResourceGroupName, model.ServerName, model.DatabaseName, clientId)) { throw new Exception(Properties.Resources.DatabaseNotInServiceTierForAuditingPolicy); } var parameters = PolicizeDatabaseAuditingModel(model, storageEndpointSuffix); Communicator.SetDatabaseAuditingPolicy(model.ResourceGroupName, model.ServerName, model.DatabaseName, clientId, parameters); }
/// <summary> /// Transforms the given database policy object to its cmdlet model representation /// </summary> private DatabaseAuditingPolicyModel ModelizeDatabaseAuditPolicy(DatabaseAuditingPolicy policy) { DatabaseAuditingPolicyModel dbPolicyModel = new DatabaseAuditingPolicyModel(); DatabaseAuditingPolicyProperties properties = policy.Properties; dbPolicyModel.AuditState = ModelizeAuditState(properties.AuditingState); dbPolicyModel.UseServerDefault = properties.UseServerDefault == Constants.AuditingEndpoint.Enabled ? UseServerDefaultOptions.Enabled : UseServerDefaultOptions.Disabled; ModelizeStorageInfo(dbPolicyModel, properties.StorageAccountName, properties.StorageAccountKey, properties.StorageAccountSecondaryKey); ModelizeEventTypesInfo(dbPolicyModel, properties.EventTypesToAudit); return(dbPolicyModel); }
/// <summary> /// Transforms the given database policy object to its cmdlet model representation /// </summary> private DatabaseAuditingPolicyModel ModelizeDatabaseAuditPolicy(DatabaseAuditingPolicy policy) { var dbPolicyModel = new DatabaseAuditingPolicyModel(); var properties = policy.Properties; dbPolicyModel.AuditState = ModelizeAuditState(properties.AuditingState); dbPolicyModel.UseServerDefault = properties.UseServerDefault == SecurityConstants.AuditingEndpoint.Enabled ? UseServerDefaultOptions.Enabled : UseServerDefaultOptions.Disabled; ModelizeStorageInfo(dbPolicyModel, properties.StorageAccountName, properties.StorageAccountKey, properties.StorageAccountSecondaryKey); ModelizeEventTypesInfo(dbPolicyModel, properties.EventTypesToAudit); ModelizeRetentionInfo(dbPolicyModel, properties.RetentionDays, properties.AuditLogsTableName, properties.FullAuditLogsTableName); return(dbPolicyModel); }
private bool IsDatabaseInServiceTierForPolicy(DatabaseAuditingPolicyModel model, string clientId) { AzureSqlDatabaseCommunicator dbCommunicator = new AzureSqlDatabaseCommunicator(Context); Management.Sql.Models.Database database = dbCommunicator.Get(model.ResourceGroupName, model.ServerName, model.DatabaseName, clientId); DatabaseEdition edition = DatabaseEdition.None; Enum.TryParse<DatabaseEdition>(database.Properties.Edition, true, out edition); if (edition == DatabaseEdition.Basic || edition == DatabaseEdition.Standard || edition == DatabaseEdition.Premium || edition == DatabaseEdition.DataWarehouse) { return true; } return false; }
/// <summary> /// Updates the given model element with the cmdlet specific operation /// </summary> /// <param name="model">A model object</param> protected override AuditingPolicyModel ApplyUserInputToModel(AuditingPolicyModel model) { base.ApplyUserInputToModel(model); model.AuditState = AuditStateType.Disabled; DatabaseAuditingPolicyModel tableAuditingPolicyModel = (model as DatabaseAuditingPolicyModel); if (tableAuditingPolicyModel != null) { tableAuditingPolicyModel.UseServerDefault = UseServerDefaultOptions.Disabled; } return(model); }
/// <summary> /// Updates the given model element with the cmdlet specific operation /// </summary> /// <param name="baseModel">A model object</param> protected override AuditingPolicyModel ApplyUserInputToModel(AuditingPolicyModel baseModel) { base.ApplyUserInputToModel(baseModel); if (AuditType == AuditType.Table) { DatabaseAuditingPolicyModel model = baseModel as DatabaseAuditingPolicyModel; if (model.AuditState == AuditStateType.New) { model.AuditState = AuditStateType.Enabled; } model.UseServerDefault = UseServerDefaultOptions.Enabled; model.StorageAccountName = GetStorageAccountName(); } return(baseModel); }
