Adds aad commands and tests

src/azure-cli-core/azure/cli/core/commands/__init__.py

@@ -1343,6 +1343,7 @@ def generic_update_command(self, name, getter_name='get', getter_type=None,
             getter_op_path=getter_op_path,
             setter_op_path=setter_op_path,
             setter_arg_name=setter_arg_name,
+
             custom_function_op_path=custom_function_op_path,
             child_collection_prop_name=child_collection_prop_name,
             child_collection_key=child_collection_key,

src/azure-cli/azure/cli/command_modules/redis/_client_factory.py

@@ -26,3 +26,15 @@ def cf_linked_server(cli_ctx, _):
     from azure.cli.core.commands.client_factory import get_mgmt_service_client
     from azure.mgmt.redis import RedisManagementClient
     return get_mgmt_service_client(cli_ctx, RedisManagementClient).linked_server
+
+
+def cf_access_policy(cli_ctx, _):
+    from azure.cli.core.commands.client_factory import get_mgmt_service_client
+    from azure.mgmt.redis import RedisManagementClient
+    return get_mgmt_service_client(cli_ctx, RedisManagementClient).access_policy
+
+
+def cf_access_policy_assignment(cli_ctx, _):
+    from azure.cli.core.commands.client_factory import get_mgmt_service_client
+    from azure.mgmt.redis import RedisManagementClient
+    return get_mgmt_service_client(cli_ctx, RedisManagementClient).access_policy_assignment

src/azure-cli/azure/cli/command_modules/redis/_help.py

@@ -47,6 +47,11 @@
           }
         ]
 
+        The content for a json file for configuring Microsoft Entra Authentication is
+        {
+        "aad-enabled": "true",
+        }
+
 examples:
   - name: Create new Redis Cache instance. (autogenerated)
     text: az redis create --location westus2 --name MyRedisCache --resource-group MyResourceGroup --sku Basic --vm-size c0
@@ -69,6 +74,9 @@
   - name: Deploying a Premium Azure Cache for Redis inside an existing Azure Virtual Network
     text: az redis create --location westus2 --name MyRedisCache --resource-group MyResourceGroup --sku Premium --vm-size p1 --subnet-id "/subscriptions/{subid}/resourceGroups/{resourceGroupName}/providers/Microsoft.{Network|ClassicNetwork}/virtualNetworks/vnet1/subnets/subnet1"
     crafted: true
+  - name: Deploying a Premium Azure Cache for Redis with Microsoft Entra Authentication configured
+    text: az redis create --location westus2 --name MyRedisCache --resource-group MyResourceGroup --sku Premium --vm-size p1 --redis-configuration @"config_enable-aad.json"
+    crafted: true
 """
 
 helps['redis export'] = """
@@ -216,3 +224,73 @@
 type: command
 short-summary: Show the identity assigned for Azure cache for Redis.
 """
+
+helps['redis access-policy'] = """
+type: group
+short-summary: Manage access policies for Redis Cache
+"""
+
+helps['redis access-policy create'] = """
+type: group
+short-summary: Adds an access policy to the Redis Cache
+long-summary: Usage example - az redis access-policy create -g testResourceGroup -n testCacheName --access-policy-name testAccessPolicy --permissions "+get +hget"
+"""
+
+helps['redis access-policy update'] = """
+type: group
+short-summary: Updates an access policy of the Redis Cache
+long-summary: Usage example - az redis access-policy update -g testResourceGroup -n testCacheName --access-policy-name testAccessPolicy --permissions "+get +hget"
+"""
+
+helps['redis access-policy delete'] = """
+type: group
+short-summary: Deletes an access policy from the Redis Cache
+long-summary: Usage example - az redis access-policy delete -g testResourceGroup -n testCacheName --access-policy-name testAccessPolicy
+"""
+
+helps['redis access-policy show'] = """
+type: group
+short-summary: Gets the detailed information about an access policy of the Redis Cache
+long-summary: Usage example - az redis access-policy show -g testResourceGroup -n testCacheName --access-policy-name testAccessPolicy
+"""
+
+helps['redis access-policy list'] = """
+type: group
+short-summary: Gets the list of access policies associated with the Redis Cache
+long-summary: Usage example - az redis access-policy list -g testResourceGroup -n testCacheName
+"""
+
+helps['redis access-policy-assignment'] = """
+type: group
+short-summary: Manage access policy assignments for Redis Cache
+"""
+
+helps['redis access-policy-assignment create'] = """
+type: group
+short-summary: Adds an access policy assignment to the Redis Cache
+long-summary: Usage example - az redis access-policy-assignment create -g testResourceGroup -n testCacheName --object-id 932b5c60-66e4-4fbf-b8b0-xxxxxxxxxxxx --object-id-alias testAlias --access-policy-name testAccessPolicy --access-policy-assignment testAccessPolicyAssignment
+"""
+
+helps['redis access-policy-assignment update'] = """
+type: group
+short-summary: Updates an access policy assignment of the Redis Cache
+long-summary: Usage example - az redis access-policy-assignment update -g testResourceGroup -n testCacheName --object-id 932b5c60-66e4-4fbf-b8b0-xxxxxxxxxxxx --object-id-alias testAlias --access-policy-name testAccessPolicy --access-policy-assignment testAccessPolicyAssignment
+"""
+
+helps['redis access-policy-assignment delete'] = """
+type: group
+short-summary: Deletes an access policy assignment from the Redis Cache
+long-summary: Usage example - az redis access-policy-assignment delete -g testResourceGroup -n testCacheName --access-policy-assignment testAccessPolicyAssignment
+"""
+
+helps['redis access-policy-assignment show'] = """
+type: group
+short-summary: Gets the detailed information about an access policy assignment of the Redis Cache
+long-summary: Usage example - az redis access-policy-assignment show -g testResourceGroup -n testCacheName --access-policy-assignment testAccessPolicyAssignment
+"""
+
+helps['redis access-policy-assignment list'] = """
+type: group
+short-summary: Gets the list of access policy assignments associated with the Redis Cache
+long-summary: Usage example - az redis access-policy-assignment list -g testResourceGroup -n testCacheName
+"""

