Skip to content

Commit 27b4107

Browse files
baselmicrosoftbaselmicrosoft
committed
Add tests
1 parent 1bb4b05 commit 27b4107

File tree

7 files changed

+8229
-10
lines changed

7 files changed

+8229
-10
lines changed

src/Sql/Sql.Test/ScenarioTests/AuditTests.cs

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -223,5 +223,19 @@ public void TestRemoveAuditOnDatabase()
223223
{
224224
RunPowerShellTest("Test-RemoveAuditOnDatabase");
225225
}
226+
227+
[Fact]
228+
[Trait(Category.AcceptanceType, Category.CheckIn)]
229+
public void TestRemoveDatabaseAuditingSettingsMultipleDiagnosticSettings()
230+
{
231+
RunPowerShellTest("Test-RemoveDatabaseAuditingSettingsMultipleDiagnosticSettings");
232+
}
233+
234+
[Fact]
235+
[Trait(Category.AcceptanceType, Category.CheckIn)]
236+
public void TestRemoveServerAuditingSettingsMultipleDiagnosticSettings()
237+
{
238+
RunPowerShellTest("Test-RemoveServerAuditingSettingsMultipleDiagnosticSettings");
239+
}
226240
}
227241
}

src/Sql/Sql.Test/ScenarioTests/AuditTests.ps1

Lines changed: 195 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1978,4 +1978,199 @@ function Test-NewServerAuditDiagnosticsAreCreatedOnNeed
19781978
# Cleanup
19791979
Remove-BlobAuditingTestEnvironment $testSuffix
19801980
}
1981+
}
1982+
1983+
<#
1984+
.SYNOPSIS
1985+
Tests that auditing settings are removed when multiple diagnostic settings which enable audit category exist
1986+
#>
1987+
function Test-RemoveDatabaseAuditingSettingsMultipleDiagnosticSettings
1988+
{
1989+
# Setup
1990+
$testSuffix = getAssetName
1991+
Create-BlobAuditingTestEnvironment $testSuffix
1992+
$params = Get-SqlBlobAuditingTestEnvironmentParameters $testSuffix
1993+
$subscriptionId = (Get-AzContext).Subscription.Id
1994+
$workspaceResourceId = "/subscriptions/" + $subscriptionId + "/resourcegroups/" + $params.rgname + "/providers/microsoft.operationalinsights/workspaces/" + $params.workspaceName
1995+
$eventHubAuthorizationRuleResourceId = "/subscriptions/" + $subscriptionId + "/resourcegroups/" + $params.rgname + "/providers/microsoft.EventHub/namespaces/" + $params.eventHubNamespace + "/authorizationrules/RootManageSharedAccessKey"
1996+
$resourceId = "/subscriptions/" + $subscriptionId + "/resourceGroups/" + $params.rgname + "/providers/Microsoft.Sql/servers/" + $params.serverName + "/databases/" + $params.databaseName
1997+
1998+
try
1999+
{
2000+
# Verify event hub auditing policy is disabled.
2001+
$policy = Get-AzSqlDatabaseAudit -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName
2002+
Assert-AreEqual "Disabled" $policy.EventHubTargetState
2003+
Assert-AreEqual 0 $policy.AuditActionGroup.Length
2004+
Assert-AreEqual 0 $policy.AuditAction.Length
2005+
Assert-Null $policy.PredicateExpression
2006+
Assert-Null $policy.EventHubAuthorizationRuleResourceId
2007+
Assert-Null $policy.EventHubNamespace
2008+
2009+
# Verify log analytics auditing policy is Disabled.
2010+
Assert-AreEqual "Disabled" $policy.LogAnalyticsTargetState
2011+
Assert-Null $policy.WorkspaceResourceId
2012+
2013+
# Enable event hub auditing policy and verify it.
2014+
Set-AzSqlDatabaseAudit -EventHubTargetState Enabled -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName -EventHubAuthorizationRuleResourceId $eventHubAuthorizationRuleResourceId
2015+
$policy = Get-AzSqlDatabaseAudit -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName
2016+
Assert-AreEqual "Enabled" $policy.EventHubTargetState
2017+
Assert-AreEqual 3 $policy.AuditActionGroup.Length
2018+
Assert-AreEqual 0 $policy.AuditAction.Length
2019+
Assert-AreEqual "" $policy.PredicateExpression
2020+
Assert-AreEqual $eventHubAuthorizationRuleResourceId $policy.EventHubAuthorizationRuleResourceId
