add cmdlets Get/Start/convert-SynapseVulnerabilityAssessmentScan (#13690

) * SynapseVulnerabilityAssessmentScan * refine name * refine function * fix problem for StartAzureSynapseSqlPoolVulnerabilityAssessmentScan not work * some draft codes * resolve confilct 2 * removce strange sign * format code * refine function * add test * add help doc * code refine * format refine * update Az.Synapse.psd1 * add test json * refinde document * improve help examples * added test json * added test json 2 * improved test * add tests to credscansuppression
Azure · Feb 3, 2021 · 966c440 · 966c440
1 parent 2eddc95
commit 966c440
Show file tree

Hide file tree

Showing 20 changed files with 13,077 additions and 7 deletions.
diff --git a/src/Synapse/Synapse.Test/ScenarioTests/VulnerabilityAssessmentTests.cs b/src/Synapse/Synapse.Test/ScenarioTests/VulnerabilityAssessmentTests.cs
@@ -35,5 +35,23 @@ public void TestVulnerabilityAssessmentBaseline(){
                 _logger,
                 "Test-VulnerabilityAssessmentBaseline");
         }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void TestVulnerabilityAssessmentScanRecordGetListTest()
+        {
+            NewInstance.RunPsTest(
+                _logger,
+                "Test-VulnerabilityAssessmentScanRecordGetListTest");
+        }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void TestVulnerabilityAssessmentScanConvertTest()
+        {
+            NewInstance.RunPsTest(
+                _logger,
+                "Test-VulnerabilityAssessmentScanConvertTest");
+        }
     }
 }
diff --git a/src/Synapse/Synapse.Test/ScenarioTests/VulnerabilityAssessmentTests.ps1 b/src/Synapse/Synapse.Test/ScenarioTests/VulnerabilityAssessmentTests.ps1
@@ -161,11 +161,197 @@ function Test-VulnerabilityAssessmentBaseline
 	}
 }
 
+<#
+.SYNOPSIS
+Tests for vulnerability assessment scan , scan record get and list scenarios 
+#>
+function Test-VulnerabilityAssessmentScanRecordGetListTest
+{
+	# Setup
+	$testSuffix = getAssetName
+	Create-VulnerabilityAssessmentTestEnvironment $testSuffix
+	$params = Get-SqlVulnerabilityAssessmentTestEnvironmentParameters $testSuffix
+
+	try
+	{
+		# Turn on ATP
+		Enable-AzSynapseSqlAdvancedThreatProtection -ResourceGroupName $params.rgname -WorkspaceName $params.workspaceName -DoNotConfigureVulnerabilityAssessment
+
+		Update-AzSynapseSqlPoolVulnerabilityAssessmentSetting -ResourceGroupName $params.rgname -WorkspaceName $params.workspaceName -SqlPoolName $params.sqlPoolName `
+			 -StorageAccountName $params.storageAccountName
+
+		# Trigger scan without scan IDconvert
+		try
+		{
+			Start-AzSynapseSqlPoolVulnerabilityAssessmentScan -ResourceGroupName $params.rgname -WorkspaceName $params.workspaceName -Name $params.sqlPoolName
+		}
+		catch
+		{
+			if ((Get-SynapseTestMode) -eq 'Playback')
+			{
+				# This command generated a scanId of DateTime.UtcNow.ToString("yyyyMMdd_HHmmss")
+				# So the recording will always fail
+			}
+			else
+			{
+				throw;
+			}
+		}
+
+		# Trigger scan  as a Job with scan ID
