private static void VerifyServerBlobAuditingPolicy(ServerBlobAuditingPolicy serverPolicy, ServerBlobAuditingPolicy serverResultPolicy) { Assert.Equal(serverResultPolicy.State, serverPolicy.State); Assert.Equal(serverResultPolicy.StorageEndpoint, serverPolicy.StorageEndpoint); Assert.Null(serverResultPolicy.StorageAccountAccessKey); Assert.Equal(serverResultPolicy.RetentionDays, serverPolicy.RetentionDays); Assert.Equal(serverResultPolicy.IsStorageSecondaryKeyInUse, serverPolicy.IsStorageSecondaryKeyInUse); }
public bool SetAuditingPolicy(string resourceGroupName, string serverName, ServerBlobAuditingPolicy policy) { SqlManagementClient client = GetCurrentSqlClient(); AzureOperationResponse <ServerBlobAuditingPolicy> response = client.ServerBlobAuditingPolicies.BeginCreateOrUpdateWithHttpMessagesAsync( resourceGroupName, serverName, policy).Result; return(client.GetLongRunningOperationResultAsync(response, null, CancellationToken.None).Result.Response.IsSuccessStatusCode); }
public bool SetAuditingPolicy(string resourceGroupName, string workspaceName, ServerBlobAuditingPolicy policy) { return(SetAuditingPolicyInternal(() => { SynapseManagementClient client = GetCurrentSynapseManagementClient(); AzureOperationResponse <ServerBlobAuditingPolicy> response = client.WorkspaceManagedSqlServerBlobAuditingPolicies.BeginCreateOrUpdateWithHttpMessagesAsync( resourceGroupName, workspaceName, policy).Result; return client.GetLongRunningOperationResultAsync(response, null, CancellationToken.None).Result.Response.IsSuccessStatusCode; })); }
public async void TestServerBlobAuditingPolicy() { using (SqlManagementTestContext context = new SqlManagementTestContext(this)) { ResourceGroup resourceGroup = context.CreateResourceGroup(); SqlManagementClient client = context.GetClient <SqlManagementClient>(); Server server = context.CreateServer(resourceGroup); StorageAccountInformation storageAccountInformation = await CreateStorageAccountAsync(context, resourceGroup); ServerBlobAuditingPolicy serverPolicy = new ServerBlobAuditingPolicy { State = BlobAuditingPolicyState.Enabled, StorageEndpoint = storageAccountInformation.Endpoint, StorageAccountAccessKey = storageAccountInformation.PrimaryKey, RetentionDays = RetentionDays, IsStorageSecondaryKeyInUse = IsStorageSecondaryKeyInUse, IsAzureMonitorTargetEnabled = true, QueueDelayMs = 1000 }; ExtendedServerBlobAuditingPolicy extendedServerPolicy = new ExtendedServerBlobAuditingPolicy { State = BlobAuditingPolicyState.Enabled, StorageEndpoint = storageAccountInformation.Endpoint, StorageAccountAccessKey = storageAccountInformation.PrimaryKey, RetentionDays = RetentionDays, IsStorageSecondaryKeyInUse = IsStorageSecondaryKeyInUse, PredicateExpression = PredicateExpression, IsAzureMonitorTargetEnabled = true, QueueDelayMs = 1000 }; ServerBlobAuditingPolicy serverResultPolicy = await client.ServerBlobAuditingPolicies.CreateOrUpdateAsync(resourceGroup.Name, server.Name, serverPolicy); VerifyServerBlobAuditingPolicy(serverPolicy, serverResultPolicy); serverResultPolicy = await client.ServerBlobAuditingPolicies.GetAsync(resourceGroup.Name, server.Name); VerifyServerBlobAuditingPolicy(serverPolicy, serverResultPolicy); ExtendedServerBlobAuditingPolicy extendedServerResultPolicy = await client.ExtendedServerBlobAuditingPolicies.CreateOrUpdateAsync(resourceGroup.Name, server.Name, extendedServerPolicy); VerifyExtendedServerBlobAuditingPolicy(extendedServerPolicy, extendedServerResultPolicy); extendedServerResultPolicy = await client.ExtendedServerBlobAuditingPolicies.GetAsync(resourceGroup.Name, server.Name); VerifyExtendedServerBlobAuditingPolicy(extendedServerPolicy, extendedServerResultPolicy); await client.Servers.DeleteAsync(resourceGroup.Name, server.Name); await DeleteStorageAccountAsync(context, resourceGroup.Name, storageAccountInformation.Name); } }
