/// <summary> /// The non-boilerplated test code of the APIs for managing the lifecycle of a given database's data masking policy. It is meant to be called with a name of an already exisiting database (and therefore already existing /// server and resource group). This test does not create these resources and does not remove them. /// </summary> private void TestDataMaskingPolicyAPIs(SqlManagementClient sqlClient, string resourceGroupName, Server server, Database database) { DataMaskingPolicyGetResponse getDefaultPolicyResponse = sqlClient.DataMasking.GetPolicy(resourceGroupName, server.Name, database.Name); DataMaskingPolicyProperties properties = getDefaultPolicyResponse.DataMaskingPolicy.Properties; // Verify that the initial Get request contains the default policy. TestUtilities.ValidateOperationResponse(getDefaultPolicyResponse, HttpStatusCode.OK); VerifyDataMaskingPolicyInformation(MakeDefaultDataMaskingPolicyProperties(), properties); // Modify the policy properties, send and receive, see it its still ok properties.DataMaskingState = "Enabled"; properties.ExemptPrincipals = "principal1;principal2"; DataMaskingPolicyCreateOrUpdateParameters updateParams = new DataMaskingPolicyCreateOrUpdateParameters(); updateParams.Properties = properties; var updateResponse = sqlClient.DataMasking.CreateOrUpdatePolicy(resourceGroupName, server.Name, database.Name, updateParams); // Verify that the initial Get request of contains the default policy. TestUtilities.ValidateOperationResponse(updateResponse, HttpStatusCode.OK); DataMaskingPolicyGetResponse getUpdatedPolicyResponse = sqlClient.DataMasking.GetPolicy(resourceGroupName, server.Name, database.Name); DataMaskingPolicyProperties updatedProperties = getUpdatedPolicyResponse.DataMaskingPolicy.Properties; // Verify that the Get request contains the updated policy. TestUtilities.ValidateOperationResponse(getUpdatedPolicyResponse, HttpStatusCode.OK); VerifyDataMaskingPolicyInformation(properties, updatedProperties); }
/// <summary> /// Creates or updates an Azure SQL Database data masking policy /// </summary> /// <param name='operations'> /// Reference to the /// Microsoft.Azure.Management.Sql.IDataMaskingOperations. /// </param> /// <param name='resourceGroupName'> /// Required. The name of the Resource Group to which the server /// belongs. /// </param> /// <param name='serverName'> /// Required. The name of the Azure SQL Database Server on which the /// database is hosted. /// </param> /// <param name='databaseName'> /// Required. The name of the Azure SQL Database for which the data /// masking rule applies. /// </param> /// <param name='parameters'> /// Required. The required parameters for createing or updating a /// firewall rule. /// </param> /// <returns> /// A standard service response including an HTTP status code and /// request ID. /// </returns> public static AzureOperationResponse CreateOrUpdatePolicy(this IDataMaskingOperations operations, string resourceGroupName, string serverName, string databaseName, DataMaskingPolicyCreateOrUpdateParameters parameters) { return Task.Factory.StartNew((object s) => { return ((IDataMaskingOperations)s).CreateOrUpdatePolicyAsync(resourceGroupName, serverName, databaseName, parameters); } , operations, CancellationToken.None, TaskCreationOptions.None, TaskScheduler.Default).Unwrap().GetAwaiter().GetResult(); }
/// <summary> /// Set (or create) the data masking policy for a specific database /// </summary> public void SetDatabaseDataMaskingPolicy(string resourceGroupName, string serverName, string databaseName, string clientRequestId, DataMaskingPolicyCreateOrUpdateParameters parameters) { IDataMaskingOperations operations = GetCurrentSqlClient(clientRequestId).DataMasking; operations.CreateOrUpdatePolicy(resourceGroupName, serverName, databaseName, parameters); }
