public void TestUpdateLedgerDigestUploadConfiguration()
{
string testPrefix = "ledger-digest-upload-test-";
string aclEndpoint = "https://test.confidential-ledger.azure.com";
using (SqlManagementTestContext context = new SqlManagementTestContext(this))
{
SqlManagementClient sqlClient = context.GetClient <SqlManagementClient>();
ResourceGroup resourceGroup = context.CreateResourceGroup();
Server server = context.CreateServer(resourceGroup);
// Create database
Database database = SqlManagementTestUtilities.CreateDatabasesAsync(
sqlClient, resourceGroup.Name, server, testPrefix, 1).Result[0];
LedgerDigestUploads defaultResponse = sqlClient.LedgerDigestUploads.Get(resourceGroup.Name, server.Name, database.Name);
// Verify the initial GET request contains the default settings (disabled)
Assert.Equal(LedgerDigestUploadsState.Disabled, defaultResponse.State);
// Create new configuration with ACL endpoint
LedgerDigestUploads aclUploadConfiguration = new LedgerDigestUploads
{
DigestStorageEndpoint = aclEndpoint,
};
// Set ledger digest upload configuration for database
sqlClient.LedgerDigestUploads.CreateOrUpdate(resourceGroup.Name, server.Name, database.Name, aclUploadConfiguration);
// Get the updated ledger digest upload properties
LedgerDigestUploads aclResponse = sqlClient.LedgerDigestUploads.Get(resourceGroup.Name, server.Name, database.Name);
// Verify that the GET request contains the updated settings
Assert.Equal(LedgerDigestUploadsState.Enabled, aclResponse.State);
Assert.Equal(aclEndpoint, aclResponse.DigestStorageEndpoint);
// Disable digest uploading on database
sqlClient.LedgerDigestUploads.Disable(resourceGroup.Name, server.Name, database.Name);
// Get the updated ledger digest upload properties
LedgerDigestUploads disabledResponse = sqlClient.LedgerDigestUploads.Get(resourceGroup.Name, server.Name, database.Name);
// Verify that the GET request contains the disabled settings
Assert.Equal(LedgerDigestUploadsState.Disabled, disabledResponse.State);
}
}
public void TestGetAndListDatabase()
{
string testPrefix = "sqlcrudtest-";
using (SqlManagementTestContext context = new SqlManagementTestContext(this))
{
ResourceGroup resourceGroup = context.CreateResourceGroup();
Server server = context.CreateServer(resourceGroup);
SqlManagementClient sqlClient = context.GetClient <SqlManagementClient>();
// Create some small databases to run the get/List tests on.
Database[] databases = SqlManagementTestUtilities.CreateDatabasesAsync(
sqlClient, resourceGroup.Name, server, testPrefix, 4).Result;
// Organize into a dictionary for better lookup later
IDictionary <string, Database> inputs = databases.ToDictionary(
keySelector: d => d.Name,
elementSelector: d => d);
// Get each database and compare to the results of create database
//
foreach (var db in inputs)
{
var response = sqlClient.Databases.Get(resourceGroup.Name, server.Name, db.Key);
SqlManagementTestUtilities.ValidateDatabaseEx(db.Value, response);
}
// List all databases
//
IEnumerable <Database> listResponse = sqlClient.Databases.ListByServer(resourceGroup.Name, server.Name);
// Remove master database from the list
listResponse = listResponse.Where(db => db.Name != "master");
Assert.Equal(inputs.Count(), listResponse.Count());
foreach (var db in listResponse)
{
SqlManagementTestUtilities.ValidateDatabase(inputs[db.Name], db, db.Name);
}
}
}
public void TestBlobAuditing()
{
string testPrefix = "server-blob-auditing-test-";
using (SqlManagementTestContext context = new SqlManagementTestContext(this))
{
ResourceGroup resourceGroup = context.CreateResourceGroup();
Server server = context.CreateServer(resourceGroup);
SqlManagementClient sqlClient = context.GetClient <SqlManagementClient>();
// create some databases in server
Database[] databases = SqlManagementTestUtilities.CreateDatabasesAsync(
sqlClient, resourceGroup.Name, server, testPrefix, 2).Result;
IList <string> auditActionsAndGroups = new List <string> {
"SCHEMA_OBJECT_ACCESS_GROUP", "UPDATE on database::testdb by public"
};
#if false // Commented out due to issues with async operation response
// ******* Server blob auditing *******
ServerBlobAuditingPolicy defaultServerPolicyResponse = sqlClient.Servers.GetBlobAuditingProperties(resourceGroup.Name, server.Name);
// Verify that the initial Get request contains the default policy.
