/// <summary> /// Updates the given model element with the cmdlet specific operation /// </summary> /// <param name="model">A model object</param> protected override ServerBlobAuditingSettingsModel ApplyUserInputToModel(ServerBlobAuditingSettingsModel model) { base.ApplyUserInputToModel(model); model.AuditState = State == SecurityConstants.Enabled ? AuditStateType.Enabled : AuditStateType.Disabled; if (RetentionInDays != null) { model.RetentionInDays = RetentionInDays; } if (StorageAccountName != null) { model.StorageAccountName = StorageAccountName; } if (MyInvocation.BoundParameters.ContainsKey(SecurityConstants.StorageKeyType)) // the user enter a key type - we use it (and running over the previously defined key type) { model.StorageKeyType = (StorageKeyType == SecurityConstants.Primary) ? StorageKeyKind.Primary : StorageKeyKind.Secondary; } if (AuditActionGroup != null && AuditActionGroup.Length != 0) { model.AuditActionGroup = AuditActionGroup; } if (!StorageAccountSubscriptionId.Equals(Guid.Empty)) { model.StorageAccountSubscriptionId = StorageAccountSubscriptionId; } else if (StorageAccountName != null) { model.StorageAccountSubscriptionId = Guid.Parse(DefaultProfile.DefaultContext.Subscription.Id); } return(model); }
/// <summary> /// Transforms the given server policy object to its cmdlet model representation /// </summary> private void ModelizeServerAuditPolicy(BlobAuditingPolicy policy, ServerBlobAuditingSettingsModel serverPolicyModel) { var properties = policy.Properties; serverPolicyModel.AuditState = ModelizeAuditState(properties.State); ModelizeStorageInfo(serverPolicyModel, properties.StorageEndpoint, properties.IsStorageSecondaryKeyInUse); ModelizeAuditActionGroups(serverPolicyModel, properties.AuditActionsAndGroups); ModelizeRetentionInfo(serverPolicyModel, properties.RetentionDays); }
private void ModelizeServerAuditPolicy(ServerBlobAuditingSettingsModel model, ExtendedServerBlobAuditingPolicy policy) { model.IsGlobalAuditEnabled = policy.State == BlobAuditingPolicyState.Enabled; model.IsAzureMonitorTargetEnabled = policy.IsAzureMonitorTargetEnabled; model.PredicateExpression = policy.PredicateExpression; ModelizeAuditActionGroups(model, policy.AuditActionsAndGroups); ModelizeStorageInfo(model, policy.StorageEndpoint, policy.IsStorageSecondaryKeyInUse, policy.StorageAccountSubscriptionId); ModelizeRetentionInfo(model, policy.RetentionDays); }
/// <summary> /// Provides a database server audit policy model for the given database /// </summary> public void GetServerBlobAuditingPolicyV2(string resourceGroup, string serverName, out ServerBlobAuditingSettingsModel model) { BlobAuditingPolicy policy; model = new ServerBlobAuditingSettingsModel(); Communicator.GetServerAuditingPolicy(resourceGroup, serverName, out policy); ModelizeServerAuditPolicy(policy, model); model.ResourceGroupName = resourceGroup; model.ServerName = serverName; }
internal bool RemoveDiagnosticSettings(ServerBlobAuditingSettingsModel model) { DiagnosticSettingsResource settings = model.DiagnosticsEnablingAuditCategory.FirstOrDefault(); if (settings == null || (model is DatabaseBlobAuditingSettingsModel dbModel ? Communicator.RemoveDiagnosticSettings(settings.Name, dbModel.ResourceGroupName, dbModel.ServerName, dbModel.DatabaseName) : Communicator.RemoveDiagnosticSettings(settings.Name, model.ResourceGroupName, model.ServerName)) == false) { return(false); } model.DiagnosticsEnablingAuditCategory = null; return(true); }
internal void GetAuditingSettings( string resourceGroup, string serverName, ServerBlobAuditingSettingsModel model) { ExtendedServerBlobAuditingPolicy policy = Communicator.GetAuditingPolicy(resourceGroup, serverName); ModelizeServerAuditPolicy(model, policy); if (model is ServerDiagnosticAuditingSettingsModel diagnosticModel) { diagnosticModel.DiagnosticsEnablingAuditCategory = Communicator.GetDiagnosticsEnablingAuditCategory(out string nextDiagnosticSettingsName, resourceGroup, serverName); diagnosticModel.NextDiagnosticSettingsName = nextDiagnosticSettingsName; } model.DetermineAuditState(); }
private void PolicizeStorageInfo(ServerBlobAuditingSettingsModel model, dynamic policy) { string storageEndpointSuffix = Context.Environment.GetEndpoint(AzureEnvironment.Endpoint.StorageEndpointSuffix); policy.StorageEndpoint = GetStorageAccountEndpoint(model.StorageAccountName, storageEndpointSuffix); policy.StorageAccountAccessKey = Subscription.GetId().Equals(model.StorageAccountSubscriptionId) ? ExtractStorageAccountKey(model.StorageAccountName, model.StorageKeyType) : ExtractStorageAccountKey(model.StorageAccountSubscriptionId, model.StorageAccountName, model.StorageKeyType); policy.IsStorageSecondaryKeyInUse = model.StorageKeyType == StorageKeyKind.Secondary; policy.StorageAccountSubscriptionId = model.StorageAccountSubscriptionId; if (model.RetentionInDays != null) { policy.RetentionDays = (int)model.RetentionInDays; } }
