Skip to content

Commit b12f163

Browse files
yaakoviyunyaakoviyun
yaakoviyun
authored and
yaakoviyun
committed
Changing Audit Events
Changing Audit Events
1 parent 3a00b46 commit b12f163

File tree

6 files changed

+139
-70
lines changed

6 files changed

+139
-70
lines changed

src/ResourceManager/Sql/Commands.Sql.Test/ScenarioTests/SecurityTests.ps1

Lines changed: 24 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -153,17 +153,17 @@ function Test-DatabaseUpdatePolicyWithEventTypes
153153
$policy = Get-AzureSqlDatabaseAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName
154154

155155
# Assert
156-
Assert-AreEqual $policy.EventType.Length 5
156+
Assert-AreEqual $policy.EventType.Length 10
157157

158158
# Test
159-
Set-AzureSqlDatabaseAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount -EventType "DataAccess","DataChanges","RevokePermissions"
159+
Set-AzureSqlDatabaseAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount -EventType "PlainSQL_Success","ParameterizedSQL_Success","ParameterizedSQL_Failure"
160160
$policy = Get-AzureSqlDatabaseAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName
161161

162162
# Assert
163163
Assert-AreEqual $policy.EventType.Length 3
164-
Assert-True {$policy.EventType.Contains([Microsoft.Azure.Commands.Sql.Security.Model.AuditEventType]::DataAccess)}
165-
Assert-True {$policy.EventType.Contains([Microsoft.Azure.Commands.Sql.Security.Model.AuditEventType]::DataChanges)}
166-
Assert-True {$policy.EventType.Contains([Microsoft.Azure.Commands.Sql.Security.Model.AuditEventType]::RevokePermissions)}
164+
Assert-True {$policy.EventType.Contains([Microsoft.Azure.Commands.Sql.Security.Model.AuditEventType]::PlainSQL_Success)}
165+
Assert-True {$policy.EventType.Contains([Microsoft.Azure.Commands.Sql.Security.Model.AuditEventType]::ParameterizedSQL_Success)}
166+
Assert-True {$policy.EventType.Contains([Microsoft.Azure.Commands.Sql.Security.Model.AuditEventType]::ParameterizedSQL_Failure)}
167167

168168
# Test
169169
Set-AzureSqlDatabaseAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount -EventType "None"
@@ -197,18 +197,18 @@ function Test-ServerUpdatePolicyWithEventTypes
197197
$policy = Get-AzureSqlDatabaseServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName
198198

199199
# Assert
200-
Assert-AreEqual $policy.EventType.Length 5
200+
Assert-AreEqual $policy.EventType.Length 10
201201

202202
# Test
203-
Set-AzureSqlDatabaseServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -StorageAccountName $params.storageAccount -EventType "DataAccess","DataChanges","RevokePermissions"
203+
Set-AzureSqlDatabaseServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -StorageAccountName $params.storageAccount -EventType "PlainSQL_Success","ParameterizedSQL_Success","ParameterizedSQL_Failure"
204204
$policy = Get-AzureSqlDatabaseServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName
205205

206206
# Assert
207207
Assert-AreEqual $policy.EventType.Length 3
208208

209-
Assert-True {$policy.EventType.Contains([Microsoft.Azure.Commands.Sql.Security.Model.AuditEventType]::DataAccess)}
210-
Assert-True {$policy.EventType.Contains([Microsoft.Azure.Commands.Sql.Security.Model.AuditEventType]::DataChanges)}
211-
Assert-True {$policy.EventType.Contains([Microsoft.Azure.Commands.Sql.Security.Model.AuditEventType]::RevokePermissions)}
209+
Assert-True {$policy.EventType.Contains([Microsoft.Azure.Commands.Sql.Security.Model.AuditEventType]::PlainSQL_Success)}
210+
Assert-True {$policy.EventType.Contains([Microsoft.Azure.Commands.Sql.Security.Model.AuditEventType]::ParameterizedSQL_Success)}
211+
Assert-True {$policy.EventType.Contains([Microsoft.Azure.Commands.Sql.Security.Model.AuditEventType]::ParameterizedSQL_Failure)}
212212

