Merge pull request #8227 from talhers/master

Adding Advanced Threat Protection and Vulnerability Assessment cmdlets on Managed Instance

Author: MiYanni

src/Sql/Sql.Test/ScenarioTests/AdvancedDataSecurityManagedInstanceTests.cs

@@ -0,0 +1,44 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using Microsoft.Azure.Commands.ScenarioTest.SqlTests;
+using Microsoft.WindowsAzure.Commands.ScenarioTest;
+using Xunit;
+using Xunit.Abstractions;
+using RestTestFramework = Microsoft.Rest.ClientRuntime.Azure.TestFramework;
+
+namespace Microsoft.Azure.Commands.Sql.Test.ScenarioTests
+{
+    public class AdvancedDataSecurityManagedInstanceTests : SqlTestsBase
+    {
+        protected override void SetupManagementClients(RestTestFramework.MockContext context)
+        {
+            var sqlClient = GetSqlClient(context);
+            var resourcesClient = GetResourcesClient(context);
+            var networkClient = GetNetworkClient(context);
+            Helper.SetupSomeOfManagementClients(sqlClient, networkClient, resourcesClient);
+        }
+
+        public AdvancedDataSecurityManagedInstanceTests(ITestOutputHelper output) : base(output)
+        {
+        }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void AdvancedDataSecurityPolicyTest()
+        {
+            RunPowerShellTest("Test-AdvancedDataSecurityPolicyManagedInstanceTest");
+        }
+    }
+}

src/Sql/Sql.Test/ScenarioTests/AdvancedDataSecurityManagedInstanceTests.ps1

@@ -0,0 +1,91 @@
+# ----------------------------------------------------------------------------------
+#
+# Copyright Microsoft Corporation
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ----------------------------------------------------------------------------------
+
+<#
+.SYNOPSIS
+Tests the Advanced Threat Protection Policy cmdlets
+#>
+function Test-AdvancedDataSecurityPolicyManagedInstanceTest
+{
+	# Setup
+	$testSuffix = getAssetName
+	Create-AdvancedThreatProtectionManagedInstanceTestEnvironment $testSuffix
+	$params = Get-SqlAdvancedThreatProtectionManagedInstanceTestEnvironmentParameters $testSuffix
+
+	try
+	{
+		# Get Advanced Threat Protection Policy
+		$policy = Get-AzSqlInstanceAdvancedDataSecurityPolicy -ResourceGroupName $params.rgname -InstanceName $params.serverName 
+				
+		# Validate the policy
+		Assert-AreEqual $params.rgname $policy.ResourceGroupName
+		Assert-AreEqual $params.serverName $policy.ManagedInstanceName
+		Assert-False { $policy.IsEnabled }
+
+		# Enabled Advanced Threat Protection Policy
+		Enable-AzSqlInstanceAdvancedDataSecurity -ResourceGroupName $params.rgname -InstanceName $params.serverName 
+		$policy = Get-AzSqlInstanceAdvancedDataSecurityPolicy -ResourceGroupName $params.rgname -InstanceName $params.serverName 
+				
+		# Validate the policy
+		Assert-AreEqual $params.rgname $policy.ResourceGroupName
+		Assert-AreEqual $params.serverName $policy.ManagedInstanceName
+		Assert-True { $policy.IsEnabled }
+
+		# Disable Advanced Threat Protection Policy
+		Disable-AzSqlInstanceAdvancedDataSecurity -ResourceGroupName $params.rgname -InstanceName $params.serverName 
+		$policy = Get-AzSqlInstanceAdvancedDataSecurityPolicy -ResourceGroupName $params.rgname -InstanceName $params.serverName 
+				
+		# Validate the policy
+		Assert-AreEqual $params.rgname $policy.ResourceGroupName
+		Assert-AreEqual $params.serverName $policy.ManagedInstanceName
+		Assert-False { $policy.IsEnabled }
+	}
+	finally
+	{
+		# Cleanup
+		Remove-AdvancedThreatProtectionManagedInstanceTestEnvironment $testSuffix
+	}
+}
+
+<#
+.SYNOPSIS
+Creates the test environment needed to perform the tests
+#>
+function Create-AdvancedThreatProtectionManagedInstanceTestEnvironment ($testSuffix, $location = "West Central US")
+{
+	$params = Get-SqlAdvancedThreatProtectionManagedInstanceTestEnvironmentParameters $testSuffix
+	Create-BasicManagedTestEnvironmentWithParams $params $location
+}
+
+<#
+.SYNOPSIS
+Gets the values of the parameters used at the tests
+#>
+function Get-SqlAdvancedThreatProtectionManagedInstanceTestEnvironmentParameters ($testSuffix)
+{
+	return @{ rgname = "sql-atp-cmdlet-test-rg" +$testSuffix;
+			  serverName = "sql-atp-cmdlet-server" +$testSuffix;
+			  databaseName = "sql-atp-cmdlet-db" + $testSuffix;
+			  }
+}
+
+<#
+.SYNOPSIS
+Removes the test environment that was needed to perform the tests
+#>
+function Remove-AdvancedThreatProtectionManagedInstanceTestEnvironment ($testSuffix)
+{
+	$params = Get-SqlAdvancedThreatProtectionManagedInstanceTestEnvironmentParameters $testSuffix
+	Remove-AzureRmResourceGroup -Name $params.rgname -Force
+}

src/Sql/Sql.Test/ScenarioTests/Common.ps1

@@ -144,6 +144,17 @@ function Create-TestEnvironmentWithParams ($params, $location, $serverVersion)
 	Wait-Seconds 10
 }
 