internal bool UpdateDiagnosticSettings(DiagnosticSettingsResource settings, ServerBlobAuditingSettingsModel model) { DiagnosticSettingsResource updatedSettings = model is DatabaseBlobAuditingSettingsModel dbModel? Communicator.UpdateDiagnosticSettings(settings, dbModel.ResourceGroupName, dbModel.ServerName, dbModel.DatabaseName) : Communicator.UpdateDiagnosticSettings(settings, model.ResourceGroupName, model.ServerName); if (updatedSettings == null) { return(false); } model.DiagnosticsEnablingAuditCategory = AuditingEndpointsCommunicator.IsAuditCategoryEnabled(updatedSettings) ? new List <DiagnosticSettingsResource> { updatedSettings } : null; return(true); }
/// <summary> /// Takes the cmdlets model object and transform it to the policy as expected by the endpoint /// </summary> /// <param name="model">The AuditingPolicy model object</param> /// <param name="policy">The policy to be modified</param> /// <returns>The communication model object</returns> private void PolicizeAuditingSettingsModel(ServerBlobAuditingSettingsModel model, dynamic policy) { policy.State = model.IsGlobalAuditEnabled ? BlobAuditingPolicyState.Enabled : BlobAuditingPolicyState.Disabled; policy.IsAzureMonitorTargetEnabled = model.IsAzureMonitorTargetEnabled; if (model is DatabaseBlobAuditingSettingsModel dbModel) { policy.AuditActionsAndGroups = ExtractAuditActionsAndGroups(dbModel.AuditActionGroup, dbModel.AuditAction); } else { policy.AuditActionsAndGroups = ExtractAuditActionsAndGroups(model.AuditActionGroup); } if (model.AuditState == AuditStateType.Enabled && !string.IsNullOrEmpty(model.StorageAccountName)) { PolicizeStorageInfo(model, policy); } }
private static void ModelizeStorageInfo(ServerBlobAuditingSettingsModel model, string storageEndpoint, bool?isSecondary, Guid?storageAccountSubscriptionId, bool isAuditEnabled, int?retentionDays) { if (string.IsNullOrEmpty(storageEndpoint)) { return; } if (isAuditEnabled) { model.StorageKeyType = GetStorageKeyKind(isSecondary); model.StorageAccountName = GetStorageAccountName(storageEndpoint); model.StorageAccountSubscriptionId = storageAccountSubscriptionId ?? Guid.Empty; ModelizeRetentionInfo(model, retentionDays); } }
/// <summary> /// Transforms the given model to its endpoints acceptable structure and sends it to the endpoint /// </summary> public void SetServerAuditingPolicy(ServerBlobAuditingSettingsModel model, string storageEndpointSuffix) { if (string.IsNullOrEmpty(model.PredicateExpression)) { var policy = new Management.Sql.Models.ServerBlobAuditingPolicy(); PolicizeBlobAuditingModel(model, storageEndpointSuffix, policy); Communicator.SetServerAuditingPolicy(model.ResourceGroupName, model.ServerName, policy); } else { var policy = new Management.Sql.Models.ExtendedServerBlobAuditingPolicy { PredicateExpression = model.PredicateExpression }; PolicizeBlobAuditingModel(model, storageEndpointSuffix, policy); Communicator.SetExtendedServerAuditingPolicy(model.ResourceGroupName, model.ServerName, policy); } }
public bool SetAuditingPolicy(ServerBlobAuditingSettingsModel model) { if (string.IsNullOrEmpty(model.PredicateExpression)) { var policy = new ServerBlobAuditingPolicy(); PolicizeAuditingSettingsModel(model, policy); return(Communicator.SetAuditingPolicy(model.ResourceGroupName, model.ServerName, policy)); } else { var policy = new ExtendedServerBlobAuditingPolicy { PredicateExpression = model.PredicateExpression }; PolicizeAuditingSettingsModel(model, policy); return(Communicator.SetExtendedAuditingPolicy(model.ResourceGroupName, model.ServerName, policy)); } }
internal bool CreateDiagnosticSettings(string eventHubName, string eventHubAuthorizationRuleId, string workspaceId, ServerBlobAuditingSettingsModel model) { DiagnosticSettingsResource settings = model is DatabaseBlobAuditingSettingsModel dbModel? Communicator.CreateDiagnosticSettings(dbModel.NextDiagnosticSettingsName, eventHubName, eventHubAuthorizationRuleId, workspaceId, dbModel.ResourceGroupName, dbModel.ServerName, dbModel.DatabaseName) : Communicator.CreateDiagnosticSettings(model.NextDiagnosticSettingsName, eventHubName, eventHubAuthorizationRuleId, workspaceId, model.ResourceGroupName, model.ServerName); if (settings == null) { return(false); } model.DiagnosticsEnablingAuditCategory = new List <DiagnosticSettingsResource> { settings }; return(true); }
