internal void RemoveAuditingSettings(ServerAuditModel model)
{
model.BlobStorageTargetState = AuditStateType.Disabled;
model.EventHubTargetState = AuditStateType.Disabled;
model.LogAnalyticsTargetState = AuditStateType.Disabled;
DisableDiagnosticsAuditWhenDiagnosticsEnablingAuditCategoryDoNotExist(model);
Exception exception = null;
while (model.DiagnosticsEnablingAuditCategory != null &&
model.DiagnosticsEnablingAuditCategory.Any())
{
DiagnosticSettingsResource settings = model.DiagnosticsEnablingAuditCategory.First();
if (IsAnotherCategoryEnabled(settings))
{
if (DisableAuditCategory(model, settings) == false)
{
exception = DefinitionsCommon.UpdateDiagnosticSettingsException;
}
}
else
{
if (RemoveFirstDiagnosticSettings(model) == false)
{
exception = DefinitionsCommon.RemoveDiagnosticSettingsException;
}
}
}
if (exception != null)
{
throw exception;
}
}
private void EnableDiagnosticsAuditWhenDiagnosticsEnablingAuditCategoryDoNotExist(
ServerAuditModel model)
{
if (CreateDiagnosticSettings(
model.EventHubTargetState == AuditStateType.Enabled ?
model.EventHubName : null,
model.EventHubTargetState == AuditStateType.Enabled ?
model.EventHubAuthorizationRuleResourceId : null,
model.LogAnalyticsTargetState == AuditStateType.Enabled ?
model.WorkspaceResourceId : null,
model) == false)
{
throw DefinitionsCommon.CreateDiagnosticSettingsException;
}
try
{
model.IsAzureMonitorTargetEnabled = true;
if (CreateOrUpdateAudit(model) == false)
{
throw DefinitionsCommon.SetAuditingSettingsException;
}
}
catch (Exception)
{
try
{
RemoveFirstDiagnosticSettings(model);
}
catch (Exception) { }
throw;
}
}
private void DisableDiagnosticsAuditWhenOnlyAuditCategoryIsEnabled(
ServerAuditModel model,
DiagnosticSettingsResource settings,
string oldEventHubName,
string oldEventHubAuthorizationRuleId,
string oldWorkspaceId)
{
if (RemoveFirstDiagnosticSettings(model) == false)
{
throw DefinitionsCommon.RemoveDiagnosticSettingsException;
}
try
{
DisableDiagnosticsAuditWhenDiagnosticsEnablingAuditCategoryDoNotExist(model);
}
catch (Exception)
{
try
{
CreateDiagnosticSettings(oldEventHubName, oldEventHubAuthorizationRuleId, oldWorkspaceId, model);
}
catch (Exception) { }
throw;
}
}
internal bool CreateDiagnosticSettings(
string eventHubName, string eventHubAuthorizationRuleId, string workspaceId,
ServerAuditModel model)
{
DiagnosticSettingsResource settings;
if (model is DatabaseAuditModel databaseAuditModel)
{
settings = Communicator.CreateDiagnosticSettings(databaseAuditModel.NextDiagnosticSettingsName,
eventHubName, eventHubAuthorizationRuleId, workspaceId,
databaseAuditModel.ResourceGroupName, databaseAuditModel.ServerName, databaseAuditModel.DatabaseName);
}
else
{
settings = Communicator.CreateDiagnosticSettings(model.NextDiagnosticSettingsName,
eventHubName, eventHubAuthorizationRuleId, workspaceId,
model.ResourceGroupName, model.ServerName);
}
if (settings == null)
{
return(false);
}
IList <DiagnosticSettingsResource> diagnosticsEnablingAuditCategory = model.DiagnosticsEnablingAuditCategory;
if (diagnosticsEnablingAuditCategory == null)
{
diagnosticsEnablingAuditCategory = new List <DiagnosticSettingsResource>();
}
diagnosticsEnablingAuditCategory.Add(settings);
model.DiagnosticsEnablingAuditCategory = diagnosticsEnablingAuditCategory;
return(true);
}
private void VerifyAuditBeforePersistChanges(ServerAuditModel model)
{
if (model.BlobStorageTargetState == AuditStateType.Enabled &&
string.IsNullOrEmpty(model.StorageAccountResourceId))
{
throw DefinitionsCommon.StorageAccountNameParameterException;
}
if (model.EventHubTargetState == AuditStateType.Enabled &&
string.IsNullOrEmpty(model.EventHubAuthorizationRuleResourceId))
{
throw DefinitionsCommon.EventHubAuthorizationRuleResourceIdParameterException;
}
if (model.LogAnalyticsTargetState == AuditStateType.Enabled &&
