internal virtual void PolicizePublicStorageInfo(AuditModelType model, ProxyResource policy) { dynamic dynamicPolicy = (dynamic)policy; dynamicPolicy.StorageAccountAccessKey = AzureCommunicator.RetrieveStorageKeysAsync( model.StorageAccountResourceId).GetAwaiter().GetResult()[GetStorageKeyKind(model) == StorageKeyKind.Secondary ? StorageKeyKind.Secondary : StorageKeyKind.Primary]; }
private void ModelizeStorageInfo(AuditModelType model, string storageEndpoint, bool?isSecondary, Guid?storageAccountSubscriptionId, bool isAuditEnabled, int?retentionDays) { if (string.IsNullOrEmpty(storageEndpoint)) { return; } ModelizeStorageKeyType(model, isSecondary); if (isAuditEnabled) { if (storageAccountSubscriptionId == null || Guid.Empty.Equals(storageAccountSubscriptionId)) { storageAccountSubscriptionId = Subscription.GetId(); } model.StorageAccountResourceId = AzureCommunicator.RetrieveStorageAccountIdAsync( storageAccountSubscriptionId.Value, GetStorageAccountName(storageEndpoint)).GetAwaiter().GetResult(); ModelizeRetentionInfo(model, retentionDays); } }
/// <summary> /// Extracts the storage account requested key /// </summary> private string ExtractStorageAccountKey(string storageName, BaseTableAuditingPolicyModel model, string storageAccountResourceGroup, StorageKeyKind keyType) { if (!IgnoreStorage && (model.StorageKeyType == keyType)) { return(AzureCommunicator.GetStorageKeys(storageAccountResourceGroup, storageName)[keyType]); } return(null); }
/// <summary> /// Extracts the storage account resource group /// </summary> private string ExtractStorageAccountResourceGroup(string storageName) { if (IgnoreStorage || (storageName == FetchedStorageAccountName && FetchedStorageAccountResourceGroup != null)) { return(FetchedStorageAccountResourceGroup); } return(AzureCommunicator.GetStorageResourceGroup(storageName)); }
private void PopulateStoragePropertiesInPolicy(BaseThreatDetectionPolicyModel model, BaseSecurityAlertPolicyProperties properties, string storageEndpointSuffix) { if (string.IsNullOrEmpty(model.StorageAccountName)) // can happen if the user didn't provide account name for a policy that lacked it { throw new Exception(string.Format(Properties.Resources.NoStorageAccountWhenConfiguringThreatDetectionPolicy)); } properties.StorageEndpoint = string.Format("https://{0}.blob.{1}", model.StorageAccountName, storageEndpointSuffix); properties.StorageAccountAccessKey = AzureCommunicator.GetStorageKeys(model.StorageAccountName)[StorageKeyKind.Primary]; }
/// <summary> /// Extracts the storage account endpoint /// </summary> private string ExtractStorageAccountTableEndpoint(string storageName) { if (IgnoreStorage) { return(null); } if (storageName == FetchedStorageAccountName && FetchedStorageAccountTableEndpoint != null) { return(FetchedStorageAccountTableEndpoint); } return(AzureCommunicator.GetStorageTableEndpoint(Profile, storageName)); }
private void PolicizeStorageInfo(ServerAuditModel model, dynamic policy) { ExtractStorageAccountProperties(model.StorageAccountResourceId, out string storageAccountName, out Guid storageAccountSubscriptionId); string storageEndpointSuffix = Context.Environment.GetEndpoint(AzureEnvironment.Endpoint.StorageEndpointSuffix); policy.StorageEndpoint = GetStorageAccountEndpoint(storageAccountName, storageEndpointSuffix); policy.StorageAccountAccessKey = AzureCommunicator.RetrieveStorageKeysAsync(model.StorageAccountResourceId).GetAwaiter().GetResult()[model.StorageKeyType]; policy.IsStorageSecondaryKeyInUse = model.StorageKeyType == StorageKeyKind.Secondary; policy.StorageAccountSubscriptionId = storageAccountSubscriptionId; if (model.RetentionInDays != null) { policy.RetentionDays = (int)model.RetentionInDays; } }
