From 11f68e75f05ca40564ea5ee8f20fe8d8bb8e8ba3 Mon Sep 17 00:00:00 2001 From: ranisha2 Date: Wed, 8 Jan 2020 16:21:14 +0200 Subject: [PATCH 1/2] In case the policy is enabled and there are no audit actions and groups (Was overriden when disabling the policy), set the default value --- src/azure-cli/azure/cli/command_modules/sql/custom.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/azure-cli/azure/cli/command_modules/sql/custom.py b/src/azure-cli/azure/cli/command_modules/sql/custom.py index fd52db7518a..8d8082fcd04 100644 --- a/src/azure-cli/azure/cli/command_modules/sql/custom.py +++ b/src/azure-cli/azure/cli/command_modules/sql/custom.py @@ -1434,6 +1434,14 @@ def db_audit_policy_update( if audit_actions_and_groups: instance.audit_actions_and_groups = audit_actions_and_groups + # If auditing is enabled, make sure that the actions and groups are set to default + # value in case they were removed previously (When disabling auditing) + if enabled and (not instance.audit_actions_and_groups or instance.audit_actions_and_groups == []): + instance.audit_actions_and_groups = [ + "SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP", + "FAILED_DATABASE_AUTHENTICATION_GROUP", + "BATCH_COMPLETED_GROUP"] + if retention_days: instance.retention_days = retention_days From eaf2f2ea4c0fa83acca598679aebe477cc24dda5 Mon Sep 17 00:00:00 2001 From: Zunli Hu Date: Thu, 30 Jan 2020 22:36:58 +0800 Subject: [PATCH 2/2] update history --- src/azure-cli/HISTORY.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/src/azure-cli/HISTORY.rst b/src/azure-cli/HISTORY.rst index 1f810e2fdc5..02d7883b222 100644 --- a/src/azure-cli/HISTORY.rst +++ b/src/azure-cli/HISTORY.rst @@ -84,6 +84,7 @@ Release History * [BREAKING CHANGE] `az sql db create`: Remove "WideWorldImportersStd" and "WideWorldImportersFull" as documented allowed values for "az sql db create --sample-name". These sample databases would always cause creation to fail. * Add New commands `sql db classification show/list/update/delete` and `sql db classification recommendation list/enable/disable` to manage sensitivity classifications for SQL databases. +* `az sql db audit-policy`: Fix for empty audit actions and groups **Storage**