public async void TestExecuteGetListDatabaseVulnerabilityAssessmentScans() { using (SqlManagementTestContext context = new SqlManagementTestContext(this)) { string testPrefix = "sqlvulnerabilityassessmentscantest-"; ResourceGroup resourceGroup = context.CreateResourceGroup(); SqlManagementClient sqlClient = context.GetClient <SqlManagementClient>(); Server server = context.CreateServer(resourceGroup); // Create database // string dbName = SqlManagementTestUtilities.GenerateName(testPrefix); var db1 = sqlClient.Databases.CreateOrUpdate(resourceGroup.Name, server.Name, dbName, new Database() { Location = server.Location, }); Assert.NotNull(db1); // Turn ON database threat detection as a prerequisite to use VA DatabaseSecurityAlertPolicy updatedDatabasePolicy = new DatabaseSecurityAlertPolicy { State = SecurityAlertPolicyState.Enabled, EmailAccountAdmins = SecurityAlertPolicyEmailAccountAdmins.Enabled }; sqlClient.DatabaseThreatDetectionPolicies.CreateOrUpdate(resourceGroup.Name, server.Name, dbName, updatedDatabasePolicy); // Set policy await SetPolicy(context, sqlClient, resourceGroup, server, dbName); // Run some scans string scanId = string.Format("scantest1_{0}", testPrefix); sqlClient.DatabaseVulnerabilityAssessmentScans.InitiateScan(resourceGroup.Name, server.Name, dbName, scanId); string scanId1 = string.Format("scantest2_{0}", testPrefix); sqlClient.DatabaseVulnerabilityAssessmentScans.InitiateScan(resourceGroup.Name, server.Name, dbName, scanId1); // Verify get scan and list scans VulnerabilityAssessmentScanRecord scanRecord = sqlClient.DatabaseVulnerabilityAssessmentScans.Get(resourceGroup.Name, server.Name, dbName, scanId); Assert.Equal(scanId, scanRecord.ScanId); IPage <VulnerabilityAssessmentScanRecord> scanRecords = sqlClient.DatabaseVulnerabilityAssessmentScans.ListByDatabase(resourceGroup.Name, server.Name, dbName); Assert.Equal(2, scanRecords.ToList().Count); Assert.Contains(scanRecords.ToList(), item => item.ScanId == scanId); Assert.Contains(scanRecords.ToList(), item => item.ScanId == scanId1); VulnerabilityAssessmentScanRecord scanId1Record = sqlClient.DatabaseVulnerabilityAssessmentScans.Get(resourceGroup.Name, server.Name, dbName, scanId1); VulnerabilityAssessmentScanRecord scanId1RecordFromList = scanRecords.FirstOrDefault(item => item.ScanId == scanId1); Assert.Equal(scanId1Record.ScanId, scanId1RecordFromList.ScanId); Assert.Equal(scanId1Record.TriggerType, scanId1RecordFromList.TriggerType); Assert.Equal(scanId1Record.State, scanId1RecordFromList.State); Assert.Equal(scanId1Record.StartTime, scanId1RecordFromList.StartTime); Assert.Equal(scanId1Record.EndTime, scanId1RecordFromList.EndTime); Assert.Equal(scanId1Record.Errors, scanId1RecordFromList.Errors); Assert.Equal(scanId1Record.StorageContainerPath, scanId1RecordFromList.StorageContainerPath); Assert.Equal(scanId1Record.NumberOfFailedSecurityChecks, scanId1RecordFromList.NumberOfFailedSecurityChecks); } }
/// <summary> /// Verify that the received properties match their expected values /// </summary> /// <param name="expected">The expected value of the properties object</param> /// <param name="actual">The properties object that needs to be checked</param> private void VerifyDatabaseSecurityAlertPolicyInformation(DatabaseSecurityAlertPolicy expected, DatabaseSecurityAlertPolicy actual) { Assert.Equal(expected.State, actual.State); Assert.Equal(expected.EmailAccountAdmins, actual.EmailAccountAdmins); Assert.Equal(expected.DisabledAlerts, actual.DisabledAlerts); Assert.Equal(expected.EmailAddresses, actual.EmailAddresses); Assert.Equal(expected.StorageEndpoint, actual.StorageEndpoint); Assert.Equal(string.Empty, actual.StorageAccountAccessKey); Assert.Equal(expected.RetentionDays, actual.RetentionDays); }
