Merge pull request #2 from SanjaMalesevic/addPSCommandsForAadAdmin

Add ps commands for aad admin

Author: SanjaMalesevic

src/Sql/Sql.Test/ScenarioTests/ManagedInstanceActiveDirectoryAdministratorTests.cs

@@ -0,0 +1,47 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using Microsoft.Azure.Commands.ScenarioTest.SqlTests;
+using Microsoft.WindowsAzure.Commands.ScenarioTest;
+using Xunit;
+using Xunit.Abstractions;
+using RestTestFramework = Microsoft.Rest.ClientRuntime.Azure.TestFramework;
+
+namespace Microsoft.Azure.Commands.Sql.Test.ScenarioTests
+{
+	public class ManagedInstanceActiveDirectoryAdministratorTests : SqlTestsBase
+	{
+		public ManagedInstanceActiveDirectoryAdministratorTests(ITestOutputHelper output) : base(output)
+		{
+		}
+
+		protected override void SetupManagementClients(RestTestFramework.MockContext context)
+		{
+			var newResourcesClient = GetResourcesClient(context);
+			var sqlClient = GetSqlClient(context);
+			var networkClient = GetNetworkClient(context);
+			var graphClient = GetGraphClient(context);
+			Helper.SetupSomeOfManagementClients(newResourcesClient,sqlClient, networkClient, graphClient);
+		}
+
+	        [Fact(Skip = "Graph authentication blocks test passes")]
+		[Trait(Category.AcceptanceType, Category.CheckIn)]
+		public void TestManagedInstanceActiveDirectoryAdministrator()
+		{
+			RunPowerShellTest("Test-ManagedInstanceActiveDirectoryAdministrator");
+		}
+	}
+}
+
+

src/Sql/Sql.Test/ScenarioTests/ManagedInstanceActiveDirectoryAdministratorTests.ps1

@@ -0,0 +1,72 @@
+# ----------------------------------------------------------------------------------
+#
+# Copyright Microsoft Corporation
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ----------------------------------------------------------------------------------
+
+<#
+	.SYNOPSIS
+	Tests for managing Active Directory Administrator on managed instance
+#>
+function Test-ManagedInstanceActiveDirectoryAdministrator
+{
+	# Setup
+	$rg = Create-ResourceGroupForTest
+	$vnetName = "cl_initial"
+	$subnetName = "Cool"
+
+	# Setup VNET 
+	$virtualNetwork1 = CreateAndGetVirtualNetworkForManagedInstance $vnetName $subnetName $rg.Location
+	$subnetId = $virtualNetwork1.Subnets.where({ $_.Name -eq $subnetName })[0].Id
+
+	$managedInstance = Create-ManagedInstanceForTest $rg $subnetId
+
+	$activeDirectoryGroup1 = "aadadmin"
+	$activeDirectoryGroup1ObjectId = "52b6d571-5ff9-4b8f-92de-4a5b1bcdbbef"
+	$activeDirectoryUser1 = "CL AAD Test User"
+	$activeDirectoryUser1ObjectId = "034bb7d9-ca26-4c6f-abe0-4aff74fdca50"
+
+	# Verify there is no Active Directory Administrator set
+	$activeDirectoryAdmin = Get-AzSqlInstanceActiveDirectoryAdministrator -ResourceGroupName $rg.ResourceGroupName -InstanceName $managedInstance.ManagedInstanceName
+
+	Assert-Null $activeDirectoryAdmin
+
+	# Set an Active Directory Administrator Group on Managed Instance
+	# This command uses the Graph API to check if there is a user/group for provided DisplayName and ObjectId. Graph authentication blocks test passes, so if you need to record this test again, you must provide real token in 
+	# MockTokenAuthenticationFactory constructor and change SetAuthenticationFactory in EnvironmentSetupHelper.
+	$activeDirectoryAdmin1 = Set-AzSqlInstanceActiveDirectoryAdministrator -ResourceGroupName $rg.ResourceGroupName -InstanceName $managedInstance.ManagedInstanceName -DisplayName $activeDirectoryGroup1 -ObjectId $activeDirectoryGroup1ObjectId
+
+	Assert-NotNull $activeDirectoryAdmin1
+
+	# Verify the correct Active Directory Administrator is set
+	Assert-AreEqual $activeDirectoryAdmin1.DisplayName $activeDirectoryGroup1
+	Assert-AreEqual $activeDirectoryAdmin1.ObjectId $activeDirectoryGroup1ObjectId
+
+	# Get an Active Directory Administrator
+	$activeDirectoryAdmin2 = Get-AzSqlInstanceActiveDirectoryAdministrator -ResourceGroupName $rg.ResourceGroupName -InstanceName $managedInstance.ManagedInstanceName
+
+	Assert-AreEqual $activeDirectoryAdmin2.DisplayName $activeDirectoryGroup1
+	Assert-AreEqual $activeDirectoryAdmin2.ObjectId $activeDirectoryGroup1ObjectId
+
+	# Set an Active Directory Administrator User on Managed Instance
+	$activeDirectoryAdmin3 = Set-AzSqlInstanceActiveDirectoryAdministrator -ResourceGroupName $rg.ResourceGroupName -InstanceName $managedInstance.ManagedInstanceName -DisplayName $activeDirectoryUser1 -ObjectId $activeDirectoryUser1ObjectId
+
+	Assert-AreEqual $activeDirectoryAdmin3.DisplayName $activeDirectoryUser1
+	Assert-AreEqual $activeDirectoryAdmin3.ObjectId $activeDirectoryUser1ObjectId
+
+	# Remove an Active Directory Administrator User from Managed Instance
+	$activeDirectoryAdmin4 = Remove-AzSqlInstanceActiveDirectoryAdministrator -ResourceGroupName $rg.ResourceGroupName -InstanceName $managedInstance.ManagedInstanceName -Force
+
+	# Verify that Active Directory Administrator was deleted
+	$activeDirectoryAdmin5 = Get-AzSqlInstanceActiveDirectoryAdministrator -ResourceGroupName $rg.ResourceGroupName -InstanceName $managedInstance.ManagedInstanceName
+
+	Assert-Null $activeDirectoryAdmin5
+}

