diff --git a/src/Accounts/Authentication.ResourceManager/Properties/Resources.Designer.cs b/src/Accounts/Authentication.ResourceManager/Properties/Resources.Designer.cs index 3b6b3b0f015f..ff04b4974e2e 100644 --- a/src/Accounts/Authentication.ResourceManager/Properties/Resources.Designer.cs +++ b/src/Accounts/Authentication.ResourceManager/Properties/Resources.Designer.cs @@ -1,4 +1,4 @@ -//------------------------------------------------------------------------------ +//------------------------------------------------------------------------------ // // This code was generated by a tool. // Runtime Version:4.0.30319.42000 diff --git a/src/Accounts/Authentication/Properties/Resources.Designer.cs b/src/Accounts/Authentication/Properties/Resources.Designer.cs index a6e1dcc0edfc..189db97f9731 100644 --- a/src/Accounts/Authentication/Properties/Resources.Designer.cs +++ b/src/Accounts/Authentication/Properties/Resources.Designer.cs @@ -1,4 +1,4 @@ -//------------------------------------------------------------------------------ +//------------------------------------------------------------------------------ // // This code was generated by a tool. // Runtime Version:4.0.30319.42000 @@ -708,4 +708,4 @@ public static string x86InProgramFiles { } } } -} +} \ No newline at end of file diff --git a/src/Sql/Sql/Az.Sql.psd1 b/src/Sql/Sql/Az.Sql.psd1 index a28a783b6a9d..dea480bb1e51 100644 --- a/src/Sql/Sql/Az.Sql.psd1 +++ b/src/Sql/Sql/Az.Sql.psd1 @@ -259,7 +259,9 @@ CmdletsToExport = 'Get-AzSqlDatabaseTransparentDataEncryption', 'Get-AzSqlInstanceDatabaseBackupLongTermRetentionPolicy', 'Set-AzSqlInstanceDatabaseBackupLongTermRetentionPolicy', 'Disable-AzSqlServerActiveDirectoryOnlyAuthentication', - 'Invoke-AzSqlInstanceFailover' + 'Invoke-AzSqlInstanceFailover', + 'Enable-AzSqlServerActiveDirectoryOnlyAuthentication', + 'Get-AzSqlServerActiveDirectoryOnlyAuthentication' # Variables to export from this module # VariablesToExport = @() diff --git a/src/Sql/Sql/ChangeLog.md b/src/Sql/Sql/ChangeLog.md index dfbd45ea267e..a78e3102b3c8 100644 --- a/src/Sql/Sql/ChangeLog.md +++ b/src/Sql/Sql/ChangeLog.md @@ -19,6 +19,8 @@ --> ## Upcoming Release * Added BackupStorageRedundancy to `New-AzSqlInstance` and `Get-AzSqlInstance` +* Added cmdlet `Get-AzSqlServerActiveDirectoryOnlyAuthentication` +* Added cmdlet `Enable-AzSqlServerActiveDirectoryOnlyAuthentication` ## Version 2.9.1 * Fixed potential server name case insensitive error in `New-AzSqlServer` and `Set-AzSqlServer` diff --git a/src/Sql/Sql/ServerActiveDirectoryAdministrator/Services/AzureSqlServerActiveDirectoryAdministratorAdapter.cs b/src/Sql/Sql/ServerActiveDirectoryAdministrator/Services/AzureSqlServerActiveDirectoryAdministratorAdapter.cs index 4f1b74a7eaf5..c125770ac555 100644 --- a/src/Sql/Sql/ServerActiveDirectoryAdministrator/Services/AzureSqlServerActiveDirectoryAdministratorAdapter.cs +++ b/src/Sql/Sql/ServerActiveDirectoryAdministrator/Services/AzureSqlServerActiveDirectoryAdministratorAdapter.cs @@ -129,19 +129,6 @@ public void RemoveServerActiveDirectoryAdministrator(string resourceGroupName, s Communicator.Remove(resourceGroupName, serverName); } - /// - /// Disable Azure Active Directory only authentication on a Azure SQL Server - /// - /// The name of the resource group - /// The name of the Azure Sql ServerActiveDirectoryAdministrator Server - /// The upserted Azure SQL Server Active Directory administrator - internal AzureSqlServerActiveDirectoryAdministratorModel DisableAzureADOnlyAuthenticaion(string resourceGroup, string serverName) - { - var resp = Communicator.Disable(resourceGroup, serverName); - - return CreateServerActiveDirectoryAdministratorModelFromResponse(resourceGroup, serverName, resp); - } - /// /// Converts the response from the service to a powershell database object /// diff --git a/src/Sql/Sql/ServerActiveDirectoryAdministrator/Services/AzureSqlServerActiveDirectoryAdministratorCommunicator.cs b/src/Sql/Sql/ServerActiveDirectoryAdministrator/Services/AzureSqlServerActiveDirectoryAdministratorCommunicator.cs index 6f2e07ea5073..6a14dff5b7fc 100644 --- a/src/Sql/Sql/ServerActiveDirectoryAdministrator/Services/AzureSqlServerActiveDirectoryAdministratorCommunicator.cs +++ b/src/Sql/Sql/ServerActiveDirectoryAdministrator/Services/AzureSqlServerActiveDirectoryAdministratorCommunicator.cs @@ -97,14 +97,6 @@ public void Remove(string resourceGroupName, string serverName) GetCurrentSqlClient().ServerAzureADAdministrators.DeleteWithHttpMessagesAsync(resourceGroupName, serverName); } - /// - /// Disables Azure Active Directory only authentication on a Azure SQL Server - /// - public Management.Sql.Models.ServerAzureADAdministrator Disable(string resourceGroupName, string serverName) - { - return null; - } - /// /// Retrieve the SQL Management client for the currently selected subscription, adding