public static void ValidateServer(Server actual, string name, string login, string version, Dictionary <string, string> tags, string location, string publicNetworkAccess = null, string minimalTlsVersion = null, string restrictOutboundNetworkAccess = null)
{
Assert.NotNull(actual);
Assert.Equal(name, actual.Name);
Assert.Equal(login, actual.AdministratorLogin);
Assert.Equal(version, actual.Version);
SqlManagementTestUtilities.AssertCollection(tags, actual.Tags);
// Location is being returned two different ways across different APIs.
Assert.Equal(location.ToLower().Replace(" ", ""), actual.Location.ToLower().Replace(" ", ""));
if (publicNetworkAccess != null)
{
Assert.Equal(publicNetworkAccess, actual.PublicNetworkAccess);
}
if (minimalTlsVersion != null)
{
Assert.Equal(minimalTlsVersion, actual.MinimalTlsVersion);
}
if (restrictOutboundNetworkAccess != null)
{
Assert.Equal(restrictOutboundNetworkAccess, actual.RestrictOutboundNetworkAccess);
}
}
public async void TestCreateUpdateGetManagedInstanceVulnerabilityAssessments()
{
SqlManagementClient sqlClient = m_testFixture.Context.GetClient <SqlManagementClient>();
// Verify Policy is empty to begin with
ManagedInstanceVulnerabilityAssessment policyThatWasReceived = sqlClient.ManagedInstanceVulnerabilityAssessments.Get(m_testFixture.ResourceGroup.Name, m_testFixture.ManagedInstance.Name);
Assert.Null(policyThatWasReceived.StorageContainerPath);
Assert.Null(policyThatWasReceived.StorageAccountAccessKey);
Assert.False(policyThatWasReceived.RecurringScans.IsEnabled);
// Set policy and then get policy and verify correctness
ManagedInstanceVulnerabilityAssessment policyThatWasSet = await SetPolicy(m_testFixture.Context, sqlClient, m_testFixture.ResourceGroup, m_testFixture.ManagedInstance);
policyThatWasReceived = sqlClient.ManagedInstanceVulnerabilityAssessments.Get(m_testFixture.ResourceGroup.Name, m_testFixture.ManagedInstance.Name);
Assert.Equal(policyThatWasSet.StorageContainerPath, policyThatWasReceived.StorageContainerPath);
Assert.Null(policyThatWasSet.StorageAccountAccessKey);
Assert.Equal(policyThatWasSet.RecurringScans.IsEnabled, policyThatWasReceived.RecurringScans.IsEnabled);
SqlManagementTestUtilities.AssertCollection(policyThatWasSet.RecurringScans.Emails, policyThatWasReceived.RecurringScans.Emails);
Assert.Equal(policyThatWasSet.RecurringScans.EmailSubscriptionAdmins, policyThatWasReceived.RecurringScans.EmailSubscriptionAdmins);
// Delete policy and then get policy and verify correctness
sqlClient.ManagedInstanceVulnerabilityAssessments.Delete(m_testFixture.ResourceGroup.Name, m_testFixture.ManagedInstance.Name);
// Get policy after deletion
policyThatWasReceived = sqlClient.ManagedInstanceVulnerabilityAssessments.Get(m_testFixture.ResourceGroup.Name, m_testFixture.ManagedInstance.Name);
Assert.Null(policyThatWasReceived.StorageContainerPath);
Assert.Null(policyThatWasReceived.StorageAccountAccessKey);
Assert.False(policyThatWasReceived.RecurringScans.IsEnabled);
}
public static void ValidateManagedInstance(
ManagedInstance actual,
IDictionary <string, string> tags = null,
string instancePoolId = null,
bool shouldCheckState = false)
{
Assert.NotNull(actual);
if (shouldCheckState)
{
Assert.Equal("Succeeded", actual.ProvisioningState);
}
if (tags != null)
{
// Remove our default tag before validation
actual.Tags.Remove(ManagedInstanceTestUtilities.Tags.First().Key);
SqlManagementTestUtilities.AssertCollection(tags, actual.Tags);
}
if (instancePoolId != null)
{
Assert.Equal(actual.InstancePoolId, instancePoolId);
}
}
public static void ValidateManagedInstance(ManagedInstance actual, string name, string login, Dictionary <string, string> tags, string location)
{
Assert.NotNull(actual);
Assert.Equal(name, actual.Name);
Assert.Equal(login, actual.AdministratorLogin);
SqlManagementTestUtilities.AssertCollection(tags, actual.Tags);
// Location is being returned two different ways across different APIs.
