Skip to content

Commit 6db9577

Browse files
silverhacksilverhack
committed
add api helpers for Azure database
1 parent 8b6b0c4 commit 6db9577

File tree

58 files changed

+5736
-127
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

58 files changed

+5736
-127
lines changed

core/api/auth/microsoft365/Connect-MonkeyM365.ps1

Lines changed: 93 additions & 126 deletions
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,75 @@ Function Connect-MonkeyM365{
4040
[parameter(Mandatory=$false, HelpMessage="Used when tokens are imported from init param")]
4141
[Switch]$Connected
4242
)
43-
foreach ($service in $O365Object.initParams.Collect){
43+
#First we will try to connect to generic Microsoft 365 services
44+
$msg = @{
45+
MessageData = ($message.TokenRequestInfoMessage -f "Microsoft Right Management Services")
46+
callStack = (Get-PSCallStack | Select-Object -First 1);
47+
logLevel = 'info';
48+
InformationAction = $O365Object.InformationAction;
49+
Tags = @('TokenRequestInfoMessage');
50+
}
51+
Write-Information @msg
52+
#Connect to Microsoft Rights Management Services
53+
$p = @{
54+
Resource = $O365Object.Environment.AADRM;
55+
AzureService = "AzurePowershell";
56+
InformationAction = $O365Object.InformationAction;
57+
Verbose = $O365Object.verbose;
58+
Debug = $O365Object.debug;
59+
}
60+
$O365Object.auth_tokens.AADRM = Connect-MonkeyGenericApplication @p
61+
#$O365Object.auth_tokens.AADRM = Connect-MonkeyAADRM
62+
If($null -ne $O365Object.auth_tokens.AADRM){
63+
#Get Service locator url
64+
$service_locator = Get-AADRMServiceLocatorUrl
65+
#set internal object
66+
If($O365Object.Environment.ContainsKey('aadrm_service_locator')){
67+
$O365Object.Environment.aadrm_service_locator = $service_locator;
68+
}
69+
Else{
70+
$O365Object.Environment.Add('aadrm_service_locator',$service_locator)
71+
}
72+
$O365Object.onlineServices.Item("AADRM") = $true
73+
}
74+
Else{
75+
$msg = @{
76+
MessageData = ($message.NotConnectedTo -f "Microsoft Right Management Services");
77+
callStack = (Get-PSCallStack | Select-Object -First 1);
78+
logLevel = 'warning';
79+
InformationAction = $O365Object.InformationAction;
80+
Tags = @('Monkey365FormsError');
81+
}
82+
Write-Warning @msg
83+
}
84+
#Check if scope for Microsoft Forms is present
85+
$msg = @{
86+
MessageData = ($message.TokenRequestInfoMessage -f "Microsoft Forms")
87+
callStack = (Get-PSCallStack | Select-Object -First 1);
88+
logLevel = 'info';
89+
InformationAction = $O365Object.InformationAction;
90+
Tags = @('TokenRequestInfoMessage');
91+
}
92+
Write-Information @msg
93+
#Connect to Microsoft Forms
94+
If($null -ne $O365Object.auth_tokens.MSGraph){
95+
#Get scopes
96+
$scopes = Read-JWTtoken -token $O365Object.auth_tokens.MSGraph.AccessToken | Select-Object -ExpandProperty scp -ErrorAction Ignore
97+
If($scopes -match '^OrgSettings-Forms\.Read(?:Write)?\.All$'){
98+
$O365Object.onlineServices.Item("Forms") = $true
99+
}
100+
Else{
101+
$msg = @{
102+
MessageData = ($message.NotConnectedTo -f "Microsoft Forms. Scope OrgSettings-Forms.Read.All was not detected");
103+
callStack = (Get-PSCallStack | Select-Object -First 1);
104+
logLevel = 'warning';
105+
InformationAction = $O365Object.InformationAction;
106+
Tags = @('Monkey365FormsError');
107+
}
108+
Write-Warning @msg
109+
}
110+
}
111+
