Merge pull request Azure#1256 from yaakoviyun/dev

Threat Detection new API + data masking chganges

Author: markcowl

ChangeLog.md

@@ -1,3 +1,8 @@
+* Azure SQL Database: new cmdlets for managing database threat detection policies:
+  * Get-AzureRmSqlDatabaseThreatDetectionPolicy
+  * Set-AzureRmSqlDatabaseThreatDetectionPolicy
+  * Remove-AzureRmSqlDatabaseThreatDetectionPolicy
+  
 ## 2015.11.09 version 1.0.1
 * Azure Compute
   * Added cmdlets for managing VM DiskEncryption extension

src/ResourceManager/Sql/Commands.Sql.Test/Commands.Sql.Test.csproj

@@ -73,7 +73,7 @@
       <Private>True</Private>
     </Reference>
     <Reference Include="Microsoft.Azure.Management.Sql">
-      <HintPath>..\..\..\packages\Microsoft.Azure.Management.Sql.0.39.0-prerelease\lib\net40\Microsoft.Azure.Management.Sql.dll</HintPath>
+      <HintPath>..\..\..\packages\Microsoft.Azure.Management.Sql.0.41.0-prerelease\lib\net40\Microsoft.Azure.Management.Sql.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Azure.Management.Storage">
       <HintPath>..\..\..\packages\Microsoft.Azure.Management.Storage.2.4.0-preview\lib\net40\Microsoft.Azure.Management.Storage.dll</HintPath>
@@ -189,11 +189,15 @@
       <DesignTime>True</DesignTime>
       <DependentUpon>Resources.resx</DependentUpon>
     </Compile>
+    <Compile Include="ScenarioTests\ThreatDetectionTests.cs" />
     <Compile Include="ScenarioTests\DatabaseActivationTests.cs" />
     <Compile Include="ScenarioTests\DatabaseBackupTests.cs" />
     <Compile Include="ScenarioTests\DatabaseReplicationTests.cs" />
     <Compile Include="ScenarioTests\DatabaseCrudTests.cs" />
     <Compile Include="ScenarioTests\DataMaskingTests.cs" />
+    <None Include="ScenarioTests\ThreatDetectionTests.ps1">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </None>
     <None Include="ScenarioTests\DatabaseReplicationTests.ps1">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>
@@ -445,10 +449,7 @@
     <None Include="SessionRecords\Microsoft.Azure.Commands.Sql.Test.ScenarioTests.DataMaskingTests\TestDatabaseDataMaskingNumberRuleLifecycle.json">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </None>
-    <None Include="SessionRecords\Microsoft.Azure.Commands.Sql.Test.ScenarioTests.DataMaskingTests\TestDatabaseDataMaskingPolicyEnablementToggling.json">
-      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
-    </None>
-    <None Include="SessionRecords\Microsoft.Azure.Commands.Sql.Test.ScenarioTests.DataMaskingTests\TestDatabaseDataMaskingPrivilegedLoginsChanges.json">
+    <None Include="SessionRecords\Microsoft.Azure.Commands.Sql.Test.ScenarioTests.DataMaskingTests\TestDatabaseDataMaskingPrivilegedUsersChanges.json">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </None>
     <None Include="SessionRecords\Microsoft.Azure.Commands.Sql.Test.ScenarioTests.DataMaskingTests\TestDatabaseDataMaskingRuleCreationFailures.json">
@@ -514,6 +515,11 @@
     <None Include="SessionRecords\Microsoft.Azure.Commands.Sql.Test.ScenarioTests.ServerCrudTests\TestServerUpdate.json">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>
+    <None Include="SessionRecords\Microsoft.Azure.Commands.Sql.Test.ScenarioTests.ThreatDetectionTests\DisablingThreatDetection.json" />
+    <None Include="SessionRecords\Microsoft.Azure.Commands.Sql.Test.ScenarioTests.ThreatDetectionTests\InvalidArgumentsThreatDetection.json" />
+    <None Include="SessionRecords\Microsoft.Azure.Commands.Sql.Test.ScenarioTests.ThreatDetectionTests\ThreatDetectionDatabaseGetDefualtPolicy.json" />
+    <None Include="SessionRecords\Microsoft.Azure.Commands.Sql.Test.ScenarioTests.ThreatDetectionTests\ThreatDetectionDatabaseUpdatePolicy.json" />
+    <None Include="SessionRecords\Microsoft.Azure.Commands.Sql.Test.ScenarioTests.ThreatDetectionTests\ThreatDetectionOnV2Server.json" />
     <None Include="SessionRecords\Microsoft.Azure.Commands.Sql.Test.ScenarioTests.TransparentDataEncryptionCrudTests\TestDatabaseTransparentDataEncryptionGet.json">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>