src/Sql/Sql.Test/ScenarioTests/SqlTestsBase.cs

@@ -31,8 +31,8 @@
 using Microsoft.Azure.Management.OperationalInsights;
 using SDKMonitor = Microsoft.Azure.Management.Monitor;
 using CommonMonitor = Microsoft.Azure.Management.Monitor.Version2018_09_01;
-using Microsoft.Azure.Graph.RBAC;
 using Microsoft.Azure.Management.KeyVault;
+using Microsoft.Azure.Graph.RBAC.Version1_6;
 
 namespace Microsoft.Azure.Commands.ScenarioTest.SqlTests
 {

src/Sql/Sql.Test/Sql.Test.csproj

@@ -19,7 +19,7 @@
     <PackageReference Include="Microsoft.Azure.KeyVault.WebKey" Version="3.0.1" />
     <PackageReference Include="Microsoft.Azure.Management.KeyVault" Version="2.4.2" />
     <PackageReference Include="Microsoft.Azure.Management.OperationalInsights" Version="0.19.0-preview" />
-    <PackageReference Include="Microsoft.Azure.Management.Sql" Version="1.33.0-preview" />
+    <PackageReference Include="Microsoft.Azure.Management.Sql" Version="1.34.0-preview" />
   </ItemGroup>
 
   <ItemGroup>

src/Sql/Sql/Az.Sql.psd1

@@ -230,6 +230,9 @@ CmdletsToExport = 'Get-AzSqlDatabaseTransparentDataEncryption',
                'Set-AzSqlInstanceTransparentDataEncryptionProtector', 
                'Get-AzSqlServerAudit', 'Get-AzSqlDatabaseAudit', 
                'Set-AzSqlServerAudit', 'Set-AzSqlDatabaseAudit', 
+	       'Get-AzSqlInstanceActiveDirectoryAdministrator', 
+               'Remove-AzSqlInstanceActiveDirectoryAdministrator', 
+               'Set-AzSqlInstanceActiveDirectoryAdministrator',
                'Remove-AzSqlServerAudit', 'Remove-AzSqlDatabaseAudit', 
                'Get-AzSqlInstancePool', 'Set-AzSqlInstancePool', 
                'New-AzSqlInstancePool', 'Remove-AzSqlInstancePool', 

