# 12 - Azure SQL Connector Quickstart

## üß≠ Goal

Learn how to connect to Azure SQL Database using ODIBI's connection system with support for both Azure AD and SQL authentication.

This notebook will:
- Show how to use `AzureSQLConnection` from `odibi.connections`
- Demonstrate two authentication modes: `azure_ad` and `sql_auth`
- Use SQLite fallback for offline-safe execution (no Azure SQL required)
- Show connection configuration patterns
- Read/write data to SQL database
- Demonstrate safe credential handling

**Estimated time:** 30 seconds

---

## üß± Core Concepts

**Azure SQL Connection Modes:**
```python
# Azure AD Authentication (recommended for cloud)
conn = AzureSQLConnection(
    server="myserver.database.windows.net",
    database="mydb",
    auth_mode="azure_ad"
)

# SQL Authentication (username/password)
conn = AzureSQLConnection(
    server="myserver.database.windows.net",
    database="mydb",
    auth_mode="sql_auth",
    username="user",
    password="pass"
)
```

**Offline Fallback:**
- This notebook uses SQLite for execution (no Azure required)
- Configuration examples show Azure patterns
- Safe for learning and testing

## üîß Setup

In [None]:
# ‚úÖ Environment Setup
import sys
import os
from pathlib import Path
import pandas as pd
import json
import yaml
import sqlite3

# Navigate to project root
project_root = Path.cwd().parent if Path.cwd().name == 'walkthroughs' else Path.cwd()
os.chdir(project_root)

# Create artifacts directory
artifacts_dir = Path('walkthroughs/.artifacts/12_azure_sql')
artifacts_dir.mkdir(parents=True, exist_ok=True)

# Database path
db_path = artifacts_dir / 'test_database.db'

print(f"‚úÖ Environment ready")
print(f"üìÅ Artifacts: {artifacts_dir}")
print(f"üóÑÔ∏è  Database: {db_path}")

## üìù Configuration: Azure AD Authentication

In [None]:
# Create Azure AD authentication config example
azure_ad_config = {
    "connection_type": "azure_sql",
    "server": "mycompany.database.windows.net",
    "database": "production_db",
    "auth_mode": "azure_ad",
    "driver": "ODBC Driver 17 for SQL Server",
    "connection_timeout": 30,
    "encrypt": True,
    "trust_server_certificate": False
}

config_path_azure_ad = artifacts_dir / 'connection_config_azure_ad.yaml'
with open(config_path_azure_ad, 'w') as f:
    yaml.dump(azure_ad_config, f, default_flow_style=False, sort_keys=False)

print("üîê Azure AD Authentication Config:\n")
print(yaml.dump(azure_ad_config, default_flow_style=False, sort_keys=False))
print(f"‚úÖ Saved to: {config_path_azure_ad}")

## üìù Configuration: SQL Authentication

In [None]:
# Create SQL authentication config example
sql_auth_config = {
    "connection_type": "azure_sql",
    "server": "mycompany.database.windows.net",
    "database": "production_db",
    "auth_mode": "sql_auth",
    "username": "${SQL_USERNAME}",  # Environment variable reference
    "password": "${SQL_PASSWORD}",  # Never hardcode credentials!
    "driver": "ODBC Driver 17 for SQL Server",
    "connection_timeout": 30,
    "encrypt": True
}

config_path_sql_auth = artifacts_dir / 'connection_config_sql_auth.yaml'
with open(config_path_sql_auth, 'w') as f:
    yaml.dump(sql_auth_config, f, default_flow_style=False, sort_keys=False)

print("üîë SQL Authentication Config:\n")
print(yaml.dump(sql_auth_config, default_flow_style=False, sort_keys=False))
print(f"‚úÖ Saved to: {config_path_sql_auth}")
print("\n‚ö†Ô∏è  Note: Use environment variables for credentials!")