src/ResourceManager/Sql/Commands.Sql.Test/ScenarioTests/AuditingTests.cs

@@ -22,17 +22,6 @@ namespace Microsoft.Azure.Commands.Sql.Test.ScenarioTests
 {
     public class AuditingTests : SqlTestsBase
     {
-        protected Microsoft.Azure.Management.Storage.StorageManagementClient GetStorageV2Client()
-        {
-            var client = TestBase.GetServiceClient<Microsoft.Azure.Management.Storage.StorageManagementClient>(new CSMTestEnvironmentFactory());
-            if (HttpMockServer.Mode == HttpRecorderMode.Playback)
-            {
-                client.LongRunningOperationInitialTimeout = 0;
-                client.LongRunningOperationRetryTimeout = 0;
-            }
-            return client;
-        }
-
         protected override void SetupManagementClients()
         {
             var sqlCSMClient = GetSqlClient();

src/ResourceManager/Sql/Commands.Sql.Test/ScenarioTests/Common.ps1

@@ -25,6 +25,19 @@ function Get-SqlAuditingTestEnvironmentParameters ($testSuffix)
 			  }
 }
 
+<#
+.SYNOPSIS
+Gets the values of the parameters used at the threat detection tests
+#>
+function Get-SqlThreatDetectionTestEnvironmentParameters ($testSuffix)
+{
+	return @{ rgname = "sql-td-cmdlet-test-rg" +$testSuffix;
+			  serverName = "sql-td-cmdlet-server" +$testSuffix;
+			  databaseName = "sql-td-cmdlet-db" + $testSuffix;
+			  storageAccount = "tdcmdlets" +$testSuffix
+			  }
+}
+
 <#
 .SYNOPSIS
 Gets the values of the parameters used by the data masking tests
@@ -78,6 +91,28 @@ function Create-TestEnvironmentWithStorageV2 ($testSuffix)
 	New-AzureRmStorageAccount -Name $params.storageAccount -Location "West US" -ResourceGroupName $params.rgname -Type "Standard_GRS"
 }
 
