private static void VerifyServerBlobAuditingPolicy(ServerBlobAuditingPolicy serverPolicy, ServerBlobAuditingPolicy serverResultPolicy)
{
Assert.Equal(serverResultPolicy.State, serverPolicy.State);
Assert.Equal(serverResultPolicy.StorageEndpoint, serverPolicy.StorageEndpoint);
Assert.Null(serverResultPolicy.StorageAccountAccessKey);
Assert.Equal(serverResultPolicy.RetentionDays, serverPolicy.RetentionDays);
Assert.Equal(serverResultPolicy.IsStorageSecondaryKeyInUse, serverPolicy.IsStorageSecondaryKeyInUse);
}
public bool SetAuditingPolicy(string resourceGroupName, string serverName,
ServerBlobAuditingPolicy policy)
{
SqlManagementClient client = GetCurrentSqlClient();
AzureOperationResponse <ServerBlobAuditingPolicy> response =
client.ServerBlobAuditingPolicies.BeginCreateOrUpdateWithHttpMessagesAsync(
resourceGroupName, serverName, policy).Result;
return(client.GetLongRunningOperationResultAsync(response, null, CancellationToken.None).Result.Response.IsSuccessStatusCode);
}
public bool SetAuditingPolicy(string resourceGroupName, string workspaceName,
ServerBlobAuditingPolicy policy)
{
return(SetAuditingPolicyInternal(() =>
{
SynapseManagementClient client = GetCurrentSynapseManagementClient();
AzureOperationResponse <ServerBlobAuditingPolicy> response =
client.WorkspaceManagedSqlServerBlobAuditingPolicies.BeginCreateOrUpdateWithHttpMessagesAsync(
resourceGroupName, workspaceName, policy).Result;
return client.GetLongRunningOperationResultAsync(response, null, CancellationToken.None).Result.Response.IsSuccessStatusCode;
}));
}
public async void TestServerBlobAuditingPolicy()
{
using (SqlManagementTestContext context = new SqlManagementTestContext(this))
{
ResourceGroup resourceGroup = context.CreateResourceGroup();
SqlManagementClient client = context.GetClient <SqlManagementClient>();
Server server = context.CreateServer(resourceGroup);
StorageAccountInformation storageAccountInformation = await CreateStorageAccountAsync(context, resourceGroup);
ServerBlobAuditingPolicy serverPolicy = new ServerBlobAuditingPolicy
{
State = BlobAuditingPolicyState.Enabled,
StorageEndpoint = storageAccountInformation.Endpoint,
StorageAccountAccessKey = storageAccountInformation.PrimaryKey,
RetentionDays = RetentionDays,
IsStorageSecondaryKeyInUse = IsStorageSecondaryKeyInUse,
IsAzureMonitorTargetEnabled = true,
QueueDelayMs = 1000
};
ExtendedServerBlobAuditingPolicy extendedServerPolicy = new ExtendedServerBlobAuditingPolicy
{
State = BlobAuditingPolicyState.Enabled,
StorageEndpoint = storageAccountInformation.Endpoint,
StorageAccountAccessKey = storageAccountInformation.PrimaryKey,
RetentionDays = RetentionDays,
IsStorageSecondaryKeyInUse = IsStorageSecondaryKeyInUse,
PredicateExpression = PredicateExpression,
IsAzureMonitorTargetEnabled = true,
QueueDelayMs = 1000
};
ServerBlobAuditingPolicy serverResultPolicy = await client.ServerBlobAuditingPolicies.CreateOrUpdateAsync(resourceGroup.Name, server.Name, serverPolicy);
VerifyServerBlobAuditingPolicy(serverPolicy, serverResultPolicy);
serverResultPolicy = await client.ServerBlobAuditingPolicies.GetAsync(resourceGroup.Name, server.Name);
VerifyServerBlobAuditingPolicy(serverPolicy, serverResultPolicy);
ExtendedServerBlobAuditingPolicy extendedServerResultPolicy = await client.ExtendedServerBlobAuditingPolicies.CreateOrUpdateAsync(resourceGroup.Name, server.Name, extendedServerPolicy);
VerifyExtendedServerBlobAuditingPolicy(extendedServerPolicy, extendedServerResultPolicy);
extendedServerResultPolicy = await client.ExtendedServerBlobAuditingPolicies.GetAsync(resourceGroup.Name, server.Name);