ForEach ($service in $O365Object.initParams.Collect){
44112
switch ($service.ToLower()) {
45113
#Connect to Exchange Online
46114
'exchangeonline'{
@@ -65,9 +133,14 @@ Function Connect-MonkeyM365{
65133
$moduleFile = Get-PSExoModuleFile @p
66134
If($moduleFile){
67135
$O365Object.onlineServices.Item($service) = $true
68-
#Connect AIPService
69-
Connect-MonkeyAIPService
70-
Start-Sleep -Milliseconds 100
136+
$msg = @{
137+
MessageData = ($message.ConnectedTo -f "Exchange Online");
138+
callStack = (Get-PSCallStack | Select-Object -First 1);
139+
logLevel = 'info';
140+
InformationAction = $O365Object.InformationAction;
141+
Tags = @('TokenReceivedInfoMessage');
142+
}
143+
Write-Information @msg
71144
}
72145
Else{
73146
$msg = @{
@@ -122,9 +195,14 @@ Function Connect-MonkeyM365{
122195
$moduleFile = Get-PSExoModuleFile @p
123196
If($moduleFile){
124197
$O365Object.onlineServices.Item($service) = $true
125-
#Connect AIPService
126-
Connect-MonkeyAIPService
127-
Start-Sleep -Milliseconds 100
198+
$msg = @{
199+
MessageData = ($message.ConnectedTo -f "Microsoft Purview");
200+
callStack = (Get-PSCallStack | Select-Object -First 1);
201+
logLevel = 'info';
202+
InformationAction = $O365Object.InformationAction;
203+
Tags = @('TokenReceivedInfoMessage');
204+
}
205+
Write-Information @msg
128206
}
129207
Else{
130208
$msg = @{
@@ -307,9 +385,14 @@ Function Connect-MonkeyM365{
307385
#Check If connected to SharePoint
308386
If($O365Object.isSharePointAdministrator -or $null -ne $O365Object.spoSites){
309387
$O365Object.onlineServices.Item($service) = $true
310-
#Connect AIPService
311-
Connect-MonkeyAIPService
312-
Start-Sleep -Milliseconds 100
388+
$msg = @{
389+
MessageData = ($message.ConnectedTo -f "SharePoint Online admin site");
390+
callStack = (Get-PSCallStack | Select-Object -First 1);
391+
logLevel = 'info';
392+
InformationAction = $O365Object.InformationAction;
393+
Tags = @('TokenReceivedInfoMessage');
394+
}
395+
Write-Information @msg
313396
}
314397
}
315398
}
@@ -377,122 +460,6 @@ Function Connect-MonkeyM365{
377460
Write-Warning @msg;
378461
}
379462
}
380-
#Connect to Microsoft365
381-
'microsoft365'{
382-
If($O365Object.AuthType.ToLower() -eq 'client_credentials' -or $O365Object.AuthType.ToLower() -eq 'certIficate_credentials'){
383-
$msg = @{
384-
MessageData = ($message.SPNotAllowedAuthFlowErrorMessage -f "Microsoft 365 Admin portal");
385-
callStack = (Get-PSCallStack | Select-Object -First 1);
386-
logLevel = 'warning';
387-
InformationAction = $O365Object.InformationAction;
388-
Tags = @('Monkey365AdminPortalError');
389-
}
390-
Write-Warning @msg
391-
$msg = @{
392-
MessageData = ($message.NotConnectedTo -f $service);
393-
callStack = (Get-PSCallStack | Select-Object -First 1);
394-
logLevel = 'warning';
395-
InformationAction = $O365Object.InformationAction;
396-
Tags = @('Monkey365AdminPortalError');
397-
}
398-
Write-Warning @msg
399-
continue;
400-
}
401-
$msg = @{
402-
MessageData = ($message.TokenRequestInfoMessage -f "Microsoft Forms")
403-
callStack = (Get-PSCallStack | Select-Object -First 1);
404-
logLevel = 'info';
405-
InformationAction = $O365Object.InformationAction;
406-
Tags = @('TokenRequestInfoMessage');
407-
}
408-
Write-Information @msg
409-
#Connect to Microsoft Forms
410-
$p = @{
411-