213213
# Test
214214
Set-AzureSqlDatabaseServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -StorageAccountName $params.storageAccount -EventType "None"
@@ -242,14 +242,14 @@ function Test-DatabaseUpdatePolicyWithEventTypeShortcuts
242242
$policy = Get-AzureSqlDatabaseAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName
243243

244244
# Assert
245-
Assert-AreEqual $policy.EventType.Length 5
245+
Assert-AreEqual $policy.EventType.Length 10
246246

247247
# Test
248248
Set-AzureSqlDatabaseAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount -EventType "All"
249249
$policy = Get-AzureSqlDatabaseAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName
250250

251251
# Assert
252-
Assert-AreEqual $policy.EventType.Length 5
252+
Assert-AreEqual $policy.EventType.Length 10
253253

254254

255255
# Test
@@ -269,8 +269,8 @@ function Test-DatabaseUpdatePolicyWithEventTypeShortcuts
269269
# Test
270270
Assert-Throws {Set-AzureSqlDatabaseAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount -EventType "All", "None"}
271271
Assert-Throws {Set-AzureSqlDatabaseAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount -EventType "None", "All"}
272-
Assert-Throws {Set-AzureSqlDatabaseAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount -EventType "DataChanges", "All"}
273-
Assert-Throws {Set-AzureSqlDatabaseAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount -EventType "DataChanges", "None"}
272+
Assert-Throws {Set-AzureSqlDatabaseAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount -EventType "PlainSQL_Success", "All"}
273+
Assert-Throws {Set-AzureSqlDatabaseAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount -EventType "PlainSQL_Success", "None"}
274274
}
275275
finally
276276
{
@@ -297,14 +297,14 @@ function Test-ServerUpdatePolicyWithEventTypeShortcuts
297297
$policy = Get-AzureSqlDatabaseServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName
298298

299299
# Assert
300-
Assert-AreEqual $policy.EventType.Length 5
300+
Assert-AreEqual $policy.EventType.Length 10
301301

302302
# Test
303-
Set-AzureSqlDatabaseServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -StorageAccountName $params.storageAccount -EventType "All", "All"
303+
Set-AzureSqlDatabaseServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -StorageAccountName $params.storageAccount -EventType "All"
304304
$policy = Get-AzureSqlDatabaseServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName
305305

306306
# Assert
307-
Assert-AreEqual $policy.EventType.Length 5
307+
Assert-AreEqual $policy.EventType.Length 10
308308

309309

310310
# Test
@@ -315,7 +315,7 @@ function Test-ServerUpdatePolicyWithEventTypeShortcuts
315315
Assert-AreEqual $policy.EventType.Length 0
316316

317317
# Test
318-
Set-AzureSqlDatabaseServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -StorageAccountName $params.storageAccount -EventType "None", "None"
318+
Set-AzureSqlDatabaseServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -StorageAccountName $params.storageAccount -EventType "None"
319319
$policy = Get-AzureSqlDatabaseServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName
320320

