Skip to content

Adding storage account properties to SQL threat detection cmdlets #3219

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 16 commits into from
Nov 23, 2016
Merged

Adding storage account properties to SQL threat detection cmdlets #3219

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
09d083e
Merge pull request #9 from Azure/dev
yaakoviyun May 26, 2016
206fab1
Merge remote-tracking branch 'refs/remotes/Azure/dev' into dev
yaakoviyun Sep 28, 2016
ac22a3d
Merge remote-tracking branch 'refs/remotes/Azure/dev' into dev
yoavrubin Nov 3, 2016
9e6c52f
Merge remote-tracking branch 'refs/remotes/Azure/dev' into dev
yoavrubin Nov 7, 2016
d2c0a9f
Add Storage properties to SQL threat detection
yoavrubin Nov 7, 2016
3f9b11d
Updating help contents
yoavrubin Nov 9, 2016
9aa044b
removing AuditActions from server cmdlets
yoavrubin Nov 10, 2016
a161b21
Updating tests
yoavrubin Nov 10, 2016
708ddab
Updating failed test
yoavrubin Nov 10, 2016
1910d06
Updating delimiter in table auditing cmdlets
yoavrubin Nov 13, 2016
336b54e
Update ChangeLog.md
yoavrubin Nov 16, 2016
a43a99c
Update ChangeLog.md
yoavrubin Nov 17, 2016
8c00b07
Merge remote-tracking branch 'refs/remotes/Azure/dev' into dev
yaakoviyun Nov 23, 2016
d04ce60
Merge pull request #10 from yoavrubin/dev
yaakoviyun Nov 23, 2016
f9871ca
Merge branch 'dev' of https://github.com/yaakoviyun/azure-powershell …
yaakoviyun Nov 23, 2016
ce4f7e5
Updated the changelog
yaakoviyun Nov 23, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion src/ResourceManager/Sql/ChangeLog.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,5 +18,10 @@
- Additional information about change #1
-->
## Current Release
* Added storage properties to cmdlets for Azure SQL threat detection policy management at database and server level
- StorageAccountName
- RetentionInDays
* Removed the unsupported param "AuditAction" from Set-AzureSqlDatabaseServerAuditingPolicy
* Added new param "AuditAction" to Set-AzureSqlDatabaseAuditingPolicy

## Version 2.3.0
## Version 2.3.0
9 changes: 3 additions & 6 deletions src/ResourceManager/Sql/Commands.Sql.Test/ScenarioTests/AuditingTests.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -949,7 +949,7 @@ Tests that when modifying properties of a server's blob auditing policy, these p
function Test-BlobAuditingOnServer
{
# Setup
$testSuffix = 881277
$testSuffix = 881267
Create-TestEnvironment $testSuffix "Japan East"
$params = Get-SqlAuditingTestEnvironmentParameters $testSuffix

Expand Down Expand Up @@ -1049,7 +1049,7 @@ Tests that after migrating between server audit types the returned policy is of
function Test-ServerAuditingTypeMigration
{
# Setup
$testSuffix = 554412
$testSuffix = 584412
Create-TestEnvironment $testSuffix "Japan East"
$params = Get-SqlAuditingTestEnvironmentParameters $testSuffix
$dbName = $params.databaseName
Expand All @@ -1065,16 +1065,13 @@ function Test-ServerAuditingTypeMigration
Assert-True {$policy.EventType.Contains([Microsoft.Azure.Commands.Sql.Auditing.Model.AuditEventType]::PlainSQL_Success)}

# Test
$UpdateAuditAction = "UPDATE ON schema::[dbo] BY [public]"
Set-AzureRmSqlServerAuditingPolicy -AuditType Blob -ResourceGroupName $params.rgname -ServerName $params.serverName -StorageAccountName $params.storageAccount -AuditActionGroup FAILED_DATABASE_AUTHENTICATION_GROUP -RetentionInDays 4 -AuditAction $updateAuditAction
Set-AzureRmSqlServerAuditingPolicy -AuditType Blob -ResourceGroupName $params.rgname -ServerName $params.serverName -StorageAccountName $params.storageAccount -AuditActionGroup FAILED_DATABASE_AUTHENTICATION_GROUP -RetentionInDays 4
$policy = Get-AzureRmSqlServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName

