public async void TestExecuteGetListDatabaseVulnerabilityAssessmentScans()
{
using (SqlManagementTestContext context = new SqlManagementTestContext(this))
{
string testPrefix = "sqlvulnerabilityassessmentscantest-";
ResourceGroup resourceGroup = context.CreateResourceGroup();
SqlManagementClient sqlClient = context.GetClient <SqlManagementClient>();
Server server = context.CreateServer(resourceGroup);
// Create database
//
string dbName = SqlManagementTestUtilities.GenerateName(testPrefix);
var db1 = sqlClient.Databases.CreateOrUpdate(resourceGroup.Name, server.Name, dbName, new Database()
{
Location = server.Location,
});
Assert.NotNull(db1);
// Turn ON database threat detection as a prerequisite to use VA
DatabaseSecurityAlertPolicy updatedDatabasePolicy = new DatabaseSecurityAlertPolicy
{
State = SecurityAlertPolicyState.Enabled,
EmailAccountAdmins = SecurityAlertPolicyEmailAccountAdmins.Enabled
};
sqlClient.DatabaseThreatDetectionPolicies.CreateOrUpdate(resourceGroup.Name, server.Name, dbName, updatedDatabasePolicy);
// Set policy
await SetPolicy(context, sqlClient, resourceGroup, server, dbName);
// Run some scans
string scanId = string.Format("scantest1_{0}", testPrefix);
sqlClient.DatabaseVulnerabilityAssessmentScans.InitiateScan(resourceGroup.Name, server.Name, dbName, scanId);
string scanId1 = string.Format("scantest2_{0}", testPrefix);
sqlClient.DatabaseVulnerabilityAssessmentScans.InitiateScan(resourceGroup.Name, server.Name, dbName, scanId1);
// Verify get scan and list scans
VulnerabilityAssessmentScanRecord scanRecord = sqlClient.DatabaseVulnerabilityAssessmentScans.Get(resourceGroup.Name, server.Name, dbName, scanId);
Assert.Equal(scanId, scanRecord.ScanId);
IPage <VulnerabilityAssessmentScanRecord> scanRecords = sqlClient.DatabaseVulnerabilityAssessmentScans.ListByDatabase(resourceGroup.Name, server.Name, dbName);
Assert.Equal(2, scanRecords.ToList().Count);
Assert.Contains(scanRecords.ToList(), item => item.ScanId == scanId);
Assert.Contains(scanRecords.ToList(), item => item.ScanId == scanId1);
VulnerabilityAssessmentScanRecord scanId1Record = sqlClient.DatabaseVulnerabilityAssessmentScans.Get(resourceGroup.Name, server.Name, dbName, scanId1);
VulnerabilityAssessmentScanRecord scanId1RecordFromList = scanRecords.FirstOrDefault(item => item.ScanId == scanId1);
Assert.Equal(scanId1Record.ScanId, scanId1RecordFromList.ScanId);
Assert.Equal(scanId1Record.TriggerType, scanId1RecordFromList.TriggerType);
Assert.Equal(scanId1Record.State, scanId1RecordFromList.State);
Assert.Equal(scanId1Record.StartTime, scanId1RecordFromList.StartTime);
Assert.Equal(scanId1Record.EndTime, scanId1RecordFromList.EndTime);
Assert.Equal(scanId1Record.Errors, scanId1RecordFromList.Errors);
Assert.Equal(scanId1Record.StorageContainerPath, scanId1RecordFromList.StorageContainerPath);
Assert.Equal(scanId1Record.NumberOfFailedSecurityChecks, scanId1RecordFromList.NumberOfFailedSecurityChecks);
}
}
/// <summary>
/// Verify that the received properties match their expected values
/// </summary>
/// <param name="expected">The expected value of the properties object</param>
/// <param name="actual">The properties object that needs to be checked</param>
private void VerifyDatabaseSecurityAlertPolicyInformation(DatabaseSecurityAlertPolicy expected, DatabaseSecurityAlertPolicy actual)
{
Assert.Equal(expected.State, actual.State);
Assert.Equal(expected.EmailAccountAdmins, actual.EmailAccountAdmins);
Assert.Equal(expected.DisabledAlerts, actual.DisabledAlerts);
Assert.Equal(expected.EmailAddresses, actual.EmailAddresses);
Assert.Equal(expected.StorageEndpoint, actual.StorageEndpoint);
Assert.Equal(string.Empty, actual.StorageAccountAccessKey);
Assert.Equal(expected.RetentionDays, actual.RetentionDays);
}
public async void TestCreateUpdateGetDatabaseVulnerabilityAssessments()
{
string testPrefix = "sqlvulnerabilityassessmentcrudtest-";
using (SqlManagementTestContext context = new SqlManagementTestContext(this))
{
ResourceGroup resourceGroup = context.CreateResourceGroup();
SqlManagementClient sqlClient = context.GetClient <SqlManagementClient>();
Server server = context.CreateServer(resourceGroup);
// Create database