321321
# Assert
@@ -324,8 +324,8 @@ function Test-ServerUpdatePolicyWithEventTypeShortcuts
324324
# Test
325325
Assert-Throws {Set-AzureSqlDatabaseServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -StorageAccountName $params.storageAccount -EventType "All", "None"}
326326
Assert-Throws {Set-AzureSqlDatabaseServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -StorageAccountName $params.storageAccount -EventType "None", "All"}
327-
Assert-Throws {Set-AzureSqlDatabaseServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -StorageAccountName $params.storageAccount -EventType "DataChanges", "All"}
328-
Assert-Throws {Set-AzureSqlDatabaseServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -StorageAccountName $params.storageAccount -EventType "DataChanges", "None"}
327+
Assert-Throws {Set-AzureSqlDatabaseServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -StorageAccountName $params.storageAccount -EventType "PlainSQL_Success", "All"}
328+
Assert-Throws {Set-AzureSqlDatabaseServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -StorageAccountName $params.storageAccount -EventType "PlainSQL_Success", "None"}
329329
}
330330
finally
331331
{
@@ -404,7 +404,7 @@ function Test-DatabaseDisableEnableKeepProperties
404404
try
405405
{
406406
# Test
407-
Set-AzureSqlDatabaseAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount -EventType "SecurityExceptions"
407+
Set-AzureSqlDatabaseAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -StorageAccountName $params.storageAccount -EventType "Login_Failure"
408408
Remove-AzureSqlDatabaseAuditing -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName
409409
Set-AzureSqlDatabaseAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName
410410
$policy = Get-AzureSqlDatabaseAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName
@@ -414,7 +414,7 @@ function Test-DatabaseDisableEnableKeepProperties
414414
Assert-AreEqual $policy.AuditState "Enabled"
415415
Assert-AreEqual $policy.UseServerDefault "Disabled"
416416
Assert-AreEqual $policy.EventType.Length 1
417-
Assert-True {$policy.EventType.Contains([Microsoft.Azure.Commands.Sql.Security.Model.AuditEventType]::SecurityExceptions)}
417+
Assert-True {$policy.EventType.Contains([Microsoft.Azure.Commands.Sql.Security.Model.AuditEventType]::Login_Failure)}
418418
}
419419
finally
420420
{
@@ -437,7 +437,7 @@ function Test-ServerDisableEnableKeepProperties
437437
try
438438
{
439439
# Test
440-
Set-AzureSqlDatabaseServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -StorageAccountName $params.storageAccount -EventType "RevokePermissions"
440+
Set-AzureSqlDatabaseServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName -StorageAccountName $params.storageAccount -EventType "TransactionManagement_Success"
441441
Remove-AzureSqlDatabaseServerAuditing -ResourceGroupName $params.rgname -ServerName $params.serverName
442442
Set-AzureSqlDatabaseServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName
443443
$policy = Get-AzureSqlDatabaseServerAuditingPolicy -ResourceGroupName $params.rgname -ServerName $params.serverName
@@ -446,7 +446,7 @@ function Test-ServerDisableEnableKeepProperties
446446
Assert-AreEqual $policy.StorageAccountName $params.storageAccount
447447
Assert-AreEqual $policy.AuditState "Enabled"
448448
Assert-AreEqual $policy.EventType.Length 1
449-
Assert-True {$policy.EventType.Contains([Microsoft.Azure.Commands.Sql.Security.Model.AuditEventType]::RevokePermissions)}
449+
Assert-True {$policy.EventType.Contains([Microsoft.Azure.Commands.Sql.Security.Model.AuditEventType]::TransactionManagement_Success)}
450450
}
451451
finally
452452
{

src/ResourceManager/Sql/Commands.Sql/Security/Cmdlet/Auditing/SetAzureSqlDatabaseAuditingPolicy.cs

Lines changed: 27 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ public class SetAzureSqlDatabaseAuditingPolicy : SqlDatabaseAuditingCmdletBase
3838
/// Gets or sets the names of the event types to use.
3939
/// </summary>
4040
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = "Event types to audit")]
41-
[ValidateSet(Constants.DataAccess, Constants.SchemaChanges, Constants.DataChanges, Constants.SecurityExceptions, Constants.RevokePermissions, Constants.All, Constants.None, IgnoreCase = false)]
41+
[ValidateSet(Constants.PlainSQL_Success , Constants.PlainSQL_Failure , Constants.ParameterizedSQL_Success, Constants.ParameterizedSQL_Failure, Constants.StoredProcedure_Success, Constants.StoredProcedure_Failure, Constants.Login_Success, Constants.Login_Failure, Constants.TransactionManagement_Success, Constants.TransactionManagement_Failure, Constants.All, Constants.None, IgnoreCase = false)]
4242
public string[] EventType { get; set; }
4343

