/// <summary> /// Transforms the given model to its endpoints acceptable structure and sends it to the endpoint /// </summary> public void SetDatabaseThreatDetectionPolicy(DatabaseThreatDetectionPolicyModel model, String clientId) { if (model.ThreatDetectionState == ThreatDetectionStateType.Enabled) { if (!IsRightServerVersionForThreatDetection(model.ResourceGroupName, model.ServerName, clientId)) { throw new Exception(Properties.Resources.ServerNotApplicableForThreatDetection); } // Check that auditing is turned on: DatabaseAuditingPolicyModel databaseAuditingPolicyModel = AuditingAdapter.GetDatabaseAuditingPolicy(model.ResourceGroupName, model.ServerName, model.DatabaseName, clientId); AuditStateType auditingState = databaseAuditingPolicyModel.AuditState; if (databaseAuditingPolicyModel.UseServerDefault == UseServerDefaultOptions.Enabled) { ServerAuditingPolicyModel serverAuditingPolicyModel = AuditingAdapter.GetServerAuditingPolicy(model.ResourceGroupName, model.ServerName, clientId); auditingState = serverAuditingPolicyModel.AuditState; } if (auditingState != AuditStateType.Enabled) { throw new Exception(Properties.Resources.AuditingIsTurnedOff); } } DatabaseSecurityAlertPolicyCreateOrUpdateParameters databaseSecurityAlertPolicyParameters = PolicizeDatabaseSecurityAlertModel(model); ThreatDetectionCommunicator.SetDatabaseSecurityAlertPolicy(model.ResourceGroupName, model.ServerName, model.DatabaseName, clientId, databaseSecurityAlertPolicyParameters); }
/// <summary> /// The non-boilerplated test code of the APIs for managing the lifecycle of a given database's security alert policy. It is meant to be called with a name of an already existing database (and therefore already existing /// server and resource group). This test does not create these resources and does not remove them. /// </summary> private static void TestDatabaseSecurityAlertApis(SqlManagementClient sqlClient, string resourceGroupName, Server server, Database database) { var getDefaultDatabaseSecurityAlertPolicyResponse = sqlClient.SecurityAlertPolicy.GetDatabaseSecurityAlertPolicy(resourceGroupName, server.Name, database.Name); var properties = getDefaultDatabaseSecurityAlertPolicyResponse.SecurityAlertPolicy.Properties; // Verify that the initial Get request contains the default policy. TestUtilities.ValidateOperationResponse(getDefaultDatabaseSecurityAlertPolicyResponse); VerifySecurityAlertPolicyInformation(GetDefaultDatabaseSecurityAlertProperties(), properties); // Modify the policy properties, send and receive, see it its still ok ChangeSecurityAlertPolicy(properties); var updateParams = new DatabaseSecurityAlertPolicyCreateOrUpdateParameters { Properties = properties }; var updateResponse = sqlClient.SecurityAlertPolicy.CreateOrUpdateDatabaseSecurityAlertPolicy(resourceGroupName, server.Name, database.Name, updateParams); // Verify that the initial Get request contains the default policy. TestUtilities.ValidateOperationResponse(updateResponse); var getUpdatedPolicyResponse = sqlClient.SecurityAlertPolicy.GetDatabaseSecurityAlertPolicy(resourceGroupName, server.Name, database.Name); var updatedProperties = getUpdatedPolicyResponse.SecurityAlertPolicy.Properties; // Verify that the Get request contains the updated policy. TestUtilities.ValidateOperationResponse(getUpdatedPolicyResponse); VerifySecurityAlertPolicyInformation(properties, updatedProperties); }
/// <summary> /// Takes the cmdlets model object and transform it to the policy as expected by the endpoint /// </summary> private DatabaseSecurityAlertPolicyCreateOrUpdateParameters PolicizeDatabaseSecurityAlertModel(BaseThreatDetectionPolicyModel model, string storageEndpointSuffix) { var updateParameters = new DatabaseSecurityAlertPolicyCreateOrUpdateParameters(); var properties = PopulateDatabasePolicyProperties(model, storageEndpointSuffix, new DatabaseSecurityAlertPolicyProperties()) as DatabaseSecurityAlertPolicyProperties; updateParameters.Properties = properties; return(updateParameters); }