string.IsNullOrEmpty(model.WorkspaceResourceId))
{
throw DefinitionsCommon.WorkspaceResourceIdParameterException;
}
if (model.DiagnosticsEnablingAuditCategory != null && model.DiagnosticsEnablingAuditCategory.Count > 1)
{
throw DefinitionsCommon.MultipleDiagnosticsException;
}
}
private void ModelizeStorageInfo(ServerAuditModel model,
string storageEndpoint, bool?isSecondary, Guid?storageAccountSubscriptionId,
bool isAuditEnabled, int?retentionDays)
{
if (string.IsNullOrEmpty(storageEndpoint))
{
return;
}
model.StorageKeyType = GetStorageKeyKind(isSecondary);
if (isAuditEnabled)
{
if (storageAccountSubscriptionId == null || Guid.Empty.Equals(storageAccountSubscriptionId))
{
storageAccountSubscriptionId = Subscription.GetId();
}
model.StorageAccountResourceId = AzureCommunicator.RetrieveStorageAccountIdAsync(
storageAccountSubscriptionId.Value,
GetStorageAccountName(storageEndpoint)).GetAwaiter().GetResult();
ModelizeRetentionInfo(model, retentionDays);
}
}
protected override ServerAuditModel PersistChanges(ServerAuditModel entity)
{
entity.BlobStorageTargetState = AuditStateType.Disabled;
entity.EventHubTargetState = AuditStateType.Disabled;
entity.LogAnalyticsTargetState = AuditStateType.Disabled;
ModelAdapter.PersistAuditChanges(entity);
return(null);
}
private void DisableDiagnosticsAuditWhenDiagnosticsEnablingAuditCategoryDoNotExist(
ServerAuditModel model)
{
model.IsAzureMonitorTargetEnabled = null;
if (CreateOrUpdateAudit(model) == false)
{
throw DefinitionsCommon.SetAuditingSettingsException;
}
}
private static void DetermineTargetsState(
ServerAuditModel model,
BlobAuditingPolicyState policyState)
{
if (policyState == BlobAuditingPolicyState.Disabled)
{
model.BlobStorageTargetState = AuditStateType.Disabled;
model.EventHubTargetState = AuditStateType.Disabled;
model.LogAnalyticsTargetState = AuditStateType.Disabled;
}
else
{
if (string.IsNullOrEmpty(model.StorageAccountResourceId))
{
model.BlobStorageTargetState = AuditStateType.Disabled;
}
else
{
model.BlobStorageTargetState = AuditStateType.Enabled;
}
if (model.IsAzureMonitorTargetEnabled == null ||
model.IsAzureMonitorTargetEnabled == false ||
model.DiagnosticsEnablingAuditCategory == null)
{
model.EventHubTargetState = AuditStateType.Disabled;
model.LogAnalyticsTargetState = AuditStateType.Disabled;
}
else
{
DiagnosticSettingsResource eventHubSettings = model.DiagnosticsEnablingAuditCategory.FirstOrDefault(
settings => !string.IsNullOrEmpty(settings.EventHubAuthorizationRuleId));
if (eventHubSettings == null)
{
model.EventHubTargetState = AuditStateType.Disabled;
}
else
{
model.EventHubTargetState = AuditStateType.Enabled;
model.EventHubName = eventHubSettings.EventHubName;
model.EventHubAuthorizationRuleResourceId = eventHubSettings.EventHubAuthorizationRuleId;
}
DiagnosticSettingsResource logAnalyticsSettings = model.DiagnosticsEnablingAuditCategory.FirstOrDefault(
settings => !string.IsNullOrEmpty(settings.WorkspaceId));
if (logAnalyticsSettings == null)
{
model.LogAnalyticsTargetState = AuditStateType.Disabled;
}
else
{
model.LogAnalyticsTargetState = AuditStateType.Enabled;
model.WorkspaceResourceId = logAnalyticsSettings.WorkspaceId;
}
}
}
}
private void ModelizeServerAuditPolicy(
ServerAuditModel model,
ExtendedServerBlobAuditingPolicy policy)
{
model.IsAzureMonitorTargetEnabled = policy.IsAzureMonitorTargetEnabled;
model.PredicateExpression = policy.PredicateExpression;
model.AuditActionGroup = ExtractAuditActionGroups(policy.AuditActionsAndGroups);
ModelizeStorageInfo(model, policy.StorageEndpoint, policy.IsStorageSecondaryKeyInUse, policy.StorageAccountSubscriptionId,
IsAuditEnabled(policy.State), policy.RetentionDays);
DetermineTargetsState(model, policy.State);
}
internal void GetAuditingSettings(
string resourceGroup, string serverName,
