Merge pull request Azure#11165 from amolagar5/myPowershellChanges

wyunchi-ms · web-flow · commit 414561bc162a · 2020-03-04T15:19:48.000+08:00
Update sql server AAD Admin to use 2019-06-01-preview API
diff --git a/src/Sql/Sql/Az.Sql.psd1 b/src/Sql/Sql/Az.Sql.psd1
@@ -252,7 +252,8 @@ CmdletsToExport = 'Get-AzSqlDatabaseTransparentDataEncryption',
                'Enable-AzSqlDatabaseSensitivityRecommendation', 
                'Disable-AzSqlDatabaseSensitivityRecommendation', 
                'Enable-AzSqlInstanceDatabaseSensitivityRecommendation', 
-               'Disable-AzSqlInstanceDatabaseSensitivityRecommendation'
+               'Disable-AzSqlInstanceDatabaseSensitivityRecommendation',
+               'Disable-AzSqlServerActiveDirectoryOnlyAuthentication'
 
 # Variables to export from this module
 # VariablesToExport = @()
diff --git a/src/Sql/Sql/ChangeLog.md b/src/Sql/Sql/ChangeLog.md
@@ -24,6 +24,7 @@
 * Added support for cross subscription point in time restore on Managed Instances.
 * Added support for changing existing Sql Managed Instance hardware generation
 * Fixed `Update-AzSqlServerVulnerabilityAssessmentSetting` help examples: parameter/property output - EmailAdmins
+* Updating Azure SQL Server Active Azure administrator API to use 2019-06-01-preview api version.
 
 ## Version 2.2.0
 Fix New-AzSqlDatabaseSecondary cmdlet to check for PartnerDatabaseName existence instead of DatabaseName existence.
diff --git a/src/Sql/Sql/ServerActiveDirectoryAdministrator/Cmdlet/AzureSqlServerActiveDirectoryAdministratorCmdletBase.cs b/src/Sql/Sql/ServerActiveDirectoryAdministrator/Cmdlet/AzureSqlServerActiveDirectoryAdministratorCmdletBase.cs
@@ -12,8 +12,6 @@
 // limitations under the License.
 // ----------------------------------------------------------------------------------
 
-using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
-using Microsoft.Azure.Commands.Common.Authentication.Models;
 using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
 using Microsoft.Azure.Commands.Sql.Common;
 using Microsoft.Azure.Commands.Sql.ServerActiveDirectoryAdministrator.Model;
diff --git a/src/Sql/Sql/ServerActiveDirectoryAdministrator/Cmdlet/SetAzureSqlServerActiveDirectoryAdministrator.cs b/src/Sql/Sql/ServerActiveDirectoryAdministrator/Cmdlet/SetAzureSqlServerActiveDirectoryAdministrator.cs
@@ -11,9 +11,8 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 // ----------------------------------------------------------------------------------
-
-using Hyak.Common;
 using Microsoft.Azure.Commands.Sql.ServerActiveDirectoryAdministrator.Model;
+using Microsoft.Rest.Azure;
 using System;
 using System.Collections.Generic;
 using System.Linq;
@@ -24,7 +23,7 @@ namespace Microsoft.Azure.Commands.Sql.ServerActiveDirectoryAdministrator.Cmdlet
     /// <summary>
     /// Cmdlet to create a new Azure SQL Server Active Directory administrator
     /// </summary>
-    [Cmdlet("Set", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "SqlServerActiveDirectoryAdministrator",ConfirmImpact = ConfirmImpact.Medium, SupportsShouldProcess = true), OutputType(typeof(AzureSqlServerActiveDirectoryAdministratorModel))]
+    [Cmdlet("Set", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "SqlServerActiveDirectoryAdministrator", ConfirmImpact = ConfirmImpact.Medium, SupportsShouldProcess = true), OutputType(typeof(AzureSqlServerActiveDirectoryAdministratorModel))]
     public class SetAzureSqlServerActiveDirectoryAdministrator : AzureSqlServerActiveDirectoryAdministratorCmdletBase
     {
         /// <summary>
@@ -47,19 +46,33 @@ public class SetAzureSqlServerActiveDirectoryAdministrator : AzureSqlServerActiv
         [ValidateNotNullOrEmpty()]
         public Guid ObjectId { get; set; }
 