Assert.Equal(location.ToLower().Replace(" ", ""), actual.Location.ToLower().Replace(" ", ""));
}
public static void ValidateDatabaseEx(Database expected, Database actual)
{
Assert.Equal(expected.Name, actual.Name);
Assert.Equal(expected.ElasticPoolName, actual.ElasticPoolName);
Assert.NotNull(actual.CreationDate);
Assert.NotNull(actual.DatabaseId);
Assert.NotNull(actual.Id);
Assert.NotNull(actual.Type);
// Old 2014-04-01 apis return en-us location friendly name, e.g. "Japan East",
// newer apis return locaion id e.g. "japaneast". This makes comparison
// logic annoying until we have a newer api-version for database.
//Assert.Equal(expected.Location, actual.Location);
if (!string.IsNullOrEmpty(expected.Collation))
{
Assert.Equal(expected.Collation, actual.Collation);
}
else
{
Assert.NotNull(actual.Collation);
}
if (!string.IsNullOrEmpty(expected.Edition))
{
Assert.Equal(expected.Edition, actual.Edition);
}
else
{
Assert.NotNull(actual.Edition);
}
if (expected.MaxSizeBytes != null)
{
Assert.Equal(expected.MaxSizeBytes, actual.MaxSizeBytes);
}
else
{
Assert.NotNull(actual.MaxSizeBytes);
}
if (!string.IsNullOrEmpty(expected.RequestedServiceObjectiveName))
{
Assert.Equal(expected.RequestedServiceObjectiveName, actual.RequestedServiceObjectiveName);
}
else
{
Assert.NotNull(actual.RequestedServiceObjectiveName);
}
if (expected.Tags != null)
{
SqlManagementTestUtilities.AssertCollection(expected.Tags, actual.Tags);
}
}
public async void TestCreateUpdateGetDatabaseVulnerabilityAssessments()
{
string testPrefix = "sqlvulnerabilityassessmentcrudtest-";
using (SqlManagementTestContext context = new SqlManagementTestContext(this))
{
ResourceGroup resourceGroup = context.CreateResourceGroup();
SqlManagementClient sqlClient = context.GetClient <SqlManagementClient>();
Server server = context.CreateServer(resourceGroup);
// Create database
//
string dbName = SqlManagementTestUtilities.GenerateName(testPrefix);
var db1 = sqlClient.Databases.CreateOrUpdate(resourceGroup.Name, server.Name, dbName, new Database()
{
Location = server.Location,
});
Assert.NotNull(db1);
// Turn ON database threat detection as a prerequisite to use VA
DatabaseSecurityAlertPolicy updatedDatabasePolicy = new DatabaseSecurityAlertPolicy
{
State = SecurityAlertPolicyState.Enabled,
EmailAccountAdmins = SecurityAlertPolicyEmailAccountAdmins.Enabled
};
sqlClient.DatabaseThreatDetectionPolicies.CreateOrUpdate(resourceGroup.Name, server.Name, dbName, updatedDatabasePolicy);
// Verify Policy is empty to begin with
DatabaseVulnerabilityAssessment policyThatWasReceived = sqlClient.DatabaseVulnerabilityAssessments.Get(resourceGroup.Name, server.Name, dbName);
Assert.Null(policyThatWasReceived.StorageContainerPath);
Assert.Null(policyThatWasReceived.StorageContainerSasKey);
Assert.False(policyThatWasReceived.RecurringScans.IsEnabled);
// Set policy and then get policy and verify correctness
DatabaseVulnerabilityAssessment policyThatWasSet = await SetPolicy(context, sqlClient, resourceGroup, server, dbName);
policyThatWasReceived = sqlClient.DatabaseVulnerabilityAssessments.Get(resourceGroup.Name, server.Name, dbName);
Assert.Equal(policyThatWasSet.StorageContainerPath, policyThatWasReceived.StorageContainerPath);
Assert.Null(policyThatWasSet.StorageContainerSasKey);
Assert.Equal(policyThatWasSet.RecurringScans.IsEnabled, policyThatWasReceived.RecurringScans.IsEnabled);
SqlManagementTestUtilities.AssertCollection(policyThatWasSet.RecurringScans.Emails, policyThatWasReceived.RecurringScans.Emails);
Assert.Equal(policyThatWasSet.RecurringScans.EmailSubscriptionAdmins, policyThatWasReceived.RecurringScans.EmailSubscriptionAdmins);
// Delete policy and then get policy and verify correctness
sqlClient.DatabaseVulnerabilityAssessments.Delete(resourceGroup.Name, server.Name, dbName);
// Get policy after deletion
policyThatWasReceived = sqlClient.DatabaseVulnerabilityAssessments.Get(resourceGroup.Name, server.Name, dbName);
Assert.Null(policyThatWasReceived.StorageContainerPath);
Assert.Null(policyThatWasReceived.StorageContainerSasKey);
Assert.False(policyThatWasReceived.RecurringScans.IsEnabled);
};
}
public static void ValidateInstancePool(
InstancePool actual, string name, int vCores, string subnetId, string location, Dictionary <string, string> tags)
{
Assert.NotNull(actual);
Assert.Equal(name, actual.Name);
Assert.Equal(vCores, actual.VCores);
Assert.Equal(subnetId, actual.SubnetId);
SqlManagementTestUtilities.AssertCollection(tags, actual.Tags);
// Location is being returned two different ways across different APIs.