VerifyExtendedServerBlobAuditingPolicy(extendedServerPolicy, extendedServerResultPolicy);
await client.Servers.DeleteAsync(resourceGroup.Name, server.Name);
await DeleteStorageAccountAsync(context, resourceGroup.Name, storageAccountInformation.Name);
}
}
/// <summary>
/// Returns a ServerBlobAuditingPolicy object that holds the default settings for a server blob auditing policy
/// </summary>
/// <returns>A ServerBlobAuditingPolicy object with the default server audit policy settings</returns>
private ServerBlobAuditingPolicy GetDefaultServerBlobAuditingProperties()
{
ServerBlobAuditingPolicy properties = new ServerBlobAuditingPolicy
{
State = BlobAuditingPolicyState.Disabled,
RetentionDays = 0,
StorageAccountAccessKey = string.Empty,
StorageEndpoint = string.Empty,
AuditActionsAndGroups = new List <string>(),
StorageAccountSubscriptionId = "00000000-0000-0000-0000-000000000000",
IsStorageSecondaryKeyInUse = false,
};
return(properties);
}
private bool SetAudit(ServerAuditModel model)
{
if (string.IsNullOrEmpty(model.PredicateExpression))
{
var policy = new ServerBlobAuditingPolicy();
PolicizeAuditModel(model, policy);
return(Communicator.SetAuditingPolicy(model.ResourceGroupName, model.ServerName, policy));
}
else
{
var policy = new ExtendedServerBlobAuditingPolicy
{
PredicateExpression = model.PredicateExpression
};
PolicizeAuditModel(model, policy);
return(Communicator.SetExtendedAuditingPolicy(model.ResourceGroupName, model.ServerName, policy));
}
}
/// <summary>
/// Verify that the received properties match their expected values
/// </summary>
/// <param name="expected">The expected value of the properties object</param>
/// <param name="actual">The properties object that needs to be checked</param>
private void VerifyServerAuditingPolicyInformation(ServerBlobAuditingPolicy expected, ServerBlobAuditingPolicy actual)
{
Assert.Equal(expected.State, actual.State);
Assert.Equal(expected.RetentionDays, actual.RetentionDays);
Assert.Equal(expected.StorageEndpoint, actual.StorageEndpoint);
Assert.Equal(string.Empty, actual.StorageAccountAccessKey);
if (expected.AuditActionsAndGroups == null)
{
Assert.Equal(null, actual.AuditActionsAndGroups);
}
else
{
Assert.Equal(expected.AuditActionsAndGroups.Count, actual.AuditActionsAndGroups.Count);
actual.AuditActionsAndGroups.ForEach(s => Assert.True(expected.AuditActionsAndGroups.Any(es => es.Equals(s))));
}
Assert.Equal(expected.StorageAccountSubscriptionId, actual.StorageAccountSubscriptionId);
Assert.Equal(expected.IsStorageSecondaryKeyInUse, actual.IsStorageSecondaryKeyInUse);
}
/// <summary>
/// Creates or updates a server's blob auditing policy.
/// </summary>
/// <param name='operations'>
/// The operations group for this extension method.
/// </param>
/// <param name='resourceGroupName'>
/// The name of the resource group that contains the resource. You can obtain
/// this value from the Azure Resource Manager API or the portal.
/// </param>
/// <param name='serverName'>
/// The name of the server.
/// </param>
/// <param name='parameters'>
/// Properties of blob auditing policy
/// </param>
public static ServerBlobAuditingPolicy CreateOrUpdate(this IServerBlobAuditingPoliciesOperations operations, string resourceGroupName, string serverName, ServerBlobAuditingPolicy parameters)
{
return(operations.CreateOrUpdateAsync(resourceGroupName, serverName, parameters).GetAwaiter().GetResult());
}
/// <summary>
/// Creates or updates a server's blob auditing policy.
/// </summary>
/// <param name='operations'>
/// The operations group for this extension method.
