Merge pull request #4990 from ranisha2/preview

SQL Auditing: Remove AUDIT_CHANGE_GROUP from available AuditActionGroups
Azure · Dec 5, 2017 · 78d3aae · 78d3aae
2 parents b1845a1 + 8f19f74
commit 78d3aae
Show file tree

Hide file tree

Showing 10 changed files with 63 additions and 26 deletions.
diff --git a/src/ResourceManager/Sql/ChangeLog.md b/src/ResourceManager/Sql/ChangeLog.md
@@ -19,6 +19,8 @@
 -->
 ## Current Release
 * Added ability to rename database using Set-AzureRmSqlDatabase
+* Fixed issue https://github.com/Azure/azure-powershell/issues/4974
+	- Providing invalid AUDIT_CHANGED_GROUP value for auditing cmdlets no longer throws an error and will be removed in an upcoming release.
 * Fixed issue https://github.com/Azure/azure-powershell/issues/5046
 	- AuditAction parameter in auditing cmdlets is no longer being ignored
 * Fixed an issue in Auditing cmdlets when 'Secondary' StorageKeyType is provided

diff --git a/...anager/Sql/Commands.Sql/Auditing/Cmdlet/AuditingSettings/SqlDatabaseAuditingCmdletBase.cs b/...anager/Sql/Commands.Sql/Auditing/Cmdlet/AuditingSettings/SqlDatabaseAuditingCmdletBase.cs
@@ -13,10 +13,12 @@
 // ----------------------------------------------------------------------------------
 
 using System;
+using System.Linq;
 using Microsoft.Azure.Commands.Common.Authentication.Models;
 using Microsoft.Azure.Commands.Sql.Auditing.Model;
 using Microsoft.Azure.Commands.Sql.Auditing.Services;
 using Microsoft.Azure.Commands.Sql.Common;
+using Microsoft.Azure.Commands.Sql.Properties;
 using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
 
 namespace Microsoft.Azure.Commands.Sql.Auditing.Cmdlet
@@ -54,6 +56,15 @@ protected override SqlAuditAdapter InitModelAdapter(IAzureSubscription subscript
         /// <param name="model">The model object with the data to be sent to the REST endpoints</param>
         protected override DatabaseBlobAuditingSettingsModel PersistChanges(DatabaseBlobAuditingSettingsModel model)
         {
+            if (Array.IndexOf(model.AuditActionGroup, AuditActionGroups.AUDIT_CHANGE_GROUP) > -1)
+            {
+                // AUDIT_CHANGE_GROUP is not supported.
+                WriteWarning(Resources.auditChangeGroupDeprecationMessage);
+
+                // Remove it
+                model.AuditActionGroup = model.AuditActionGroup.Where(v => v != AuditActionGroups.AUDIT_CHANGE_GROUP).ToArray();
+            }
+
             ModelAdapter.SetDatabaseBlobAuditingPolicyV2(model, DefaultContext.Environment.GetEndpoint(AzureEnvironment.Endpoint.StorageEndpointSuffix));
 
             return null;

diff --git a/...eManager/Sql/Commands.Sql/Auditing/Cmdlet/AuditingSettings/SqlServerAuditingCmdletBase.cs b/...eManager/Sql/Commands.Sql/Auditing/Cmdlet/AuditingSettings/SqlServerAuditingCmdletBase.cs
@@ -12,12 +12,15 @@
 // limitations under the License.
 // ----------------------------------------------------------------------------------
 
+using System;
+using System.Linq;
+using System.Management.Automation;
 using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
 using Microsoft.Azure.Commands.Common.Authentication.Models;
 using Microsoft.Azure.Commands.Sql.Auditing.Model;
 using Microsoft.Azure.Commands.Sql.Auditing.Services;
 using Microsoft.Azure.Commands.Sql.Common;
-using System.Management.Automation;
+using Microsoft.Azure.Commands.Sql.Properties;
 
 namespace Microsoft.Azure.Commands.Sql.Auditing.Cmdlet
 {
@@ -61,6 +64,15 @@ protected override SqlAuditAdapter InitModelAdapter(IAzureSubscription subscript
         /// <param name="baseModel">The model object with the data to be sent to the REST endpoints</param>
         protected override ServerBlobAuditingSettingsModel PersistChanges(ServerBlobAuditingSettingsModel baseModel)
         {
+            if (Array.IndexOf(baseModel.AuditActionGroup, AuditActionGroups.AUDIT_CHANGE_GROUP) > -1)
+            {
+                // AUDIT_CHANGE_GROUP is not supported.
+                WriteWarning(Resources.auditChangeGroupDeprecationMessage);
+
+                // Remove it
+                baseModel.AuditActionGroup = baseModel.AuditActionGroup.Where(v => v != AuditActionGroups.AUDIT_CHANGE_GROUP).ToArray();
+            }
+
             ModelAdapter.SetServerAuditingPolicy(baseModel, DefaultContext.Environment.GetEndpoint(AzureEnvironment.Endpoint.StorageEndpointSuffix));
 