VerifyServerAuditingPolicyInformation(GetDefaultServerBlobAuditingProperties(), defaultServerPolicyResponse);
// Modify the policy properties, send and receive and see it its still ok
IList <string> auditActionsAndGroups = new List <string> {
"SCHEMA_OBJECT_ACCESS_GROUP", "UPDATE on database::testdb by public"
};
ServerBlobAuditingPolicy updatedServerPolicy = new ServerBlobAuditingPolicy
{
State = BlobAuditingPolicyState.Disabled,
RetentionDays = 8,
StorageAccountAccessKey = "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==",
StorageEndpoint = "https://MyAccount.blob.core.windows.net/",
AuditActionsAndGroups = auditActionsAndGroups,
StorageAccountSubscriptionId = "00000000-1234-0000-5678-000000000000",
IsStorageSecondaryKeyInUse = false
};
//Set blob auditing policy for server
sqlClient.Servers.CreateOrUpdateBlobAuditingProperties(resourceGroup.Name, server.Name, updatedServerPolicy);
//Get blob auditing server policy
var getUpdatedServerPolicyResponse = sqlClient.Servers.GetBlobAuditingProperties(resourceGroup.Name, server.Name);
// Verify that the Get request contains the updated policy.
VerifyServerAuditingPolicyInformation(updatedServerPolicy, getUpdatedServerPolicyResponse);
#endif
// ******* Database blob auditing *******
string dbName = databases[0].Name;
DatabaseBlobAuditingPolicy defaultDatabasePolicyResponse = sqlClient.DatabaseBlobAuditingPolicies.Get(resourceGroup.Name, server.Name, dbName);
// Verify that the initial Get request contains the default policy.
VerifyDatabaseAuditingPolicyInformation(GetDefaultDatabaseBlobAuditingProperties(), defaultDatabasePolicyResponse);
// Modify the policy properties, send and receive and see it its still ok
DatabaseBlobAuditingPolicy updatedDatabasePolicy = new DatabaseBlobAuditingPolicy
{
State = BlobAuditingPolicyState.Disabled,
RetentionDays = 5,
StorageAccountAccessKey = "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==",
StorageEndpoint = "https://MyAccount.blob.core.windows.net/",
AuditActionsAndGroups = auditActionsAndGroups,
StorageAccountSubscriptionId = new Guid("00000000-1234-0000-5678-000000000000"),
IsStorageSecondaryKeyInUse = false
};
sqlClient.DatabaseBlobAuditingPolicies.CreateOrUpdate(resourceGroup.Name, server.Name, dbName, updatedDatabasePolicy);
var getUpdatedDatabasePolicyResponse = sqlClient.DatabaseBlobAuditingPolicies.Get(resourceGroup.Name, server.Name, dbName);
// Verify that the Get request contains the updated policy.
VerifyDatabaseAuditingPolicyInformation(updatedDatabasePolicy, getUpdatedDatabasePolicyResponse);
}
}
public void TestThreatDetection()
{
string testPrefix = "server-security-alert-test-";
using (SqlManagementTestContext context = new SqlManagementTestContext(this))
{
ResourceGroup resourceGroup = context.CreateResourceGroup();
Server server = context.CreateServer(resourceGroup);
SqlManagementClient sqlClient = context.GetClient <SqlManagementClient>();
// create some databases in server
Database[] databases = SqlManagementTestUtilities.CreateDatabasesAsync(
sqlClient, resourceGroup.Name, server, testPrefix, 2).Result;
// ******* Server threat detection *******
ServerSecurityAlertPolicy defaultServerPolicyResponse = sqlClient.ServerSecurityAlertPolicies.Get(resourceGroup.Name, server.Name);
// Verify that the initial Get request contains the default policy.
