[Service Connector] az webapp connection create sql: Support auto i…

…nstall for serviceconnector-passwordless extension (#28168) * add auto install for service connector extension * update is_passwordless_command
Azure · Jan 11, 2024 · a3df3a3 · a3df3a3
1 parent b7962e2
commit a3df3a3
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 26 deletions.
diff --git a/src/azure-cli/azure/cli/command_modules/serviceconnector/_credential_free.py b/src/azure-cli/azure/cli/command_modules/serviceconnector/_credential_free.py
@@ -34,7 +34,7 @@ def is_passwordless_command(cmd, auth_info):
         return False
     source_type = get_source_resource_name(cmd)
     target_type = get_target_resource_name(cmd)
-    if source_type not in {RESOURCE.WebApp, RESOURCE.ContainerApp, RESOURCE.SpringCloud, RESOURCE.SpringCloudDeprecated, RESOURCE.Local}:
+    if source_type not in {RESOURCE.WebApp, RESOURCE.ContainerApp, RESOURCE.SpringCloud, RESOURCE.SpringCloudDeprecated, RESOURCE.FunctionApp, RESOURCE.Local}:
         return False
     if target_type not in {RESOURCE.Sql, RESOURCE.Postgres, RESOURCE.PostgresFlexible, RESOURCE.MysqlFlexible}:
         return False

diff --git a/src/azure-cli/azure/cli/command_modules/serviceconnector/_resource_config.py b/src/azure-cli/azure/cli/command_modules/serviceconnector/_resource_config.py
@@ -762,11 +762,11 @@ class CLIENT_TYPE(Enum):
         RESOURCE.AppInsights: [AUTH_TYPE.SecretAuto]
     },
     RESOURCE.WebApp: {
-        RESOURCE.Postgres: [AUTH_TYPE.Secret, AUTH_TYPE.SystemIdentity],
-        RESOURCE.PostgresFlexible: [AUTH_TYPE.Secret, AUTH_TYPE.SystemIdentity],
+        RESOURCE.Postgres: [AUTH_TYPE.Secret, AUTH_TYPE.SystemIdentity, AUTH_TYPE.UserIdentity, AUTH_TYPE.ServicePrincipalSecret],
+        RESOURCE.PostgresFlexible: [AUTH_TYPE.Secret, AUTH_TYPE.SystemIdentity, AUTH_TYPE.UserIdentity, AUTH_TYPE.ServicePrincipalSecret],
         RESOURCE.Mysql: [AUTH_TYPE.Secret],
-        RESOURCE.MysqlFlexible: [AUTH_TYPE.Secret, AUTH_TYPE.SystemIdentity],
-        RESOURCE.Sql: [AUTH_TYPE.Secret, AUTH_TYPE.SystemIdentity],
+        RESOURCE.MysqlFlexible: [AUTH_TYPE.Secret, AUTH_TYPE.SystemIdentity, AUTH_TYPE.UserIdentity, AUTH_TYPE.ServicePrincipalSecret],
+        RESOURCE.Sql: [AUTH_TYPE.Secret, AUTH_TYPE.SystemIdentity, AUTH_TYPE.UserIdentity, AUTH_TYPE.ServicePrincipalSecret],
         RESOURCE.Redis: [AUTH_TYPE.SecretAuto],
         RESOURCE.RedisEnterprise: [AUTH_TYPE.SecretAuto],
 
