[SQL] Support setting of AAD administrator on Managed Instance

src/azure-cli/HISTORY.rst

@@ -10,6 +10,10 @@ Release History
         - Changed parameter --ask from utf-8 string to 32 character hex string.
     job start:
         - Changed the command from `job start` to `job create`.
+
+**SQL**
+
+* New Cmdlets for sql mi ad-admin that supports setting AAD administrator on Managed instance
 
 **Compute**
 

src/azure-cli/azure/cli/command_modules/sql/_help.py

@@ -784,6 +784,26 @@
     type: command
     short-summary: Sets the SQL Instance's encryption protector.
     """
+helps['sql mi ad-admin'] = """
+    type: group
+    short-summary: Manage a managed instance's Active Directory administrator.
+    """
+helps['sql mi ad-admin create'] = """
+    type: command
+    short-summary: Creates a new managed instance Active Directory administrator.
+    """
+helps['sql mi ad-admin update'] = """
+    type: command
+    short-summary: Updates an existing managed instance Active Directory administrator.
+    """
+helps['sql mi ad-admin list'] = """
+    type: command
+    short-summary: Returns a list of managed instance Active Directory Administrators.
+    """
+helps['sql mi ad-admin delete'] = """
+    type: command
+    short-summary: Deletes an existing managed instance Active Directory Administrator.
+    """
 helps['sql instance-failover-group'] = """
     type: group
     short-summary: Manage SQL Instance Failover Groups.

src/azure-cli/azure/cli/command_modules/sql/_params.py

@@ -16,6 +16,7 @@
     ExportRequest,
     ManagedDatabase,
     ManagedInstance,
+    ManagedInstanceAdministrator,
     Server,
     ServerAzureADAdministrator,
     Sku,
@@ -195,6 +196,14 @@ def get_location_type_with_default_from_resource_group(cli_ctx):
     help='Complete the failover even if doing so may result in data loss. '
     'This will allow the failover to proceed even if a primary database is unavailable.')
 
+aad_admin_login_param_type = CLIArgumentType(
+    options_list=['--display-name', '-u'],
+    help='Display name of the Azure AD administrator user or group.')
+
+aad_admin_sid_param_type = CLIArgumentType(
+    options_list=['--object-id', '-i'],
+    help='The unique ID of the Azure AD administrator.')
+
 db_service_objective_examples = 'Basic, S0, P1, GP_Gen4_1, BC_Gen5_2.'
 dw_service_objective_examples = 'DW100, DW1000c'
 
@@ -937,12 +946,10 @@ def _configure_security_policy_storage_params(arg_ctx):
                    options_list=['--server-name', '--server', '-s'])
 
         c.argument('login',
-                   options_list=['--display-name', '-u'],
-                   help='Display name of the Azure AD administrator user or group.')
+                   arg_type=aad_admin_login_param_type)
 
         c.argument('sid',
-                   options_list=['--object-id', '-i'],
-                   help='The unique ID of the Azure AD administrator ')
+                   arg_type=aad_admin_sid_param_type)
 
         c.ignore('tenant_id')
 
@@ -1199,6 +1206,35 @@ def _configure_security_policy_storage_params(arg_ctx):
                    arg_type=kid_param_type,
                    required=True,)
 
+    #####
+    #           sql managed instance ad-admin
+    ######
+    with self.argument_context('sql mi ad-admin') as c:
+        c.argument('managed_instance_name',
+                   arg_type=managed_instance_param_type)
+
+        c.argument('login',
+                   arg_type=aad_admin_login_param_type)
+
+        c.argument('sid',
+                   arg_type=aad_admin_sid_param_type)
+
+    with self.argument_context('sql mi ad-admin create') as c:
+        # Create args that will be used to build up the ManagedInstanceAdministrator object
+        create_args_for_complex_type(
+            c, 'properties', ManagedInstanceAdministrator, [
+                'login',
+                'sid',
+            ])
+
+    with self.argument_context('sql mi ad-admin update') as c:
+        # Create args that will be used to build up the ManagedInstanceAdministrator object
+        create_args_for_complex_type(
+            c, 'properties', ManagedInstanceAdministrator, [
+                'login',
+                'sid',
+            ])
+
     #####
     #           sql server tde-key
     #####

src/azure-cli/azure/cli/command_modules/sql/_util.py

@@ -132,6 +132,10 @@ def get_sql_managed_instances_operations(cli_ctx, _):
     return get_sql_management_client(cli_ctx).managed_instances
 
 
+def get_sql_managed_instance_azure_ad_administrators_operations(cli_ctx, _):
+    return get_sql_management_client(cli_ctx).managed_instance_administrators
+
+
 def get_sql_managed_databases_operations(cli_ctx, _):
     return get_sql_management_client(cli_ctx).managed_databases
 

src/azure-cli/azure/cli/command_modules/sql/commands.py

@@ -36,6 +36,7 @@
     get_sql_failover_groups_operations,
     get_sql_firewall_rules_operations,
     get_sql_managed_databases_operations,
+    get_sql_managed_instance_azure_ad_administrators_operations,
     get_sql_managed_instance_encryption_protectors_operations,
     get_sql_managed_instance_keys_operations,
     get_sql_managed_instances_operations,
@@ -493,6 +494,19 @@ def load_command_table(self, _):
         g.show_command('show', 'get')
         g.custom_command('set', 'managed_instance_encryption_protector_update')
 