the session and request /// id tracing headers for the current cmdlet invocation. diff --git a/src/Sql/Sql/ServerActiveDirectoryOnlyAuthentication/Cmdlet/AzureSqlServerActiveDirectoryOnlyAuthenticationCmdletBase.cs b/src/Sql/Sql/ServerActiveDirectoryOnlyAuthentication/Cmdlet/AzureSqlServerActiveDirectoryOnlyAuthenticationCmdletBase.cs new file mode 100644 index 000000000000..3212c0aaf4f9 --- /dev/null +++ b/src/Sql/Sql/ServerActiveDirectoryOnlyAuthentication/Cmdlet/AzureSqlServerActiveDirectoryOnlyAuthenticationCmdletBase.cs @@ -0,0 +1,46 @@ +// ---------------------------------------------------------------------------------- +// +// Copyright Microsoft Corporation +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ---------------------------------------------------------------------------------- + +using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters; +using Microsoft.Azure.Commands.Sql.Common; +using Microsoft.Azure.Commands.Sql.ServerActiveDirectoryOnlyAuthentication.Model; +using Microsoft.Azure.Commands.Sql.ServerActiveDirectoryOnlyAuthentication.Services; +using System.Collections.Generic; +using System.Management.Automation; + +namespace Microsoft.Azure.Commands.Sql.ServerActiveDirectoryOnlyAuthentication.Cmdlet +{ + public abstract class AzureSqlServerActiveDirectoryOnlyAuthenticationCmdletBase : AzureSqlCmdletBase, AzureSqlServerActiveDirectoryOnlyAuthenticationAdapter> + { + /// + /// Gets or sets the name of the Azure SQL Server that contains the Azure Active Directory administrator. + /// + [Parameter(Mandatory = true, + ValueFromPipelineByPropertyName = true, + Position = 1, + HelpMessage = "The name of the Azure SQL Server the Azure Active Directory only authentication is in.")] + [ResourceNameCompleter("Microsoft.Sql/servers", "ResourceGroupName")] + [ValidateNotNullOrEmpty] + public string ServerName { get; set; } + + /// + /// Initializes the adapter + /// + /// + protected override AzureSqlServerActiveDirectoryOnlyAuthenticationAdapter InitModelAdapter() + { + return new AzureSqlServerActiveDirectoryOnlyAuthenticationAdapter(DefaultProfile.DefaultContext); + } + } +} diff --git a/src/Sql/Sql/ServerActiveDirectoryAdministrator/Cmdlet/DisableAzureSqlServerActiveDirectoryOnlyAuthentication.cs b/src/Sql/Sql/ServerActiveDirectoryOnlyAuthentication/Cmdlet/DisableAzureSqlServerActiveDirectoryOnlyAuthentication.cs similarity index 52% rename from src/Sql/Sql/ServerActiveDirectoryAdministrator/Cmdlet/DisableAzureSqlServerActiveDirectoryOnlyAuthentication.cs rename to src/Sql/Sql/ServerActiveDirectoryOnlyAuthentication/Cmdlet/DisableAzureSqlServerActiveDirectoryOnlyAuthentication.cs index 4c56c30767c5..07f2b4f6ce0f 100644 --- a/src/Sql/Sql/ServerActiveDirectoryAdministrator/Cmdlet/DisableAzureSqlServerActiveDirectoryOnlyAuthentication.cs +++ b/src/Sql/Sql/ServerActiveDirectoryOnlyAuthentication/Cmdlet/DisableAzureSqlServerActiveDirectoryOnlyAuthentication.cs @@ -12,38 +12,39 @@ // limitations under the License. // ---------------------------------------------------------------------------------- -using Microsoft.Azure.Commands.Sql.ServerActiveDirectoryAdministrator.Model; +using Microsoft.Azure.Commands.Sql.ServerActiveDirectoryOnlyAuthentication.Model; using Microsoft.Rest.Azure; using System; using System.Collections.Generic; using System.Linq; using System.Management.Automation; -namespace Microsoft.Azure.Commands.Sql.ServerActiveDirectoryAdministrator.Cmdlet + +namespace Microsoft.Azure.Commands.Sql.ServerActiveDirectoryOnlyAuthentication.Cmdlet { /// /// Disables the Azure Active Directory only authentication of a specific SQL server. /// [Cmdlet("Disable", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "SqlServerActiveDirectoryOnlyAuthentication", ConfirmImpact = ConfirmImpact.None, SupportsShouldProcess = true)] - [OutputType(typeof(AzureSqlServerActiveDirectoryAdministratorModel))] - public class DisableAzureSqlServerActiveDirectoryOnlyAuthentication : AzureSqlServerActiveDirectoryAdministratorCmdletBase + [OutputType(typeof(AzureSqlServerActiveDirectoryOnlyAuthenticationModel))] + public class DisableAzureSqlServerActiveDirectoryOnlyAuthentication : AzureSqlServerActiveDirectoryOnlyAuthenticationCmdletBase { /// /// Get the entities from the service /// /// The list of entities - protected override IEnumerable GetEntity() + protected override IEnumerable GetEntity() { - List currentActiveDirectoryAdmins = null; + List currentActiveDirectoryOnlyAuthentications = null; try { - AzureSqlServerActiveDirectoryAdministratorModel model = ModelAdapter.GetServerActiveDirectoryAdministrator(this.ResourceGroupName, this.ServerName); + AzureSqlServerActiveDirectoryOnlyAuthenticationModel model = ModelAdapter.GetServerActiveDirectoryOnlyAuthentication(this.ResourceGroupName, this.ServerName); if (model != null) { - currentActiveDirectoryAdmins = new List(); - currentActiveDirectoryAdmins.Add(model); + currentActiveDirectoryOnlyAuthentications = new List(); + currentActiveDirectoryOnlyAuthentications.Add(model); } } catch (CloudException ex) @@ -63,18 +64,35 @@ protected override IEnumerable } } - return currentActiveDirectoryAdmins; + return currentActiveDirectoryOnlyAuthentications; + } + + /// + /// Create the list of models from a list of user input + /// + /// A IEnumerable of models retrieved from service + /// A list of models that was passed in + protected override IEnumerable ApplyUserInputToModel(IEnumerable model) + { + List newEntity = new List(); + newEntity.Add(new AzureSqlServerActiveDirectoryOnlyAuthenticationModel() + { + ResourceGroupName = ResourceGroupName, + ServerName = ServerName, + AzureADOnlyAuthentication = false + }); + return newEntity; } /// - /// Update the Azure SQL Server Active Directory administrator + /// Update the Azure SQL Server Active Directory only authentication /// /// A list of models to update the list /// A list of the persisted entities - protected override IEnumerable PersistChanges(IEnumerable entity) + protected override IEnumerable PersistChanges(IEnumerable entity) { - return new List() { - ModelAdapter.DisableAzureADOnlyAuthenticaion(this.ResourceGroupName, this.ServerName) + return new List() { + ModelAdapter.UpsertAzureADOnlyAuthenticaion(this.ResourceGroupName, this.ServerName, entity.FirstOrDefault()) }; } } diff --git a/src/Sql/Sql/ServerActiveDirectoryOnlyAuthentication/Cmdlet/EnableAzureSqlServerActiveDirectoryOnlyAuthentication.cs b/src/Sql/Sql/ServerActiveDirectoryOnlyAuthentication/Cmdlet/EnableAzureSqlServerActiveDirectoryOnlyAuthentication.cs new file mode 100644 index 000000000000..996104fe4896 --- /dev/null +++ b/src/Sql/Sql/ServerActiveDirectoryOnlyAuthentication/Cmdlet/EnableAzureSqlServerActiveDirectoryOnlyAuthentication.cs @@ -0,0 +1,99 @@ +// ---------------------------------------------------------------------------------- +// +// Copyright Microsoft Corporation +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ---------------------------------------------------------------------------------- + +using Microsoft.Azure.Commands.Sql.ServerActiveDirectoryOnlyAuthentication.Model; +using Microsoft.Rest.Azure; +using System; +using System.Collections.Generic; +using System.Linq; +using System.Management.Automation; + + +namespace Microsoft.Azure.Commands.Sql.ServerActiveDirectoryOnlyAuthentication.Cmdlet +{ + /// + /// Disables the Azure Active Directory only authentication of a specific SQL server. + /// + [Cmdlet("Enable", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "SqlServerActiveDirectoryOnlyAuthentication", ConfirmImpact = ConfirmImpact.None, SupportsShouldProcess = true)] + [OutputType(typeof(AzureSqlServerActiveDirectoryOnlyAuthenticationModel))] + public class EnableAzureSqlServerActiveDirectoryOnlyAuthentication : AzureSqlServerActiveDirectoryOnlyAuthenticationCmdletBase + { + /// + /// Get the entities from the service + /// + /// The list of entities + protected override IEnumerable GetEntity() + { + List currentActiveDirectoryOnlyAuthentications = null; + + try + { + AzureSqlServerActiveDirectoryOnlyAuthenticationModel model = ModelAdapter.GetServerActiveDirectoryOnlyAuthentication(this.ResourceGroupName, this.ServerName); + + if (model != null) + { + currentActiveDirectoryOnlyAuthentications = new List(); + currentActiveDirectoryOnlyAuthentications.Add(model); + } + } + catch (CloudException ex) + { + if (ex.Response.StatusCode != System.Net.HttpStatusCode.NotFound) + { + // Unexpected exception encountered + throw; + } + } + catch (Exception ex) + { + if ((ex.InnerException is CloudException ex1) && + ex1.Response.StatusCode != System.Net.HttpStatusCode.NotFound) + { + throw ex.InnerException ?? ex; + } + } + + return currentActiveDirectoryOnlyAuthentications; + } + + /// + /// Create the list of models from a list of user input + /// + /// A IEnumerable of models retrieved from service + /// A list of models that was passed in + protected override IEnumerable ApplyUserInputToModel(IEnumerable model) + { + List newEntity = new List(); + newEntity.Add(new AzureSqlServerActiveDirectoryOnlyAuthenticationModel() + { + ResourceGroupName = ResourceGroupName, + ServerName = ServerName, + AzureADOnlyAuthentication = true + }); + return newEntity; + } + + /// + /// Update the Azure SQL Server Active Directory only authentication + /// + /// A list of models to update the list + /// A list of the persisted entities + protected override IEnumerable PersistChanges(IEnumerable entity) + { + return new List() { + ModelAdapter.UpsertAzureADOnlyAuthenticaion(this.ResourceGroupName, this.ServerName, entity.FirstOrDefault()) + }; + } + } +} diff --git a/src/Sql/Sql/ServerActiveDirectoryOnlyAuthentication/Cmdlet/GetAzureSqlServerActiveDirectoryOnlyAuthentication.cs