## üîå Create Connection (SQLite Fallback)

In [None]:
# For this walkthrough, use SQLite as fallback
# In production, you would use AzureSQLConnection

# Create or connect to SQLite database
conn = sqlite3.connect(db_path)
cursor = conn.cursor()

print("üîå Connection established")
print(f"üìç Mode: SQLite fallback (offline-safe)")
print(f"üóÑÔ∏è  Database: {db_path}")
print("\nüí° In production, you would use:")
print("   from odibi.connections.azure_sql import AzureSQLConnection")
print("   conn = AzureSQLConnection(**config)")

## ‚ñ∂Ô∏è Run: Write DataFrame to Database

In [None]:
# Create sample data
df_sales = pd.DataFrame({
    "product_id": [1, 2, 3, 4, 5],
    "product_name": ["Widget", "Gadget", "Gizmo", "Doohickey", "Thingamajig"],
    "category": ["Electronics", "Home", "Electronics", "Tools", "Home"],
    "price": [29.99, 49.99, 19.99, 39.99, 24.99],
    "quantity_sold": [150, 89, 234, 56, 178]
})

print("üìä Sample Data:\n")
print(df_sales)

# Write to database
df_sales.to_sql('products', conn, if_exists='replace', index=False)

print(f"\n‚úÖ Wrote {len(df_sales)} rows to 'products' table")

## ‚ñ∂Ô∏è Run: Read Data from Database

In [None]:
# Read back from database
df_read = pd.read_sql('SELECT * FROM products', conn)

print("üìñ Data read from database:\n")
print(df_read)

# Verify row count matches
assert len(df_read) == len(df_sales), "Row count mismatch!"
print(f"\n‚úÖ Read {len(df_read)} rows from 'products' table")

## üîç Execute: Parameterized Query

In [None]:
# Safe parameterized query (protects against SQL injection)
query = """
SELECT product_name, category, price, quantity_sold,
       (price * quantity_sold) as revenue
FROM products
WHERE category = ?
ORDER BY revenue DESC
"""

category_filter = "Electronics"
df_filtered = pd.read_sql(query, conn, params=[category_filter])

print(f"üîç Query: Products in category '{category_filter}'\n")
print(df_filtered)

# Save query results
results_path = artifacts_dir / 'query_results.csv'
df_filtered.to_csv(results_path, index=False)

print(f"\n‚úÖ Query results saved to: {results_path}")

## üìä Analytics: Table Statistics

In [None]:
# Get row counts per category
query_stats = """
SELECT category, 
       COUNT(*) as product_count,
       SUM(quantity_sold) as total_units_sold,
       ROUND(AVG(price), 2) as avg_price
FROM products
GROUP BY category
ORDER BY product_count DESC
"""

df_stats = pd.read_sql(query_stats, conn)

print("üìä Category Statistics:\n")
print(df_stats)

# Convert to dict for JSON export
row_counts = {
    "total_products": int(df_read.shape[0]),
    "by_category": df_stats.set_index('category')['product_count'].to_dict(),
    "total_units_sold": int(df_read['quantity_sold'].sum()),
    "avg_price_overall": round(float(df_read['price'].mean()), 2)
}

# Save row counts
counts_path = artifacts_dir / 'row_counts.json'
with open(counts_path, 'w') as f:
    json.dump(row_counts, f, indent=2)

print(f"\n‚úÖ Statistics saved to: {counts_path}")

## üîó DSN Parsing Example

In [None]:
# Example DSN connection strings for Azure SQL
dsn_examples = {
    "azure_ad": (
        "Driver={ODBC Driver 17 for SQL Server};"
        "Server=tcp:myserver.database.windows.net,1433;"
        "Database=mydb;"
        "Authentication=ActiveDirectoryIntegrated;"
        "Encrypt=yes;"
        "TrustServerCertificate=no;"
    ),
    "sql_auth": (
        "Driver={ODBC Driver 17 for SQL Server};"
        "Server=tcp:myserver.database.windows.net,1433;"
        "Database=mydb;"
        "UID=username;"
        "PWD=password;"
        "Encrypt=yes;"
    ),
    "connection_string": (
        "mssql+pyodbc://username:password@myserver.database.windows.net/mydb?"
        "driver=ODBC+Driver+17+for+SQL+Server&Encrypt=yes"
    )
}

print("üîó Azure SQL DSN Examples:\n")
for auth_type, dsn in dsn_examples.items():
    print(f"\n{auth_type.upper()}:")
    print(f"  {dsn}")

print("\nüí° These connection strings can be used with:")
print("   - pyodbc.connect(dsn)")
print("   - sqlalchemy.create_engine(connection_string)")
print("   - AzureSQLConnection.from_dsn(dsn)")

## üßπ Cleanup

In [None]:
# Close connection
conn.close()

print("‚úÖ Connection closed")
print("üóÑÔ∏è  SQLite database preserved for inspection")