VerifyServerSecurityAlertPolicyInformation(GetDefaultServerSecurityAlertProperties(), defaultServerPolicyResponse);
// Modify the policy properties, send and receive and see it its still ok
ServerSecurityAlertPolicy updatedServerPolicy = new ServerSecurityAlertPolicy
{
State = SecurityAlertsPolicyState.Enabled,
EmailAccountAdmins = true
};
//Set security alert policy for server
sqlClient.ServerSecurityAlertPolicies.CreateOrUpdate(resourceGroup.Name, server.Name, updatedServerPolicy);
//Get security alert server policy
var getUpdatedServerPolicyResponse = sqlClient.ServerSecurityAlertPolicies.Get(resourceGroup.Name, server.Name);
// Verify that the Get request contains the updated policy.
Assert.Equal(updatedServerPolicy.State, getUpdatedServerPolicyResponse.State);
Assert.Equal(updatedServerPolicy.EmailAccountAdmins, getUpdatedServerPolicyResponse.EmailAccountAdmins);
// Modify the policy properties again, send and receive and see it its still ok
updatedServerPolicy = new ServerSecurityAlertPolicy
{
State = SecurityAlertsPolicyState.Disabled,
EmailAccountAdmins = true,
EmailAddresses = new List <string>()
{
"*****@*****.**", "*****@*****.**"
},
DisabledAlerts = new List <string>()
{
"Sql_Injection"
},
RetentionDays = 3,
StorageAccountAccessKey = "fake_key_sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==",
StorageEndpoint = "https://MyAccount.blob.core.windows.net/",
};
//Set security alert policy for server
sqlClient.ServerSecurityAlertPolicies.CreateOrUpdate(resourceGroup.Name, server.Name, updatedServerPolicy);
//Get security alert server policy
getUpdatedServerPolicyResponse = sqlClient.ServerSecurityAlertPolicies.Get(resourceGroup.Name, server.Name);
// Verify that the Get request contains the updated policy.
VerifyServerSecurityAlertPolicyInformation(updatedServerPolicy, getUpdatedServerPolicyResponse);
// ******* Database threat detection *******
string dbName = databases[0].Name;
DatabaseSecurityAlertPolicy defaultDatabasePolicyResponse = sqlClient.DatabaseSecurityAlertPolicies.Get(resourceGroup.Name, server.Name, dbName);
// Verify that the initial Get request contains the default policy.
VerifyDatabaseSecurityAlertPolicyInformation(GetDefaultDatabaseSecurityAlertProperties(), defaultDatabasePolicyResponse);
// Modify the policy properties, send and receive and see it its still ok
DatabaseSecurityAlertPolicy updatedDatabasePolicy = new DatabaseSecurityAlertPolicy
{
State = SecurityAlertsPolicyState.Disabled,
EmailAccountAdmins = true,
EmailAddresses = new List <string>()
{
"*****@*****.**"
},
DisabledAlerts = new List <string>()
{
"Access_Anomaly", "Usage_Anomaly"
},
RetentionDays = 5,
StorageAccountAccessKey = "fake_key_sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==",
StorageEndpoint = "https://MyAccount.blob.core.windows.net/"
};
sqlClient.DatabaseSecurityAlertPolicies.CreateOrUpdate(resourceGroup.Name, server.Name, dbName, updatedDatabasePolicy);
var getUpdatedDatabasePolicyResponse = sqlClient.DatabaseSecurityAlertPolicies.Get(resourceGroup.Name, server.Name, dbName);
// Verify that the Get request contains the updated policy.
VerifyDatabaseSecurityAlertPolicyInformation(updatedDatabasePolicy, getUpdatedDatabasePolicyResponse);
}
}