b/src/Sql/Sql/ServerActiveDirectoryOnlyAuthentication/Cmdlet/GetAzureSqlServerActiveDirectoryOnlyAuthentication.cs new file mode 100644 index 000000000000..6f8868519f80 --- /dev/null +++ b/src/Sql/Sql/ServerActiveDirectoryOnlyAuthentication/Cmdlet/GetAzureSqlServerActiveDirectoryOnlyAuthentication.cs @@ -0,0 +1,58 @@ +// ---------------------------------------------------------------------------------- +// +// Copyright Microsoft Corporation +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ---------------------------------------------------------------------------------- + +using Microsoft.Azure.Commands.Sql.ServerActiveDirectoryOnlyAuthentication.Model; +using System.Collections.Generic; +using System.Management.Automation; + +namespace Microsoft.Azure.Commands.Sql.ServerActiveDirectoryOnlyAuthentication.Cmdlet +{ + [Cmdlet("Get", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "SqlServerActiveDirectoryOnlyAuthentication", ConfirmImpact = ConfirmImpact.None, SupportsShouldProcess = true)] + [OutputType(typeof(AzureSqlServerActiveDirectoryOnlyAuthenticationModel))] + public class GetAzureSqlServerActiveDirectoryOnlyAuthentication : AzureSqlServerActiveDirectoryOnlyAuthenticationCmdletBase + { + /// + /// Get the entities from the service + /// + /// The list of entities + protected override IEnumerable GetEntity() + { + ICollection results; + + results = ModelAdapter.ListServerActiveDirectoryOnlyAuthentications(this.ResourceGroupName, this.ServerName); + + return results; + } + + /// + /// No user input to apply to model + /// + /// Model retrieved from service + /// The model that was passed in + protected override IEnumerable ApplyUserInputToModel(IEnumerable model) + { + return model; + } + + /// + /// No changes to persist to server + /// + /// The output of apply user input to model + /// The input entity + protected override IEnumerable PersistChanges(IEnumerable entity) + { + return entity; + } + } +} diff --git a/src/Sql/Sql/ServerActiveDirectoryOnlyAuthentication/Model/AzureSqlServerActiveDirectoryOnlyAuthenticationModel.cs b/src/Sql/Sql/ServerActiveDirectoryOnlyAuthentication/Model/AzureSqlServerActiveDirectoryOnlyAuthenticationModel.cs new file mode 100644 index 000000000000..e085817cbd87 --- /dev/null +++ b/src/Sql/Sql/ServerActiveDirectoryOnlyAuthentication/Model/AzureSqlServerActiveDirectoryOnlyAuthenticationModel.cs @@ -0,0 +1,39 @@ +// ---------------------------------------------------------------------------------- +// +// Copyright Microsoft Corporation +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ---------------------------------------------------------------------------------- + +using System; + +namespace Microsoft.Azure.Commands.Sql.ServerActiveDirectoryOnlyAuthentication.Model +{ + /// + /// Represents an Azure SQL Server Active Directory only authentication + /// + public class AzureSqlServerActiveDirectoryOnlyAuthenticationModel + { + /// + /// Gets or sets the name of the resource group + /// + public string ResourceGroupName { get; set; } + + /// + /// Gets or sets the name of the server + /// + public string ServerName { get; set; } + + /// + /// Gets or sets the value to indicate Azure AD Only authentication + /// + public bool AzureADOnlyAuthentication { get; set; } + } +} diff --git a/src/Sql/Sql/ServerActiveDirectoryOnlyAuthentication/Services/AzureSqlServerActiveDirectoryOnlyAuthenticationAdapter.cs b/src/Sql/Sql/ServerActiveDirectoryOnlyAuthentication/Services/AzureSqlServerActiveDirectoryOnlyAuthenticationAdapter.cs new file mode 100644 index 000000000000..e02f410cdd26 --- /dev/null +++ b/src/Sql/Sql/ServerActiveDirectoryOnlyAuthentication/Services/AzureSqlServerActiveDirectoryOnlyAuthenticationAdapter.cs @@ -0,0 +1,113 @@ +// ---------------------------------------------------------------------------------- +// +// Copyright Microsoft Corporation +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ---------------------------------------------------------------------------------- + +using Microsoft.Azure.Commands.Common.Authentication.Abstractions; +using Microsoft.Azure.Commands.Sql.ServerActiveDirectoryOnlyAuthentication.Model; +using Microsoft.Azure.Management.Sql.Models; +using System; +using System.Collections.Generic; +using System.Linq; + +namespace Microsoft.Azure.Commands.Sql.ServerActiveDirectoryOnlyAuthentication.Services +{ + /// + /// Adapter for Azure SQL Server Active Directory administrator operations + /// + public class AzureSqlServerActiveDirectoryOnlyAuthenticationAdapter + { + /// + /// Gets or sets the AzureSqlServerActiveDirectoryOnlyAuthenticationCommunicator which has all the needed management clients + /// + private AzureSqlServerActiveDirectoryOnlyAuthenticationCommunicator Communicator { get; set; } + + /// + /// Gets or sets