//
string dbName = SqlManagementTestUtilities.GenerateName(testPrefix);
var db1 = sqlClient.Databases.CreateOrUpdate(resourceGroup.Name, server.Name, dbName, new Database()
{
Location = server.Location,
});
Assert.NotNull(db1);
// Turn ON database threat detection as a prerequisite to use VA
DatabaseSecurityAlertPolicy updatedDatabasePolicy = new DatabaseSecurityAlertPolicy
{
State = SecurityAlertPolicyState.Enabled,
EmailAccountAdmins = SecurityAlertPolicyEmailAccountAdmins.Enabled
};
sqlClient.DatabaseThreatDetectionPolicies.CreateOrUpdate(resourceGroup.Name, server.Name, dbName, updatedDatabasePolicy);
// Verify Policy is empty to begin with
DatabaseVulnerabilityAssessment policyThatWasReceived = sqlClient.DatabaseVulnerabilityAssessments.Get(resourceGroup.Name, server.Name, dbName);
Assert.Null(policyThatWasReceived.StorageContainerPath);
Assert.Null(policyThatWasReceived.StorageContainerSasKey);
Assert.False(policyThatWasReceived.RecurringScans.IsEnabled);
// Set policy and then get policy and verify correctness
DatabaseVulnerabilityAssessment policyThatWasSet = await SetPolicy(context, sqlClient, resourceGroup, server, dbName);
policyThatWasReceived = sqlClient.DatabaseVulnerabilityAssessments.Get(resourceGroup.Name, server.Name, dbName);
Assert.Equal(policyThatWasSet.StorageContainerPath, policyThatWasReceived.StorageContainerPath);
Assert.Null(policyThatWasSet.StorageContainerSasKey);
Assert.Equal(policyThatWasSet.RecurringScans.IsEnabled, policyThatWasReceived.RecurringScans.IsEnabled);
SqlManagementTestUtilities.AssertCollection(policyThatWasSet.RecurringScans.Emails, policyThatWasReceived.RecurringScans.Emails);
Assert.Equal(policyThatWasSet.RecurringScans.EmailSubscriptionAdmins, policyThatWasReceived.RecurringScans.EmailSubscriptionAdmins);
// Delete policy and then get policy and verify correctness
sqlClient.DatabaseVulnerabilityAssessments.Delete(resourceGroup.Name, server.Name, dbName);
// Get policy after deletion
policyThatWasReceived = sqlClient.DatabaseVulnerabilityAssessments.Get(resourceGroup.Name, server.Name, dbName);
Assert.Null(policyThatWasReceived.StorageContainerPath);
Assert.Null(policyThatWasReceived.StorageContainerSasKey);
Assert.False(policyThatWasReceived.RecurringScans.IsEnabled);
};
}
/// <summary>
/// Provides a database threat detection policy model for the given database
/// </summary>
public DatabaseThreatDetectionPolicyModel GetDatabaseThreatDetectionPolicy(string resourceGroup, string serverName, string databaseName, string requestId)
{
if (!IsRightServerVersionForThreatDetection(resourceGroup, serverName, requestId))
{
throw new Exception(Properties.Resources.ServerNotApplicableForThreatDetection);
}
DatabaseSecurityAlertPolicy threatDetectionPolicy = ThreatDetectionCommunicator.GetDatabaseSecurityAlertPolicy(resourceGroup, serverName, databaseName, requestId);
DatabaseThreatDetectionPolicyModel databaseThreatDetectionPolicyModel = ModelizeDatabaseThreatDetectionPolicy(threatDetectionPolicy);
databaseThreatDetectionPolicyModel.ResourceGroupName = resourceGroup;
databaseThreatDetectionPolicyModel.ServerName = serverName;
databaseThreatDetectionPolicyModel.DatabaseName = databaseName;
return(databaseThreatDetectionPolicyModel);
}
/// <summary>
/// Returns a SecurityAlertProperties object that holds the default settings for a database security alert policy
/// </summary>
/// <returns>A DatabaseSecurityAlertPolicy object with the default database security alert policy settings</returns>
private DatabaseSecurityAlertPolicy GetDefaultDatabaseSecurityAlertProperties()
{
DatabaseSecurityAlertPolicy properties = new DatabaseSecurityAlertPolicy
{
State = SecurityAlertPolicyState.Disabled,
EmailAccountAdmins = SecurityAlertPolicyEmailAccountAdmins.Disabled,
DisabledAlerts = string.Empty,
EmailAddresses = string.Empty,
UseServerDefault = SecurityAlertPolicyUseServerDefault.Disabled,
StorageEndpoint = string.Empty,
StorageAccountAccessKey = string.Empty,
RetentionDays = 0,
};
return(properties);
}
/// <summary>
/// Returns a SecurityAlertProperties object that holds the default settings for a database security alert policy
/// </summary>
