Powershell for AAD Only Authentication on Managed Instance. (#12890)

* Powershell for AAD Only Authentication on Managed Instance.

* Fix nuget version in Sql.Test

* Fix links for Online Docs.

Author: strehan1993

src/Sql/Sql.Test/Sql.Test.csproj

@@ -19,7 +19,7 @@
     <PackageReference Include="Microsoft.Azure.KeyVault.WebKey" Version="3.0.1" />
     <PackageReference Include="Microsoft.Azure.Management.KeyVault" Version="3.0.0" />
     <PackageReference Include="Microsoft.Azure.Management.OperationalInsights" Version="0.21.0-preview" />
-    <PackageReference Include="Microsoft.Azure.Management.Sql" Version="1.44.0-preview" />
+    <PackageReference Include="Microsoft.Azure.Management.Sql" Version="1.44.1-preview" />
   </ItemGroup>
 
   <ItemGroup>

src/Sql/Sql/Az.Sql.psd1

@@ -262,10 +262,13 @@ CmdletsToExport = 'Get-AzSqlDatabaseTransparentDataEncryption',
                'Invoke-AzSqlInstanceFailover',
                'Enable-AzSqlServerActiveDirectoryOnlyAuthentication',
                'Get-AzSqlServerActiveDirectoryOnlyAuthentication',
-			   'Start-AzSqlInstanceDatabaseLogReplay',
-			   'Complete-AzSqlInstanceDatabaseLogReplay',
-			   'Stop-AzSqlInstanceDatabaseLogReplay',
-			   'Get-AzSqlInstanceDatabaseLogReplay'
+               'Start-AzSqlInstanceDatabaseLogReplay',
+               'Complete-AzSqlInstanceDatabaseLogReplay',
+               'Stop-AzSqlInstanceDatabaseLogReplay',
+               'Get-AzSqlInstanceDatabaseLogReplay',
+               'Disable-AzSqlInstanceActiveDirectoryOnlyAuthentication', 
+               'Enable-AzSqlInstanceActiveDirectoryOnlyAuthentication',
+               'Get-AzSqlInstanceActiveDirectoryOnlyAuthentication'
 
 # Variables to export from this module
 # VariablesToExport = @()

src/Sql/Sql/ChangeLog.md

@@ -27,6 +27,9 @@
 	- `Get-AzSqlInstanceDatabaseLogReplay`
 	- `Complete-AzSqlInstanceDatabaseLogReplay`
 	- `Stop-AzSqlInstanceDatabaseLogReplay`
+* Added cmdlet `Get-AzSqlInstanceActiveDirectoryOnlyAuthentication`
+* Added cmdlet `Enable-AzSqlInstanceActiveDirectoryOnlyAuthentication`
+* Added cmdlet `Disable-AzSqlInstanceActiveDirectoryOnlyAuthentication`
 
 ## Version 2.9.1
 * Fixed potential server name case insensitive error in `New-AzSqlServer` and `Set-AzSqlServer`

src/Sql/Sql/InstanceActiveDirectoryOnlyAuthentication/Cmdlet/AzureSqlInstanceActiveDirectoryOnlyAuthenticationCmdletBase.cs

@@ -0,0 +1,46 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
+using Microsoft.Azure.Commands.Sql.Common;
+using Microsoft.Azure.Commands.Sql.InstanceActiveDirectoryOnlyAuthentication.Model;
+using Microsoft.Azure.Commands.Sql.InstanceActiveDirectoryOnlyAuthentication.Services;
+using System.Collections.Generic;
+using System.Management.Automation;
+
+namespace Microsoft.Azure.Commands.Sql.InstanceActiveDirectoryOnlyAuthentication.Cmdlet
+{
+    public abstract class AzureSqlInstanceActiveDirectoryOnlyAuthenticationCmdletBase : AzureSqlCmdletBase<IEnumerable<AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel>, AzureSqlInstanceActiveDirectoryOnlyAuthenticationAdapter>
+    {
+        /// <summary>
+        /// Gets or sets the name of the Azure SQL Managed Instance that contains the Azure Active Directory administrator.
+        /// </summary>
+        [Parameter(Mandatory = true,
+            ValueFromPipelineByPropertyName = true,
+            Position = 1,
+            HelpMessage = "The name of the Azure SQL Managed Instance the Azure Active Directory only authentication is in.")]
+        [ResourceNameCompleter("Microsoft.Sql/managedInstances", "ResourceGroupName")]
+        [ValidateNotNullOrEmpty]
+        public string InstanceName { get; set; }
+
+        /// <summary>
+        /// Initializes the adapter
+        /// </summary>
+        /// <returns></returns>
+        protected override AzureSqlInstanceActiveDirectoryOnlyAuthenticationAdapter InitModelAdapter()
+        {
+            return new AzureSqlInstanceActiveDirectoryOnlyAuthenticationAdapter(DefaultProfile.DefaultContext);
+        }
+    }
+}

src/Sql/Sql/InstanceActiveDirectoryOnlyAuthentication/Cmdlet/DisableAzureSqlInstanceActiveDirectoryOnlyAuthentication.cs

