Exemplo n.º 1
0
        /// <summary>
        /// Updates the given model element with the cmdlet specific operation
        /// </summary>
        /// <param name="model">A model object</param>
        protected override DatabaseAuditingPolicyModel UpdateModel(DatabaseAuditingPolicyModel model)
        {
            base.UpdateModel(model);
            model.AuditState       = AuditStateType.Enabled;
            model.UseServerDefault = UseServerDefaultOptions.Disabled;
            if (StorageAccountName != null)
            {
                model.StorageAccountName = StorageAccountName;
            }
            if (!string.IsNullOrEmpty(StorageKeyType)) // the user enter a key type - we use it (and running over the previously defined key type)
            {
                model.StorageKeyType = (StorageKeyType == Constants.Primary) ? StorageKeyKind.Primary : StorageKeyKind.Secondary;
            }

            ProcessShortcuts();
            if (EventType != null) // the user provided event types to audit, we use it
            {
                Dictionary <string, AuditEventType> events = new Dictionary <string, AuditEventType>()
                {
                    { Constants.DataAccess, AuditEventType.DataAccess },
                    { Constants.DataChanges, AuditEventType.DataChanges },
                    { Constants.SecurityExceptions, AuditEventType.SecurityExceptions },
                    { Constants.RevokePermissions, AuditEventType.RevokePermissions },
                    { Constants.SchemaChanges, AuditEventType.SchemaChanges }
                };
                model.EventType = EventType.Select(s => events[s]).ToArray();
            }
            return(model);
        }
Exemplo n.º 2
0
        /// <summary>
        /// Transforms the given model to its endpoints acceptable structure and sends it to the endpoint
        /// </summary>
        public void SetDatabaseThreatDetectionPolicy(DatabaseThreatDetectionPolicyModel model, String clientId)
        {
            if (model.ThreatDetectionState == ThreatDetectionStateType.Enabled)
            {
                if (!IsRightServerVersionForThreatDetection(model.ResourceGroupName, model.ServerName, clientId))
                {
                    throw new Exception(Properties.Resources.ServerNotApplicableForThreatDetection);
                }

                // Check that auditing is turned on:
                DatabaseAuditingPolicyModel databaseAuditingPolicyModel = AuditingAdapter.GetDatabaseAuditingPolicy(model.ResourceGroupName, model.ServerName, model.DatabaseName, clientId);
                AuditStateType auditingState = databaseAuditingPolicyModel.AuditState;
                if (databaseAuditingPolicyModel.UseServerDefault == UseServerDefaultOptions.Enabled)
                {
                    ServerAuditingPolicyModel serverAuditingPolicyModel = AuditingAdapter.GetServerAuditingPolicy(model.ResourceGroupName, model.ServerName, clientId);
                    auditingState = serverAuditingPolicyModel.AuditState;
                }
                if (auditingState != AuditStateType.Enabled)
                {
                    throw new Exception(Properties.Resources.AuditingIsTurnedOff);
                }
            }

            DatabaseSecurityAlertPolicyCreateOrUpdateParameters databaseSecurityAlertPolicyParameters = PolicizeDatabaseSecurityAlertModel(model);