4444
/// <summary>
@@ -83,13 +83,18 @@ protected override DatabaseAuditingPolicyModel UpdateModel(DatabaseAuditingPolic
8383
ProcessShortcuts();
8484
if (EventType != null) // the user provided event types to audit, we use it
8585
{
86-
87-
Dictionary<string, AuditEventType> events = new Dictionary<string, AuditEventType>(){
88-
{Constants.DataAccess, AuditEventType.DataAccess},
89-
{Constants.DataChanges, AuditEventType.DataChanges},
90-
{Constants.SecurityExceptions, AuditEventType.SecurityExceptions},
91-
{Constants.RevokePermissions, AuditEventType.RevokePermissions},
92-
{Constants.SchemaChanges, AuditEventType.SchemaChanges}
86+
Dictionary<string, AuditEventType> events = new Dictionary<string, AuditEventType>
87+
{
88+
{Constants.PlainSQL_Success, AuditEventType.PlainSQL_Success},
89+
{Constants.PlainSQL_Failure, AuditEventType.PlainSQL_Failure},
90+
{Constants.ParameterizedSQL_Success, AuditEventType.ParameterizedSQL_Success},
91+
{Constants.ParameterizedSQL_Failure, AuditEventType.ParameterizedSQL_Failure},
92+
{Constants.StoredProcedure_Success, AuditEventType.StoredProcedure_Success},
93+
{Constants.StoredProcedure_Failure, AuditEventType.StoredProcedure_Failure},
94+
{Constants.Login_Success, AuditEventType.Login_Success},
95+
{Constants.Login_Failure, AuditEventType.Login_Failure},
96+
{Constants.TransactionManagement_Success, AuditEventType.TransactionManagement_Success},
97+
{Constants.TransactionManagement_Failure, AuditEventType.TransactionManagement_Failure}
9398
};
9499
model.EventType = EventType.Select(s => events[s]).ToArray();
95100
}
@@ -111,10 +116,21 @@ private void ProcessShortcuts()
111116
{
112117
EventType = new string[]{};
113118
}
114-
else if(EventType[0] == Constants.All)
119+
else if (EventType[0] == Constants.All)
115120
{
116-
EventType = new string[]{Constants.DataAccess, Constants.DataChanges, Constants.SecurityExceptions, Constants.RevokePermissions, Constants.SchemaChanges};
117-
121+
EventType = new []
122+
{
123+
Constants.PlainSQL_Success,
124+
Constants.PlainSQL_Failure,
125+
Constants.ParameterizedSQL_Success,
126+
Constants.ParameterizedSQL_Failure,
127+
Constants.StoredProcedure_Success,
128+
Constants.StoredProcedure_Failure,
129+
Constants.Login_Success,
130+
Constants.Login_Failure,
131+
Constants.TransactionManagement_Success,
132+
Constants.TransactionManagement_Failure
133+
};
118134
}
119135
}
120136
else

src/ResourceManager/Sql/Commands.Sql/Security/Cmdlet/Auditing/SetAzureSqlDatabaseServerAuditingPolicy.cs

Lines changed: 26 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ public class SetAzureSqlDatabaseServerAuditingPolicy : SqlDatabaseServerAuditing
3636
/// Gets or sets the names of the event types to use.
3737
/// </summary>
3838
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, HelpMessage = "Event types to audit")]
39-
[ValidateSet(Constants.DataAccess, Constants.SchemaChanges, Constants.DataChanges, Constants.SecurityExceptions, Constants.RevokePermissions, Constants.All, Constants.None, IgnoreCase = false)]
39+
[ValidateSet(Constants.PlainSQL_Success, Constants.PlainSQL_Failure, Constants.ParameterizedSQL_Success, Constants.ParameterizedSQL_Failure, Constants.StoredProcedure_Success, Constants.StoredProcedure_Failure, Constants.Login_Success, Constants.Login_Failure, Constants.TransactionManagement_Success, Constants.TransactionManagement_Failure, Constants.All, Constants.None, IgnoreCase = false)]
4040
public string[] EventType { get; set; }
4141