/// <summary> /// Takes the cmdlets model object and transform it to the policy as expected by the endpoint /// </summary> /// <param name="model">The data masking Policy model object</param> /// <returns>The communication model object</returns> private DataMaskingPolicyCreateOrUpdateParameters PolicizeDatabaseDataMaskingModel(DatabaseDataMaskingPolicyModel model) { DataMaskingPolicyCreateOrUpdateParameters updateParameters = new DataMaskingPolicyCreateOrUpdateParameters(); DataMaskingPolicyProperties properties = new DataMaskingPolicyProperties(); updateParameters.Properties = properties; properties.DataMaskingState = (model.DataMaskingState == DataMaskingStateType.Disabled) ? SecurityConstants.DataMaskingEndpoint.Disabled : SecurityConstants.DataMaskingEndpoint.Enabled; properties.ExemptPrincipals = model.PrivilegedUsers ?? ""; return updateParameters; }
/// <summary> /// The non-boilerplated test code of the APIs for managing the lifecycle data masking rules. /// It is meant to be called with a name of an already exisiting database (and therefore already existing server and resource group). /// This test does not create these resources and does not remove them. /// The flow is: /// 1) Create policy (it's a prereq) /// 2) Create rule1, validate its creation and its content by doing another GET call /// 3) Update rule1, validate the update by doing another GET call /// 4) Create rule2, validate its creation and its content /// 5) Get the list of rules, see that there are two and each one of them has the right content /// 6) Delete rule1, see that we get OK /// 8) List the rules, see that we now have one rule there and it is rule 2 /// </summary> /// <param name="sqlClient">The sqlClient</param> /// <param name="resourceGroupName">The resource group name to use in this test</param> /// <param name="server">The server to use in this test</param> /// <param name="database">The database to use in this test</param> private void TestDataMaskingRuleAPIs(SqlManagementClient sqlClient, string resourceGroupName, Server server, Database database) { DataMaskingPolicyCreateOrUpdateParameters policyParams = new DataMaskingPolicyCreateOrUpdateParameters(); policyParams.Properties = MakeDefaultDataMaskingPolicyProperties(); policyParams.Properties.DataMaskingState = "Enabled"; sqlClient.DataMasking.CreateOrUpdatePolicy(resourceGroupName, server.Name, database.Name, policyParams); int ruleCounter = 1; DataMaskingRuleCreateOrUpdateParameters ruleParams = new DataMaskingRuleCreateOrUpdateParameters(); string serverName = server.Properties.FullyQualifiedDomainName; string uid = server.Properties.AdministratorLogin; string pwd = server.Properties.AdministratorLoginPassword; string dbName = database.Name; string connString = string.Format("Server={0};uid={1}; pwd={2};Database={3};Integrated Security=False;", serverName, uid, pwd, dbName); var conn = new SqlConnection(); conn.ConnectionString = connString; string tableName = "table1", columnName = "column1"; string firewallRuleName = TestUtilities.GenerateName("all"); string startIp1 = "1.1.1.1"; string endIp1 = "255.255.255.255"; sqlClient.FirewallRules.CreateOrUpdate(resourceGroupName, serverName.Split('.').ElementAt(0), firewallRuleName, new FirewallRuleCreateOrUpdateParameters() { Properties = new FirewallRuleCreateOrUpdateProperties() { StartIpAddress = startIp1, EndIpAddress = endIp1, } }); CreateDatabaseContents(conn, tableName, columnName); ruleParams.Properties = MakeRuleProperties(ruleCounter++ ,tableName, columnName); string rule1Name = ruleParams.Properties.Id; var createRuleResponse = sqlClient.DataMasking.CreateOrUpdateRule(resourceGroupName, server.Name, database.Name, rule1Name, ruleParams); // Verify that the initial create