Adding AlertsSuppressionRule cmdlets to Az.Security (#17763)

* Adding AlertsSuppressionRule cmdlets to Az.Microsoft * Adding parameters to "Set" so users can use the PS directly without creating an object * Adding new helper function `New-AzAlertsSuppressionRuleScope` * New-AzAlertsSuppressionRuleScope was using `Contains` and `In` parameters which creates a conflict with PowerShell operators * Revert manual version change * NewAlertsSuppressionRuleScope SupportsShouldProcess = false as it creates a local variable. * Adding signature exception for New-AzAlertsSuppressionRuleScope Co-authored-by: Nitsan Bracha <nibracha@microsoft.com>
Azure · Apr 26, 2022 · e2d5ebc · e2d5ebc
1 parent 374a4a2
commit e2d5ebc
Show file tree

Hide file tree

Showing 25 changed files with 1,831 additions and 1 deletion.
diff --git a/src/Accounts/Accounts/AzureRmAlias/Mappings.json b/src/Accounts/Accounts/AzureRmAlias/Mappings.json
@@ -2068,6 +2068,10 @@
     "Remove-AzSearchQueryKey": "Remove-AzureRmSearchQueryKey"
   },
   "Az.Security": {
+    "New-AzAlertsSuppressionRuleScope": "New-AzureRmAlertsSuppressionRuleScope",
+    "Get-AzAlertsSuppressionRule": "Get-AzureRmAlertsSuppressionRule",
+    "Set-AzAlertsSuppressionRule": "Set-AzureRmAlertsSuppressionRule",
+    "Remove-AzAlertsSuppressionRule": "Remove-AzureRmAlertsSuppressionRule",
     "Get-AzSecurityAlert": "Get-AzureRmSecurityAlert",
     "Set-AzSecurityAlert": "Set-AzureRmSecurityAlert",
     "Get-AzSecurityAutoProvisioningSetting": "Get-AzureRmSecurityAutoProvisioningSetting",

diff --git a/src/Security/Security.Test/ScenarioTests/AlertsSuppressionRuleTests.cs b/src/Security/Security.Test/ScenarioTests/AlertsSuppressionRuleTests.cs
@@ -0,0 +1,47 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using Microsoft.Azure.Commands.ScenarioTest;
+using Microsoft.Azure.ServiceManagement.Common.Models;
+using Microsoft.WindowsAzure.Commands.ScenarioTest;
+using Xunit;
+
+namespace Microsoft.Azure.Commands.Security.Test.ScenarioTests
+{
+    public class AlertsSuppressionRuleTests
+    {
+        private readonly XunitTracingInterceptor _logger;
+
+        public AlertsSuppressionRuleTests(Xunit.Abstractions.ITestOutputHelper output)
+        {
+            _logger = new XunitTracingInterceptor(output);
+            XunitTracingInterceptor.AddToContext(_logger);
+            TestExecutionHelpers.SetUpSessionAndProfile();
+        }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void GetSubscriptionScope()
+        {
+            TestController.NewInstance.RunPowerShellTest(_logger, "Get-AzAlertsSuppressionRule-SubscriptionScope");
+        }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void CreateAndDeleteAlertsSuppressionRule()
+        {
+            TestController.NewInstance.RunPowerShellTest(_logger, "CreateAndDelete-AzAlertsSuppressionRule");
+        }
+    }
+}
diff --git a/src/Security/Security.Test/ScenarioTests/AlertsSuppressionRuleTests.ps1 b/src/Security/Security.Test/ScenarioTests/AlertsSuppressionRuleTests.ps1
@@ -0,0 +1,76 @@
+# ----------------------------------------------------------------------------------
+#
+# Copyright Microsoft Corporation