Assert.Equal(location.ToLower().Replace(" ", ""), actual.Location.ToLower().Replace(" ", ""));
}
public async void TestCreateUpdateGetDatabaseVulnerabilityAssessments()
{
using (SqlManagementTestContext context = new SqlManagementTestContext(this))
{
string testPrefix = "sqlvulnerabilityassessmentcrudtest-";
SqlManagementClient sqlClient = context.GetClient <SqlManagementClient>();
var resourceGroup = context.CreateResourceGroup();
var managedInstance = context.CreateManagedInstance(resourceGroup);
// Create managed database
//
string dbName = SqlManagementTestUtilities.GenerateName(testPrefix);
var db1 = sqlClient.ManagedDatabases.CreateOrUpdate(resourceGroup.Name, managedInstance.Name, dbName, new ManagedDatabase()
{
Location = managedInstance.Location,
});
Assert.NotNull(db1);
// Verify Policy is empty to begin with
DatabaseVulnerabilityAssessment policyThatWasReceived = sqlClient.ManagedDatabaseVulnerabilityAssessments.Get(resourceGroup.Name, managedInstance.Name, dbName);
Assert.Null(policyThatWasReceived.StorageContainerPath);
Assert.Null(policyThatWasReceived.StorageContainerSasKey);
Assert.False(policyThatWasReceived.RecurringScans.IsEnabled);
// Set policy and then get policy and verify correctness
DatabaseVulnerabilityAssessment policyThatWasSet = await SetPolicy(context, sqlClient, resourceGroup, managedInstance, dbName);
policyThatWasReceived = sqlClient.ManagedDatabaseVulnerabilityAssessments.Get(resourceGroup.Name, managedInstance.Name, dbName);
Assert.Equal(policyThatWasSet.StorageContainerPath, policyThatWasReceived.StorageContainerPath);
Assert.Null(policyThatWasSet.StorageContainerSasKey);
Assert.Equal(policyThatWasSet.RecurringScans.IsEnabled, policyThatWasReceived.RecurringScans.IsEnabled);
SqlManagementTestUtilities.AssertCollection(policyThatWasSet.RecurringScans.Emails, policyThatWasReceived.RecurringScans.Emails);
Assert.Equal(policyThatWasSet.RecurringScans.EmailSubscriptionAdmins, policyThatWasReceived.RecurringScans.EmailSubscriptionAdmins);
// Delete policy and then get policy and verify correctness
sqlClient.ManagedDatabaseVulnerabilityAssessments.Delete(resourceGroup.Name, managedInstance.Name, dbName);
// Get policy after deletion
policyThatWasReceived = sqlClient.ManagedDatabaseVulnerabilityAssessments.Get(resourceGroup.Name, managedInstance.Name, dbName);
Assert.Null(policyThatWasReceived.StorageContainerPath);
Assert.Null(policyThatWasReceived.StorageContainerSasKey);
Assert.False(policyThatWasReceived.RecurringScans.IsEnabled);
}
}
public async void TestCreateUpdateGetServerVulnerabilityAssessments()
{
using (SqlManagementTestContext context = new SqlManagementTestContext(this))
{
ResourceGroup resourceGroup = context.CreateResourceGroup();
SqlManagementClient sqlClient = context.GetClient <SqlManagementClient>();
Server server = context.CreateServer(resourceGroup);
// Turn ON Server ATP(threat detection) as a prerequisite to use VA
ServerSecurityAlertPolicy updatedServerPolicy = new ServerSecurityAlertPolicy
{
State = SecurityAlertsPolicyState.Enabled,
EmailAccountAdmins = true
};
//Set security alert policy for server
sqlClient.ServerSecurityAlertPolicies.CreateOrUpdate(resourceGroup.Name, server.Name, updatedServerPolicy);
// Verify Policy is empty to begin with
ServerVulnerabilityAssessment policyThatWasReceived = sqlClient.ServerVulnerabilityAssessments.Get(resourceGroup.Name, server.Name);
Assert.Null(policyThatWasReceived.StorageContainerPath);
Assert.Null(policyThatWasReceived.StorageAccountAccessKey);
Assert.False(policyThatWasReceived.RecurringScans.IsEnabled);
// Set policy and then get policy and verify correctness
ServerVulnerabilityAssessment policyThatWasSet = await SetPolicy(context, sqlClient, resourceGroup, server);