request went well. TestUtilities.ValidateOperationResponse(createRuleResponse, HttpStatusCode.OK); var getAfterCreateResponse = sqlClient.DataMasking.GetRule(resourceGroupName, server.Name, database.Name, rule1Name); TestUtilities.ValidateOperationResponse(getAfterCreateResponse, HttpStatusCode.OK); VerifyDataMaskingRuleInformation(getAfterCreateResponse.DataMaskingRule.Properties, ruleParams.Properties); // Modify the policy properties, send and receive, see it its still ok string updatedTableName = "tbl2"; CreateDatabaseContents(conn, updatedTableName, columnName); ruleParams.Properties.TableName = updatedTableName; var updateResponse = sqlClient.DataMasking.CreateOrUpdateRule(resourceGroupName, server.Name, database.Name, rule1Name, ruleParams); TestUtilities.ValidateOperationResponse(updateResponse, HttpStatusCode.OK); var getAfterUpdateResponse = sqlClient.DataMasking.GetRule(resourceGroupName, server.Name, database.Name, rule1Name); TestUtilities.ValidateOperationResponse(getAfterUpdateResponse, HttpStatusCode.OK); VerifyDataMaskingRuleInformation(getAfterUpdateResponse.DataMaskingRule.Properties, ruleParams.Properties); DataMaskingRuleCreateOrUpdateParameters ruleParams2 = new DataMaskingRuleCreateOrUpdateParameters(); tableName = "table2"; columnName = "column2"; CreateDatabaseContents(conn, tableName, columnName); ruleParams2.Properties = MakeRuleProperties(ruleCounter++, tableName, columnName); string rule2Name = ruleParams2.Properties.Id; createRuleResponse = sqlClient.DataMasking.CreateOrUpdateRule(resourceGroupName, server.Name, database.Name, rule2Name, ruleParams2); TestUtilities.ValidateOperationResponse(updateResponse, HttpStatusCode.OK); DataMaskingRuleListResponse listResponse = sqlClient.DataMasking.List(resourceGroupName, server.Name, database.Name); TestUtilities.ValidateOperationResponse(listResponse, HttpStatusCode.OK); Assert.Equal(2, listResponse.DataMaskingRules.Count); VerifyDataMaskingRuleInformation(listResponse.DataMaskingRules.FirstOrDefault(r => r.Properties.Id == rule1Name).Properties, ruleParams.Properties); VerifyDataMaskingRuleInformation(listResponse.DataMaskingRules.FirstOrDefault(r => r.Properties.Id == rule2Name).Properties, ruleParams2.Properties); AzureOperationResponse deleteResponse = sqlClient.DataMasking.Delete(resourceGroupName, server.Name, database.Name, rule1Name); TestUtilities.ValidateOperationResponse(deleteResponse, HttpStatusCode.OK); DataMaskingRuleListResponse listAfterDeleteResponse = sqlClient.DataMasking.List(resourceGroupName, server.Name, database.Name); TestUtilities.ValidateOperationResponse(listAfterDeleteResponse, HttpStatusCode.OK); Assert.Equal(listAfterDeleteResponse.DataMaskingRules.Count, 1); VerifyDataMaskingRuleInformation(listResponse.DataMaskingRules.FirstOrDefault(r => r.Properties.Id == rule2Name).Properties, ruleParams2.Properties); }
/// <summary> /// The non-boilerplated test code of the APIs for managing the lifecycle data masking rules. /// It is meant to be called with a name of an already exisiting database (and therefore already existing server and resource group). /// This test does not create these resources and does not remove them. /// The flow is: /// 1) Create policy (it's a prereq) /// 2) Create rule1, validate its creation and its content by doing another GET call /// 3) Update rule1, validate the update by doing another GET call /// 4) Create rule2, validate its creation and its content /// 5) Get the list of rules, see that there are two and each one of them has the right content /// 6) Delete rule1, see that we get OK /// 8) List the rules, see that we now have one rule there and it is rule 2 /// </summary> /// <param name="sqlClient">The sqlClient</param> /// <param name="resourceGroupName">The resource group name