Code without tests.

bashahee · bashahee · commit 5bf8ca94a2ba · 2018-06-10T16:15:44.000+03:00
Code without tests.
diff --git a/src/ResourceManager/Sql/Commands.Sql/Auditing/AuditingHelpMessages.cs b/src/ResourceManager/Sql/Commands.Sql/Auditing/AuditingHelpMessages.cs
@@ -10,6 +10,8 @@ This parameter is not required.
 If you do not specify this parameter, the cmdlet uses the storage account that was defined previously as part of the auditing policy.  
 If this is the first time an auditing policy is defined and you do not specify this parameter, the cmdlet fails.";
 
+        public const string AuditStorageAccountSubscriptionIdHelpMessage = "Specifies the id of the storage account subscription";
+
         public const string StorageKeyTypeHelpMessage = "Specifies which of the storage access keys to use.";
 
         public const string RetentionInDaysHelpMessage = "The number of retention days for the audit logs.";
diff --git a/src/ResourceManager/Sql/Commands.Sql/Auditing/Cmdlet/AuditingSettings/SetAzureSqlDatabaseAuditing.cs b/src/ResourceManager/Sql/Commands.Sql/Auditing/Cmdlet/AuditingSettings/SetAzureSqlDatabaseAuditing.cs
@@ -60,6 +60,13 @@ public class SetAzureSqlDatabaseAuditing : SqlDatabaseAuditingSettingsCmdletBase
         [ValidateNotNullOrEmpty]
         public string StorageAccountName { get; set; }
 
+        /// <summary>
+        /// Gets or sets the id of the storage account subscription to use.
+        /// </summary>
+        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = AuditingHelpMessages.AuditStorageAccountSubscriptionIdHelpMessage)]
+        [ValidateNotNullOrEmpty]
+        public Guid StorageAccountSubscriptionId { get; set; }
+
         /// <summary>
         /// Gets or sets the type of the storage key.
         /// </summary>
@@ -118,6 +125,11 @@ protected override DatabaseBlobAuditingSettingsModel ApplyUserInputToModel(Datab
                 model.AuditAction = AuditAction;
             }
 
+            if (!StorageAccountSubscriptionId.Equals(Guid.Empty))
+            {
+                model.StorageAccountSubscriptionId = StorageAccountSubscriptionId;
+            }
+
             return model;
         }
     }
diff --git a/src/ResourceManager/Sql/Commands.Sql/Auditing/Cmdlet/AuditingSettings/SetAzureSqlServerAuditing.cs b/src/ResourceManager/Sql/Commands.Sql/Auditing/Cmdlet/AuditingSettings/SetAzureSqlServerAuditing.cs
@@ -54,6 +54,13 @@ public class SetAzureSqlServerAuditing : SqlServerAuditingSettingsCmdletBase
         [ValidateNotNullOrEmpty]
         public string StorageAccountName { get; set; }
 
+        /// <summary>
+        /// Gets or sets the id of the storage account subscription to use.
+        /// </summary>
+        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = AuditingHelpMessages.AuditStorageAccountSubscriptionIdHelpMessage)]
+        [ValidateNotNullOrEmpty]
+        public Guid StorageAccountSubscriptionId { get; set; }
+
         /// <summary>
         /// Gets or sets the name of the storage account to use.
         /// </summary>
@@ -103,6 +110,11 @@ protected override ServerBlobAuditingSettingsModel ApplyUserInputToModel(ServerB
                 model.AuditActionGroup = AuditActionGroup;
             }
 
+            if (!StorageAccountSubscriptionId.Equals(Guid.Empty))
+            {
+                model.StorageAccountSubscriptionId = StorageAccountSubscriptionId;
+            }
+
             return model;
         }
     }
diff --git a/src/ResourceManager/Sql/Commands.Sql/Auditing/Model/AuditingPolicyModel.cs b/src/ResourceManager/Sql/Commands.Sql/Auditing/Model/AuditingPolicyModel.cs
@@ -12,6 +12,8 @@
 // limitations under the License.
 // ----------------------------------------------------------------------------------
 
+using System;
+
 namespace Microsoft.Azure.Commands.Sql.Auditing.Model
 {
     /// <summary>
@@ -55,6 +57,11 @@ public abstract class AuditingPolicyModel
         /// </summary>
         public string StorageAccountName { get; set; }
 