+<#
+.SYNOPSIS
+Creates the test environment needed to perform the Sql vulnerability assessment tests on managed instance
+#>
+function Create-InstanceTestEnvironmentWithParams ($params, $location)
+{
+	Create-BasicManagedTestEnvironmentWithParams $params $location
+
+	New-AzureRmStorageAccount -StorageAccountName $params.storageAccount -ResourceGroupName $params.rgname -Location $location -Type Standard_GRS
+}
+
 <#
 .SYNOPSIS
 Creates the test environment needed to perform the Sql auditing tests
@@ -177,6 +188,33 @@ function Create-BasicTestEnvironmentWithParams ($params, $location, $serverVersi
 	New-AzSqlDatabase -DatabaseName $params.databaseName -ResourceGroupName $params.rgname -ServerName $params.serverName -Edition Basic
 }
 
+<#
+.SYNOPSIS
+Creates the basic test environment needed to perform the Sql data security tests - resource group, managed instance and managed database
+#>
+function Create-BasicManagedTestEnvironmentWithParams ($params, $location)
+{
+	New-AzureRmResourceGroup -Name $params.rgname -Location $location
+	
+	# Setup VNET 
+	$vnetName = "cl_initial"
+	$subnetName = "Cool"
+	$virtualNetwork1 = CreateAndGetVirtualNetworkForManagedInstance $vnetName $subnetName
+	$subnetId = $virtualNetwork1.Subnets.where({ $_.Name -eq $subnetName }).Id
+	$credentials = Get-ServerCredential
+ 	$licenseType = "BasePrice"
+  	$storageSizeInGB = 32
+ 	$vCore = 16
+ 	$skuName = "GP_Gen4"
+	$collation = "SQL_Latin1_General_CP1_CI_AS"
+
+	$managedInstance = New-AzureRmSqlInstance -ResourceGroupName $params.rgname -Name $params.serverName `
+ 			-Location $location -AdministratorCredential $credentials -SubnetId $subnetId `
+  			-LicenseType $licenseType -StorageSizeInGB $storageSizeInGB -Vcore $vCore -SkuName $skuName
+
+	New-AzureRmSqlInstanceDatabase -ResourceGroupName $params.rgname -InstanceName $params.serverName -Name $params.databaseName -Collation $collation
+}
+
 <#
 .SYNOPSIS
 Creates the test environment needed to perform the Sql data masking tests

src/Sql/Sql.Test/ScenarioTests/VulnerabilityAssessmentMiTests.cs

@@ -0,0 +1,93 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using Microsoft.Azure.Commands.ScenarioTest.SqlTests;
+using Microsoft.WindowsAzure.Commands.ScenarioTest;
+using Xunit;
+using Xunit.Abstractions;
+using RestTestFramework = Microsoft.Rest.ClientRuntime.Azure.TestFramework;
+
+namespace Microsoft.Azure.Commands.Sql.Test.ScenarioTests
+{
+    public class VulnerabilityAssessmentMiTests : SqlTestsBase
+    {
+        protected override void SetupManagementClients(RestTestFramework.MockContext context)
+        {
+            var sqlClient = GetSqlClient(context);
+            var storageV2Client = GetStorageManagementClient(context);
+            var newResourcesClient = GetResourcesClient(context);
+            var networkClient = GetNetworkClient(context);
+            Helper.SetupSomeOfManagementClients(sqlClient, storageV2Client, newResourcesClient, networkClient);
+
+        }
+
+        public VulnerabilityAssessmentMiTests(ITestOutputHelper output) : base(output)
+        {
+        }
+
+        #region Policy Tests
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void VulnerabilityAssessmentManagedInstanceWithAtpOffTest()
+        {
+            RunPowerShellTest("Test-VulnerabilityAssessmentManagedInstanceWithAtpOffTest");
+        }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void VulnerabilityAssessmentManagedInstanceWithSettingsNotDefinedTest()
+        {
+            RunPowerShellTest("Test-VulnerabilityAssessmentManagedInstanceWithSettingsNotDefinedTest");
+        }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void VulnerabilityAssessmentManagedInstanceSettingsTest()
+        {
+            RunPowerShellTest("Test-VulnerabilityAssessmentManagedInstanceSettingsTest");
+        }
+
+        #endregion
+
+        #region Baseline Tests
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void VulnerabilityAssessmentManagedInstanceBaselineTest()
+        {
+            RunPowerShellTest("Test-VulnerabilityAssessmentManagedInstanceBaselineTest");
+        }
+
+        #endregion
+
+        #region Scan Tests
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void VulnerabilityAssessmentManagedInstanceScanRecordGetListTest()
+        {
+            RunPowerShellTest("Test-VulnerabilityAssessmentManagedInstanceScanRecordGetListTest");
+        }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void VulnerabilityAssessmentManagedInstanceScanConvertTest()
+        {
+            RunPowerShellTest("Test-VulnerabilityAssessmentManagedInstanceScanConvertTest");
+        }
+
+        #endregion
+    }
+}