public async void TestCreateUpdateGetDatabaseVulnerabilityAssessments() { string testPrefix = "sqlvulnerabilityassessmentcrudtest-"; using (SqlManagementTestContext context = new SqlManagementTestContext(this)) { ResourceGroup resourceGroup = context.CreateResourceGroup(); SqlManagementClient sqlClient = context.GetClient <SqlManagementClient>(); Server server = context.CreateServer(resourceGroup); // Create database // string dbName = SqlManagementTestUtilities.GenerateName(testPrefix); var db1 = sqlClient.Databases.CreateOrUpdate(resourceGroup.Name, server.Name, dbName, new Database() { Location = server.Location, }); Assert.NotNull(db1); // Turn ON database threat detection as a prerequisite to use VA DatabaseSecurityAlertPolicy updatedDatabasePolicy = new DatabaseSecurityAlertPolicy { State = SecurityAlertPolicyState.Enabled, EmailAccountAdmins = SecurityAlertPolicyEmailAccountAdmins.Enabled }; sqlClient.DatabaseThreatDetectionPolicies.CreateOrUpdate(resourceGroup.Name, server.Name, dbName, updatedDatabasePolicy); // Verify Policy is empty to begin with DatabaseVulnerabilityAssessment policyThatWasReceived = sqlClient.DatabaseVulnerabilityAssessments.Get(resourceGroup.Name, server.Name, dbName); Assert.Null(policyThatWasReceived.StorageContainerPath); Assert.Null(policyThatWasReceived.StorageContainerSasKey); Assert.False(policyThatWasReceived.RecurringScans.IsEnabled); // Set policy and then get policy and verify correctness DatabaseVulnerabilityAssessment policyThatWasSet = await SetPolicy(context, sqlClient, resourceGroup, server, dbName); policyThatWasReceived = sqlClient.DatabaseVulnerabilityAssessments.Get(resourceGroup.Name, server.Name, dbName); Assert.Equal(policyThatWasSet.StorageContainerPath, policyThatWasReceived.StorageContainerPath); Assert.Null(policyThatWasSet.StorageContainerSasKey); Assert.Equal(policyThatWasSet.RecurringScans.IsEnabled, policyThatWasReceived.RecurringScans.IsEnabled); SqlManagementTestUtilities.AssertCollection(policyThatWasSet.RecurringScans.Emails, policyThatWasReceived.RecurringScans.Emails); Assert.Equal(policyThatWasSet.RecurringScans.EmailSubscriptionAdmins, policyThatWasReceived.RecurringScans.EmailSubscriptionAdmins); // Delete policy and then get policy and verify correctness sqlClient.DatabaseVulnerabilityAssessments.Delete(resourceGroup.Name, server.Name, dbName); // Get policy after deletion policyThatWasReceived = sqlClient.DatabaseVulnerabilityAssessments.Get(resourceGroup.Name, server.Name, dbName); Assert.Null(policyThatWasReceived.StorageContainerPath); Assert.Null(policyThatWasReceived.StorageContainerSasKey); Assert.False(policyThatWasReceived.RecurringScans.IsEnabled); }; }
/// <summary> /// Provides a database threat detection policy model for the given database /// </summary> public DatabaseThreatDetectionPolicyModel GetDatabaseThreatDetectionPolicy(string resourceGroup, string serverName, string databaseName, string requestId) { if (!IsRightServerVersionForThreatDetection(resourceGroup, serverName, requestId)) { throw new Exception(Properties.Resources.ServerNotApplicableForThreatDetection); } DatabaseSecurityAlertPolicy threatDetectionPolicy = ThreatDetectionCommunicator.GetDatabaseSecurityAlertPolicy(resourceGroup, serverName, databaseName, requestId); DatabaseThreatDetectionPolicyModel databaseThreatDetectionPolicyModel = ModelizeDatabaseThreatDetectionPolicy(threatDetectionPolicy); databaseThreatDetectionPolicyModel.ResourceGroupName = resourceGroup; databaseThreatDetectionPolicyModel.ServerName = serverName; databaseThreatDetectionPolicyModel.DatabaseName = databaseName; return(databaseThreatDetectionPolicyModel); }
/// <summary> /// Returns a SecurityAlertProperties object that holds the default settings for a database security alert policy /// </summary> /// <returns>A DatabaseSecurityAlertPolicy object with the default database security alert policy settings</returns> private DatabaseSecurityAlertPolicy GetDefaultDatabaseSecurityAlertProperties() { DatabaseSecurityAlertPolicy properties = new DatabaseSecurityAlertPolicy { State = SecurityAlertPolicyState.Disabled, EmailAccountAdmins = SecurityAlertPolicyEmailAccountAdmins.Disabled, DisabledAlerts = string.Empty, EmailAddresses = string.Empty, UseServerDefault = SecurityAlertPolicyUseServerDefault.Disabled, StorageEndpoint = string.Empty, StorageAccountAccessKey = string.Empty, RetentionDays = 0, }; return(properties); }
/// <summary> /// Returns a SecurityAlertProperties object that holds the default settings for a database security alert policy /// </summary> /// <returns>A DatabaseSecurityAlertPolicy object with the default database security alert policy settings</returns> private DatabaseSecurityAlertPolicy GetDefaultDatabaseSecurityAlertProperties() { DatabaseSecurityAlertPolicy properties = new DatabaseSecurityAlertPolicy { State = SecurityAlertsPolicyState.Disabled, EmailAccountAdmins = false, DisabledAlerts = new List <string>() { string.Empty }, EmailAddresses = new List <string>() { string.Empty }, StorageEndpoint = string.Empty, StorageAccountAccessKey = string.Empty, RetentionDays = 0, }; return(properties); }