Resource = (Get-WellKnownAzureService -AzureService MicrosoftForms);
412-
AzureService = "AzurePowershell";
413-
InformationAction = $O365Object.InformationAction;
414-
Verbose = $O365Object.verbose;
415-
Debug = $O365Object.debug;
416-
}
417-
$O365Object.auth_tokens.Forms = Connect-MonkeyGenericApplication @p
418-
#$O365Object.auth_tokens.Forms = Connect-MonkeyFormsForOffice
419-
If($null -ne $O365Object.auth_tokens.Forms){
420-
$O365Object.onlineServices.Item($service) = $true
421-
}
422-
Start-Sleep -Milliseconds 10
423-
$msg = @{
424-
MessageData = ($message.TokenRequestInfoMessage -f "Microsoft Right Management Services")
425-
callStack = (Get-PSCallStack | Select-Object -First 1);
426-
logLevel = 'info';
427-
InformationAction = $O365Object.InformationAction;
428-
Tags = @('TokenRequestInfoMessage');
429-
}
430-
Write-Information @msg
431-
#Connect to Microsoft Rights Management Services
432-
$p = @{
433-
Resource = $O365Object.Environment.AADRM;
434-
AzureService = "AzurePowershell";
435-
RedirectUri = "https://aadrm.com/adminpowershell";
436-
InformationAction = $O365Object.InformationAction;
437-
Verbose = $O365Object.verbose;
438-
Debug = $O365Object.debug;
439-
}
440-
$O365Object.auth_tokens.AADRM = Connect-MonkeyGenericApplication @p
441-
#$O365Object.auth_tokens.AADRM = Connect-MonkeyAADRM
442-
If($null -ne $O365Object.auth_tokens.AADRM){
443-
#Get Service locator url
444-
$service_locator = Get-AADRMServiceLocatorUrl
445-
#set internal object
446-
If($O365Object.Environment.ContainsKey('aadrm_service_locator')){
447-
$O365Object.Environment.aadrm_service_locator = $service_locator;
448-
}
449-
Else{
450-
$O365Object.Environment.Add('aadrm_service_locator',$service_locator)
451-
}
452-
$O365Object.onlineServices.Item($service) = $true
453-
}
454-
Start-Sleep -Milliseconds 10
455-
$msg = @{
456-
MessageData = ($message.TokenRequestInfoMessage -f "Microsoft 365 Admin Portal")
457-
callStack = (Get-PSCallStack | Select-Object -First 1);
458-
logLevel = 'info';
459-
InformationAction = $O365Object.InformationAction;
460-
Tags = @('TokenRequestInfoMessage');
461-
}
462-
Write-Information @msg
463-
#Connect to Admin blade
464-
$p = @{
465-
Resource = $O365Object.Environment.OfficeAdminPortal;
466-
AzureService = "AzureCli";
467-
InformationAction = $O365Object.InformationAction;
468-
Verbose = $O365Object.verbose;
469-
Debug = $O365Object.debug;
470-
}
471-
$O365Object.auth_tokens.M365Admin = Connect-MonkeyGenericApplication @p
472-
#$O365Object.auth_tokens.M365Admin = Connect-MonkeyM365AdminPortal
473-
If($null -ne $O365Object.auth_tokens.M365Admin){
474-
#Test If connection to Admin blade is allowed
475-
$p = @{
476-
InformationAction = $O365Object.InformationAction;
477-
Verbose = $O365Object.verbose;
478-
Debug = $O365Object.debug;
479-
}
480-
$isConnected = Test-M365PortalConnection @p
481-
If($isConnected){
482-
$O365Object.onlineServices.Item($service) = $true
483-
}
484-
Else{
485-
$msg = @{
486-
MessageData = ($message.NotConnectedTo -f $service);
487-
callStack = (Get-PSCallStack | Select-Object -First 1);
488-
logLevel = 'warning';
489-
InformationAction = $O365Object.InformationAction;
490-
Tags = @('Monkey365AdminPortalError');
491-
}
492-
Write-Warning @msg
493-
}
494-
}
495-
}
496463
#Connect to Fabric
497464
'microsoftfabric'{
498465
$msg = @{

