I am trying to enable auditing on an Azure SQL server resource with a Pulumi stack. However, the setting never turns on with the script that I have. I've looked at various blogs and ARM templates for how it looks, but the blogs always mention you need to enable auditing on the master database in order to have this setting enabled. The setting I am trying to enable through Pulumi is shown below
My pulumi stack is shown here:
var dbServer = new AzureNative.Sql.Server("dbServer", new AzureNative.Sql.ServerArgs
{
ServerName = dbServerName.ToLower(),
ResourceGroupName = resourceGroupName,
AdministratorLogin = username,
AdministratorLoginPassword = password,
Version = "12.0",
MinimalTlsVersion = "1.2",
PublicNetworkAccess = AzureNative.Sql.ServerPublicNetworkAccess.Enabled,
Tags = tags,
});
var serverDiagnosticSetting = new Pulumi.AzureNative.Insights.DiagnosticSetting("serverDiagnosticSetting", new Pulumi.AzureNative.Insights.DiagnosticSettingArgs
{
Logs =
{
new Pulumi.AzureNative.Insights.Inputs.LogSettingsArgs {
Category = "SQLSecurityAuditEvents", Enabled = true, RetentionPolicy = new Pulumi.AzureNative.Insights.Inputs.RetentionPolicyArgs { Days = 0, Enabled = false, },
}
},
Name = "mydiagnosticsettings",
ResourceUri = dbServer.Id,
WorkspaceId = logAnalyticsId,
}, new CustomResourceOptions(){DependsOn = new InputList<Pulumi.Resource>(){dbServer}});
var serverBlobAuditingPolicy = new AzureNative.Sql.ServerBlobAuditingPolicy("serverBlobAuditingPolicy", new AzureNative.Sql.ServerBlobAuditingPolicyArgs
{
AuditActionsAndGroups =
{
"SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP",
"FAILED_DATABASE_AUTHENTICATION_GROUP",
"BATCH_COMPLETED_GROUP",
},
BlobAuditingPolicyName = "sqlAuditingPolicy",
ResourceGroupName = resourceGroupName,
ServerName = dbServer.Name,
State = Pulumi.AzureNative.Sql.BlobAuditingPolicyState.Enabled,
IsAzureMonitorTargetEnabled = true,
StorageAccountSubscriptionId = "00000000-0000-0000-0000-000000000000"
}, new CustomResourceOptions(){DependsOn = new InputList<Pulumi.Resource>(){dbServer}});
Running this stack, however, the setting is never enabled.
You cannot configure a diagnostic setting on the server directly.
You have to use the master database URI
var databaseMaster = dbServer.Id.Apply(id => id+"/databases/master");
var serverDiagnosticSetting = new Pulumi.AzureNative.Insights.DiagnosticSetting("serverDiagnosticSetting", new Pulumi.AzureNative.Insights.DiagnosticSettingArgs
{
Logs =
{
new Pulumi.AzureNative.Insights.Inputs.LogSettingsArgs {
Category = "SQLSecurityAuditEvents", Enabled = true, RetentionPolicy = new Pulumi.AzureNative.Insights.Inputs.RetentionPolicyArgs { Days = 0, Enabled = false, },
}
},
Name = "mydiagnosticsettings",
ResourceUri = databaseMaster,
WorkspaceId = logAnalyticsId,
}, new CustomResourceOptions(){DependsOn = new InputList<Pulumi.Resource>(){dbServer}});
Related
I have some Kinesis Firehose Delivery Stream resources created via Terraform. Due to a known bug (https://github.com/hashicorp/terraform-provider-aws/issues/9827) , when lambda transform params are kept default, Terraform avoids them to be written in state file and Every plan/apply is trying to create them again. Because of this issue, I'm trying to add ignore_lifecycle to them.