to use in this test</param> /// <param name="server">The server to use in this test</param> /// <param name="database">The database to use in this test</param> private void TestDataMaskingRuleAPIs(SqlManagementClient sqlClient, string resourceGroupName, Server server, Database database) { DataMaskingPolicyCreateOrUpdateParameters policyParams = new DataMaskingPolicyCreateOrUpdateParameters(); policyParams.Properties = MakeDefaultDataMaskingPolicyProperties(); policyParams.Properties.DataMaskingState = "Enabled"; sqlClient.DataMasking.CreateOrUpdatePolicy(resourceGroupName, server.Name, database.Name, policyParams); int ruleCounter = 1; DataMaskingRuleCreateOrUpdateParameters ruleParams = new DataMaskingRuleCreateOrUpdateParameters(); string serverName = server.Properties.FullyQualifiedDomainName; string uid = server.Properties.AdministratorLogin; string pwd = server.Properties.AdministratorLoginPassword; string dbName = database.Name; string connString = string.Format("Server={0};uid={1}; pwd={2};Database={3};Integrated Security=False;", serverName, uid, pwd, dbName); var conn = new SqlConnection(); conn.ConnectionString = connString; string tableName = "table1", columnName = "column1"; string firewallRuleName = TestUtilities.GenerateName("all"); string startIp1 = "1.1.1.1"; string endIp1 = "255.255.255.255"; sqlClient.FirewallRules.CreateOrUpdate(resourceGroupName, serverName.Split('.').ElementAt(0), firewallRuleName, new FirewallRuleCreateOrUpdateParameters() { Properties = new FirewallRuleCreateOrUpdateProperties() { StartIpAddress = startIp1, EndIpAddress = endIp1, } }); CreateDatabaseContents(conn, tableName, columnName); Func<DataMaskingRuleCreateOrUpdateParameters, Func<DataMaskingRule, bool>> isRuleOnColumn = (DataMaskingRuleCreateOrUpdateParameters parms) => { return (DataMaskingRule r1) => { return parms.Properties.ColumnName == r1.Properties.ColumnName && parms.Properties.TableName == r1.Properties.TableName && parms.Properties.SchemaName == r1.Properties.SchemaName; }; }; ruleParams.Properties = MakeRuleProperties(ruleCounter++ ,tableName, columnName); string rule1Name = ruleParams.Properties.Id; var createRuleResponse = sqlClient.DataMasking.CreateOrUpdateRule(resourceGroupName, server.Name, database.Name, rule1Name, ruleParams); TestUtilities.ValidateOperationResponse(createRuleResponse, HttpStatusCode.OK); var listAfterCreateResponse = sqlClient.DataMasking.List(resourceGroupName, server.Name, database.Name); TestUtilities.ValidateOperationResponse(listAfterCreateResponse, HttpStatusCode.OK); Assert.Equal(1, listAfterCreateResponse.DataMaskingRules.Count); DataMaskingRule receivedRule = listAfterCreateResponse.DataMaskingRules.FirstOrDefault(isRuleOnColumn(ruleParams)); VerifyDataMaskingRuleInformation(receivedRule.Properties, ruleParams.Properties); // Modify the policy properties, send and receive, see it its still ok ruleParams.Properties.PrefixSize = "2"; ruleParams.Properties.ReplacementString = "ABC"; ruleParams.Properties.SuffixSize = "1"; var updateRuleResponse = sqlClient.DataMasking.CreateOrUpdateRule(resourceGroupName, server.Name, database.Name, rule1Name, ruleParams); TestUtilities.ValidateOperationResponse(updateRuleResponse, HttpStatusCode.OK); var listUpdateResponse = sqlClient.DataMasking.List(resourceGroupName, server.Name, database.Name); TestUtilities.ValidateOperationResponse(listUpdateResponse, HttpStatusCode.OK); Assert.Equal(1, listUpdateResponse.DataMaskingRules.Count); var updatedRule = listUpdateResponse.DataMaskingRules.FirstOrDefault(isRuleOnColumn(ruleParams)); VerifyDataMaskingRuleInformation(updatedRule.Properties, ruleParams.Properties); DataMaskingRuleCreateOrUpdateParameters ruleParams2 = new DataMaskingRuleCreateOrUpdateParameters(); tableName = "table2"; columnName = "column2"; CreateDatabaseContents(conn, tableName, columnName); ruleParams2.Properties = MakeRuleProperties(ruleCounter++, tableName, columnName); string rule2Name = ruleParams2.Properties.Id; var createSecondRuleResponse = sqlClient.DataMasking.CreateOrUpdateRule(resourceGroupName, server.Name, database.Name, rule2Name, ruleParams2); TestUtilities.ValidateOperationResponse(createSecondRuleResponse, HttpStatusCode.OK); DataMaskingRuleListResponse listAfterSecondCreateResponse = sqlClient.DataMasking.List(resourceGroupName, server.Name, database.Name); TestUtilities.ValidateOperationResponse(listAfterSecondCreateResponse, HttpStatusCode.OK); Assert.Equal(2, listAfterSecondCreateResponse.DataMaskingRules.Count); updatedRule = listUpdateResponse.DataMaskingRules.FirstOrDefault(isRuleOnColumn(ruleParams)); VerifyDataMaskingRuleInformation(updatedRule.Properties, ruleParams.Properties); var receivedSecondRule = listAfterSecondCreateResponse.DataMaskingRules.FirstOrDefault(isRuleOnColumn(ruleParams2)); VerifyDataMaskingRuleInformation(receivedSecondRule.Properties, ruleParams2.Properties); AzureOperationResponse deleteResponse = sqlClient.DataMasking.Delete(resourceGroupName, server.Name, database.Name, rule1Name); TestUtilities.ValidateOperationResponse(deleteResponse, HttpStatusCode.OK); DataMaskingRuleListResponse listAfterDeleteResponse = sqlClient.DataMasking.List(resourceGroupName, server.Name, database.Name); TestUtilities.ValidateOperationResponse(listAfterDeleteResponse, HttpStatusCode.OK); Assert.Equal(listAfterDeleteResponse.DataMaskingRules.Count, 1); var receivedAfterDelete = listAfterSecondCreateResponse.DataMaskingRules.FirstOrDefault(isRuleOnColumn(ruleParams2)); VerifyDataMaskingRuleInformation(receivedAfterDelete.Properties, ruleParams2.Properties); }
/// <summary> /// The non-boilerplated test code of the APIs for managing the lifecycle data masking rules. /// It is meant to be called with a name of an already exisiting database (and therefore already existing server and resource group). /// This test does not create these resources and does not remove them. /// The flow is: /// 1) Create policy (it's a prereq) /// 2) Create rule1, validate its creation and its content by doing another GET call /// 3) Update rule1, validate the update by doing another GET call /// 4) Create rule2, validate its creation and its content /// 5) Get the list of rules, see that there are two and each one of them has the right content /// 6) Delete rule1, see that we get OK /// 8) List the rules, see that we now have one rule there and it is rule 2 /// </summary> /// <param name="sqlClient">The sqlClient</param> /// <param name="resourceGroupName">The resource group name to use in this test</param> /// <param name="server">The server to use in this test</param> /// <param name="database">The database to use in this test</param> private void TestDataMaskingRuleAPIs(SqlManagementClient sqlClient, string resourceGroupName, Server server, Database database) { DataMaskingPolicyCreateOrUpdateParameters policyParams = new DataMaskingPolicyCreateOrUpdateParameters(); policyParams.Properties = MakeDefaultDataMaskingPolicyProperties(); policyParams.Properties.MaskingLevel = "Relaxed"; sqlClient.DataMasking.CreateOrUpdatePolicy(resourceGroupName, server.Name, database.Name, policyParams); int ruleCounter = 1; DataMaskingRuleCreateOrUpdateParameters ruleParams = new DataMaskingRuleCreateOrUpdateParameters(); ruleParams.Properties = MakeRuleProperties(ruleCounter++); string rule1Name = ruleParams.Properties.Id; var createRuleResponse = sqlClient.DataMasking.CreateOrUpdateRule(resourceGroupName, server.Name, database.Name, rule1Name, ruleParams); // Verify that the initial create request went