public async void TestCreateUpdateGetDeleteDatabaseVulnerabilityAssessmentBaselines() { using (SqlManagementTestContext context = new SqlManagementTestContext(this)) { string testPrefix = "sqlvulnerabilityassessmentbaselinetest-"; ResourceGroup resourceGroup = context.CreateResourceGroup(); SqlManagementClient sqlClient = context.GetClient <SqlManagementClient>(); Server server = context.CreateServer(resourceGroup); // Create database // string dbName = SqlManagementTestUtilities.GenerateName(testPrefix); var db1 = sqlClient.Databases.CreateOrUpdate(resourceGroup.Name, server.Name, dbName, new Database() { Location = server.Location, }); Assert.NotNull(db1); // Turn ON database threat detection as a prerequisite to use VA DatabaseSecurityAlertPolicy updatedDatabasePolicy = new DatabaseSecurityAlertPolicy { State = SecurityAlertPolicyState.Enabled, EmailAccountAdmins = SecurityAlertPolicyEmailAccountAdmins.Enabled }; sqlClient.DatabaseThreatDetectionPolicies.CreateOrUpdate(resourceGroup.Name, server.Name, dbName, updatedDatabasePolicy); // Set policy await SetPolicy(context, sqlClient, resourceGroup, server, dbName); // Test baseline for database level rule ValidateBaselineRule(sqlClient, resourceGroup, server, dbName, isServerLevelRule: true); // Test baseline for server level rule ValidateBaselineRule(sqlClient, resourceGroup, server, dbName, isServerLevelRule: false); // Test baseline for database level rule - backward compatibility ValidateBaselineRule(sqlClient, resourceGroup, server, dbName, isServerLevelRule: null); } }
public async void TestExportDatabaseVulnerabilityAssessmentScans() { using (SqlManagementTestContext context = new SqlManagementTestContext(this)) { string testPrefix = "sqlvulnerabilityassessmentexportscantest-"; ResourceGroup resourceGroup = context.CreateResourceGroup(); SqlManagementClient sqlClient = context.GetClient <SqlManagementClient>(); Server server = context.CreateServer(resourceGroup); // Create database // string dbName = SqlManagementTestUtilities.GenerateName(testPrefix); var db1 = sqlClient.Databases.CreateOrUpdate(resourceGroup.Name, server.Name, dbName, new Database() { Location = server.Location, }); Assert.NotNull(db1); // Turn ON database threat detection as a prerequisite to use VA DatabaseSecurityAlertPolicy updatedDatabasePolicy = new DatabaseSecurityAlertPolicy { State = SecurityAlertPolicyState.Enabled, EmailAccountAdmins = SecurityAlertPolicyEmailAccountAdmins.Enabled }; sqlClient.DatabaseThreatDetectionPolicies.CreateOrUpdate(resourceGroup.Name, server.Name, dbName, updatedDatabasePolicy); // Set policy await SetPolicy(context, sqlClient, resourceGroup, server, dbName); // Run some scans string scanId = string.Format("scan1_{0}", testPrefix); sqlClient.DatabaseVulnerabilityAssessmentScans.InitiateScan(resourceGroup.Name, server.Name, dbName, scanId); sqlClient.DatabaseVulnerabilityAssessmentScans.Export(resourceGroup.Name, server.Name, dbName, scanId); } }
/// <summary> /// Returns an Azure SQL Database security alert policy. /// </summary> /// <param name='resourceGroupName'> /// Required. The name of the Resource Group to which the server /// belongs. /// </param> /// <param name='serverName'> /// Required. The name of the Azure SQL Database Server on which the /// database is hosted. /// </param> /// <param name='databaseName'> /// Required. The name of the Azure SQL Database for which the security /// alert policy applies. /// </param> /// <param name='cancellationToken'> /// Cancellation token. /// </param> /// <returns> /// Represents the response to a get database security alert policy /// request. /// </returns> public async Task <DatabaseSecurityAlertPolicyGetResponse> GetDatabaseSecurityAlertPolicyAsync(string resourceGroupName, string serverName, string databaseName, CancellationToken cancellationToken) { // Validate if (resourceGroupName == null) { throw new ArgumentNullException("resourceGroupName"); } if (serverName == null) { throw new ArgumentNullException("serverName"); } if (databaseName == null) { throw new ArgumentNullException("databaseName"); } // Tracing bool shouldTrace = TracingAdapter.IsEnabled; string invocationId = null; if (shouldTrace) { invocationId = TracingAdapter.NextInvocationId.ToString(); Dictionary <string, object> tracingParameters = new Dictionary <string, object>(); tracingParameters.Add("resourceGroupName", resourceGroupName); tracingParameters.Add("serverName", serverName); tracingParameters.Add("databaseName", databaseName); TracingAdapter.Enter(invocationId, this, "GetDatabaseSecurityAlertPolicyAsync", tracingParameters); } // Construct URL string url = ""; url = url + "/subscriptions/"; if (this.Client.Credentials.SubscriptionId != null) { url = url + Uri.EscapeDataString(this.Client.Credentials.SubscriptionId); } url = url + "/resourceGroups/"; url = url + Uri.EscapeDataString(resourceGroupName); url = url + "/providers/"; url = url + "Microsoft.Sql"; url = url + "/servers/"; url = url + Uri.EscapeDataString(serverName); url = url + "/databases/"; url = url + Uri.EscapeDataString(databaseName); url = url + "/securityAlertPolicies/Default"; List <string> queryParameters = new List <string>(); queryParameters.Add("api-version=2014-04-01"); if (queryParameters.Count > 0) { url = url + "?" + string.Join("&", queryParameters); } string baseUrl = this.Client.BaseUri.AbsoluteUri; // Trim '/' character from the end of baseUrl and beginning of url. if (baseUrl[baseUrl.Length - 1] == '/') { baseUrl = baseUrl.Substring(0, baseUrl.Length - 1); } if (url[0] == '/') { url = url.Substring(1); } url = baseUrl + "/" + url; url = url.Replace(" ", "%20"); // Create HTTP transport objects HttpRequestMessage httpRequest = null; try { httpRequest = new HttpRequestMessage(); httpRequest.Method = HttpMethod.Get; httpRequest.RequestUri = new Uri(url); // Set Headers // Set Credentials cancellationToken.ThrowIfCancellationRequested(); await this.Client.Credentials.ProcessHttpRequestAsync(httpRequest, cancellationToken).ConfigureAwait(false); // Send Request HttpResponseMessage httpResponse = null; try { if (shouldTrace) { TracingAdapter.SendRequest(invocationId, httpRequest); } cancellationToken.ThrowIfCancellationRequested(); httpResponse = await this.Client.HttpClient.SendAsync(httpRequest, cancellationToken).ConfigureAwait(false); if (shouldTrace) { TracingAdapter.ReceiveResponse(invocationId, httpResponse); } HttpStatusCode statusCode = httpResponse.StatusCode; if (statusCode != HttpStatusCode.OK) { cancellationToken.ThrowIfCancellationRequested(); CloudException ex = CloudException.Create(httpRequest, null, httpResponse, await httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false)); if (shouldTrace) { TracingAdapter.Error(invocationId, ex); } throw ex; } // Create Result DatabaseSecurityAlertPolicyGetResponse result = null; // Deserialize Response if (statusCode == HttpStatusCode.OK) { cancellationToken.ThrowIfCancellationRequested(); string responseContent = await httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false); result = new DatabaseSecurityAlertPolicyGetResponse(); JToken responseDoc = null; if (string.IsNullOrEmpty(responseContent) == false) { responseDoc = JToken.Parse(responseContent); } if (responseDoc != null && responseDoc.Type != JTokenType.Null) { DatabaseSecurityAlertPolicy securityAlertPolicyInstance = new DatabaseSecurityAlertPolicy(); result.SecurityAlertPolicy = securityAlertPolicyInstance; JToken propertiesValue = responseDoc["properties"]; if (propertiesValue != null && propertiesValue.Type != JTokenType.Null) { DatabaseSecurityAlertPolicyProperties propertiesInstance = new DatabaseSecurityAlertPolicyProperties(); securityAlertPolicyInstance.Properties = propertiesInstance; JToken stateValue = propertiesValue["state"]; if (stateValue != null && stateValue.Type != JTokenType.Null) { string stateInstance = ((string)stateValue); propertiesInstance.State = stateInstance; } JToken disabledAlertsValue = propertiesValue["disabledAlerts"]; if (disabledAlertsValue != null && disabledAlertsValue.Type != JTokenType.Null) { string disabledAlertsInstance = ((string)disabledAlertsValue); propertiesInstance.DisabledAlerts = disabledAlertsInstance; } JToken emailAddressesValue = propertiesValue["emailAddresses"]; if (emailAddressesValue != null && emailAddressesValue.Type != JTokenType.Null) { string emailAddressesInstance = ((string)emailAddressesValue); propertiesInstance.EmailAddresses = emailAddressesInstance; } JToken emailAccountAdminsValue = propertiesValue["emailAccountAdmins"]; if (emailAccountAdminsValue != null && emailAccountAdminsValue.Type != JTokenType.Null) { string emailAccountAdminsInstance = ((string)emailAccountAdminsValue); propertiesInstance.EmailAccountAdmins = emailAccountAdminsInstance; } } JToken idValue = responseDoc["id"]; if (idValue != null && idValue.Type != JTokenType.Null) { string idInstance = ((string)idValue); securityAlertPolicyInstance.Id = idInstance; } JToken nameValue = responseDoc["name"]; if (nameValue != null && nameValue.Type != JTokenType.Null) { string nameInstance = ((string)nameValue); securityAlertPolicyInstance.Name = nameInstance; } JToken typeValue = responseDoc["type"]; if (typeValue != null && typeValue.Type != JTokenType.Null) { string typeInstance = ((string)typeValue); securityAlertPolicyInstance.Type = typeInstance; } JToken locationValue = responseDoc["location"]; if (locationValue != null && locationValue.Type != JTokenType.Null) { string locationInstance = ((string)locationValue); securityAlertPolicyInstance.Location = locationInstance; } JToken tagsSequenceElement = ((JToken)responseDoc["tags"]); if (tagsSequenceElement != null && tagsSequenceElement.Type != JTokenType.Null) { foreach (JProperty property in tagsSequenceElement) { string tagsKey = ((string)property.Name); string tagsValue = ((string)property.Value); securityAlertPolicyInstance.Tags.Add(tagsKey, tagsValue); } } } } result.StatusCode = statusCode; if (httpResponse.Headers.Contains("x-ms-request-id")) { result.RequestId = httpResponse.Headers.GetValues("x-ms-request-id").FirstOrDefault(); } if (shouldTrace) { TracingAdapter.Exit(invocationId, result); } return(result); } finally { if (httpResponse != null) { httpResponse.Dispose(); } } } finally { if (httpRequest != null) { httpRequest.Dispose(); } } }
/// <summary> /// Transforms the given database policy object to its cmdlet model representation /// </summary> private DatabaseThreatDetectionPolicyModel ModelizeDatabaseThreatDetectionPolicy(DatabaseSecurityAlertPolicy threatDetectionPolicy) { DatabaseThreatDetectionPolicyModel databaseThreatDetectionPolicyModel = new DatabaseThreatDetectionPolicyModel(); DatabaseSecurityAlertPolicyProperties threatDetectionProperties = threatDetectionPolicy.Properties; databaseThreatDetectionPolicyModel.ThreatDetectionState = ModelizeThreatDetectionState(threatDetectionProperties.State); databaseThreatDetectionPolicyModel.NotificationRecipientsEmails = threatDetectionProperties.EmailAddresses; databaseThreatDetectionPolicyModel.EmailAdmins = ModelizeThreatDetectionEmailAdmins(threatDetectionProperties.EmailAccountAdmins); ModelizeDisabledAlerts(databaseThreatDetectionPolicyModel, threatDetectionProperties.DisabledAlerts); return(databaseThreatDetectionPolicyModel); }
/// <summary> /// Creates or updates a database's security alert policy. /// </summary> /// <param name='resourceGroupName'> /// The name of the resource group that contains the resource. You can obtain /// this value from the Azure Resource Manager API or the portal. /// </param> /// <param name='serverName'> /// The name of the server. /// </param> /// <param name='databaseName'> /// The name of the database for which the security alert policy is defined. /// </param> /// <param name='parameters'> /// The database security alert policy. /// </param> /// <param name='customHeaders'> /// Headers that will be added to request. /// </param> /// <param name='cancellationToken'> /// The cancellation token. /// </param> /// <exception cref="CloudException"> /// Thrown when the operation returned an invalid status code /// </exception> /// <exception cref="SerializationException"> /// Thrown when unable to deserialize the response /// </exception> /// <exception cref="ValidationException"> /// Thrown when a required parameter is null /// </exception> /// <exception cref="System.ArgumentNullException"> /// Thrown when a required parameter is null /// </exception> /// <return> /// A response object containing the response body and response headers. /// </return> public async Task <AzureOperationResponse <DatabaseSecurityAlertPolicy> > CreateOrUpdateWithHttpMessagesAsync(string resourceGroupName, string serverName, string databaseName, DatabaseSecurityAlertPolicy parameters, Dictionary <string, List <string> > customHeaders = null, CancellationToken cancellationToken = default(CancellationToken)) { if (resourceGroupName == null) { throw new