/// <summary> /// Provides a database audit policy model for the given database /// </summary> public DatabaseAuditingPolicyModel GetDatabaseAuditingPolicy(string resourceGroup, string serverName, string databaseName, string requestId) { DatabaseAuditingPolicy policy = Communicator.GetDatabaseAuditingPolicy(resourceGroup, serverName, databaseName, requestId); DatabaseAuditingPolicyModel dbPolicyModel = ModelizeDatabaseAuditPolicy(policy); dbPolicyModel.ResourceGroupName = resourceGroup; dbPolicyModel.ServerName = serverName; dbPolicyModel.DatabaseName = databaseName; FetchedStorageAccountName = policy.Properties.StorageAccountName; FetchedStorageAccountResourceGroup = policy.Properties.StorageAccountResourceGroupName; FetchedStorageAccountSubscription = policy.Properties.StorageAccountSubscriptionId; FetchedStorageAccountTableEndpoint = policy.Properties.StorageTableEndpoint; return dbPolicyModel; }
/// <summary> /// Updates the given model element with the cmdlet specific operation /// </summary> /// <param name="model">A model object</param> protected override DatabaseAuditingPolicyModel ApplyUserInputToModel(DatabaseAuditingPolicyModel model) { base.ApplyUserInputToModel(model); AuditStateType orgAuditStateType = model.AuditState; model.AuditState = AuditStateType.Enabled; model.UseServerDefault = UseServerDefaultOptions.Disabled; if (StorageAccountName != null) { model.StorageAccountName = StorageAccountName; } if (!string.IsNullOrEmpty(StorageKeyType)) // the user enter a key type - we use it (and running over the previously defined key type) { model.StorageKeyType = (StorageKeyType == SecurityConstants.Primary) ? StorageKeyKind.Primary : StorageKeyKind.Secondary; } EventType = Util.ProcessAuditEvents(EventType); if (EventType != null) // the user provided event types to audit { model.EventType = EventType.Select(s => SecurityConstants.AuditEventsToAuditEventType[s]).ToArray(); } if (RetentionInDays != null) { model.RetentionInDays = RetentionInDays; } if (TableIdentifier == null) { if ((orgAuditStateType == AuditStateType.New) && (model.RetentionInDays > 0)) { // If retention days is greater than 0 and no audit table identifier is supplied , we throw exception giving the user hint on the recommended TableIdentifier we got from the CSM throw new Exception(string.Format(Resources.InvalidRetentionTypeSet, model.TableIdentifier)); } } else { model.TableIdentifier = TableIdentifier; } if (Util.DeprecatedEventTypeFound(EventType)) { WriteWarning(string.Format(Resources.DeprecatedEventTypeUsed)); } return(model); }
private void ApplyUserInputToTableAuditingModel(DatabaseAuditingPolicyModel model) { var orgAuditStateType = model.AuditState; model.AuditState = AuditStateType.Enabled; model.UseServerDefault = UseServerDefaultOptions.Disabled; if (StorageAccountName != null) { model.StorageAccountName = StorageAccountName; ModelAdapter.ClearStorageDetailsCache(); } if (MyInvocation.BoundParameters.ContainsKey(SecurityConstants.StorageKeyType)) { // the user enter a key type - we use it (and override the previously defined key type) model.StorageKeyType = (StorageKeyType == SecurityConstants.Primary) ? StorageKeyKind.Primary : StorageKeyKind.Secondary; } EventType = Util.ProcessAuditEvents(EventType); if (EventType != null) // the user provided Table auditing event types { model.EventType = EventType.Select(s => SecurityConstants.AuditEventsToAuditEventType[s]).ToArray(); } if (RetentionInDays != null) { model.RetentionInDays = RetentionInDays; } if (TableIdentifier == null) { if ((orgAuditStateType == AuditStateType.New) && (model.RetentionInDays > 0)) { // If retention days is greater than 0 and no audit table identifier is supplied , we throw exception giving the user hint on the recommended TableIdentifier we got from the CSM throw new Exception(string.Format(Properties.Resources.InvalidRetentionTypeSet, model.TableIdentifier)); } } else { model.TableIdentifier = TableIdentifier; } }
