Skip to content

add cmdlets Get/Start/convert-SynapseVulnerabilityAssessmentScan #13690

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 25 commits into from
Feb 3, 2021
Merged

add cmdlets Get/Start/convert-SynapseVulnerabilityAssessmentScan #13690

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
3e83191
SynapseVulnerabilityAssessmentScan
zesluo1 Dec 8, 2020
b1bc4ce
refine name
zesluo1 Dec 9, 2020
cbda9e6
refine function
zesluo1 Dec 10, 2020
4cda848
fix problem for StartAzureSynapseSqlPoolVulnerabilityAssessmentScan n…
zesluo1 Dec 14, 2020
3d1a05f
resolve conflicts
zesluo1 Jan 21, 2021
b066516
some draft codes
zesluo1 Jan 24, 2021
4ddc43e
resolve conflicets
zesluo1 Jan 24, 2021
0f32468
resolve confilct 2
zesluo1 Jan 25, 2021
bdc577c
removce strange sign
zesluo1 Jan 25, 2021
f4e8b5c
format code
zesluo1 Jan 25, 2021
739d295
refine function
zesluo1 Jan 26, 2021
e360705
add test
zesluo1 Jan 27, 2021
a33e9ca
add help doc
zesluo1 Jan 27, 2021
f072bdd
code refine
zesluo1 Jan 27, 2021
89924bf
format refine
zesluo1 Jan 27, 2021
c523f0f
update Az.Synapse.psd1
zesluo1 Jan 28, 2021
a4c7af6
Merge branch 'master' into zeshi/SynapseVulnerabilityAssessmentScan
zesluo1 Jan 28, 2021
a8cd993
add test json
zesluo1 Jan 28, 2021
dd3e48a
Merge branch 'zeshi/SynapseVulnerabilityAssessmentScan' of https://gi…
zesluo1 Jan 28, 2021
85779d3
refinde document
zesluo1 Jan 29, 2021
e30f65f
improve help examples
zesluo1 Feb 1, 2021
a3c7038
added test json
zesluo1 Feb 1, 2021
9acf177
added test json 2
zesluo1 Feb 2, 2021
e2695ba
improved test
zesluo1 Feb 2, 2021
549391c
add tests to credscansuppression
zesluo1 Feb 3, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions src/Synapse/Synapse.Test/ScenarioTests/VulnerabilityAssessmentTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,5 +35,23 @@ public void TestVulnerabilityAssessmentBaseline(){
_logger,
"Test-VulnerabilityAssessmentBaseline");
}

[Fact]
[Trait(Category.AcceptanceType, Category.CheckIn)]
public void TestVulnerabilityAssessmentScanRecordGetListTest()
{
NewInstance.RunPsTest(
_logger,
"Test-VulnerabilityAssessmentScanRecordGetListTest");
}

[Fact]
[Trait(Category.AcceptanceType, Category.CheckIn)]
public void TestVulnerabilityAssessmentScanConvertTest()
{
NewInstance.RunPsTest(
_logger,
"Test-VulnerabilityAssessmentScanConvertTest");
}
}
}
188 changes: 187 additions & 1 deletion src/Synapse/Synapse.Test/ScenarioTests/VulnerabilityAssessmentTests.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -161,11 +161,197 @@ function Test-VulnerabilityAssessmentBaseline
}
}

<#
.SYNOPSIS
Tests for vulnerability assessment scan , scan record get and list scenarios
#>
function Test-VulnerabilityAssessmentScanRecordGetListTest
{
# Setup
$testSuffix = getAssetName
Create-VulnerabilityAssessmentTestEnvironment $testSuffix
$params = Get-SqlVulnerabilityAssessmentTestEnvironmentParameters $testSuffix

try
{
# Turn on ATP
Enable-AzSynapseSqlAdvancedThreatProtection -ResourceGroupName $params.rgname -WorkspaceName $params.workspaceName -DoNotConfigureVulnerabilityAssessment