src/azure-cli/azure/cli/command_modules/redis/_params.py

@@ -59,6 +59,17 @@ def load_arguments(self, _):  # pylint: disable=too-many-statements
         c.argument('rule_name', help='The name of the firewall rule.')
         c.argument('start_ip', help='Lowest IP address included in the range.')
 
+    with self.argument_context('redis access-policy') as c:
+        c.argument('access_policy_name', help='The name of the access policy that is being assigned')
+        c.argument('permissions', help='Permissions for the access policy. Learn how to configure permissions at '
+                                       'https://aka.ms/redis/AADPreRequisites')
+
+    with self.argument_context('redis access-policy-assignment') as c:
+        c.argument('access_policy_assignment_name', help='The name of the access policy assignment')
+        c.argument('object_id', help='Object Id to assign access policy to')
+        c.argument('object_id_alias', help='User friendly name for object id. Also represents username for token based authentication')
+        c.argument('access_policy_name', help='The name of the access policy that is being assigned')
+
     with self.argument_context('redis force-reboot') as c:
         c.argument('shard_id', help='If clustering is enabled, the ID of the shard to be rebooted.')
 

src/azure-cli/azure/cli/command_modules/redis/commands.py

@@ -6,7 +6,7 @@
 from azure.cli.core.commands import CliCommandType
 
 # pylint: disable=line-too-long
-from azure.cli.command_modules.redis._client_factory import cf_redis, cf_patch_schedules, cf_firewall_rule, cf_linked_server
+from azure.cli.command_modules.redis._client_factory import cf_redis, cf_patch_schedules, cf_firewall_rule, cf_linked_server, cf_access_policy, cf_access_policy_assignment
 
 
 def load_command_table(self, _):
@@ -22,6 +22,14 @@ def load_command_table(self, _):
         operations_tmpl='azure.mgmt.redis.operations#FirewallRulesOperations.{}',
         client_factory=cf_firewall_rule)
 