/// </param>
/// <param name='resourceGroupName'>
/// The name of the resource group that contains the resource. You can obtain
/// this value from the Azure Resource Manager API or the portal.
/// </param>
/// <param name='serverName'>
/// The name of the server.
/// </param>
/// <param name='parameters'>
/// Properties of blob auditing policy
/// </param>
/// <param name='cancellationToken'>
/// The cancellation token.
/// </param>
public static async Task <ServerBlobAuditingPolicy> BeginCreateOrUpdateAsync(this IServerBlobAuditingPoliciesOperations operations, string resourceGroupName, string serverName, ServerBlobAuditingPolicy parameters, CancellationToken cancellationToken = default(CancellationToken))
{
using (var _result = await operations.BeginCreateOrUpdateWithHttpMessagesAsync(resourceGroupName, serverName, parameters, null, cancellationToken).ConfigureAwait(false))
{
return(_result.Body);
}
}
/// <summary>
/// Create or Update server's blob auditing policy.
/// </summary>
/// <remarks>
/// Create or Update a workspace managed sql server's blob auditing policy.
/// </remarks>
/// <param name='resourceGroupName'>
/// The name of the resource group. The name is case insensitive.
/// </param>
/// <param name='workspaceName'>
/// The name of the workspace.
/// </param>
/// <param name='parameters'>
/// Properties of extended blob auditing policy.
/// </param>
/// <param name='customHeaders'>
/// Headers that will be added to request.
/// </param>
/// <param name='cancellationToken'>
/// The cancellation token.
/// </param>
/// <exception cref="CloudException">
/// Thrown when the operation returned an invalid status code
/// </exception>
/// <exception cref="SerializationException">
/// Thrown when unable to deserialize the response
/// </exception>
/// <exception cref="ValidationException">
/// Thrown when a required parameter is null
/// </exception>
/// <exception cref="System.ArgumentNullException">
/// Thrown when a required parameter is null
/// </exception>
/// <return>
/// A response object containing the response body and response headers.
/// </return>
public async Task <AzureOperationResponse <ServerBlobAuditingPolicy> > BeginCreateOrUpdateWithHttpMessagesAsync(string resourceGroupName, string workspaceName, ServerBlobAuditingPolicy parameters, Dictionary <string, List <string> > customHeaders = null, CancellationToken cancellationToken = default(CancellationToken))
{
if (Client.SubscriptionId == null)
{
throw new ValidationException(ValidationRules.CannotBeNull, "this.Client.SubscriptionId");
}
if (Client.SubscriptionId != null)
{
if (Client.SubscriptionId.Length < 1)
{
throw new ValidationException(ValidationRules.MinLength, "Client.SubscriptionId", 1);
}
}
if (resourceGroupName == null)
{
throw new ValidationException(ValidationRules.CannotBeNull, "resourceGroupName");
}
if (resourceGroupName != null)
{
if (resourceGroupName.Length > 90)
{
throw new ValidationException(ValidationRules.MaxLength, "resourceGroupName", 90);
}
if (resourceGroupName.Length < 1)
{
throw new ValidationException(ValidationRules.MinLength, "resourceGroupName", 1);
}
}
if (workspaceName == null)
{
throw new ValidationException(ValidationRules.CannotBeNull, "workspaceName");
}
if (parameters == null)
{
throw new ValidationException(ValidationRules.CannotBeNull, "parameters");
}
if (parameters != null)
{
parameters.Validate();
}
string apiVersion = "2021-06-01";
string blobAuditingPolicyName = "default";
// Tracing
bool _shouldTrace = ServiceClientTracing.IsEnabled;
string _invocationId = null;
if (_shouldTrace)
{
_invocationId = ServiceClientTracing.NextInvocationId.ToString();
Dictionary <string, object> tracingParameters = new Dictionary <string, object>();
tracingParameters.Add("apiVersion", apiVersion);
tracingParameters.Add("resourceGroupName", resourceGroupName);