/// <summary> /// Takes the cmdlets model object and transform it to the policy as expected by the endpoint /// </summary> /// <param name="model">The SecurityAlert model object</param> /// <returns>The communication model object</returns> private DatabaseSecurityAlertPolicyCreateOrUpdateParameters PolicizeDatabaseSecurityAlertModel(DatabaseThreatDetectionPolicyModel model) { var updateParameters = new DatabaseSecurityAlertPolicyCreateOrUpdateParameters(); var properties = PopulatePolicyProperties(model, new DatabaseSecurityAlertPolicyProperties()) as DatabaseSecurityAlertPolicyProperties; updateParameters.Properties = properties; return(updateParameters); }
/// <summary> /// Takes the cmdlets model object and transform it to the policy as expected by the endpoint /// </summary> /// <param name="model">The SecurityAlert model object</param> /// <returns>The communication model object</returns> private DatabaseSecurityAlertPolicyCreateOrUpdateParameters PolicizeDatabaseSecurityAlertModel(DatabaseThreatDetectionPolicyModel model) { DatabaseSecurityAlertPolicyCreateOrUpdateParameters updateParameters = new DatabaseSecurityAlertPolicyCreateOrUpdateParameters(); DatabaseSecurityAlertPolicyProperties properties = new DatabaseSecurityAlertPolicyProperties(); updateParameters.Properties = properties; properties.State = PolicizeThreatDetectionState(model.ThreatDetectionState); properties.EmailAddresses = model.NotificationRecipientsEmails ?? ""; properties.EmailAccountAdmins = model.EmailAdmins ? SecurityConstants.ThreatDetectionEndpoint.Enabled : SecurityConstants.ThreatDetectionEndpoint.Disabled; properties.DisabledAlerts = ExtractExcludedDetectionType(model); return(updateParameters); }
/// <summary> /// Creates or updates an Azure SQL Database security alert policy. /// </summary> /// <param name='operations'> /// Reference to the /// Microsoft.Azure.Management.Sql.LegacySdk.ISecurityAlertPolicyOperations. /// </param> /// <param name='resourceGroupName'> /// Required. The name of the Resource Group to which the server /// belongs. /// </param> /// <param name='serverName'> /// Required. The name of the Azure SQL Database Server on which the /// database is hosted. /// </param> /// <param name='databaseName'> /// Required. The name of the Azure SQL Database for which the security /// alert policy applies. /// </param> /// <param name='parameters'> /// Required. The required parameters for creating or updating a Azure /// SQL Database security alert policy. /// </param> /// <returns> /// A standard service response including an HTTP status code and /// request ID. /// </returns> public static AzureOperationResponse CreateOrUpdateDatabaseSecurityAlertPolicy(this ISecurityAlertPolicyOperations operations, string resourceGroupName, string serverName, string databaseName, DatabaseSecurityAlertPolicyCreateOrUpdateParameters parameters) { return(Task.Factory.StartNew((object s) => { return ((ISecurityAlertPolicyOperations)s).CreateOrUpdateDatabaseSecurityAlertPolicyAsync(resourceGroupName, serverName, databaseName, parameters); } , operations, CancellationToken.None, TaskCreationOptions.None, TaskScheduler.Default).Unwrap().GetAwaiter().GetResult()); }
/// <summary> /// Creates or updates an Azure SQL Database security alert policy. /// </summary> /// <param name='operations'> /// Reference to the /// Microsoft.Azure.Management.Sql.LegacySdk.ISecurityAlertPolicyOperations. /// </param> /// <param name='resourceGroupName'> /// Required. The name of the Resource Group to which the server /// belongs. /// </param> /// <param name='serverName'> /// Required. The name of the Azure SQL Database Server on which the /// database is hosted. /// </param> /// <param name='databaseName'> /// Required. The name of the Azure SQL Database for which the security /// alert