+    managed_instance_aadadmin_operations = CliCommandType(
+        operations_tmpl='azure.mgmt.sql.operations#ManagedInstanceAdministratorsOperations.{}',
+        client_factory=get_sql_managed_instance_azure_ad_administrators_operations)
+
+    with self.command_group('sql mi ad-admin',
+                            managed_instance_aadadmin_operations,
+                            client_factory=get_sql_managed_instance_azure_ad_administrators_operations) as g:
+
+        g.custom_command('create', 'mi_ad_admin_set')
+        g.command('list', 'list_by_instance')
+        g.custom_command('delete', 'mi_ad_admin_delete')
+        g.custom_command('update', 'mi_ad_admin_set')
+
     ###############################################
     #                sql managed db               #
     ###############################################

src/azure-cli/azure/cli/command_modules/sql/custom.py

@@ -17,7 +17,6 @@
     CapabilityStatus,
     CreateMode,
     DatabaseEdition,
-    EncryptionProtector,
     FailoverGroup,
     FailoverGroupReadOnlyEndpoint,
     FailoverGroupReadWriteEndpoint,
@@ -328,6 +327,17 @@ def _db_elastic_pool_update_sku(
             allow_reset_family=allow_reset_family)
 
 
+def _get_tenant_id():
+    '''
+    Gets tenantId from current subscription.
+    '''
+    from azure.cli.core._profile import Profile
+
+    profile = Profile()
+    sub = profile.get_subscription()
+    return sub['tenantId']
+
+
 _DEFAULT_SERVER_VERSION = "12.0"
 
 
@@ -1777,19 +1787,15 @@ def server_update(
 
 
 def server_ad_admin_set(
-        cmd,
         client,
         resource_group_name,
         server_name,
         **kwargs):
     '''
     Sets a server's AD admin.
     '''
-    from azure.cli.core._profile import Profile
 
-    profile = Profile(cli_ctx=cmd.cli_ctx)
-    sub = profile.get_subscription()
-    kwargs['tenant_id'] = sub['tenantId']
+    kwargs['tenant_id'] = _get_tenant_id()
 
     return client.create_or_update(
         server_name=server_name,
@@ -2010,10 +2016,8 @@ def encryption_protector_update(
     return client.create_or_update(
         resource_group_name=resource_group_name,
         server_name=server_name,
-        parameters=EncryptionProtector(
-            server_key_type=server_key_type,
-            server_key_name=key_name
-        )
+        server_key_type=server_key_type,
+        server_key_name=key_name
     )
 
 ###############################################
@@ -2226,6 +2230,44 @@ def managed_instance_encryption_protector_update(
         server_key_name=key_name
     )
 
+
+#####
+#           sql managed instance ad-admin
+#####
+
+
+def mi_ad_admin_set(
+        client,
+        resource_group_name,
+        managed_instance_name,
+        **kwargs):
+    '''
+    Creates a managed instance active directory administrator.
+    '''
+
+    kwargs['tenant_id'] = _get_tenant_id()
+
+    return client.create_or_update(
+        resource_group_name=resource_group_name,
+        managed_instance_name=managed_instance_name,
+        administrator_name="ActiveDirectory",
+        parameters=kwargs
+    )
+
+
+def mi_ad_admin_delete(
+        client,
+        resource_group_name,
+        managed_instance_name):
+    '''
+    Deletes a managed instance active directory administrator.
+    '''
+    return client.delete(
+        resource_group_name=resource_group_name,
+        managed_instance_name=managed_instance_name,
+        administrator_name="ActiveDirectory"
+    )
+
 ###############################################
 #                sql managed db               #
 ###############################################

src/azure-cli/azure/cli/command_modules/sql/tests/latest/recordings/test_sql_instance_failover_group_mgmt.yaml