# Assert
Assert-AreEqual $policy.AuditState "Enabled"
Assert-AreEqual $policy.AuditActionGroup.Length 1
Assert-True {$policy.AuditActionGroup.Contains([Microsoft.Azure.Commands.Sql.Auditing.Model.AuditActionGroups]::FAILED_DATABASE_AUTHENTICATION_GROUP)}
Assert-AreEqual $policy.AuditAction.Length 1
Assert-AreEqual $policy.AuditAction[0] $UpdateAuditAction
Assert-AreEqual $policy.RetentionInDays 4

# Test
Expand Down
44 changes: 20 additions & 24 deletions src/ResourceManager/Sql/Commands.Sql.Test/ScenarioTests/ThreatDetectionTests.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,20 +58,21 @@ Tests that when modifying the properties of a databases's threat detection polic
function Test-ThreatDetectionDatabaseUpdatePolicy
{
# Setup
$testSuffix = 6004
$testSuffix = 6002
Create-TestEnvironment $testSuffix "Japan East"#Create-ThreatDetectionTestEnvironmentWithStorageV2 $testSuffix
$params = Get-SqlAuditingTestEnvironmentParameters $testSuffix #Get-SqlThreatDetectionTestEnvironmentParameters $testSuffix

try
{
# Test
Set-AzureRmSqlDatabaseAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount
Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -NotificationRecipientsEmails "[email protected];[email protected]" -EmailAdmins $false -ExcludedDetectionType "Sql_Injection_Vulnerability"
Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -NotificationRecipientsEmails "[email protected];[email protected]" -EmailAdmins $false -ExcludedDetectionType "Sql_Injection_Vulnerability" -StorageAccountName $params.storageAccount
$policy = Get-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName

# Assert
Assert-AreEqual $policy.ThreatDetectionState "Enabled"
Assert-AreEqual $policy.NotificationRecipientsEmails "[email protected];[email protected]"
Assert-AreEqual $policy.StorageAccountName $params.storageAccount
Assert-False {$policy.EmailAdmins}
Assert-AreEqual $policy.ExcludedDetectionTypes.Length 1
Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Sql_Injection_Vulnerability)}
Expand All @@ -86,6 +87,7 @@ function Test-ThreatDetectionDatabaseUpdatePolicy
Assert-AreEqual $policy.NotificationRecipientsEmails "[email protected];[email protected]"
Assert-False {$policy.EmailAdmins}
Assert-AreEqual $policy.ExcludedDetectionTypes.Length 4
Assert-AreEqual $policy.StorageAccountName $params.storageAccount
Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Sql_Injection)}
Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Sql_Injection_Vulnerability)}
Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Access_Anomaly)}
Expand Down Expand Up @@ -129,15 +131,15 @@ Tests that when turning off auditing or marking it as "use server default" , thr
function Test-DisablingThreatDetection
{
# Setup
$testSuffix = 7019
$testSuffix = 7079
Create-TestEnvironment $testSuffix "Japan East"#Create-ThreatDetectionTestEnvironmentWithStorageV2 $testSuffix
$params = Get-SqlAuditingTestEnvironmentParameters $testSuffix #Get-SqlThreatDetectionTestEnvironmentParameters $testSuffix

try
{
# 1. Test
Set-AzureRmSqlDatabaseAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount
Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName
Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount
$policy = Get-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName

# Assert
Expand All @@ -155,7 +157,7 @@ function Test-DisablingThreatDetection
# 3. Test - that no exception is thrown
Set-AzureRmSqlServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -StorageAccountName $params.storageAccount
Use-AzureRmSqlServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName
Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName
Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount
$policy = Get-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName
}
finally
Expand All @@ -172,31 +174,26 @@ Tests sending invalid arguments in database's threat detection
function Test-InvalidArgumentsThreatDetection
{
# Setup5
$testSuffix = 8025
$testSuffix = 8027
Create-TestEnvironment $testSuffix "Japan East"#Create-ThreatDetectionTestEnvironmentWithStorageV2 $testSuffix
$params = Get-SqlAuditingTestEnvironmentParameters $testSuffix #Get-SqlThreatDetectionTestEnvironmentParameters $testSuffix

try
{
# turning on threat detection without auditing
Assert-Throws {Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName}
# turning on threat detection without storage account

Set-AzureRmSqlDatabaseAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount
Set-AzureRmSqlServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -StorageAccountName $params.storageAccount
Use-AzureRmSqlServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName
Remove-AzureRmSqlServerAuditing -ResourceGroupName $params.rgname -ServerName $params.serverName
Assert-Throws {Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName}

# Check that NotificationRecipientsEmails are in correct format
Set-AzureRmSqlDatabaseAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount
Assert-Throws {Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -NotificationRecipientsEmails "kokogmail.com"}

# Check that EmailAdmins is not False and NotificationRecipientsEmails is not empty
Assert-Throws {Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -EmailAdmins $false}
Assert-Throws {Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -EmailAdmins $false -NotificationRecipientsEmails ""}
Assert-Throws {Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -EmailAdmins $false -StorageAccountName $params.storageAccount}
Assert-Throws {Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -EmailAdmins $false -NotificationRecipientsEmails "" -StorageAccountName $params.storageAccount}

# Check that ExcludedDetectionType doesn't hold None and any other type
Assert-Throws {Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -EmailAdmins $true -ExcludedDetectionType "None", "Sql_Injection_Vulnerability" }
Assert-Throws {Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -EmailAdmins $true -ExcludedDetectionType "None", "Sql_Injection_Vulnerability" -StorageAccountName $params.storageAccount}
}
finally
{
Expand All @@ -212,20 +209,19 @@ Tests that thread detection doesn't work on 2.0 servers
function Test-ThreatDetectionOnV2Server
{
# Setup
$testSuffix = 5023
$testSuffix = 5017
Create-TestEnvironment $testSuffix "West Europe" "2.0" #Create-ThreatDetectionTestEnvironmentWithStorageV2 $testSuffix "2.0"
$params = Get-SqlAuditingTestEnvironmentParameters $testSuffix #Get-SqlThreatDetectionTestEnvironmentParameters $testSuffix

try
{
Set-AzureRmSqlDatabaseAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount
Assert-Throws {Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName}
Assert-Throws {Get-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName}
Assert-Throws {Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount}
Assert-Throws {Get-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount}

Set-AzureRmSqlServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -StorageAccountName $params.storageAccount
Assert-Throws {Set-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName}
Assert-Throws {Get-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName}

Assert-Throws {Set-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -StorageAccountName $params.storageAccount}
Assert-Throws {Get-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -StorageAccountName $params.storageAccount}
}
finally
{
Expand All @@ -249,7 +245,7 @@ function Test-ThreatDetectionServerUpdatePolicy
{
# Test
Set-AzureRmSqlServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -StorageAccountName $params.storageAccount
Set-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -NotificationRecipientsEmails "[email protected];[email protected]" -EmailAdmins $false -ExcludedDetectionType Sql_Injection_Vulnerability
Set-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -NotificationRecipientsEmails "[email protected];[email protected]" -EmailAdmins $false -ExcludedDetectionType Sql_Injection_Vulnerability -StorageAccountName $params.storageAccount
$policy = Get-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName

# Assert
Expand All @@ -261,7 +257,7 @@ function Test-ThreatDetectionServerUpdatePolicy


# Test
Set-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -ExcludedDetectionType Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Usage_Anomaly
Set-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -ExcludedDetectionType Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Usage_Anomaly -StorageAccountName $params.storageAccount
$policy = Get-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName

# Assert
Expand Down Expand Up @@ -289,7 +285,7 @@ function Test-ThreatDetectionServerUpdatePolicy
Assert-True {$policy.ExcludedDetectionTypes.Contains([Microsoft.Azure.Commands.Sql.ThreatDetection.Model.DetectionType]::Usage_Anomaly)}

# Test
Set-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -ExcludedDetectionType None
Set-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -ExcludedDetectionType None -StorageAccountName $params.storageAccount
$policy = Get-AzureRmSqlServerThreatDetectionPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName

# Assert
Expand Down
Loading