From ee1192caf251a3f6e013a17f5aef281503507f9b Mon Sep 17 00:00:00 2001 From: Naia Scott Date: Mon, 24 Feb 2025 15:49:24 -0500 Subject: [PATCH 1/6] add to ignore --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 9c6b9c0edd0..418398caed6 100644 --- a/.gitignore +++ b/.gitignore @@ -122,3 +122,5 @@ cmd_coverage/* # Ignore test results test_results.xml +.githooks/azdev_active.ps1 +.vscode/launch.json From 63700885c776b3a20e60c24b45f5b314494ed8f8 Mon Sep 17 00:00:00 2001 From: Naia Scott Date: Tue, 4 Mar 2025 15:00:57 -0500 Subject: [PATCH 2/6] Fix bug when updating cmk geo --- .../command_modules/rdbms/flexible_server_custom_postgres.py | 4 +++- src/azure-cli/azure/cli/command_modules/rdbms/validators.py | 4 ++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/azure-cli/azure/cli/command_modules/rdbms/flexible_server_custom_postgres.py b/src/azure-cli/azure/cli/command_modules/rdbms/flexible_server_custom_postgres.py index 4517b1d31dc..3fe7596bf48 100644 --- a/src/azure-cli/azure/cli/command_modules/rdbms/flexible_server_custom_postgres.py +++ b/src/azure-cli/azure/cli/command_modules/rdbms/flexible_server_custom_postgres.py @@ -394,7 +394,9 @@ def flexible_server_update_custom_func(cmd, client, instance, identity, data_encryption = build_identity_and_data_encryption(db_engine='postgres', byok_identity=byok_identity, - byok_key=byok_key) + byok_key=byok_key, + backup_byok_identity=backup_byok_identity, + backup_byok_key=backup_byok_key) auth_config = instance.auth_config administrator_login = instance.administrator_login if instance.administrator_login else None diff --git a/src/azure-cli/azure/cli/command_modules/rdbms/validators.py b/src/azure-cli/azure/cli/command_modules/rdbms/validators.py index ba99ca82d98..82cd419d098 100644 --- a/src/azure-cli/azure/cli/command_modules/rdbms/validators.py +++ b/src/azure-cli/azure/cli/command_modules/rdbms/validators.py @@ -552,6 +552,10 @@ def pg_byok_validator(byok_identity, byok_key, backup_byok_identity=None, backup raise ArgumentUsageError("User assigned identity and keyvault key need to be provided together. " "Please provide --backup-identity and --backup-key together.") + if (byok_identity is None and byok_key is None) and (backup_byok_identity is not None and backup_byok_key is not None): + raise ArgumentUsageError("Primary user assigned identity and keyvault key need to be provided. " + "Please also provide --identity and --key.") + if (instance is not None) and \ not (instance.data_encryption and instance.data_encryption.type == 'AzureKeyVault') and \ (byok_key or backup_byok_key): From 7f198018f1756b4fd5f63ec076232b55ce82192b Mon Sep 17 00:00:00 2001 From: Naia Scott Date: Tue, 4 Mar 2025 17:52:30 -0500 Subject: [PATCH 3/6] Revert "add to ignore" This reverts commit ee1192caf251a3f6e013a17f5aef281503507f9b. --- .gitignore | 2 -- 1 file changed, 2 deletions(-) diff --git a/.gitignore b/.gitignore index 418398caed6..9c6b9c0edd0 100644 --- a/.gitignore +++ b/.gitignore @@ -122,5 +122,3 @@ cmd_coverage/* # Ignore test results test_results.xml -.githooks/azdev_active.ps1 -.vscode/launch.json From 3b1d20b74be6e09cb85a8b5789492bab2e6bb0b5 Mon Sep 17 00:00:00 2001 From: Naia Scott Date: Sun, 9 Mar 2025 21:47:32 -0400 Subject: [PATCH 4/6] Updates to not create password if pasword is disabled --- .../rdbms/flexible_server_custom_postgres.py | 54 ++++++++++++------- 1 file changed, 34 insertions(+), 20 deletions(-) diff --git a/src/azure-cli/azure/cli/command_modules/rdbms/flexible_server_custom_postgres.py b/src/azure-cli/azure/cli/command_modules/rdbms/flexible_server_custom_postgres.py index 876f436fb0d..c1b927c9d3b 100644 --- a/src/azure-cli/azure/cli/command_modules/rdbms/flexible_server_custom_postgres.py +++ b/src/azure-cli/azure/cli/command_modules/rdbms/flexible_server_custom_postgres.py @@ -42,6 +42,7 @@ logger = get_logger(__name__) DEFAULT_DB_NAME = 'flexibleserverdb' +POSTGRES_DB_NAME = 'postgres' DELEGATION_SERVICE_NAME = "Microsoft.DBforPostgreSQL/flexibleServers" RESOURCE_PROVIDER = 'Microsoft.DBforPostgreSQL' @@ -132,7 +133,8 @@ def flexible_server_create(cmd, client, high_availability = postgresql_flexibleservers.models.HighAvailability(mode=high_availability, standby_availability_zone=standby_availability_zone) - administrator_login_password = generate_password(administrator_login_password) + if password_auth is not None and password_auth.lower() != 'disabled': + administrator_login_password = generate_password(administrator_login_password) identity, data_encryption = build_identity_and_data_encryption(db_engine='postgres', byok_identity=byok_identity, @@ -166,12 +168,14 @@ def flexible_server_create(cmd, client, if start_ip != -1 and end_ip != -1: firewall_id = create_firewall_rule(db_context, cmd, resource_group_name, server_name, start_ip, end_ip) - # Create mysql database if it does not exist + # Create database if it does not exist if (database_name is not None or (create_default_db and create_default_db.lower() == 'enabled') and create_cluster != 'ElasticCluster'): db_name = database_name if database_name else DEFAULT_DB_NAME _create_database(db_context, cmd, resource_group_name, server_name, db_name) + else: + db_name = POSTGRES_DB_NAME - user = server_result.administrator_login + user = server_result.administrator_login if server_result.administrator_login else '' server_id = server_result.id loc = server_result.location version = server_result.version @@ -179,17 +183,18 @@ def flexible_server_create(cmd, client, host = server_result.fully_qualified_domain_name subnet_id = None if network is None else network.delegated_subnet_resource_id - logger.warning('Make a note of your password. If you forget, you would have to ' - 'reset your password with "az postgres flexible-server update -n %s -g %s -p ".', - server_name, resource_group_name) + if password_auth is not None and password_auth.lower() != 'disabled': + logger.warning('Make a note of your password. If you forget, you would have to ' + 'reset your password with "az postgres flexible-server update -n %s -g %s -p ".', + server_name, resource_group_name) logger.warning('Try using \'az postgres flexible-server connect\' command to test out connection.') - _update_local_contexts(cmd, server_name, resource_group_name, database_name, location, user) + _update_local_contexts(cmd, server_name, resource_group_name, db_name, location, user) return _form_response(user, sku, loc, server_id, host, version, - administrator_login_password if administrator_login_password is not None else '*****', - _create_postgresql_connection_string(host, user, administrator_login_password, database_name), database_name, firewall_id, - subnet_id) + administrator_login_password, + _create_postgresql_connection_string(host, user, administrator_login_password, db_name), + db_name, firewall_id, subnet_id, password_auth) # endregion create without args @@ -1753,22 +1758,28 @@ def _create_postgresql_connection_strings(host, user, password, database, port): def _create_postgresql_connection_string(host, user, password, database): - connection_kwargs = { - 'user': user, - 'host': host, - 'password': password if password is not None else '{password}', - 'database': database, - } - return 'postgresql://{user}:{password}@{host}/{database}?sslmode=require'.format(**connection_kwargs) + if password: + connection_kwargs = { + 'user': user, + 'host': host, + 'password': password, + 'database': database, + } + return 'postgresql://{user}:{password}@{host}/{database}?sslmode=require'.format(**connection_kwargs) + else: + connection_kwargs = { + 'user': user, + 'host': host, + 'database': database, + } + return 'postgresql://{user}@{host}/{database}?sslmode=require'.format(**connection_kwargs) def _form_response(username, sku, location, server_id, host, version, password, connection_string, database_name, firewall_id=None, - subnet_id=None): + subnet_id=None, password_auth=None): output = { 'host': host, - 'username': username, - 'password': password, 'skuname': sku, 'location': location, 'id': server_id, @@ -1776,6 +1787,9 @@ def _form_response(username, sku, location, server_id, host, version, password, 'databaseName': database_name, 'connectionString': connection_string } + if password_auth is not None and password_auth != "Disabled": + output['username'] = username + output['password'] = password if firewall_id is not None: output['firewallName'] = firewall_id if subnet_id is not None: From c0c36b561fc9631e35cec8471ba62aba6ac9a2ae Mon Sep 17 00:00:00 2001 From: Naia Scott Date: Mon, 10 Mar 2025 23:40:59 -0400 Subject: [PATCH 5/6] Revert "Updates to not create password if pasword is disabled" This reverts commit 3b1d20b74be6e09cb85a8b5789492bab2e6bb0b5. --- .../rdbms/flexible_server_custom_postgres.py | 54 +++++++------------ 1 file changed, 20 insertions(+), 34 deletions(-) diff --git a/src/azure-cli/azure/cli/command_modules/rdbms/flexible_server_custom_postgres.py