Skip to content

{ServiceConnector}: supporting customized keys in passwordless and fix admin user name #6722

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
kairu-ms merged 7 commits into from
Sep 7, 2023
Merged

{ServiceConnector}: supporting customized keys in passwordless and fix admin user name #6722

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
8d9b516
supporting customized keys in passwordless
xfz11 Sep 4, 2023
b783ad4
fix admin user name error
xfz11 Sep 4, 2023
83964db
Update _credential_free.py
xfz11 Sep 5, 2023
82e9edd
fix intent
xfz11 Sep 5, 2023
9eb23bd
Update HISTORY.rst
xfz11 Sep 6, 2023
bc8f0e7
fix
xfz11 Sep 7, 2023
046ed14
fix
xfz11 Sep 7, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion src/serviceconnector-passwordless/HISTORY.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@

Release History
===============
0.3.9
++++++
* Support `--customized-keys` and make some improvements.

0.3.8
++++++
* Make some improvements.
Expand Down Expand Up @@ -48,4 +52,4 @@ Release History

0.1.0
++++++
* Initial release.
* Initial release.
45 changes: 25 additions & 20 deletions src/serviceconnector-passwordless/azext_serviceconnector_passwordless/_credential_free.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,8 @@ class TargetHandler:
user_object_id = ""
aad_username = ""

admin_username = ""

identity_name = ""
identity_client_id = ""
identity_object_id = ""
Expand Down Expand Up @@ -307,8 +309,9 @@ def set_user_admin(self, user_object_id, **kwargs):
logger.warning(
'Unable to check if current user is AAD admin. Please confirm current user as AAD admin manually.')
return
is_admin = any(ad.get('sid') == user_object_id for ad in admins)
if is_admin:
admin_info = next((ad for ad in admins if ad.get('sid') == user_object_id), None)
if admin_info:
self.admin_username = admin_info.get('login')
return

logger.warning('Set current user as DB Server AAD Administrators.')
Expand All @@ -326,6 +329,7 @@ def set_user_admin(self, user_object_id, **kwargs):
self.resource_group, self.server, self.subscription, mysql_identity_id))
run_cli_cmd('az mysql flexible-server ad-admin create -g {} -s {} --subscription {} -u {} -i {} --identity {}'.format(
self.resource_group, self.server, self.subscription, self.login_username, user_object_id, mysql_identity_id))
self.admin_username = self.login_username

def create_aad_user(self):
query_list = self.get_create_query()
Expand Down Expand Up @@ -441,7 +445,7 @@ def get_connection_string(self):
return {
'host': self.server + self.endpoint,
'database': self.dbname,
'user': self.login_username,
'user': self.admin_username,
'password': password,
'ssl': {"fake_flag_to_enable_tls": True},
'autocommit': True
Expand Down Expand Up @@ -503,12 +507,13 @@ def set_user_admin(self, user_object_id, **kwargs):
logger.warning(
'Unable to check if current user is AAD admin. Please confirm current user as AAD admin manually.')
return
is_admin = any(ad.get('sid') == user_object_id for ad in admins)
if not is_admin:
admin_info = next((ad for ad in admins if ad.get('sid') == user_object_id), None)
if not admin_info:
logger.warning('Setting current user as database server AAD admin:'
' user=%s object id=%s', self.login_username, user_object_id)
run_cli_cmd('az sql server ad-admin create -g {} --server-name {} --display-name {} --object-id {} --subscription {}'.format(
self.resource_group, self.server, self.login_username, user_object_id, self.subscription)).get('objectId')
admin_info = run_cli_cmd('az sql server ad-admin create -g {} --server-name {} --display-name {} --object-id {} --subscription {}'.format(
self.resource_group, self.server, self.login_username, user_object_id, self.subscription))
self.admin_username = admin_info.get('login', self.login_username)

def create_aad_user(self):

Expand Down Expand Up @@ -699,12 +704,12 @@ def set_user_admin(self, user_object_id, **kwargs):
logger.warning(
'Unable to check if current user is AAD admin. Please confirm current user as AAD admin manually.')
return
is_admin = any(user_object_id in u.get("objectId", "") for u in admins)
if is_admin:
return
logger.warning('Set current user as DB Server AAD Administrators.')
run_cli_cmd('az postgres flexible-server ad-admin create -u {} -i {} -g {} -s {} --subscription {} -t {}'.format(
self.login_username, user_object_id, self.resource_group, self.db_server, self.subscription, self.login_usertype))
admin_info = next((ad for ad in admins if ad.get('objectId', "") == user_object_id), None)
if not admin_info:
logger.warning('Set current user as DB Server AAD Administrators.')
admin_info = run_cli_cmd('az postgres flexible-server ad-admin create -u {} -i {} -g {} -s {} --subscription {} -t {}'.format(
self.login_username, user_object_id, self.resource_group, self.db_server, self.subscription, self.login_usertype))
self.admin_username = admin_info.get('principalName', self.login_username)

def create_aad_user(self):
query_list = self.get_create_query()
Expand Down Expand Up @@ -823,7 +828,7 @@ def get_connection_string(self):