+    redis_access_policies = CliCommandType(
+        operations_tmpl='azure.mgmt.redis.operations#AccessPolicyOperations.{}',
+        client_factory=cf_access_policy)
+
+    redis_access_policy_assignments = CliCommandType(
+        operations_tmpl='azure.mgmt.redis.operations#AccessPolicyAssignmentOperations.{}',
+        client_factory=cf_access_policy_assignment)
+
     redis_linked_server = CliCommandType(
         operations_tmpl='azure.mgmt.redis.operations#LinkedServerOperations.{}',
         client_factory=cf_linked_server)
@@ -35,6 +43,12 @@ def load_command_table(self, _):
     redis_firewall_rules_custom = CliCommandType(
         operations_tmpl='azure.cli.command_modules.redis.custom#{}',
         client_factory=cf_firewall_rule)
+    redis_access_policies_custom = CliCommandType(
+        operations_tmpl='azure.cli.command_modules.redis.custom#{}',
+        client_factory=cf_access_policy)
+    redis_access_policy_assignments_custom = CliCommandType(
+        operations_tmpl='azure.cli.command_modules.redis.custom#{}',
+        client_factory=cf_access_policy_assignment)
     redis_linked_server_custom = CliCommandType(
         operations_tmpl='azure.cli.command_modules.redis.custom#{}',
         client_factory=cf_linked_server)
@@ -75,3 +89,19 @@ def load_command_table(self, _):
         g.custom_show_command('show', 'cli_redis_identity_show')
         g.custom_command('assign', 'cli_redis_identity_assign')
         g.custom_command('remove', 'cli_redis_identity_remove')
+
+    with self.command_group('redis access-policy', redis_access_policies,
+                            custom_command_type=redis_access_policies_custom) as g:
+        g.custom_command('create', 'cli_redis_access_policy_create')
+        g.custom_command('update', 'cli_redis_access_policy_create')
+        g.command('delete', 'begin_delete')
+        g.show_command('show', 'get')
+        g.command('list', 'list')
+
+    with self.command_group('redis access-policy-assignment', redis_access_policy_assignments,
+                            custom_command_type=redis_access_policy_assignments_custom) as g:
+        g.custom_command('create', 'cli_redis_access_policy_assignment_create')
+        g.custom_command('update', 'cli_redis_access_policy_assignment_create')
+        g.command('delete', 'begin_delete')
+        g.show_command('show', 'get')
+        g.command('list', 'list')

src/azure-cli/azure/cli/command_modules/redis/custom.py

@@ -15,6 +15,8 @@
                               'For Standard Sku : (C0, C1, C2, C3, C4, C5, C6), '
                               'for Premium Sku : (P1, P2, P3, P4, P5)')
 allowed_auth_methods = ['SAS', 'ManagedIdentity']
+
+
 # region Custom Commands
 
 
@@ -89,7 +91,8 @@ def cli_redis_create(cmd, client,
                      zones=None, replicas_per_master=None, redis_version=None, mi_system_assigned=None,
                      mi_user_assigned=None):
     # pylint:disable=line-too-long
-    if ((sku.lower() in ['standard', 'basic'] and vm_size.lower() not in allowed_c_family_sizes) or (sku.lower() in ['premium'] and vm_size.lower() not in allowed_p_family_sizes)):
+    if ((sku.lower() in ['standard', 'basic'] and vm_size.lower() not in allowed_c_family_sizes) or (
+            sku.lower() in ['premium'] and vm_size.lower() not in allowed_p_family_sizes)):
         raise wrong_vmsize_error
     tenant_settings_in_json = {}
     if tenant_settings is not None:
@@ -190,7 +193,7 @@ def cli_redis_import(client, resource_group_name, name, files,
                      preferred_data_archive_auth_method=None, file_format=None):
     from azure.mgmt.redis.models import ImportRDBParameters
     return client.begin_import_data(resource_group_name, name, ImportRDBParameters(files=files, format=file_format,
-                                    preferred_data_archive_auth_method=preferred_data_archive_auth_method))
+                                                                                   preferred_data_archive_auth_method=preferred_data_archive_auth_method))
 
 
 def cli_redis_force_reboot(client, resource_group_name, name, reboot_type, shard_id=None):
@@ -281,4 +284,19 @@ def build_identity(mi_system_assigned, mi_user_assigned):
         type=identityType.value,
         user_assigned_identities=userIdentities)
 
+
+def cli_redis_access_policy_create(client, resource_group_name, cache_name, access_policy_name, permissions):
+    from azure.mgmt.redis.models import RedisCacheAccessPolicy
+    param = RedisCacheAccessPolicy(permissions=permissions)
+    return client.begin_create_update(resource_group_name, cache_name, access_policy_name, param)
+
+
+def cli_redis_access_policy_assignment_create(client, resource_group_name, cache_name, access_policy_assignment_name,
+                                              access_policy_name, object_id, object_id_alias):
+    from azure.mgmt.redis.models import RedisCacheAccessPolicyAssignment
+    param = RedisCacheAccessPolicyAssignment(object_id=object_id,
+                                             object_id_alias=object_id_alias,
+                                             access_policy_name=access_policy_name)
+    return client.begin_create_update(resource_group_name, cache_name, access_policy_assignment_name, param)
+
 # endregion

src/azure-cli/azure/cli/command_modules/redis/tests/latest/config_enable-aad.json

@@ -0,0 +1,3 @@
+{
+	"aad-enabled": "true"
+}