tracingParameters.Add("workspaceName", workspaceName);
tracingParameters.Add("blobAuditingPolicyName", blobAuditingPolicyName);
tracingParameters.Add("parameters", parameters);
tracingParameters.Add("cancellationToken", cancellationToken);
ServiceClientTracing.Enter(_invocationId, this, "BeginCreateOrUpdate", tracingParameters);
}
// Construct URL
var _baseUrl = Client.BaseUri.AbsoluteUri;
var _url = new System.Uri(new System.Uri(_baseUrl + (_baseUrl.EndsWith("/") ? "" : "/")), "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Synapse/workspaces/{workspaceName}/auditingSettings/{blobAuditingPolicyName}").ToString();
_url = _url.Replace("{subscriptionId}", System.Uri.EscapeDataString(Client.SubscriptionId));
_url = _url.Replace("{resourceGroupName}", System.Uri.EscapeDataString(resourceGroupName));
_url = _url.Replace("{workspaceName}", System.Uri.EscapeDataString(workspaceName));
_url = _url.Replace("{blobAuditingPolicyName}", System.Uri.EscapeDataString(blobAuditingPolicyName));
List <string> _queryParameters = new List <string>();
if (apiVersion != null)
{
_queryParameters.Add(string.Format("api-version={0}", System.Uri.EscapeDataString(apiVersion)));
}
if (_queryParameters.Count > 0)
{
_url += (_url.Contains("?") ? "&" : "?") + string.Join("&", _queryParameters);
}
// Create HTTP transport objects
var _httpRequest = new HttpRequestMessage();
HttpResponseMessage _httpResponse = null;
_httpRequest.Method = new HttpMethod("PUT");
_httpRequest.RequestUri = new System.Uri(_url);
// Set Headers
if (Client.GenerateClientRequestId != null && Client.GenerateClientRequestId.Value)
{
_httpRequest.Headers.TryAddWithoutValidation("x-ms-client-request-id", System.Guid.NewGuid().ToString());
}
if (Client.AcceptLanguage != null)
{
if (_httpRequest.Headers.Contains("accept-language"))
{
_httpRequest.Headers.Remove("accept-language");
}
_httpRequest.Headers.TryAddWithoutValidation("accept-language", Client.AcceptLanguage);
}
if (customHeaders != null)
{
foreach (var _header in customHeaders)
{
if (_httpRequest.Headers.Contains(_header.Key))
{
_httpRequest.Headers.Remove(_header.Key);
}
_httpRequest.Headers.TryAddWithoutValidation(_header.Key, _header.Value);
}
}
// Serialize Request
string _requestContent = null;
if (parameters != null)
{
_requestContent = Rest.Serialization.SafeJsonConvert.SerializeObject(parameters, Client.SerializationSettings);
_httpRequest.Content = new StringContent(_requestContent, System.Text.Encoding.UTF8);
_httpRequest.Content.Headers.ContentType = System.Net.Http.Headers.MediaTypeHeaderValue.Parse("application/json; charset=utf-8");
}
// Set Credentials
if (Client.Credentials != null)
{
cancellationToken.ThrowIfCancellationRequested();
await Client.Credentials.ProcessHttpRequestAsync(_httpRequest, cancellationToken).ConfigureAwait(false);
}
// Send Request
if (_shouldTrace)
{
ServiceClientTracing.SendRequest(_invocationId, _httpRequest);
}
cancellationToken.ThrowIfCancellationRequested();
_httpResponse = await Client.HttpClient.SendAsync(_httpRequest, cancellationToken).ConfigureAwait(false);
if (_shouldTrace)
{
ServiceClientTracing.ReceiveResponse(_invocationId, _httpResponse);
}
HttpStatusCode _statusCode = _httpResponse.StatusCode;
cancellationToken.ThrowIfCancellationRequested();
string _responseContent = null;
if ((int)_statusCode != 200 && (int)_statusCode != 202)
{
var ex = new CloudException(string.Format("Operation returned an invalid status code '{0}'", _statusCode));
try
{
_responseContent = await _httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false);
CloudError _errorBody = Rest.Serialization.SafeJsonConvert.DeserializeObject <CloudError>(_responseContent, Client.DeserializationSettings);
if (_errorBody != null)
{
ex = new CloudException(_errorBody.Message);
ex.Body = _errorBody;
}
}
catch (JsonException)
{