ServerAuditModel model)
{
ExtendedServerBlobAuditingPolicy policy = Communicator.GetAuditingPolicy(resourceGroup, serverName);
model.DiagnosticsEnablingAuditCategory =
Communicator.GetDiagnosticsEnablingAuditCategory(out string nextDiagnosticSettingsName,
resourceGroup, serverName);
model.NextDiagnosticSettingsName = nextDiagnosticSettingsName;
ModelizeServerAuditPolicy(model, policy);
}
private void ChangeAuditWhenDiagnosticsEnablingAuditCategoryDoNotExist(
ServerAuditModel model)
{
if (model.EventHubTargetState == AuditStateType.Enabled ||
model.LogAnalyticsTargetState == AuditStateType.Enabled)
{
EnableDiagnosticsAuditWhenDiagnosticsEnablingAuditCategoryDoNotExist(model);
}
else
{
DisableDiagnosticsAuditWhenDiagnosticsEnablingAuditCategoryDoNotExist(model);
}
}
private void ChangeAuditWhenDiagnosticsEnablingAuditCategoryExist(
ServerAuditModel model,
DiagnosticSettingsResource settings)
{
if (IsAnotherCategoryEnabled(settings))
{
ChangeAuditWhenMultipleCategoriesAreEnabled(model, settings);
}
else
{
ChangeAuditWhenOnlyAuditCategoryIsEnabled(model, settings);
}
}
internal void PersistAuditChanges(ServerAuditModel model)
{
VerifyAuditBeforePersistChanges(model);
DiagnosticSettingsResource currentSettings = model.DiagnosticsEnablingAuditCategory?.FirstOrDefault();
if (currentSettings == null)
{
ChangeAuditWhenDiagnosticsEnablingAuditCategoryDoNotExist(model);
}
else
{
ChangeAuditWhenDiagnosticsEnablingAuditCategoryExist(model, currentSettings);
}
}
private void PolicizeStorageInfo(ServerAuditModel model, dynamic policy)
{
ExtractStorageAccountProperties(model.StorageAccountResourceId, out string storageAccountName, out Guid storageAccountSubscriptionId);
string storageEndpointSuffix = Context.Environment.GetEndpoint(AzureEnvironment.Endpoint.StorageEndpointSuffix);
policy.StorageEndpoint = GetStorageAccountEndpoint(storageAccountName, storageEndpointSuffix);
policy.StorageAccountAccessKey = AzureCommunicator.RetrieveStorageKeysAsync(model.StorageAccountResourceId).GetAwaiter().GetResult()[model.StorageKeyType];
policy.IsStorageSecondaryKeyInUse = model.StorageKeyType == StorageKeyKind.Secondary;
policy.StorageAccountSubscriptionId = storageAccountSubscriptionId;
if (model.RetentionInDays != null)
{
policy.RetentionDays = (int)model.RetentionInDays;
}
}
private bool SetAudit(ServerAuditModel model)
{
if (string.IsNullOrEmpty(model.PredicateExpression))
{
var policy = new ServerBlobAuditingPolicy();
PolicizeAuditModel(model, policy);
return(Communicator.SetAuditingPolicy(model.ResourceGroupName, model.ServerName, policy));
}
else
{
var policy = new ExtendedServerBlobAuditingPolicy
{
PredicateExpression = model.PredicateExpression
};
PolicizeAuditModel(model, policy);
return(Communicator.SetExtendedAuditingPolicy(model.ResourceGroupName, model.ServerName, policy));
}
}
private void ChangeAuditWhenOnlyAuditCategoryIsEnabled(
ServerAuditModel model,
DiagnosticSettingsResource settings)
{
string oldEventHubName = settings.EventHubName;
string oldEventHubAuthorizationRuleId = settings.EventHubAuthorizationRuleId;
string oldWorkspaceId = settings.WorkspaceId;
if (model.EventHubTargetState == AuditStateType.Enabled ||
model.LogAnalyticsTargetState == AuditStateType.Enabled)
{
EnableDiagnosticsAuditWhenOnlyAuditCategoryIsEnabled(model, settings, oldEventHubName, oldEventHubAuthorizationRuleId, oldWorkspaceId);
}
else
{
DisableDiagnosticsAuditWhenOnlyAuditCategoryIsEnabled(model, settings, oldEventHubName, oldEventHubAuthorizationRuleId, oldWorkspaceId);
}
}
private void EnableDiagnosticsAuditWhenOnlyAuditCategoryIsEnabled(
ServerAuditModel model,
DiagnosticSettingsResource settings,
string oldEventHubName,
string oldEventHubAuthorizationRuleId,
string oldWorkspaceId)
{
settings.EventHubName = model.EventHubTargetState == AuditStateType.Enabled ?