@@ -0,0 +1,99 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using Microsoft.Azure.Commands.Sql.InstanceActiveDirectoryOnlyAuthentication.Model;
+using Microsoft.Rest.Azure;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Management.Automation;
+
+
+namespace Microsoft.Azure.Commands.Sql.InstanceActiveDirectoryOnlyAuthentication.Cmdlet
+{
+    /// <summary>
+    /// Disables the Azure Active Directory only authentication of a specific SQL Managed Instance.
+    /// </summary>
+    [Cmdlet("Disable", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "SqlInstanceActiveDirectoryOnlyAuthentication", ConfirmImpact = ConfirmImpact.None, SupportsShouldProcess = true)]
+    [OutputType(typeof(AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel))]
+    public class DisableAzureSqlInstanceActiveDirectoryOnlyAuthentication : AzureSqlInstanceActiveDirectoryOnlyAuthenticationCmdletBase
+    {
+        /// <summary>
+        /// Get the entities from the service
+        /// </summary>
+        /// <returns>The list of entities</returns>
+        protected override IEnumerable<AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel> GetEntity()
+        {
+            List<AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel> currentActiveDirectoryOnlyAuthentications = null;
+
+            try
+            {
+                AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel model = ModelAdapter.GetInstanceActiveDirectoryOnlyAuthentication(this.ResourceGroupName, this.InstanceName);
+
+                if (model != null)
+                {
+                    currentActiveDirectoryOnlyAuthentications = new List<AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel>();
+                    currentActiveDirectoryOnlyAuthentications.Add(model);
+                }
+            }
+            catch (CloudException ex)
+            {
+                if (ex.Response.StatusCode != System.Net.HttpStatusCode.NotFound)
+                {
+                    // Unexpected exception encountered
+                    throw;
+                }
+            }
+            catch (Exception ex)
+            {
+                if ((ex.InnerException is CloudException ex1) &&
+                     ex1.Response.StatusCode != System.Net.HttpStatusCode.NotFound)
+                {
+                    throw ex.InnerException ?? ex;
+                }
+            }
+
+            return currentActiveDirectoryOnlyAuthentications;
+        }
+
+        /// <summary>
+        /// Create the list of models from a list of user input
+        /// </summary>
+        /// <param name="model">A IEnumerable of models retrieved from service</param>
+        /// <returns>A list of models that was passed in</returns>
+        protected override IEnumerable<AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel> ApplyUserInputToModel(IEnumerable<AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel> model)
+        {
+            List<Model.AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel> newEntity = new List<AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel>();
+            newEntity.Add(new AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel()
+            {
+                ResourceGroupName = ResourceGroupName,
+                InstanceName = InstanceName,
+                AzureADOnlyAuthentication = false
+            });
+            return newEntity;
+        }
+
+        /// <summary>
+        /// Update the Azure SQL Managed Instance Active Directory only authentication
+        /// </summary>
+        /// <param name="entity">A list of models to update the list</param>
+        /// <returns>A list of the persisted entities</returns>
+        protected override IEnumerable<AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel> PersistChanges(IEnumerable<AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel> entity)
+        {
+            return new List<AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel>() {
+                ModelAdapter.UpsertAzureADOnlyAuthenticaion(this.ResourceGroupName, this.InstanceName, entity.FirstOrDefault())
+            };
+        }
+    }
+}

src/Sql/Sql/InstanceActiveDirectoryOnlyAuthentication/Cmdlet/EnableAzureSqlInstanceActiveDirectoryOnlyAuthentication.cs