+		$scanId1 = "cmdletGetListScan"
+		$scanJob = Start-AzSynapseSqlPoolVulnerabilityAssessmentScan -ResourceGroupName $params.rgname -WorkspaceName $params.workspaceName -Name $params.sqlPoolName -ScanId $scanId1 -AsJob
+		$scanJob | Wait-Job
+		$scanRecord1 = $scanJob | Receive-Job
+
+		# Validate the scan record that we got from the scan
+		Assert-AreEqual $params.rgname $scanRecord1.ResourceGroupName
+		Assert-AreEqual $params.workspaceName $scanRecord1.WorkspaceName 
+		Assert-AreEqual $params.sqlPoolName $scanRecord1.SqlPoolName 
+		Assert-AreEqual $scanId1 $scanRecord1.ScanId
+		Assert-AreEqual "OnDemand" $scanRecord1.TriggerType
+
+		# Validate the scan record that we got from the get scan record cmdlet
+		$scanRecord1FromGet = Get-AzSynapseSqlPoolVulnerabilityAssessmentScanRecord -ResourceGroupName $params.rgname -WorkspaceName $params.workspaceName -Name $params.sqlPoolName -ScanId $scanId1
+
+		Assert-AreEqual $scanRecord1FromGet.ResourceGroupName $scanRecord1.ResourceGroupName
+		Assert-AreEqual $scanRecord1FromGet.WorkspaceName $scanRecord1.WorkspaceName
+		Assert-AreEqual $scanRecord1FromGet.SqlPoolName $scanRecord1.SqlPoolName
+		Assert-AreEqual $scanRecord1FromGet.ScanId $scanRecord1.ScanId
+		Assert-AreEqual $scanRecord1FromGet.TriggerType $scanRecord1.TriggerType
+		Assert-AreEqual $scanRecord1FromGet.State $scanRecord1.State
+		Assert-AreEqual $scanRecord1FromGet.StartTime $scanRecord1.StartTime
+		Assert-AreEqual $scanRecord1FromGet.EndTime $scanRecord1.EndTime
+		Assert-AreEqual $scanRecord1FromGet.Errors $scanRecord1.Errors
+		Assert-AreEqual $scanRecord1FromGet.ScanResultsLocationPath $scanRecord1.ScanResultsLocationPath
+		Assert-AreEqual $scanRecord1FromGet.NumberOfFailedSecurityChecks $scanRecord1.NumberOfFailedSecurityChecks
+
+		# Validate the scan record that we got from the get scan record cmdlet with piping
+		$scanRecord1FromGet = Get-AzSynapseSqlPool -ResourceGroupName $params.rgname -WorkspaceName $params.WorkspaceName -Name $params.SqlPoolName | Get-AzSynapseSqlPoolVulnerabilityAssessmentScanRecord `
+		-ScanId $scanId1
+
+		Assert-AreEqual $scanRecord1FromGet.ResourceGroupName $scanRecord1.ResourceGroupName
+		Assert-AreEqual $scanRecord1FromGet.WorkspaceName $scanRecord1.WorkspaceName
+		Assert-AreEqual $scanRecord1FromGet.SqlPoolName $scanRecord1.SqlPoolName
+		Assert-AreEqual $scanRecord1FromGet.ScanId $scanRecord1.ScanId
+		Assert-AreEqual $scanRecord1FromGet.TriggerType $scanRecord1.TriggerType
+		Assert-AreEqual $scanRecord1FromGet.State $scanRecord1.State
+		Assert-AreEqual $scanRecord1FromGet.StartTime $scanRecord1.StartTime
+		Assert-AreEqual $scanRecord1FromGet.EndTime $scanRecord1.EndTime
+		Assert-AreEqual $scanRecord1FromGet.Errors $scanRecord1.Errors
+		Assert-AreEqual $scanRecord1FromGet.ScanResultsLocationPath $scanRecord1.ScanResultsLocationPath
+		Assert-AreEqual $scanRecord1FromGet.NumberOfFailedSecurityChecks $scanRecord1.NumberOfFailedSecurityChecks
+
+		# Verify list scans
+		$excpectedScanCount = 2
