/// <summary>
/// Changes the database security alert policy with new values
/// </summary>
private static void ChangeSecurityAlertPolicy(BaseSecurityAlertPolicyProperties properties)
{
properties.State = "Disabled";
properties.DisabledAlerts = "DisableAlert1";
properties.EmailAddresses = "[email protected];[email protected]";
properties.EmailAccountAdmins = "Disabled";
}
/// <summary>
/// Takes the cmdlets model object and transform it to the policy as expected by the endpoint
/// </summary>
private Management.Sql.Models.ManagedServerSecurityAlertPolicy PolicizeManagedInstanceSecurityAlertModel(BaseThreatDetectionPolicyModel model, string storageEndpointSuffix)
{
var policy = new Management.Sql.Models.ManagedServerSecurityAlertPolicy()
{
State = model.ThreatDetectionState == ThreatDetectionStateType.Enabled
? SecurityAlertsPolicyState.Enabled
: SecurityAlertsPolicyState.Disabled,
DisabledAlerts = ExtractExcludedDetectionType(model),
EmailAddresses = model.NotificationRecipientsEmails.Split(';').Where(mail => !string.IsNullOrEmpty(mail)).ToList(),
EmailAccountAdmins = model.EmailAdmins,
RetentionDays = Convert.ToInt32(model.RetentionInDays),
};
if (policy.State == SecurityAlertsPolicyState.Enabled && !policy.EmailAccountAdmins.Value && !policy.EmailAddresses.Any())
{
// For new TD policy, make sure EmailAccountAdmins is true
policy.EmailAccountAdmins = true;
}
if (string.IsNullOrEmpty(model.StorageAccountName))
{
policy.StorageEndpoint = null;
policy.StorageAccountAccessKey = null;
}
else
{
BaseSecurityAlertPolicyProperties legacyProperties = new BaseSecurityAlertPolicyProperties();
PopulateStoragePropertiesInPolicy(model, legacyProperties, storageEndpointSuffix);
policy.StorageEndpoint = legacyProperties.StorageEndpoint;
policy.StorageAccountAccessKey = legacyProperties.StorageAccountAccessKey;
}
return(policy);
}
/// <summary>
/// Verify that the received properties match their expected values
/// </summary>
/// <param name="expected">The expected value of the properties object</param>
/// <param name="actual">The properties object that needs to be checked</param>
private static void VerifySecurityAlertPolicyInformation(BaseSecurityAlertPolicyProperties expected, BaseSecurityAlertPolicyProperties actual)
{
Assert.Equal(expected.State, actual.State);
Assert.Equal(expected.DisabledAlerts, actual.DisabledAlerts);
Assert.Equal(expected.EmailAddresses, actual.EmailAddresses);
Assert.Equal(expected.EmailAccountAdmins, actual.EmailAccountAdmins);
}
/// <summary>
/// Transforms the given database policy object to its cmdlet model representation
/// </summary>
private BaseThreatDetectionPolicyModel ModelizeThreatDetectionPolicy(BaseSecurityAlertPolicyProperties threatDetectionProperties, BaseThreatDetectionPolicyModel model)
{
model.ThreatDetectionState = ModelizeThreatDetectionState(threatDetectionProperties.State);
model.NotificationRecipientsEmails = threatDetectionProperties.EmailAddresses;
model.EmailAdmins = ModelizeThreatDetectionEmailAdmins(threatDetectionProperties.EmailAccountAdmins);
ModelizeDisabledAlerts(model, threatDetectionProperties.DisabledAlerts);
return(model);
}
/// <summary>
/// Transforms the given database policy object to its cmdlet model representation
/// </summary>
private static BaseThreatDetectionPolicyModel ModelizeThreatDetectionPolicy(BaseSecurityAlertPolicyProperties threatDetectionProperties, BaseThreatDetectionPolicyModel model)
{
model.ThreatDetectionState = ModelizeThreatDetectionState(threatDetectionProperties.State);
model.NotificationRecipientsEmails = threatDetectionProperties.EmailAddresses;
model.EmailAdmins = ModelizeThreatDetectionEmailAdmins(threatDetectionProperties.EmailAccountAdmins);
ModelizeStorageAccount(model, threatDetectionProperties.StorageEndpoint);
model.ExcludedDetectionTypes = threatDetectionProperties.DisabledAlerts.Split(';').Where(alert => !string.IsNullOrEmpty(alert)).ToArray() ?? new string[] { };
model.RetentionInDays = (uint)threatDetectionProperties.RetentionDays;
return(model);
}
/// <summary>
/// Transforms the given database policy object to its cmdlet model representation
/// </summary>
private static BaseThreatDetectionPolicyModel ModelizeThreatDetectionPolicy(BaseSecurityAlertPolicyProperties threatDetectionProperties, BaseThreatDetectionPolicyModel model)
{
model.ThreatDetectionState = ModelizeThreatDetectionState(threatDetectionProperties.State);
model.NotificationRecipientsEmails = threatDetectionProperties.EmailAddresses;
model.EmailAdmins = ModelizeThreatDetectionEmailAdmins(threatDetectionProperties.EmailAccountAdmins);
ModelizeStorageAccount(model, threatDetectionProperties.StorageEndpoint);
ModelizeDisabledAlerts(model, threatDetectionProperties.DisabledAlerts.Split(';'));
model.RetentionInDays = (uint)threatDetectionProperties.RetentionDays;
return(model);
}
private void PopulateStoragePropertiesInPolicy(BaseThreatDetectionPolicyModel model, BaseSecurityAlertPolicyProperties properties, string storageEndpointSuffix)
{
if (string.IsNullOrEmpty(model.StorageAccountName)) // can happen if the user didn't provide account name for a policy that lacked it
{
throw new Exception(string.Format(Properties.Resources.NoStorageAccountWhenConfiguringThreatDetectionPolicy));
}
properties.StorageEndpoint = string.Format("https://{0}.blob.{1}", model.StorageAccountName, storageEndpointSuffix);
properties.StorageAccountAccessKey = AzureCommunicator.GetStorageKeys(model.StorageAccountName)[StorageKeyKind.Primary];
}
private BaseSecurityAlertPolicyProperties PopulateDatabasePolicyProperties(BaseThreatDetectionPolicyModel model, string storageEndpointSuffix, BaseSecurityAlertPolicyProperties properties)
{
properties.State = model.ThreatDetectionState.ToString();
properties.EmailAddresses = model.NotificationRecipientsEmails ?? "";
properties.EmailAccountAdmins = model.EmailAdmins ?
ThreatDetectionStateType.Enabled.ToString() :
ThreatDetectionStateType.Disabled.ToString();
properties.DisabledAlerts = string.Join(";", ExtractExcludedDetectionType(model));
PopulateStoragePropertiesInPolicy(model, properties, storageEndpointSuffix);
properties.RetentionDays = Convert.ToInt32(model.RetentionInDays);
return(properties);
}
private BaseSecurityAlertPolicyProperties PopulatePolicyProperties(BaseThreatDetectionPolicyModel model, BaseSecurityAlertPolicyProperties properties)
{
properties.State = model.ThreatDetectionState.ToString();
properties.EmailAddresses = model.NotificationRecipientsEmails ?? "";
properties.EmailAccountAdmins = model.EmailAdmins ?
ThreatDetectionStateType.Enabled.ToString() :
ThreatDetectionStateType.Disabled.ToString();
properties.DisabledAlerts = ExtractExcludedDetectionType(model);
return(properties);
}