2021+
Assert-Null $policy.EventHubNamespace
2022+
2023+
# Verify log analytics auditing policy is Disabled.
2024+
Assert-AreEqual "Disabled" $policy.LogAnalyticsTargetState
2025+
Assert-Null $policy.WorkspaceResourceId
2026+
2027+
# Verify only one diagnostic settings exists.
2028+
$diagnostics = Get-AzDiagnosticSetting -ResourceId $resourceId
2029+
Assert-AreEqual 1 ($diagnostics).count
2030+
2031+
# Enable a new category in existing Diagnostic Settings.
2032+
$settingsName = ($diagnostics)[0].Name
2033+
Set-AzDiagnosticSetting -ResourceId $resourceId -Enabled $True -Name $settingsName -Category SQLInsights
2034+
2035+
# Create new Diagnostic Settings and enable auditing category
2036+
Set-AzDiagnosticSetting -ResourceId $resourceId -Enabled $True -Category SQLSecurityAuditEvents -WorkspaceId $workspaceResourceId
2037+
2038+
# Verify Diagnostic Settings count.
2039+
Assert-AreEqual 2 (Get-AzDiagnosticSetting -ResourceId $resourceId).count
2040+
2041+
# Remove auditing settings.
2042+
Remove-AzSqlDatabaseAudit -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName
2043+
2044+
# Verify event hub auditing policy is disabled.
2045+
$policy = Get-AzSqlDatabaseAudit -ResourceGroupName $params.rgname -ServerName $params.serverName -DatabaseName $params.databaseName
2046+
Assert-AreEqual "Disabled" $policy.EventHubTargetState
2047+
Assert-AreEqual 3 $policy.AuditActionGroup.Length
2048+
Assert-AreEqual 0 $policy.AuditAction.Length
2049+
Assert-AreEqual "" $policy.PredicateExpression
2050+
Assert-Null $policy.EventHubAuthorizationRuleResourceId
2051+
Assert-Null $policy.EventHubNamespace
2052+
2053+
# Verify log analytics auditing policy is Disabled.
2054+
Assert-AreEqual "Disabled" $policy.LogAnalyticsTargetState
2055+
Assert-Null $policy.WorkspaceResourceId
2056+
2057+
# Verify only one Diagnostic Settings was removed.
2058+
$diagnostics = Get-AzDiagnosticSetting -ResourceId $resourceId
2059+
Assert-AreEqual 1 ($diagnostics).count
2060+
2061+
# Verify audit category is disabled in remaining Diagnostic Settings.
2062+
$foundAuditCategory = $False
2063+
Foreach ($log in $diagnostics[0].Logs)
2064+
{
2065+
if ($log.Category -eq "SQLSecurityAuditEvents")
2066+
{
2067+
$foundAuditCategory = $True
2068+
Assert-AreEqual $False $log.Enabled
2069+
break
2070+
}
2071+
}
2072+
2073+
Assert-AreEqual $True $foundAuditCategory
2074+
}
2075+
finally
2076+
{
2077+
# Cleanup
2078+
Remove-BlobAuditingTestEnvironment $testSuffix
2079+
}
2080+
}
2081+
2082+
<#
2083+
.SYNOPSIS
2084+
Tests that auditing settings are removed when multiple diagnostic settings which enable audit category exist
2085+
#>
2086+
function Test-RemoveServerAuditingSettingsMultipleDiagnosticSettings
2087+
{
2088+
# Setup
2089+
$testSuffix = getAssetName
2090+
Create-BlobAuditingTestEnvironment $testSuffix
2091+
$params = Get-SqlBlobAuditingTestEnvironmentParameters $testSuffix
2092+
$subscriptionId = (Get-AzContext).Subscription.Id
2093+
$workspaceResourceId = "/subscriptions/" + $subscriptionId + "/resourcegroups/" + $params.rgname + "/providers/microsoft.operationalinsights/workspaces/" + $params.workspaceName
2094+
$eventHubAuthorizationRuleResourceId = "/subscriptions/" + $subscriptionId + "/resourcegroups/" + $params.rgname + "/providers/microsoft.EventHub/namespaces/" + $params.eventHubNamespace + "/authorizationrules/RootManageSharedAccessKey"
2095+
$resourceId = "/subscriptions/" + $subscriptionId + "/resourceGroups/" + $params.rgname + "/providers/Microsoft.Sql/servers/" + $params.serverName + "/databases/master"
2096+
2097+
try
2098+
{
2099+
# Verify event hub auditing policy is disabled.
2100+