+		$scanRecordList = Get-AzSynapseSqlPoolVulnerabilityAssessmentScanRecord -ResourceGroupName $params.rgname -WorkspaceName $params.WorkspaceName -Name $params.SqlPoolName
+		Assert-AreEqual $excpectedScanCount $scanRecordList.Count
+
+		$scanRecord1FromListCmdlet = $scanRecordList[$excpectedScanCount-1]
+		Assert-AreEqual $scanRecord1FromListCmdlet.ResourceGroupName $scanRecord1.ResourceGroupName
+		Assert-AreEqual $scanRecord1FromListCmdlet.WorkspaceName $scanRecord1.WorkspaceName
+		Assert-AreEqual $scanRecord1FromListCmdlet.SqlPoolName $scanRecord1.SqlPoolName
+		Assert-AreEqual $scanRecord1FromListCmdlet.ScanId $scanRecord1.ScanId
+		Assert-AreEqual $scanRecord1FromListCmdlet.TriggerType $scanRecord1.TriggerType
+		Assert-AreEqual $scanRecord1FromListCmdlet.State $scanRecord1.State
+		Assert-AreEqual $scanRecord1FromListCmdlet.StartTime $scanRecord1.StartTime
+		Assert-AreEqual $scanRecord1FromListCmdlet.EndTime $scanRecord1.EndTime
+		Assert-AreEqual $scanRecord1FromListCmdlet.Errors $scanRecord1.Errors
+		Assert-AreEqual $scanRecord1FromListCmdlet.ScanResultsLocationPath $scanRecord1.ScanResultsLocationPath
+		Assert-AreEqual $scanRecord1FromListCmdlet.NumberOfFailedSecurityChecks $scanRecord1.NumberOfFailedSecurityChecks
+
+		# Run scan with piping
+		$excpectedScanCount = $excpectedScanCount + 1
+		Get-AzSynapseSqlPool -ResourceGroupName $params.rgname -WorkspaceName $params.WorkspaceName -Name $params.SqlPoolName `
+		| Start-AzSynapseSqlPoolVulnerabilityAssessmentScan -ScanId $scanId1
+
+		# Verify list scans with piping
+		$scanRecordList = Get-AzSynapseSqlPool -ResourceGroupName $params.rgname -WorkspaceName $params.WorkspaceName -Name $params.SqlPoolName | Get-AzSynapseSqlPoolVulnerabilityAssessmentScanRecord 
+		Assert-AreEqual $excpectedScanCount $scanRecordList.Count
+
+		$scanRecord1FromListCmdlet = $scanRecordList[$excpectedScanCount-1]
+		Assert-AreEqual $scanRecord1FromListCmdlet.ResourceGroupName $scanRecord1.ResourceGroupName
+		Assert-AreEqual $scanRecord1FromListCmdlet.WorkspaceName $scanRecord1.WorkspaceName
+		Assert-AreEqual $scanRecord1FromListCmdlet.SqlPoolName $scanRecord1.SqlPoolName
+		Assert-AreEqual $scanRecord1FromListCmdlet.ScanId $scanRecord1.ScanId
+		Assert-AreEqual $scanRecord1FromListCmdlet.TriggerType $scanRecord1.TriggerType
+		Assert-AreEqual $scanRecord1FromListCmdlet.State $scanRecord1.State
+	}
+	finally
+	{
+		# Cleanup
+		Remove-VulnerabilityAssessmentTestEnvironment $testSuffix
+	}
+}
+
+<#
+.SYNOPSIS
+Tests for vulnerability assessment scan Convert scenarios 
+#>
+function Test-VulnerabilityAssessmentScanConvertTest
+{
+	# Setup
+	$testSuffix = getAssetName
+	Create-VulnerabilityAssessmentTestEnvironment $testSuffix
+	$params = Get-SqlVulnerabilityAssessmentTestEnvironmentParameters $testSuffix
+
+	try
+	{
+		# Turn on ATP
+		Enable-AzSynapseSqlAdvancedThreatProtection -ResourceGroupName $params.rgname -WorkspaceName $params.workspaceName -DoNotConfigureVulnerabilityAssessment
+
+		Update-AzSynapseSqlPoolVulnerabilityAssessmentSetting -ResourceGroupName $params.rgname -WorkspaceName $params.workspaceName -SqlPoolName $params.sqlPoolName `