+        /// <summary>
+        /// Only Azure Active Directory authentication allowed
+        /// </summary>
+        [Parameter(Mandatory = false,
+            ValueFromPipelineByPropertyName = true,
+            Position = 4,
+            HelpMessage = "Specifies if only Azure Active Directory authentication is allowed.")]
+        [ValidateNotNullOrEmpty()]
+        public bool? IsAzureOnlyAuthentication { get; set; }
+
         /// <summary>
         /// Get the entities from the service
         /// </summary>
         /// <returns>The list of entities</returns>
         protected override IEnumerable<AzureSqlServerActiveDirectoryAdministratorModel> GetEntity()
         {
             List<AzureSqlServerActiveDirectoryAdministratorModel> currentActiveDirectoryAdmins = null;
+
             try
             {
-                currentActiveDirectoryAdmins = new List<AzureSqlServerActiveDirectoryAdministratorModel>()
+                AzureSqlServerActiveDirectoryAdministratorModel model = ModelAdapter.GetServerActiveDirectoryAdministrator(this.ResourceGroupName, this.ServerName);
+
+                if (model != null)
                 {
-                    ModelAdapter.GetServerActiveDirectoryAdministrator(this.ResourceGroupName, this.ServerName),
-                };
+                    currentActiveDirectoryAdmins = new List<AzureSqlServerActiveDirectoryAdministratorModel>();
+                    currentActiveDirectoryAdmins.Add(model);
+                }
             }
             catch (CloudException ex)
             {
@@ -69,6 +82,14 @@ protected override IEnumerable<AzureSqlServerActiveDirectoryAdministratorModel>
                     throw;
                 }
             }
+            catch (Exception ex)
+            {
+                if ((ex.InnerException is CloudException ex1) &&
+                     ex1.Response.StatusCode != System.Net.HttpStatusCode.NotFound)
+                {
+                    throw ex.InnerException ?? ex;
+                }
+            }
 
             return currentActiveDirectoryAdmins;
         }
@@ -80,13 +101,14 @@ protected override IEnumerable<AzureSqlServerActiveDirectoryAdministratorModel>
         /// <returns>A list of models that was passed in</returns>
         protected override IEnumerable<AzureSqlServerActiveDirectoryAdministratorModel> ApplyUserInputToModel(IEnumerable<AzureSqlServerActiveDirectoryAdministratorModel> model)
         {
-            List<Model.AzureSqlServerActiveDirectoryAdministratorModel> newEntity = new List<AzureSqlServerActiveDirectoryAdministratorModel>();
+            List<Model.AzureSqlServerActiveDirectoryAdministratorModel> newEntity  = new List<AzureSqlServerActiveDirectoryAdministratorModel>();
             newEntity.Add(new AzureSqlServerActiveDirectoryAdministratorModel()
             {
                 ResourceGroupName = ResourceGroupName,
                 ServerName = ServerName,
                 DisplayName = DisplayName,
                 ObjectId = ObjectId,
+                IsAzureADOnlyAuthentication = IsAzureOnlyAuthentication,
             });
             return newEntity;
         }
diff --git a/src/Sql/Sql/ServerActiveDirectoryAdministrator/Model/AzureSqlServerActiveDirectoryAdministratorModel.cs b/src/Sql/Sql/ServerActiveDirectoryAdministrator/Model/AzureSqlServerActiveDirectoryAdministratorModel.cs
@@ -40,5 +40,10 @@ public class AzureSqlServerActiveDirectoryAdministratorModel
         /// Gets or sets the unique ID of the Azure SQL Server Active administrator admin object id
         /// </summary>
         public Guid ObjectId { get; set; }
+
+        /// <summary>
+        /// Gets or sets the value to indicate if only Azure AD Only authentication is allowed
+        /// </summary>
+        public bool? IsAzureADOnlyAuthentication { get; set; }
     }
 }
diff --git a/src/Sql/Sql/ServerActiveDirectoryAdministrator/Services/AzureSqlServerActiveDirectoryAdministratorAdapter.cs b/src/Sql/Sql/ServerActiveDirectoryAdministrator/Services/AzureSqlServerActiveDirectoryAdministratorAdapter.cs
@@ -14,8 +14,7 @@
 