/// <summary> /// Returns a ServerBlobAuditingPolicy object that holds the default settings for a server blob auditing policy /// </summary> /// <returns>A ServerBlobAuditingPolicy object with the default server audit policy settings</returns> private ServerBlobAuditingPolicy GetDefaultServerBlobAuditingProperties() { ServerBlobAuditingPolicy properties = new ServerBlobAuditingPolicy { State = BlobAuditingPolicyState.Disabled, RetentionDays = 0, StorageAccountAccessKey = string.Empty, StorageEndpoint = string.Empty, AuditActionsAndGroups = new List <string>(), StorageAccountSubscriptionId = "00000000-0000-0000-0000-000000000000", IsStorageSecondaryKeyInUse = false, }; return(properties); }
private bool SetAudit(ServerAuditModel model) { if (string.IsNullOrEmpty(model.PredicateExpression)) { var policy = new ServerBlobAuditingPolicy(); PolicizeAuditModel(model, policy); return(Communicator.SetAuditingPolicy(model.ResourceGroupName, model.ServerName, policy)); } else { var policy = new ExtendedServerBlobAuditingPolicy { PredicateExpression = model.PredicateExpression }; PolicizeAuditModel(model, policy); return(Communicator.SetExtendedAuditingPolicy(model.ResourceGroupName, model.ServerName, policy)); } }
/// <summary> /// Verify that the received properties match their expected values /// </summary> /// <param name="expected">The expected value of the properties object</param> /// <param name="actual">The properties object that needs to be checked</param> private void VerifyServerAuditingPolicyInformation(ServerBlobAuditingPolicy expected, ServerBlobAuditingPolicy actual) { Assert.Equal(expected.State, actual.State); Assert.Equal(expected.RetentionDays, actual.RetentionDays); Assert.Equal(expected.StorageEndpoint, actual.StorageEndpoint); Assert.Equal(string.Empty, actual.StorageAccountAccessKey); if (expected.AuditActionsAndGroups == null) { Assert.Equal(null, actual.AuditActionsAndGroups); } else { Assert.Equal(expected.AuditActionsAndGroups.Count, actual.AuditActionsAndGroups.Count); actual.AuditActionsAndGroups.ForEach(s => Assert.True(expected.AuditActionsAndGroups.Any(es => es.Equals(s)))); } Assert.Equal(expected.StorageAccountSubscriptionId, actual.StorageAccountSubscriptionId); Assert.Equal(expected.IsStorageSecondaryKeyInUse, actual.IsStorageSecondaryKeyInUse); }
/// <summary> /// Creates or updates a server's blob auditing policy. /// </summary> /// <param name='operations'> /// The operations group for this extension method. /// </param> /// <param name='resourceGroupName'> /// The name of the resource group that contains the resource. You can obtain /// this value from the Azure Resource Manager API or the portal. /// </param> /// <param name='serverName'> /// The name of the server. /// </param> /// <param name='parameters'> /// Properties of blob auditing policy /// </param> public static ServerBlobAuditingPolicy CreateOrUpdate(this IServerBlobAuditingPoliciesOperations operations, string resourceGroupName, string serverName, ServerBlobAuditingPolicy parameters) { return(operations.CreateOrUpdateAsync(resourceGroupName, serverName, parameters).GetAwaiter().GetResult()); }