the Azure profile + /// + public IAzureContext Context { get; set; } + + /// + /// Constructs a Azure SQL Server Active Directory administrator adapter + /// + /// The current azure profile + /// The current azure subscription + public AzureSqlServerActiveDirectoryOnlyAuthenticationAdapter(IAzureContext context) + { + Context = context; + Communicator = new AzureSqlServerActiveDirectoryOnlyAuthenticationCommunicator(Context); + } + + /// + /// Gets an Azure SQL Server Active Directory only authentication by name. + /// + /// The name of the resource group + /// The name of the Azure SQL Server that contains the Azure Active Directory only authentication + /// The Azure Sql ServerActiveDirectoryAdministrator object + internal AzureSqlServerActiveDirectoryOnlyAuthenticationModel GetServerActiveDirectoryOnlyAuthentication(string resourceGroupName, string serverName) + { + var resp = Communicator.Get(resourceGroupName, serverName); + return CreateServerActiveDirectoryOnlyAuthenticationModelFromResponse(resourceGroupName, serverName, resp); + } + + /// + /// Gets a list of Azure SQL Server Active Directory only authentications. + /// + /// The name of the resource group + /// The name of the Azure SQL Server that contains the Azure Active Directory only authentication + /// A list of Azure SQL Server Active Directory only authentication objects + internal ICollection ListServerActiveDirectoryOnlyAuthentications(string resourceGroupName, string serverName) + { + var resp = Communicator.List(resourceGroupName, serverName); + + return resp.Select((activeDirectoryOnlyAuth) => + { + return CreateServerActiveDirectoryOnlyAuthenticationModelFromResponse(resourceGroupName, serverName, activeDirectoryOnlyAuth); + }).ToList(); + } + + /// + /// Enable\Disable Azure Active Directory only authentication on a Azure SQL Server + /// + /// The name of the resource group + /// The name of the Azure Sql ServerActiveDirectoryAdministrator Server + /// The upserted Azure SQL Server Active Directory administrator + internal AzureSqlServerActiveDirectoryOnlyAuthenticationModel UpsertAzureADOnlyAuthenticaion(string resourceGroup, string serverName, AzureSqlServerActiveDirectoryOnlyAuthenticationModel model) + { + var resp = Communicator.CreateOrUpdate(resourceGroup, serverName, new ServerAzureADOnlyAuthentication(model.AzureADOnlyAuthentication)); + + return CreateServerActiveDirectoryOnlyAuthenticationModelFromResponse(resourceGroup, serverName, resp); + } + + /// + /// Converts the response from the service to a powershell database object + /// + /// The resource group the server is in + /// The name of the Azure Sql ServerActiveDirectoryAdministrator Server + /// The service response + /// The converted model + public static AzureSqlServerActiveDirectoryOnlyAuthenticationModel CreateServerActiveDirectoryOnlyAuthenticationModelFromResponse(string resourceGroup, string serverName, Management.Sql.Models.ServerAzureADOnlyAuthentication serverAzureADOnlyAuthentication) + { + if (serverAzureADOnlyAuthentication != null) + { + AzureSqlServerActiveDirectoryOnlyAuthenticationModel model = new AzureSqlServerActiveDirectoryOnlyAuthenticationModel(); + + model.ResourceGroupName = resourceGroup; + model.ServerName = serverName; + model.AzureADOnlyAuthentication = serverAzureADOnlyAuthentication.AzureADOnlyAuthentication; + return model; + } + + return null; + } + } +} diff --git a/src/Sql/Sql/ServerActiveDirectoryOnlyAuthentication/Services/AzureSqlServerActiveDirectoryOnlyAuthenticationCommunicator.cs b/src/Sql/Sql/ServerActiveDirectoryOnlyAuthentication/Services/AzureSqlServerActiveDirectoryOnlyAuthenticationCommunicator.cs new file mode 100644 index 000000000000..5466700cc8af --- /dev/null +++ b/src/Sql/Sql/ServerActiveDirectoryOnlyAuthentication/Services/AzureSqlServerActiveDirectoryOnlyAuthenticationCommunicator.cs @@ -0,0 +1,107 @@ +// ---------------------------------------------------------------------------------- +// +// Copyright Microsoft Corporation +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ---------------------------------------------------------------------------------- + +using Microsoft.Azure.Commands.Common.Authentication; +using Microsoft.Azure.Commands.Common.Authentication.Abstractions; +using Microsoft.Azure.Management.Sql; +using Microsoft.Azure.Management.Sql.Models; +using System.Collections.Generic; + +namespace Microsoft.Azure.Commands.Sql.ServerActiveDirectoryOnlyAuthentication.Services +{ + /// + /// This class is responsible for all the REST communication with the audit REST endpoints + /// + public class AzureSqlServerActiveDirectoryOnlyAuthenticationCommunicator + { + /// + /// The Sql client to be used by this end points communicator + /// + private static SqlManagementClient SqlClient { get; set; } + + /// + /// The Sql client default name for the