 using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
 using Microsoft.Azure.Commands.Sql.ServerActiveDirectoryAdministrator.Model;
-using Microsoft.Azure.Commands.Sql.Services;
-using Microsoft.Azure.Management.Sql.LegacySdk.Models;
+using Microsoft.Azure.Management.Sql.Models;
 using Microsoft.Azure.Graph.RBAC.Version1_6.ActiveDirectory;
 using System;
 using System.Collections.Generic;
@@ -113,10 +112,7 @@ internal ICollection<AzureSqlServerActiveDirectoryAdministratorModel> ListServer
         /// <returns>The upserted Azure SQL Server Active Directory administrator</returns>
         internal AzureSqlServerActiveDirectoryAdministratorModel UpsertServerActiveDirectoryAdministrator(string resourceGroup, string serverName, AzureSqlServerActiveDirectoryAdministratorModel model)
         {
-            var resp = Communicator.CreateOrUpdate(resourceGroup, serverName, new ServerAdministratorCreateOrUpdateParameters()
-            {
-                Properties = GetActiveDirectoryInformation(model.DisplayName, model.ObjectId)
-            });
+            var resp = Communicator.CreateOrUpdate(resourceGroup, serverName, GetActiveDirectoryInformation(model.DisplayName, model.ObjectId, model.IsAzureADOnlyAuthentication));
 
             return CreateServerActiveDirectoryAdministratorModelFromResponse(resourceGroup, serverName, resp);
         }
@@ -131,40 +127,59 @@ public void RemoveServerActiveDirectoryAdministrator(string resourceGroupName, s
             Communicator.Remove(resourceGroupName, serverName);
         }
 
+        /// <summary>
+        /// Disable Azure Active Directory only authentication on a Azure SQL Server
+        /// </summary>
+        /// <param name="resourceGroup">The name of the resource group</param>
+        /// <param name="serverName">The name of the Azure Sql ServerActiveDirectoryAdministrator Server</param>
+        /// <returns>The upserted Azure SQL Server Active Directory administrator</returns>
+        internal AzureSqlServerActiveDirectoryAdministratorModel DisableAzureADOnlyAuthenticaion(string resourceGroup, string serverName)
+        {
+            var resp = Communicator.Disable(resourceGroup, serverName);
+
+            return CreateServerActiveDirectoryAdministratorModelFromResponse(resourceGroup, serverName, resp);
+        }
+
         /// <summary>
         /// Converts the response from the service to a powershell database object
         /// </summary>
         /// <param name="resourceGroupName">The resource group the server is in</param>
         /// <param name="serverName">The name of the Azure Sql ServerActiveDirectoryAdministrator Server</param>
         /// <param name="admin">The service response</param>
         /// <returns>The converted model</returns>
-        public static AzureSqlServerActiveDirectoryAdministratorModel CreateServerActiveDirectoryAdministratorModelFromResponse(string resourceGroup, string serverName, Management.Sql.LegacySdk.Models.ServerAdministrator admin)
+        public static AzureSqlServerActiveDirectoryAdministratorModel CreateServerActiveDirectoryAdministratorModelFromResponse(string resourceGroup, string serverName, Management.Sql.Models.ServerAzureADAdministrator admin)
         {
-            AzureSqlServerActiveDirectoryAdministratorModel model = new AzureSqlServerActiveDirectoryAdministratorModel();
-
-            model.ResourceGroupName = resourceGroup;
-            model.ServerName = serverName;
-            model.DisplayName = admin.Properties.Login;
-            model.ObjectId = admin.Properties.Sid;
+            if (admin != null)
+            {
+                AzureSqlServerActiveDirectoryAdministratorModel model = new AzureSqlServerActiveDirectoryAdministratorModel();
+
+                model.ResourceGroupName = resourceGroup;
+                model.ServerName = serverName;
+                model.DisplayName = admin.Login;
+                model.ObjectId = admin.Sid;
+                model.IsAzureADOnlyAuthentication = admin.AzureADOnlyAuthentication;
+                return model;
+            }
 
-            return model;
+            return null;
         }
 
         /// <summary>
         /// Verifies that the Azure Active Directory user or group exists, and will get the object id if it is not set.
         /// </summary>
         /// <param name="displayName">Azure Active Directory user or group display name</param>
         /// <param name="objectId">Azure Active Directory user or group object id</param>
+        /// <param name="isAzureADOnlyAuthentication">Allow only Azure Active Directory authentication</param>
         /// <returns></returns>
-        protected ServerAdministratorCreateOrUpdateProperties GetActiveDirectoryInformation(string displayName, Guid objectId)
+        protected ServerAzureADAdministrator GetActiveDirectoryInformation(string displayName, Guid objectId, bool? isAzureADOnlyAuthentication)
         {
             // Gets the default Tenant id for the subscriptions
             Guid tenantId = GetTenantId();
 