/// <returns>A DatabaseSecurityAlertPolicy object with the default database security alert policy settings</returns>
private DatabaseSecurityAlertPolicy GetDefaultDatabaseSecurityAlertProperties()
{
DatabaseSecurityAlertPolicy properties = new DatabaseSecurityAlertPolicy
{
State = SecurityAlertsPolicyState.Disabled,
EmailAccountAdmins = false,
DisabledAlerts = new List <string>()
{
string.Empty
},
EmailAddresses = new List <string>()
{
string.Empty
},
StorageEndpoint = string.Empty,
StorageAccountAccessKey = string.Empty,
RetentionDays = 0,
};
return(properties);
}
public async void TestCreateUpdateGetDeleteDatabaseVulnerabilityAssessmentBaselines()
{
using (SqlManagementTestContext context = new SqlManagementTestContext(this))
{
string testPrefix = "sqlvulnerabilityassessmentbaselinetest-";
ResourceGroup resourceGroup = context.CreateResourceGroup();
SqlManagementClient sqlClient = context.GetClient <SqlManagementClient>();
Server server = context.CreateServer(resourceGroup);
// Create database
//
string dbName = SqlManagementTestUtilities.GenerateName(testPrefix);
var db1 = sqlClient.Databases.CreateOrUpdate(resourceGroup.Name, server.Name, dbName, new Database()
{
Location = server.Location,
});
Assert.NotNull(db1);
// Turn ON database threat detection as a prerequisite to use VA
DatabaseSecurityAlertPolicy updatedDatabasePolicy = new DatabaseSecurityAlertPolicy
{
State = SecurityAlertPolicyState.Enabled,
EmailAccountAdmins = SecurityAlertPolicyEmailAccountAdmins.Enabled
};
sqlClient.DatabaseThreatDetectionPolicies.CreateOrUpdate(resourceGroup.Name, server.Name, dbName, updatedDatabasePolicy);
// Set policy
await SetPolicy(context, sqlClient, resourceGroup, server, dbName);
// Test baseline for database level rule
ValidateBaselineRule(sqlClient, resourceGroup, server, dbName, isServerLevelRule: true);
// Test baseline for server level rule
ValidateBaselineRule(sqlClient, resourceGroup, server, dbName, isServerLevelRule: false);
// Test baseline for database level rule - backward compatibility
ValidateBaselineRule(sqlClient, resourceGroup, server, dbName, isServerLevelRule: null);
}
}
public async void TestExportDatabaseVulnerabilityAssessmentScans()
{
using (SqlManagementTestContext context = new SqlManagementTestContext(this))
{
string testPrefix = "sqlvulnerabilityassessmentexportscantest-";
ResourceGroup resourceGroup = context.CreateResourceGroup();
SqlManagementClient sqlClient = context.GetClient <SqlManagementClient>();
Server server = context.CreateServer(resourceGroup);
// Create database
//
string dbName = SqlManagementTestUtilities.GenerateName(testPrefix);
var db1 = sqlClient.Databases.CreateOrUpdate(resourceGroup.Name, server.Name, dbName, new Database()
{
Location = server.Location,
});
Assert.NotNull(db1);
// Turn ON database threat detection as a prerequisite to use VA
DatabaseSecurityAlertPolicy updatedDatabasePolicy = new DatabaseSecurityAlertPolicy
{
State = SecurityAlertPolicyState.Enabled,
EmailAccountAdmins = SecurityAlertPolicyEmailAccountAdmins.Enabled
};
sqlClient.DatabaseThreatDetectionPolicies.CreateOrUpdate(resourceGroup.Name, server.Name, dbName, updatedDatabasePolicy);
// Set policy
await SetPolicy(context, sqlClient, resourceGroup, server, dbName);
// Run some scans
string scanId = string.Format("scan1_{0}", testPrefix);
sqlClient.DatabaseVulnerabilityAssessmentScans.InitiateScan(resourceGroup.Name, server.Name, dbName, scanId);
sqlClient.DatabaseVulnerabilityAssessmentScans.Export(resourceGroup.Name, server.Name, dbName, scanId);
}
}
/// <summary>
/// Returns an Azure SQL Database security alert policy.
/// </summary>
/// <param name='resourceGroupName'>
/// Required. The name of the Resource Group to which the server
/// belongs.
/// </param>
/// <param name='serverName'>
/// Required. The name of the Azure SQL Database Server on which the
/// database is hosted.
/// </param>
/// <param name='databaseName'>
/// Required. The name of the Azure SQL Database for which the security
/// alert policy applies.
/// </param>
/// <param name='cancellationToken'>
/// Cancellation token.
/// </param>
/// <returns>
/// Represents the response to a get database security alert policy
/// request.