internal virtual void PolicizeStorageInfo(AuditModelType model, ProxyResource policy) { dynamic dynamicPolicy = (dynamic)policy; ExtractStorageAccountProperties(model.StorageAccountResourceId, out string storageAccountName, out Guid storageAccountSubscriptionId); dynamicPolicy.StorageEndpoint = GetStorageAccountEndpoint(storageAccountName); dynamicPolicy.StorageAccountSubscriptionId = storageAccountSubscriptionId; if (AzureCommunicator.IsStorageAccountInVNet(model.StorageAccountResourceId)) { Guid?principalId = Communicator.AssignServerIdentityIfNotAssigned(model.ResourceGroupName, model.ServerName); AzureCommunicator.AssignRoleForServerIdentityOnStorageIfNotAssigned(model.StorageAccountResourceId, principalId.Value, RoleAssignmentId); } else { PolicizePublicStorageInfo(model, policy); } }
private void ModelizeStorageInfo(ServerAuditModel model, string storageEndpoint, bool?isSecondary, Guid?storageAccountSubscriptionId, bool isAuditEnabled, int?retentionDays) { if (string.IsNullOrEmpty(storageEndpoint)) { return; } model.StorageKeyType = GetStorageKeyKind(isSecondary); if (isAuditEnabled) { model.StorageAccountResourceId = AzureCommunicator.RetrieveStorageAccountIdAsync( storageAccountSubscriptionId ?? Subscription.GetId(), GetStorageAccountName(storageEndpoint)).GetAwaiter().GetResult(); ModelizeRetentionInfo(model, retentionDays); } }
private void EnableAdsWithVa(string resourceGroupName, string serverName, string serverLocation, string templateName, string deploymentName) { // Generate deployment name if it was not provided if (string.IsNullOrEmpty(deploymentName)) { deploymentName = "EnableADS_" + serverName + "_" + Guid.NewGuid().ToString("N"); } // Trim deployment name as it has a maximum of 64 chars if (deploymentName.Length > 64) { deploymentName = deploymentName.Substring(0, 64); } Dictionary <string, object> parametersDictionary = new Dictionary <string, object> { { "serverName", new Dictionary <string, object> { { "value", serverName } } }, { "location", new Dictionary <string, object> { { "value", serverLocation } } }, }; string parameters = JsonConvert.SerializeObject(parametersDictionary, new JsonSerializerSettings { TypeNameHandling = TypeNameHandling.None, Formatting = Formatting.Indented }); var properties = new DeploymentProperties { Mode = DeploymentMode.Incremental, Parameters = JObject.Parse(parameters), Template = JObject.Parse(GetArmTemplateContent(templateName)), }; Deployment deployment = new Deployment(properties); AzureCommunicator.DeployArmTemplate(resourceGroupName, deploymentName, deployment); }
private void PolicizeStorageInfo(ServerAuditModel model, dynamic policy) { ExtractStorageAccountProperties(model.StorageAccountResourceId, out string storageAccountName, out Guid storageAccountSubscriptionId); policy.StorageEndpoint = GetStorageAccountEndpoint(storageAccountName); policy.StorageAccountSubscriptionId = storageAccountSubscriptionId; if (AzureCommunicator.IsStorageAccountInVNet(model.StorageAccountResourceId)) { Guid?principalId = Communicator.AssignServerIdentity(model.ResourceGroupName, model.ServerName); AzureCommunicator.AssignRoleForServerIdentityOnStorage(model.StorageAccountResourceId, principalId.Value, RoleAssignmentId); } else { policy.IsStorageSecondaryKeyInUse = model.StorageKeyType == StorageKeyKind.Secondary; policy.StorageAccountAccessKey = AzureCommunicator.RetrieveStorageKeysAsync(model.StorageAccountResourceId).GetAwaiter().GetResult()[model.StorageKeyType]; } if (model.RetentionInDays != null) { policy.RetentionDays = (int)model.RetentionInDays; } }
/// <summary> /// Extracts the storage account requested key /// </summary> private string ExtractStorageAccountKey(string storageName) { return(AzureCommunicator.GetStorageKeys(storageName)[StorageKeyKind.Primary]); }
/// <summary> /// Extracts the storage account requested key /// </summary> private string ExtractStorageAccountKey(string storageName, StorageKeyKind storageKeyKind) { return(AzureCommunicator.GetStorageKeys(storageName)[storageKeyKind]); }
private string ExtractStorageAccountKey(Guid storageAccountSubscriptionId, string storageAccountName, StorageKeyKind storageKeyKind) { return(AzureCommunicator.RetrieveStorageKeys(storageAccountSubscriptionId, storageAccountName)[storageKeyKind]); }