active directory only authentication + /// + private static string ActiveDirectoryOnlyAuthenticationDefaultName { get { return "Default"; } } + + /// + /// The Sql client default type for the active directory only authentication + /// + private static string ActiveDirectoryOnlyAuthenticationDefaultType { get { return "default"; } } + + /// + /// Gets or set the Azure subscription + /// + private static IAzureSubscription Subscription { get; set; } + + /// + /// Gets or sets the Azure profile + /// + public IAzureContext Context { get; set; } + + /// + /// Creates a communicator for Azure SQL Server Active Directory administrator + /// + /// + /// + public AzureSqlServerActiveDirectoryOnlyAuthenticationCommunicator(IAzureContext context) + { + Context = context; + if (context?.Subscription != Subscription) + { + Subscription = context?.Subscription; + SqlClient = null; + } + } + + /// + /// Gets the Azure SQL Server Active Directory only authentication + /// + public Management.Sql.Models.ServerAzureADOnlyAuthentication Get(string resourceGroupName, string serverName) + { + return GetCurrentSqlClient().ServerAzureADOnlyAuthentications.GetAsync(resourceGroupName, serverName).Result; + } + + /// + /// Disables Azure Active Directory only authentication on a Azure SQL Server + /// + public Management.Sql.Models.ServerAzureADOnlyAuthentication CreateOrUpdate(string resourceGroupName, string serverName, ServerAzureADOnlyAuthentication parameters) + { + return GetCurrentSqlClient().ServerAzureADOnlyAuthentications.CreateOrUpdate(resourceGroupName, serverName, parameters); + } + + /// + /// Lists Azure SQL Server Active Directory only authenctications + /// + public IEnumerable List(string resourceGroupName, string serverName) + { + return GetCurrentSqlClient().ServerAzureADOnlyAuthentications.ListByServer(resourceGroupName, serverName); + } + + /// + /// Retrieve the SQL Management client for the currently selected subscription, adding the session and request + /// id tracing headers for the current cmdlet invocation. + /// + /// The SQL Management client for the currently selected subscription. + private SqlManagementClient GetCurrentSqlClient() + { + // Get the SQL management client for the current subscription + if (SqlClient == null) + { + SqlClient = AzureSession.Instance.ClientFactory.CreateArmClient(Context, AzureEnvironment.Endpoint.ResourceManager); + } + return SqlClient; + } + } +} diff --git a/src/Sql/Sql/help/Az.Sql.md b/src/Sql/Sql/help/Az.Sql.md index 2f980697c867..d422ace5ab88 100644 --- a/src/Sql/Sql/help/Az.Sql.md +++ b/src/Sql/Sql/help/Az.Sql.md @@ -77,6 +77,12 @@ Disables Azure AD only authentication for a specific SQL Server. ### [Disable-AzSqlServerAdvancedDataSecurity](Disable-AzSqlServerAdvancedDataSecurity.md) Disables Advanced Data Security on a server. +### [Enable-AzSqlServerActiveDirectoryOnlyAuthentication](Enable-AzSqlServerActiveDirectoryOnlyAuthentication.md) +Enables Azure AD only authentication for a specific SQL Server. + +### [Get-AzSqlServerActiveDirectoryOnlyAuthentication](Get-AzSqlServerActiveDirectoryOnlyAuthentication.md) +Gets Azure AD only authentication for a specific SQL Server. + ### [Disable-AzSqlServerAdvancedThreatProtection](Disable-AzSqlServerAdvancedThreatProtection.md) Disables Advanced Threat Protection on a server. diff --git a/src/Sql/Sql/help/Disable-AzSqlServerActiveDirectoryOnlyAuthentication.md b/src/Sql/Sql/help/Disable-AzSqlServerActiveDirectoryOnlyAuthentication.md index 9412b526e601..f0a1e265304d 100644 --- a/src/Sql/Sql/help/Disable-AzSqlServerActiveDirectoryOnlyAuthentication.md +++ b/src/Sql/Sql/help/Disable-AzSqlServerActiveDirectoryOnlyAuthentication.md @@ -25,9 +25,9 @@ The **Disable-AzSqlServerActiveDirectoryOnlyAuthentication** cmdlet disables Azu ### Example 1 ```powershell PS C:\>Disable-AzSqlServerActiveDirectoryOnlyAuthentication -ResourceGroupName "ResourceGroup01" -ServerName "Server01" -ResourceGroupName ServerName DisplayName ObjectId IsAzureADOnlyAuthentication +ResourceGroupName ServerName AzureADOnlyAuthentication ----------------- ---------- ----------- -------- ----------- -ResourceGroup01 Server01 DBAs 40b79501-b343-44ed-9ce7-da4c8cc7353b False +ResourceGroup01 Server01 False ``` This command disables Azure Active Directory (Azure AD) only authentication requirement for an AzureSQL server named Server01 that is associated with a resource group named ResourceGroup01. @@ -38,7 +38,7 @@ This command disables Azure Active Directory (Azure AD) only authentication requ The credentials, account, tenant, and subscription used for communication with Azure. ```yaml -Type: IAzureContextContainer +Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer Parameter Sets: (All) Aliases: AzContext, AzureRmContext, AzureCredential @@ -53,7 +53,7 @@ Accept wildcard characters: False The name of the