/// <summary>
/// Provides a managed instance Advanced Data Security policy model for the given managed instance
/// </summary>
public ManagedInstanceAdvancedDataSecurityPolicyModel GetManagedInstanceAdvancedDataSecurityPolicy(string resourceGroup, string managedInstanceName)
{
// Currently Advanced Threat Protection policy is a TD policy until the backend will support Advanced Threat Protection APIs
var threatDetectionPolicy = SqlThreatDetectionAdapter.GetManagedInstanceThreatDetectionPolicy(resourceGroup, managedInstanceName);
var managedInstanceAdvancedDataSecurityPolicy = new ManagedInstanceAdvancedDataSecurityPolicyModel()
{
ResourceGroupName = resourceGroup,
ManagedInstanceName = managedInstanceName,
IsEnabled = (threatDetectionPolicy.ThreatDetectionState == ThreatDetectionStateType.Enabled)
};
return(managedInstanceAdvancedDataSecurityPolicy);
}
/// <summary>
/// This method is responsible to call the right API in the communication layer that will eventually send the information in the
/// object to the REST endpoint
/// </summary>
/// <param name="model">The model object with the data to be sent to the REST endpoints</param>
protected override ManagedInstanceAdvancedDataSecurityPolicyModel PersistChanges(ManagedInstanceAdvancedDataSecurityPolicyModel model)
{
model.IsEnabled = false;
ModelAdapter.SetManagedInstanceAdvancedDataSecurity(model);
return(model);
}
/// <summary>
/// Sets a managed instance Advanced Threat Protection policy model for the given managed instance
/// </summary>
public ManagedInstanceAdvancedDataSecurityPolicyModel SetManagedInstanceAdvancedThreatProtection(ManagedInstanceAdvancedDataSecurityPolicyModel model)
{
// Currently Advanced Threat Protection policy is a TD policy until the backend will support Advanced Threat Protection APIs
var threatDetectionPolicy = SqlThreatDetectionAdapter.GetManagedInstanceThreatDetectionPolicy(model.ResourceGroupName, model.ManagedInstanceName);
threatDetectionPolicy.ThreatDetectionState = model.IsEnabled ? ThreatDetectionStateType.Enabled : ThreatDetectionStateType.Disabled;
SqlThreatDetectionAdapter.SetManagedInstanceThreatDetectionPolicy(threatDetectionPolicy, AzureEnvironment.Endpoint.StorageEndpointSuffix);
return(model);
}
/// <summary>
/// No sending is needed as this is a Get cmdlet
/// </summary>
/// <param name="model">The model object with the data to be sent to the REST endpoints</param>
protected override ManagedInstanceAdvancedDataSecurityPolicyModel PersistChanges(ManagedInstanceAdvancedDataSecurityPolicyModel model)
{
return(model);
}
/// <summary>
/// Provides the model element that this cmdlet operates on
/// </summary>
/// <returns>A model object</returns>
protected override ManagedInstanceAdvancedDataSecurityPolicyModel GetEntity()
{
ManagedInstanceAdvancedDataSecurityPolicyModel model = base.GetEntity();
return(ModelAdapter.GetManagedInstanceAdvancedDataSecurityPolicy(model.ResourceGroupName, model.ManagedInstanceName));
}
/// <summary>
/// This method is responsible to call the right API in the communication layer that will eventually send the information in the
/// object to the REST endpoint
/// </summary>
/// <param name="model">The model object with the data to be sent to the REST endpoints</param>
protected override ManagedInstanceAdvancedDataSecurityPolicyModel PersistChanges(ManagedInstanceAdvancedDataSecurityPolicyModel model)
{
model.IsEnabled = false;
ModelAdapter.SetManagedInstanceAdvancedDataSecurity(model, DefaultContext.Environment.GetEndpoint(AzureEnvironment.Endpoint.StorageEndpointSuffix));
return(model);
}
/// <summary>
/// This method is responsible to call the right API in the communication layer that will eventually send the information in the
/// object to the REST endpoint
/// </summary>
/// <param name="model">The model object with the data to be sent to the REST endpoints</param>
protected override ManagedInstanceAdvancedDataSecurityPolicyModel PersistChanges(ManagedInstanceAdvancedDataSecurityPolicyModel model)
{
model.IsEnabled = true;
if (DoNotConfigureVulnerabilityAssessment)
{
ModelAdapter.SetManagedInstanceAdvancedDataSecurity(model);
}
else
{
// Deploy arm template to enable VA - only if VA at server level is not defined
var vaAdapter = new SqlVulnerabilityAssessmentAdapter(DefaultContext);
var vaModel = vaAdapter.GetVulnerabilityAssessmentSettings(ResourceGroupName, InstanceName, "", ApplyToType.ManagedInstance);
if (string.IsNullOrEmpty(vaModel.StorageAccountName))
{
var instanceAdapter = new AzureSqlManagedInstanceAdapter(DefaultContext);
var instanceModel = instanceAdapter.GetManagedInstance(ResourceGroupName, InstanceName);
ModelAdapter.EnableInstanceAdsWithVa(ResourceGroupName, InstanceName, instanceModel.Location, DeploymentName);
}
else
{
ModelAdapter.SetManagedInstanceAdvancedDataSecurity(model);
}
}
return(model);
}