@@ -791,11 +791,11 @@ class CLIENT_TYPE(Enum):
         RESOURCE.AppInsights: [AUTH_TYPE.SecretAuto],
     },
     RESOURCE.SpringCloud: {
-        RESOURCE.Postgres: [AUTH_TYPE.Secret, AUTH_TYPE.SystemIdentity],
-        RESOURCE.PostgresFlexible: [AUTH_TYPE.Secret, AUTH_TYPE.SystemIdentity],
+        RESOURCE.Postgres: [AUTH_TYPE.Secret, AUTH_TYPE.SystemIdentity, AUTH_TYPE.UserIdentity, AUTH_TYPE.ServicePrincipalSecret],
+        RESOURCE.PostgresFlexible: [AUTH_TYPE.Secret, AUTH_TYPE.SystemIdentity, AUTH_TYPE.UserIdentity, AUTH_TYPE.ServicePrincipalSecret],
         RESOURCE.Mysql: [AUTH_TYPE.Secret],
-        RESOURCE.MysqlFlexible: [AUTH_TYPE.Secret, AUTH_TYPE.SystemIdentity],
-        RESOURCE.Sql: [AUTH_TYPE.Secret, AUTH_TYPE.SystemIdentity],
+        RESOURCE.MysqlFlexible: [AUTH_TYPE.Secret, AUTH_TYPE.SystemIdentity, AUTH_TYPE.UserIdentity, AUTH_TYPE.ServicePrincipalSecret],
+        RESOURCE.Sql: [AUTH_TYPE.Secret, AUTH_TYPE.SystemIdentity, AUTH_TYPE.UserIdentity, AUTH_TYPE.ServicePrincipalSecret],
         RESOURCE.Redis: [AUTH_TYPE.SecretAuto],
         RESOURCE.RedisEnterprise: [AUTH_TYPE.SecretAuto],
 
@@ -849,11 +849,11 @@ class CLIENT_TYPE(Enum):
         RESOURCE.AppInsights: [AUTH_TYPE.SecretAuto],
     },
     RESOURCE.ContainerApp: {
-        RESOURCE.Postgres: [AUTH_TYPE.Secret, AUTH_TYPE.SystemIdentity],
-        RESOURCE.PostgresFlexible: [AUTH_TYPE.Secret, AUTH_TYPE.SystemIdentity],
+        RESOURCE.Postgres: [AUTH_TYPE.Secret, AUTH_TYPE.SystemIdentity, AUTH_TYPE.UserIdentity, AUTH_TYPE.ServicePrincipalSecret],
+        RESOURCE.PostgresFlexible: [AUTH_TYPE.Secret, AUTH_TYPE.SystemIdentity, AUTH_TYPE.UserIdentity, AUTH_TYPE.ServicePrincipalSecret],
         RESOURCE.Mysql: [AUTH_TYPE.Secret],
-        RESOURCE.MysqlFlexible: [AUTH_TYPE.Secret, AUTH_TYPE.SystemIdentity],
-        RESOURCE.Sql: [AUTH_TYPE.Secret, AUTH_TYPE.SystemIdentity],
+        RESOURCE.MysqlFlexible: [AUTH_TYPE.Secret, AUTH_TYPE.SystemIdentity, AUTH_TYPE.UserIdentity, AUTH_TYPE.ServicePrincipalSecret],
+        RESOURCE.Sql: [AUTH_TYPE.Secret, AUTH_TYPE.SystemIdentity, AUTH_TYPE.UserIdentity, AUTH_TYPE.ServicePrincipalSecret],
         RESOURCE.Redis: [AUTH_TYPE.SecretAuto],
         RESOURCE.RedisEnterprise: [AUTH_TYPE.SecretAuto],
 

diff --git a/src/azure-cli/azure/cli/command_modules/serviceconnector/action.py b/src/azure-cli/azure/cli/command_modules/serviceconnector/action.py
@@ -88,12 +88,17 @@ def get_action(self, values, option_string):  # pylint: disable=no-self-use
         return d
 
 
+def is_mysql_target(command_name):
+    target_name = command_name.split(' ')[-1]
+    return target_name.lower() == "mysql-flexible"
+
+
 class AddUserAssignedIdentityAuthInfo(argparse.Action):
     def __call__(self, parser, namespace, values, option_string=None):
-        action = self.get_action(values, option_string)
+        action = self.get_action(values, option_string, namespace.command)
         namespace.user_identity_auth_info = action
 