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ----------------------------------------------------------------------------------
+
+<#
+.SYNOPSIS
+Get alerts suppression rules on a subscription scope
+#>
+function Get-AzAlertsSuppressionRule-SubscriptionScope
+{
+    $alertsSuppressionRule = Get-AzAlertsSuppressionRule
+	Validate-AlertsSuppressionRule $alertsSuppressionRule
+}
+
+<#
+.SYNOPSIS
+Get security contacts on a subscription
+#>
+function CreateAndDelete-AzAlertsSuppressionRule
+{
+	$ruleName = "Powershell-UT-RuleName"
+
+
+	$rule = Get-AzAlertsSuppressionRule | where { $_.Name -eq $ruleName }
+	Assert-True { $rule.Count -eq 0 }
+
+	$newRequest = New-Object Microsoft.Azure.Commands.Security.Models.AlertsSuppressionRules.PSAlertsSuppressionRule -Property @{ 
+		Name = $ruleName
+		AlertType = "PS-UT-AlertType"
+		Reason = "Other"
+		Comment = "PS-UT-Comment"
+	}
+
+	Set-AzAlertsSuppressionRule -InputObject $newRequest
+	$rule = Get-AzAlertsSuppressionRule | where { $_.Name -eq $ruleName }
+	Assert-True { $rule.Count -eq 1 }
+
+	Remove-AzAlertsSuppressionRule -Name $ruleName
+}
+
+<#
+.SYNOPSIS
+Validates a list of alert suppression rules
+#>
+function Validate-AlertsSuppressionRule
+{
+	param($alertsSuppressionRule)
+
+    Assert-True { $alertsSuppressionRule.Count -gt 0 }
+
+	Foreach($alertsSuppressionRule in $alertsSuppressionRule)
+	{
+		Validate-AllowedConnection $alertsSuppressionRule
+	}
+}
+
+<#
+.SYNOPSIS
+Validates a single alert suppression rule
+#>
+function Validate-AlertsSuppressionRule
+{
+	param($alertsSuppressionRule)
+
+	Assert-NotNull $alertsSuppressionRule
+}
diff --git a/...y.Test.ScenarioTests.AlertsSuppressionRuleTests/CreateAndDeleteAlertsSuppressionRule.json b/...y.Test.ScenarioTests.AlertsSuppressionRuleTests/CreateAndDeleteAlertsSuppressionRule.json
@@ -0,0 +1,203 @@
+{
+  "Entries": [
+    {
+      "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/alertsSuppressionRules?api-version=2019-01-01-preview",
+      "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvYWxlcnRzU3VwcHJlc3Npb25SdWxlcz9hcGktdmVyc2lvbj0yMDE5LTAxLTAxLXByZXZpZXc=",
+      "RequestMethod": "GET",
+      "RequestBody": "",
+      "RequestHeaders": {
+        "x-ms-client-request-id": [
+          "1e6dc64b-bec0-4f56-9023-be0cb94734fd"
+        ],
+        "Accept-Language": [
+          "en-US"
+        ],
+        "User-Agent": [
+          "FxVersion/4.700.22.11601",
+          "OSName/Windows",
+          "OSVersion/Microsoft.Windows.10.0.22000",
+          "Microsoft.Azure.Management.Security.SecurityCenterClient/3.0.0.0"
+        ]
+      },
+      "ResponseHeaders": {
+        "Cache-Control": [
+          "no-cache"
+        ],
+        "Pragma": [
+          "no-cache"
+        ],
+        "x-ms-ratelimit-remaining-subscription-resource-requests": [
+          "749"
+        ],
+        "Strict-Transport-Security": [
+          "max-age=31536000; includeSubDomains"
+        ],
+        "Server": [
+          "Kestrel"
+        ],
+        "x-ms-request-id": [
+          "06e7418d-b854-454e-b21e-e13c80bf294f"
+        ],
+        "x-ms-correlation-request-id": [
+          "06e7418d-b854-454e-b21e-e13c80bf294f"
+        ],