             return null;

diff --git a/src/ResourceManager/Sql/Commands.Sql/Auditing/Model/BaseBlobAuditingPolicyModel.cs b/src/ResourceManager/Sql/Commands.Sql/Auditing/Model/BaseBlobAuditingPolicyModel.cs
@@ -16,27 +16,27 @@ namespace Microsoft.Azure.Commands.Sql.Auditing.Model
 {
     public enum AuditActionGroups
     {
-            BATCH_STARTED_GROUP,
-            BATCH_COMPLETED_GROUP,
-            APPLICATION_ROLE_CHANGE_PASSWORD_GROUP, 
-            AUDIT_CHANGE_GROUP,
-            BACKUP_RESTORE_GROUP,
-            DATABASE_LOGOUT_GROUP,
-            DATABASE_OBJECT_CHANGE_GROUP, 
-            DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP,
-            DATABASE_OBJECT_PERMISSION_CHANGE_GROUP,
-            DATABASE_OPERATION_GROUP,
-            DATABASE_PERMISSION_CHANGE_GROUP,
-            DATABASE_PRINCIPAL_CHANGE_GROUP,
-            DATABASE_PRINCIPAL_IMPERSONATION_GROUP,
-            DATABASE_ROLE_MEMBER_CHANGE_GROUP,
-            FAILED_DATABASE_AUTHENTICATION_GROUP,
-            SCHEMA_OBJECT_ACCESS_GROUP,
-            SCHEMA_OBJECT_CHANGE_GROUP, 
-            SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP,
-            SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP, 
-            SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,
-            USER_CHANGE_PASSWORD_GROUP,
+        BATCH_STARTED_GROUP,
+        BATCH_COMPLETED_GROUP,
+        APPLICATION_ROLE_CHANGE_PASSWORD_GROUP,
+        BACKUP_RESTORE_GROUP,
+        DATABASE_LOGOUT_GROUP,
+        DATABASE_OBJECT_CHANGE_GROUP, 
+        DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP,
+        DATABASE_OBJECT_PERMISSION_CHANGE_GROUP,
+        DATABASE_OPERATION_GROUP,
+        AUDIT_CHANGE_GROUP,
+        DATABASE_PERMISSION_CHANGE_GROUP,
+        DATABASE_PRINCIPAL_CHANGE_GROUP,
+        DATABASE_PRINCIPAL_IMPERSONATION_GROUP,
+        DATABASE_ROLE_MEMBER_CHANGE_GROUP,
+        FAILED_DATABASE_AUTHENTICATION_GROUP,
+        SCHEMA_OBJECT_ACCESS_GROUP,
+        SCHEMA_OBJECT_CHANGE_GROUP, 
+        SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP,
+        SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP, 
+        SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP,
+        USER_CHANGE_PASSWORD_GROUP
     }
 