            ThreatDetectionCommunicator.SetDatabaseSecurityAlertPolicy(model.ResourceGroupName, model.ServerName, model.DatabaseName, clientId, databaseSecurityAlertPolicyParameters);
        }
Exemplo n.º 3
0
 /// <summary>
 /// Updates the given model element with the cmdlet specific operation
 /// </summary>
 /// <param name="model">A model object</param>
 protected override DatabaseAuditingPolicyModel ApplyUserInputToModel(DatabaseAuditingPolicyModel model)
 {
     base.ApplyUserInputToModel(model);
     model.UseServerDefault   = UseServerDefaultOptions.Enabled;
     model.StorageAccountName = GetStorageAccountName();
     return(model);
 }
Exemplo n.º 4
0
 /// <summary>
 /// Transforms the given model to its endpoints acceptable structure and sends it to the endpoint
 /// </summary>
 public void SetDatabaseAuditingPolicy(DatabaseAuditingPolicyModel model, String clientId, string storageEndpointSuffix)
 {
     if (!IsDatabaseInServiceTierForPolicy(model, clientId))
     {
         throw new Exception(Microsoft.Azure.Commands.Sql.Properties.Resources.DatabaseNotInServiceTierForAuditingPolicy);
     }
     DatabaseAuditingPolicyCreateOrUpdateParameters parameters = PolicizeDatabaseAuditingModel(model, storageEndpointSuffix);
     Communicator.SetDatabaseAuditingPolicy(model.ResourceGroupName, model.ServerName, model.DatabaseName, clientId, parameters);
 }
Exemplo n.º 5
0
 private void ApplyUserInputToTableAuditingModel(DatabaseAuditingPolicyModel model)
 {
     if (model.AuditState == AuditStateType.New)
     {
         model.AuditState = AuditStateType.Enabled;
     }
     model.UseServerDefault   = UseServerDefaultOptions.Enabled;
     model.StorageAccountName = GetStorageAccountName();
 }
Exemplo n.º 6
0
        /// <summary>
        /// Transforms the given model to its endpoints acceptable structure and sends it to the endpoint
        /// </summary>
        public void SetDatabaseAuditingPolicy(DatabaseAuditingPolicyModel model, String clientId)
        {
            if (!IsDatabaseInServiceTierForPolicy(model, clientId))
            {
                throw new Exception(Resources.DatabaseNotInServiceTierForAuditingPolicy);
            }
            DatabaseAuditingPolicyCreateOrUpdateParameters parameters = PolicizeDatabaseAuditingModel(model);

            Communicator.SetDatabaseAuditingPolicy(model.ResourceGroupName, model.ServerName, model.DatabaseName, clientId, parameters);
        }
Exemplo n.º 7
0
        /// <summary>
        /// Transforms the given model to its endpoints acceptable structure and sends it to the endpoint
        /// </summary>
        public void SetDatabaseAuditingPolicy(DatabaseAuditingPolicyModel model, string clientId, string storageEndpointSuffix)
        {
            if (!IsDatabaseInServiceTierForPolicy(model.ResourceGroupName, model.ServerName, model.DatabaseName, clientId))
            {
                throw new Exception(Properties.Resources.DatabaseNotInServiceTierForAuditingPolicy);
            }
            var parameters = PolicizeDatabaseAuditingModel(model, storageEndpointSuffix);

            Communicator.SetDatabaseAuditingPolicy(model.ResourceGroupName, model.ServerName, model.DatabaseName, clientId, parameters);
        }
Exemplo n.º 8
0
        /// <summary>
        /// Transforms the given database policy object to its cmdlet model representation
        /// </summary>
        private DatabaseAuditingPolicyModel ModelizeDatabaseAuditPolicy(DatabaseAuditingPolicy policy)
        {
            DatabaseAuditingPolicyModel      dbPolicyModel = new DatabaseAuditingPolicyModel();
            DatabaseAuditingPolicyProperties properties    = policy.Properties;

            dbPolicyModel.AuditState       = ModelizeAuditState(properties.AuditingState);
            dbPolicyModel.UseServerDefault = properties.UseServerDefault == Constants.AuditingEndpoint.Enabled ? UseServerDefaultOptions.Enabled : UseServerDefaultOptions.Disabled;
            ModelizeStorageInfo(dbPolicyModel, properties.StorageAccountName, properties.StorageAccountKey, properties.StorageAccountSecondaryKey);
            ModelizeEventTypesInfo(dbPolicyModel, properties.EventTypesToAudit);
            return(dbPolicyModel);
        }
Exemplo n.º 9
0
        /// <summary>
        /// Transforms the given database policy object to its cmdlet model representation
        /// </summary>
        private DatabaseAuditingPolicyModel ModelizeDatabaseAuditPolicy(DatabaseAuditingPolicy policy)
        {
            var dbPolicyModel = new DatabaseAuditingPolicyModel();
            var properties    = policy.Properties;

