AzureSQL - Adding ConfirmAction usage, threat detection policy for servers, blob auditing policy properties

src/ResourceManager/Sql/Commands.Sql.Test/Commands.Sql.Test.csproj

@@ -71,7 +71,7 @@
     </Reference>
     <Reference Include="Microsoft.Azure.Management.Sql">
       <SpecificVersion>False</SpecificVersion>
-      <HintPath>..\..\..\packages\Microsoft.Azure.Management.Sql.0.48.0-prerelease\lib\net40\Microsoft.Azure.Management.Sql.dll</HintPath>
+      <HintPath>..\..\..\packages\Microsoft.Azure.Management.Sql.0.50.0-prerelease\lib\net40\Microsoft.Azure.Management.Sql.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Azure.Management.Storage">
       <HintPath>..\..\..\packages\Microsoft.Azure.Management.Storage.2.4.0-preview\lib\net40\Microsoft.Azure.Management.Storage.dll</HintPath>
@@ -609,15 +609,16 @@
     <None Include="SessionRecords\Microsoft.Azure.Commands.Sql.Test.ScenarioTests.ThreatDetectionTests\InvalidArgumentsThreatDetection.json">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </None>
-    <None Include="SessionRecords\Microsoft.Azure.Commands.Sql.Test.ScenarioTests.ThreatDetectionTests\ThreatDetectionDatabaseGetDefualtPolicy.json">
-      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
-    </None>
     <None Include="SessionRecords\Microsoft.Azure.Commands.Sql.Test.ScenarioTests.ThreatDetectionTests\ThreatDetectionDatabaseUpdatePolicy.json">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </None>
+    <None Include="SessionRecords\Microsoft.Azure.Commands.Sql.Test.ScenarioTests.ThreatDetectionTests\ThreatDetectionGetDefualtPolicy.json" />
     <None Include="SessionRecords\Microsoft.Azure.Commands.Sql.Test.ScenarioTests.ThreatDetectionTests\ThreatDetectionOnV2Server.json">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </None>
+    <None Include="SessionRecords\Microsoft.Azure.Commands.Sql.Test.ScenarioTests.ThreatDetectionTests\ThreatDetectionServerUpdatePolicy.json">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
     <None Include="SessionRecords\Microsoft.Azure.Commands.Sql.Test.ScenarioTests.TransparentDataEncryptionCrudTests\TestDatabaseTransparentDataEncryptionGet.json">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>
@@ -672,4 +673,4 @@
     </EmbeddedResource>
   </ItemGroup>
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
-</Project>
+</Project>

src/ResourceManager/Sql/Commands.Sql.Test/ScenarioTests/AuditingTests.cs

@@ -29,15 +29,9 @@ protected override void SetupManagementClients(RestTestFramework.MockContext con
             var sqlCSMClient = GetSqlClient();
             var storageClient = GetStorageClient();
             var storageV2Client = GetStorageV2Client();
-            //TODO, Remove the MockDeploymentFactory call when the test is re-recorded
-            var resourcesClient = 
-              //  MockDeploymentClientFactory.GetResourceClient(
-                GetResourcesClient()
-              //  )
-                ;
+            var resourcesClient = GetResourcesClient();
             var authorizationClient = GetAuthorizationManagementClient();
-            var graphClient = GetGraphClient(context);
-            helper.SetupSomeOfManagementClients(sqlCSMClient, storageClient, storageV2Client, resourcesClient, authorizationClient, graphClient);
+            helper.SetupSomeOfManagementClients(sqlCSMClient, storageClient, storageV2Client, resourcesClient, authorizationClient);
         }
 
         public AuditingTests(ITestOutputHelper output)

src/ResourceManager/Sql/Commands.Sql.Test/ScenarioTests/AuditingTests.ps1

@@ -19,7 +19,7 @@ Tests that when setting the storage account property's value in a database's aud
 function Test-AuditingDatabaseUpdatePolicyWithStorageV2
 {
 	# Setup
-	$testSuffix = 103020
+	$testSuffix = 103222
 	Create-TestEnvironment $testSuffix
 	$params = Get-SqlAuditingTestEnvironmentParameters $testSuffix
 