+        /// <summary>
+        /// Gets or sets the id of the storage account subscription.
+        /// </summary>
+        public Guid StorageAccountSubscriptionId { get; set; }
+
         /// <summary>
         /// Gets or sets the storage key type
         /// </summary>
diff --git a/src/ResourceManager/Sql/Commands.Sql/Auditing/Services/SqlAuditAdapter.cs b/src/ResourceManager/Sql/Commands.Sql/Auditing/Services/SqlAuditAdapter.cs
@@ -66,7 +66,7 @@ public class SqlAuditAdapter
         /// Caching the fetched storage account table name to prevent costly network interaction in cases it is not needed
         /// </summary>
         private string FetchedStorageAccountTableEndpoint { get; set; }
-        
+
 
         /// <summary>
         /// In cases when storage is not needed and not provided, there's no need to perform storage related network interaction that may fail
@@ -217,7 +217,7 @@ private void ModelizeDatabaseAuditPolicy(BlobAuditingPolicy policy, DatabaseBlob
         {
             var properties = policy.Properties;
             dbPolicyModel.AuditState = ModelizeAuditState(properties.State);
-            ModelizeStorageInfo(dbPolicyModel, properties.StorageEndpoint, properties.IsStorageSecondaryKeyInUse);
+            ModelizeStorageInfo(dbPolicyModel, properties.StorageEndpoint, properties.IsStorageSecondaryKeyInUse, properties.StorageAccountSubscriptionId);
             ModelizeAuditActionGroups(dbPolicyModel, properties.AuditActionsAndGroups);
             ModelizeAuditActions(dbPolicyModel, properties.AuditActionsAndGroups);
             ModelizeRetentionInfo(dbPolicyModel, properties.RetentionDays);
@@ -256,7 +256,7 @@ private void ModelizeRetentionInfo(BaseBlobAuditingPolicyModel model, int retent
             model.RetentionInDays = Convert.ToUInt32(retentionDays);
         }
 
-        private static void ModelizeStorageInfo(BaseBlobAuditingPolicyModel model, string storageEndpoint, bool isSecondary)
+        private static void ModelizeStorageInfo(BaseBlobAuditingPolicyModel model, string storageEndpoint, bool isSecondary, string storageAccountSubscriptionId)
         {
             if (string.IsNullOrEmpty(storageEndpoint))
             {
@@ -266,6 +266,7 @@ private static void ModelizeStorageInfo(BaseBlobAuditingPolicyModel model, strin
             var accountNameEndIndex = storageEndpoint.IndexOf(".blob", StringComparison.InvariantCultureIgnoreCase);
             model.StorageAccountName = storageEndpoint.Substring(accountNameStartIndex, accountNameEndIndex- accountNameStartIndex);
             model.StorageKeyType = (isSecondary) ? StorageKeyKind.Secondary : StorageKeyKind.Primary;
+            model.StorageAccountSubscriptionId = Guid.Parse(storageAccountSubscriptionId);
         }
 
         /// <summary>
@@ -289,7 +290,7 @@ private void ModelizeServerAuditPolicy(BlobAuditingPolicy policy, ServerBlobAudi
         {
             var properties = policy.Properties;
             serverPolicyModel.AuditState = ModelizeAuditState(properties.State);
-            ModelizeStorageInfo(serverPolicyModel, properties.StorageEndpoint, properties.IsStorageSecondaryKeyInUse);
+            ModelizeStorageInfo(serverPolicyModel, properties.StorageEndpoint, properties.IsStorageSecondaryKeyInUse, properties.StorageAccountSubscriptionId);
             ModelizeAuditActionGroups(serverPolicyModel, properties.AuditActionsAndGroups);
             ModelizeRetentionInfo(serverPolicyModel, properties.RetentionDays);
         }
@@ -470,9 +471,12 @@ private BlobAuditingCreateOrUpdateParameters PolicizeBlobAuditingModel(BaseBlobA
             if (!IgnoreStorage && (model.AuditState == AuditStateType.Enabled))
             {
                 properties.StorageEndpoint = ExtractStorageAccountName(model, storageEndpointSuffix);
-                properties.StorageAccountAccessKey = ExtractStorageAccountKey(model.StorageAccountName, model.StorageKeyType);
+                properties.StorageAccountAccessKey = Guid.Empty.Equals(model.StorageAccountSubscriptionId) || Context.Subscription.GetId().Equals(model.StorageAccountSubscriptionId) ?
+                    ExtractStorageAccountKey(model.StorageAccountName, model.StorageKeyType) :
+                    ExtractStorageAccountKey(model.StorageAccountSubscriptionId, model.StorageAccountName, model.StorageKeyType);
                 properties.IsStorageSecondaryKeyInUse = model.StorageKeyType == StorageKeyKind.Secondary;
-                properties.StorageAccountSubscriptionId = ExtractStorageAccountSubscriptionId(model.StorageAccountName);
+                properties.StorageAccountSubscriptionId = Guid.Empty.Equals(model.StorageAccountSubscriptionId) ?
+                    ExtractStorageAccountSubscriptionId(model.StorageAccountName) : model.StorageAccountSubscriptionId.ToString();
             }
             properties.AuditActionsAndGroups = ExtractAuditActionsAndGroups(model);
             if (model.RetentionInDays != null)
@@ -620,6 +624,11 @@ private string ExtractStorageAccountResourceGroup(string storageName)
             return AzureCommunicator.GetStorageResourceGroup(storageName);
         }
 