// Ignore the exception
}
ex.Request = new HttpRequestMessageWrapper(_httpRequest, _requestContent);
ex.Response = new HttpResponseMessageWrapper(_httpResponse, _responseContent);
if (_httpResponse.Headers.Contains("x-ms-request-id"))
{
ex.RequestId = _httpResponse.Headers.GetValues("x-ms-request-id").FirstOrDefault();
}
if (_shouldTrace)
{
ServiceClientTracing.Error(_invocationId, ex);
}
_httpRequest.Dispose();
if (_httpResponse != null)
{
_httpResponse.Dispose();
}
throw ex;
}
// Create Result
var _result = new AzureOperationResponse <ServerBlobAuditingPolicy>();
_result.Request = _httpRequest;
_result.Response = _httpResponse;
if (_httpResponse.Headers.Contains("x-ms-request-id"))
{
_result.RequestId = _httpResponse.Headers.GetValues("x-ms-request-id").FirstOrDefault();
}
// Deserialize Response
if ((int)_statusCode == 200)
{
_responseContent = await _httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false);
try
{
_result.Body = Rest.Serialization.SafeJsonConvert.DeserializeObject <ServerBlobAuditingPolicy>(_responseContent, Client.DeserializationSettings);
}
catch (JsonException ex)
{
_httpRequest.Dispose();
if (_httpResponse != null)
{
_httpResponse.Dispose();
}
throw new SerializationException("Unable to deserialize the response.", _responseContent, ex);
}
}
if (_shouldTrace)
{
ServiceClientTracing.Exit(_invocationId, _result);
}
return(_result);
}
/// <summary>
/// Create or Update server's blob auditing policy.
/// </summary>
/// <remarks>
/// Create or Update a workspace managed sql server's blob auditing policy.
/// </remarks>
/// <param name='resourceGroupName'>
/// The name of the resource group. The name is case insensitive.
/// </param>
/// <param name='workspaceName'>
/// The name of the workspace.
/// </param>
/// <param name='parameters'>
/// Properties of extended blob auditing policy.
/// </param>
/// <param name='customHeaders'>
/// The headers that will be added to request.
/// </param>
/// <param name='cancellationToken'>
/// The cancellation token.
/// </param>
public async Task <AzureOperationResponse <ServerBlobAuditingPolicy> > CreateOrUpdateWithHttpMessagesAsync(string resourceGroupName, string workspaceName, ServerBlobAuditingPolicy parameters, Dictionary <string, List <string> > customHeaders = null, CancellationToken cancellationToken = default(CancellationToken))
{
// Send Request
AzureOperationResponse <ServerBlobAuditingPolicy> _response = await BeginCreateOrUpdateWithHttpMessagesAsync(resourceGroupName, workspaceName, parameters, customHeaders, cancellationToken).ConfigureAwait(false);
return(await Client.GetPutOrPatchOperationResultAsync(_response, customHeaders, cancellationToken).ConfigureAwait(false));
}
/// <summary>
/// Sets the database server blob auditing policy of the given database server in the given resource group
/// </summary>
public void SetServerAuditingPolicy(string resourceGroupName, string serverName, ServerBlobAuditingPolicy policy)
{
var client = GetCurrentSqlClient();
AzureOperationResponse <ServerBlobAuditingPolicy> response =
client.ServerBlobAuditingPolicies.BeginCreateOrUpdateWithHttpMessagesAsync(
resourceGroupName, serverName, policy).Result;
var result = client.GetLongRunningOperationResultAsync(response, null, CancellationToken.None).Result;
}
/// <summary>
/// Create or Update server's blob auditing policy.
/// </summary>
/// <remarks>
/// Create or Update a workspace managed sql server's blob auditing policy.
/// </remarks>
/// <param name='operations'>
/// The operations group for this extension method.
/// </param>
/// <param name='resourceGroupName'>
/// The name of the resource group. The name is case insensitive.
/// </param>
/// <param name='workspaceName'>
/// The name of the workspace.
/// </param>
/// <param name='parameters'>
/// Properties of extended blob auditing policy.
