Skip to content

Commit 79d7377

Browse files
cormacpaynecormacpayne
authored
Merge pull request Azure#3219 from yaakoviyun/dev
Adding storage account properties to SQL threat detection cmdlets
2 parents 52444bf + ce4f7e5 commit 79d7377

25 files changed

+5564
-6050
lines changed

src/ResourceManager/Sql/ChangeLog.md

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,5 +18,10 @@
1818
- Additional information about change #1
1919
-->
2020
## Current Release
21+
* Added storage properties to cmdlets for Azure SQL threat detection policy management at database and server level
22+
- StorageAccountName
23+
- RetentionInDays
24+
* Removed the unsupported param "AuditAction" from Set-AzureSqlDatabaseServerAuditingPolicy
25+
* Added new param "AuditAction" to Set-AzureSqlDatabaseAuditingPolicy
2126

22-
## Version 2.3.0
27+
## Version 2.3.0

src/ResourceManager/Sql/Commands.Sql.Test/ScenarioTests/AuditingTests.ps1

Lines changed: 3 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -949,7 +949,7 @@ Tests that when modifying properties of a server's blob auditing policy, these p
949949
function Test-BlobAuditingOnServer
950950
{
951951
# Setup
952-
$testSuffix = 881277
952+
$testSuffix = 881267
953953
Create-TestEnvironment $testSuffix "Japan East"
954954
$params = Get-SqlAuditingTestEnvironmentParameters $testSuffix
955955

@@ -1049,7 +1049,7 @@ Tests that after migrating between server audit types the returned policy is of
10491049
function Test-ServerAuditingTypeMigration
10501050
{
10511051
# Setup
1052-
$testSuffix = 554412
1052+
$testSuffix = 584412
10531053
Create-TestEnvironment $testSuffix "Japan East"
10541054
$params = Get-SqlAuditingTestEnvironmentParameters $testSuffix
10551055
$dbName = $params.databaseName
@@ -1065,16 +1065,13 @@ function Test-ServerAuditingTypeMigration
10651065
Assert-True {$policy.EventType.Contains([Microsoft.Azure.Commands.Sql.Auditing.Model.AuditEventType]::PlainSQL_Success)}
10661066

10671067
# Test
1068-
$UpdateAuditAction = "UPDATE ON schema::[dbo] BY [public]"
1069-
Set-AzureRmSqlServerAuditingPolicy -AuditType Blob -ResourceGroupName $params.rgname -ServerName $params.serverName -StorageAccountName $params.storageAccount -AuditActionGroup FAILED_DATABASE_AUTHENTICATION_GROUP -RetentionInDays 4 -AuditAction $updateAuditAction
1068+
Set-AzureRmSqlServerAuditingPolicy -AuditType Blob -ResourceGroupName $params.rgname -ServerName $params.serverName -StorageAccountName $params.storageAccount -AuditActionGroup FAILED_DATABASE_AUTHENTICATION_GROUP -RetentionInDays 4
10701069
$policy = Get-AzureRmSqlServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName
10711070

10721071
# Assert
10731072
Assert-AreEqual $policy.AuditState "Enabled"
10741073
Assert-AreEqual $policy.AuditActionGroup.Length 1
10751074
Assert-True {$policy.AuditActionGroup.Contains([Microsoft.Azure.Commands.Sql.Auditing.Model.AuditActionGroups]::FAILED_DATABASE_AUTHENTICATION_GROUP)}
1076-
Assert-AreEqual $policy.AuditAction.Length 1
1077-
Assert-AreEqual $policy.AuditAction[0] $UpdateAuditAction
10781075
Assert-AreEqual $policy.RetentionInDays 4
10791076

10801077
# Test

src/ResourceManager/Sql/Commands.Sql.Test/ScenarioTests/ThreatDetectionTests.ps1

Lines changed: 20 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -58,20 +58,21 @@ Tests that when modifying the properties of a databases's threat detection polic
5858
function Test-ThreatDetectionDatabaseUpdatePolicy
5959
{
6060
# Setup
61-
$testSuffix = 6004
61+
$testSuffix = 6002
6262
Create-TestEnvironment $testSuffix "Japan East"#Create-ThreatDetectionTestEnvironmentWithStorageV2 $testSuffix
6363
$params = Get-SqlAuditingTestEnvironmentParameters $testSuffix #Get-SqlThreatDetectionTestEnvironmentParameters $testSuffix
6464