+        private string ExtractStorageAccountKey(Guid storageAccountSubscriptionId, string storageAccountName, StorageKeyKind storageKeyKind)
+        {
+            return AzureCommunicator.RetrieveStorageKeys(storageAccountSubscriptionId, storageAccountName)[storageKeyKind];
+        }
+
         /// <summary>
         /// Extracts the storage account requested key
         /// </summary>
diff --git a/src/ResourceManager/Sql/Commands.Sql/Common/AzureEndpointsCommunicator.cs b/src/ResourceManager/Sql/Commands.Sql/Common/AzureEndpointsCommunicator.cs
@@ -25,6 +25,7 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Net.Http;
+using System.Text;
 using System.Threading;
 using System.Threading.Tasks;
 
@@ -234,5 +235,140 @@ private ResourceManagementClient GetCurrentResourcesClient(IAzureContext context
             }
             return ResourcesClient;
         }
+
+        /// <summary>
+        /// Retrieves storage keys.
+        /// </summary>
+        /// <param name="storageAccountSubscriptionId">Storage account subscription id</param>
+        /// <param name="storageAccountName">Storage account name</param>
+        /// <returns>Dictionary containing storage keys</returns>
+        internal Dictionary<StorageKeyKind, string> RetrieveStorageKeys(Guid storageAccountSubscriptionId, string storageAccountName)
+        {
+            // Retrieve the id of the storage account.
+            //
+            string storageAccountId = RetrieveStorageAccountIdAsync(storageAccountSubscriptionId, storageAccountName).GetAwaiter().GetResult();
+
+            // Extract storage account keys. 
+            //
+            return RetrieveStorageKeysAsync(storageAccountId).GetAwaiter().GetResult();
+        }
+
+        /// <summary>
+        /// Retrieves storage account keys.
+        /// </summary>
+        /// <param name="storageAccountId">Storage account id</param>
+        /// <returns>Dictionary containing storage keys</returns>
+        private async Task<Dictionary<StorageKeyKind, string>> RetrieveStorageKeysAsync(string storageAccountId)
+        {
+            bool isClassicStorage = storageAccountId.Contains("Microsoft.ClassicStorage/storageAccounts");
+
+            // Build a URI for calling corresponding REST-API
+            //
+            StringBuilder uriBuilder = new StringBuilder(Context.Environment.GetEndpointAsUri(AzureEnvironment.Endpoint.ResourceManager).ToString());
+            uriBuilder.AppendFormat("{0}/listKeys?api-version={1}",
+                storageAccountId,
+                isClassicStorage ? "2016-11-01" : "2017-06-01");
+
+            // Define an exception to be thrown on failure.
+            //
+            Exception exception = new Exception(string.Format(Properties.Resources.RetrievingStorageAccountKeysFailed, storageAccountId));
+
+            // Call the URI and get storage account keys.
+            //
+            JToken storageAccountKeysResponse = await SendAsync(uriBuilder.ToString(), HttpMethod.Post, exception);
+
+            // Extract keys out of response.
+            //
+            Dictionary<StorageKeyKind, string> storageAccountKeys = new Dictionary<StorageKeyKind, string>();
+            string primaryKey = null;
+            string secondaryKey = null;
+            if (isClassicStorage)
+            {
+                primaryKey = (string)storageAccountKeysResponse["primaryKey"];
+                secondaryKey = (string)storageAccountKeysResponse["secondaryKey"];
+            }
+            else
+            {
+                JArray storageAccountKeysArray = (JArray)storageAccountKeysResponse["keys"];
+                if (storageAccountKeysArray == null)
+                {
+                    throw exception;
+                }
+
+                primaryKey = (string)storageAccountKeysArray[0]["value"];
+                secondaryKey = (string)storageAccountKeysArray[1]["value"];
+            }
+
+            if (string.IsNullOrEmpty(primaryKey) || string.IsNullOrEmpty(secondaryKey))
+            {
+                throw exception;
+            }
+
+            storageAccountKeys.Add(StorageKeyKind.Primary, primaryKey);
+            storageAccountKeys.Add(StorageKeyKind.Secondary, secondaryKey);
+            return storageAccountKeys;
+        }
+
+        /// <summary>