            dbPolicyModel.AuditState       = ModelizeAuditState(properties.AuditingState);
            dbPolicyModel.UseServerDefault = properties.UseServerDefault == SecurityConstants.AuditingEndpoint.Enabled ? UseServerDefaultOptions.Enabled : UseServerDefaultOptions.Disabled;
            ModelizeStorageInfo(dbPolicyModel, properties.StorageAccountName, properties.StorageAccountKey, properties.StorageAccountSecondaryKey);
            ModelizeEventTypesInfo(dbPolicyModel, properties.EventTypesToAudit);
            ModelizeRetentionInfo(dbPolicyModel, properties.RetentionDays, properties.AuditLogsTableName, properties.FullAuditLogsTableName);
            return(dbPolicyModel);
        }
Exemplo n.º 10
0
 private bool IsDatabaseInServiceTierForPolicy(DatabaseAuditingPolicyModel model, string clientId)
 {
     AzureSqlDatabaseCommunicator dbCommunicator = new AzureSqlDatabaseCommunicator(Context);
     Management.Sql.Models.Database database = dbCommunicator.Get(model.ResourceGroupName, model.ServerName, model.DatabaseName, clientId);
     DatabaseEdition edition = DatabaseEdition.None;
     Enum.TryParse<DatabaseEdition>(database.Properties.Edition, true, out edition);
     if (edition == DatabaseEdition.Basic || edition == DatabaseEdition.Standard || edition == DatabaseEdition.Premium || edition == DatabaseEdition.DataWarehouse)
     {
         return true;
     }
     return false;
 }
Exemplo n.º 11
0
        /// <summary>
        /// Updates the given model element with the cmdlet specific operation
        /// </summary>
        /// <param name="model">A model object</param>
        protected override AuditingPolicyModel ApplyUserInputToModel(AuditingPolicyModel model)
        {
            base.ApplyUserInputToModel(model);
            model.AuditState = AuditStateType.Disabled;

            DatabaseAuditingPolicyModel tableAuditingPolicyModel = (model as DatabaseAuditingPolicyModel);

            if (tableAuditingPolicyModel != null)
            {
                tableAuditingPolicyModel.UseServerDefault = UseServerDefaultOptions.Disabled;
            }

            return(model);
        }
Exemplo n.º 12
0
 /// <summary>
 /// Updates the given model element with the cmdlet specific operation
 /// </summary>
 /// <param name="baseModel">A model object</param>
 protected override AuditingPolicyModel ApplyUserInputToModel(AuditingPolicyModel baseModel)
 {
     base.ApplyUserInputToModel(baseModel);
     if (AuditType == AuditType.Table)
     {
         DatabaseAuditingPolicyModel model = baseModel as DatabaseAuditingPolicyModel;
         if (model.AuditState == AuditStateType.New)
         {
             model.AuditState = AuditStateType.Enabled;
         }
         model.UseServerDefault   = UseServerDefaultOptions.Enabled;
         model.StorageAccountName = GetStorageAccountName();
     }
     return(baseModel);
 }
Exemplo n.º 13
0
        /// <summary>
        /// Provides a database audit policy model for the given database
        /// </summary>
        public DatabaseAuditingPolicyModel GetDatabaseAuditingPolicy(string resourceGroup, string serverName, string databaseName, string requestId)
        {
            DatabaseAuditingPolicy policy = Communicator.GetDatabaseAuditingPolicy(resourceGroup, serverName, databaseName, requestId);
            DatabaseAuditingPolicyModel dbPolicyModel = ModelizeDatabaseAuditPolicy(policy);
            dbPolicyModel.ResourceGroupName = resourceGroup;
            dbPolicyModel.ServerName = serverName;
            dbPolicyModel.DatabaseName = databaseName;