/// <summary> /// Creates or updates a server's blob auditing policy. /// </summary> /// <param name='operations'> /// The operations group for this extension method. /// </param> /// <param name='resourceGroupName'> /// The name of the resource group that contains the resource. You can obtain /// this value from the Azure Resource Manager API or the portal. /// </param> /// <param name='serverName'> /// The name of the server. /// </param> /// <param name='parameters'> /// Properties of blob auditing policy /// </param> /// <param name='cancellationToken'> /// The cancellation token. /// </param> public static async Task <ServerBlobAuditingPolicy> BeginCreateOrUpdateAsync(this IServerBlobAuditingPoliciesOperations operations, string resourceGroupName, string serverName, ServerBlobAuditingPolicy parameters, CancellationToken cancellationToken = default(CancellationToken)) { using (var _result = await operations.BeginCreateOrUpdateWithHttpMessagesAsync(resourceGroupName, serverName, parameters, null, cancellationToken).ConfigureAwait(false)) { return(_result.Body); } }
/// <summary> /// Create or Update server's blob auditing policy. /// </summary> /// <remarks> /// Create or Update a workspace managed sql server's blob auditing policy. /// </remarks> /// <param name='resourceGroupName'> /// The name of the resource group. The name is case insensitive. /// </param> /// <param name='workspaceName'> /// The name of the workspace. /// </param> /// <param name='parameters'> /// Properties of extended blob auditing policy. /// </param> /// <param name='customHeaders'> /// Headers that will be added to request. /// </param> /// <param name='cancellationToken'> /// The cancellation token. /// </param> /// <exception cref="CloudException"> /// Thrown when the operation returned an invalid status code /// </exception> /// <exception cref="SerializationException"> /// Thrown when unable to deserialize the response /// </exception> /// <exception cref="ValidationException"> /// Thrown when a required parameter is null /// </exception> /// <exception cref="System.ArgumentNullException"> /// Thrown when a required parameter is null /// </exception> /// <return> /// A response object containing the response body and response headers. /// </return> public async Task <AzureOperationResponse <ServerBlobAuditingPolicy> > BeginCreateOrUpdateWithHttpMessagesAsync(string resourceGroupName, string workspaceName, ServerBlobAuditingPolicy parameters, Dictionary <string, List <string> > customHeaders = null, CancellationToken cancellationToken = default(CancellationToken)) { if (Client.SubscriptionId == null) { throw new ValidationException(ValidationRules.CannotBeNull, "this.Client.SubscriptionId"); } if (Client.SubscriptionId != null) { if (Client.SubscriptionId.Length < 1) { throw new ValidationException(ValidationRules.MinLength, "Client.SubscriptionId", 1); } } if (resourceGroupName == null) { throw new ValidationException(ValidationRules.CannotBeNull, "resourceGroupName"); } if (resourceGroupName != null) { if (resourceGroupName.Length > 90) { throw new ValidationException(ValidationRules.MaxLength, "resourceGroupName", 90); } if (resourceGroupName.Length < 1) { throw new ValidationException(ValidationRules.MinLength, "resourceGroupName", 1); } } if (workspaceName == null) { throw new ValidationException(ValidationRules.CannotBeNull, "workspaceName"); } if (parameters == null) { throw new ValidationException(ValidationRules.CannotBeNull, "parameters"); } if (parameters != null) { parameters.Validate(); } string apiVersion = "2021-06-01"; string blobAuditingPolicyName = "default"; // Tracing bool _shouldTrace = ServiceClientTracing.IsEnabled; string _invocationId = null; if (_shouldTrace) { _invocationId = ServiceClientTracing.NextInvocationId.ToString(); Dictionary <string, object> tracingParameters = new Dictionary <string, object>(); tracingParameters.Add("apiVersion", apiVersion); tracingParameters.Add("resourceGroupName", resourceGroupName); tracingParameters.Add("workspaceName", workspaceName); tracingParameters.Add("blobAuditingPolicyName", blobAuditingPolicyName); tracingParameters.Add("parameters", parameters); tracingParameters.Add("cancellationToken", cancellationToken); ServiceClientTracing.Enter(_invocationId, this, "BeginCreateOrUpdate", tracingParameters); } // Construct