Merge pull request Azure#8523 from shblum/master

Support Advanced Threat Protection policy management

Author: Maddie Clayton

src/Security/Security.Test/ScenarioTests/SecurityAdvancedThreatProtectionTests.cs

@@ -0,0 +1,41 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using Microsoft.Azure.Commands.ScenarioTest;
+using Microsoft.Azure.ServiceManagement.Common.Models;
+using Microsoft.WindowsAzure.Commands.ScenarioTest;
+using Xunit;
+
+namespace Microsoft.Azure.Commands.Security.Test.ScenarioTests
+{
+    public class SecurityAdvancedThreatProtectionTests
+    {
+        private readonly XunitTracingInterceptor _logger;
+
+        public SecurityAdvancedThreatProtectionTests(Xunit.Abstractions.ITestOutputHelper output)
+        {
+            _logger = new XunitTracingInterceptor(output);
+            XunitTracingInterceptor.AddToContext(_logger);
+            TestExecutionHelpers.SetUpSessionAndProfile();
+        }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void GetResourceId()
+        {
+            TestController.NewInstance.RunPowerShellTest(_logger, "Test-AzSecurityThreatProtection-ResourceId");
+        }
+        
+    }
+}

src/Security/Security.Test/ScenarioTests/SecurityAdvancedThreatProtectionTests.ps1

@@ -0,0 +1,65 @@
+# ----------------------------------------------------------------------------------
+#
+# Copyright Microsoft Corporation
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ----------------------------------------------------------------------------------
+
+<#
+.SYNOPSIS
+Get a security contact by resource ID
+#>
+function Test-AzSecurityThreatProtection-ResourceId
+{
+	# Setup
+	$testPrefix = "psstorage"
+	$testParams = Get-AdvancedThreatProtectionTestEnvironmentParameters $testPrefix
+	$resourceId = "/subscriptions/" + $testParams.subscriptionId + "/resourceGroups/" + $testParams.rgName + "/providers/Microsoft.Storage/storageAccounts/" + $testParams.accountName
+	Create-TestEnvironmentWithParams $testParams
+
+	#Enable
+	$policy = Set-AzSecurityThreatProtection -ResourceId $resourceId -Enable
+    $fetchedPolicy = Get-AzSecurityThreatProtection -ResourceId $resourceId
+	Assert-AreEqual $policy.IsEnabled $True
+	Assert-AreEqual $True $fetchedPolicy.IsEnabled
+
+	#Disable
+	$policy = Set-AzSecurityThreatProtection -ResourceId $resourceId -Disable
+    $fetchedPolicy = Get-AzSecurityThreatProtection -ResourceId $resourceId
+	Assert-AreEqual $policy.IsEnabled $False
+	Assert-AreEqual $False $fetchedPolicy.IsEnabled
+}
+
+<#
+.SYNOPSIS
+Gets the values of the parameters used at the tests
+#>
+function Get-AdvancedThreatProtectionTestEnvironmentParameters ($testPrefix)
+{
+	return @{ subscriptionId =  (Get-AzContext).Subscription.Id;
+			rgName = getAssetName ($testPrefix);
+			accountName = getAssetName ($testPrefix);
+			storageSku = "Standard_GRS";
+			location = Get-Location "Microsoft.Resources" "resourceGroups" "West US"
+			}
+}
+
+	<#
+.SYNOPSIS
+Creates the basic test environment needed to perform the threat protection tests - resource group and storage account
+#>
+function Create-TestEnvironmentWithParams ($testParams)
+{
+	# Create a new resource group.
+	New-AzResourceGroup -Name $testParams.rgName -Location $testParams.location
+
+	# Create the storage account.
+	$storageAccount = New-AzStorageAccount -ResourceGroupName $testParams.rgName -Name $testParams.accountName -Location $testParams.location -Type $testParams.storageSku
+}

src/Security/Security.Test/ScenarioTests/TestController.cs

@@ -12,26 +12,26 @@
 // limitations under the License.
 // ----------------------------------------------------------------------------------
 
-using System;
-using System.Collections.Generic;
-using System.Diagnostics;
-using System.IO;
-using System.Linq;
 using Microsoft.Azure.Commands.Common.Authentication;
+using Microsoft.Azure.Management.Internal.Resources;
 using Microsoft.Azure.Management.Security;
+using Microsoft.Azure.Management.Storage.Version2017_10_01;
 using Microsoft.Azure.Test.HttpRecorder;
 using Microsoft.Rest.ClientRuntime.Azure.TestFramework;
 using Microsoft.WindowsAzure.Commands.ScenarioTest;
 using Microsoft.WindowsAzure.Commands.Test.Utilities.Common;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.IO;
+using System.Linq;
 
 namespace Microsoft.Azure.Commands.Security.Test.ScenarioTests
 {
     public class TestController : RMTestBase
     {
         private readonly EnvironmentSetupHelper _helper;
 
