internal virtual void PolicizePublicStorageInfo(AuditModelType model, ProxyResource policy)
{
dynamic dynamicPolicy = (dynamic)policy;
dynamicPolicy.StorageAccountAccessKey = AzureCommunicator.RetrieveStorageKeysAsync(
model.StorageAccountResourceId).GetAwaiter().GetResult()[GetStorageKeyKind(model) == StorageKeyKind.Secondary ? StorageKeyKind.Secondary : StorageKeyKind.Primary];
}
private void ModelizeStorageInfo(AuditModelType model,
string storageEndpoint, bool?isSecondary, Guid?storageAccountSubscriptionId,
bool isAuditEnabled, int?retentionDays)
{
if (string.IsNullOrEmpty(storageEndpoint))
{
return;
}
ModelizeStorageKeyType(model, isSecondary);
if (isAuditEnabled)
{
if (storageAccountSubscriptionId == null || Guid.Empty.Equals(storageAccountSubscriptionId))
{
storageAccountSubscriptionId = Subscription.GetId();
}
model.StorageAccountResourceId = AzureCommunicator.RetrieveStorageAccountIdAsync(
storageAccountSubscriptionId.Value,
GetStorageAccountName(storageEndpoint)).GetAwaiter().GetResult();
ModelizeRetentionInfo(model, retentionDays);
}
}
/// <summary>
/// Extracts the storage account requested key
/// </summary>
private string ExtractStorageAccountKey(string storageName, BaseTableAuditingPolicyModel model, string storageAccountResourceGroup, StorageKeyKind keyType)
{
if (!IgnoreStorage && (model.StorageKeyType == keyType))
{
return(AzureCommunicator.GetStorageKeys(storageAccountResourceGroup, storageName)[keyType]);
}
return(null);
}
/// <summary>
/// Extracts the storage account resource group
/// </summary>
private string ExtractStorageAccountResourceGroup(string storageName)
{
if (IgnoreStorage || (storageName == FetchedStorageAccountName && FetchedStorageAccountResourceGroup != null))
{
return(FetchedStorageAccountResourceGroup);
}
return(AzureCommunicator.GetStorageResourceGroup(storageName));
}
private void PopulateStoragePropertiesInPolicy(BaseThreatDetectionPolicyModel model, BaseSecurityAlertPolicyProperties properties, string storageEndpointSuffix)
{
if (string.IsNullOrEmpty(model.StorageAccountName)) // can happen if the user didn't provide account name for a policy that lacked it
{
throw new Exception(string.Format(Properties.Resources.NoStorageAccountWhenConfiguringThreatDetectionPolicy));
}
properties.StorageEndpoint = string.Format("https://{0}.blob.{1}", model.StorageAccountName, storageEndpointSuffix);
properties.StorageAccountAccessKey = AzureCommunicator.GetStorageKeys(model.StorageAccountName)[StorageKeyKind.Primary];
}
/// <summary>
/// Extracts the storage account endpoint
/// </summary>
private string ExtractStorageAccountTableEndpoint(string storageName)
{
if (IgnoreStorage)
{
return(null);
}
if (storageName == FetchedStorageAccountName && FetchedStorageAccountTableEndpoint != null)
{
return(FetchedStorageAccountTableEndpoint);
}
return(AzureCommunicator.GetStorageTableEndpoint(Profile, storageName));
}
private void PolicizeStorageInfo(ServerAuditModel model, dynamic policy)
{
ExtractStorageAccountProperties(model.StorageAccountResourceId, out string storageAccountName, out Guid storageAccountSubscriptionId);
string storageEndpointSuffix = Context.Environment.GetEndpoint(AzureEnvironment.Endpoint.StorageEndpointSuffix);
policy.StorageEndpoint = GetStorageAccountEndpoint(storageAccountName, storageEndpointSuffix);
policy.StorageAccountAccessKey = AzureCommunicator.RetrieveStorageKeysAsync(model.StorageAccountResourceId).GetAwaiter().GetResult()[model.StorageKeyType];
policy.IsStorageSecondaryKeyInUse = model.StorageKeyType == StorageKeyKind.Secondary;
policy.StorageAccountSubscriptionId = storageAccountSubscriptionId;
if (model.RetentionInDays != null)
{
policy.RetentionDays = (int)model.RetentionInDays;
}
}
internal virtual void PolicizeStorageInfo(AuditModelType model, ProxyResource policy)
{
dynamic dynamicPolicy = (dynamic)policy;
ExtractStorageAccountProperties(model.StorageAccountResourceId, out string storageAccountName, out Guid storageAccountSubscriptionId);
