def _create_diagnostic_settings(cli_ctx, acr, workspace):
from azure.mgmt.monitor import MonitorManagementClient
from azure.mgmt.monitor.models import (DiagnosticSettingsResource,
RetentionPolicy, LogSettings,
MetricSettings)
from azure.cli.core.commands.client_factory import get_mgmt_service_client
client = get_mgmt_service_client(cli_ctx, MonitorManagementClient)
def_retention_policy = RetentionPolicy(enabled=True, days=0)
logs = [
LogSettings(enabled=True,
category="ContainerRegistryRepositoryEvents",
retention_policy=def_retention_policy),
LogSettings(enabled=True,
category="ContainerRegistryLoginEvents",
retention_policy=def_retention_policy)
]
metrics = [
MetricSettings(enabled=True,
category="AllMetrics",
retention_policy=def_retention_policy)
]
parameters = DiagnosticSettingsResource(workspace_id=workspace,
metrics=metrics,
logs=logs)
client.diagnostic_settings.create_or_update(
resource_uri=acr.id,
parameters=parameters,
name=DEF_DIAG_SETTINGS_NAME_TEMPLATE.format(acr.name))
def create_diagnostic_setting(self, monitor_client, key_vault_id,
key_vault_name, stg_account_id, log):
"""Creates a diagnostic setting
:param monitor_client: Instance of the Azure StorageManagementClient.
:param key_vault_id: The resource Id of the Key Vault.
:param key_vault_name: Name of the Key Vault.
:param stg_account_id: The Storage Account resource Id.
:param log: Instance of Azure Monitor LogSettings
:type monitor_client: object
:type log: object
:type key_vault_id: str
:type key_vault_name: str
:type stg_account_id: str
:returns: None
:rtype: None
"""
logging.info(" Creating a Diagnostic setting for key vault logs")
logging.info(
" executing monitor_client.diagnostic_settings.create_or_update"
)
logging.info(f" resource_uri={key_vault_id}")
logging.info(f" name={key_vault_name}")
monitor_client.diagnostic_settings.create_or_update(
resource_uri=key_vault_id,
name=key_vault_name,
parameters=DiagnosticSettingsResource(
storage_account_id=stg_account_id,
logs=[log],
),
)
def test_remediate_success_with_stg(self):
client_id = Mock()
tenant_id = Mock()
storage_client = Mock()
keyvault_client = Mock()
monitor_client = Mock()
graph_client = Mock()
credentials = Mock()
log = LogSettings(
category="AuditEvent",
enabled=True,
retention_policy=RetentionPolicy(enabled=True, days=180),
)
action = EnableKeyVaultLogging()
action.check_stg_account = Mock()
action.create_diagnostic_setting = Mock()
"""
StorageAccountListResult = Mock()
storage_accounts_list = []
storage_accounts_list.append(StorageAccountListResult)
action.check_stg_account.return_value = storage_accounts_list
"""
action.check_stg_account.return_value = StorageAccount(
id=
"/subscriptions/d687b1a3-9b78-43b1-a17b-7de297fd1fce/resourceGroups/kshrutika-1/providers/Microsoft.Storage/storageAccounts/chss538f633keyvaultlogs",
name="chss538f633keyvaultlogs",
location="eastus",
)
action.create_diagnostic_setting.return_value = DiagnosticSettingsResource(
storage_account_id=
"/subscriptions/d687b1a3-9b78-43b1-a17b-7de297fd1fce/resourceGroups/kshrutika-1/providers/Microsoft.Storage/storageAccounts/chss538f633keyvaultlogs",
logs=[log],
)
assert (action.remediate(
client_id,
tenant_id,
keyvault_client,
monitor_client,
storage_client,
graph_client,
credentials,
"resource_group",
"key_vault_name",
"region",
"subscription_id",
) == 0)
assert action.create_diagnostic_setting.call_count == 1
def create_diagnostics_settings(client,
name,
resource_uri,
logs=None,
metrics=None,
event_hub=None,
event_hub_rule=None,
storage_account=None,
workspace=None):
from azure.mgmt.monitor.models import DiagnosticSettingsResource
parameters = DiagnosticSettingsResource(
storage_account_id=storage_account,
workspace_id=workspace,
event_hub_name=event_hub,
event_hub_authorization_rule_id=event_hub_rule,
metrics=metrics,
logs=logs)
return client.create_or_update(resource_uri=resource_uri,
parameters=parameters,
name=name)
def create_diagnostics_settings(client, name, resource_uri,
logs=None,
metrics=None,
event_hub=None,
event_hub_rule=None,
storage_account=None,
workspace=None,
export_to_resource_specific=None):
from azure.mgmt.monitor.models import DiagnosticSettingsResource
from knack.util import CLIError
if export_to_resource_specific and workspace is None:
raise CLIError('usage error: --workspace and --export-to-specific-resource')
parameters = DiagnosticSettingsResource(storage_account_id=storage_account,
workspace_id=workspace,
event_hub_name=event_hub,
event_hub_authorization_rule_id=event_hub_rule,
metrics=metrics,
logs=logs,
log_analytics_destination_type='Dedicated' if export_to_resource_specific else None)
return client.create_or_update(resource_uri=resource_uri, parameters=parameters, name=name)