well. TestUtilities.ValidateOperationResponse(createRuleResponse, HttpStatusCode.OK); var getAfterCreateResponse = sqlClient.DataMasking.GetRule(resourceGroupName, server.Name, database.Name, rule1Name); TestUtilities.ValidateOperationResponse(getAfterCreateResponse, HttpStatusCode.OK); VerifyDataMaskingRuleInformation(getAfterCreateResponse.DataMaskingRule.Properties, ruleParams.Properties); // Modify the policy properties, send and receive, see it its still ok ruleParams.Properties.TableName = "tbl2"; var updateResponse = sqlClient.DataMasking.CreateOrUpdateRule(resourceGroupName, server.Name, database.Name, rule1Name, ruleParams); TestUtilities.ValidateOperationResponse(updateResponse, HttpStatusCode.OK); var getAfterUpdateResponse = sqlClient.DataMasking.GetRule(resourceGroupName, server.Name, database.Name, rule1Name); TestUtilities.ValidateOperationResponse(getAfterUpdateResponse, HttpStatusCode.OK); VerifyDataMaskingRuleInformation(getAfterUpdateResponse.DataMaskingRule.Properties, ruleParams.Properties); DataMaskingRuleCreateOrUpdateParameters ruleParams2 = new DataMaskingRuleCreateOrUpdateParameters(); ruleParams2.Properties = MakeRuleProperties(ruleCounter++); string rule2Name = ruleParams2.Properties.Id; createRuleResponse = sqlClient.DataMasking.CreateOrUpdateRule(resourceGroupName, server.Name, database.Name, rule2Name, ruleParams2); TestUtilities.ValidateOperationResponse(updateResponse, HttpStatusCode.OK); DataMaskingRuleListResponse listResponse = sqlClient.DataMasking.List(resourceGroupName, server.Name, database.Name); TestUtilities.ValidateOperationResponse(listResponse, HttpStatusCode.OK); Assert.Equal(2, listResponse.DataMaskingRules.Count); VerifyDataMaskingRuleInformation(listResponse.DataMaskingRules.FirstOrDefault(r => r.Name == rule1Name).Properties, ruleParams.Properties); VerifyDataMaskingRuleInformation(listResponse.DataMaskingRules.FirstOrDefault(r => r.Name == rule2Name).Properties, ruleParams2.Properties); AzureOperationResponse deleteResponse = sqlClient.DataMasking.Delete(resourceGroupName, server.Name, database.Name, rule1Name); TestUtilities.ValidateOperationResponse(deleteResponse, HttpStatusCode.OK); DataMaskingRuleListResponse listAfterDeleteResponse = sqlClient.DataMasking.List(resourceGroupName, server.Name, database.Name); TestUtilities.ValidateOperationResponse(listAfterDeleteResponse, HttpStatusCode.OK); Assert.Equal(listAfterDeleteResponse.DataMaskingRules.Count, 1); VerifyDataMaskingRuleInformation(listResponse.DataMaskingRules.FirstOrDefault(r => r.Name == rule2Name).Properties, ruleParams2.Properties); }
/// <summary> /// Creates or updates an Azure SQL Database data masking policy /// </summary> /// <param name='operations'> /// Reference to the /// Microsoft.Azure.Management.Sql.IDataMaskingOperations. /// </param> /// <param name='resourceGroupName'> /// Required. The name of the Resource Group to which the server /// belongs. /// </param> /// <param name='serverName'> /// Required. The name of the Azure SQL Database Server on which the /// database is hosted. /// </param> /// <param name='databaseName'> /// Required. The name of the Azure SQL Database for which the data /// masking rule applies. /// </param> /// <param name='parameters'> /// Required. The required parameters for createing or updating a /// firewall rule. /// </param> /// <returns> /// A standard service response including an HTTP status code and /// request ID. /// </returns> public static Task<AzureOperationResponse> CreateOrUpdatePolicyAsync(this IDataMaskingOperations operations, string resourceGroupName, string serverName, string databaseName, DataMaskingPolicyCreateOrUpdateParameters parameters) { return operations.CreateOrUpdatePolicyAsync(resourceGroupName, serverName, databaseName, parameters, CancellationToken.None); }