+<#
+.SYNOPSIS
+Creates the test environment needed to perform the Sql threat detection tests, while using storage  V2 as the used storage account
+#>
+function Create-ThreatDetectionTestEnvironmentWithStorageV2 ($testSuffix, $serverVersion = "12.0")
+{
+	$params = Get-SqlThreatDetectionTestEnvironmentParameters $testSuffix
+	New-AzureRmResourceGroup -Name $params.rgname -Location "Australia East" -Force
+
+    if ($serverVersion -eq "12.0")
+    {
+        New-AzureRmResourceGroupDeployment -ResourceGroupName $params.rgname -TemplateFile ".\Templates\sql-ddm-test-env-setup.json" -serverName $params.serverName -databaseName $params.databaseName -EnvLocation "Australia East" -Force
+     	New-AzureRmStorageAccount -Name $params.storageAccount -Location "Australia East" -ResourceGroupName $params.rgname -Type "Standard_GRS"
+    }
+
+    if ($serverVersion -eq "2.0")
+    {
+        New-AzureRmResourceGroupDeployment -ResourceGroupName $params.rgname -TemplateFile ".\Templates\sql-audit-test-env-setup.json" -serverName $params.serverName -databaseName $params.databaseName -EnvLocation "Australia East" -Force
+    	New-AzureRmStorageAccount -Name $params.storageAccount -Location "West US" -ResourceGroupName $params.rgname -Type "Standard_GRS"
+    }
+}
+
 <#
 .SYNOPSIS
 Creates the test environment needed to perform the Sql data masking tests
@@ -214,8 +249,24 @@ function Remove-TestEnvironment ($testSuffix)
 {
 	try
 	{
-	$params = Get-SqlAuditingTestEnvironmentParameters $testSuffix
-	Azure\Remove-AzureRmStorageAccount -StorageAccountName $params.storageAccount
+	    $params = Get-SqlAuditingTestEnvironmentParameters $testSuffix
+	    Azure\Remove-AzureRmStorageAccount -StorageAccountName $params.storageAccount
+	}
+	catch
+	{
+	}
+}
+
+<#
+.SYNOPSIS
+Removes the test environment that was needed to perform the Sql threat detection tests
+#>
+function Remove-ThreatDetectionTestEnvironment ($testSuffix)
+{
+	try
+	{
+	    $params = Get-SqlThreatDetectionTestEnvironmentParameters $testSuffix
+	    Azure\Remove-AzureRmStorageAccount -StorageAccountName $params.storageAccount
 	}
 	catch
 	{

src/ResourceManager/Sql/Commands.Sql.Test/ScenarioTests/DataMaskingTests.cs

@@ -20,19 +20,11 @@ namespace Microsoft.Azure.Commands.Sql.Test.ScenarioTests
 {
     public class DataMaskingTests : SqlTestsBase
     {
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.BVT)]
-        public void TestDatabaseDataMaskingPolicyEnablementToggling()
-        {
-            RunPowerShellTest("Test-DatabaseDataMaskingPolicyEnablementToggling");
-        }
-
         [Fact]
         [Trait(Category.AcceptanceType, Category.BVT)]
-        public void TestDatabaseDataMaskingPrivilegedLoginsChanges()
+        public void TestDatabaseDataMaskingPrivilegedUsersChanges()
         {
-            RunPowerShellTest("Test-DatabaseDataMaskingPrivilegedLoginsChanges");
+            RunPowerShellTest("Test-DatabaseDataMaskingPrivilegedUsersChanges");
         }
 
         [Fact]

src/ResourceManager/Sql/Commands.Sql.Test/ScenarioTests/DataMaskingTests.ps1

@@ -12,65 +12,11 @@
 # limitations under the License.
 # ----------------------------------------------------------------------------------
 
-<#
-.SYNOPSIS
-Tests  toggling of the enablement property of a data masking policy 
-#>
-function Test-DatabaseDataMaskingPolicyEnablementToggling 
-{
-	# Setup
-	$testSuffix = 77732
-	$params = Create-DataMaskingTestEnvironment $testSuffix
-
-	try
-	{
-		# Test create as enabled
-		Set-AzureRmSqlDatabaseDataMaskingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName  -DatabaseName $params.databaseName -DataMaskingState "Enabled" 
-		$policy = Get-AzureRmSqlDatabaseDataMaskingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName  -DatabaseName $params.databaseName
-	
-		# Assert
-		Assert-AreEqual $policy.DataMaskingState  "Enabled"
-
-		# Test update from enabled to enabled
-		Set-AzureRmSqlDatabaseDataMaskingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName  -DatabaseName $params.databaseName -DataMaskingState "Enabled" 
-		$policy = Get-AzureRmSqlDatabaseDataMaskingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName  -DatabaseName $params.databaseName
-	
-		# Assert
-		Assert-AreEqual $policy.DataMaskingState  "Enabled"
-
-
-		# Test update from enabled to disabled
-		Set-AzureRmSqlDatabaseDataMaskingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName  -DatabaseName $params.databaseName -DataMaskingState "Disabled" 
-		$policy = Get-AzureRmSqlDatabaseDataMaskingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName  -DatabaseName $params.databaseName
-	
-		# Assert
-		Assert-AreEqual $policy.DataMaskingState  "Disabled"
-
-		# Test update from disabled to disabled
-		Set-AzureRmSqlDatabaseDataMaskingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName  -DatabaseName $params.databaseName -DataMaskingState "Disabled" 
-		$policy = Get-AzureRmSqlDatabaseDataMaskingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName  -DatabaseName $params.databaseName
-	
-		# Assert
-		Assert-AreEqual $policy.DataMaskingState  "Disabled"
-
-		# Test update from disabled to enabled
-		Set-AzureRmSqlDatabaseDataMaskingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName  -DatabaseName $params.databaseName -DataMaskingState "Enabled" 
-		$policy = Get-AzureRmSqlDatabaseDataMaskingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName  -DatabaseName $params.databaseName
-	
-		# Assert
-		Assert-AreEqual $policy.DataMaskingState  "Enabled"
-	}
-	finally
-	{
-		# Cleanup
-	}
-}
-
 <#
 .SYNOPSIS
 Tests changes of the privileged logins property of a data masking policy 
 #>
-function Test-DatabaseDataMaskingPrivilegedLoginsChanges
+function Test-DatabaseDataMaskingPrivilegedUsersChanges
 {
 