            FetchedStorageAccountName = policy.Properties.StorageAccountName;
            FetchedStorageAccountResourceGroup = policy.Properties.StorageAccountResourceGroupName;
            FetchedStorageAccountSubscription = policy.Properties.StorageAccountSubscriptionId;
            FetchedStorageAccountTableEndpoint = policy.Properties.StorageTableEndpoint;

            return dbPolicyModel;
        }
Exemplo n.º 14
0
        /// <summary>
        /// Updates the given model element with the cmdlet specific operation
        /// </summary>
        /// <param name="model">A model object</param>
        protected override DatabaseAuditingPolicyModel ApplyUserInputToModel(DatabaseAuditingPolicyModel model)
        {
            base.ApplyUserInputToModel(model);
            AuditStateType orgAuditStateType = model.AuditState;

            model.AuditState       = AuditStateType.Enabled;
            model.UseServerDefault = UseServerDefaultOptions.Disabled;
            if (StorageAccountName != null)
            {
                model.StorageAccountName = StorageAccountName;
            }
            if (!string.IsNullOrEmpty(StorageKeyType)) // the user enter a key type - we use it (and running over the previously defined key type)
            {
                model.StorageKeyType = (StorageKeyType == SecurityConstants.Primary) ? StorageKeyKind.Primary : StorageKeyKind.Secondary;
            }

            EventType = Util.ProcessAuditEvents(EventType);

            if (EventType != null) // the user provided event types to audit
            {
                model.EventType = EventType.Select(s => SecurityConstants.AuditEventsToAuditEventType[s]).ToArray();
            }

            if (RetentionInDays != null)
            {
                model.RetentionInDays = RetentionInDays;
            }

            if (TableIdentifier == null)
            {
                if ((orgAuditStateType == AuditStateType.New) && (model.RetentionInDays > 0))
                {
                    // If retention days is greater than 0 and no audit table identifier is supplied , we throw exception giving the user hint on the recommended TableIdentifier we got from the CSM
                    throw new Exception(string.Format(Resources.InvalidRetentionTypeSet, model.TableIdentifier));
                }
            }
            else
            {
                model.TableIdentifier = TableIdentifier;
            }

            if (Util.DeprecatedEventTypeFound(EventType))
            {
                WriteWarning(string.Format(Resources.DeprecatedEventTypeUsed));
            }
            return(model);
        }
Exemplo n.º 15
0
        private void ApplyUserInputToTableAuditingModel(DatabaseAuditingPolicyModel model)
        {
            var orgAuditStateType = model.AuditState;

            model.AuditState       = AuditStateType.Enabled;
            model.UseServerDefault = UseServerDefaultOptions.Disabled;
            if (StorageAccountName != null)
            {
                model.StorageAccountName = StorageAccountName;
                ModelAdapter.ClearStorageDetailsCache();
            }
            if (MyInvocation.BoundParameters.ContainsKey(SecurityConstants.StorageKeyType))
            {
                // the user enter a key type - we use it (and override the previously defined key type)
                model.StorageKeyType = (StorageKeyType == SecurityConstants.Primary)
                    ? StorageKeyKind.Primary
                    : StorageKeyKind.Secondary;
            }

            EventType = Util.ProcessAuditEvents(EventType);

            if (EventType != null) // the user provided Table auditing event types
            {
                model.EventType = EventType.Select(s => SecurityConstants.AuditEventsToAuditEventType[s]).ToArray();
            }

            if (RetentionInDays != null)
            {
                model.RetentionInDays = RetentionInDays;
            }