+        "x-ms-routing-request-id": [
+          "SWITZERLANDNORTH:20220407T091537Z:06e7418d-b854-454e-b21e-e13c80bf294f"
+        ],
+        "X-Content-Type-Options": [
+          "nosniff"
+        ],
+        "Date": [
+          "Thu, 07 Apr 2022 09:15:37 GMT"
+        ],
+        "Content-Length": [
+          "1285"
+        ],
+        "Content-Type": [
+          "application/json; charset=utf-8"
+        ],
+        "Expires": [
+          "-1"
+        ]
+      },
+      "ResponseBody": "{\r\n  \"value\": [\r\n    {\r\n      \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/alertsSuppressionRules/SDK_Test1\",\r\n      \"name\": \"SDK_Test1\",\r\n      \"type\": \"Microsoft.Security/alertsSuppressionRules\",\r\n      \"properties\": {\r\n        \"alertType\": \"Storage.Blob_ApplicationAnomaly\",\r\n        \"lastModifiedUTC\": \"2021-12-05T16:41:05.6018728Z\",\r\n        \"expirationDateUTC\": \"2032-10-18T16:32:12Z\",\r\n        \"state\": \"Enabled\",\r\n        \"reason\": \"Other\",\r\n        \"comment\": \"Test Rule \",\r\n        \"suppressionAlertsScope\": {\r\n          \"allOf\": []\r\n        }\r\n      }\r\n    },\r\n    {\r\n      \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/alertsSuppressionRules/2a71184ea21e42a1947330e47d442b80\",\r\n      \"name\": \"2a71184ea21e42a1947330e47d442b80\",\r\n      \"type\": \"Microsoft.Security/alertsSuppressionRules\",\r\n      \"properties\": {\r\n        \"alertType\": \"SKDAlertType\",\r\n        \"lastModifiedUTC\": \"2021-12-05T16:42:57.9624898Z\",\r\n        \"expirationDateUTC\": \"2022-06-05T16:42:57.9624898Z\",\r\n        \"state\": \"Enabled\",\r\n        \"reason\": \"Other\"\r\n      }\r\n    },\r\n    {\r\n      \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/alertsSuppressionRules/85a979d9847c45bba607dc250fddaec0\",\r\n      \"name\": \"85a979d9847c45bba607dc250fddaec0\",\r\n      \"type\": \"Microsoft.Security/alertsSuppressionRules\",\r\n      \"properties\": {\r\n        \"alertType\": \"SKDAlertType\",\r\n        \"lastModifiedUTC\": \"2021-12-07T11:24:25.2968931Z\",\r\n        \"expirationDateUTC\": \"2022-06-07T11:24:25.2968931Z\",\r\n        \"state\": \"Enabled\",\r\n        \"reason\": \"Other\"\r\n      }\r\n    }\r\n  ]\r\n}",
+      "StatusCode": 200
+    },
+    {
+      "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/alertsSuppressionRules?api-version=2019-01-01-preview",
+      "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvYWxlcnRzU3VwcHJlc3Npb25SdWxlcz9hcGktdmVyc2lvbj0yMDE5LTAxLTAxLXByZXZpZXc=",
+      "RequestMethod": "GET",
+      "RequestBody": "",
+      "RequestHeaders": {
+        "x-ms-client-request-id": [
+          "f29b780c-15f2-4266-9b1d-44a8a92d1a1e"
+        ],
+        "Accept-Language": [
+          "en-US"
+        ],
+        "User-Agent": [
+          "FxVersion/4.700.22.11601",
+          "OSName/Windows",
+          "OSVersion/Microsoft.Windows.10.0.22000",
+          "Microsoft.Azure.Management.Security.SecurityCenterClient/3.0.0.0"
+        ]
+      },
+      "ResponseHeaders": {
+        "Cache-Control": [
+          "no-cache"
+        ],
+        "Pragma": [
+          "no-cache"
