[SQL] umi support for auditing (#20750)

IliasKhan · iliaskha · isra-fel · web-flow · commit c54c766def09 · 2023-01-28T14:07:34.000+08:00
* umi support for auditing

* updated changelog

* added null check

* Update ChangeLog.md

---------

Co-authored-by: Ilias Khan &lt;iliaskhan@microsoft.com&gt;
Co-authored-by: Yeming Liu &lt;11371776+isra-fel@users.noreply.github.com&gt;
diff --git a/src/Sql/Sql/Auditing/Services/AuditingEndpointsCommunicator.cs b/src/Sql/Sql/Auditing/Services/AuditingEndpointsCommunicator.cs
@@ -223,12 +223,15 @@ public DiagnosticSettingsResource UpdateDiagnosticSettings(DiagnosticSettingsRes
         public Guid? AssignServerIdentityIfNotAssigned(string resourceGroupName, string serverName)
         {
             var server = GetCurrentSqlClient().Servers.Get(resourceGroupName, serverName);
-            if (server.Identity == null ||
-                server.Identity.Type != ResourceIdentityType.SystemAssigned.ToString())
+            if (server.Identity == null)
             {
                 server.Identity = ResourceIdentityHelper.GetIdentityObjectFromType(true, ResourceIdentityType.SystemAssigned.ToString(), null, null);
                 server = GetCurrentSqlClient().Servers.CreateOrUpdate(resourceGroupName, serverName, server);
             }
+            else if (server.Identity.Type != null && server.Identity.Type.Contains("UserAssigned")) 
+            {
+                return null;
+            }
 
             return server.Identity.PrincipalId;
         }
diff --git a/src/Sql/Sql/Auditing/Services/SqlAuditAdapter.cs b/src/Sql/Sql/Auditing/Services/SqlAuditAdapter.cs
@@ -352,7 +352,10 @@ internal virtual void PolicizeStorageInfo(AuditModelType model, ProxyResource po
             if (AzureCommunicator.IsStorageAccountInVNet(model.StorageAccountResourceId) || model.UseIdentity == BoolType.True)
             {
                 Guid? principalId = Communicator.AssignServerIdentityIfNotAssigned(model.ResourceGroupName, model.ServerName);
-                AzureCommunicator.AssignRoleForServerIdentityOnStorageIfNotAssigned(model.StorageAccountResourceId, principalId.Value, RoleAssignmentId);
+                if (principalId != null)
+                {
+                    AzureCommunicator.AssignRoleForServerIdentityOnStorageIfNotAssigned(model.StorageAccountResourceId, principalId.Value, RoleAssignmentId);
+                }
             }
             else
             {
diff --git a/src/Sql/Sql/ChangeLog.md b/src/Sql/Sql/ChangeLog.md
@@ -19,6 +19,7 @@
 -->
 ## Upcoming Release
 * Added an optional parameter `HAReplicaCount` to `Restore-AzSqlDatabase`
+* Enabled support for UserAssignedManagedIdentity in Auditing
 
 ## Version 4.2.0
 * Added a parameter named `UseIdentity` for `Set-AzSqlServerAudit`, `Set-AzSqlDatabaseAudit`, `Set-AzSqlServerMSSupportAudit`

Original file line number	Diff line number	Diff line change
`@@ -223,12 +223,15 @@ public DiagnosticSettingsResource UpdateDiagnosticSettings(DiagnosticSettingsRes`
`223`	`223`	`public Guid? AssignServerIdentityIfNotAssigned(string resourceGroupName, string serverName)`
`224`	`224`	`{`
`225`	`225`	`var server = GetCurrentSqlClient().Servers.Get(resourceGroupName, serverName);`
`226`		`- if (server.Identity == null \|\|`
`227`		`- server.Identity.Type != ResourceIdentityType.SystemAssigned.ToString())`
	`226`	`+ if (server.Identity == null)`
`228`	`227`	`{`
`229`	`228`	`server.Identity = ResourceIdentityHelper.GetIdentityObjectFromType(true, ResourceIdentityType.SystemAssigned.ToString(), null, null);`
`230`	`229`	`server = GetCurrentSqlClient().Servers.CreateOrUpdate(resourceGroupName, serverName, server);`
`231`	`230`	`}`
	`231`	`+ else if (server.Identity.Type != null && server.Identity.Type.Contains("UserAssigned"))`
	`232`	`+ {`
	`233`	`+ return null;`
	`234`	`+ }`
`232`	`235`
`233`	`236`	`return server.Identity.PrincipalId;`
`234`	`237`	`}`
Original file line number	Diff line number	Diff line change
`@@ -352,7 +352,10 @@ internal virtual void PolicizeStorageInfo(AuditModelType model, ProxyResource po`
`352`	`352`	`if (AzureCommunicator.IsStorageAccountInVNet(model.StorageAccountResourceId) \|\| model.UseIdentity == BoolType.True)`
`353`	`353`	`{`
`354`	`354`	`Guid? principalId = Communicator.AssignServerIdentityIfNotAssigned(model.ResourceGroupName, model.ServerName);`
`355`		`- AzureCommunicator.AssignRoleForServerIdentityOnStorageIfNotAssigned(model.StorageAccountResourceId, principalId.Value, RoleAssignmentId);`
	`355`	`+ if (principalId != null)`
	`356`	`+ {`
	`357`	`+ AzureCommunicator.AssignRoleForServerIdentityOnStorageIfNotAssigned(model.StorageAccountResourceId, principalId.Value, RoleAssignmentId);`
	`358`	`+ }`
`356`	`359`	`}`
`357`	`360`	`else`
`358`	`361`	`{`