/// <summary> /// Transforms the given model to its endpoints acceptable structure and sends it to the endpoint /// </summary> public void SetServerAuditingPolicy(ServerBlobAuditingSettingsModel model, string storageEndpointSuffix) { var parameters = PolicizeBlobAuditingModel(model, storageEndpointSuffix); Communicator.SetServerAuditingPolicy(model.ResourceGroupName, model.ServerName, parameters); }
/// <summary> /// Provides a database server audit policy model for the given database /// </summary> internal void GetServerBlobAuditingPolicy(string resourceGroup, string serverName, ServerBlobAuditingSettingsModel model) { Management.Sql.Models.ExtendedServerBlobAuditingPolicy policy; Communicator.GetExtendedServerAuditingPolicy(resourceGroup, serverName, out policy); ModelizeServerAuditPolicy(policy, model); model.ResourceGroupName = resourceGroup; model.ServerName = serverName; }
/// <summary> /// Transforms the given server policy object to its cmdlet model representation /// </summary> private void ModelizeServerAuditPolicy(Management.Sql.Models.ExtendedServerBlobAuditingPolicy policy, ServerBlobAuditingSettingsModel serverPolicyModel) { serverPolicyModel.AuditState = ModelizeAuditState(policy.State.ToString()); ModelizeStorageInfo(serverPolicyModel, policy.StorageEndpoint, policy.IsStorageSecondaryKeyInUse, policy.StorageAccountSubscriptionId); ModelizeAuditActionGroups(serverPolicyModel, policy.AuditActionsAndGroups); ModelizeRetentionInfo(serverPolicyModel, policy.RetentionDays); serverPolicyModel.PredicateExpression = policy.PredicateExpression; }
protected override ServerBlobAuditingSettingsModel PersistChanges(ServerBlobAuditingSettingsModel model) { model.PersistChanges(ModelAdapter); return(null); }
/// <summary> /// Updates the given model element with the cmdlet specific operation /// </summary> /// <param name="model">A model object</param> protected override ServerBlobAuditingSettingsModel ApplyUserInputToModel(ServerBlobAuditingSettingsModel model) { base.ApplyUserInputToModel(model); model.AuditState = State == SecurityConstants.Enabled ? AuditStateType.Enabled : AuditStateType.Disabled; if (AuditActionGroup != null) { model.AuditActionGroup = AuditActionGroup; } if (PredicateExpression != null) { model.PredicateExpression = PredicateExpression = PredicateExpression; } if (ParameterSetName == DefinitionsCommon.BlobStorageParameterSetName || ParameterSetName == DefinitionsCommon.StorageAccountSubscriptionIdParameterSetName || ParameterSetName == DefinitionsCommon.BlobStorageByParentResourceParameterSetName || ParameterSetName == DefinitionsCommon.StorageAccountSubscriptionIdByParentResourceParameterSetName) { if (RetentionInDays != null) { model.RetentionInDays = RetentionInDays; } if (StorageAccountName != null) { model.StorageAccountName = StorageAccountName; } if (MyInvocation.BoundParameters.ContainsKey(SecurityConstants.StorageKeyType)) // the user enter a key type - we use it (and running over the previously defined key type) { model.StorageKeyType = (StorageKeyType == SecurityConstants.Primary) ? StorageKeyKind.Primary : StorageKeyKind.Secondary; } if (!StorageAccountSubscriptionId.Equals(Guid.Empty)) { model.StorageAccountSubscriptionId = StorageAccountSubscriptionId; } else if (StorageAccountName != null) { model.StorageAccountSubscriptionId = Guid.Parse(DefaultProfile.DefaultContext.Subscription.Id); } } else if (ParameterSetName == DefinitionsCommon.EventHubParameterSetName || ParameterSetName == DefinitionsCommon.EventHubByParentResourceParameterSetName) { ServerEventHubAuditingSettingsModel eventHubModel = model as ServerEventHubAuditingSettingsModel; if (EventHubName != null) { eventHubModel.EventHubName = EventHubName; } if (EventHubAuthorizationRuleResourceId != null) { eventHubModel.EventHubAuthorizationRuleResourceId = EventHubAuthorizationRuleResourceId; } } else if (ParameterSetName == DefinitionsCommon.LogAnalyticsParameterSetName || ParameterSetName == DefinitionsCommon.LogAnalyticsByParentResourceParameterSetName) { ServerLogAnalyticsAuditingSettingsModel logAnalyticsModel = model as ServerLogAnalyticsAuditingSettingsModel; if (WorkspaceResourceId != null) { logAnalyticsModel.WorkspaceResourceId = WorkspaceResourceId; } } return(model); }
/// <summary> /// No sending is needed as this is a Get cmdlet /// </summary> /// <param name="model">The model object with the data to be sent to the REST endpoints</param> protected override ServerBlobAuditingSettingsModel PersistChanges(ServerBlobAuditingSettingsModel model) { return(null); }