/// </returns>
public async Task <DatabaseSecurityAlertPolicyGetResponse> GetDatabaseSecurityAlertPolicyAsync(string resourceGroupName, string serverName, string databaseName, CancellationToken cancellationToken)
{
// Validate
if (resourceGroupName == null)
{
throw new ArgumentNullException("resourceGroupName");
}
if (serverName == null)
{
throw new ArgumentNullException("serverName");
}
if (databaseName == null)
{
throw new ArgumentNullException("databaseName");
}
// Tracing
bool shouldTrace = TracingAdapter.IsEnabled;
string invocationId = null;
if (shouldTrace)
{
invocationId = TracingAdapter.NextInvocationId.ToString();
Dictionary <string, object> tracingParameters = new Dictionary <string, object>();
tracingParameters.Add("resourceGroupName", resourceGroupName);
tracingParameters.Add("serverName", serverName);
tracingParameters.Add("databaseName", databaseName);
TracingAdapter.Enter(invocationId, this, "GetDatabaseSecurityAlertPolicyAsync", tracingParameters);
}
// Construct URL
string url = "";
url = url + "/subscriptions/";
if (this.Client.Credentials.SubscriptionId != null)
{
url = url + Uri.EscapeDataString(this.Client.Credentials.SubscriptionId);
}
url = url + "/resourceGroups/";
url = url + Uri.EscapeDataString(resourceGroupName);
url = url + "/providers/";
url = url + "Microsoft.Sql";
url = url + "/servers/";
url = url + Uri.EscapeDataString(serverName);
url = url + "/databases/";
url = url + Uri.EscapeDataString(databaseName);
url = url + "/securityAlertPolicies/Default";
List <string> queryParameters = new List <string>();
queryParameters.Add("api-version=2014-04-01");
if (queryParameters.Count > 0)
{
url = url + "?" + string.Join("&", queryParameters);
}
string baseUrl = this.Client.BaseUri.AbsoluteUri;
// Trim '/' character from the end of baseUrl and beginning of url.
if (baseUrl[baseUrl.Length - 1] == '/')
{
baseUrl = baseUrl.Substring(0, baseUrl.Length - 1);
}
if (url[0] == '/')
{
url = url.Substring(1);
}
url = baseUrl + "/" + url;
url = url.Replace(" ", "%20");
// Create HTTP transport objects
HttpRequestMessage httpRequest = null;
try
{
httpRequest = new HttpRequestMessage();
httpRequest.Method = HttpMethod.Get;
httpRequest.RequestUri = new Uri(url);
// Set Headers
// Set Credentials
cancellationToken.ThrowIfCancellationRequested();
await this.Client.Credentials.ProcessHttpRequestAsync(httpRequest, cancellationToken).ConfigureAwait(false);
// Send Request
HttpResponseMessage httpResponse = null;
try
{
if (shouldTrace)
{
TracingAdapter.SendRequest(invocationId, httpRequest);
}
cancellationToken.ThrowIfCancellationRequested();
httpResponse = await this.Client.HttpClient.SendAsync(httpRequest, cancellationToken).ConfigureAwait(false);
if (shouldTrace)
{
TracingAdapter.ReceiveResponse(invocationId, httpResponse);
}
HttpStatusCode statusCode = httpResponse.StatusCode;
if (statusCode != HttpStatusCode.OK)
{
cancellationToken.ThrowIfCancellationRequested();
CloudException ex = CloudException.Create(httpRequest, null, httpResponse, await httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false));
if (shouldTrace)
{
TracingAdapter.Error(invocationId, ex);
}
throw ex;
}
// Create Result
DatabaseSecurityAlertPolicyGetResponse result = null;
// Deserialize Response
if (statusCode == HttpStatusCode.OK)
{
cancellationToken.ThrowIfCancellationRequested();
string responseContent = await httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false);
result = new DatabaseSecurityAlertPolicyGetResponse();
JToken responseDoc = null;
if (string.IsNullOrEmpty(responseContent) == false)
{
responseDoc = JToken.Parse(responseContent);
}
if (responseDoc != null && responseDoc.Type != JTokenType.Null)
{
DatabaseSecurityAlertPolicy securityAlertPolicyInstance = new DatabaseSecurityAlertPolicy();
result.SecurityAlertPolicy = securityAlertPolicyInstance;
JToken propertiesValue = responseDoc["properties"];
if (propertiesValue != null && propertiesValue.Type != JTokenType.Null)
{
DatabaseSecurityAlertPolicyProperties propertiesInstance = new DatabaseSecurityAlertPolicyProperties();
securityAlertPolicyInstance.Properties = propertiesInstance;
JToken stateValue = propertiesValue["state"];
if (stateValue != null && stateValue.Type != JTokenType.Null)
{
string stateInstance = ((string)stateValue);
propertiesInstance.State = stateInstance;
}
JToken disabledAlertsValue = propertiesValue["disabledAlerts"];
if (disabledAlertsValue != null && disabledAlertsValue.Type != JTokenType.Null)
{