            if (TableIdentifier == null)
            {
                if ((orgAuditStateType == AuditStateType.New) && (model.RetentionInDays > 0))
                {
                    // If retention days is greater than 0 and no audit table identifier is supplied , we throw exception giving the user hint on the recommended TableIdentifier we got from the CSM
                    throw new Exception(string.Format(Properties.Resources.InvalidRetentionTypeSet, model.TableIdentifier));
                }
            }
            else
            {
                model.TableIdentifier = TableIdentifier;
            }
        }
Exemplo n.º 16
0
 /// <summary>
 /// Updates the given model element with the cmdlet specific operation
 /// </summary>
 /// <param name="model">A model object</param>
 protected override DatabaseAuditingPolicyModel UpdateModel(DatabaseAuditingPolicyModel model)
 {
     base.UpdateModel(model);
     model.AuditState = AuditStateType.Disabled;
     return(model);
 }
Exemplo n.º 17
0
        /// <summary>
        /// Takes the cmdlets model object and transform it to the policy as expected by the endpoint
        /// </summary>
        /// <param name="model">The AuditingPolicy model object</param>
        /// <param name="storageEndpointSuffix">The suffix of the storage endpoint</param>
        /// <returns>The communication model object</returns>
        private DatabaseAuditingPolicyCreateOrUpdateParameters PolicizeDatabaseAuditingModel(DatabaseAuditingPolicyModel model, string storageEndpointSuffix)
        {
            var updateParameters = new DatabaseAuditingPolicyCreateOrUpdateParameters();
            var properties       = new DatabaseAuditingPolicyProperties();

            updateParameters.Properties   = properties;
            properties.AuditingState      = model.AuditState.ToString();
            properties.UseServerDefault   = (model.UseServerDefault == UseServerDefaultOptions.Enabled) ? SecurityConstants.AuditingEndpoint.Enabled : SecurityConstants.AuditingEndpoint.Disabled;
            properties.StorageAccountName = ExtractStorageAccountName(model);
            properties.StorageAccountResourceGroupName = ExtractStorageAccountResourceGroup(properties.StorageAccountName);
            properties.StorageAccountSubscriptionId    = ExtractStorageAccountSubscriptionId(properties.StorageAccountName);
            properties.StorageTableEndpoint            = ExtractStorageAccountTableEndpoint(properties.StorageAccountName, storageEndpointSuffix);
            properties.StorageAccountKey          = ExtractStorageAccountKey(properties.StorageAccountName, model, properties.StorageAccountResourceGroupName, StorageKeyKind.Primary);
            properties.StorageAccountSecondaryKey = ExtractStorageAccountKey(properties.StorageAccountName, model, properties.StorageAccountResourceGroupName, StorageKeyKind.Secondary);
            properties.EventTypesToAudit          = ExtractEventTypes(model);
            properties.RetentionDays      = model.RetentionInDays.ToString();
            properties.AuditLogsTableName = model.TableIdentifier;
            return(updateParameters);
        }
Exemplo n.º 18
0
 /// <summary>
 /// No sending is needed as this is a Get cmdlet
 /// </summary>
 /// <param name="model">The model object with the data to be sent to the REST endpoints</param>
 protected override void SendModel(DatabaseAuditingPolicyModel model)
 {
 }
Exemplo n.º 19
0
        /// <summary>
        /// Takes the cmdlets model object and transform it to the policy as expected by the endpoint
        /// </summary>
        /// <param name="policy">The AuditingPolicy object</param>
        /// <returns>The communication model object</returns>
        private DatabaseAuditingPolicyCreateOrUpdateParameters PolicizeDatabaseAuditingModel(DatabaseAuditingPolicyModel model)
        {
            DatabaseAuditingPolicyCreateOrUpdateParameters updateParameters = new DatabaseAuditingPolicyCreateOrUpdateParameters();
            DatabaseAuditingPolicyProperties properties = new DatabaseAuditingPolicyProperties();