6565
try
6666
{
6767
# Test
6868
Set-AzureRmSqlDatabaseAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount
69-
Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -NotificationRecipientsEmails "koko@mailTest.com;koko1@mailTest.com" -EmailAdmins $false -ExcludedDetectionType "Sql_Injection_Vulnerability"
69+
Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -NotificationRecipientsEmails "koko@mailTest.com;koko1@mailTest.com" -EmailAdmins $false -ExcludedDetectionType "Sql_Injection_Vulnerability" -StorageAccountName $params.storageAccount
7070
$policy = Get-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName
7171

7272
# Assert
7373
Assert-AreEqual $policy.ThreatDetectionState "Enabled"
7474
Assert-AreEqual $policy.NotificationRecipientsEmails "koko@mailTest.com;koko1@mailTest.com"
75+
Assert-AreEqual $policy.StorageAccountName $params.storageAccount
7576
Assert-False {$policy.EmailAdmins}
7677
Assert-AreEqual $policy.ExcludedDetectionTypes.Length 1
7778
Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Sql_Injection_Vulnerability)}
@@ -86,6 +87,7 @@ function Test-ThreatDetectionDatabaseUpdatePolicy
8687
Assert-AreEqual $policy.NotificationRecipientsEmails "koko@mailTest.com;koko1@mailTest.com"
8788
Assert-False {$policy.EmailAdmins}
8889
Assert-AreEqual $policy.ExcludedDetectionTypes.Length 4
90+
Assert-AreEqual $policy.StorageAccountName $params.storageAccount
8991
Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Sql_Injection)}
9092
Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Sql_Injection_Vulnerability)}
9193
Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Access_Anomaly)}
@@ -129,15 +131,15 @@ Tests that when turning off auditing or marking it as "use server default" , thr
129131
function Test-DisablingThreatDetection
130132
{
131133
# Setup
132-
$testSuffix = 7019
134+
$testSuffix = 7079
133135
Create-TestEnvironment $testSuffix "Japan East"#Create-ThreatDetectionTestEnvironmentWithStorageV2 $testSuffix
134136
$params = Get-SqlAuditingTestEnvironmentParameters $testSuffix #Get-SqlThreatDetectionTestEnvironmentParameters $testSuffix
135137

136138
try
137139
{
138140
# 1. Test
139141
Set-AzureRmSqlDatabaseAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount
140-
Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName
142+
Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount
141143
$policy = Get-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName
142144

143145
# Assert
@@ -155,7 +157,7 @@ function Test-DisablingThreatDetection
155157
# 3. Test - that no exception is thrown
156158
Set-AzureRmSqlServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -StorageAccountName $params.storageAccount
157159
Use-AzureRmSqlServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName
158-
Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName
160+
Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount
159161
$policy = Get-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName
160162
}
161163
finally
@@ -172,31 +174,26 @@ Tests sending invalid arguments in database's threat detection
172174
function Test-InvalidArgumentsThreatDetection
173175
{
174176
# Setup5
175-
$testSuffix = 8025
177+
$testSuffix = 8027
176178
Create-TestEnvironment $testSuffix "Japan East"#Create-ThreatDetectionTestEnvironmentWithStorageV2 $testSuffix
177179
$params = Get-SqlAuditingTestEnvironmentParameters $testSuffix #Get-SqlThreatDetectionTestEnvironmentParameters $testSuffix
178180

179181
try
180182
{
181-
# turning on threat detection without auditing
182-
Assert-Throws {Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName}
183+
# turning on threat detection without storage account
183184

184185
Set-AzureRmSqlDatabaseAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount
185-
Set-AzureRmSqlServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -StorageAccountName $params.storageAccount
186-
Use-AzureRmSqlServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName
187-
Remove-AzureRmSqlServerAuditing -ResourceGroupName $params.rgname -ServerName $params.serverName
188186
Assert-Throws {Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName}
189187