@@ -118,7 +118,7 @@ Tests that when setting the storage account property's value in a server's audit
 function Test-AuditingServerUpdatePolicyWithStorage
 {
 	# Setup
-	$testSuffix = 261607
+	$testSuffix = 261883
 	Create-TestEnvironment $testSuffix
 	$params = Get-SqlAuditingTestEnvironmentParameters $testSuffix
 
@@ -147,7 +147,7 @@ storage account, you don't need to provide it.
 function Test-AuditingDatabaseUpdatePolicyKeepPreviousStorage
 {
 	# Setup
-	$testSuffix = 30251
+	$testSuffix = 30567
 	Create-TestEnvironment $testSuffix
 	$params = Get-SqlAuditingTestEnvironmentParameters $testSuffix
 
@@ -180,7 +180,7 @@ storage account, you don't need to provide it.
 function Test-AuditingServerUpdatePolicyKeepPreviousStorage
 {
 	# Setup
-	$testSuffix = 425607
+	$testSuffix = 425777
 	Create-TestEnvironment $testSuffix
 	$params = Get-SqlAuditingTestEnvironmentParameters $testSuffix
 
@@ -360,7 +360,7 @@ Tests the modification of a server's auditing policy event types with the 'All'
 function Test-AuditingServerUpdatePolicyWithEventTypeShortcuts
 {
 	# Setup
-	$testSuffix = 8015
+	$testSuffix = 8077
 	Create-TestEnvironment $testSuffix
 	$params = Get-SqlAuditingTestEnvironmentParameters $testSuffix
 
@@ -540,7 +540,7 @@ Tests that after marking a database as using its server's policy, when fetching
 function Test-AuditingUseServerDefault
 {
     # Setup
-	$testSuffix = 172497
+	$testSuffix = 172777
 	Create-TestEnvironment $testSuffix
 	$params = Get-SqlAuditingTestEnvironmentParameters $testSuffix
 
@@ -770,7 +770,7 @@ Tests that when setting the retention values of server policy, that values is la
 function Test-AuditingServerUpdatePolicyWithRetention
 {
 	# Setup
-	$testSuffix = 2022
+	$testSuffix = 2033
 	Create-TestEnvironment $testSuffix
 	$params = Get-SqlAuditingTestEnvironmentParameters $testSuffix
 
@@ -799,7 +799,7 @@ Tests that when setting the retention values of database policy, that values is
 function Test-AuditingDatabaseUpdatePolicyWithRetention
 {
 	# Setup
-	$testSuffix = 2035
+	$testSuffix = 2645
 	Create-TestEnvironment $testSuffix
 	$params = Get-SqlAuditingTestEnvironmentParameters $testSuffix
 
@@ -828,7 +828,7 @@ Tests that after setting the retention values to a server auditing policy, this
 function Test-AuditingServerRetentionKeepProperties
 {
 	# Setup
-	$testSuffix = 2045
+	$testSuffix = 2077
 	Create-TestEnvironment $testSuffix
 	$params = Get-SqlAuditingTestEnvironmentParameters $testSuffix
 
@@ -868,7 +868,7 @@ Tests that after setting the retention values to a database auditing policy, thi
 function Test-AuditingDatabaseRetentionKeepProperties
 {
 	# Setup
-	$testSuffix = 20551
+	$testSuffix = 20555
 	Create-TestEnvironment $testSuffix
 	$params = Get-SqlAuditingTestEnvironmentParameters $testSuffix
 
@@ -950,7 +950,7 @@ Tests that when modifying properties of a server's blob auditing policy, these p
 function Test-BlobAuditingOnServer
 {
 	# Setup
-	$testSuffix = 8822
+	$testSuffix = 881277
 	Create-TestEnvironment $testSuffix "Japan East"
 	$params = Get-SqlAuditingTestEnvironmentParameters $testSuffix
 

src/ResourceManager/Sql/Commands.Sql.Test/ScenarioTests/Common.ps1

@@ -76,14 +76,14 @@ function Create-TestEnvironmentWithParams ($params, $location, $serverVersion)
 {
 	New-AzureRmResourceGroup -Name $params.rgname -Location $location
 