+			 -StorageAccountName $params.storageAccountName
+
+		# Trigger a new scan
+		$scanId = "cmdletConvertScan"
+		Start-AzSynapseSqlPoolVulnerabilityAssessmentScan -ResourceGroupName $params.rgname -WorkspaceName $params.workspaceName -Name $params.sqlPoolName -ScanId $scanId
+
+		# Convert the scan
+		$convertScanObject = Convert-AzSynapseSqlPoolVulnerabilityAssessmentScan -ResourceGroupName $params.rgname -WorkspaceName $params.workspaceName -Name $params.sqlPoolName `
+		-ScanId $scanId
+
+		Assert-AreEqual $params.rgname $convertScanObject.ResourceGroupName
+		Assert-AreEqual $params.WorkspaceName $convertScanObject.WorkspaceName
+		Assert-AreEqual $params.SqlPoolName $convertScanObject.SqlPoolName
+		Assert-True -script  { $convertScanObject.ExportedReportLocation.Contains($scanId) }
+		Assert-True -script  { $convertScanObject.ExportedReportLocation.Contains($params.storageAccountName) }
+
+		# Convert the scan (piping scenario)
+		$scanId = "cmdletConvertScan1"
+		Start-AzSynapseSqlPoolVulnerabilityAssessmentScan -ResourceGroupName $params.rgname -WorkspaceName $params.workspaceName -Name $params.sqlPoolName -ScanId $scanId
+
+		$convertScanObject =  Get-AzSynapseSqlPoolVulnerabilityAssessmentScanRecord -ResourceGroupName $params.rgname -WorkspaceName $params.workspaceName -Name $params.sqlPoolName `
+		-ScanId $scanId | Convert-AzSynapseSqlPoolVulnerabilityAssessmentScan
+
+		Assert-AreEqual $params.rgname $convertScanObject.ResourceGroupName
+		Assert-AreEqual $params.WorkspaceName $convertScanObject.WorkspaceName
+		Assert-AreEqual $params.SqlPoolName $convertScanObject.SqlPoolName
+		Assert-True -script  { $convertScanObject.ExportedReportLocation.Contains($scanId) }
+		Assert-True -script  { $convertScanObject.ExportedReportLocation.Contains($params.storageAccountName) }
+
+
+		# Clear SqlPool settings and define Workspace settings
+		Clear-AzSynapseSqlPoolVulnerabilityAssessmentSetting -ResourceGroupName $params.rgname -WorkspaceName $params.workspaceName -SqlPoolName $params.sqlPoolName 
+
+		Update-AzSynapseSqlPoolVulnerabilityAssessmentSetting -ResourceGroupName $params.rgname -WorkspaceName $params.workspaceName -SqlPoolName $params.sqlPoolName `
+			 -StorageAccountName $params.storageAccountName
+
+		# Run a scan and see that no exception is thrown
+		Start-AzSynapseSqlPoolVulnerabilityAssessmentScan -ResourceGroupName $params.rgname -WorkspaceName $params.workspaceName -Name $params.sqlPoolName -ScanId $scanId
+	}
+	finally
+	{
+		# Cleanup
+		Remove-VulnerabilityAssessmentTestEnvironment $testSuffix
+	}
+}
+
 <#
 .SYNOPSIS
 Creates the test environment needed to perform the tests
 #>
-function Create-VulnerabilityAssessmentTestEnvironment ($testSuffix, $location = "West Central US")
+function Create-VulnerabilityAssessmentTestEnvironment ($testSuffix, $location = "North Europe")
 {
 	$params = Get-SqlVulnerabilityAssessmentTestEnvironmentParameters $testSuffix
 	Create-TestEnvironmentWithParams $params $location