Skip to content

[SQL] az sql server create/update: Add --enable-public-network to support PublicNetworkAccess #12382

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
yonzhan merged 19 commits into from
Mar 6, 2020
Merged

[SQL] az sql server create/update: Add --enable-public-network to support PublicNetworkAccess #12382

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
5d752a9
Add PublicNetworkAccess to Create and Update Server
emgu-ms Feb 28, 2020
9c0c2c7
Merge branch 'dev' of https://github.com/Azure/azure-cli into dev
emgu-ms Feb 28, 2020
0e8a1e5
Fix some styling + rerecorded tests
emgu-ms Feb 28, 2020
67e14af
Fix more CLI style
emgu-ms Feb 28, 2020
5f7020a
Cleaned up code according to comments
emgu-ms Mar 3, 2020
edae27d
Change public-network-access to enable-public-network
emgu-ms Mar 4, 2020
de7d89c
Bump up azure-mgmt-sql version
emgu-ms Mar 4, 2020
ed08b39
Rerecorded a couple of failing tests
emgu-ms Mar 4, 2020
cf0ec55
Rerecord a couple more tests
emgu-ms Mar 5, 2020
33e6acb
Forgot to update test_sql_commands
emgu-ms Mar 5, 2020
835d9dc
Rerecord another test
emgu-ms Mar 5, 2020
7402c18
Updating more tests
emgu-ms Mar 5, 2020
b11fbb0
Small changes + more rerecorded tests
emgu-ms Mar 5, 2020
99f273f
Merge branch 'dev' of https://github.com/Azure/azure-cli into dev
emgu-ms Mar 5, 2020
3d1aab3
Merge branch 'dev' into DenyPublicAccess
emgu-ms Mar 5, 2020
2640f91
Fix style check errors
emgu-ms Mar 5, 2020
4178389
Random small change to rerun tests
emgu-ms Mar 5, 2020
b1c319e
Replace API versions
emgu-ms Mar 6, 2020
7e39fb9
Fix style
emgu-ms Mar 6, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions src/azure-cli/azure/cli/command_modules/sql/_params.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1039,6 +1039,14 @@ def _configure_security_policy_storage_params(arg_ctx):
help='Generate and assign an Azure Active Directory Identity for this server'
'for use with key management services like Azure KeyVault.')

c.argument('public_network_access',
options_list=['--public-network-access', '-a'],
arg_type=get_three_state_flag(positive_label='Enabled',
negative_label='Disabled',
return_label=True),
help='Sets whether public network access to server is allowed or not. When disabled,'
'only connections made through Private Links can reach this server.')

with self.argument_context('sql server create') as c:
c.argument('location',
arg_type=get_location_type_with_default_from_resource_group(self.cli_ctx))
Expand All @@ -1062,6 +1070,14 @@ def _configure_security_policy_storage_params(arg_ctx):
help='Generate and assign an Azure Active Directory Identity for this server'
'for use with key management services like Azure KeyVault.')

c.argument('public_network_access',
options_list=['--public-network-access', '-a'],
Copy link
Contributor

@Juliehzl Juliehzl Mar 2, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What about using something like --enable-public-network for the argument?

I have two questions here:

  1. What is the default network access policy for sql server? public or private?
  2. If using private link, should users create private endpoint connection by themselves?

Copy link
Contributor Author

@emgu-ms emgu-ms Mar 3, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you mean a flag? So --enable-public-network means Enabled while no flag means disabled? If so, two things about this, first off powershell uses PublicNetworkAcces and takes in a string Enabled/Disabled. I wanted to keep it consistent between the two. Also, we would want a third option, None, where no change to PublicNetworkAccess occurs and if we use a flag, we wouldn't be able to have that.

In response to the other questions:

  1. Default is Public (aka PublicNetworkAccess == Enabled)
  2. Yes, user has to create private endpoint connection by themselves

arg_type=get_three_state_flag(positive_label='Enabled',
negative_label='Disabled',
return_label=True),
help='Sets whether public network access to server is allowed or not. When disabled,'
'only connections made through Private Links can reach this server.')

with self.argument_context('sql server update') as c:
c.argument('administrator_login_password',
help='The administrator login password.')
Expand Down
10 changes: 9 additions & 1 deletion src/azure-cli/azure/cli/command_modules/sql/custom.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1909,6 +1909,7 @@ def server_create(
server_name,
assign_identity=False,
no_wait=False,
public_network_access=None,
**kwargs):
'''
Creates a server.
Expand All @@ -1917,6 +1918,9 @@ def server_create(
if assign_identity:
kwargs['identity'] = ResourceIdentity(type=IdentityType.system_assigned.value)

if public_network_access is not None:
kwargs['public_network_access'] = public_network_access

# Create
return sdk_no_wait(no_wait, client.create_or_update,
server_name=server_name,
Expand All @@ -1942,7 +1946,8 @@ def server_list(
def server_update(
instance,
administrator_login_password=None,
assign_identity=False):
assign_identity=False,
public_network_access=None):
'''
Updates a server. Custom update function to apply parameters to instance.
'''
Expand All @@ -1955,6 +1960,9 @@ def server_update(
instance.administrator_login_password = (
administrator_login_password or instance.administrator_login_password)

if public_network_access is not None:
instance.public_network_access = public_network_access

return instance


Expand Down
Loading