URL var _baseUrl = Client.BaseUri.AbsoluteUri; var _url = new System.Uri(new System.Uri(_baseUrl + (_baseUrl.EndsWith("/") ? "" : "/")), "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Synapse/workspaces/{workspaceName}/auditingSettings/{blobAuditingPolicyName}").ToString(); _url = _url.Replace("{subscriptionId}", System.Uri.EscapeDataString(Client.SubscriptionId)); _url = _url.Replace("{resourceGroupName}", System.Uri.EscapeDataString(resourceGroupName)); _url = _url.Replace("{workspaceName}", System.Uri.EscapeDataString(workspaceName)); _url = _url.Replace("{blobAuditingPolicyName}", System.Uri.EscapeDataString(blobAuditingPolicyName)); List <string> _queryParameters = new List <string>(); if (apiVersion != null) { _queryParameters.Add(string.Format("api-version={0}", System.Uri.EscapeDataString(apiVersion))); } if (_queryParameters.Count > 0) { _url += (_url.Contains("?") ? "&" : "?") + string.Join("&", _queryParameters); } // Create HTTP transport objects var _httpRequest = new HttpRequestMessage(); HttpResponseMessage _httpResponse = null; _httpRequest.Method = new HttpMethod("PUT"); _httpRequest.RequestUri = new System.Uri(_url); // Set Headers if (Client.GenerateClientRequestId != null && Client.GenerateClientRequestId.Value) { _httpRequest.Headers.TryAddWithoutValidation("x-ms-client-request-id", System.Guid.NewGuid().ToString()); } if (Client.AcceptLanguage != null) { if (_httpRequest.Headers.Contains("accept-language")) { _httpRequest.Headers.Remove("accept-language"); } _httpRequest.Headers.TryAddWithoutValidation("accept-language", Client.AcceptLanguage); } if (customHeaders != null) { foreach (var _header in customHeaders) { if (_httpRequest.Headers.Contains(_header.Key)) { _httpRequest.Headers.Remove(_header.Key); } _httpRequest.Headers.TryAddWithoutValidation(_header.Key, _header.Value); } } // Serialize Request string _requestContent = null; if (parameters != null) { _requestContent = Rest.Serialization.SafeJsonConvert.SerializeObject(parameters, Client.SerializationSettings); _httpRequest.Content = new StringContent(_requestContent, System.Text.Encoding.UTF8); _httpRequest.Content.Headers.ContentType = System.Net.Http.Headers.MediaTypeHeaderValue.Parse("application/json; charset=utf-8"); } // Set Credentials if (Client.Credentials != null) { cancellationToken.ThrowIfCancellationRequested(); await Client.Credentials.ProcessHttpRequestAsync(_httpRequest, cancellationToken).ConfigureAwait(false); } // Send Request if (_shouldTrace) { ServiceClientTracing.SendRequest(_invocationId, _httpRequest); } cancellationToken.ThrowIfCancellationRequested(); _httpResponse = await Client.HttpClient.SendAsync(_httpRequest, cancellationToken).ConfigureAwait(false); if (_shouldTrace) { ServiceClientTracing.ReceiveResponse(_invocationId, _httpResponse); } HttpStatusCode _statusCode = _httpResponse.StatusCode; cancellationToken.ThrowIfCancellationRequested(); string _responseContent = null; if ((int)_statusCode != 200 && (int)_statusCode != 202) { var ex = new CloudException(string.Format("Operation returned an invalid status code '{0}'", _statusCode)); try { _responseContent = await _httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false); CloudError _errorBody = Rest.Serialization.SafeJsonConvert.DeserializeObject <CloudError>(_responseContent, Client.DeserializationSettings); if (_errorBody != null) { ex = new CloudException(_errorBody.Message); ex.Body = _errorBody; } } catch (JsonException) { // Ignore the exception } ex.Request = new HttpRequestMessageWrapper(_httpRequest, _requestContent); ex.Response = new HttpResponseMessageWrapper(_httpResponse, _responseContent); if (_httpResponse.Headers.Contains("x-ms-request-id")) { ex.RequestId = _httpResponse.Headers.GetValues("x-ms-request-id").FirstOrDefault(); } if (_shouldTrace) { ServiceClientTracing.Error(_invocationId, ex); } _httpRequest.Dispose(); if (_httpResponse != null) { _httpResponse.Dispose(); } throw ex; } // Create Result var _result = new AzureOperationResponse <ServerBlobAuditingPolicy>(); _result.Request = _httpRequest; _result.Response = _httpResponse; if (_httpResponse.Headers.Contains("x-ms-request-id")) { _result.RequestId = _httpResponse.Headers.GetValues("x-ms-request-id").FirstOrDefault(); } // Deserialize Response if ((int)_statusCode == 200) { _responseContent = await _httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false); try { _result.Body = Rest.Serialization.SafeJsonConvert.DeserializeObject <ServerBlobAuditingPolicy>(_responseContent, Client.DeserializationSettings); } catch (JsonException ex) { _httpRequest.Dispose(); if (_httpResponse != null) { _httpResponse.Dispose(); } throw new SerializationException("Unable to deserialize the response.", _responseContent, ex); } } if (_shouldTrace) { ServiceClientTracing.Exit(_invocationId, _result); } return(_result); }
/// <summary> /// Create or Update server's blob auditing policy. /// </summary> /// <remarks> /// Create or Update a workspace managed sql server's blob auditing policy. /// </remarks> /// <param name='resourceGroupName'> /// The name of the resource group. The name is case insensitive. /// </param> /// <param name='workspaceName'> /// The name of the workspace. /// </param> /// <param name='parameters'> /// Properties of extended blob auditing policy. /// </param> /// <param name='customHeaders'> /// The headers that will be added to request. /// </param> /// <param name='cancellationToken'> /// The cancellation token. /// </param> public async Task <AzureOperationResponse <ServerBlobAuditingPolicy> > CreateOrUpdateWithHttpMessagesAsync(string resourceGroupName, string workspaceName, ServerBlobAuditingPolicy parameters, Dictionary <string, List <string> > customHeaders = null, CancellationToken cancellationToken = default(CancellationToken)) { // Send Request AzureOperationResponse <ServerBlobAuditingPolicy> _response = await BeginCreateOrUpdateWithHttpMessagesAsync(resourceGroupName, workspaceName, parameters, customHeaders, cancellationToken).ConfigureAwait(false); return(await Client.GetPutOrPatchOperationResultAsync(_response, customHeaders, cancellationToken).ConfigureAwait(false)); }
/// <summary> /// Sets the database server blob auditing policy of the given database server in the given resource group /// </summary> public void SetServerAuditingPolicy(string resourceGroupName, string serverName, ServerBlobAuditingPolicy policy) { var client = GetCurrentSqlClient(); AzureOperationResponse <ServerBlobAuditingPolicy> response = client.ServerBlobAuditingPolicies.BeginCreateOrUpdateWithHttpMessagesAsync( resourceGroupName, serverName, policy).Result; var result = client.GetLongRunningOperationResultAsync(response, null, CancellationToken.None).Result; }
/// <summary> /// Create or Update server's blob auditing policy. /// </summary> /// <remarks> /// Create or Update a workspace managed sql server's blob auditing policy. /// </remarks> /// <param name='operations'> /// The operations group for this extension method. /// </param> /// <param name='resourceGroupName'> /// The name of the resource group. The name is case insensitive. /// </param> /// <param name='workspaceName'> /// The name of the workspace. /// </param> /// <param name='parameters'> /// Properties of extended blob auditing policy. /// </param> public static ServerBlobAuditingPolicy BeginCreateOrUpdate(this IWorkspaceManagedSqlServerBlobAuditingPoliciesOperations operations, string resourceGroupName, string workspaceName, ServerBlobAuditingPolicy parameters) { return(operations.BeginCreateOrUpdateAsync(resourceGroupName, workspaceName, parameters).GetAwaiter().GetResult()); }