This is one of my resources;
resource "aws_kinesis_firehose_delivery_stream" "some_stream" {
name = "some_name"
destination = ""
s3_configuration {
role_arn = "some_name"
bucket_arn = "arn:aws:s3:::somebucket"
prefix = "some/prefix/"
buffer_size = 64
buffer_interval = 60
compression_format = "GZIP"
cloudwatch_logging_options {
enabled = true
log_group_name = aws_cloudwatch_log_group.some_log_group.name
log_stream_name = aws_cloudwatch_log_stream.some_log_stream.name
}
}
elasticsearch_configuration {
domain_arn = "arn:aws:es:some-es-domain"
role_arn = "arn:aws:iam::some-role"
index_name = "some-index"
index_rotation_period = "OneDay"
buffering_interval = 60
buffering_size = 64
retry_duration = 300
s3_backup_mode = "AllDocuments"
cloudwatch_logging_options {
enabled = true
log_group_name = aws_cloudwatch_log_group.some_log_group.name
log_stream_name = aws_cloudwatch_log_stream.some_log_stream.name
}
processing_configuration {
enabled = "true"
processors {
type = "Lambda"
parameters {
parameter_name = "LambdaArn"
parameter_value = "arn:aws:lambda:some-lambda"
}
parameters {
parameter_name = "BufferSizeInMBs"
parameter_value = "3"
}
parameters {
parameter_name = "BufferIntervalInSeconds"
parameter_value = "60"
}
}
}
}
}
In the resource above BufferSizeInMBs and BufferIntervalInSeconds are constantly changing. I'm trying to ignore these two without touching the LambdaArn but since all of them are using the same structure below, I couldn't quite figure it out how to do that, I don't even know it's possible or not.
parameters {
parameter_name = ""
parameter_value = ""
}
I tried this;
lifecycle {
ignore_changes = [elasticsearch_configuration.0.processing_configuration.0.processors]
}
But this doesn't exclude the parameter_name = "LambdaArn"
To go further,
I tried something like;
lifecycle {
ignore_changes=[elasticsearch_configuration.0.processing_configuration.0.processors[1],elasticsearch_configuration.0.processing_configuration.0.processors[2]]
]
}
But it didn't work. It didn't give an error, but didn't ignore the changes either. My Terraform version is 1.1.6 and provider version is ~3.0 (3.75.1 to be exact)
Any help will be highly appreciated,
Thank you very much,
Best Regards.
Trying to add tags after creating resource group as following (according to Pulumi doc: Update tags on a resource)
// Create Resource Group
var resourceGroup = new ResourceGroup("resourceGroup", new ResourceGroupArgs
{
ResourceGroupName = "demo-rg",
Location = "japaneast"
//Tags =
});
// Apply tags
var appliedTags = resourceGroup.Id.Apply(rgResourceId =>
{
return new TagAtScope("demoTagAtScope", new TagAtScopeArgs
{
Scope = rgResourceId, // (scope) ResourceId -> xxx/yyy/zzz/...
Properties = new TagsArgs()
{
Tags = {
["tagKey1"] = "value1",
["tagKey2"] = "value2"
}
}
});
});
But getting the following error:
azure-native:resources:TagAtScope (demoTagAtScope):
error: cannot create already existing resource '/subscriptions/xxx/demo-rg/providers/Microsoft.Resources/tags/default'
According to Microsoft doc: Tags - Create Or Update At Scope, it should work.
I am trying to get activities for cases from different instance with all File Attachments and Notes attached to the activities. I have tried with different ways, but unfortunately none of them has worked. Can anyone please suggest what is the best way to get all file attachments and notes for the Case Activities using Acumatica WebService.
