Re add 'AUDIT_CHANGE_GROUP' and write warning instead when used

Author: ranisha2

src/ResourceManager/Sql/Commands.Sql/Auditing/Cmdlet/AuditingSettings/SqlDatabaseAuditingCmdletBase.cs

@@ -13,10 +13,12 @@
 // ----------------------------------------------------------------------------------
 
 using System;
+using System.Linq;
 using Microsoft.Azure.Commands.Common.Authentication.Models;
 using Microsoft.Azure.Commands.Sql.Auditing.Model;
 using Microsoft.Azure.Commands.Sql.Auditing.Services;
 using Microsoft.Azure.Commands.Sql.Common;
+using Microsoft.Azure.Commands.Sql.Properties;
 using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
 
 namespace Microsoft.Azure.Commands.Sql.Auditing.Cmdlet
@@ -54,6 +56,15 @@ protected override SqlAuditAdapter InitModelAdapter(IAzureSubscription subscript
         /// <param name="model">The model object with the data to be sent to the REST endpoints</param>
         protected override DatabaseBlobAuditingSettingsModel PersistChanges(DatabaseBlobAuditingSettingsModel model)
         {
+            if (Array.IndexOf(model.AuditActionGroup, AuditActionGroups.AUDIT_CHANGE_GROUP) > -1)
+            {
+                // AUDIT_CHANGE_GROUP is not supported.
+                WriteWarning(Resources.auditChangeGroupDeprecationMessage);
+
+                // Remove it
+                model.AuditActionGroup = model.AuditActionGroup.Where(v => v != AuditActionGroups.AUDIT_CHANGE_GROUP).ToArray();
+            }
+
             ModelAdapter.SetDatabaseBlobAuditingPolicyV2(model, DefaultContext.Environment.GetEndpoint(AzureEnvironment.Endpoint.StorageEndpointSuffix));
 
             return null;

src/ResourceManager/Sql/Commands.Sql/Auditing/Cmdlet/AuditingSettings/SqlServerAuditingCmdletBase.cs

@@ -12,12 +12,15 @@
 // limitations under the License.
 // ----------------------------------------------------------------------------------
 
+using System;
+using System.Linq;
+using System.Management.Automation;
 using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
 using Microsoft.Azure.Commands.Common.Authentication.Models;
 using Microsoft.Azure.Commands.Sql.Auditing.Model;
 using Microsoft.Azure.Commands.Sql.Auditing.Services;
 using Microsoft.Azure.Commands.Sql.Common;
-using System.Management.Automation;
+using Microsoft.Azure.Commands.Sql.Properties;
 
 namespace Microsoft.Azure.Commands.Sql.Auditing.Cmdlet
 {
@@ -61,6 +64,15 @@ protected override SqlAuditAdapter InitModelAdapter(IAzureSubscription subscript
         /// <param name="baseModel">The model object with the data to be sent to the REST endpoints</param>
         protected override ServerBlobAuditingSettingsModel PersistChanges(ServerBlobAuditingSettingsModel baseModel)
         {
+            if (Array.IndexOf(baseModel.AuditActionGroup, AuditActionGroups.AUDIT_CHANGE_GROUP) > -1)
+            {
+                // AUDIT_CHANGE_GROUP is not supported.
+                WriteWarning(Resources.auditChangeGroupDeprecationMessage);
+
+                // Remove it
+                baseModel.AuditActionGroup = baseModel.AuditActionGroup.Where(v => v != AuditActionGroups.AUDIT_CHANGE_GROUP).ToArray();
+            }
+
             ModelAdapter.SetServerAuditingPolicy(baseModel, DefaultContext.Environment.GetEndpoint(AzureEnvironment.Endpoint.StorageEndpointSuffix));
 
             return null;

src/ResourceManager/Sql/Commands.Sql/Auditing/Model/BaseBlobAuditingPolicyModel.cs

@@ -16,26 +16,27 @@ namespace Microsoft.Azure.Commands.Sql.Auditing.Model
 {
     public enum AuditActionGroups
     {
-            BATCH_STARTED_GROUP,
-            BATCH_COMPLETED_GROUP,
-            APPLICATION_ROLE_CHANGE_PASSWORD_GROUP,
-            BACKUP_RESTORE_GROUP,
-            DATABASE_LOGOUT_GROUP,
-            DATABASE_OBJECT_CHANGE_GROUP, 
-            DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP,
-            DATABASE_OBJECT_PERMISSION_CHANGE_GROUP,
-            DATABASE_OPERATION_GROUP,
-            DATABASE_PERMISSION_CHANGE_GROUP,
-            DATABASE_PRINCIPAL_CHANGE_GROUP,
-            DATABASE_PRINCIPAL_IMPERSONATION_GROUP,
-            DATABASE_ROLE_MEMBER_CHANGE_GROUP,
-            FAILED_DATABASE_AUTHENTICATION_GROUP,
-            SCHEMA_OBJECT_ACCESS_GROUP,
-            SCHEMA_OBJECT_CHANGE_GROUP, 
-            SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP,
-            SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP, 
-            SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,
-            USER_CHANGE_PASSWORD_GROUP,
+        BATCH_STARTED_GROUP,
+        BATCH_COMPLETED_GROUP,
+        APPLICATION_ROLE_CHANGE_PASSWORD_GROUP,
+        BACKUP_RESTORE_GROUP,
+        DATABASE_LOGOUT_GROUP,
+        DATABASE_OBJECT_CHANGE_GROUP, 
+        DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP,
+        DATABASE_OBJECT_PERMISSION_CHANGE_GROUP,
+        DATABASE_OPERATION_GROUP,
+        AUDIT_CHANGE_GROUP,
+        DATABASE_PERMISSION_CHANGE_GROUP,
+        DATABASE_PRINCIPAL_CHANGE_GROUP,
+        DATABASE_PRINCIPAL_IMPERSONATION_GROUP,
+        DATABASE_ROLE_MEMBER_CHANGE_GROUP,
+        FAILED_DATABASE_AUTHENTICATION_GROUP,
+        SCHEMA_OBJECT_ACCESS_GROUP,
+        SCHEMA_OBJECT_CHANGE_GROUP, 
+        SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP,
+        SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP, 
+        SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,
+        USER_CHANGE_PASSWORD_GROUP
     }
 
     /// <summary>

src/ResourceManager/Sql/Commands.Sql/Properties/Resources.Designer.cs

@@ -399,4 +399,7 @@
   <data name="ServerDnsAliasNameExists" xml:space="preserve">
     <value>Server Dns Alias with name: '{0}' already exists.</value>
   </data>
+  <data name="auditChangeGroupDeprecationMessage" xml:space="preserve">
+    <value>The action group 'AUDIT_CHANGE_GROUP' is not supported. It will be removed in a future release.</value>
+  </data>
 </root>