+        /// Retrieves id of a storage account
+        /// </summary>
+        /// <param name="storageAccountSubscriptionId">Storage account subscription id</param>
+        /// <param name="storageAccountName">Storage account name</param>
+        /// <returns>Id of the storage account</returns>
+        private async Task<string> RetrieveStorageAccountIdAsync(Guid storageAccountSubscriptionId, string storageAccountName)
+        {
+            // Build a URI for calling corresponding REST-API.
+            //
+            StringBuilder uriBuilder = new StringBuilder(Context.Environment.GetEndpointAsUri(AzureEnvironment.Endpoint.ResourceManager).ToString());
+            uriBuilder.AppendFormat("/resources?api-version=2018-05-01&$filter=(subscriptionId%20eq%20'{0}')%20and%20((resourceType%20eq%20'microsoft.storage/storageaccounts')%20or%20(resourceType%20eq%20'microsoft.classicstorage/storageaccounts'))%20and%20(name%20eq%20'{1}')",
+                storageAccountSubscriptionId,
+                storageAccountName);
+            string nextLink = uriBuilder.ToString();
+            JToken response = null;
+
+            while (!string.IsNullOrEmpty(nextLink))
+            {
+                response = await SendAsync(nextLink, HttpMethod.Get, new Exception(string.Format(Properties.Resources.RetrievingStorageAccountIdUnderSubscriptionFailed, storageAccountName, storageAccountSubscriptionId)));
+                nextLink = (string)response["nextLink"];
+            }
+
+            JArray valuesArray = (JArray)response["value"];
+            if (!valuesArray.HasValues)
+            {
+                throw new Exception(string.Format(Properties.Resources.StorageAccountNotFound, storageAccountName));
+            }
+
+            JToken idValueToken = valuesArray[0];
+            string id = (string)idValueToken["id"];
+            if (string.IsNullOrEmpty(id))
+            {
+                throw new Exception(string.Format(Properties.Resources.RetrievingStorageAccountIdUnderSubscriptionFailed, storageAccountName, storageAccountSubscriptionId));
+            }
+
+            return id;
+        }
+
+        /// <summary>
+        /// Sends an async HTTP request.
+        /// </summary>
+        /// <param name="url">URL of the request.</param>
+        /// <param name="method">Http method.</param>
+        /// <param name="exceptionToThrowOnFailure">Exception to be thrown if request did not succeed.</param>
+        /// <returns>Response of the request.</returns>
+        private async Task<JToken> SendAsync(string url, HttpMethod method, Exception exceptionToThrowOnFailure)
+        {
+            ResourceManagementClient client = GetCurrentResourcesClient(Context);
+            HttpRequestMessage httpRequest = new HttpRequestMessage();
+            httpRequest.Method = method;
+            httpRequest.RequestUri = new Uri(url);
+            await client.Credentials.ProcessHttpRequestAsync(httpRequest, CancellationToken.None).ConfigureAwait(false);
+            HttpResponseMessage httpResponse = await client.HttpClient.SendAsync(httpRequest, CancellationToken.None).ConfigureAwait(false);
+            if (!httpResponse.IsSuccessStatusCode)
+            {
+                throw exceptionToThrowOnFailure;
+            }
+
+            return JToken.Parse(await httpResponse.Content.ReadAsStringAsync().ConfigureAwait(false));
+        }
     }
 }
diff --git a/src/ResourceManager/Sql/Commands.Sql/Properties/Resources.Designer.cs b/src/ResourceManager/Sql/Commands.Sql/Properties/Resources.Designer.cs
diff --git a/src/ResourceManager/Sql/Commands.Sql/Properties/Resources.resx b/src/ResourceManager/Sql/Commands.Sql/Properties/Resources.resx
@@ -408,4 +408,10 @@
   <data name="RemoveAzureSqlDatabaseLongTermRetentionBackupWarning" xml:space="preserve">
     <value>Are you sure you want to remove the Long Term Retention backup '{0}' on database '{1}' on server '{2}' in location '{3}'?</value>
   </data>
+  <data name="RetrievingStorageAccountIdUnderSubscriptionFailed" xml:space="preserve">
+    <value>Failed retrieving id of storage account '{0}' under subscription '{1}'.</value>
+  </data>
+  <data name="RetrievingStorageAccountKeysFailed" xml:space="preserve">
+    <value>Failed retrieving keys of storage '{0}'.</value>
+  </data>
 </root>