-    def get_action(self, values, option_string):  # pylint: disable=no-self-use
+    def get_action(self, values, option_string, command_name):  # pylint: disable=no-self-use
         try:
             properties = defaultdict(list)
             for (k, v) in (x.split('=', 1) for x in values):
@@ -109,22 +114,26 @@ def get_action(self, values, option_string):  # pylint: disable=no-self-use
                 d['client_id'] = v[0]
             elif kl == 'subs-id':
                 d['subscription_id'] = v[0]
+            elif is_mysql_target(command_name) and kl == 'mysql-identity-id':
+                d['mysql-identity-id'] = v[0]
             else:
                 raise ValidationError('Unsupported Key {} is provided for parameter --user-identity. All '
-                                      'possible keys are: client-id, subs-id'.format(k))
-        if len(d) != 2:
-            raise ValidationError('Required keys missing for parameter --user-identity. '
-                                  'All possible keys are: client-id, subs-id')
+                                      'possible keys are: client-id, subs-id{}'.format(
+                                          k, ', mysql-identity-id' if is_mysql_target(command_name) else ''))
+
+        if 'client_id' not in d or 'subscription_id' not in d:
+            raise ValidationError(
+                'Required keys missing for parameter --user-identity: client-id, subs-id')
         d['auth_type'] = 'userAssignedIdentity'
         return d
 
 
 class AddSystemAssignedIdentityAuthInfo(argparse.Action):
     def __call__(self, parser, namespace, values, option_string=None):
-        action = self.get_action(values, option_string)
+        action = self.get_action(values, option_string, namespace.command)
         namespace.system_identity_auth_info = action
 
-    def get_action(self, values, option_string):  # pylint: disable=no-self-use
+    def get_action(self, values, option_string, command_name):  # pylint: disable=no-self-use
         try:
             properties = defaultdict(list)
             for (k, v) in (x.split('=', 1) for x in values):
@@ -135,7 +144,7 @@ def get_action(self, values, option_string):  # pylint: disable=no-self-use
         d = {}
         for k in properties:
             v = properties[k]
-            if k.lower() == 'mysql-identity-id':
+            if is_mysql_target(command_name) and k.lower() == 'mysql-identity-id':
                 d['mysql-identity-id'] = v[0]
             else:
                 raise ValidationError('Unsupported Key {} is provided for parameter --system-identity')
@@ -173,10 +182,10 @@ def get_action(self, values, option_string):  # pylint: disable=no-self-use
 
 class AddServicePrincipalAuthInfo(argparse.Action):
     def __call__(self, parser, namespace, values, option_string=None):
-        action = self.get_action(values, option_string)
+        action = self.get_action(values, option_string, namespace.command)
         namespace.service_principal_auth_info_secret = action
 
-    def get_action(self, values, option_string):  # pylint: disable=no-self-use
+    def get_action(self, values, option_string, command_name):  # pylint: disable=no-self-use
         try:
             properties = defaultdict(list)
             for (k, v) in (x.split('=', 1) for x in values):
@@ -194,9 +203,12 @@ def get_action(self, values, option_string):  # pylint: disable=no-self-use
                 d['principal_id'] = v[0]
             elif kl == 'secret':
                 d['secret'] = v[0]
+            elif is_mysql_target(command_name) and kl == 'mysql-identity-id':
+                d['mysql-identity-id'] = v[0]
             else:
-                raise ValidationError('Unsupported Key {} is provided for parameter --service-principal. All possible '
-                                      'keys are: client-id, object-id, secret'.format(k))
+                raise ValidationError('Unsupported Key {} is provided for parameter --service-principal. Possible '
+                                      'keys are: client-id, object-id, secret{}'.format(
+                                          k, ', mysql-identity-id' if is_mysql_target(command_name) else ''))
         if 'client_id' not in d or 'secret' not in d:
             raise ValidationError('Required keys missing for parameter --service-principal. '
                                   'Required keys are: client-id, secret')