+        ],
+        "x-ms-ratelimit-remaining-subscription-resource-requests": [
+          "748"
+        ],
+        "Strict-Transport-Security": [
+          "max-age=31536000; includeSubDomains"
+        ],
+        "Server": [
+          "Kestrel"
+        ],
+        "x-ms-request-id": [
+          "76274c91-5816-419e-9b42-47d479006b39"
+        ],
+        "x-ms-correlation-request-id": [
+          "76274c91-5816-419e-9b42-47d479006b39"
+        ],
+        "x-ms-routing-request-id": [
+          "SWITZERLANDNORTH:20220407T091538Z:76274c91-5816-419e-9b42-47d479006b39"
+        ],
+        "X-Content-Type-Options": [
+          "nosniff"
+        ],
+        "Date": [
+          "Thu, 07 Apr 2022 09:15:38 GMT"
+        ],
+        "Content-Length": [
+          "1710"
+        ],
+        "Content-Type": [
+          "application/json; charset=utf-8"
+        ],
+        "Expires": [
+          "-1"
+        ]
+      },
+      "ResponseBody": "{\r\n  \"value\": [\r\n    {\r\n      \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/alertsSuppressionRules/SDK_Test1\",\r\n      \"name\": \"SDK_Test1\",\r\n      \"type\": \"Microsoft.Security/alertsSuppressionRules\",\r\n      \"properties\": {\r\n        \"alertType\": \"Storage.Blob_ApplicationAnomaly\",\r\n        \"lastModifiedUTC\": \"2021-12-05T16:41:05.6018728Z\",\r\n        \"expirationDateUTC\": \"2032-10-18T16:32:12Z\",\r\n        \"state\": \"Enabled\",\r\n        \"reason\": \"Other\",\r\n        \"comment\": \"Test Rule \",\r\n        \"suppressionAlertsScope\": {\r\n          \"allOf\": []\r\n        }\r\n      }\r\n    },\r\n    {\r\n      \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/alertsSuppressionRules/2a71184ea21e42a1947330e47d442b80\",\r\n      \"name\": \"2a71184ea21e42a1947330e47d442b80\",\r\n      \"type\": \"Microsoft.Security/alertsSuppressionRules\",\r\n      \"properties\": {\r\n        \"alertType\": \"SKDAlertType\",\r\n        \"lastModifiedUTC\": \"2021-12-05T16:42:57.9624898Z\",\r\n        \"expirationDateUTC\": \"2022-06-05T16:42:57.9624898Z\",\r\n        \"state\": \"Enabled\",\r\n        \"reason\": \"Other\"\r\n      }\r\n    },\r\n    {\r\n      \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/alertsSuppressionRules/85a979d9847c45bba607dc250fddaec0\",\r\n      \"name\": \"85a979d9847c45bba607dc250fddaec0\",\r\n      \"type\": \"Microsoft.Security/alertsSuppressionRules\",\r\n      \"properties\": {\r\n        \"alertType\": \"SKDAlertType\",\r\n        \"lastModifiedUTC\": \"2021-12-07T11:24:25.2968931Z\",\r\n        \"expirationDateUTC\": \"2022-06-07T11:24:25.2968931Z\",\r\n        \"state\": \"Enabled\",\r\n        \"reason\": \"Other\"\r\n      }\r\n    },\r\n    {\r\n      \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/alertsSuppressionRules/Powershell-UT-RuleName\",\r\n      \"name\": \"Powershell-UT-RuleName\",\r\n      \"type\": \"Microsoft.Security/alertsSuppressionRules\",\r\n      \"properties\": {\r\n        \"alertType\": \"PS-UT-AlertType\",\r\n        \"lastModifiedUTC\": \"2022-04-07T09:15:38.1181944Z\",\r\n        \"expirationDateUTC\": \"2022-10-07T09:15:38.1181944Z\",\r\n        \"state\": \"Enabled\",\r\n        \"reason\": \"Other\",\r\n        \"comment\": \"PS-UT-Comment\"\r\n      }\r\n    }\r\n  ]\r\n}",