string disabledAlertsInstance = ((string)disabledAlertsValue);
propertiesInstance.DisabledAlerts = disabledAlertsInstance;
}
JToken emailAddressesValue = propertiesValue["emailAddresses"];
if (emailAddressesValue != null && emailAddressesValue.Type != JTokenType.Null)
{
string emailAddressesInstance = ((string)emailAddressesValue);
propertiesInstance.EmailAddresses = emailAddressesInstance;
}
JToken emailAccountAdminsValue = propertiesValue["emailAccountAdmins"];
if (emailAccountAdminsValue != null && emailAccountAdminsValue.Type != JTokenType.Null)
{
string emailAccountAdminsInstance = ((string)emailAccountAdminsValue);
propertiesInstance.EmailAccountAdmins = emailAccountAdminsInstance;
}
}
JToken idValue = responseDoc["id"];
if (idValue != null && idValue.Type != JTokenType.Null)
{
string idInstance = ((string)idValue);
securityAlertPolicyInstance.Id = idInstance;
}
JToken nameValue = responseDoc["name"];
if (nameValue != null && nameValue.Type != JTokenType.Null)
{
string nameInstance = ((string)nameValue);
securityAlertPolicyInstance.Name = nameInstance;
}
JToken typeValue = responseDoc["type"];
if (typeValue != null && typeValue.Type != JTokenType.Null)
{
string typeInstance = ((string)typeValue);
securityAlertPolicyInstance.Type = typeInstance;
}
JToken locationValue = responseDoc["location"];
if (locationValue != null && locationValue.Type != JTokenType.Null)
{
string locationInstance = ((string)locationValue);
securityAlertPolicyInstance.Location = locationInstance;
}
JToken tagsSequenceElement = ((JToken)responseDoc["tags"]);
if (tagsSequenceElement != null && tagsSequenceElement.Type != JTokenType.Null)
{
foreach (JProperty property in tagsSequenceElement)
{
string tagsKey = ((string)property.Name);
string tagsValue = ((string)property.Value);
securityAlertPolicyInstance.Tags.Add(tagsKey, tagsValue);
}
}
}
}
result.StatusCode = statusCode;
if (httpResponse.Headers.Contains("x-ms-request-id"))
{
result.RequestId = httpResponse.Headers.GetValues("x-ms-request-id").FirstOrDefault();
}
if (shouldTrace)
{
TracingAdapter.Exit(invocationId, result);
}
return(result);
}
finally
{
if (httpResponse != null)
{
httpResponse.Dispose();
}
}
}
finally
{
if (httpRequest != null)
{
httpRequest.Dispose();
}
}
}
/// <summary>
/// Transforms the given database policy object to its cmdlet model representation
/// </summary>
private DatabaseThreatDetectionPolicyModel ModelizeDatabaseThreatDetectionPolicy(DatabaseSecurityAlertPolicy threatDetectionPolicy)
{
DatabaseThreatDetectionPolicyModel databaseThreatDetectionPolicyModel = new DatabaseThreatDetectionPolicyModel();
DatabaseSecurityAlertPolicyProperties threatDetectionProperties = threatDetectionPolicy.Properties;
databaseThreatDetectionPolicyModel.ThreatDetectionState = ModelizeThreatDetectionState(threatDetectionProperties.State);
databaseThreatDetectionPolicyModel.NotificationRecipientsEmails = threatDetectionProperties.EmailAddresses;
databaseThreatDetectionPolicyModel.EmailAdmins = ModelizeThreatDetectionEmailAdmins(threatDetectionProperties.EmailAccountAdmins);
ModelizeDisabledAlerts(databaseThreatDetectionPolicyModel, threatDetectionProperties.DisabledAlerts);
return(databaseThreatDetectionPolicyModel);
}
/// <summary>
/// Creates or updates a database's security alert policy.
/// </summary>
/// <param name='resourceGroupName'>
/// The name of the resource group that contains the resource. You can obtain
/// this value from the Azure Resource Manager API or the portal.
/// </param>
/// <param name='serverName'>
/// The name of the server.
/// </param>
/// <param name='databaseName'>
/// The name of the database for which the security alert policy is defined.
/// </param>
/// <param name='parameters'>
/// The database security alert policy.
/// </param>
/// <param name='customHeaders'>
/// Headers that will be added to request.
/// </param>
/// <param name='cancellationToken'>
/// The cancellation token.
/// </param>
/// <exception cref="CloudException">
/// Thrown when the operation returned an invalid status code
/// </exception>
/// <exception cref="SerializationException">
/// Thrown when unable to deserialize the response
/// </exception>
/// <exception cref="ValidationException">
/// Thrown when a required parameter is null
/// </exception>
/// <exception cref="System.ArgumentNullException">
/// Thrown when a required parameter is null
/// </exception>
/// <return>
/// A response object containing the response body and response headers.