Update-AzSynapseSqlPoolVulnerabilityAssessmentSetting -ResourceGroupName $params.rgname -WorkspaceName $params.workspaceName -SqlPoolName $params.sqlPoolName `
-StorageAccountName $params.storageAccountName

# Trigger scan without scan IDconvert
try
{
Start-AzSynapseSqlPoolVulnerabilityAssessmentScan -ResourceGroupName $params.rgname -WorkspaceName $params.workspaceName -Name $params.sqlPoolName
}
catch
{
if ((Get-SynapseTestMode) -eq 'Playback')
{
# This command generated a scanId of DateTime.UtcNow.ToString("yyyyMMdd_HHmmss")
# So the recording will always fail
}
else
{
throw;
}
}

# Trigger scan as a Job with scan ID
$scanId1 = "cmdletGetListScan"
$scanJob = Start-AzSynapseSqlPoolVulnerabilityAssessmentScan -ResourceGroupName $params.rgname -WorkspaceName $params.workspaceName -Name $params.sqlPoolName -ScanId $scanId1 -AsJob
$scanJob | Wait-Job
$scanRecord1 = $scanJob | Receive-Job

# Validate the scan record that we got from the scan
Assert-AreEqual $params.rgname $scanRecord1.ResourceGroupName
Assert-AreEqual $params.workspaceName $scanRecord1.WorkspaceName
Assert-AreEqual $params.sqlPoolName $scanRecord1.SqlPoolName
Assert-AreEqual $scanId1 $scanRecord1.ScanId
Assert-AreEqual "OnDemand" $scanRecord1.TriggerType

# Validate the scan record that we got from the get scan record cmdlet
$scanRecord1FromGet = Get-AzSynapseSqlPoolVulnerabilityAssessmentScanRecord -ResourceGroupName $params.rgname -WorkspaceName $params.workspaceName -Name $params.sqlPoolName -ScanId $scanId1

Assert-AreEqual $scanRecord1FromGet.ResourceGroupName $scanRecord1.ResourceGroupName
Assert-AreEqual $scanRecord1FromGet.WorkspaceName $scanRecord1.WorkspaceName
Assert-AreEqual $scanRecord1FromGet.SqlPoolName $scanRecord1.SqlPoolName
Assert-AreEqual $scanRecord1FromGet.ScanId $scanRecord1.ScanId
Assert-AreEqual $scanRecord1FromGet.TriggerType $scanRecord1.TriggerType
Assert-AreEqual $scanRecord1FromGet.State $scanRecord1.State
Assert-AreEqual $scanRecord1FromGet.StartTime $scanRecord1.StartTime
Assert-AreEqual $scanRecord1FromGet.EndTime $scanRecord1.EndTime
Assert-AreEqual $scanRecord1FromGet.Errors $scanRecord1.Errors
Assert-AreEqual $scanRecord1FromGet.ScanResultsLocationPath $scanRecord1.ScanResultsLocationPath
Assert-AreEqual $scanRecord1FromGet.NumberOfFailedSecurityChecks $scanRecord1.NumberOfFailedSecurityChecks

# Validate the scan record that we got from the get scan record cmdlet with piping
$scanRecord1FromGet = Get-AzSynapseSqlPool -ResourceGroupName $params.rgname -WorkspaceName $params.WorkspaceName -Name $params.SqlPoolName | Get-AzSynapseSqlPoolVulnerabilityAssessmentScanRecord `
-ScanId $scanId1

Assert-AreEqual $scanRecord1FromGet.ResourceGroupName $scanRecord1.ResourceGroupName
Assert-AreEqual $scanRecord1FromGet.WorkspaceName $scanRecord1.WorkspaceName
Assert-AreEqual $scanRecord1FromGet.SqlPoolName $scanRecord1.SqlPoolName
Assert-AreEqual $scanRecord1FromGet.ScanId $scanRecord1.ScanId
Assert-AreEqual $scanRecord1FromGet.TriggerType $scanRecord1.TriggerType
Assert-AreEqual $scanRecord1FromGet.State $scanRecord1.State
Assert-AreEqual $scanRecord1FromGet.StartTime $scanRecord1.StartTime
Assert-AreEqual $scanRecord1FromGet.EndTime $scanRecord1.EndTime
Assert-AreEqual $scanRecord1FromGet.Errors $scanRecord1.Errors
Assert-AreEqual $scanRecord1FromGet.ScanResultsLocationPath $scanRecord1.ScanResultsLocationPath
Assert-AreEqual $scanRecord1FromGet.NumberOfFailedSecurityChecks $scanRecord1.NumberOfFailedSecurityChecks