             // Check for a Azure Active Directory group. Recommended to always use group.
             IEnumerable<PSADGroup> groupList = null;
 
-            var filter = new ADObjectFilterOptions()
+                        var filter = new ADObjectFilterOptions()
             {
                 Id = (objectId != null && objectId != Guid.Empty) ? objectId.ToString() : null,
                 SearchString = displayName,
@@ -190,11 +205,13 @@ protected ServerAdministratorCreateOrUpdateProperties GetActiveDirectoryInformat
                     throw new ArgumentException(string.Format(Microsoft.Azure.Commands.Sql.Properties.Resources.InvalidADGroupNotSecurity, displayName));
                 }
 
-                return new ServerAdministratorCreateOrUpdateProperties()
+
+                return new ServerAzureADAdministrator()
                 {
                     Login = group.DisplayName,
                     Sid = group.Id,
                     TenantId = tenantId,
+                    AzureADOnlyAuthentication = isAzureADOnlyAuthentication,
                 };
             }
 
@@ -238,11 +255,12 @@ protected ServerAdministratorCreateOrUpdateProperties GetActiveDirectoryInformat
                 // Only one user was found. Get the user display name and object id
                 var obj = userList.First();
 
-                return new ServerAdministratorCreateOrUpdateProperties()
+                return new ServerAzureADAdministrator()
                 {
                     Login = displayName,
                     Sid = obj.Id,
                     TenantId = tenantId,
+                    AzureADOnlyAuthentication = isAzureADOnlyAuthentication,
                 };
             }
         }
diff --git a/src/Sql/Sql/ServerActiveDirectoryAdministrator/Services/AzureSqlServerActiveDirectoryAdministratorCommunicator.cs b/src/Sql/Sql/ServerActiveDirectoryAdministrator/Services/AzureSqlServerActiveDirectoryAdministratorCommunicator.cs
@@ -14,8 +14,8 @@
 
 using Microsoft.Azure.Commands.Common.Authentication;
 using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
-using Microsoft.Azure.Management.Sql.LegacySdk;
-using Microsoft.Azure.Management.Sql.LegacySdk.Models;
+using Microsoft.Azure.Management.Sql;
+using Microsoft.Azure.Management.Sql.Models;
 using System.Collections.Generic;
 
 namespace Microsoft.Azure.Commands.Sql.ServerActiveDirectoryAdministrator.Services
@@ -68,35 +68,41 @@ public AzureSqlServerActiveDirectoryAdministratorCommunicator(IAzureContext cont
         /// <summary>
         /// Gets the Azure SQL Server Active Directory administrator
         /// </summary>
-        public Management.Sql.LegacySdk.Models.ServerAdministrator Get(string resourceGroupName, string serverName)
+        public Management.Sql.Models.ServerAzureADAdministrator Get(string resourceGroupName, string serverName)
         {
-            return GetCurrentSqlClient().ServerAdministrators.Get(resourceGroupName, serverName, ActiveDirectoryDefaultName).Administrator;
+            return GetCurrentSqlClient().ServerAzureADAdministrators.GetAsync(resourceGroupName, serverName).Result;
         }
 
         /// <summary>
         /// Lists Azure SQL Server Active Directory administrators
         /// </summary>
-        public IList<Management.Sql.LegacySdk.Models.ServerAdministrator> List(string resourceGroupName, string serverName)
+        public IEnumerable<Management.Sql.Models.ServerAzureADAdministrator> List(string resourceGroupName, string serverName)
         {
-            return GetCurrentSqlClient().ServerAdministrators.List(resourceGroupName, serverName).Administrators;
+            return GetCurrentSqlClient().ServerAzureADAdministrators.ListByServer(resourceGroupName, serverName);
         }
 