resource group. ```yaml -Type: String +Type: System.String Parameter Sets: (All) Aliases: @@ -65,10 +65,10 @@ Accept wildcard characters: False ``` ### -ServerName -The name of the Azure SQL Server the Azure Active Directory administrator is in. +The name of the Azure SQL Server the Azure Active Directory only authentication is in. ```yaml -Type: String +Type: System.String Parameter Sets: (All) Aliases: @@ -83,7 +83,7 @@ Accept wildcard characters: False Prompts you for confirmation before running the cmdlet. ```yaml -Type: SwitchParameter +Type: System.Management.Automation.SwitchParameter Parameter Sets: (All) Aliases: cf @@ -99,7 +99,7 @@ Shows what would happen if the cmdlet runs. The cmdlet is not run. ```yaml -Type: SwitchParameter +Type: System.Management.Automation.SwitchParameter Parameter Sets: (All) Aliases: wi @@ -119,16 +119,18 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## OUTPUTS -### Microsoft.Azure.Commands.Sql.ServerActiveDirectoryAdministrator.Model.AzureSqlServerActiveDirectoryAdministratorModel +### Microsoft.Azure.Commands.Sql.ServerActiveDirectoryAdministrator.Model.AzureSqlServerActiveDirectoryOnlyAuthenticationModel ## NOTES ## RELATED LINKS -[Remove-AzSqlServerActiveDirectoryAdministrator](./Remove-AzSqlServerActiveDirectoryAdministrator.md) +[Enable-AzSqlServerActiveDirectoryOnlyAuthentication](./Enable-AzSqlServerActiveDirectoryOnlyAuthentication.md) + +[Get-AzSqlServerActiveDirectoryOnlyAuthentication](./Get-AzSqlServerActiveDirectoryOnlyAuthentication.md) [Set-AzSqlServerActiveDirectoryAdministrator](./Set-AzSqlServerActiveDirectoryAdministrator.md) [Get-AzSqlServerActiveDirectoryAdministrator](./Get-AzSqlServerActiveDirectoryAdministrator.md) -[SQL Database Documentation](https://docs.microsoft.com/azure/sql-database/) +[SQL Database Documentation](https://docs.microsoft.com/azure/sql-database/) \ No newline at end of file diff --git a/src/Sql/Sql/help/Enable-AzSqlServerActiveDirectoryOnlyAuthentication.md b/src/Sql/Sql/help/Enable-AzSqlServerActiveDirectoryOnlyAuthentication.md new file mode 100644 index 000000000000..49e80cbc56ea --- /dev/null +++ b/src/Sql/Sql/help/Enable-AzSqlServerActiveDirectoryOnlyAuthentication.md @@ -0,0 +1,136 @@ +--- +external help file: Microsoft.Azure.PowerShell.Cmdlets.Sql.dll-Help.xml +Module Name: Az.Sql +online version: https://docs.microsoft.com/en-us/powershell/module/az.sql/enable-azsqlserveractivedirectoryonlyauthentication +schema: 2.0.0 +--- + +# Enable-AzSqlServerActiveDirectoryOnlyAuthentication + +## SYNOPSIS +Enables Azure AD only authentication for a specific SQL Server. + +## SYNTAX + +``` +Enable-AzSqlServerActiveDirectoryOnlyAuthentication [-ServerName] [-ResourceGroupName] + [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Enable-AzSqlServerActiveDirectoryOnlyAuthentication** cmdlet enables Azure Active Directory (Azure AD) only authentication requirement for an AzureSQL Server in the current subscription. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\>Enable-AzSqlServerActiveDirectoryOnlyAuthentication -ResourceGroupName "ResourceGroup01" -ServerName "Server01" +ResourceGroupName ServerName AzureADOnlyAuthentication +----------------- ---------- ----------- -------- ----------- +ResourceGroup01 Server01 True +``` + +This command enables Azure Active Directory (Azure AD) only authentication requirement for an AzureSQL server named Server01 that is associated with a resource group named ResourceGroup01. + +## PARAMETERS + +### -DefaultProfile +The credentials, account, tenant, and subscription used for communication with Azure. + +```yaml +Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer +Parameter Sets: (All) +Aliases: AzContext, AzureRmContext, AzureCredential + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResourceGroupName +The name of the resource group. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ServerName +The name of the Azure SQL Server the Azure Active Directory only authentication is in. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +## OUTPUTS + +### Microsoft.Azure.Commands.Sql.ServerActiveDirectoryAdministrator.Model.AzureSqlServerActiveDirectoryOnlyAuthenticationModel + +## NOTES + +## RELATED LINKS + +[Disable-AzSqlServerActiveDirectoryOnlyAuthentication](./Disable-AzSqlServerActiveDirectoryOnlyAuthentication.md) + +[Get-AzSqlServerActiveDirectoryOnlyAuthentication](./Get-AzSqlServerActiveDirectoryOnlyAuthentication.md) + +[Set-AzSqlServerActiveDirectoryAdministrator](./Set-AzSqlServerActiveDirectoryAdministrator.md) + +[Get-AzSqlServerActiveDirectoryAdministrator](./Get-AzSqlServerActiveDirectoryAdministrator.md) + +[SQL Database Documentation](https://docs.microsoft.com/azure/sql-database/) \ No newline at end of file diff --git a/src/Sql/Sql/help/Get-AzSqlServerActiveDirectoryOnlyAuthentication.md