# Verify list scans
$excpectedScanCount = 2
$scanRecordList = Get-AzSynapseSqlPoolVulnerabilityAssessmentScanRecord -ResourceGroupName $params.rgname -WorkspaceName $params.WorkspaceName -Name $params.SqlPoolName
Assert-AreEqual $excpectedScanCount $scanRecordList.Count

$scanRecord1FromListCmdlet = $scanRecordList[$excpectedScanCount-1]
Assert-AreEqual $scanRecord1FromListCmdlet.ResourceGroupName $scanRecord1.ResourceGroupName
Assert-AreEqual $scanRecord1FromListCmdlet.WorkspaceName $scanRecord1.WorkspaceName
Assert-AreEqual $scanRecord1FromListCmdlet.SqlPoolName $scanRecord1.SqlPoolName
Assert-AreEqual $scanRecord1FromListCmdlet.ScanId $scanRecord1.ScanId
Assert-AreEqual $scanRecord1FromListCmdlet.TriggerType $scanRecord1.TriggerType
Assert-AreEqual $scanRecord1FromListCmdlet.State $scanRecord1.State
Assert-AreEqual $scanRecord1FromListCmdlet.StartTime $scanRecord1.StartTime
Assert-AreEqual $scanRecord1FromListCmdlet.EndTime $scanRecord1.EndTime
Assert-AreEqual $scanRecord1FromListCmdlet.Errors $scanRecord1.Errors
Assert-AreEqual $scanRecord1FromListCmdlet.ScanResultsLocationPath $scanRecord1.ScanResultsLocationPath
Assert-AreEqual $scanRecord1FromListCmdlet.NumberOfFailedSecurityChecks $scanRecord1.NumberOfFailedSecurityChecks

# Run scan with piping
$excpectedScanCount = $excpectedScanCount + 1
Get-AzSynapseSqlPool -ResourceGroupName $params.rgname -WorkspaceName $params.WorkspaceName -Name $params.SqlPoolName `
| Start-AzSynapseSqlPoolVulnerabilityAssessmentScan -ScanId $scanId1

# Verify list scans with piping
$scanRecordList = Get-AzSynapseSqlPool -ResourceGroupName $params.rgname -WorkspaceName $params.WorkspaceName -Name $params.SqlPoolName | Get-AzSynapseSqlPoolVulnerabilityAssessmentScanRecord
Assert-AreEqual $excpectedScanCount $scanRecordList.Count

$scanRecord1FromListCmdlet = $scanRecordList[$excpectedScanCount-1]
Assert-AreEqual $scanRecord1FromListCmdlet.ResourceGroupName $scanRecord1.ResourceGroupName
Assert-AreEqual $scanRecord1FromListCmdlet.WorkspaceName $scanRecord1.WorkspaceName
Assert-AreEqual $scanRecord1FromListCmdlet.SqlPoolName $scanRecord1.SqlPoolName
Assert-AreEqual $scanRecord1FromListCmdlet.ScanId $scanRecord1.ScanId
Assert-AreEqual $scanRecord1FromListCmdlet.TriggerType $scanRecord1.TriggerType
Assert-AreEqual $scanRecord1FromListCmdlet.State $scanRecord1.State
}
finally
{
# Cleanup
Remove-VulnerabilityAssessmentTestEnvironment $testSuffix
}
}