     /// <summary>

diff --git a/src/ResourceManager/Sql/Commands.Sql/Properties/Resources.Designer.cs b/src/ResourceManager/Sql/Commands.Sql/Properties/Resources.Designer.cs
diff --git a/src/ResourceManager/Sql/Commands.Sql/Properties/Resources.resx b/src/ResourceManager/Sql/Commands.Sql/Properties/Resources.resx
@@ -399,4 +399,7 @@
   <data name="ServerDnsAliasNameExists" xml:space="preserve">
     <value>Server Dns Alias with name: '{0}' already exists.</value>
   </data>
+  <data name="auditChangeGroupDeprecationMessage" xml:space="preserve">
+    <value>The action group 'AUDIT_CHANGE_GROUP' is not supported. It will be removed in a future release.</value>
+  </data>
 </root>
diff --git a/src/ResourceManager/Sql/Commands.Sql/help/Set-AzureRmSqlDatabaseAuditing.md b/src/ResourceManager/Sql/Commands.Sql/help/Set-AzureRmSqlDatabaseAuditing.md
@@ -68,7 +68,7 @@ The set of the audit action groups
 Type: AuditActionGroups[]
 Parameter Sets: (All)
 Aliases: 
-Accepted values: BATCH_STARTED_GROUP, BATCH_COMPLETED_GROUP, APPLICATION_ROLE_CHANGE_PASSWORD_GROUP, AUDIT_CHANGE_GROUP, BACKUP_RESTORE_GROUP, DATABASE_LOGOUT_GROUP, DATABASE_OBJECT_CHANGE_GROUP, DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP, DATABASE_OBJECT_PERMISSION_CHANGE_GROUP, DATABASE_OPERATION_GROUP, DATABASE_PERMISSION_CHANGE_GROUP, DATABASE_PRINCIPAL_CHANGE_GROUP, DATABASE_PRINCIPAL_IMPERSONATION_GROUP, DATABASE_ROLE_MEMBER_CHANGE_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP, SCHEMA_OBJECT_ACCESS_GROUP, SCHEMA_OBJECT_CHANGE_GROUP, SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP, SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP, SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, USER_CHANGE_PASSWORD_GROUP
+Accepted values: BATCH_STARTED_GROUP, BATCH_COMPLETED_GROUP, APPLICATION_ROLE_CHANGE_PASSWORD_GROUP, BACKUP_RESTORE_GROUP, DATABASE_LOGOUT_GROUP, DATABASE_OBJECT_CHANGE_GROUP, DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP, DATABASE_OBJECT_PERMISSION_CHANGE_GROUP, DATABASE_OPERATION_GROUP, DATABASE_PERMISSION_CHANGE_GROUP, DATABASE_PRINCIPAL_CHANGE_GROUP, DATABASE_PRINCIPAL_IMPERSONATION_GROUP, DATABASE_ROLE_MEMBER_CHANGE_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP, SCHEMA_OBJECT_ACCESS_GROUP, SCHEMA_OBJECT_CHANGE_GROUP, SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP, SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP, SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, USER_CHANGE_PASSWORD_GROUP
 
 Required: False
 Position: Named

diff --git a/src/ResourceManager/Sql/Commands.Sql/help/Set-AzureRmSqlDatabaseAuditingPolicy.md b/src/ResourceManager/Sql/Commands.Sql/help/Set-AzureRmSqlDatabaseAuditingPolicy.md
@@ -92,7 +92,7 @@ This parameter is only applicable to Blob auditing.
 Type: AuditActionGroups[]
 Parameter Sets: (All)
 Aliases: 
-Accepted values: BATCH_STARTED_GROUP, BATCH_COMPLETED_GROUP, APPLICATION_ROLE_CHANGE_PASSWORD_GROUP, AUDIT_CHANGE_GROUP, BACKUP_RESTORE_GROUP, DATABASE_LOGOUT_GROUP, DATABASE_OBJECT_CHANGE_GROUP, DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP, DATABASE_OBJECT_PERMISSION_CHANGE_GROUP, DATABASE_OPERATION_GROUP, DATABASE_PERMISSION_CHANGE_GROUP, DATABASE_PRINCIPAL_CHANGE_GROUP, DATABASE_PRINCIPAL_IMPERSONATION_GROUP, DATABASE_ROLE_MEMBER_CHANGE_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP, SCHEMA_OBJECT_ACCESS_GROUP, SCHEMA_OBJECT_CHANGE_GROUP, SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP, SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP, SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, USER_CHANGE_PASSWORD_GROUP
+Accepted values: BATCH_STARTED_GROUP, BATCH_COMPLETED_GROUP, APPLICATION_ROLE_CHANGE_PASSWORD_GROUP, BACKUP_RESTORE_GROUP, DATABASE_LOGOUT_GROUP, DATABASE_OBJECT_CHANGE_GROUP, DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP, DATABASE_OBJECT_PERMISSION_CHANGE_GROUP, DATABASE_OPERATION_GROUP, DATABASE_PERMISSION_CHANGE_GROUP, DATABASE_PRINCIPAL_CHANGE_GROUP, DATABASE_PRINCIPAL_IMPERSONATION_GROUP, DATABASE_ROLE_MEMBER_CHANGE_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP, SCHEMA_OBJECT_ACCESS_GROUP, SCHEMA_OBJECT_CHANGE_GROUP, SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP, SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP, SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, USER_CHANGE_PASSWORD_GROUP
 