model.EventHubName : null;
settings.EventHubAuthorizationRuleId = model.EventHubTargetState == AuditStateType.Enabled ?
model.EventHubAuthorizationRuleResourceId : null;
settings.WorkspaceId = model.LogAnalyticsTargetState == AuditStateType.Enabled ?
model.WorkspaceResourceId : null;
if (UpdateDiagnosticSettings(settings, model) == false)
{
throw DefinitionsCommon.UpdateDiagnosticSettingsException;
}
try
{
model.IsAzureMonitorTargetEnabled = true;
if (CreateOrUpdateAudit(model) == false)
{
throw DefinitionsCommon.SetAuditingSettingsException;
}
}
catch (Exception)
{
try
{
settings.EventHubName = oldEventHubName;
settings.EventHubAuthorizationRuleId = oldEventHubAuthorizationRuleId;
settings.WorkspaceId = oldWorkspaceId;
UpdateDiagnosticSettings(settings, model);
}
catch (Exception) { }
throw;
}
}
internal bool UpdateDiagnosticSettings(
DiagnosticSettingsResource settings,
ServerAuditModel model)
{
DiagnosticSettingsResource modifiedSettings;
if (model is DatabaseAuditModel databaseAuditModel)
{
modifiedSettings = Communicator.UpdateDiagnosticSettings(settings,
databaseAuditModel.ResourceGroupName, databaseAuditModel.ServerName, databaseAuditModel.DatabaseName);
}
else
{
modifiedSettings = Communicator.UpdateDiagnosticSettings(settings,
model.ResourceGroupName, model.ServerName);
}
if (modifiedSettings == null)
{
return(false);
}
List <DiagnosticSettingsResource> diagnosticsEnablingAuditCategory = new List <DiagnosticSettingsResource>();
foreach (DiagnosticSettingsResource existingSettings in model.DiagnosticsEnablingAuditCategory)
{
if (!string.Equals(modifiedSettings.Id, existingSettings.Id))
{
diagnosticsEnablingAuditCategory.Add(existingSettings);
}
else if (AuditingEndpointsCommunicator.IsAuditCategoryEnabled(modifiedSettings))
{
diagnosticsEnablingAuditCategory.Add(modifiedSettings);
}
}
model.DiagnosticsEnablingAuditCategory = diagnosticsEnablingAuditCategory.Any() ? diagnosticsEnablingAuditCategory : null;
return(true);
}
private void PolicizeAuditModel(ServerAuditModel model, dynamic policy)
{
policy.State = model.BlobStorageTargetState == AuditStateType.Enabled ||
model.EventHubTargetState == AuditStateType.Enabled ||
model.LogAnalyticsTargetState == AuditStateType.Enabled ?