<#
.SYNOPSIS
Tests for vulnerability assessment scan Convert scenarios
#>
function Test-VulnerabilityAssessmentScanConvertTest
{
# Setup
$testSuffix = getAssetName
Create-VulnerabilityAssessmentTestEnvironment $testSuffix
$params = Get-SqlVulnerabilityAssessmentTestEnvironmentParameters $testSuffix

try
{
# Turn on ATP
Enable-AzSynapseSqlAdvancedThreatProtection -ResourceGroupName $params.rgname -WorkspaceName $params.workspaceName -DoNotConfigureVulnerabilityAssessment

Update-AzSynapseSqlPoolVulnerabilityAssessmentSetting -ResourceGroupName $params.rgname -WorkspaceName $params.workspaceName -SqlPoolName $params.sqlPoolName `
-StorageAccountName $params.storageAccountName

# Trigger a new scan
$scanId = "cmdletConvertScan"
Start-AzSynapseSqlPoolVulnerabilityAssessmentScan -ResourceGroupName $params.rgname -WorkspaceName $params.workspaceName -Name $params.sqlPoolName -ScanId $scanId

# Convert the scan
$convertScanObject = Convert-AzSynapseSqlPoolVulnerabilityAssessmentScan -ResourceGroupName $params.rgname -WorkspaceName $params.workspaceName -Name $params.sqlPoolName `
-ScanId $scanId

Assert-AreEqual $params.rgname $convertScanObject.ResourceGroupName
Assert-AreEqual $params.WorkspaceName $convertScanObject.WorkspaceName
Assert-AreEqual $params.SqlPoolName $convertScanObject.SqlPoolName
Assert-True -script { $convertScanObject.ExportedReportLocation.Contains($scanId) }
Assert-True -script { $convertScanObject.ExportedReportLocation.Contains($params.storageAccountName) }

# Convert the scan (piping scenario)
$scanId = "cmdletConvertScan1"
Start-AzSynapseSqlPoolVulnerabilityAssessmentScan -ResourceGroupName $params.rgname -WorkspaceName $params.workspaceName -Name $params.sqlPoolName -ScanId $scanId

$convertScanObject = Get-AzSynapseSqlPoolVulnerabilityAssessmentScanRecord -ResourceGroupName $params.rgname -WorkspaceName $params.workspaceName -Name $params.sqlPoolName `
-ScanId $scanId | Convert-AzSynapseSqlPoolVulnerabilityAssessmentScan

Assert-AreEqual $params.rgname $convertScanObject.ResourceGroupName
Assert-AreEqual $params.WorkspaceName $convertScanObject.WorkspaceName
Assert-AreEqual $params.SqlPoolName $convertScanObject.SqlPoolName
Assert-True -script { $convertScanObject.ExportedReportLocation.Contains($scanId) }
Assert-True -script { $convertScanObject.ExportedReportLocation.Contains($params.storageAccountName) }


# Clear SqlPool settings and define Workspace settings
Clear-AzSynapseSqlPoolVulnerabilityAssessmentSetting -ResourceGroupName $params.rgname -WorkspaceName $params.workspaceName -SqlPoolName $params.sqlPoolName

Update-AzSynapseSqlPoolVulnerabilityAssessmentSetting -ResourceGroupName $params.rgname -WorkspaceName $params.workspaceName -SqlPoolName $params.sqlPoolName `
-StorageAccountName $params.storageAccountName

# Run a scan and see that no exception is thrown
Start-AzSynapseSqlPoolVulnerabilityAssessmentScan -ResourceGroupName $params.rgname -WorkspaceName $params.workspaceName -Name $params.sqlPoolName -ScanId $scanId
}
finally
{
# Cleanup
Remove-VulnerabilityAssessmentTestEnvironment $testSuffix
}
}

<#
.SYNOPSIS
Creates the test environment needed to perform the tests
#>
function Create-VulnerabilityAssessmentTestEnvironment ($testSuffix, $location = "West Central US")
function Create-VulnerabilityAssessmentTestEnvironment ($testSuffix, $location = "North Europe")
{
$params = Get-SqlVulnerabilityAssessmentTestEnvironmentParameters $testSuffix
Create-TestEnvironmentWithParams $params $location
Expand Down
Loading