 Required: False
 Position: Named

diff --git a/src/ResourceManager/Sql/Commands.Sql/help/Set-AzureRmSqlServerAuditing.md b/src/ResourceManager/Sql/Commands.Sql/help/Set-AzureRmSqlServerAuditing.md
@@ -53,7 +53,7 @@ The set of the audit action groups
 Type: AuditActionGroups[]
 Parameter Sets: (All)
 Aliases: 
-Accepted values: BATCH_STARTED_GROUP, BATCH_COMPLETED_GROUP, APPLICATION_ROLE_CHANGE_PASSWORD_GROUP, AUDIT_CHANGE_GROUP, BACKUP_RESTORE_GROUP, DATABASE_LOGOUT_GROUP, DATABASE_OBJECT_CHANGE_GROUP, DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP, DATABASE_OBJECT_PERMISSION_CHANGE_GROUP, DATABASE_OPERATION_GROUP, DATABASE_PERMISSION_CHANGE_GROUP, DATABASE_PRINCIPAL_CHANGE_GROUP, DATABASE_PRINCIPAL_IMPERSONATION_GROUP, DATABASE_ROLE_MEMBER_CHANGE_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP, SCHEMA_OBJECT_ACCESS_GROUP, SCHEMA_OBJECT_CHANGE_GROUP, SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP, SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP, SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, USER_CHANGE_PASSWORD_GROUP
+Accepted values: BATCH_STARTED_GROUP, BATCH_COMPLETED_GROUP, APPLICATION_ROLE_CHANGE_PASSWORD_GROUP, BACKUP_RESTORE_GROUP, DATABASE_LOGOUT_GROUP, DATABASE_OBJECT_CHANGE_GROUP, DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP, DATABASE_OBJECT_PERMISSION_CHANGE_GROUP, DATABASE_OPERATION_GROUP, DATABASE_PERMISSION_CHANGE_GROUP, DATABASE_PRINCIPAL_CHANGE_GROUP, DATABASE_PRINCIPAL_IMPERSONATION_GROUP, DATABASE_ROLE_MEMBER_CHANGE_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP, SCHEMA_OBJECT_ACCESS_GROUP, SCHEMA_OBJECT_CHANGE_GROUP, SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP, SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP, SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, USER_CHANGE_PASSWORD_GROUP
 
 Required: False
 Position: Named

diff --git a/src/ResourceManager/Sql/Commands.Sql/help/Set-AzureRmSqlServerAuditingPolicy.md b/src/ResourceManager/Sql/Commands.Sql/help/Set-AzureRmSqlServerAuditingPolicy.md
@@ -70,7 +70,7 @@ This parameter is only applicable to Blob auditing.
 Type: AuditActionGroups[]
 Parameter Sets: (All)
 Aliases: 
-Accepted values: BATCH_STARTED_GROUP, BATCH_COMPLETED_GROUP, APPLICATION_ROLE_CHANGE_PASSWORD_GROUP, AUDIT_CHANGE_GROUP, BACKUP_RESTORE_GROUP, DATABASE_LOGOUT_GROUP, DATABASE_OBJECT_CHANGE_GROUP, DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP, DATABASE_OBJECT_PERMISSION_CHANGE_GROUP, DATABASE_OPERATION_GROUP, DATABASE_PERMISSION_CHANGE_GROUP, DATABASE_PRINCIPAL_CHANGE_GROUP, DATABASE_PRINCIPAL_IMPERSONATION_GROUP, DATABASE_ROLE_MEMBER_CHANGE_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP, SCHEMA_OBJECT_ACCESS_GROUP, SCHEMA_OBJECT_CHANGE_GROUP, SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP, SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP, SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, USER_CHANGE_PASSWORD_GROUP
+Accepted values: BATCH_STARTED_GROUP, BATCH_COMPLETED_GROUP, APPLICATION_ROLE_CHANGE_PASSWORD_GROUP, BACKUP_RESTORE_GROUP, DATABASE_LOGOUT_GROUP, DATABASE_OBJECT_CHANGE_GROUP, DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP, DATABASE_OBJECT_PERMISSION_CHANGE_GROUP, DATABASE_OPERATION_GROUP, DATABASE_PERMISSION_CHANGE_GROUP, DATABASE_PRINCIPAL_CHANGE_GROUP, DATABASE_PRINCIPAL_IMPERSONATION_GROUP, DATABASE_ROLE_MEMBER_CHANGE_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP, SCHEMA_OBJECT_ACCESS_GROUP, SCHEMA_OBJECT_CHANGE_GROUP, SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP, SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP, SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, USER_CHANGE_PASSWORD_GROUP
 
 Required: False
 Position: Named