[SQL] Add support for service principals for setting SQL AAD Admin. (#12140)

amolagar5 · web-flow · commit 320f7594af79 · 2020-06-13T16:16:07.000+08:00
* Allow Azure Active Directory applications to be set as SQL Server Azure Active Directory admin.

* Remove IsAzureADOnlyAuthenticaion option from SetAzureSqlServerActiveDirectoryAdministrator command. We will be adding a new API to enable this option.

* Update ChangeLog.md

* Add Static analysis exception to exceptions file.

* add support for service principal for set aad admin.

Co-authored-by: Amol Agarwal &lt;amagarwa@microsoft.com&gt;
diff --git a/src/Sql/Sql/ChangeLog.md b/src/Sql/Sql/ChangeLog.md
@@ -25,6 +25,8 @@
 * Added SyncMemberAzureDatabaseResourceId to `New-AzSqlSyncMember` and `Update-AzSqlSyncMember`
 * Added Guest user lookup support to Set SQL Server Azure Active Directory Admin cmdlet
 * Remove IsAzureADOnlyAuthentication parameter from Set-AzSqlServerActiveDirectoryAdministrator as it is not usable. 
+* Added support for service principal for Set SQL Server Azure Active Directory Admin cmdlet
+
 
 ## Version 2.6.1
 * Enhance performance of:
diff --git a/src/Sql/Sql/Properties/Resources.Designer.cs b/src/Sql/Sql/Properties/Resources.Designer.cs
diff --git a/src/Sql/Sql/Properties/Resources.resx b/src/Sql/Sql/Properties/Resources.resx
@@ -127,13 +127,13 @@
     <value>More than one Azure Active Directory user with the display name '{0}' was found. Please provide an Azure Active Directory object id to select the correct user. To get the object id use Get-AzADUser -SearchString "{0}"</value>
   </data>
   <data name="ADApplicationMoreThanOneFound" xml:space="preserve">
-    <value>More than one Azure Active Directory application with the display name '{0}' was found. Please provide an Azure Active Directory application id of the application to select the correct application. To get the application id use Get-AzADApplication -SearchString "{0}"</value>
+    <value>More than one Azure Active Directory application with the display name '{0}' was found. Please provide an Azure Active Directory application id of the application to select the correct application. To get the application id use Get-AzADApplication -SearchString "{0}" or use use Get-AzADServicePrincipal -SearchString "{0}"</value>
   </data>
   <data name="ADApplicationDisplayNameMismatch" xml:space="preserve">
-    <value>Azure Active Directory application with the display name '{0}' was found. Display Name provided does not match with application display name '{1}'. Please provide right display name that names with display name of the application. To get the application id use Get-AzADApplication -SearchString "{0}" or Get-AzADApplication -SearchString "{1}".</value>
+    <value>Azure Active Directory application with the display name '{0}' was found. Display Name provided does not match with any service principal display name '{1}'. Please provide right display name that names with display name of the application. To get the application id use Get-AzADApplication -SearchString "{0}" or Get-AzADServicePrincipal -SearchString "{1}".</value>
   </data>
   <data name="ADDuplicateGroupAndApplicationFound" xml:space="preserve">
-    <value>Azure Active Directory application and group with same display name '{0}' was found. Please provide an Azure Active Directory application id of the application or object id of the group to select the correct application. To get the application id use Get-AzADApplication -SearchString "{0}" or to get object id use Get-AzADGroup -SearchString "{0}".</value>
+    <value>Azure Active Directory application and group with same display name '{0}' was found. Please provide an Azure Active Directory application id of the service principal or object id of the group to select the correct application. To get the application id use Get-AzADServicePrincipal -SearchString "{0}" or to get object id use Get-AzADGroup -SearchString "{0}".</value>
   </data>
   <data name="DatabaseNameExists" xml:space="preserve">
     <value>Database with name: '{0}' already exists in server '{1}'.</value>
diff --git a/src/Sql/Sql/ServerActiveDirectoryAdministrator/Services/AzureSqlServerActiveDirectoryAdministratorAdapter.cs b/src/Sql/Sql/ServerActiveDirectoryAdministrator/Services/AzureSqlServerActiveDirectoryAdministratorAdapter.cs
@@ -208,30 +208,30 @@ protected ServerAzureADAdministrator GetActiveDirectoryInformation(string displa
                 }
             }
 
-            // Lookup for applications
-            ODataQuery<Application> odataQueryFilter;
+            // Lookup for serviceprincipals
+            ODataQuery<ServicePrincipal> odataQueryFilter;
 
             if ((objectId != null && objectId != Guid.Empty))
             {
                 var applicationIdString = objectId.ToString();
-                odataQueryFilter = new Rest.Azure.OData.ODataQuery<Application>(a => a.AppId == applicationIdString);
+                odataQueryFilter = new Rest.Azure.OData.ODataQuery<ServicePrincipal>(a => a.AppId == applicationIdString);
             }
             else
             {
-                odataQueryFilter = new Rest.Azure.OData.ODataQuery<Application>(a => a.DisplayName == displayName);
+                odataQueryFilter = new Rest.Azure.OData.ODataQuery<ServicePrincipal>(a => a.DisplayName == displayName);
             }
 