Here is the code which I tried--
SP203010WS.Content content = context.GetSchema();
export = context.Export
(
new SP203010WS.Command[]
{
new SP203010WS.Value
{
LinkedCommand = content.Case.CaseID,
Value = currentCaseNo
},
content.Activities.Type,
content.Activities.Summary,
new SP203010WS.Field { FieldName="Body", ObjectName="Activities"},
content.Activities.StartDate,
content.Activities.CreatedBy,
new SP203010WS.Field { FieldName="NoteID", ObjectName="Activities"},
content.Activities.CreatedAt,
new SP203010WS.Field
{
FieldName = content.Activities.ServiceCommands.Attachment.FieldName,
Value = content.Activities.ServiceCommands.Attachment.Value,
LinkedCommand = content.Activities.ServiceCommands.Attachment
},
new SP203010WS.Attachment
{
FieldName = content.Activities.ServiceCommands.Attachment.FieldName,
Value = content.Activities.ServiceCommands.Attachment.Value
},
new SP203010WS.Value
{
FieldName = content.Activities.ServiceCommands.Attachment.FieldName,
Value = content.Activities.ServiceCommands.Attachment.Value,
LinkedCommand = content.Activities.ServiceCommands.Attachment
},
},
new SP203010WS.Filter[]
{
new SP203010WS.Filter
{
Field = content.Activities.StartDate,
Condition = SP203010WS.FilterCondition.Greater,
Value = maxStartDate
}
},
0, true, true
);
Check out the documentation for I200 (screen-based Web Services) pages 75-76. First, you have to get the list of file names, and then loop through each one to get the actual attachments.
I've also set up other subscriptions and they work.
But when I'm trying to empty the queue of a subscription, the subscription no longer exists.
What I'm trying to do is make a new subscription
if (!namespaceManager.SubscriptionExists(TopicName, SubscriptionName))
{
SubscriptionDescription subscription = new SubscriptionDescription(TopicName, SubscriptionName)
{
DefaultMessageTimeToLive = TimeSpan.FromDays(1),
LockDuration = TimeSpan.FromSeconds(20),
EnableDeadLetteringOnMessageExpiration = true,
EnableDeadLetteringOnFilterEvaluationExceptions = true
};
namespaceManager.CreateSubscription(subscription);
}
The last line (CreateSubscription) throws a MessagingEntityNotFoundException.
Am I missing something?
Problem solved. Had to make a topic first.
if (!namespaceManager.TopicExists(TopicName))
{
var td = new TopicDescription(TopicName);
td.MaxSizeInMegabytes = 5120;
namespaceManager.CreateTopicAsync(td);
}
How to share login session between Acumatica Screen based API and the Contract based API?
Sharing session data between Contract-Based and Screen-Based API is supported in 5.30.1672 build onwards.
In below code snippet, we are logging in via Contract Based API, retrieving session cookie and using it in Screen Based API.
string sharedCookie;
var soapClient = new DefaultSoapClient();
using (new OperationContextScope(soapClient.InnerChannel))
{
soapClient.Login("admin", "123", null, null, null);
var responseMessageProperty = (HttpResponseMessageProperty)
OperationContext.Current.IncomingMessageProperties[HttpResponseMessageProperty.Name];
sharedCookie = responseMessageProperty.Headers.Get("Set-Cookie");
}
try
{
apitest.Screen context = new apitest.Screen();
context.CookieContainer = new System.Net.CookieContainer();
context.Url = "http://localhost/AcumaticaCBWS/Soap/APITEST.asmx";
context.CookieContainer.SetCookies(new Uri(context.Url), sharedCookie);
SO301000Content salesOrdersSchema = context.SO301000GetSchema();
var commands = new Command[]
{
new Value
{
LinkedCommand = salesOrdersSchema.OrderSummary.OrderType,
Value = "SO"
},
salesOrdersSchema.OrderSummary.ServiceCommands.EveryOrderNbr,
salesOrdersSchema.OrderSummary.OrderType,
salesOrdersSchema.OrderSummary.OrderNbr,
salesOrdersSchema.OrderSummary.Description
};
var orders = context.SO301000Export(commands, null, 10, false, false);
}
finally
{
soapClient.Logout();
}
}