+	New-AzureRmStorageAccount -StorageAccountName $params.storageAccount  -ResourceGroupName $params.rgname  -Location $location  -Type Standard_GRS 
+
 	$serverName = $params.serverName
 	$serverLogin = "audittestusername"
 	$serverPassword = "t357ingP@s5w0rd!Audit"
 	$credentials = new-object System.Management.Automation.PSCredential($serverLogin, ($serverPassword | ConvertTo-SecureString -asPlainText -Force)) 
 	New-AzureRmSqlServer -ResourceGroupName  $params.rgname -ServerName $params.serverName -Location $location -ServerVersion $serverVersion -SqlAdministratorCredentials $credentials
 	New-AzureRmSqlDatabase -DatabaseName $params.databaseName  -ResourceGroupName $params.rgname -ServerName $params.serverName -Edition Basic
-	New-AzureRmStorageAccount -StorageAccountName $params.storageAccount  -ResourceGroupName $params.rgname  -Location $location  -Type Standard_GRS 
-
 
 #	$res = New-AzureRmResourceGroupDeployment -ResourceGroupName $params.rgname -TemplateFile sql_audit_test_env_setup_classic_storage.json -serverName $params.serverName -databaseName $params.databaseName -storageName $params.storageAccount
 }
@@ -247,7 +247,7 @@ function Remove-ResourceGroupForTest ($rg)
 	.SYNOPSIS
 	Creates the test environment needed to perform the Sql server CRUD tests
 #>
-function Create-ServerForTest ($resourceGroup, $serverVersion = "12.0", $location = "Japan East", $server)
+function Create-ServerForTest ($resourceGroup, $serverVersion = "12.0", $location = "Japan East")
 {
 	$serverName = Get-ServerName
 	$serverLogin = "testusername"

src/ResourceManager/Sql/Commands.Sql.Test/ScenarioTests/ElasticPoolCrudTests.ps1

@@ -185,7 +185,7 @@ function Test-RemoveElasticPool
 {
     # Setup 
 	$rg = Create-ResourceGroupForTest
-	$server = Create-ServerForTest $rg "Japan East"
+	$server = Create-ServerForTest $rg "12.0" "Japan East"
 
     $poolName = Get-ElasticPoolName
     $ep1 = New-AzureRmSqlElasticPool  -ServerName $server.ServerName -ResourceGroupName $rg.ResourceGroupName `
@@ -200,7 +200,7 @@ function Test-RemoveElasticPool
     try
     {
         # Create a pool with all values
-        Remove-AzureRmSqlElasticPool -ServerName $server.ServerName -ResourceGroupName $rg.ResourceGroupName -ElasticPoolName $ep1.ElasticPoolName -Force
+        Remove-AzureRmSqlElasticPool -ServerName $server.ServerName -ResourceGroupName $rg.ResourceGroupName -ElasticPoolName $ep1.ElasticPoolName –Confirm:$false
 
         # Create a pool using piping
         $ep2 | Remove-AzureRmSqlElasticPool -Force

src/ResourceManager/Sql/Commands.Sql.Test/ScenarioTests/SqlTestsBase.cs

@@ -54,8 +54,7 @@ protected virtual void SetupManagementClients(RestTestFramework.MockContext cont
             //TODO, Remove the MockDeploymentFactory call when the test is re-recorded
             var resourcesClient = MockDeploymentClientFactory.GetResourceClient(GetResourcesClient());
             var authorizationClient = GetAuthorizationManagementClient();
-            var graphClient = GetGraphClient(context);
-            helper.SetupSomeOfManagementClients(sqlCSMClient, storageClient, resourcesClient, authorizationClient, graphClient);
+            helper.SetupSomeOfManagementClients(sqlCSMClient, storageClient, resourcesClient, authorizationClient);
         }
 
         protected void RunPowerShellTest(params string[] scripts)

src/ResourceManager/Sql/Commands.Sql.Test/ScenarioTests/ThreatDetectionTests.cs

@@ -43,9 +43,9 @@ public ThreatDetectionTests(ITestOutputHelper output)
 