src/Sql/Sql/ChangeLog.md

@@ -23,6 +23,7 @@
 * Remove the validation of EmailAddresses and the check that EmailAdmins is not false in case EmailAddresses is empty in Set-AzSqlServerAdvancedThreatProtectionPolicy and Set-AzSqlDatabaseAdvancedThreatProtectionPolicy
 * Enabled removal of server/database auditing settings when multiple diagnostic settings that enable audit category exist.
 * Fix email addresses validation in multiple Sql Vulnerability Assessment cmdlets (Update-AzSqlDatabaseVulnerabilityAssessmentSetting, Update-AzSqlServerVulnerabilityAssessmentSetting, Update-AzSqlInstanceDatabaseVulnerabilityAssessmentSetting and Update-AzSqlInstanceVulnerabilityAssessmentSetting).
+* Add support for setting Active Directory Administrator on Managed Instance
 
 ## Version 1.14.1
 * Update documentation of old Auditing cmdlets.

src/Sql/Sql/InstanceActiveDirectoryAdministrator/Cmdlet/AzureSqlInstanceActiveDirectoryAdministratorCmdletBase.cs

@@ -0,0 +1,46 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
+using Microsoft.Azure.Commands.Sql.Common;
+using Microsoft.Azure.Commands.Sql.InstanceActiveDirectoryAdministrator.Model;
+using Microsoft.Azure.Commands.Sql.InstanceActiveDirectoryAdministrator.Services;
+using System.Collections.Generic;
+using System.Management.Automation;
+
+namespace Microsoft.Azure.Commands.Sql.InstanceActiveDirectoryAdministrator.Cmdlet
+{
+    public abstract class AzureSqlInstanceActiveDirectoryAdministratorCmdletBase : AzureSqlCmdletBase<IEnumerable<AzureSqlInstanceActiveDirectoryAdministratorModel>, AzureSqlInstanceActiveDirectoryAdministratorAdapter>
+    {
+        /// <summary>
+        /// Gets or sets the name of the Azure SQL Managed Instance that contains the Azure Active Directory administrator.
+        /// </summary>
+        [Parameter(Mandatory = true,
+            ValueFromPipelineByPropertyName = true,
+            Position = 1,
+            HelpMessage = "The name of the Azure SQL Managed Instance the Azure Active Directory administrator is in.")]
+        [ResourceNameCompleter("Microsoft.Sql/managedInstances", "ResourceGroupName")]
+        [ValidateNotNullOrEmpty]
+        public string InstanceName { get; set; }
+
+        /// <summary>
+        /// Initializes the adapter
+        /// </summary>
+        /// <returns></returns>
+        protected override AzureSqlInstanceActiveDirectoryAdministratorAdapter InitModelAdapter()
+        {
+            return new AzureSqlInstanceActiveDirectoryAdministratorAdapter(DefaultProfile.DefaultContext);
+        }
+    }
+}

src/Sql/Sql/InstanceActiveDirectoryAdministrator/Cmdlet/GetAzureSqlInstanceActiveDirectoryAdministrator.cs

@@ -0,0 +1,58 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using Microsoft.Azure.Commands.Sql.InstanceActiveDirectoryAdministrator.Model;
+using System.Collections.Generic;
+using System.Management.Automation;
+
+namespace Microsoft.Azure.Commands.Sql.InstanceActiveDirectoryAdministrator.Cmdlet
+{
+    [Cmdlet("Get", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "SqlInstanceActiveDirectoryAdministrator")]
+    [OutputType(typeof(AzureSqlInstanceActiveDirectoryAdministratorModel))]
+    public class GetAzureSqlInstanceActiveDirectoryAdministrator : AzureSqlInstanceActiveDirectoryAdministratorCmdletBase
+    {
+        /// <summary>
+        /// Get the entities from the service
+        /// </summary>
+        /// <returns>The list of entities</returns>
+        protected override IEnumerable<AzureSqlInstanceActiveDirectoryAdministratorModel> GetEntity()
+        {
+            ICollection<AzureSqlInstanceActiveDirectoryAdministratorModel> results;
+
+            results = ModelAdapter.ListInstanceActiveDirectoryAdministrators(this.ResourceGroupName, this.InstanceName);
+
+            return results;
+        }
+
+        /// <summary>
+        /// No user input to apply to model
+        /// </summary>
+        /// <param name="model">Model retrieved from service</param>
+        /// <returns>The model that was passed in</returns>
+        protected override IEnumerable<AzureSqlInstanceActiveDirectoryAdministratorModel> ApplyUserInputToModel(IEnumerable<AzureSqlInstanceActiveDirectoryAdministratorModel> model)
+        {
+            return model;
+        }
+
+        /// <summary>
+        /// No changes to persist to mi
+        /// </summary>
+        /// <param name="entity">The output of apply user input to model</param>
+        /// <returns>The input entity</returns>
+        protected override IEnumerable<AzureSqlInstanceActiveDirectoryAdministratorModel> PersistChanges(IEnumerable<AzureSqlInstanceActiveDirectoryAdministratorModel> entity)
+        {
+            return entity;
+        }
+    }
+}