 	# Setup
@@ -79,48 +25,48 @@ function Test-DatabaseDataMaskingPrivilegedLoginsChanges
 
 	try
 	{
-		# Test create as enabled
-		Set-AzureRmSqlDatabaseDataMaskingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName  -DatabaseName $params.databaseName -DataMaskingState "Enabled" 
+		# Defualt policy should be in disabled state
 		$policy = Get-AzureRmSqlDatabaseDataMaskingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName  -DatabaseName $params.databaseName
 
 		# Assert
-		Assert-AreEqual $policy.DataMaskingState  "Enabled"
+		Assert-AreEqual "Disabled" $policy.DataMaskingState
 
 
 		# Test adding a privileged login
-		Set-AzureRmSqlDatabaseDataMaskingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName  -DatabaseName $params.databaseName -PrivilegedLogins "dbo" 
+		Set-AzureRmSqlDatabaseDataMaskingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName  -DatabaseName $params.databaseName -PrivilegedUsers "public" -DataMaskingState "Enabled"
 		$policy = Get-AzureRmSqlDatabaseDataMaskingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName  -DatabaseName $params.databaseName
 
 		# Assert
-		Assert-AreEqual $policy.PrivilegedLogins  "dbo"
+		Assert-AreEqual "public;" $policy.PrivilegedUsers
+		Assert-AreEqual "Enabled" $policy.DataMaskingState
 
 		# Test removing a privileged login while having enabled policy
-		Set-AzureRmSqlDatabaseDataMaskingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName  -DatabaseName $params.databaseName -PrivilegedLogins "" 
+		Set-AzureRmSqlDatabaseDataMaskingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName  -DatabaseName $params.databaseName -PrivilegedUsers "" 
 		$policy = Get-AzureRmSqlDatabaseDataMaskingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName  -DatabaseName $params.databaseName
 
 		# Assert
-		Assert-AreEqual $policy.PrivilegedLogins  ""
+	    Assert-AreEqual "" $policy.PrivilegedUsers
 
 		# Test disabling a policy
 		Set-AzureRmSqlDatabaseDataMaskingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName  -DatabaseName $params.databaseName -DataMaskingState "Disabled" 
 		$policy = Get-AzureRmSqlDatabaseDataMaskingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName  -DatabaseName $params.databaseName
 
 		# Assert
-		Assert-AreEqual $policy.PrivilegedLogins  ""
+	    Assert-AreEqual "" $policy.PrivilegedUsers
 
 		# Test adding a privileged login while being disabled
-		Set-AzureRmSqlDatabaseDataMaskingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName  -DatabaseName $params.databaseName -PrivilegedLogins "dbo" 
+		Set-AzureRmSqlDatabaseDataMaskingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName  -DatabaseName $params.databaseName -PrivilegedUsers "public" 
 		$policy = Get-AzureRmSqlDatabaseDataMaskingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName  -DatabaseName $params.databaseName
 