/// <summary> /// Updates the given model element with the cmdlet specific operation /// </summary> /// <param name="model">A model object</param> protected override DatabaseAuditingPolicyModel UpdateModel(DatabaseAuditingPolicyModel model) { base.UpdateModel(model); model.AuditState = AuditStateType.Disabled; return(model); }
/// <summary> /// Takes the cmdlets model object and transform it to the policy as expected by the endpoint /// </summary> /// <param name="model">The AuditingPolicy model object</param> /// <param name="storageEndpointSuffix">The suffix of the storage endpoint</param> /// <returns>The communication model object</returns> private DatabaseAuditingPolicyCreateOrUpdateParameters PolicizeDatabaseAuditingModel(DatabaseAuditingPolicyModel model, string storageEndpointSuffix) { var updateParameters = new DatabaseAuditingPolicyCreateOrUpdateParameters(); var properties = new DatabaseAuditingPolicyProperties(); updateParameters.Properties = properties; properties.AuditingState = model.AuditState.ToString(); properties.UseServerDefault = (model.UseServerDefault == UseServerDefaultOptions.Enabled) ? SecurityConstants.AuditingEndpoint.Enabled : SecurityConstants.AuditingEndpoint.Disabled; properties.StorageAccountName = ExtractStorageAccountName(model); properties.StorageAccountResourceGroupName = ExtractStorageAccountResourceGroup(properties.StorageAccountName); properties.StorageAccountSubscriptionId = ExtractStorageAccountSubscriptionId(properties.StorageAccountName); properties.StorageTableEndpoint = ExtractStorageAccountTableEndpoint(properties.StorageAccountName, storageEndpointSuffix); properties.StorageAccountKey = ExtractStorageAccountKey(properties.StorageAccountName, model, properties.StorageAccountResourceGroupName, StorageKeyKind.Primary); properties.StorageAccountSecondaryKey = ExtractStorageAccountKey(properties.StorageAccountName, model, properties.StorageAccountResourceGroupName, StorageKeyKind.Secondary); properties.EventTypesToAudit = ExtractEventTypes(model); properties.RetentionDays = model.RetentionInDays.ToString(); properties.AuditLogsTableName = model.TableIdentifier; return(updateParameters); }
/// <summary> /// No sending is needed as this is a Get cmdlet /// </summary> /// <param name="model">The model object with the data to be sent to the REST endpoints</param> protected override void SendModel(DatabaseAuditingPolicyModel model) { }
/// <summary> /// Takes the cmdlets model object and transform it to the policy as expected by the endpoint /// </summary> /// <param name="policy">The AuditingPolicy object</param> /// <returns>The communication model object</returns> private DatabaseAuditingPolicyCreateOrUpdateParameters PolicizeDatabaseAuditingModel(DatabaseAuditingPolicyModel model) { DatabaseAuditingPolicyCreateOrUpdateParameters updateParameters = new DatabaseAuditingPolicyCreateOrUpdateParameters(); DatabaseAuditingPolicyProperties properties = new DatabaseAuditingPolicyProperties(); updateParameters.Properties = properties; properties.AuditingState = PolicizeAuditState(model.AuditState); properties.UseServerDefault = (model.UseServerDefault == UseServerDefaultOptions.Enabled) ? Constants.AuditingEndpoint.Enabled : Constants.AuditingEndpoint.Disabled; properties.StorageAccountName = ExtractStorageAccountName(model); properties.StorageAccountResourceGroupName = ExtractStorageAccountResourceGroup(properties.StorageAccountName); properties.StorageAccountSubscriptionId = ExtractStorageAccountSubscriptionId(properties.StorageAccountName); properties.StorageTableEndpoint = ExtractStorageAccountTableEndpoint(properties.StorageAccountName); properties.StorageAccountKey = ExtractStorageAccountKey(properties.StorageAccountName, model, properties.StorageAccountResourceGroupName, StorageKeyKind.Primary); properties.StorageAccountSecondaryKey = ExtractStorageAccountKey(properties.StorageAccountName, model, properties.StorageAccountResourceGroupName, StorageKeyKind.Secondary); properties.EventTypesToAudit = ExtractEventTypes(model); return(updateParameters); }
/// <summary> /// Transforms the given model to its endpoints acceptable structure and sends it to the endpoint /// </summary> public void SetDatabaseAuditingPolicy(DatabaseAuditingPolicyModel model, String clientId) { DatabaseAuditingPolicyCreateOrUpdateParameters parameters = PolicizeDatabaseAuditingModel(model); Communicator.SetDatabaseAuditingPolicy(model.ResourceGroupName, model.ServerName, model.DatabaseName, clientId, parameters); }
/// <summary> /// This method is responsible to call the right API in the communication layer that will eventually send the information in the /// object to the REST endpoint /// </summary> /// <param name="model">The model object with the data to be sent to the REST endpoints</param> protected override void SendModel(DatabaseAuditingPolicyModel model) { ModelAdapter.IgnoreStorage = true; base.SendModel(model); }
/// <summary> /// Provides a database audit policy model for the given database /// </summary> public void GetDatabaseAuditingPolicy(string resourceGroup, string serverName, string databaseName, out DatabaseAuditingPolicyModel model) { DatabaseAuditingPolicy policy; Communicator.GetDatabaseAuditingPolicy(resourceGroup, serverName, databaseName, out policy); var dbPolicyModel = ModelizeDatabaseAuditPolicy(policy); dbPolicyModel.AuditType = AuditType.Table; dbPolicyModel.ResourceGroupName = resourceGroup; dbPolicyModel.ServerName = serverName; dbPolicyModel.DatabaseName = databaseName; FetchedStorageAccountName = policy.Properties.StorageAccountName; FetchedStorageAccountResourceGroup = policy.Properties.StorageAccountResourceGroupName; FetchedStorageAccountSubscription = policy.Properties.StorageAccountSubscriptionId; FetchedStorageAccountTableEndpoint = policy.Properties.StorageTableEndpoint; model = dbPolicyModel; }
/// <summary> /// No sending is needed as this is a Get cmdlet /// </summary> /// <param name="model">The model object with the data to be sent to the REST endpoints</param> protected override DatabaseAuditingPolicyModel PersistChanges(DatabaseAuditingPolicyModel model) { return(null); }
/// <summary> /// Updates the given model element with the cmdlet specific operation /// </summary> /// <param name="model">A model object</param> protected override DatabaseAuditingPolicyModel ApplyUserInputToModel(DatabaseAuditingPolicyModel model) { base.ApplyUserInputToModel(model); model.AuditState = AuditStateType.Disabled; return(model); }
/// <summary> /// This method is responsible to call the right API in the communication layer that will eventually send the information in the /// object to the REST endpoint /// </summary> /// <param name="model">The model object with the data to be sent to the REST endpoints</param> protected override DatabaseAuditingPolicyModel PersistChanges(DatabaseAuditingPolicyModel model) { ModelAdapter.IgnoreStorage = true; base.PersistChanges(model); return(null); }