src/Sql/Sql/InstanceActiveDirectoryAdministrator/Cmdlet/RemoveAzureSqlInstanceActiveDirectoryAdministrator.cs

@@ -0,0 +1,79 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+using Microsoft.Azure.Commands.Sql.InstanceActiveDirectoryAdministrator.Model;
+using System.Collections.Generic;
+using System.Globalization;
+using System.Management.Automation;
+
+namespace Microsoft.Azure.Commands.Sql.InstanceActiveDirectoryAdministrator.Cmdlet
+{
+    [Cmdlet("Remove", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "SqlInstanceActiveDirectoryAdministrator", SupportsShouldProcess = true), OutputType(typeof(AzureSqlInstanceActiveDirectoryAdministratorModel))]
+    public class RemoveAzureSqlInstanceActiveDirectoryAdministrator : AzureSqlInstanceActiveDirectoryAdministratorCmdletBase
+    {
+        /// <summary>
+        /// Defines whether it is ok to skip the requesting of rule removal confirmation
+        /// </summary>
+        [Parameter(HelpMessage = "Skip confirmation message for performing the action")]
+        public SwitchParameter Force { get; set; }
+
+        /// <summary>
+        /// Get the entities from the service
+        /// </summary>
+        /// <returns>The list of entities</returns>
+        protected override IEnumerable<AzureSqlInstanceActiveDirectoryAdministratorModel> GetEntity()
+        {
+			return new List<AzureSqlInstanceActiveDirectoryAdministratorModel>() {
+				ModelAdapter.GetInstanceActiveDirectoryAdministrator(this.ResourceGroupName, this.InstanceName)
+            };
+        }
+
+        /// <summary>
+        /// No user input to apply to model
+        /// </summary>
+        /// <param name="model">Model retrieved from service</param>
+        /// <returns>The model that was passed in</returns>
+        protected override IEnumerable<AzureSqlInstanceActiveDirectoryAdministratorModel> ApplyUserInputToModel(IEnumerable<AzureSqlInstanceActiveDirectoryAdministratorModel> model)
+        {
+            return model;
+        }
+
+        /// <summary>
+        /// No changes to persist to managed instance
+        /// </summary>
+        /// <param name="entity">The output of apply user input to model</param>
+        /// <returns>The input entity</returns>
+        protected override IEnumerable<AzureSqlInstanceActiveDirectoryAdministratorModel> PersistChanges(IEnumerable<AzureSqlInstanceActiveDirectoryAdministratorModel> entity)
+        {
+            ModelAdapter.RemoveInstanceActiveDirectoryAdministrator(this.ResourceGroupName, this.InstanceName);
+            return entity;
+        }
+
+        /// <summary>
+        /// Entry point for the cmdlet
+        /// </summary>
+        public override void ExecuteCmdlet()
+        {
+            if (!Force.IsPresent && !ShouldProcess(
+               string.Format(CultureInfo.InvariantCulture, Properties.Resources.RemoveAzureSqlInstanceActiveDirectoryAdministratorDescription, this.InstanceName),
+               string.Format(CultureInfo.InvariantCulture, Properties.Resources.RemoveAzureSqlInstanceActiveDirectoryAdministratorWarning, this.InstanceName),
+               Properties.Resources.ShouldProcessCaption))
+            {
+                return;
+            }
+
+            base.ExecuteCmdlet();
+        }
+    }
+}