BlobAuditingPolicyState.Enabled : BlobAuditingPolicyState.Disabled;
policy.IsAzureMonitorTargetEnabled = model.IsAzureMonitorTargetEnabled;
if (model is DatabaseAuditModel dbModel)
{
policy.AuditActionsAndGroups = ExtractAuditActionsAndGroups(dbModel.AuditActionGroup, dbModel.AuditAction);
}
else
{
policy.AuditActionsAndGroups = ExtractAuditActionsAndGroups(model.AuditActionGroup);
}
if (model.BlobStorageTargetState == AuditStateType.Enabled)
{
PolicizeStorageInfo(model, policy);
}
}
private void PolicizeStorageInfo(ServerAuditModel model, dynamic policy)
{
ExtractStorageAccountProperties(model.StorageAccountResourceId, out string storageAccountName, out Guid storageAccountSubscriptionId);
policy.StorageEndpoint = GetStorageAccountEndpoint(storageAccountName);
policy.StorageAccountSubscriptionId = storageAccountSubscriptionId;
if (AzureCommunicator.IsStorageAccountInVNet(model.StorageAccountResourceId))
{
Guid?principalId = Communicator.AssignServerIdentity(model.ResourceGroupName, model.ServerName);
AzureCommunicator.AssignRoleForServerIdentityOnStorage(model.StorageAccountResourceId, principalId.Value, RoleAssignmentId);
}
else
{
policy.IsStorageSecondaryKeyInUse = model.StorageKeyType == StorageKeyKind.Secondary;
policy.StorageAccountAccessKey = AzureCommunicator.RetrieveStorageKeysAsync(model.StorageAccountResourceId).GetAwaiter().GetResult()[model.StorageKeyType];
}
if (model.RetentionInDays != null)
{
policy.RetentionDays = (int)model.RetentionInDays;
}
}
private void ChangeAuditWhenMultipleCategoriesAreEnabled(
ServerAuditModel model,
DiagnosticSettingsResource settings)
{
if (DisableAuditCategory(model, settings) == false)
{
throw DefinitionsCommon.UpdateDiagnosticSettingsException;
}
try
{
ChangeAuditWhenDiagnosticsEnablingAuditCategoryDoNotExist(model);
}
catch (Exception)
{
try
{
EnableAuditCategory(model, settings);
}
catch (Exception) { }
throw;
}
}
protected override ServerAuditModel PersistChanges(ServerAuditModel entity)
{
ModelAdapter.RemoveAuditingSettings(entity);
return(null);
}
protected override ServerAuditModel ApplyUserInputToModel(ServerAuditModel model)
{
base.ApplyUserInputToModel(model);
if (AuditActionGroup != null && AuditActionGroup.Length != 0)
{
model.AuditActionGroup = AuditActionGroup;
}
if (PredicateExpression != null)
{
model.PredicateExpression = PredicateExpression = PredicateExpression;
}
if (BlobStorageTargetState != null)
{
model.BlobStorageTargetState = BlobStorageTargetState == SecurityConstants.Enabled ?
AuditStateType.Enabled : AuditStateType.Disabled;
}
if (StorageAccountResourceId != null)
{
model.StorageAccountResourceId = StorageAccountResourceId;
}
if (MyInvocation.BoundParameters.ContainsKey(SecurityConstants.StorageKeyType))
{
model.StorageKeyType = (StorageKeyType == SecurityConstants.Primary) ? StorageKeyKind.Primary : StorageKeyKind.Secondary;
}
if (RetentionInDays != null)
{
model.RetentionInDays = RetentionInDays;
}
if (EventHubTargetState != null)
{
model.EventHubTargetState = EventHubTargetState == SecurityConstants.Enabled ?
AuditStateType.Enabled : AuditStateType.Disabled;
}
if (EventHubName != null)
{
model.EventHubName = EventHubName;
}
if (EventHubAuthorizationRuleResourceId != null)
{
model.EventHubAuthorizationRuleResourceId = EventHubAuthorizationRuleResourceId;
}
if (LogAnalyticsTargetState != null)
{
model.LogAnalyticsTargetState = LogAnalyticsTargetState == SecurityConstants.Enabled ?
AuditStateType.Enabled : AuditStateType.Disabled;
}
if (WorkspaceResourceId != null)
{
model.WorkspaceResourceId = WorkspaceResourceId;
}
return(model);
}
protected override ServerAuditModel PersistChanges(ServerAuditModel entity)
{
ModelAdapter.PersistAuditChanges(entity);
return(null);
}
private bool CreateOrUpdateAudit(ServerAuditModel model)
{
return((model is DatabaseAuditModel dbModel) ?
SetAudit(dbModel) : SetAudit(model));
}