@@ -0,0 +1,99 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using Microsoft.Azure.Commands.Sql.InstanceActiveDirectoryOnlyAuthentication.Model;
+using Microsoft.Rest.Azure;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Management.Automation;
+
+
+namespace Microsoft.Azure.Commands.Sql.InstanceActiveDirectoryOnlyAuthentication.Cmdlet
+{
+    /// <summary>
+    /// Disables the Azure Active Directory only authentication of a specific SQL Managed Instance.
+    /// </summary>
+    [Cmdlet("Enable", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "SqlInstanceActiveDirectoryOnlyAuthentication", ConfirmImpact = ConfirmImpact.None, SupportsShouldProcess = true)]
+    [OutputType(typeof(AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel))]
+    public class EnableAzureSqlInstanceActiveDirectoryOnlyAuthentication : AzureSqlInstanceActiveDirectoryOnlyAuthenticationCmdletBase
+    {
+        /// <summary>
+        /// Get the entities from the service
+        /// </summary>
+        /// <returns>The list of entities</returns>
+        protected override IEnumerable<AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel> GetEntity()
+        {
+            List<AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel> currentActiveDirectoryOnlyAuthentications = null;
+
+            try
+            {
+                AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel model = ModelAdapter.GetInstanceActiveDirectoryOnlyAuthentication(this.ResourceGroupName, this.InstanceName);
+
+                if (model != null)
+                {
+                    currentActiveDirectoryOnlyAuthentications = new List<AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel>();
+                    currentActiveDirectoryOnlyAuthentications.Add(model);
+                }
+            }
+            catch (CloudException ex)
+            {
+                if (ex.Response.StatusCode != System.Net.HttpStatusCode.NotFound)
+                {
+                    // Unexpected exception encountered
+                    throw;
+                }
+            }
+            catch (Exception ex)
+            {
+                if ((ex.InnerException is CloudException ex1) &&
+                     ex1.Response.StatusCode != System.Net.HttpStatusCode.NotFound)
+                {
+                    throw ex.InnerException ?? ex;
+                }
+            }
+
+            return currentActiveDirectoryOnlyAuthentications;
+        }
+
+        /// <summary>
+        /// Create the list of models from a list of user input
+        /// </summary>
+        /// <param name="model">A IEnumerable of models retrieved from service</param>
+        /// <returns>A list of models that was passed in</returns>
+        protected override IEnumerable<AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel> ApplyUserInputToModel(IEnumerable<AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel> model)
+        {
+            List<Model.AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel> newEntity = new List<AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel>();
+            newEntity.Add(new AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel()
+            {
+                ResourceGroupName = ResourceGroupName,
+                InstanceName = InstanceName,
+                AzureADOnlyAuthentication = true
+            });
+            return newEntity;
+        }
+
+        /// <summary>
+        /// Update the Azure SQL Managed Instance Active Directory only authentication
+        /// </summary>
+        /// <param name="entity">A list of models to update the list</param>
+        /// <returns>A list of the persisted entities</returns>
+        protected override IEnumerable<AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel> PersistChanges(IEnumerable<AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel> entity)
+        {
+            return new List<AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel>() {
+                ModelAdapter.UpsertAzureADOnlyAuthenticaion(this.ResourceGroupName, this.InstanceName, entity.FirstOrDefault())
+            };
+        }
+    }
+}

src/Sql/Sql/InstanceActiveDirectoryOnlyAuthentication/Cmdlet/GetAzureSqlInstanceActiveDirectoryOnlyAuthentication.cs

@@ -0,0 +1,58 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using Microsoft.Azure.Commands.Sql.InstanceActiveDirectoryOnlyAuthentication.Model;
+using System.Collections.Generic;
+using System.Management.Automation;
+
+namespace Microsoft.Azure.Commands.Sql.InstanceActiveDirectoryOnlyAuthentication.Cmdlet
+{
+    [Cmdlet("Get", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "SqlInstanceActiveDirectoryOnlyAuthentication", ConfirmImpact = ConfirmImpact.None, SupportsShouldProcess = true)]
+    [OutputType(typeof(AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel))]
+    public class GetAzureSqlInstanceActiveDirectoryOnlyAuthentication : AzureSqlInstanceActiveDirectoryOnlyAuthenticationCmdletBase
+    {
+        /// <summary>
+        /// Get the entities from the service
+        /// </summary>
+        /// <returns>The list of entities</returns>
+        protected override IEnumerable<AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel> GetEntity()
+        {
+            ICollection<AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel> results;
+
+            results = ModelAdapter.ListInstanceActiveDirectoryOnlyAuthentications(this.ResourceGroupName, this.InstanceName);
+
+            return results;
+        }
+
+        /// <summary>
+        /// No user input to apply to model
+        /// </summary>
+        /// <param name="model">Model retrieved from service</param>
+        /// <returns>The model that was passed in</returns>
+        protected override IEnumerable<AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel> ApplyUserInputToModel(IEnumerable<AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel> model)
+        {
+            return model;
+        }
+
+        /// <summary>
+        /// No changes to persist to server
+        /// </summary>
+        /// <param name="entity">The output of apply user input to model</param>
+        /// <returns>The input entity</returns>
+        protected override IEnumerable<AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel> PersistChanges(IEnumerable<AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel> entity)
+        {
+            return entity;
+        }
+    }
+}

src/Sql/Sql/InstanceActiveDirectoryOnlyAuthentication/Model/AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel.cs

@@ -0,0 +1,39 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using System;
+
+namespace Microsoft.Azure.Commands.Sql.InstanceActiveDirectoryOnlyAuthentication.Model
+{
+    /// <summary>
+    /// Represents an Azure SQL Managed Instance Active Directory only authentication
+    /// </summary>
+    public class AzureSqlInstanceActiveDirectoryOnlyAuthenticationModel
+    {
+        /// <summary>
+        /// Gets or sets the name of the resource group
+        /// </summary>
+        public string ResourceGroupName { get; set; }
+
+        /// <summary>
+        /// Gets or sets the name of the instance
+        /// </summary>
+        public string InstanceName { get; set; }
+
+        /// <summary>
+        /// Gets or sets the value to indicate Azure AD Only authentication
+        /// </summary>
+        public bool AzureADOnlyAuthentication { get; set; }
+    }
+}