policyThatWasReceived = sqlClient.ServerVulnerabilityAssessments.Get(resourceGroup.Name, server.Name);
Assert.Equal(policyThatWasSet.StorageContainerPath, policyThatWasReceived.StorageContainerPath);
Assert.Null(policyThatWasSet.StorageAccountAccessKey);
Assert.Equal(policyThatWasSet.RecurringScans.IsEnabled, policyThatWasReceived.RecurringScans.IsEnabled);
SqlManagementTestUtilities.AssertCollection(policyThatWasSet.RecurringScans.Emails, policyThatWasReceived.RecurringScans.Emails);
Assert.Equal(policyThatWasSet.RecurringScans.EmailSubscriptionAdmins, policyThatWasReceived.RecurringScans.EmailSubscriptionAdmins);
// Delete policy and then get policy and verify correctness
sqlClient.ServerVulnerabilityAssessments.Delete(resourceGroup.Name, server.Name);
// Get policy after deletion
policyThatWasReceived = sqlClient.ServerVulnerabilityAssessments.Get(resourceGroup.Name, server.Name);
Assert.Null(policyThatWasReceived.StorageContainerPath);
Assert.Null(policyThatWasReceived.StorageAccountAccessKey);
Assert.False(policyThatWasReceived.RecurringScans.IsEnabled);
};
}
public static void ValidateManagedInstance(ManagedInstance actual, string name, string login, Dictionary <string, string> tags, string location, string instancePoolId = null, bool shouldCheckState = false)
{
Assert.NotNull(actual);
Assert.Equal(name, actual.Name);
Assert.Equal(login, actual.AdministratorLogin);
if (shouldCheckState)
{
Assert.Equal("Succeeded", actual.ProvisioningState);
}
SqlManagementTestUtilities.AssertCollection(tags, actual.Tags);
if (instancePoolId != null)
{
Assert.Equal(actual.InstancePoolId, instancePoolId);
}
// Location is being returned two different ways across different APIs.
Assert.Equal(location.ToLower().Replace(" ", ""), actual.Location.ToLower().Replace(" ", ""));
}
private void ValidateBaselineRule(SqlManagementClient sqlClient, ResourceGroup resourceGroup, ManagedInstance managedInstance, string dbName, bool isServerLevelRule)
{
string testRuleId = "VA2031";
var ruleBaselineToSet = new DatabaseVulnerabilityAssessmentRuleBaseline(
new List <DatabaseVulnerabilityAssessmentRuleBaselineItem>()
{
new DatabaseVulnerabilityAssessmentRuleBaselineItem()
{
Result = new string[] { "userA", "SELECT" }
},
new DatabaseVulnerabilityAssessmentRuleBaselineItem()
{
Result = new string[] { "userB", "SELECT" }
}
});
VulnerabilityAssessmentPolicyBaselineName baselineName = isServerLevelRule
? VulnerabilityAssessmentPolicyBaselineName.Master
: VulnerabilityAssessmentPolicyBaselineName.Default;
sqlClient.ManagedDatabaseVulnerabilityAssessmentRuleBaselines.CreateOrUpdate(resourceGroup.Name, managedInstance.Name, dbName, testRuleId, baselineName, ruleBaselineToSet);
// Get baseline
DatabaseVulnerabilityAssessmentRuleBaseline actualBaseline = sqlClient.ManagedDatabaseVulnerabilityAssessmentRuleBaselines.Get(resourceGroup.Name, managedInstance.Name, dbName, testRuleId, baselineName);
Assert.Equal(ruleBaselineToSet.BaselineResults.Count(), actualBaseline.BaselineResults.Count());
SqlManagementTestUtilities.AssertCollection(ruleBaselineToSet.BaselineResults[0].Result, actualBaseline.BaselineResults[0].Result);
SqlManagementTestUtilities.AssertCollection(ruleBaselineToSet.BaselineResults[1].Result, actualBaseline.BaselineResults[1].Result);
// Delete baseline
sqlClient.ManagedDatabaseVulnerabilityAssessmentRuleBaselines.Delete(resourceGroup.Name, managedInstance.Name, dbName, testRuleId, baselineName);
// Get baseline should fail after deleting the baseline
Assert.Throws <CloudException>(() =>
{
sqlClient.ManagedDatabaseVulnerabilityAssessmentRuleBaselines.Get(resourceGroup.Name, managedInstance.Name, dbName, testRuleId, baselineName);
});
}