core/api/azure/resourcemanagement/helpers/database/Get-MonkeyAzDBDataMaskingPolicy.ps1

Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,66 @@
1+
# Monkey365 - the PowerShell Cloud Security Tool for Azure and Microsoft 365 (copyright 2022) by Juan Garrido
2+
#
3+
# Licensed under the Apache License, Version 2.0 (the "License");
4+
# you may not use this file except in compliance with the License.
5+
# You may obtain a copy of the License at
6+
#
7+
# http://www.apache.org/licenses/LICENSE-2.0
8+
#
9+
# Unless required by applicable law or agreed to in writing, software
10+
# distributed under the License is distributed on an "AS IS" BASIS,
11+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12+
# See the License for the specific language governing permissions and
13+
# limitations under the License.
14+
15+
Function Get-MonkeyAzDBDataMaskingPolicy {
16+
<#
17+
.SYNOPSIS
18+
Get database data masking policy for sql database
19+
20+
.DESCRIPTION
21+
Get database data masking policy for sql database
22+
23+
.INPUTS
24+
25+
.OUTPUTS
26+
27+
.EXAMPLE
28+
29+
.NOTES
30+
Author : Juan Garrido
31+
Twitter : @tr1ana
32+
File Name : Get-MonkeyAzDBDataMaskingPolicy
33+
Version : 1.0
34+
35+
.LINK
36+
https://github.com/silverhack/monkey365
37+
#>
38+
39+
[CmdletBinding()]
40+
Param (
41+
[Parameter(Mandatory=$True, ValueFromPipeline = $True)]
42+
[Object]$Database,
43+
44+
[parameter(Mandatory=$false, HelpMessage="API version")]
45+
[String]$APIVersion = "2022-08-01-preview"
46+
)
47+
Process{
48+
try{
49+
$p = @{
50+
Id = $Database.Id;
51+
Resource = "dataMaskingPolicies/Default";
52+
ApiVersion = $APIVersion;
53+
Verbose = $O365Object.verbose;
54+
Debug = $O365Object.debug;
55+
InformationAction = $O365Object.InformationAction;
56+
}
57+
Get-MonkeyAzObjectById @p
58+
}
59+
catch{
60+
Write-Verbose $_
61+
}
62+
}
63+
End{
64+
#Nothing to do here
65+
}
66+
}

core/api/azure/resourcemanagement/helpers/database/Get-MonkeyAzDBDataMaskingRule.ps1

Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,66 @@
1+
# Monkey365 - the PowerShell Cloud Security Tool for Azure and Microsoft 365 (copyright 2022) by Juan Garrido
2+
#
3+
# Licensed under the Apache License, Version 2.0 (the "License");
4+
# you may not use this file except in compliance with the License.
5+
# You may obtain a copy of the License at
6+
#
7+
# http://www.apache.org/licenses/LICENSE-2.0
8+
#
9+
# Unless required by applicable law or agreed to in writing, software
10+
# distributed under the License is distributed on an "AS IS" BASIS,
11+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12+
# See the License for the specific language governing permissions and
13+
# limitations under the License.
14+
15+
Function Get-MonkeyAzDBDataMaskingRule {
16+
<#
17+
.SYNOPSIS
18+
Get database data masking rules for sql database
19+
20+
.DESCRIPTION
21+
Get database data masking rules for sql database
22+
23+
.INPUTS
24+
25+
.OUTPUTS
26+
27+
.EXAMPLE
28+
29+
.NOTES
30+
Author : Juan Garrido
31+
Twitter : @tr1ana
32+
File Name : Get-MonkeyAzDBDataMaskingRule
33+
Version : 1.0
34+
35+
.LINK
36+
https://github.com/silverhack/monkey365
37+
#>
38+
39+
[CmdletBinding()]
40+
Param (
41+
[Parameter(Mandatory=$True, ValueFromPipeline = $True)]
42+
[Object]$Database,
43+
44+
[parameter(Mandatory=$false, HelpMessage="API version")]
45+
[String]$APIVersion = "2024-11-01-preview"
46+
)
47+
Process{
48+
try{
49+
$p = @{
50+
Id = $Database.Id;
51+
Resource = "dataMaskingPolicies/Default";
52+
ApiVersion = $APIVersion;
53+
Verbose = $O365Object.verbose;
54+
Debug = $O365Object.debug;
55+
InformationAction = $O365Object.InformationAction;
56+
}
57+
Get-MonkeyAzObjectById @p
58+
}
59+
catch{
60+
Write-Verbose $_
61+
}
62+
}
63+
End{
64+
#Nothing to do here
65+
}
66+
}

0 commit comments

Comments
 (0)