@@ -18,7 +18,7 @@ interactions:
       accept-language:
       - en-US
     method: GET
-    uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/geodrCLtestRG/providers/Microsoft.Sql/managedInstances/geodrmitestgp-01?api-version=2015-05-01-preview
+    uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/geodrCLtestRG/providers/Microsoft.Sql/managedInstances/geodrmitestgp-01?api-version=2018-06-01-preview
   response:
     body:
       string: !!python/unicode '{"identity":{"principalId":"8b8ac196-72ec-43a7-9020-ab1d5fc498cb","type":"SystemAssigned","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47"},"sku":{"name":"GP_Gen4","tier":"GeneralPurpose","family":"Gen4","capacity":8},"properties":{"fullyQualifiedDomainName":"geodrmitestgp-01.eus113708aec224c.database.windows.net","administratorLogin":"cloudSA","subnetId":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/geodrCLtestRG/providers/Microsoft.Network/virtualNetworks/geodrEastUSvnet/subnets/default","state":"Ready","licenseType":"LicenseIncluded","vCores":8,"storageSizeInGB":512,"collation":"SQL_Latin1_General_CP1_CI_AS","dnsZone":"eus113708aec224c","publicDataEndpointEnabled":false},"location":"eastus","id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/geodrCLtestRG/providers/Microsoft.Sql/managedInstances/geodrmitestgp-01","name":"geodrmitestgp-01","type":"Microsoft.Sql/managedInstances"}'
@@ -67,7 +67,7 @@ interactions:
       accept-language:
       - en-US
     method: GET
-    uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/geodrCLtestRG/providers/Microsoft.Sql/managedInstances/geodrmitestgp-secondary?api-version=2015-05-01-preview
+    uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/geodrCLtestRG/providers/Microsoft.Sql/managedInstances/geodrmitestgp-secondary?api-version=2018-06-01-preview
   response:
     body:
       string: !!python/unicode '{"identity":{"principalId":"647bf67a-773a-4b36-af4c-4162e766a4b8","type":"SystemAssigned","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47"},"sku":{"name":"GP_Gen5","tier":"GeneralPurpose","family":"Gen5","capacity":8},"properties":{"fullyQualifiedDomainName":"geodrmitestgp-secondary.eus113708aec224c.database.windows.net","administratorLogin":"cloudSA","subnetId":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/geodrCLtestRG/providers/Microsoft.Network/virtualNetworks/vnet-geodrmitestgp-secondary/subnets/ManagedInstance","state":"Ready","licenseType":"LicenseIncluded","vCores":8,"storageSizeInGB":512,"collation":"SQL_Latin1_General_CP1_CI_AS","dnsZone":"eus113708aec224c","publicDataEndpointEnabled":false,"proxyOverride":"Proxy","timezoneId":"UTC"},"location":"westus","id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/geodrCLtestRG/providers/Microsoft.Sql/managedInstances/geodrmitestgp-secondary","name":"geodrmitestgp-secondary","type":"Microsoft.Sql/managedInstances"}'
@@ -117,7 +117,7 @@ interactions:
       accept-language:
       - en-US
     method: GET
-    uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/geodrCLtestRG/providers/Microsoft.Sql/managedInstances/geodrmitestgp-01?api-version=2015-05-01-preview
+    uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/geodrCLtestRG/providers/Microsoft.Sql/managedInstances/geodrmitestgp-01?api-version=2018-06-01-preview
   response:
     body:
       string: !!python/unicode '{"identity":{"principalId":"8b8ac196-72ec-43a7-9020-ab1d5fc498cb","type":"SystemAssigned","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47"},"sku":{"name":"GP_Gen4","tier":"GeneralPurpose","family":"Gen4","capacity":8},"properties":{"fullyQualifiedDomainName":"geodrmitestgp-01.eus113708aec224c.database.windows.net","administratorLogin":"cloudSA","subnetId":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/geodrCLtestRG/providers/Microsoft.Network/virtualNetworks/geodrEastUSvnet/subnets/default","state":"Ready","licenseType":"LicenseIncluded","vCores":8,"storageSizeInGB":512,"collation":"SQL_Latin1_General_CP1_CI_AS","dnsZone":"eus113708aec224c","publicDataEndpointEnabled":false},"location":"eastus","id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/geodrCLtestRG/providers/Microsoft.Sql/managedInstances/geodrmitestgp-01","name":"geodrmitestgp-01","type":"Microsoft.Sql/managedInstances"}'
@@ -167,7 +167,7 @@ interactions:
       accept-language:
       - en-US
     method: GET
-    uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/geodrCLtestRG/providers/Microsoft.Sql/managedInstances/geodrmitestgp-secondary?api-version=2015-05-01-preview
+    uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/geodrCLtestRG/providers/Microsoft.Sql/managedInstances/geodrmitestgp-secondary?api-version=2018-06-01-preview
   response:
     body:
       string: !!python/unicode '{"identity":{"principalId":"647bf67a-773a-4b36-af4c-4162e766a4b8","type":"SystemAssigned","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47"},"sku":{"name":"GP_Gen5","tier":"GeneralPurpose","family":"Gen5","capacity":8},"properties":{"fullyQualifiedDomainName":"geodrmitestgp-secondary.eus113708aec224c.database.windows.net","administratorLogin":"cloudSA","subnetId":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/geodrCLtestRG/providers/Microsoft.Network/virtualNetworks/vnet-geodrmitestgp-secondary/subnets/ManagedInstance","state":"Ready","licenseType":"LicenseIncluded","vCores":8,"storageSizeInGB":512,"collation":"SQL_Latin1_General_CP1_CI_AS","dnsZone":"eus113708aec224c","publicDataEndpointEnabled":false,"proxyOverride":"Proxy","timezoneId":"UTC"},"location":"westus","id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/geodrCLtestRG/providers/Microsoft.Sql/managedInstances/geodrmitestgp-secondary","name":"geodrmitestgp-secondary","type":"Microsoft.Sql/managedInstances"}'