## ‚úÖ Self-Check

In [None]:
import time
start_time = time.time()

try:
    # Check SQLite database exists
    assert db_path.exists(), "SQLite database not found"
    
    # Check config files exist
    assert config_path_azure_ad.exists(), "Azure AD config not found"
    assert config_path_sql_auth.exists(), "SQL auth config not found"
    
    # Check query results exist
    assert (artifacts_dir / 'query_results.csv').exists(), "Query results CSV not found"
    
    # Check row counts JSON exists
    assert (artifacts_dir / 'row_counts.json').exists(), "Row counts JSON not found"
    
    # Validate query results
    df_check = pd.read_csv(artifacts_dir / 'query_results.csv')
    assert len(df_check) == 2, f"Expected 2 Electronics products, got {len(df_check)}"
    assert 'revenue' in df_check.columns, "Revenue column missing"
    
    # Validate row counts JSON
    with open(artifacts_dir / 'row_counts.json') as f:
        counts = json.load(f)
    
    assert counts['total_products'] == 5, f"Expected 5 products, got {counts['total_products']}"
    assert 'by_category' in counts, "Category breakdown missing"
    assert counts['total_units_sold'] == 707, f"Expected 707 units, got {counts['total_units_sold']}"
    
    # Validate configs
    with open(config_path_azure_ad) as f:
        azure_config = yaml.safe_load(f)
    assert azure_config['auth_mode'] == 'azure_ad', "Azure AD auth mode incorrect"
    
    with open(config_path_sql_auth) as f:
        sql_config = yaml.safe_load(f)
    assert sql_config['auth_mode'] == 'sql_auth', "SQL auth mode incorrect"
    assert '${SQL_USERNAME}' in sql_config['username'], "Username should use env var"
    
    # Check runtime
    elapsed = time.time() - start_time
    assert elapsed < 30, f"Runtime {elapsed:.1f}s exceeds 30s budget"
    
    print("üéâ Walkthrough verified successfully!")
    print(f"‚è±Ô∏è  Runtime: {elapsed:.2f}s")
    print(f"üóÑÔ∏è  Database size: {db_path.stat().st_size / 1024:.1f} KB")
    print(f"üìä Products: {counts['total_products']}")
    print(f"üì¶ Units sold: {counts['total_units_sold']}")
    print(f"‚úÖ All checks passed!")
    
except AssertionError as e:
    print(f"‚ùå Walkthrough failed: {e}")
    raise
except Exception as e:
    print(f"‚ùå Unexpected error: {e}")
    raise

## üß† Reflection

### What You Learned

1. **Dual Authentication**: Azure SQL supports both Azure AD (recommended) and SQL authentication
2. **Safe Credentials**: Always use environment variables or secret management, never hardcode
3. **Parameterized Queries**: Protect against SQL injection with parameterized queries
4. **Offline Development**: SQLite fallback enables offline-safe testing and learning

### Connection Pattern

```python
# In production ODIBI pipelines:
from odibi.connections.azure_sql import AzureSQLConnection

# Load config from YAML
with open('connection_config.yaml') as f:
    config = yaml.safe_load(f)

# Create connection
conn = AzureSQLConnection(**config)

# Use with pandas
df = pd.read_sql(query, conn)
df.to_sql('table_name', conn, if_exists='replace')
```

### Security Best Practices

1. **Environment Variables**: `${SQL_USERNAME}`, `${SQL_PASSWORD}`
2. **Azure Key Vault**: Store credentials centrally
3. **Managed Identity**: Prefer Azure AD auth over SQL auth
4. **Encryption**: Always use `Encrypt=yes` in connection strings
5. **Least Privilege**: Grant only necessary database permissions

### DSN Components

- **Driver**: ODBC driver version (17 or 18)
- **Server**: Fully qualified domain name + port
- **Database**: Target database name
- **Authentication**: ActiveDirectoryIntegrated, ActiveDirectoryPassword, or SQL
- **Encryption**: Transport layer security settings

---

## ‚è≠ Next Steps

**Continue to:** [13_advanced_connection_patterns.ipynb](13_advanced_connection_patterns.ipynb)

Learn advanced patterns like connection pooling, retry logic, and multi-database operations.

**Deep dive:**
- Read `odibi/connections/azure_sql.py` - Azure SQL connection implementation
- Read `odibi/connections/base.py` - Base connection interface
- Read `odibi/connections/secrets.py` - Credential management system