         [Fact]
         [Trait(Category.AcceptanceType, Category.Sql)]
-        public void ThreatDetectionDatabaseGetDefualtPolicy()
+        public void ThreatDetectionGetDefualtPolicy()
         {
-            RunPowerShellTest("Test-ThreatDetectionDatabaseGetDefualtPolicy");
+            RunPowerShellTest("Test-ThreatDetectionGetDefualtPolicy");
         }
 
         [Fact]
@@ -55,6 +55,14 @@ public void ThreatDetectionDatabaseUpdatePolicy()
             RunPowerShellTest("Test-ThreatDetectionDatabaseUpdatePolicy");
         }
 
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.Sql)]
+        public void ThreatDetectionServerUpdatePolicy()
+        {
+            RunPowerShellTest("Test-ThreatDetectionServerUpdatePolicy");
+        }
+
+
         [Fact]
         [Trait(Category.AcceptanceType, Category.Sql)]
         public void DisablingThreatDetection()

src/ResourceManager/Sql/Commands.Sql.Test/ScenarioTests/ThreatDetectionTests.ps1

@@ -17,10 +17,10 @@
 .SYNOPSIS
 Tests the default values of database's threat detection policy
 #>
-function Test-ThreatDetectionDatabaseGetDefualtPolicy
+function Test-ThreatDetectionGetDefualtPolicy
 {
 	# Setup
-	$testSuffix = 4002
+	$testSuffix = 4006
 	Create-TestEnvironment $testSuffix "Japan East"#Create-ThreatDetectionTestEnvironmentWithStorageV2 $testSuffix
 	$params = Get-SqlAuditingTestEnvironmentParameters $testSuffix #Get-SqlThreatDetectionTestEnvironmentParameters $testSuffix
 
@@ -33,7 +33,16 @@ function Test-ThreatDetectionDatabaseGetDefualtPolicy
 		Assert-AreEqual $policy.ThreatDetectionState "New"
 		Assert-AreEqual $policy.NotificationRecipientsEmails ""
         Assert-True {$policy.EmailAdmins}
-        Assert-AreEqual $policy.ExcludedDetectionTypes.Length 0
+        Assert-AreEqual $policy.ExcludedDetectionTypes.Length 1
+
+		# Test
+		$policy = Get-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName
+
+        # Assert
+		Assert-AreEqual $policy.ThreatDetectionState "New"
+		Assert-AreEqual $policy.NotificationRecipientsEmails ""
+        Assert-True {$policy.EmailAdmins}
+        Assert-AreEqual $policy.ExcludedDetectionTypes.Length 1
 	}
 	finally
 	{
@@ -49,7 +58,7 @@ Tests that when modifying the properties of a databases's threat detection polic
 function Test-ThreatDetectionDatabaseUpdatePolicy
 {
 	# Setup
-	$testSuffix = 6002
+	$testSuffix = 6004
 	Create-TestEnvironment $testSuffix "Japan East"#Create-ThreatDetectionTestEnvironmentWithStorageV2 $testSuffix
 	$params = Get-SqlAuditingTestEnvironmentParameters $testSuffix #Get-SqlThreatDetectionTestEnvironmentParameters $testSuffix
 
@@ -120,7 +129,7 @@ Tests that when turning off auditing or marking it as "use server default" , thr
 function Test-DisablingThreatDetection
 {
 	# Setup
-	$testSuffix = 7005
+	$testSuffix = 7011
 	Create-TestEnvironment $testSuffix "Japan East"#Create-ThreatDetectionTestEnvironmentWithStorageV2 $testSuffix
 	$params = Get-SqlAuditingTestEnvironmentParameters $testSuffix #Get-SqlThreatDetectionTestEnvironmentParameters $testSuffix
 