190188
# Check that NotificationRecipientsEmails are in correct format
191-
Set-AzureRmSqlDatabaseAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount
192189
Assert-Throws {Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -NotificationRecipientsEmails "kokogmail.com"}
193190

194191
# Check that EmailAdmins is not False and NotificationRecipientsEmails is not empty
195-
Assert-Throws {Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -EmailAdmins $false}
196-
Assert-Throws {Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -EmailAdmins $false -NotificationRecipientsEmails ""}
192+
Assert-Throws {Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -EmailAdmins $false -StorageAccountName $params.storageAccount}
193+
Assert-Throws {Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -EmailAdmins $false -NotificationRecipientsEmails "" -StorageAccountName $params.storageAccount}
197194

198195
# Check that ExcludedDetectionType doesn't hold None and any other type
199-
Assert-Throws {Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -EmailAdmins $true -ExcludedDetectionType "None", "Sql_Injection_Vulnerability" }
196+
Assert-Throws {Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -EmailAdmins $true -ExcludedDetectionType "None", "Sql_Injection_Vulnerability" -StorageAccountName $params.storageAccount}
200197
}
201198
finally
202199
{
@@ -212,20 +209,19 @@ Tests that thread detection doesn't work on 2.0 servers
212209
function Test-ThreatDetectionOnV2Server
213210
{
214211
# Setup
215-
$testSuffix = 5023
212+
$testSuffix = 5017
216213
Create-TestEnvironment $testSuffix "West Europe" "2.0" #Create-ThreatDetectionTestEnvironmentWithStorageV2 $testSuffix "2.0"
217214
$params = Get-SqlAuditingTestEnvironmentParameters $testSuffix #Get-SqlThreatDetectionTestEnvironmentParameters $testSuffix
218215

219216
try
220217
{
221218
Set-AzureRmSqlDatabaseAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount
222-
Assert-Throws {Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName}
223-
Assert-Throws {Get-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName}
219+
Assert-Throws {Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount}
220+
Assert-Throws {Get-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount}
224221

225222
Set-AzureRmSqlServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -StorageAccountName $params.storageAccount
226-
Assert-Throws {Set-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName}
227-
Assert-Throws {Get-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName}
228-
223+
Assert-Throws {Set-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -StorageAccountName $params.storageAccount}
224+
Assert-Throws {Get-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -StorageAccountName $params.storageAccount}
229225
}
230226
finally
231227
{
@@ -249,7 +245,7 @@ function Test-ThreatDetectionServerUpdatePolicy
249245
{
250246
# Test
251247
Set-AzureRmSqlServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -StorageAccountName $params.storageAccount
252-
Set-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -NotificationRecipientsEmails "koko@mailTest.com;koko1@mailTest.com" -EmailAdmins $false -ExcludedDetectionType Sql_Injection_Vulnerability
248+
Set-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -NotificationRecipientsEmails "koko@mailTest.com;koko1@mailTest.com" -EmailAdmins $false -ExcludedDetectionType Sql_Injection_Vulnerability -StorageAccountName $params.storageAccount
253249
$policy = Get-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName
254250

255251
# Assert
@@ -261,7 +257,7 @@ function Test-ThreatDetectionServerUpdatePolicy
261257

262258

263259
# Test
264-
Set-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -ExcludedDetectionType Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Usage_Anomaly
260+
Set-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -ExcludedDetectionType Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Usage_Anomaly -StorageAccountName $params.storageAccount
265261
$policy = Get-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName
266262

267263
# Assert
@@ -289,7 +285,7 @@ function Test-ThreatDetectionServerUpdatePolicy
289285
Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Usage_Anomaly)}
290286

291287
# Test
292-
Set-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -ExcludedDetectionType None
288+
Set-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -ExcludedDetectionType None -StorageAccountName $params.storageAccount
293289
$policy = Get-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName
294290

295291
# Assert

0 commit comments

Comments
 (0)