            updateParameters.Properties   = properties;
            properties.AuditingState      = PolicizeAuditState(model.AuditState);
            properties.UseServerDefault   = (model.UseServerDefault == UseServerDefaultOptions.Enabled) ? Constants.AuditingEndpoint.Enabled : Constants.AuditingEndpoint.Disabled;
            properties.StorageAccountName = ExtractStorageAccountName(model);
            properties.StorageAccountResourceGroupName = ExtractStorageAccountResourceGroup(properties.StorageAccountName);
            properties.StorageAccountSubscriptionId    = ExtractStorageAccountSubscriptionId(properties.StorageAccountName);
            properties.StorageTableEndpoint            = ExtractStorageAccountTableEndpoint(properties.StorageAccountName);
            properties.StorageAccountKey          = ExtractStorageAccountKey(properties.StorageAccountName, model, properties.StorageAccountResourceGroupName, StorageKeyKind.Primary);
            properties.StorageAccountSecondaryKey = ExtractStorageAccountKey(properties.StorageAccountName, model, properties.StorageAccountResourceGroupName, StorageKeyKind.Secondary);
            properties.EventTypesToAudit          = ExtractEventTypes(model);
            return(updateParameters);
        }
Exemplo n.º 20
0
        /// <summary>
        /// Transforms the given model to its endpoints acceptable structure and sends it to the endpoint
        /// </summary>
        public void SetDatabaseAuditingPolicy(DatabaseAuditingPolicyModel model, String clientId)
        {
            DatabaseAuditingPolicyCreateOrUpdateParameters parameters = PolicizeDatabaseAuditingModel(model);

            Communicator.SetDatabaseAuditingPolicy(model.ResourceGroupName, model.ServerName, model.DatabaseName, clientId, parameters);
        }
Exemplo n.º 21
0
 /// <summary>
 /// This method is responsible to call the right API in the communication layer that will eventually send the information in the
 /// object to the REST endpoint
 /// </summary>
 /// <param name="model">The model object with the data to be sent to the REST endpoints</param>
 protected override void SendModel(DatabaseAuditingPolicyModel model)
 {
     ModelAdapter.IgnoreStorage = true;
     base.SendModel(model);
 }
Exemplo n.º 22
0
        /// <summary>
        /// Provides a database audit policy model for the given database
        /// </summary>
        public void GetDatabaseAuditingPolicy(string resourceGroup, string serverName, string databaseName, out DatabaseAuditingPolicyModel model)
        {
            DatabaseAuditingPolicy policy;

            Communicator.GetDatabaseAuditingPolicy(resourceGroup, serverName, databaseName, out policy);
            var dbPolicyModel = ModelizeDatabaseAuditPolicy(policy);

            dbPolicyModel.AuditType         = AuditType.Table;
            dbPolicyModel.ResourceGroupName = resourceGroup;
            dbPolicyModel.ServerName        = serverName;
            dbPolicyModel.DatabaseName      = databaseName;

            FetchedStorageAccountName          = policy.Properties.StorageAccountName;
            FetchedStorageAccountResourceGroup = policy.Properties.StorageAccountResourceGroupName;
            FetchedStorageAccountSubscription  = policy.Properties.StorageAccountSubscriptionId;
            FetchedStorageAccountTableEndpoint = policy.Properties.StorageTableEndpoint;

            model = dbPolicyModel;
        }
Exemplo n.º 23
0
 /// <summary>
 /// No sending is needed as this is a Get cmdlet
 /// </summary>
 /// <param name="model">The model object with the data to be sent to the REST endpoints</param>
 protected override DatabaseAuditingPolicyModel PersistChanges(DatabaseAuditingPolicyModel model)
 {
     return(null);
 }
Exemplo n.º 24
0
 /// <summary>
 /// Updates the given model element with the cmdlet specific operation
 /// </summary>
 /// <param name="model">A model object</param>
 protected override DatabaseAuditingPolicyModel ApplyUserInputToModel(DatabaseAuditingPolicyModel model)
 {
     base.ApplyUserInputToModel(model);
     model.AuditState = AuditStateType.Disabled;
     return(model);
 }
Exemplo n.º 25
0
 /// <summary>
 /// This method is responsible to call the right API in the communication layer that will eventually send the information in the
 /// object to the REST endpoint
 /// </summary>
 /// <param name="model">The model object with the data to be sent to the REST endpoints</param>
 protected override DatabaseAuditingPolicyModel PersistChanges(DatabaseAuditingPolicyModel model)
 {
     ModelAdapter.IgnoreStorage = true;
     base.PersistChanges(model);
     return(null);
 }