# extension functions require the extension to be available, which is the case for postgres (default) database.
conn_string = "host={} user={} dbname=postgres password={} sslmode=require".format(
self.host, self.login_username, password)
self.host, self.admin_username, password)
return conn_string

def get_create_query(self):
Expand Down Expand Up @@ -866,7 +871,6 @@ def set_user_admin(self, user_object_id, **kwargs):
sub = self.subscription
rg = self.resource_group
server = self.db_server
is_admin = True

# pylint: disable=not-an-iterable
admins = run_cli_cmd(
Expand All @@ -882,12 +886,13 @@ def set_user_admin(self, user_object_id, **kwargs):
logger.warning(
'Unable to check if current user is AAD admin. Please confirm current user as AAD admin manually.')
return
is_admin = any(ad.get('sid') == user_object_id for ad in admins)
if not is_admin:
admin_info = next((ad for ad in admins if ad.get('sid') == user_object_id), None)
if not admin_info:
logger.warning('Setting current user as database server AAD admin:'
' user=%s object id=%s', self.login_username, user_object_id)
run_cli_cmd('az postgres server ad-admin create -g {} --server-name {} --display-name {} --object-id {}'
' --subscription {}'.format(rg, server, self.login_username, user_object_id, sub)).get('objectId')
admin_info = run_cli_cmd('az postgres server ad-admin create -g {} --server-name {} --display-name {} --object-id {}'
' --subscription {}'.format(rg, server, self.login_username, user_object_id, sub))
self.admin_username = admin_info.get('login', self.login_username)

def set_target_firewall(self, is_add, ip_name, start_ip=None, end_ip=None):
sub = self.subscription
Expand Down Expand Up @@ -928,7 +933,7 @@ def get_connection_string(self):

# extension functions require the extension to be available, which is the case for postgres (default) database.
conn_string = "host={} user={} dbname={} password={} sslmode=require".format(
self.host, self.login_username + '@' + self.db_server, self.dbname, password)
self.host, self.admin_username + '@' + self.db_server, self.dbname, password)
return conn_string

def get_create_query(self):
Expand Down
5 changes: 4 additions & 1 deletion src/serviceconnector-passwordless/azext_serviceconnector_passwordless/_params.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,8 @@
add_vnet_block,
add_connection_string_argument,
add_secret_store_argument,
add_local_connection_block
add_local_connection_block,
add_customized_keys_argument
)
from azure.cli.command_modules.serviceconnector._validators import (
get_default_object_id_of_current_user
Expand Down Expand Up @@ -63,6 +64,7 @@ def load_arguments(self, _):
add_secret_store_argument(c)
add_vnet_block(c, target)
add_local_connection_block(c)
add_customized_keys_argument(c)
c.argument('yes', arg_type=yes_arg_type)

for source in SOURCE_RESOURCES_PARAMS:
Expand All @@ -77,4 +79,5 @@ def load_arguments(self, _):
add_secret_store_argument(c)
add_vnet_block(c, target)
add_connection_string_argument(c, source, target)
add_customized_keys_argument(c)
c.argument('yes', arg_type=yes_arg_type)
2 changes: 1 addition & 1 deletion src/serviceconnector-passwordless/azext_serviceconnector_passwordless/config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,5 @@
# --------------------------------------------------------------------------------------------


VERSION = '0.3.8'
VERSION = '0.3.9'
NAME = 'serviceconnector-passwordless'
4 changes: 4 additions & 0 deletions src/serviceconnector-passwordless/azext_serviceconnector_passwordless/custom.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ def connection_create_ext(cmd, client, # pylint: disable=too-many-locals,too-ma
service_endpoint=None,
private_endpoint=None,
store_in_connection_string=False,
customized_keys=None,
new_addon=False, no_wait=False,
yes=False,
# Resource.KubernetesCluster
Expand Down Expand Up @@ -44,6 +45,7 @@ def connection_create_ext(cmd, client, # pylint: disable=too-many-locals,too-ma
spring, app, deployment,
server, database,
enable_mi_for_db_linker=get_enable_mi_for_db_linker_func(yes),
customized_keys=customized_keys,
**kwargs)


Expand All @@ -56,6 +58,7 @@ def local_connection_create_ext(cmd, client, # pylint: disable=too-many-locals,
secret_auth_info=None, secret_auth_info_auto=None,
user_account_auth_info=None, # new auth info
service_principal_auth_info_secret=None,
customized_keys=None,
no_wait=False,
yes=False,
# Resource.*Postgres, Resource.*Sql*
Expand All @@ -77,4 +80,5 @@ def local_connection_create_ext(cmd, client, # pylint: disable=too-many-locals,
# Resource.*Postgres, Resource.*Sql*
server, database,
enable_mi_for_db_linker=get_enable_mi_for_db_linker_func(yes),
customized_keys=customized_keys,
**kwargs)
2 changes: 1 addition & 1 deletion src/serviceconnector-passwordless/setup.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
logger.warn("Wheel is not available, disabling bdist_wheel hook")


VERSION = '0.3.8'
VERSION = '0.3.9'
try:
from azext_serviceconnector_passwordless.config import VERSION
except ImportError:
Expand Down