ValidationException(ValidationRules.CannotBeNull, "resourceGroupName"); } if (serverName == null) { throw new ValidationException(ValidationRules.CannotBeNull, "serverName"); } if (databaseName == null) { throw new ValidationException(ValidationRules.CannotBeNull, "databaseName"); } if (parameters == null) { throw new ValidationException(ValidationRules.CannotBeNull, "parameters"); } if (parameters != null) { parameters.Validate(); } if (Client.SubscriptionId == null) { throw new ValidationException(ValidationRules.CannotBeNull, "this.Client.SubscriptionId"); } string securityAlertPolicyName = "default"; string apiVersion = "2020-11-01-preview"; // Tracing bool _shouldTrace = ServiceClientTracing.IsEnabled; string _invocationId = null; if (_shouldTrace) { _invocationId = ServiceClientTracing.NextInvocationId.ToString(); Dictionary <string, object> tracingParameters = new Dictionary <string, object>(); tracingParameters.Add("resourceGroupName", resourceGroupName); tracingParameters.Add("serverName", serverName); tracingParameters.Add("databaseName", databaseName); tracingParameters.Add("securityAlertPolicyName", securityAlertPolicyName); tracingParameters.Add("parameters", parameters); tracingParameters.Add("apiVersion", apiVersion); tracingParameters.Add("cancellationToken", cancellationToken); ServiceClientTracing.Enter(_invocationId, this, "CreateOrUpdate", tracingParameters); } // Construct URL var _baseUrl = Client.BaseUri.AbsoluteUri; var _url = new System.Uri(new System.Uri(_baseUrl + (_baseUrl.EndsWith("/") ? "" : "/")), "subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}/databases/{databaseName}/securityAlertPolicies/{securityAlertPolicyName}").ToString(); _url = _url.Replace("{resourceGroupName}", System.Uri.EscapeDataString(resourceGroupName)); _url = _url.Replace("{serverName}", System.Uri.EscapeDataString(serverName)); _url = _url.Replace("{databaseName}", System.Uri.EscapeDataString(databaseName)); _url = _url.Replace("{securityAlertPolicyName}", System.Uri.EscapeDataString(securityAlertPolicyName)); _url = _url.Replace("{subscriptionId}", System.Uri.EscapeDataString(Client.SubscriptionId)); List <string> _queryParameters = new List <string>(); if (apiVersion != null) { _queryParameters.Add(string.Format("api-version={0}", System.Uri.EscapeDataString(apiVersion))); } if (_queryParameters.Count > 0) { _url += (_url.Contains("?") ? "&" : "?") + string.Join("&", _queryParameters); } // Create HTTP transport objects var _httpRequest = new HttpRequestMessage(); HttpResponseMessage _httpResponse = null; _httpRequest.Method = new HttpMethod("PUT"); _httpRequest.RequestUri = new System.Uri(_url); // Set Headers if (Client.GenerateClientRequestId != null && Client.GenerateClientRequestId.Value) { _httpRequest.Headers.TryAddWithoutValidation("x-ms-client-request-id", System.Guid.NewGuid().ToString()); } if (Client.AcceptLanguage != null) { if (_httpRequest.Headers.Contains("accept-language")) { _httpRequest.Headers.Remove("accept-language"); } _httpRequest.Headers.TryAddWithoutValidation("accept-language", Client.AcceptLanguage); } if (customHeaders != null) { foreach (var _header in customHeaders) { if (_httpRequest.Headers.Contains(_header.Key)) { _httpRequest.Headers.Remove(_header.Key); } _httpRequest.Headers.TryAddWithoutValidation(_header.Key, _header.Value); } } // Serialize Request string _requestContent = null; if (parameters != null) { _requestContent = Rest.Serialization.SafeJsonConvert.SerializeObject(parameters, Client.SerializationSettings); _httpRequest.Content = new StringContent(_requestContent, System.Text.Encoding.UTF8); _httpRequest.Content.Headers.ContentType = System.Net.Http.Headers.MediaTypeHeaderValue.Parse("application/json; charset=utf-8"); } // Set Credentials if (Client.Credentials != null) { cancellationToken.ThrowIfCancellationRequested(); await Client.Credentials.ProcessHttpRequestAsync(_httpRequest, cancellationToken).ConfigureAwait(false); } // Send Request if (_shouldTrace) { ServiceClientTracing.SendRequest(_invocationId, _httpRequest); } cancellationToken.ThrowIfCancellationRequested(); _httpResponse = await Client.HttpClient.SendAsync(_httpRequest, cancellationToken).ConfigureAwait(false); if (_shouldTrace) { ServiceClientTracing.ReceiveResponse(_invocationId, _httpResponse); } HttpStatusCode _statusCode = _httpResponse.StatusCode; cancellationToken.ThrowIfCancellationRequested(); string _responseContent = null; if ((int)_statusCode != 200 && (int)_statusCode != 201) { var ex = new CloudException(string.Format("Operation returned an invalid status code '{0}'", _statusCode)); try { _responseContent = await _httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false); CloudError _errorBody = Rest.Serialization.SafeJsonConvert.DeserializeObject <CloudError>(_responseContent, Client.DeserializationSettings); if (_errorBody != null) { ex = new CloudException(_errorBody.Message); ex.Body = _errorBody; } } catch (JsonException) { // Ignore the exception } ex.Request = new HttpRequestMessageWrapper(_httpRequest, _requestContent); ex.Response = new HttpResponseMessageWrapper(_httpResponse, _responseContent); if (_httpResponse.Headers.Contains("x-ms-request-id")) { ex.RequestId = _httpResponse.Headers.GetValues("x-ms-request-id").FirstOrDefault(); } if (_shouldTrace) { ServiceClientTracing.Error(_invocationId, ex); } _httpRequest.Dispose(); if (_httpResponse != null) { _httpResponse.Dispose(); } throw ex; } // Create Result var _result = new AzureOperationResponse <DatabaseSecurityAlertPolicy>(); _result.Request = _httpRequest; _result.Response = _httpResponse; if (_httpResponse.Headers.Contains("x-ms-request-id")) { _result.RequestId = _httpResponse.Headers.GetValues("x-ms-request-id").FirstOrDefault(); } // Deserialize Response if ((int)_statusCode == 200) { _responseContent = await _httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false); try { _result.Body = Rest.Serialization.SafeJsonConvert.DeserializeObject <DatabaseSecurityAlertPolicy>(_responseContent, Client.DeserializationSettings); } catch (JsonException ex) { _httpRequest.Dispose(); if (_httpResponse != null) { _httpResponse.Dispose(); } throw new SerializationException("Unable to deserialize the response.", _responseContent, ex); } } // Deserialize Response if ((int)_statusCode == 201) { _responseContent = await _httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false); try { _result.Body = Rest.Serialization.SafeJsonConvert.DeserializeObject <DatabaseSecurityAlertPolicy>(_responseContent, Client.DeserializationSettings); } catch (JsonException ex) { _httpRequest.Dispose(); if (_httpResponse != null) { _httpResponse.Dispose(); } throw new SerializationException("Unable to deserialize the response.", _responseContent, ex); } } if (_shouldTrace) { ServiceClientTracing.Exit(_invocationId, _result); } return(_result); }
/// <summary> /// Creates or updates a database's threat detection policy. /// </summary> /// <param name='operations'> /// The operations group for this extension method. /// </param> /// <param name='resourceGroupName'> /// The name of the resource group that contains the resource. You can obtain /// this value from the Azure Resource Manager API or the portal. /// </param> /// <param name='serverName'> /// The name of the server. /// </param> /// <param name='databaseName'> /// The name of the database for which database Threat Detection policy is /// defined. /// </param> /// <param name='parameters'> /// The database Threat Detection policy. /// </param> public static DatabaseSecurityAlertPolicy CreateOrUpdate(this IDatabaseThreatDetectionPoliciesOperations operations, string resourceGroupName, string serverName, string databaseName, DatabaseSecurityAlertPolicy parameters) { return(operations.CreateOrUpdateAsync(resourceGroupName, serverName, databaseName, parameters).GetAwaiter().GetResult()); }
/// <summary> /// Creates or updates a database's threat detection policy. /// </summary> /// <param name='operations'> /// The operations group for this extension method. /// </param> /// <param name='resourceGroupName'> /// The name of the resource group that contains the resource. You can obtain /// this value from the Azure Resource Manager API or the portal. /// </param> /// <param name='serverName'> /// The name of the server. /// </param> /// <param name='databaseName'> /// The name of the database for which database Threat Detection policy is /// defined. /// </param> /// <param name='parameters'> /// The database Threat Detection policy. /// </param> /// <param name='cancellationToken'> /// The cancellation token. /// </param> public static async Task <DatabaseSecurityAlertPolicy> CreateOrUpdateAsync(this IDatabaseThreatDetectionPoliciesOperations operations, string resourceGroupName, string serverName, string databaseName, DatabaseSecurityAlertPolicy parameters, CancellationToken cancellationToken = default(CancellationToken)) { using (var _result = await operations.CreateOrUpdateWithHttpMessagesAsync(resourceGroupName, serverName, databaseName, parameters, null, cancellationToken).ConfigureAwait(false)) { return(_result.Body); } }
