SQL VM IaaS Extension fixes and AKV Support #751
Conversation
The files in this change implement two changes: 1. The AutoBackup feature includes private settings in the public settings section. The fix was to add a public settings class that is used to manage the AutoBackup settings in the set and get command. The change does not impact the cmdlet interface or the objects used to configure AutoBackup. The change is internal to the feature implementation. The AutoBackup syntax command is still the same. Here is an example: $storageaccount = "nobrooklyninfrawe" $storageaccountkey = (Get-AzureStorageKey -StorageAccountName $storageaccount).Primary $storagecontext = New-AzureStorageContext -StorageAccountName $storageaccount -StorageAccountKey $storageaccountkey $password = "P@ssw0rd" $encryptionpassword = $password | ConvertTo-SecureString -AsPlainText -Force $autobackupconfig = New-AzureVMSqlServerAutoBackupConfig -StorageContext $storagecontext -Enable -RetentionPeriod 10 -EnableEncryption -CertificatePassword $encryptionpassword Get-AzureVM -ServiceName $serviceName -Name $vmName | Set-AzureVMSqlServerExtension -AutoBackupSettings $autobackupconfig | Update-AzureVM 2. SQL VM Azure key Vault Integration This is a new feature is added to configure SQL Connector to access Azure Key Vault on a SQL IaaS VM. The feature is only available for SQL Server 2012 and higher version. A new set of classes is added to manage Collecting the Azure Key Vault settings and new SQL credential settings. The user would provide the key vault url, principal name and secret and the SQL credential name. The user can enable \ disable the feature Using the Enable switch option. By default the feature is disabled. The following is an example to enable the feature: $akvsecret = "3j432j4lj32lk4j32lk4jlk32j4l32j4lj32lj4l32j4lk" $secureakv = $akvsecret | ConvertTo-SecureString -AsPlainText -Force $akvs = New-AzureVMSqlServerKeyVaultCredentialConfig -Enable -CredentialName mycredzz11 -AzureKeyVaultUrl "http://afSqlKVT.vault.azure.net" -ServicePrincipalName "jljlj3l-s4d4c-9d2d-42428ed7" -ServicePrincipalSecret $secureakv Get-AzureVM -ServiceName $serviceName -Name $vmName | Set-AzureVMSqlServerExtension -KeyVaultCredentialSettings $akvs | Update-AzureVM The change also update the extension status. The status output now includes the KeyVaultSettings object Get-AzureVM -ServiceName $serviceName -Name $vmName | Get-AzureVMSqlServerExtension The following is a sample output of the get command ExtensionName : SqlIaaSAgent Publisher : Microsoft.SqlServer.Management Version : 1.* State : Enable RoleName : afexttest AutoPatchingSettings : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions.AutoPatchingSettings AutoBackupSettings : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions.AutoBackupSettings KeyVaultCredentialSettings : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions.KeyVaultCredentialSettings
In the previous change, default settings were used for AKV and AutoBackup if the settings are not entered by the user. This is the wrong behavior as it would always update the VM with the default settings for feature that the user did not include in the set command.
1. Don't print or attempt to print private settings from the Get. Instead print *** if the options are set. 2. Print a message to educate the user when disabling Azure key vault that existing credentials will not be removed but AKV status will not be reported. 3. Update the help file. 4. No new tests are required as the current tests already cover the changes in this changeset.
|
Can one of the admins verify this patch? |
|
Hi @OJDUDE, I'm your friendly neighborhood Azure Pull Request Bot (You can call me AZPRBOT). Thanks for your contribution! TTYL, AZPRBOT; |
|
@OJDUDE please pull from upstream and resolve conflicts |
|
This is now update and all conflicts resolved |
|
@azuresdkci add to whitelist |
|
Thanks for the update |
|
@OJDUDE This has merge conflicts - can you please update? |
|
@OJDUDE If you are an ms employee, please add yopurself to the organization. If you are not, please sign the CLA |
|
@OJDUDE, Thanks for signing the contribution license agreement so quickly! Actual humans will now validate the agreement and then evaluate the PR. |
|
@OJDUDE Are you plannign to update this PR< or should I close it? |
|
Why are you planning to close it. The Azure CLA process is the reason I got delayed not me. I will be updating. We need this for the September release. Don't close it. |
|
Why are you planning to close it. The Azure CLA process is the reason I got delayed not me. I will be updating. We need this for the September release. Don't close it. From: Mark Cowlishaw [mailto:[email protected]] @OJDUDEhttps://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fi.8713187.xyz%2fOJDUDE&data=01%7c01%7comjaber%40microsoft.com%7c68167d935353488f3eb308d2afeb4b03%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=PqppmyL79BBMqv3IgwoHMPfBz0O3x%2fblVJFZiieKosQ%3d Are you plannign to update this PR< or should I close it? — |
|
I have just updated due a single conflict in the setup files. This always happens and auto merge fails on it. Can you please merge the change. |
|
The PR is updated. If you could please merge it. Thanks, From: Mark Cowlishaw [mailto:[email protected]] @OJDUDEhttps://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fi.8713187.xyz%2fOJDUDE&data=01%7c01%7comjaber%40microsoft.com%7c68167d935353488f3eb308d2afeb4b03%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=PqppmyL79BBMqv3IgwoHMPfBz0O3x%2fblVJFZiieKosQ%3d Are you plannign to update this PR< or should I close it? — |
|
@azuresdkci retest this please |
|
Thanks Mark for following up on this on your day off. |
|
Could you please test and merge this change please. |
|
Branch is updated. This is a comment to trigger the test. |
settings section. The fix was to add a public settings class that is
used to manage the AutoBackup settings in the set and get command.
The change does not impact the cmdlet interface or the objects used to
configure AutoBackup. The change is internal to the feature
implementation.The AutoBackup syntax command is still the same. 2. SQL VM Azure key Vault Integration
This is a new feature is added to configure SQL Connector to access
Azure Key Vault on a SQL IaaS VM. The feature is only available for SQL
Server 2012 and higher version. A new set of classes is added to manage
Collecting the Azure Key Vault settings and new SQL credential settings.
The user would provide the key vault url, principal name and secret and
the SQL credential name. The user can enable \ disable the feature
Using the Enable switch option. By default the feature is disabled. Get-AzureVM -ServiceName $serviceName -Name $vmName |
Set-AzureVMSqlServerExtension -KeyVaultCredentialSettings $akvs |
Update-AzureVM
The change also update the extension status. The status output now
includes the KeyVaultSettings object
Get-AzureVM -ServiceName $serviceName -Name $vmName |
Get-AzureVMSqlServerExtension
The following is a sample output of the get command
ExtensionName : SqlIaaSAgent
Publisher : Microsoft.SqlServer.Management
Version : 1.*
State : Enable
RoleName : afexttest
AutoPatchingSettings :
Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions.AutoPatchingSettings
AutoBackupSettings :
Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions.AutoBackupSettings
KeyVaultCredentialSettings :
Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.Extensions.KeyVaultCredentialSettings