-        public SecurityCenterClient SecurityCenterClient { get; private set; }
-
         public static TestController NewInstance => new TestController();
 
         protected TestController()
@@ -63,21 +63,33 @@ public void RunPowerShellTest(ServiceManagement.Common.Models.XunitTracingInterc
                     _helper.RMProfileModule,
                     _helper.GetRMModulePath(@"AzureRM.Security.psd1"),
                     "ScenarioTests\\Common.ps1",
-                    "ScenarioTests\\" + callingClassName + ".ps1");
+                    "ScenarioTests\\" + callingClassName + ".ps1",
+                    "AzureRM.Storage.ps1",
+                    "AzureRM.Resources.ps1");
 
                 _helper.RunPowerShellTest(scripts);
             }
         }
 
         protected void SetupManagementClients(MockContext context)
         {
-            SecurityCenterClient = GetSecurityCenterClient(context);
-            _helper.SetupManagementClients(SecurityCenterClient);
+            var resourcesClient = GetResourcesClient(context);
+            var securityCenterClient = GetSecurityCenterClient(context);
+            var storageClient = GetStorageManagementClient(context);
+            _helper.SetupManagementClients(securityCenterClient, resourcesClient, storageClient);
         }
 
         private static SecurityCenterClient GetSecurityCenterClient(MockContext context)
         {
             return context.GetServiceClient<SecurityCenterClient>(TestEnvironmentFactory.GetTestEnvironment());
         }
+        private static ResourceManagementClient GetResourcesClient(MockContext context)
+        {
+            return context.GetServiceClient<ResourceManagementClient>(TestEnvironmentFactory.GetTestEnvironment());
+        }
+        private static StorageManagementClient GetStorageManagementClient(MockContext context)
+        {
+            return context.GetServiceClient<StorageManagementClient>(TestEnvironmentFactory.GetTestEnvironment());
+        }
     }
 }

src/Security/Security.Test/Security.Test.csproj

@@ -11,7 +11,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Azure.Management.SecurityCenter" Version="0.10.0-preview" />
+    <PackageReference Include="Microsoft.Azure.Management.SecurityCenter" Version="0.11.0-preview" />
   </ItemGroup>
 
 </Project>

src/Security/Security.Test/SessionRecords/Microsoft.Azure.Commands.Security.Test.ScenarioTests.SecurityAdvancedThreatProtectionTests/GetResourceId.json

@@ -85,7 +85,9 @@ CmdletsToExport = 'Get-AzSecurityAlert', 'Set-AzSecurityAlert',
                'Get-AzSecurityContact', 'Set-AzSecurityContact', 
                'Remove-AzSecurityContact', 'Get-AzSecurityTask', 
                'Get-AzSecurityWorkspaceSetting', 'Set-AzSecurityWorkspaceSetting', 
-               'Remove-AzSecurityWorkspaceSetting'
+               'Remove-AzSecurityWorkspaceSetting',
+               'Get-AzSecurityThreatProtection',
+               'Set-AzSecurityThreatProtection'
 
 # Variables to export from this module
 # VariablesToExport = @()

src/Security/Security/Az.Security.psd1

@@ -0,0 +1,34 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ------------------------------------
+
+using Commands.Security;
+using Microsoft.Azure.Commands.Security.Common;
+using Microsoft.Azure.Commands.Security.Models.Locations;
+using System.Management.Automation;
+
+namespace Microsoft.Azure.Commands.Security.Cmdlets.AdvancedThreatProtection
+{
+    [Cmdlet(VerbsCommon.Get, ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "SecurityThreatProtection", DefaultParameterSetName = ParameterSetNames.ResourceId), OutputType(typeof(PSSecurityLocation))]
+    public class GetThreatProtectionPolicy : SecurityCenterCmdletBase
+    {
+        [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.ResourceId)]
+        [ValidateNotNullOrEmpty]
+        public string ResourceId { get; set; }
+        public override void ExecuteCmdlet()
+        {
+            var result = SecurityCenterClient.AdvancedThreatProtection.GetWithHttpMessagesAsync(ResourceId).GetAwaiter().GetResult().Body;
+            WriteObject(result, enumerateCollection: true);
+        }
+    }
+}

src/Security/Security/Cmdlets/AdvancedThreatProtection/GetThreatProtectionPolicy.cs