         /// <summary>
         /// Creates or updates a Azure SQL Server Active Directory Administrator
         /// </summary>
-        public Management.Sql.LegacySdk.Models.ServerAdministrator CreateOrUpdate(string resourceGroupName, string serverName, ServerAdministratorCreateOrUpdateParameters parameters)
+        public Management.Sql.Models.ServerAzureADAdministrator CreateOrUpdate(string resourceGroupName, string serverName, ServerAzureADAdministrator parameters)
         {
-            // Always set the type to active directory
-            parameters.Properties.AdministratorType = ActiveDirectoryDefaultType;
-            return GetCurrentSqlClient().ServerAdministrators.CreateOrUpdate(resourceGroupName, serverName, ActiveDirectoryDefaultName, parameters).ServerAdministrator;
+           return GetCurrentSqlClient().ServerAzureADAdministrators.CreateOrUpdate(resourceGroupName, serverName, parameters);
         }
 
         /// <summary>
         /// Deletes a Azure SQL Server Active Directory Administrator
         /// </summary>
         public void Remove(string resourceGroupName, string serverName)
         {
-            GetCurrentSqlClient().ServerAdministrators.Delete(resourceGroupName, serverName, ActiveDirectoryDefaultName);
+            GetCurrentSqlClient().ServerAzureADAdministrators.DeleteWithHttpMessagesAsync(resourceGroupName, serverName);
+        }
+
+        /// <summary>
+        /// Disables Azure Active Directory only authentication on a Azure SQL Server
+        /// </summary>
+        public Management.Sql.Models.ServerAzureADAdministrator Disable(string resourceGroupName, string serverName)
+        {
+            return GetCurrentSqlClient().ServerAzureADAdministrators.DisableAzureADOnlyAuthenticationAsync(resourceGroupName, serverName).Result;
         }
 
         /// <summary>
@@ -109,7 +115,7 @@ private SqlManagementClient GetCurrentSqlClient()
             // Get the SQL management client for the current subscription
             if (SqlClient == null)
             {
-                SqlClient = AzureSession.Instance.ClientFactory.CreateClient<SqlManagementClient>(Context, AzureEnvironment.Endpoint.ResourceManager);
+                SqlClient = AzureSession.Instance.ClientFactory.CreateArmClient<Management.Sql.SqlManagementClient>(Context, AzureEnvironment.Endpoint.ResourceManager);
             }
             return SqlClient;
         }
diff --git a/src/Sql/Sql/help/Az.Sql.md b/src/Sql/Sql/help/Az.Sql.md
@@ -71,6 +71,10 @@ Disables Advanced Data Security on a managed instance.
 ### [Disable-AzSqlInstanceDatabaseSensitivityRecommendation](Disable-AzSqlInstanceDatabaseSensitivityRecommendation)
 Disbles sensitivity recommendations on columns in the Azure SQL managed instance database.
 
+
+### [Disable-AzSqlServerActiveDirectoryOnlyAuthentication](Disable-AzSqlServerActiveDirectoryOnlyAuthentication.md)
+Disables Azure AD only authentication for a specific SQL Server.
+
 ### [Disable-AzSqlServerAdvancedDataSecurity](Disable-AzSqlServerAdvancedDataSecurity.md)
 Disables Advanced Data Security on a server.
 
diff --git a/src/Sql/Sql/help/Disable-AzSqlServerActiveDirectoryOnlyAuthentication.md b/src/Sql/Sql/help/Disable-AzSqlServerActiveDirectoryOnlyAuthentication.md
diff --git a/src/Sql/Sql/help/Get-AzSqlServerActiveDirectoryAdministrator.md b/src/Sql/Sql/help/Get-AzSqlServerActiveDirectoryAdministrator.md
diff --git a/src/Sql/Sql/help/Set-AzSqlServerActiveDirectoryAdministrator.md b/src/Sql/Sql/help/Set-AzSqlServerActiveDirectoryAdministrator.md

Original file line number	Diff line number	Diff line change
`@@ -40,5 +40,10 @@ public class AzureSqlServerActiveDirectoryAdministratorModel`
`40`	`40`	`/// Gets or sets the unique ID of the Azure SQL Server Active administrator admin object id`
`41`	`41`	`/// </summary>`
`42`	`42`	`public Guid ObjectId { get; set; }`
	`43`	`+`
	`44`	`+ /// <summary>`
	`45`	`+ /// Gets or sets the value to indicate if only Azure AD Only authentication is allowed`
	`46`	`+ /// </summary>`
	`47`	`+ public bool? IsAzureADOnlyAuthentication { get; set; }`
`43`	`48`	`}`
`44`	`49`	`}`