+      "StatusCode": 200
+    },
+    {
+      "RequestUri": "/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/alertsSuppressionRules/Powershell-UT-RuleName?api-version=2019-01-01-preview",
+      "EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvNDg3YmI0ODUtYjViMC00NzFlLTljMGQtMTA3MTc2MTJmODY5L3Byb3ZpZGVycy9NaWNyb3NvZnQuU2VjdXJpdHkvYWxlcnRzU3VwcHJlc3Npb25SdWxlcy9Qb3dlcnNoZWxsLVVULVJ1bGVOYW1lP2FwaS12ZXJzaW9uPTIwMTktMDEtMDEtcHJldmlldw==",
+      "RequestMethod": "PUT",
+      "RequestBody": "{\r\n  \"properties\": {\r\n    \"alertType\": \"PS-UT-AlertType\",\r\n    \"reason\": \"Other\",\r\n    \"state\": \"Enabled\",\r\n    \"comment\": \"PS-UT-Comment\"\r\n  }\r\n}",
+      "RequestHeaders": {
+        "x-ms-client-request-id": [
+          "d14a39e2-dc39-4d62-a707-f7ec7c66e1c8"
+        ],
+        "Accept-Language": [
+          "en-US"
+        ],
+        "User-Agent": [
+          "FxVersion/4.700.22.11601",
+          "OSName/Windows",
+          "OSVersion/Microsoft.Windows.10.0.22000",
+          "Microsoft.Azure.Management.Security.SecurityCenterClient/3.0.0.0"
+        ],
+        "Content-Type": [
+          "application/json; charset=utf-8"
+        ],
+        "Content-Length": [
+          "146"
+        ]
+      },
+      "ResponseHeaders": {
+        "Cache-Control": [
+          "no-cache"
+        ],
+        "Pragma": [
+          "no-cache"
+        ],
+        "x-ms-ratelimit-remaining-subscription-writes": [
+          "1199"
+        ],
+        "Strict-Transport-Security": [
+          "max-age=31536000; includeSubDomains"
+        ],
+        "Server": [
+          "Kestrel"
+        ],
+        "x-ms-request-id": [
+          "5f57a7a6-09f4-491a-89e4-a768aaa9f343"
+        ],
+        "x-ms-correlation-request-id": [
+          "5f57a7a6-09f4-491a-89e4-a768aaa9f343"
+        ],
+        "x-ms-routing-request-id": [
+          "SWITZERLANDNORTH:20220407T091538Z:5f57a7a6-09f4-491a-89e4-a768aaa9f343"
+        ],
+        "X-Content-Type-Options": [
+          "nosniff"
+        ],
+        "Date": [
+          "Thu, 07 Apr 2022 09:15:37 GMT"
+        ],
+        "Content-Length": [
+          "424"
+        ],
+        "Content-Type": [
+          "application/json; charset=utf-8"
+        ],
+        "Expires": [
+          "-1"
+        ]
+      },
+      "ResponseBody": "{\r\n  \"id\": \"/subscriptions/487bb485-b5b0-471e-9c0d-10717612f869/providers/Microsoft.Security/alertsSuppressionRules/Powershell-UT-RuleName\",\r\n  \"name\": \"Powershell-UT-RuleName\",\r\n  \"type\": \"Microsoft.Security/alertsSuppressionRules\",\r\n  \"properties\": {\r\n    \"alertType\": \"PS-UT-AlertType\",\r\n    \"lastModifiedUTC\": \"2022-04-07T09:15:38.1181944Z\",\r\n    \"expirationDateUTC\": \"2022-10-07T09:15:38.1181944Z\",\r\n    \"state\": \"Enabled\",\r\n    \"reason\": \"Other\",\r\n    \"comment\": \"PS-UT-Comment\"\r\n  }\r\n}",
+      "StatusCode": 200
+    }
+  ],
+  "Names": {},
+  "Variables": {
+    "SubscriptionId": "487bb485-b5b0-471e-9c0d-10717612f869"
+  }
+}