policy applies. /// </param> /// <param name='parameters'> /// Required. The required parameters for creating or updating a Azure /// SQL Database security alert policy. /// </param> /// <returns> /// A standard service response including an HTTP status code and /// request ID. /// </returns> public static Task <AzureOperationResponse> CreateOrUpdateDatabaseSecurityAlertPolicyAsync(this ISecurityAlertPolicyOperations operations, string resourceGroupName, string serverName, string databaseName, DatabaseSecurityAlertPolicyCreateOrUpdateParameters parameters) { return(operations.CreateOrUpdateDatabaseSecurityAlertPolicyAsync(resourceGroupName, serverName, databaseName, parameters, CancellationToken.None)); }
/// <summary> /// Calls the set security alert APIs for the database security alert policy for the given database in the given database server in the given resource group /// </summary> public void SetDatabaseSecurityAlertPolicy(string resourceGroupName, string serverName, string databaseName, DatabaseSecurityAlertPolicyCreateOrUpdateParameters parameters) { ISecurityAlertPolicyOperations operations = GetLegacySqlClient().SecurityAlertPolicy; operations.CreateOrUpdateDatabaseSecurityAlertPolicy(resourceGroupName, serverName, databaseName, parameters); }
/// <summary> /// Creates or updates an Azure SQL Database security alert policy. /// </summary> /// <param name='resourceGroupName'> /// Required. The name of the Resource Group to which the server /// belongs. /// </param> /// <param name='serverName'> /// Required. The name of the Azure SQL Database Server on which the /// database is hosted. /// </param> /// <param name='databaseName'> /// Required. The name of the Azure SQL Database for which the security /// alert policy applies. /// </param> /// <param name='parameters'> /// Required. The required parameters for creating or updating a Azure /// SQL Database security alert policy. /// </param> /// <param name='cancellationToken'> /// Cancellation token. /// </param> /// <returns> /// A standard service response including an HTTP status code and /// request ID. /// </returns> public async Task <AzureOperationResponse> CreateOrUpdateDatabaseSecurityAlertPolicyAsync(string resourceGroupName, string serverName, string databaseName, DatabaseSecurityAlertPolicyCreateOrUpdateParameters parameters, CancellationToken cancellationToken) { // Validate if (resourceGroupName == null) { throw new ArgumentNullException("resourceGroupName"); } if (serverName == null) { throw new ArgumentNullException("serverName"); } if (databaseName == null) { throw new ArgumentNullException("databaseName"); } if (parameters == null) { throw new ArgumentNullException("parameters"); } if (parameters.Properties == null) { throw new ArgumentNullException("parameters.Properties"); } // Tracing bool shouldTrace = TracingAdapter.IsEnabled; string invocationId = null; if (shouldTrace) { invocationId = TracingAdapter.NextInvocationId.ToString(); Dictionary <string, object> tracingParameters = new Dictionary <string, object>(); tracingParameters.Add("resourceGroupName", resourceGroupName); tracingParameters.Add("serverName", serverName); tracingParameters.Add("databaseName", databaseName); tracingParameters.Add("parameters", parameters); TracingAdapter.Enter(invocationId, this, "CreateOrUpdateDatabaseSecurityAlertPolicyAsync", tracingParameters); } // Construct URL string url = ""; url = url + "/subscriptions/"; if (this.Client.Credentials.SubscriptionId != null) { url = url + Uri.EscapeDataString(this.Client.Credentials.SubscriptionId); } url = url + "/resourceGroups/"; url = url + Uri.EscapeDataString(resourceGroupName); url = url + "/providers/"; url = url + "Microsoft.Sql"; url = url + "/servers/"; url = url + Uri.EscapeDataString(serverName); url = url + "/databases/"; url = url + Uri.EscapeDataString(databaseName); url = url + "/securityAlertPolicies/Default"; List <string> queryParameters = new List <string>(); queryParameters.Add("api-version=2014-04-01"); if (queryParameters.Count > 0) { url = url + "?" + string.Join("&", queryParameters); } string baseUrl = this.Client.BaseUri.AbsoluteUri; // Trim '/' character from the end of baseUrl and beginning of url. if (baseUrl[baseUrl.Length - 1] == '/') { baseUrl = baseUrl.Substring(0, baseUrl.Length - 1); } if (url[0] == '/') { url = url.Substring(1); } url = baseUrl + "/" + url; url = url.Replace(" ", "%20"); // Create HTTP transport objects HttpRequestMessage httpRequest = null; try { httpRequest = new HttpRequestMessage(); httpRequest.Method = HttpMethod.Put; httpRequest.RequestUri = new Uri(url); // Set Headers // Set Credentials cancellationToken.ThrowIfCancellationRequested(); await this.Client.Credentials.ProcessHttpRequestAsync(httpRequest, cancellationToken).ConfigureAwait(false); // Serialize Request string requestContent = null; JToken requestDoc = null; JObject databaseSecurityAlertPolicyCreateOrUpdateParametersValue = new JObject(); requestDoc = databaseSecurityAlertPolicyCreateOrUpdateParametersValue; JObject propertiesValue = new JObject(); databaseSecurityAlertPolicyCreateOrUpdateParametersValue["properties"] = propertiesValue; if (parameters.Properties.State != null) { propertiesValue["state"] = parameters.Properties.State; } if (parameters.Properties.DisabledAlerts != null) { propertiesValue["disabledAlerts"] = parameters.Properties.DisabledAlerts; } if (parameters.Properties.EmailAddresses != null) { propertiesValue["emailAddresses"] = parameters.Properties.EmailAddresses; } if (parameters.Properties.EmailAccountAdmins != null) { propertiesValue["emailAccountAdmins"] = parameters.Properties.EmailAccountAdmins; } requestContent = requestDoc.ToString(Newtonsoft.Json.Formatting.Indented); httpRequest.Content = new StringContent(requestContent, Encoding.UTF8); httpRequest.Content.Headers.ContentType = MediaTypeHeaderValue.Parse("application/json; charset=utf-8"); // Send Request HttpResponseMessage httpResponse = null; try { if (shouldTrace) { TracingAdapter.SendRequest(invocationId, httpRequest); } cancellationToken.ThrowIfCancellationRequested(); httpResponse = await this.Client.HttpClient.SendAsync(httpRequest, cancellationToken).ConfigureAwait(false); if (shouldTrace) { TracingAdapter.ReceiveResponse(invocationId, httpResponse); } HttpStatusCode statusCode = httpResponse.StatusCode; if (statusCode != HttpStatusCode.OK && statusCode != HttpStatusCode.Created) { cancellationToken.ThrowIfCancellationRequested(); CloudException ex = CloudException.Create(httpRequest, requestContent, httpResponse, await httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false)); if (shouldTrace) { TracingAdapter.Error(invocationId, ex); } throw ex; } // Create Result AzureOperationResponse result = null; // Deserialize Response result = new AzureOperationResponse(); result.StatusCode = statusCode; if (httpResponse.Headers.Contains("x-ms-request-id")) { result.RequestId = httpResponse.Headers.GetValues("x-ms-request-id").FirstOrDefault(); } if (shouldTrace) { TracingAdapter.Exit(invocationId, result); } return(result); } finally { if (httpResponse != null) { httpResponse.Dispose(); } } } finally { if (httpRequest != null) { httpRequest.Dispose(); } } }
/// <summary> /// Calls the set security alert APIs for the database security alert policy for the given database in the given database server in the given resource group /// </summary> public void SetDatabaseSecurityAlertPolicy(string resourceGroupName, string serverName, string databaseName, string clientRequestId, DatabaseSecurityAlertPolicyCreateOrUpdateParameters parameters) { ISecurityAlertPolicyOperations operations = GetCurrentSqlClient(clientRequestId).SecurityAlertPolicy; operations.CreateOrUpdateDatebaseSecurityAlertPolicy(resourceGroupName, serverName, databaseName, parameters); }