public void TestThreatDetection() { string testPrefix = "server-security-alert-test-"; using (SqlManagementTestContext context = new SqlManagementTestContext(this)) { ResourceGroup resourceGroup = context.CreateResourceGroup(); Server server = context.CreateServer(resourceGroup); SqlManagementClient sqlClient = context.GetClient <SqlManagementClient>(); // create some databases in server Database[] databases = SqlManagementTestUtilities.CreateDatabasesAsync( sqlClient, resourceGroup.Name, server, testPrefix, 2).Result; // ******* Server threat detection ******* ServerSecurityAlertPolicy defaultServerPolicyResponse = sqlClient.ServerSecurityAlertPolicies.Get(resourceGroup.Name, server.Name); // Verify that the initial Get request contains the default policy. VerifyServerSecurityAlertPolicyInformation(GetDefaultServerSecurityAlertProperties(), defaultServerPolicyResponse); // Modify the policy properties, send and receive and see it its still ok ServerSecurityAlertPolicy updatedServerPolicy = new ServerSecurityAlertPolicy { State = SecurityAlertsPolicyState.Enabled, EmailAccountAdmins = true }; //Set security alert policy for server sqlClient.ServerSecurityAlertPolicies.CreateOrUpdate(resourceGroup.Name, server.Name, updatedServerPolicy); //Get security alert server policy var getUpdatedServerPolicyResponse = sqlClient.ServerSecurityAlertPolicies.Get(resourceGroup.Name, server.Name); // Verify that the Get request contains the updated policy. Assert.Equal(updatedServerPolicy.State, getUpdatedServerPolicyResponse.State); Assert.Equal(updatedServerPolicy.EmailAccountAdmins, getUpdatedServerPolicyResponse.EmailAccountAdmins); // Modify the policy properties again, send and receive and see it its still ok updatedServerPolicy = new ServerSecurityAlertPolicy { State = SecurityAlertsPolicyState.Disabled, EmailAccountAdmins = true, EmailAddresses = new List <string>() { "*****@*****.**", "*****@*****.**" }, DisabledAlerts = new List <string>() { "Sql_Injection" }, RetentionDays = 3, StorageAccountAccessKey = "fake_key_sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==", StorageEndpoint = "https://MyAccount.blob.core.windows.net/", }; //Set security alert policy for server sqlClient.ServerSecurityAlertPolicies.CreateOrUpdate(resourceGroup.Name, server.Name, updatedServerPolicy); //Get security alert server policy getUpdatedServerPolicyResponse = sqlClient.ServerSecurityAlertPolicies.Get(resourceGroup.Name, server.Name); // Verify that the Get request contains the updated policy. VerifyServerSecurityAlertPolicyInformation(updatedServerPolicy, getUpdatedServerPolicyResponse); // ******* Database threat detection ******* string dbName = databases[0].Name; DatabaseSecurityAlertPolicy defaultDatabasePolicyResponse = sqlClient.DatabaseSecurityAlertPolicies.Get(resourceGroup.Name, server.Name, dbName); // Verify that the initial Get request contains the default policy. VerifyDatabaseSecurityAlertPolicyInformation(GetDefaultDatabaseSecurityAlertProperties(), defaultDatabasePolicyResponse); // Modify the policy properties, send and receive and see it its still ok DatabaseSecurityAlertPolicy updatedDatabasePolicy = new DatabaseSecurityAlertPolicy { State = SecurityAlertsPolicyState.Disabled, EmailAccountAdmins = true, EmailAddresses = new List <string>() { "*****@*****.**" }, DisabledAlerts = new List <string>() { "Access_Anomaly", "Usage_Anomaly" }, RetentionDays = 5, StorageAccountAccessKey = "fake_key_sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==", StorageEndpoint = "https://MyAccount.blob.core.windows.net/" }; sqlClient.DatabaseSecurityAlertPolicies.CreateOrUpdate(resourceGroup.Name, server.Name, dbName, updatedDatabasePolicy); var getUpdatedDatabasePolicyResponse = sqlClient.DatabaseSecurityAlertPolicies.Get(resourceGroup.Name, server.Name, dbName); // Verify that the Get request contains the updated policy. VerifyDatabaseSecurityAlertPolicyInformation(updatedDatabasePolicy, getUpdatedDatabasePolicyResponse); } }