@@ -163,7 +172,7 @@ Tests sending invalid arguments in database's threat detection
 function Test-InvalidArgumentsThreatDetection
 {
 	# Setup5
-	$testSuffix = 8009
+	$testSuffix = 8025
 	Create-TestEnvironment $testSuffix "Japan East"#Create-ThreatDetectionTestEnvironmentWithStorageV2 $testSuffix
 	$params = Get-SqlAuditingTestEnvironmentParameters $testSuffix #Get-SqlThreatDetectionTestEnvironmentParameters $testSuffix
 
@@ -210,13 +219,89 @@ function Test-ThreatDetectionOnV2Server
 	try
 	{
          Set-AzureRmSqlDatabaseAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount
-         Assert-Throws {Set-AzureRmSqlDatabaseAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount -ThreatDetectionState "Enabled"}
 		 Assert-Throws {Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName} 
 		 Assert-Throws {Get-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName} 
+
+		 Set-AzureRmSqlServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -StorageAccountName $params.storageAccount
+		 Assert-Throws {Set-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName} 
+		 Assert-Throws {Get-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName} 
+
 	}
 	finally
 	{
 		# Cleanup
 		Remove-ThreatDetectionTestEnvironment $testSuffix
 	}
-}
+}
+
+<#
+.SYNOPSIS
+Tests that when modifying the properties of a server's threat detection policy , they are later fetched properly
+#>
+function Test-ThreatDetectionServerUpdatePolicy
+{
+	# Setup
+	$testSuffix = 6027
+	Create-TestEnvironment $testSuffix "Japan East"#Create-ThreatDetectionTestEnvironmentWithStorageV2 $testSuffix
+	$params = Get-SqlAuditingTestEnvironmentParameters $testSuffix #Get-SqlThreatDetectionTestEnvironmentParameters $testSuffix
+
+	try
+	{
+		# Test
+        Set-AzureRmSqlServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -StorageAccountName $params.storageAccount
+        Set-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -NotificationRecipientsEmails "[email protected];[email protected]" -EmailAdmins $false -ExcludedDetectionType Sql_Injection_Vulnerability
+        $policy = Get-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName
+
+		# Assert
+		Assert-AreEqual $policy.ThreatDetectionState "Enabled"
+		Assert-AreEqual $policy.NotificationRecipientsEmails "[email protected];[email protected]"
+        Assert-False {$policy.EmailAdmins}
+        Assert-AreEqual $policy.ExcludedDetectionTypes.Length 1
+		Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Sql_Injection_Vulnerability)}
+
+
+        # Test
+        Set-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -ExcludedDetectionType Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Usage_Anomaly
+        $policy = Get-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName
+
+		# Assert
+		Assert-AreEqual $policy.ThreatDetectionState "Enabled"
+		Assert-AreEqual $policy.NotificationRecipientsEmails "[email protected];[email protected]"
+        Assert-False {$policy.EmailAdmins}
+        Assert-AreEqual $policy.ExcludedDetectionTypes.Length 4
+		Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Sql_Injection)}
+		Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Sql_Injection_Vulnerability)}
+		Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Access_Anomaly)}
+		Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Usage_Anomaly)}
+
+        # Test
+		Remove-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName
+		$policy = Get-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName
+
+		# Assert
+		Assert-AreEqual $policy.ThreatDetectionState "Disabled"
+		Assert-AreEqual $policy.NotificationRecipientsEmails "[email protected];[email protected]"
+        Assert-False {$policy.EmailAdmins}
+        Assert-AreEqual $policy.ExcludedDetectionTypes.Length 4
+		Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Sql_Injection)}
+		Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Sql_Injection_Vulnerability)}
+		Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Access_Anomaly)}
+		Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Usage_Anomaly)}
+
+	    # Test
+        Set-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName  -ExcludedDetectionType None
+        $policy = Get-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName
+
+		# Assert
+		Assert-AreEqual $policy.ThreatDetectionState "Enabled"
+		Assert-AreEqual $policy.NotificationRecipientsEmails "[email protected];[email protected]"
+        Assert-False {$policy.EmailAdmins}
+        Assert-AreEqual $policy.ExcludedDetectionTypes.Length 0	
+	}
+	finally
+	{
+		# Cleanup
+		Remove-ThreatDetectionTestEnvironment $testSuffix
+	}
+}
+