b/src/Sql/Sql/help/Get-AzSqlServerActiveDirectoryOnlyAuthentication.md new file mode 100644 index 000000000000..a2b4d4ba7d3c --- /dev/null +++ b/src/Sql/Sql/help/Get-AzSqlServerActiveDirectoryOnlyAuthentication.md @@ -0,0 +1,136 @@ +--- +external help file: Microsoft.Azure.PowerShell.Cmdlets.Sql.dll-Help.xml +Module Name: Az.Sql +online version: https://docs.microsoft.com/en-us/powershell/module/az.sql/get-azsqlserveractivedirectoryonlyauthentication +schema: 2.0.0 +--- + +# Get-AzSqlServerActiveDirectoryOnlyAuthentication + +## SYNOPSIS +Gets Azure AD only authentication for a specific SQL Server. + +## SYNTAX + +``` +Get-AzSqlServerActiveDirectoryOnlyAuthentication [-ServerName] [-ResourceGroupName] + [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Get-AzSqlServerActiveDirectoryOnlyAuthentication** cmdlet gets Azure Active Directory (Azure AD) only authentication requirement for an AzureSQL Server in the current subscription. + +## EXAMPLES + +### Example 1 +```powershell +PS C:\>Get-AzSqlServerActiveDirectoryOnlyAuthentication -ResourceGroupName "ResourceGroup01" -ServerName "Server01" +ResourceGroupName ServerName AzureADOnlyAuthentication +----------------- ---------- ----------- -------- ----------- +ResourceGroup01 Server01 True +``` + +This command gets Azure Active Directory (Azure AD) only authentication requirement for an AzureSQL server named Server01 that is associated with a resource group named ResourceGroup01. + +## PARAMETERS + +### -DefaultProfile +The credentials, account, tenant, and subscription used for communication with Azure. + +```yaml +Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer +Parameter Sets: (All) +Aliases: AzContext, AzureRmContext, AzureCredential + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResourceGroupName +The name of the resource group. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ServerName +The name of the Azure SQL Server the Azure Active Directory only authentication is in. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +## OUTPUTS + +### Microsoft.Azure.Commands.Sql.ServerActiveDirectoryAdministrator.Model.AzureSqlServerActiveDirectoryOnlyAuthenticationModel + +## NOTES + +## RELATED LINKS + +[Enable-AzSqlServerActiveDirectoryOnlyAuthentication](./Enable-AzSqlServerActiveDirectoryOnlyAuthentication.md) + +[Disable-AzSqlServerActiveDirectoryOnlyAuthentication](./Disable-AzSqlServerActiveDirectoryOnlyAuthentication.md) + +[Set-AzSqlServerActiveDirectoryAdministrator](./Set-AzSqlServerActiveDirectoryAdministrator.md) + +[Get-AzSqlServerActiveDirectoryAdministrator](./Get-AzSqlServerActiveDirectoryAdministrator.md) + +[SQL Database Documentation](https://docs.microsoft.com/azure/sql-database/) \ No newline at end of file diff --git a/tools/StaticAnalysis/Exceptions/Az.Sql/BreakingChangeIssues.csv b/tools/StaticAnalysis/Exceptions/Az.Sql/BreakingChangeIssues.csv index f85231ecb1ee..2429f0782eef 100644 --- a/tools/StaticAnalysis/Exceptions/Az.Sql/BreakingChangeIssues.csv +++ b/tools/StaticAnalysis/Exceptions/Az.Sql/BreakingChangeIssues.csv @@ -1,3 +1,4 @@ "AssemblyFileName","ClassName","Target","Severity","ProblemId","Description","Remediation" "Microsoft.Azure.PowerShell.Cmdlets.Sql.dll","Microsoft.Azure.Commands.Sql.ServerActiveDirectoryAdministrator.Cmdlet.SetAzureSqlServerActiveDirectoryAdministrator","Set-AzSqlServerActiveDirectoryAdministrator","0","2000","The cmdlet 'Set-AzSqlServerActiveDirectoryAdministrator' no longer supports the parameter 'IsAzureADOnlyAuthentication' and no alias was found for the original parameter name.","Add the parameter 'IsAzureADOnlyAuthentication' back to the cmdlet 'Set-AzSqlServerActiveDirectoryAdministrator', or add an alias to the original parameter name." "Microsoft.Azure.PowerShell.Cmdlets.Sql.dll","Microsoft.Azure.Commands.Sql.ServerActiveDirectoryAdministrator.Cmdlet.SetAzureSqlServerActiveDirectoryAdministrator","Set-AzSqlServerActiveDirectoryAdministrator","0","1050","The parameter set '__AllParameterSets' for cmdlet 'Set-AzSqlServerActiveDirectoryAdministrator' has been removed.","Add parameter set '__AllParameterSets' back to cmdlet 'Set-AzSqlServerActiveDirectoryAdministrator'." +"Microsoft.Azure.PowerShell.Cmdlets.Sql.dll","Microsoft.Azure.Commands.Sql.ServerActiveDirectoryAdministrator.Cmdlet.DisableAzureSqlServerActiveDirectoryOnlyAuthentication","Disable-AzSqlServerActiveDirectoryOnlyAuthentication","0","1020","The cmdlet 'Disable-AzSqlServerActiveDirectoryOnlyAuthentication' no longer has output type 'Microsoft.Azure.Commands.Sql.ServerActiveDirectoryAdministrator.Model.AzureSqlServerActiveDirectoryAdministratorModel'.","Make cmdlet 'Disable-AzSqlServerActiveDirectoryOnlyAuthentication' return type 'Microsoft.Azure.Commands.Sql.ServerActiveDirectoryAdministrator.Model.AzureSqlServerActiveDirectoryAdministratorModel'." \ No newline at end of file