$policy = Get-AzSqlServerAudit -ResourceGroupName $params.rgname -ServerName $params.serverName
2101+
Assert-AreEqual "Disabled" $policy.EventHubTargetState
2102+
Assert-AreEqual 0 $policy.AuditActionGroup.Length
2103+
Assert-AreEqual "" $policy.PredicateExpression
2104+
Assert-Null $policy.EventHubAuthorizationRuleResourceId
2105+
Assert-Null $policy.EventHubNamespace
2106+
2107+
# Verify log analytics auditing policy is Disabled.
2108+
Assert-AreEqual "Disabled" $policy.LogAnalyticsTargetState
2109+
Assert-Null $policy.WorkspaceResourceId
2110+
2111+
# Enable event hub auditing policy and verify it.
2112+
Set-AzSqlServerAudit -EventHubTargetState Enabled -ResourceGroupName $params.rgname -ServerName $params.serverName -EventHubAuthorizationRuleResourceId $eventHubAuthorizationRuleResourceId -BlobStorageTargetState Enabled -StorageAccountResourceId $params.storageAccountResourceId
2113+
$policy = Get-AzSqlServerAudit -ResourceGroupName $params.rgname -ServerName $params.serverName
2114+
Assert-AreEqual "Enabled" $policy.EventHubTargetState
2115+
Assert-AreEqual 3 $policy.AuditActionGroup.Length
2116+
Assert-AreEqual "" $policy.PredicateExpression
2117+
Assert-AreEqual $eventHubAuthorizationRuleResourceId $policy.EventHubAuthorizationRuleResourceId
2118+
Assert-Null $policy.EventHubNamespace
2119+
2120+
# Verify log analytics auditing policy is Disabled.
2121+
Assert-AreEqual "Disabled" $policy.LogAnalyticsTargetState
2122+
Assert-Null $policy.WorkspaceResourceId
2123+
2124+
# Verify only one diagnostic settings exists.
2125+
$diagnostics = Get-AzDiagnosticSetting -ResourceId $resourceId
2126+
Assert-AreEqual 1 ($diagnostics).count
2127+
2128+
# Enable a new category in existing Diagnostic Settings.
2129+
$settingsName = ($diagnostics)[0].Name
2130+
Set-AzDiagnosticSetting -ResourceId $resourceId -Enabled $True -Name $settingsName -Category SQLInsights
2131+
2132+
# Create new Diagnostic Settings and enable auditing category
2133+
Set-AzDiagnosticSetting -ResourceId $resourceId -Enabled $True -Category SQLSecurityAuditEvents -WorkspaceId $workspaceResourceId
2134+
2135+
# Verify Diagnostic Settings count.
2136+
Assert-AreEqual 2 (Get-AzDiagnosticSetting -ResourceId $resourceId).count
2137+
2138+
# Remove auditing settings.
2139+
Remove-AzSqlServerAudit -ResourceGroupName $params.rgname -ServerName $params.serverName
2140+
2141+
# Verify event hub auditing policy is disabled.
2142+
$policy = Get-AzSqlServerAudit -ResourceGroupName $params.rgname -ServerName $params.serverName
2143+
Assert-AreEqual "Disabled" $policy.EventHubTargetState
2144+
Assert-AreEqual 3 $policy.AuditActionGroup.Length
2145+
Assert-AreEqual "" $policy.PredicateExpression
2146+
Assert-Null $policy.EventHubAuthorizationRuleResourceId
2147+
Assert-Null $policy.EventHubNamespace
2148+
2149+
# Verify log analytics auditing policy is Disabled.
2150+
Assert-AreEqual "Disabled" $policy.LogAnalyticsTargetState
2151+
Assert-Null $policy.WorkspaceResourceId
2152+
2153+
# Verify only one Diagnostic Settings was removed.
2154+
$diagnostics = Get-AzDiagnosticSetting -ResourceId $resourceId
2155+
Assert-AreEqual 1 ($diagnostics).count
2156+
2157+
# Verify audit category is disabled in remaining Diagnostic Settings.
2158+
$foundAuditCategory = $False
2159+
Foreach ($log in $diagnostics[0].Logs)
2160+
{
2161+
if ($log.Category -eq "SQLSecurityAuditEvents")
2162+
{
2163+
$foundAuditCategory = $True
2164+
Assert-AreEqual $False $log.Enabled
2165+
break
2166+
}
2167+
}
2168+
2169+
Assert-AreEqual $True $foundAuditCategory
2170+
}
2171+
finally
2172+
{
2173+
# Cleanup
2174+
Remove-BlobAuditingTestEnvironment $testSuffix
2175+
}
19812176
}

0 commit comments

Comments
 (0)