-            var applicationList = ActiveDirectoryClient.GetApplicationWithFilters(odataQueryFilter);
+            var srevicePrincipalList = ActiveDirectoryClient.FilterServicePrincipals(odataQueryFilter);
 
-            if (applicationList != null && applicationList.Count() > 1)
+            if (srevicePrincipalList != null && srevicePrincipalList.Count() > 1)
             {
-                // More than one application was found.
+                // More than one service principal was found.
                 throw new ArgumentException(string.Format(Microsoft.Azure.Commands.Sql.Properties.Resources.ADApplicationMoreThanOneFound, displayName));
             }
-            else if (applicationList != null && applicationList.Count() == 1)
+            else if (srevicePrincipalList != null && srevicePrincipalList.Count() == 1)
             {
                 // Only one user was found. Get the user display name and object id
-                PSADApplication app = applicationList.First();
+                PSADServicePrincipal app = srevicePrincipalList.First();
 
                 if (displayName != null && string.CompareOrdinal(displayName, app.DisplayName) != 0)
                 {
@@ -261,7 +261,7 @@ protected ServerAzureADAdministrator GetActiveDirectoryInformation(string displa
                 };
             }
 
-            // No group or application was found. Check for a user
+            // No group or service principal was found. Check for a user
             filter = new ADObjectFilterOptions()
             {
                 Id = (objectId != null && objectId != Guid.Empty) ? objectId.ToString() : null,

Original file line number	Diff line number	Diff line change
`@@ -208,30 +208,30 @@ protected ServerAzureADAdministrator GetActiveDirectoryInformation(string displa`
`208`	`208`	`}`
`209`	`209`	`}`
`210`	`210`
`211`		`- // Lookup for applications`
`212`		`- ODataQuery<Application> odataQueryFilter;`
	`211`	`+ // Lookup for serviceprincipals`
	`212`	`+ ODataQuery<ServicePrincipal> odataQueryFilter;`
`213`	`213`
`214`	`214`	`if ((objectId != null && objectId != Guid.Empty))`
`215`	`215`	`{`
`216`	`216`	`var applicationIdString = objectId.ToString();`
`217`		`- odataQueryFilter = new Rest.Azure.OData.ODataQuery<Application>(a => a.AppId == applicationIdString);`
	`217`	`+ odataQueryFilter = new Rest.Azure.OData.ODataQuery<ServicePrincipal>(a => a.AppId == applicationIdString);`
`218`	`218`	`}`
`219`	`219`	`else`
`220`	`220`	`{`
`221`		`- odataQueryFilter = new Rest.Azure.OData.ODataQuery<Application>(a => a.DisplayName == displayName);`
	`221`	`+ odataQueryFilter = new Rest.Azure.OData.ODataQuery<ServicePrincipal>(a => a.DisplayName == displayName);`
`222`	`222`	`}`
`223`	`223`
`224`		`- var applicationList = ActiveDirectoryClient.GetApplicationWithFilters(odataQueryFilter);`
	`224`	`+ var srevicePrincipalList = ActiveDirectoryClient.FilterServicePrincipals(odataQueryFilter);`
`225`	`225`
`226`		`- if (applicationList != null && applicationList.Count() > 1)`
	`226`	`+ if (srevicePrincipalList != null && srevicePrincipalList.Count() > 1)`
`227`	`227`	`{`
`228`		`- // More than one application was found.`
	`228`	`+ // More than one service principal was found.`
`229`	`229`	`throw new ArgumentException(string.Format(Microsoft.Azure.Commands.Sql.Properties.Resources.ADApplicationMoreThanOneFound, displayName));`
`230`	`230`	`}`
`231`		`- else if (applicationList != null && applicationList.Count() == 1)`
	`231`	`+ else if (srevicePrincipalList != null && srevicePrincipalList.Count() == 1)`
`232`	`232`	`{`
`233`	`233`	`// Only one user was found. Get the user display name and object id`
`234`		`- PSADApplication app = applicationList.First();`
	`234`	`+ PSADServicePrincipal app = srevicePrincipalList.First();`
`235`	`235`
`236`	`236`	`if (displayName != null && string.CompareOrdinal(displayName, app.DisplayName) != 0)`
`237`	`237`	`{`
`@@ -261,7 +261,7 @@ protected ServerAzureADAdministrator GetActiveDirectoryInformation(string displa`
`261`	`261`	`};`
`262`	`262`	`}`
`263`	`263`
`264`		`- // No group or application was found. Check for a user`
	`264`	`+ // No group or service principal was found. Check for a user`
`265`	`265`	`filter = new ADObjectFilterOptions()`
`266`	`266`	`{`
`267`	`267`	`Id = (objectId != null && objectId != Guid.Empty) ? objectId.ToString() : null,`