public void TestBlobAuditing() { string testPrefix = "server-blob-auditing-test-"; using (SqlManagementTestContext context = new SqlManagementTestContext(this)) { ResourceGroup resourceGroup = context.CreateResourceGroup(); Server server = context.CreateServer(resourceGroup); SqlManagementClient sqlClient = context.GetClient <SqlManagementClient>(); // create some databases in server Database[] databases = SqlManagementTestUtilities.CreateDatabasesAsync( sqlClient, resourceGroup.Name, server, testPrefix, 2).Result; IList <string> auditActionsAndGroups = new List <string> { "SCHEMA_OBJECT_ACCESS_GROUP", "UPDATE on database::testdb by public" }; #if false // Commented out due to issues with async operation response // ******* Server blob auditing ******* ServerBlobAuditingPolicy defaultServerPolicyResponse = sqlClient.Servers.GetBlobAuditingProperties(resourceGroup.Name, server.Name); // Verify that the initial Get request contains the default policy. VerifyServerAuditingPolicyInformation(GetDefaultServerBlobAuditingProperties(), defaultServerPolicyResponse); // Modify the policy properties, send and receive and see it its still ok IList <string> auditActionsAndGroups = new List <string> { "SCHEMA_OBJECT_ACCESS_GROUP", "UPDATE on database::testdb by public" }; ServerBlobAuditingPolicy updatedServerPolicy = new ServerBlobAuditingPolicy { State = BlobAuditingPolicyState.Disabled, RetentionDays = 8, StorageAccountAccessKey = "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==", StorageEndpoint = "https://MyAccount.blob.core.windows.net/", AuditActionsAndGroups = auditActionsAndGroups, StorageAccountSubscriptionId = "00000000-1234-0000-5678-000000000000", IsStorageSecondaryKeyInUse = false }; //Set blob auditing policy for server sqlClient.Servers.CreateOrUpdateBlobAuditingProperties(resourceGroup.Name, server.Name, updatedServerPolicy); //Get blob auditing server policy var getUpdatedServerPolicyResponse = sqlClient.Servers.GetBlobAuditingProperties(resourceGroup.Name, server.Name); // Verify that the Get request contains the updated policy. VerifyServerAuditingPolicyInformation(updatedServerPolicy, getUpdatedServerPolicyResponse); #endif // ******* Database blob auditing ******* string dbName = databases[0].Name; DatabaseBlobAuditingPolicy defaultDatabasePolicyResponse = sqlClient.DatabaseBlobAuditingPolicies.Get(resourceGroup.Name, server.Name, dbName); // Verify that the initial Get request contains the default policy. VerifyDatabaseAuditingPolicyInformation(GetDefaultDatabaseBlobAuditingProperties(), defaultDatabasePolicyResponse); // Modify the policy properties, send and receive and see it its still ok DatabaseBlobAuditingPolicy updatedDatabasePolicy = new DatabaseBlobAuditingPolicy { State = BlobAuditingPolicyState.Disabled, RetentionDays = 5, StorageAccountAccessKey = "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==", StorageEndpoint = "https://MyAccount.blob.core.windows.net/", AuditActionsAndGroups = auditActionsAndGroups, StorageAccountSubscriptionId = new Guid("00000000-1234-0000-5678-000000000000"), IsStorageSecondaryKeyInUse = false }; sqlClient.DatabaseBlobAuditingPolicies.CreateOrUpdate(resourceGroup.Name, server.Name, dbName, updatedDatabasePolicy); var getUpdatedDatabasePolicyResponse = sqlClient.DatabaseBlobAuditingPolicies.Get(resourceGroup.Name, server.Name, dbName); // Verify that the Get request contains the updated policy. VerifyDatabaseAuditingPolicyInformation(updatedDatabasePolicy, getUpdatedDatabasePolicyResponse); } }