/// </return>
public async Task <AzureOperationResponse <DatabaseSecurityAlertPolicy> > CreateOrUpdateWithHttpMessagesAsync(string resourceGroupName, string serverName, string databaseName, DatabaseSecurityAlertPolicy parameters, Dictionary <string, List <string> > customHeaders = null, CancellationToken cancellationToken = default(CancellationToken))
{
if (resourceGroupName == null)
{
throw new ValidationException(ValidationRules.CannotBeNull, "resourceGroupName");
}
if (serverName == null)
{
throw new ValidationException(ValidationRules.CannotBeNull, "serverName");
}
if (databaseName == null)
{
throw new ValidationException(ValidationRules.CannotBeNull, "databaseName");
}
if (parameters == null)
{
throw new ValidationException(ValidationRules.CannotBeNull, "parameters");
}
if (parameters != null)
{
parameters.Validate();
}
if (Client.SubscriptionId == null)
{
throw new ValidationException(ValidationRules.CannotBeNull, "this.Client.SubscriptionId");
}
string securityAlertPolicyName = "default";
string apiVersion = "2020-11-01-preview";
// Tracing
bool _shouldTrace = ServiceClientTracing.IsEnabled;
string _invocationId = null;
if (_shouldTrace)
{
_invocationId = ServiceClientTracing.NextInvocationId.ToString();
Dictionary <string, object> tracingParameters = new Dictionary <string, object>();
tracingParameters.Add("resourceGroupName", resourceGroupName);
tracingParameters.Add("serverName", serverName);
tracingParameters.Add("databaseName", databaseName);
tracingParameters.Add("securityAlertPolicyName", securityAlertPolicyName);
tracingParameters.Add("parameters", parameters);
tracingParameters.Add("apiVersion", apiVersion);
tracingParameters.Add("cancellationToken", cancellationToken);
ServiceClientTracing.Enter(_invocationId, this, "CreateOrUpdate", tracingParameters);
}
// Construct URL
var _baseUrl = Client.BaseUri.AbsoluteUri;
var _url = new System.Uri(new System.Uri(_baseUrl + (_baseUrl.EndsWith("/") ? "" : "/")), "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/securityAlertPolicies/{securityAlertPolicyName}").ToString();
_url = _url.Replace("{resourceGroupName}", System.Uri.EscapeDataString(resourceGroupName));
_url = _url.Replace("{serverName}", System.Uri.EscapeDataString(serverName));
_url = _url.Replace("{databaseName}", System.Uri.EscapeDataString(databaseName));
_url = _url.Replace("{securityAlertPolicyName}", System.Uri.EscapeDataString(securityAlertPolicyName));
_url = _url.Replace("{subscriptionId}", System.Uri.EscapeDataString(Client.SubscriptionId));
List <string> _queryParameters = new List <string>();
if (apiVersion != null)
{
_queryParameters.Add(string.Format("api-version={0}", System.Uri.EscapeDataString(apiVersion)));
}
if (_queryParameters.Count > 0)
{
_url += (_url.Contains("?") ? "&" : "?") + string.Join("&", _queryParameters);
}
// Create HTTP transport objects
var _httpRequest = new HttpRequestMessage();
HttpResponseMessage _httpResponse = null;
_httpRequest.Method = new HttpMethod("PUT");
_httpRequest.RequestUri = new System.Uri(_url);
// Set Headers
if (Client.GenerateClientRequestId != null && Client.GenerateClientRequestId.Value)
{
_httpRequest.Headers.TryAddWithoutValidation("x-ms-client-request-id", System.Guid.NewGuid().ToString());
}
if (Client.AcceptLanguage != null)
{
if (_httpRequest.Headers.Contains("accept-language"))
{
_httpRequest.Headers.Remove("accept-language");
}
_httpRequest.Headers.TryAddWithoutValidation("accept-language", Client.AcceptLanguage);
}
if (customHeaders != null)
{
foreach (var _header in customHeaders)
{
if (_httpRequest.Headers.Contains(_header.Key))
{
_httpRequest.Headers.Remove(_header.Key);
}
_httpRequest.Headers.TryAddWithoutValidation(_header.Key, _header.Value);
}
}
// Serialize Request
string _requestContent = null;
if (parameters != null)
{
_requestContent = Rest.Serialization.SafeJsonConvert.SerializeObject(parameters, Client.SerializationSettings);
_httpRequest.Content = new StringContent(_requestContent, System.Text.Encoding.UTF8);
_httpRequest.Content.Headers.ContentType = System.Net.Http.Headers.MediaTypeHeaderValue.Parse("application/json; charset=utf-8");
}
// Set Credentials
if (Client.Credentials != null)
{
cancellationToken.ThrowIfCancellationRequested();
await Client.Credentials.ProcessHttpRequestAsync(_httpRequest, cancellationToken).ConfigureAwait(false);
}
// Send Request
if (_shouldTrace)
{
ServiceClientTracing.SendRequest(_invocationId, _httpRequest);
}
cancellationToken.ThrowIfCancellationRequested();