@@ -0,0 +1,59 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ------------------------------------
+
+using System.Management.Automation;
+using Commands.Security;
+using Microsoft.Azure.Commands.Security.Common;
+using Microsoft.Azure.Commands.Security.Models.ThreatProtection;
+
+
+namespace Microsoft.Azure.Commands.Security.Cmdlets.AdvancedThreatProtection
+{
+    [Cmdlet(VerbsCommon.Set, ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "SecurityThreatProtection", DefaultParameterSetName = ParameterSetNames.PolicyOn, SupportsShouldProcess = true), OutputType(typeof(PSThreatProtection))]
+    public class SetThreatProtectionPolicy : SecurityCenterCmdletBase
+    {
+        [Parameter(ParameterSetName = ParameterSetNames.PolicyOn, Mandatory = true, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.ResourceId)]
+        [Parameter(ParameterSetName = ParameterSetNames.PolicyOff, Mandatory = true, ValueFromPipelineByPropertyName = true, HelpMessage = ParameterHelpMessages.ResourceId)]
+        [ValidateNotNullOrEmpty]
+        public string ResourceId { get; set; }
+
+        [Parameter(ParameterSetName = ParameterSetNames.PolicyOn, Mandatory = true, HelpMessage = ParameterHelpMessages.Enable)]
+        [ValidateNotNullOrEmpty]
+        public SwitchParameter Enable { get; set; }
+
+        [Parameter(ParameterSetName = ParameterSetNames.PolicyOff, Mandatory = true, HelpMessage = ParameterHelpMessages.Disable)]
+        [ValidateNotNullOrEmpty]
+        public SwitchParameter Disable { get; set; }
+
+        public override void ExecuteCmdlet()
+        {
+            bool policy;
+
+            switch (ParameterSetName)
+            {
+                case ParameterSetNames.PolicyOn:
+                     policy = true;
+                    break;
+                case ParameterSetNames.PolicyOff:
+                     policy = false;
+                    break;
+                default:
+                    throw new PSInvalidOperationException();
+            }
+
+            var result = SecurityCenterClient.AdvancedThreatProtection.CreateWithHttpMessagesAsync(ResourceId, policy).GetAwaiter().GetResult().Body;
+            WriteObject(result, enumerateCollection: true);
+        }
+    }
+}

src/Security/Security/Cmdlets/AdvancedThreatProtection/SetThreatProtectionPolicy .cs

@@ -68,5 +68,12 @@ public static class ParameterHelpMessages
         public const string VirutalMachines = "Virtual Machines.";
 
         #endregion
+
+        #region Threat Detection Settings
+
+        public const string Disable = "Disables Threat Protection Policy";
+        public const string Enable = "Enables Threat Protection Policy";
+
+        #endregion
     }
 }

src/Security/Security/Common/ParameterHelpMessages.cs

@@ -24,5 +24,7 @@ public static class ParameterSetNames
         public const string ResourceGroupLevelResource = "ResourceGroupLevelResource";
         public const string ResourceId = "ResourceId";
         public const string InputObject = "InputObject";
+        public const string PolicyOn = "PolicyOn";
+        public const string PolicyOff = "PolicyOff";
     }
 }

src/Security/Security/Common/ParameterSetNames.cs

@@ -0,0 +1,23 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+namespace Microsoft.Azure.Commands.Security.Models.ThreatProtection
+{
+    public class PSThreatProtection
+    {
+        public string Id { get; set; }
+
+        public string Name { get; set; }
+    }
+}

src/Security/Security/Models/ThreatProtection/PSThreatProtection.cs

@@ -11,7 +11,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Azure.Management.SecurityCenter" Version="0.10.0-preview" />
+    <PackageReference Include="Microsoft.Azure.Management.SecurityCenter" Version="0.11.0-preview" />
   </ItemGroup>
 
 </Project>

src/Security/Security/Security.csproj

@@ -1,4 +1,4 @@
----
+---
 Module Name: Az.Security
 Module Guid: 5e312bb4-9d3a-4c88-94c3-8e5bbb2e3da4
 Download Help Link: https://docs.microsoft.com/en-us/powershell/module/az.security
@@ -41,6 +41,9 @@ Gets the pricing tier data for Azure Security Center for a scope.
 ### [Get-AzSecurityTask](Get-AzSecurityTask.md)
 Gets the security tasks that Azure Security Center recommends you to do in order to strengthen your security posture.
 
+### [Get-AzSecurityThreatProtection](Get-AzSecurityThreatProtection.md)
+Gets the threat protection policy for a storage account.
+
 ### [Get-AzSecurityWorkspaceSetting](Get-AzSecurityWorkspaceSetting.md)
 Gets the configured security workspace settings on a subscription.
 
@@ -68,6 +71,9 @@ Updates a security contact for a subscription.
 ### [Set-AzSecurityPricing](Set-AzSecurityPricing.md)
 Sets the pricing of Azure Security Center tier for a scope.
 
+### [Set-AzSecurityThreatProtection](Set-AzSecurityThreatProtection.md)
+Sets the threat protection policy for a storage account.
+
 ### [Set-AzSecurityWorkspaceSetting](Set-AzSecurityWorkspaceSetting.md)
 Updates the workspace settings for the subscription.