Skip to content

[Audit policy] Support Event Hub and Log Analytics in server and database audit policy commands #15444

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Juliehzl merged 52 commits into from
Oct 21, 2020
Merged

[Audit policy] Support Event Hub and Log Analytics in server and database audit policy commands #15444

Juliehzl merged 52 commits into from
Oct 21, 2020

Conversation

@OlegSternbergIBM
Copy link
Contributor

@OlegSternbergIBM OlegSternbergIBM commented Oct 8, 2020
edited by Juliehzl
Loading

Description

In this PR the following commands have been extended to support Event Hub and Log Analytics:

A new command line arguments have been added:
--blob-storage-target-state - enables\disables blob storage as auditing logs target
--log-analytics-target-state - enables\disables log analytics as auditing logs target
--log-analytics-workspace-resource-id - log analytics workspace resource id
--event-hub-target-state - enables\disables event hub as auditing logs target
--event-hub-authorization-rule-id - event hub authorization rule id
--event-hub - event hub name

Examples of commands:

sql db audit-policy update -g my_resource_group -s my_server -n my_database --state Enabled --blob-storage-target-state Enabled --storage-endpoint https://mystorageaccount.blob.core.windows.net/

sql db audit-policy update -g my_resource_group -s my_server -n my_database --state Enabled --blob-storage-target-state Disabled

sql server audit-policy update -g my_resource_group -n my_server --state Enabled --log-analytics-target-state Enabled --log-analytics-workspace-resource-id /subscriptions/1111-2222-3333-444-5555555/resourcegroups/my_resource_group/providers/microsoft.operationalinsights/workspaces/my_workspace

sql server audit-policy update -g my_resource_group -n my_server --state Enabled --log-analytics-target-state Disabled --event-hub-target-state Enabled --event-hub-authorization-rule-id /subscriptions/1111-2222-3333-4444/resourceGroups/my_resource_group/providers/Microsoft.EventHub/namespaces/my_eventhub_namespace/authorizationrules/my_eventhub_auth_rule_name --event-hub my_event_hub_name

Testing Guide

Unit tests test_sql_server_security_mgmt and test_sql_db_security_mgmt cover the test for the change.

History Notes

[SQL] az sql db audit-policy show: extend to show database's audit policy including LA and EH data
[SQL] az sql db audit-policy update: extend to allow LA and EH update along with database's audit policy
[SQL] az sql db audit-policy wait: place the CLI in a waiting state until a condition of the database's audit policy is met.
[SQL] az sql server audit-policy show: extend to show servers's audit policy including LA and EH data
[SQL] az sql server audit-policy update: extend to allow LA and EH update along with server's audit policy
[SQL] az sql server audit-policy wait: place the CLI in a waiting state until a condition of the server's audit policy is met.

Oleg Sternberg and others added 19 commits September 21, 2020 23:58
In progress - rollback delete is missing
272bc6c
Added help
cc8b58a
Added help
17e8e32
Working on rollback
1244360
Fix '_get_diagnostic_settings_url' for server case
00c9ed2
@OlegSternbergIBM
Merge pull request #1 from Azure/dev
75a7998 
Sync
Merge branch 'dev' into olsternb_la_eh_support
2d95e5f
update help
08c61b9
fix storage account and endpoint handling
ee74775
update test - server tests still fail with:
1c3f5ef 
AssertionError: You need to call 'result' or 'wait' on all LROPoller you have created
Add log analytics test for db audit
9dd9218
use bool condition for test mode
b2f718c
enrich db audit policy tests
72b89be
fix case when blob_storage_target_state is not provided
04c05f3
fix diagnostic settings rollback
67b1371
Tune server and db tests.
3e0601d 
Server tests still failed.
Wait on LROPoller for server operations
6a58c06
remove timeouts
f559d23 
server tests pass now
_audit_policy_update_global_settings cosmetic
eec92bb
@ghost ghost added the customer-reported Issues that are reported by GitHub users external to the Azure organization. label Oct 8, 2020
@ghost
Copy link

ghost commented Oct 8, 2020

Thank you for your contribution Oleza1972! We will review the pull request and get back to you soon.

@yonzhan
Copy link
Collaborator

yonzhan commented Oct 8, 2020

sql

@yonzhan yonzhan requested review from jsntcy and zhoxing-ms October 8, 2020 13:48
@yonzhan yonzhan added this to the S177 milestone Oct 8, 2020
jaredmoo
jaredmoo reviewed Oct 8, 2020
View reviewed changes
@Juliehzl
Copy link
Contributor

Juliehzl commented Oct 14, 2020

/azp run

1 similar comment
@OlegSternbergIBM
Copy link
Contributor Author

OlegSternbergIBM commented Oct 14, 2020

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented Oct 14, 2020

Commenter does not have sufficient privileges for PR 15444 in repo Azure/azure-cli

@azure-pipelines
Copy link

azure-pipelines bot commented Oct 14, 2020

Azure Pipelines successfully started running 2 pipeline(s).

Juliehzl
Juliehzl reviewed Oct 16, 2020
View reviewed changes
Juliehzl
Juliehzl reviewed Oct 16, 2020
View reviewed changes
Juliehzl
Juliehzl reviewed Oct 16, 2020
View reviewed changes
Juliehzl
Juliehzl reviewed Oct 16, 2020
View reviewed changes
Juliehzl
Juliehzl reviewed Oct 16, 2020
View reviewed changes
Juliehzl
Juliehzl reviewed Oct 16, 2020
View reviewed changes
Juliehzl
Juliehzl requested changes Oct 16, 2020
View reviewed changes
Copy link
Contributor

@Juliehzl Juliehzl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please resolve all my comments and change the title format.
And edit the history notes part in description, e.g.

History Notes

[Compute] sig image-definition create: add --features
[Compute] New API version of gallery_images 2020-09-30

in #15549 (comment)

@OlegSternbergIBM OlegSternbergIBM changed the title [Audit policy] - Support Event Hub and Log Analytics in server and database audit policy commands [Audit policy] Support Event Hub and Log Analytics in server and database audit policy commands Oct 18, 2020
Juliehzl
Juliehzl reviewed Oct 20, 2020
View reviewed changes
Juliehzl
Juliehzl reviewed Oct 20, 2020
View reviewed changes
Juliehzl
Juliehzl reviewed Oct 20, 2020
View reviewed changes
Juliehzl
Juliehzl reviewed Oct 20, 2020
View reviewed changes
Juliehzl
Juliehzl reviewed Oct 20, 2020
View reviewed changes
Juliehzl
Juliehzl approved these changes Oct 20, 2020
View reviewed changes
Copy link
Contributor

@Juliehzl Juliehzl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM in general

@Juliehzl Juliehzl merged commit 4775c1e into Azure:dev Oct 21, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Juliehzl Juliehzl Juliehzl approved these changes

@evelyn-ys evelyn-ys Awaiting requested review from evelyn-ys evelyn-ys is a code owner

@zhoxing-ms zhoxing-ms Awaiting requested review from zhoxing-ms

@jsntcy jsntcy Awaiting requested review from jsntcy

@jaredmoo jaredmoo Awaiting requested review from jaredmoo

Assignees

@Juliehzl Juliehzl

Labels

customer-reported Issues that are reported by GitHub users external to the Azure organization.

Projects

None yet

Milestone

S177

Development

Successfully merging this pull request may close these issues.

4 participants

@OlegSternbergIBM @yonzhan @Juliehzl @jaredmoo