_httpResponse = await Client.HttpClient.SendAsync(_httpRequest, cancellationToken).ConfigureAwait(false);
if (_shouldTrace)
{
ServiceClientTracing.ReceiveResponse(_invocationId, _httpResponse);
}
HttpStatusCode _statusCode = _httpResponse.StatusCode;
cancellationToken.ThrowIfCancellationRequested();
string _responseContent = null;
if ((int)_statusCode != 200 && (int)_statusCode != 201)
{
var ex = new CloudException(string.Format("Operation returned an invalid status code '{0}'", _statusCode));
try
{
_responseContent = await _httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false);
CloudError _errorBody = Rest.Serialization.SafeJsonConvert.DeserializeObject <CloudError>(_responseContent, Client.DeserializationSettings);
if (_errorBody != null)
{
ex = new CloudException(_errorBody.Message);
ex.Body = _errorBody;
}
}
catch (JsonException)
{
// Ignore the exception
}
ex.Request = new HttpRequestMessageWrapper(_httpRequest, _requestContent);
ex.Response = new HttpResponseMessageWrapper(_httpResponse, _responseContent);
if (_httpResponse.Headers.Contains("x-ms-request-id"))
{
ex.RequestId = _httpResponse.Headers.GetValues("x-ms-request-id").FirstOrDefault();
}
if (_shouldTrace)
{
ServiceClientTracing.Error(_invocationId, ex);
}
_httpRequest.Dispose();
if (_httpResponse != null)
{
_httpResponse.Dispose();
}
throw ex;
}
// Create Result
var _result = new AzureOperationResponse <DatabaseSecurityAlertPolicy>();
_result.Request = _httpRequest;
_result.Response = _httpResponse;
if (_httpResponse.Headers.Contains("x-ms-request-id"))
{
_result.RequestId = _httpResponse.Headers.GetValues("x-ms-request-id").FirstOrDefault();
}
// Deserialize Response
if ((int)_statusCode == 200)
{
_responseContent = await _httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false);
try
{
_result.Body = Rest.Serialization.SafeJsonConvert.DeserializeObject <DatabaseSecurityAlertPolicy>(_responseContent, Client.DeserializationSettings);
}
catch (JsonException ex)
{
_httpRequest.Dispose();
if (_httpResponse != null)
{
_httpResponse.Dispose();
}
throw new SerializationException("Unable to deserialize the response.", _responseContent, ex);
}
}
// Deserialize Response
if ((int)_statusCode == 201)
{
_responseContent = await _httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false);
try
{
_result.Body = Rest.Serialization.SafeJsonConvert.DeserializeObject <DatabaseSecurityAlertPolicy>(_responseContent, Client.DeserializationSettings);
}
catch (JsonException ex)
{
_httpRequest.Dispose();
if (_httpResponse != null)
{
_httpResponse.Dispose();
}
throw new SerializationException("Unable to deserialize the response.", _responseContent, ex);
}
}
if (_shouldTrace)
{
ServiceClientTracing.Exit(_invocationId, _result);
}
return(_result);
}
/// <summary>
/// Creates or updates a database's threat detection policy.
/// </summary>
/// <param name='operations'>
/// The operations group for this extension method.
/// </param>
/// <param name='resourceGroupName'>
/// The name of the resource group that contains the resource. You can obtain
/// this value from the Azure Resource Manager API or the portal.
/// </param>
/// <param name='serverName'>
/// The name of the server.
/// </param>
/// <param name='databaseName'>
/// The name of the database for which database Threat Detection policy is
/// defined.
/// </param>
/// <param name='parameters'>
/// The database Threat Detection policy.
/// </param>
public static DatabaseSecurityAlertPolicy CreateOrUpdate(this IDatabaseThreatDetectionPoliciesOperations operations, string resourceGroupName, string serverName, string databaseName, DatabaseSecurityAlertPolicy parameters)
{
return(operations.CreateOrUpdateAsync(resourceGroupName, serverName, databaseName, parameters).GetAwaiter().GetResult());
}
/// <summary>
/// Creates or updates a database's threat detection policy.
/// </summary>
/// <param name='operations'>
/// The operations group for this extension method.
/// </param>
/// <param name='resourceGroupName'>
/// The name of the resource group that contains the resource. You can obtain
/// this value from the Azure Resource Manager API or the portal.
/// </param>
/// <param name='serverName'>
/// The name of the server.
/// </param>
/// <param name='databaseName'>
/// The name of the database for which database Threat Detection policy is
/// defined.
/// </param>
/// <param name='parameters'>
/// The database Threat Detection policy.
/// </param>
/// <param name='cancellationToken'>
/// The cancellation token.