/// </param>
public static ServerBlobAuditingPolicy BeginCreateOrUpdate(this IWorkspaceManagedSqlServerBlobAuditingPoliciesOperations operations, string resourceGroupName, string workspaceName, ServerBlobAuditingPolicy parameters)
{
return(operations.BeginCreateOrUpdateAsync(resourceGroupName, workspaceName, parameters).GetAwaiter().GetResult());
}
public void TestBlobAuditing()
{
string testPrefix = "server-blob-auditing-test-";
using (SqlManagementTestContext context = new SqlManagementTestContext(this))
{
ResourceGroup resourceGroup = context.CreateResourceGroup();
Server server = context.CreateServer(resourceGroup);
SqlManagementClient sqlClient = context.GetClient <SqlManagementClient>();
// create some databases in server
Database[] databases = SqlManagementTestUtilities.CreateDatabasesAsync(
sqlClient, resourceGroup.Name, server, testPrefix, 2).Result;
IList <string> auditActionsAndGroups = new List <string> {
"SCHEMA_OBJECT_ACCESS_GROUP", "UPDATE on database::testdb by public"
};
#if false // Commented out due to issues with async operation response
// ******* Server blob auditing *******
ServerBlobAuditingPolicy defaultServerPolicyResponse = sqlClient.Servers.GetBlobAuditingProperties(resourceGroup.Name, server.Name);
// Verify that the initial Get request contains the default policy.
VerifyServerAuditingPolicyInformation(GetDefaultServerBlobAuditingProperties(), defaultServerPolicyResponse);
// Modify the policy properties, send and receive and see it its still ok
IList <string> auditActionsAndGroups = new List <string> {
"SCHEMA_OBJECT_ACCESS_GROUP", "UPDATE on database::testdb by public"
};
ServerBlobAuditingPolicy updatedServerPolicy = new ServerBlobAuditingPolicy
{
State = BlobAuditingPolicyState.Disabled,
RetentionDays = 8,
StorageAccountAccessKey = "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==",
StorageEndpoint = "https://MyAccount.blob.core.windows.net/",
AuditActionsAndGroups = auditActionsAndGroups,
StorageAccountSubscriptionId = "00000000-1234-0000-5678-000000000000",
IsStorageSecondaryKeyInUse = false
};
//Set blob auditing policy for server
sqlClient.Servers.CreateOrUpdateBlobAuditingProperties(resourceGroup.Name, server.Name, updatedServerPolicy);
//Get blob auditing server policy
var getUpdatedServerPolicyResponse = sqlClient.Servers.GetBlobAuditingProperties(resourceGroup.Name, server.Name);
// Verify that the Get request contains the updated policy.
VerifyServerAuditingPolicyInformation(updatedServerPolicy, getUpdatedServerPolicyResponse);
#endif
// ******* Database blob auditing *******
string dbName = databases[0].Name;
DatabaseBlobAuditingPolicy defaultDatabasePolicyResponse = sqlClient.DatabaseBlobAuditingPolicies.Get(resourceGroup.Name, server.Name, dbName);
// Verify that the initial Get request contains the default policy.
VerifyDatabaseAuditingPolicyInformation(GetDefaultDatabaseBlobAuditingProperties(), defaultDatabasePolicyResponse);
// Modify the policy properties, send and receive and see it its still ok
DatabaseBlobAuditingPolicy updatedDatabasePolicy = new DatabaseBlobAuditingPolicy
{
State = BlobAuditingPolicyState.Disabled,
RetentionDays = 5,
StorageAccountAccessKey = "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==",
StorageEndpoint = "https://MyAccount.blob.core.windows.net/",
AuditActionsAndGroups = auditActionsAndGroups,
StorageAccountSubscriptionId = new Guid("00000000-1234-0000-5678-000000000000"),
IsStorageSecondaryKeyInUse = false
};
sqlClient.DatabaseBlobAuditingPolicies.CreateOrUpdate(resourceGroup.Name, server.Name, dbName, updatedDatabasePolicy);
var getUpdatedDatabasePolicyResponse = sqlClient.DatabaseBlobAuditingPolicies.Get(resourceGroup.Name, server.Name, dbName);
// Verify that the Get request contains the updated policy.
VerifyDatabaseAuditingPolicyInformation(updatedDatabasePolicy, getUpdatedDatabasePolicyResponse);
}
}