dynamicPolicy.StorageEndpoint = GetStorageAccountEndpoint(storageAccountName);
dynamicPolicy.StorageAccountSubscriptionId = storageAccountSubscriptionId;
if (AzureCommunicator.IsStorageAccountInVNet(model.StorageAccountResourceId))
{
Guid?principalId = Communicator.AssignServerIdentityIfNotAssigned(model.ResourceGroupName, model.ServerName);
AzureCommunicator.AssignRoleForServerIdentityOnStorageIfNotAssigned(model.StorageAccountResourceId, principalId.Value, RoleAssignmentId);
}
else
{
PolicizePublicStorageInfo(model, policy);
}
}
private void ModelizeStorageInfo(ServerAuditModel model,
string storageEndpoint, bool?isSecondary, Guid?storageAccountSubscriptionId,
bool isAuditEnabled, int?retentionDays)
{
if (string.IsNullOrEmpty(storageEndpoint))
{
return;
}
model.StorageKeyType = GetStorageKeyKind(isSecondary);
if (isAuditEnabled)
{
model.StorageAccountResourceId = AzureCommunicator.RetrieveStorageAccountIdAsync(
storageAccountSubscriptionId ?? Subscription.GetId(),
GetStorageAccountName(storageEndpoint)).GetAwaiter().GetResult();
ModelizeRetentionInfo(model, retentionDays);
}
}
private void EnableAdsWithVa(string resourceGroupName, string serverName, string serverLocation, string templateName, string deploymentName)
{
// Generate deployment name if it was not provided
if (string.IsNullOrEmpty(deploymentName))
{
deploymentName = "EnableADS_" + serverName + "_" + Guid.NewGuid().ToString("N");
}
// Trim deployment name as it has a maximum of 64 chars
if (deploymentName.Length > 64)
{
deploymentName = deploymentName.Substring(0, 64);
}
Dictionary <string, object> parametersDictionary = new Dictionary <string, object>
{
{ "serverName", new Dictionary <string, object> {
{ "value", serverName }
} },
{ "location", new Dictionary <string, object> {
{ "value", serverLocation }
} },
};
string parameters = JsonConvert.SerializeObject(parametersDictionary, new JsonSerializerSettings
{
TypeNameHandling = TypeNameHandling.None,
Formatting = Formatting.Indented
});
var properties = new DeploymentProperties
{
Mode = DeploymentMode.Incremental,
Parameters = JObject.Parse(parameters),
Template = JObject.Parse(GetArmTemplateContent(templateName)),
};
Deployment deployment = new Deployment(properties);
AzureCommunicator.DeployArmTemplate(resourceGroupName, deploymentName, deployment);
}
private void PolicizeStorageInfo(ServerAuditModel model, dynamic policy)
{
ExtractStorageAccountProperties(model.StorageAccountResourceId, out string storageAccountName, out Guid storageAccountSubscriptionId);
policy.StorageEndpoint = GetStorageAccountEndpoint(storageAccountName);
policy.StorageAccountSubscriptionId = storageAccountSubscriptionId;
if (AzureCommunicator.IsStorageAccountInVNet(model.StorageAccountResourceId))
{
Guid?principalId = Communicator.AssignServerIdentity(model.ResourceGroupName, model.ServerName);
AzureCommunicator.AssignRoleForServerIdentityOnStorage(model.StorageAccountResourceId, principalId.Value, RoleAssignmentId);
}
else
{
policy.IsStorageSecondaryKeyInUse = model.StorageKeyType == StorageKeyKind.Secondary;
policy.StorageAccountAccessKey = AzureCommunicator.RetrieveStorageKeysAsync(model.StorageAccountResourceId).GetAwaiter().GetResult()[model.StorageKeyType];
}
if (model.RetentionInDays != null)
{
policy.RetentionDays = (int)model.RetentionInDays;
}
}
/// <summary>
/// Extracts the storage account requested key
/// </summary>
private string ExtractStorageAccountKey(string storageName)
{
return(AzureCommunicator.GetStorageKeys(storageName)[StorageKeyKind.Primary]);
}
/// <summary>
/// Extracts the storage account requested key
/// </summary>
private string ExtractStorageAccountKey(string storageName, StorageKeyKind storageKeyKind)
{
return(AzureCommunicator.GetStorageKeys(storageName)[storageKeyKind]);
}
private string ExtractStorageAccountKey(Guid storageAccountSubscriptionId, string storageAccountName, StorageKeyKind storageKeyKind)
{
return(AzureCommunicator.RetrieveStorageKeys(storageAccountSubscriptionId, storageAccountName)[storageKeyKind]);
}