/// </param>
public static async Task <DatabaseSecurityAlertPolicy> CreateOrUpdateAsync(this IDatabaseThreatDetectionPoliciesOperations operations, string resourceGroupName, string serverName, string databaseName, DatabaseSecurityAlertPolicy parameters, CancellationToken cancellationToken = default(CancellationToken))
{
using (var _result = await operations.CreateOrUpdateWithHttpMessagesAsync(resourceGroupName, serverName, databaseName, parameters, null, cancellationToken).ConfigureAwait(false))
{
return(_result.Body);
}
}
public void TestThreatDetection()
{
string testPrefix = "server-security-alert-test-";
using (SqlManagementTestContext context = new SqlManagementTestContext(this))
{
ResourceGroup resourceGroup = context.CreateResourceGroup();
Server server = context.CreateServer(resourceGroup);
SqlManagementClient sqlClient = context.GetClient <SqlManagementClient>();
// create some databases in server
Database[] databases = SqlManagementTestUtilities.CreateDatabasesAsync(
sqlClient, resourceGroup.Name, server, testPrefix, 2).Result;
// ******* Server threat detection *******
ServerSecurityAlertPolicy defaultServerPolicyResponse = sqlClient.ServerSecurityAlertPolicies.Get(resourceGroup.Name, server.Name);
// Verify that the initial Get request contains the default policy.
VerifyServerSecurityAlertPolicyInformation(GetDefaultServerSecurityAlertProperties(), defaultServerPolicyResponse);
// Modify the policy properties, send and receive and see it its still ok
ServerSecurityAlertPolicy updatedServerPolicy = new ServerSecurityAlertPolicy
{
State = SecurityAlertsPolicyState.Enabled,
EmailAccountAdmins = true
};
//Set security alert policy for server
sqlClient.ServerSecurityAlertPolicies.CreateOrUpdate(resourceGroup.Name, server.Name, updatedServerPolicy);
//Get security alert server policy
var getUpdatedServerPolicyResponse = sqlClient.ServerSecurityAlertPolicies.Get(resourceGroup.Name, server.Name);
// Verify that the Get request contains the updated policy.
Assert.Equal(updatedServerPolicy.State, getUpdatedServerPolicyResponse.State);
Assert.Equal(updatedServerPolicy.EmailAccountAdmins, getUpdatedServerPolicyResponse.EmailAccountAdmins);
// Modify the policy properties again, send and receive and see it its still ok
updatedServerPolicy = new ServerSecurityAlertPolicy
{
State = SecurityAlertsPolicyState.Disabled,
EmailAccountAdmins = true,
EmailAddresses = new List <string>()
{
"*****@*****.**", "*****@*****.**"
},
DisabledAlerts = new List <string>()
{
"Sql_Injection"
},
RetentionDays = 3,
StorageAccountAccessKey = "fake_key_sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==",
StorageEndpoint = "https://MyAccount.blob.core.windows.net/",
};
//Set security alert policy for server
sqlClient.ServerSecurityAlertPolicies.CreateOrUpdate(resourceGroup.Name, server.Name, updatedServerPolicy);
//Get security alert server policy
getUpdatedServerPolicyResponse = sqlClient.ServerSecurityAlertPolicies.Get(resourceGroup.Name, server.Name);
// Verify that the Get request contains the updated policy.
VerifyServerSecurityAlertPolicyInformation(updatedServerPolicy, getUpdatedServerPolicyResponse);
// ******* Database threat detection *******
string dbName = databases[0].Name;
DatabaseSecurityAlertPolicy defaultDatabasePolicyResponse = sqlClient.DatabaseSecurityAlertPolicies.Get(resourceGroup.Name, server.Name, dbName);
// Verify that the initial Get request contains the default policy.
VerifyDatabaseSecurityAlertPolicyInformation(GetDefaultDatabaseSecurityAlertProperties(), defaultDatabasePolicyResponse);
// Modify the policy properties, send and receive and see it its still ok
DatabaseSecurityAlertPolicy updatedDatabasePolicy = new DatabaseSecurityAlertPolicy
{
State = SecurityAlertsPolicyState.Disabled,
EmailAccountAdmins = true,
EmailAddresses = new List <string>()
{
"*****@*****.**"
},
DisabledAlerts = new List <string>()
{
"Access_Anomaly", "Usage_Anomaly"
},
RetentionDays = 5,
StorageAccountAccessKey = "fake_key_sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==",
StorageEndpoint = "https://MyAccount.blob.core.windows.net/"
};
sqlClient.DatabaseSecurityAlertPolicies.CreateOrUpdate(resourceGroup.Name, server.Name, dbName, updatedDatabasePolicy);
var getUpdatedDatabasePolicyResponse = sqlClient.DatabaseSecurityAlertPolicies.Get(resourceGroup.Name, server.Name, dbName);
// Verify that the Get request contains the updated policy.
VerifyDatabaseSecurityAlertPolicyInformation(updatedDatabasePolicy, getUpdatedDatabasePolicyResponse);
}
}