4242
/// <summary>
@@ -80,12 +80,18 @@ protected override ServerAuditingPolicyModel UpdateModel(ServerAuditingPolicyMod
8080
ProcessShortcuts();
8181
if (EventType != null) // the user provided event types to audit
8282
{
83-
Dictionary<string, AuditEventType> events = new Dictionary<string, AuditEventType>(){
84-
{Constants.DataAccess, AuditEventType.DataAccess},
85-
{Constants.DataChanges, AuditEventType.DataChanges},
86-
{Constants.SecurityExceptions, AuditEventType.SecurityExceptions},
87-
{Constants.RevokePermissions, AuditEventType.RevokePermissions},
88-
{Constants.SchemaChanges, AuditEventType.SchemaChanges}
83+
Dictionary<string, AuditEventType> events = new Dictionary<string, AuditEventType>
84+
{
85+
{Constants.PlainSQL_Success, AuditEventType.PlainSQL_Success},
86+
{Constants.PlainSQL_Failure, AuditEventType.PlainSQL_Failure},
87+
{Constants.ParameterizedSQL_Success, AuditEventType.ParameterizedSQL_Success},
88+
{Constants.ParameterizedSQL_Failure, AuditEventType.ParameterizedSQL_Failure},
89+
{Constants.StoredProcedure_Success, AuditEventType.StoredProcedure_Success},
90+
{Constants.StoredProcedure_Failure, AuditEventType.StoredProcedure_Failure},
91+
{Constants.Login_Success, AuditEventType.Login_Success},
92+
{Constants.Login_Failure, AuditEventType.Login_Failure},
93+
{Constants.TransactionManagement_Success, AuditEventType.TransactionManagement_Success},
94+
{Constants.TransactionManagement_Failure, AuditEventType.TransactionManagement_Failure}
8995
};
9096
model.EventType = EventType.Select(s => events[s]).ToArray();
9197
}
@@ -109,7 +115,19 @@ private void ProcessShortcuts()
109115
}
110116
else if (EventType[0] == Constants.All)
111117
{
112-
EventType = new string[] { Constants.DataAccess, Constants.DataChanges, Constants.SecurityExceptions, Constants.RevokePermissions, Constants.SchemaChanges };
118+
EventType = new[]
119+
{
120+
Constants.PlainSQL_Success,
121+
Constants.PlainSQL_Failure,
122+
Constants.ParameterizedSQL_Success,
123+
Constants.ParameterizedSQL_Failure,
124+
Constants.StoredProcedure_Success,
125+
Constants.StoredProcedure_Failure,
126+
Constants.Login_Success,
127+
Constants.Login_Failure,
128+
Constants.TransactionManagement_Success,
129+
Constants.TransactionManagement_Failure
130+
};
113131
}
114132
}
115133
else

src/ResourceManager/Sql/Commands.Sql/Security/Model/BaseAuditingPolicyModel.cs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,8 +21,8 @@ public enum StorageKeyKind { Primary, Secondary };
2121

2222
/// <summary>
2323
/// The possible audit event types
24-
/// </summary>
25-
public enum AuditEventType {DataAccess, DataChanges, RevokePermissions, SchemaChanges, SecurityExceptions};
24+
/// </summary>
25+
public enum AuditEventType {PlainSQL_Success, PlainSQL_Failure, ParameterizedSQL_Success, ParameterizedSQL_Failure, StoredProcedure_Success, StoredProcedure_Failure, Login_Success, Login_Failure, TransactionManagement_Success, TransactionManagement_Failure};
2626

2727
/// <summary>
2828
/// The possible states in which an auditing policy may be in

0 commit comments

Comments
 (0)