 		# Assert
-		Assert-AreEqual $policy.PrivilegedLogins  "dbo"
+		Assert-AreEqual "" $policy.PrivilegedUsers
 
 		# Test removing a privileged login while being disabled
-		Set-AzureRmSqlDatabaseDataMaskingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName  -DatabaseName $params.databaseName -PrivilegedLogins ""  
+		Set-AzureRmSqlDatabaseDataMaskingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName  -DatabaseName $params.databaseName -PrivilegedUsers ""  
 		$policy = Get-AzureRmSqlDatabaseDataMaskingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName  -DatabaseName $params.databaseName
 
 		# Assert
-		Assert-AreEqual $policy.PrivilegedLogins ""
+		Assert-AreEqual "" $policy.PrivilegedUsers
 	}
 	finally
 	{
@@ -199,7 +145,6 @@ function Test-DatabaseDataMaskingBasicRuleLifecycle
 	}
 }
 
-
 <#
 .SYNOPSIS
 Tests the lifecycle of a data masking rule with numerical masking function 

src/ResourceManager/Sql/Commands.Sql.Test/ScenarioTests/SqlTestsBase.cs

@@ -157,5 +157,18 @@ protected GraphRbacManagementClient GetGraphClient()
 
             return TestBase.GetGraphServiceClient<GraphRbacManagementClient>(testFactory, tenantId);
         }
+
+        protected Management.Storage.StorageManagementClient GetStorageV2Client()
+        {
+            var client =
+                TestBase.GetServiceClient<Management.Storage.StorageManagementClient>(new CSMTestEnvironmentFactory());
+
+            if (HttpMockServer.Mode == HttpRecorderMode.Playback)
+            {
+                client.LongRunningOperationInitialTimeout = 0;
+                client.LongRunningOperationRetryTimeout = 0;
+            }
+            return client;
+        }
     }
 }

src/ResourceManager/Sql/Commands.Sql.Test/ScenarioTests/ThreatDetectionTests.cs

@@ -0,0 +1,69 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using Microsoft.Azure.Commands.ScenarioTest.SqlTests;
+using Microsoft.WindowsAzure.Commands.ScenarioTest;
+using Xunit;
+
+namespace Microsoft.Azure.Commands.Sql.Test.ScenarioTests
+{
+    public class ThreatDetectionTests : SqlTestsBase
+    {
+        protected override void SetupManagementClients()
+        {
+            var sqlCSMClient = GetSqlClient();
+            var storageClient = GetStorageClient();
+            var storageV2Client = GetStorageV2Client();
+            var resourcesClient = GetResourcesClient();
+            var authorizationClient = GetAuthorizationManagementClient();
+            helper.SetupSomeOfManagementClients(sqlCSMClient, storageClient, storageV2Client, resourcesClient,
+                authorizationClient);
+        }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.Sql)]
+        public void ThreatDetectionDatabaseGetDefualtPolicy()
+        {
+            RunPowerShellTest("Test-ThreatDetectionDatabaseGetDefualtPolicy");
+        }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.Sql)]
+        public void ThreatDetectionDatabaseUpdatePolicy()
+        {
+            RunPowerShellTest("Test-ThreatDetectionDatabaseUpdatePolicy");
+        }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.Sql)]
+        public void DisablingThreatDetection()
+        {
+            RunPowerShellTest("Test-DisablingThreatDetection");
+        }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.Sql)]
+        public void InvalidArgumentsThreatDetection()
+        {
+            RunPowerShellTest("Test-InvalidArgumentsThreatDetection");
+        }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.Sql)]
+        public void ThreatDetectionOnV2Server()
+        {
+            RunPowerShellTest("Test-ThreatDetectionOnV2Server");
+        }
+    }
+}