Skip to content

Commit 9601aed

Browse files
cormacpaynecormacpayne
authored
Merge pull request Azure#5052 from yaakoviyun/dev
SQL Auditing fixes
2 parents a941617 + 5077d12 commit 9601aed

File tree

6 files changed

+5029
-26303
lines changed

6 files changed

+5029
-26303
lines changed

src/ResourceManager/Sql/ChangeLog.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,10 @@
1919
-->
2020
## Current Release
2121
* Added ability to rename database using Set-AzureRmSqlDatabase
22+
* Fixed issue https://github.com/Azure/azure-powershell/issues/5046
23+
- AuditAction parameter in auditing cmdlets is no longer being ignored
24+
* Fixed an issue in Auditing cmdlets when 'Secondary' StorageKeyType is provided
25+
- When setting blob auditing, the primary storage account key was used instead of the secondary key when providing 'Secondary' value for StorageKeyType parameter.
2226

2327
## Version 4.0.1
2428
* Fixed assembly loading issue that caused some cmdlets to fail when executing

src/ResourceManager/Sql/Commands.Sql.Test/ScenarioTests/AuditingTests.ps1

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -930,18 +930,18 @@ function Test-BlobAuditingOnDatabase
930930
Assert-True { $policy.StorageKeyType -eq "Primary"}
931931

932932
# Test
933-
Set-AzureRmSqlDatabaseAuditingPolicy -AuditType Blob -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount -StorageKeyType "Secondary" -AuditActionGroup "SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP", "FAILED_DATABASE_AUTHENTICATION_GROUP" -RetentionInDays 8
933+
Set-AzureRmSqlDatabaseAuditingPolicy -AuditType Blob -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount -StorageKeyType "Secondary" -AuditActionGroup "SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP", "FAILED_DATABASE_AUTHENTICATION_GROUP" -RetentionInDays 8 -AuditAction "UPDATE ON database::[$($params.databaseName)] BY [public]"
934934
$policy = Get-AzureRmSqlDatabaseAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName
935935

936936
# Assert
937937
Assert-AreEqual $policy.AuditState "Enabled"
938938
Assert-AreEqual $policy.AuditActionGroup.Length 2
939939
Assert-True {$policy.AuditActionGroup.Contains([Microsoft.Azure.Commands.Sql.Auditing.Model.AuditActionGroups]::SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP)}
940940
Assert-True {$policy.AuditActionGroup.Contains([Microsoft.Azure.Commands.Sql.Auditing.Model.AuditActionGroups]::FAILED_DATABASE_AUTHENTICATION_GROUP)}
941-
Assert-AreEqual $policy.AuditAction.Length 0
942941
Assert-AreEqual $policy.RetentionInDays 8
943942
Assert-True { $policy.StorageKeyType -eq "Secondary"}
944-
943+
Assert-AreEqual $policy.AuditAction.Length 1
944+
Assert-AreEqual $policy.AuditAction "UPDATE ON database::[$($params.databaseName)] BY [public]"
945945

946946
# Test
947947
Remove-AzureRmSqlDatabaseAuditing -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName

src/ResourceManager/Sql/Commands.Sql.Test/ScenarioTests/BlobAuditingTests.ps1

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -517,25 +517,26 @@ function Test-BlobAuditingOnDatabase
517517
Assert-True { $policy.StorageKeyType -eq "Primary"}
518518

519519
# Test
520-
Set-AzureRmSqlDatabaseAuditing -State Enabled -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount -StorageKeyType "Secondary" -AuditActionGroup "SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP", "FAILED_DATABASE_AUTHENTICATION_GROUP" -RetentionInDays 8
520+
Set-AzureRmSqlDatabaseAuditing -State Enabled -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount -StorageKeyType "Secondary" -AuditActionGroup "SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP", "FAILED_DATABASE_AUTHENTICATION_GROUP" -RetentionInDays 8 -AuditAction "UPDATE ON database::[$($params.databaseName)] BY [public]"
521521
$policy = Get-AzureRmSqlDatabaseAuditing -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName
522522

523523
# Assert
524524
Assert-AreEqual $policy.AuditState "Enabled"
525525
Assert-AreEqual $policy.AuditActionGroup.Length 2
526526
Assert-True {$policy.AuditActionGroup.Contains([Microsoft.Azure.Commands.Sql.Auditing.Model.AuditActionGroups]::SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP)}
527527
Assert-True {$policy.AuditActionGroup.Contains([Microsoft.Azure.Commands.Sql.Auditing.Model.AuditActionGroups]::FAILED_DATABASE_AUTHENTICATION_GROUP)}
528-
Assert-AreEqual $policy.AuditAction.Length 0
529528
Assert-AreEqual $policy.RetentionInDays 8
530529
Assert-True { $policy.StorageKeyType -eq "Secondary"}
530+
Assert-AreEqual $policy.AuditAction.Length 1
531+
Assert-AreEqual $policy.AuditAction "UPDATE ON database::[$($params.databaseName)] BY [public]"
531532

532533
# Test
533534
Set-AzureRmSqlDatabaseAuditing -State Disabled -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName
534535
$policy = Get-AzureRmSqlDatabaseAuditing -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName
535536

536537
# Assert
537538
Assert-AreEqual $policy.AuditState "Disabled"
538-
Assert-AreEqual $policy.AuditAction.Length 0
539+
Assert-AreEqual $policy.AuditAction.Length 1
539540
}
540541
finally
541542
{

0 commit comments

Comments
 (0)