b/src/azure-cli/azure/cli/command_modules/rdbms/flexible_server_custom_postgres.py index c1b927c9d3b..876f436fb0d 100644 --- a/src/azure-cli/azure/cli/command_modules/rdbms/flexible_server_custom_postgres.py +++ b/src/azure-cli/azure/cli/command_modules/rdbms/flexible_server_custom_postgres.py @@ -42,7 +42,6 @@ logger = get_logger(__name__) DEFAULT_DB_NAME = 'flexibleserverdb' -POSTGRES_DB_NAME = 'postgres' DELEGATION_SERVICE_NAME = "Microsoft.DBforPostgreSQL/flexibleServers" RESOURCE_PROVIDER = 'Microsoft.DBforPostgreSQL' @@ -133,8 +132,7 @@ def flexible_server_create(cmd, client, high_availability = postgresql_flexibleservers.models.HighAvailability(mode=high_availability, standby_availability_zone=standby_availability_zone) - if password_auth is not None and password_auth.lower() != 'disabled': - administrator_login_password = generate_password(administrator_login_password) + administrator_login_password = generate_password(administrator_login_password) identity, data_encryption = build_identity_and_data_encryption(db_engine='postgres', byok_identity=byok_identity, @@ -168,14 +166,12 @@ def flexible_server_create(cmd, client, if start_ip != -1 and end_ip != -1: firewall_id = create_firewall_rule(db_context, cmd, resource_group_name, server_name, start_ip, end_ip) - # Create database if it does not exist + # Create mysql database if it does not exist if (database_name is not None or (create_default_db and create_default_db.lower() == 'enabled') and create_cluster != 'ElasticCluster'): db_name = database_name if database_name else DEFAULT_DB_NAME _create_database(db_context, cmd, resource_group_name, server_name, db_name) - else: - db_name = POSTGRES_DB_NAME - user = server_result.administrator_login if server_result.administrator_login else '' + user = server_result.administrator_login server_id = server_result.id loc = server_result.location version = server_result.version @@ -183,18 +179,17 @@ def flexible_server_create(cmd, client, host = server_result.fully_qualified_domain_name subnet_id = None if network is None else network.delegated_subnet_resource_id - if password_auth is not None and password_auth.lower() != 'disabled': - logger.warning('Make a note of your password. If you forget, you would have to ' - 'reset your password with "az postgres flexible-server update -n %s -g %s -p ".', - server_name, resource_group_name) + logger.warning('Make a note of your password. If you forget, you would have to ' + 'reset your password with "az postgres flexible-server update -n %s -g %s -p ".', + server_name, resource_group_name) logger.warning('Try using \'az postgres flexible-server connect\' command to test out connection.') - _update_local_contexts(cmd, server_name, resource_group_name, db_name, location, user) + _update_local_contexts(cmd, server_name, resource_group_name, database_name, location, user) return _form_response(user, sku, loc, server_id, host, version, - administrator_login_password, - _create_postgresql_connection_string(host, user, administrator_login_password, db_name), - db_name, firewall_id, subnet_id, password_auth) + administrator_login_password if administrator_login_password is not None else '*****', + _create_postgresql_connection_string(host, user, administrator_login_password, database_name), database_name, firewall_id, + subnet_id) # endregion create without args @@ -1758,28 +1753,22 @@ def _create_postgresql_connection_strings(host, user, password, database, port): def _create_postgresql_connection_string(host, user, password, database): - if password: - connection_kwargs = { - 'user': user, - 'host': host, - 'password': password, - 'database': database, - } - return 'postgresql://{user}:{password}@{host}/{database}?sslmode=require'.format(**connection_kwargs) - else: - connection_kwargs = { - 'user': user, - 'host': host, - 'database': database, - } - return 'postgresql://{user}@{host}/{database}?sslmode=require'.format(**connection_kwargs) + connection_kwargs = { + 'user': user, + 'host': host, + 'password': password if password is not None else '{password}', + 'database': database, + } + return 'postgresql://{user}:{password}@{host}/{database}?sslmode=require'.format(**connection_kwargs) def _form_response(username, sku, location, server_id, host, version, password, connection_string, database_name, firewall_id=None, - subnet_id=None, password_auth=None): + subnet_id=None): output = { 'host': host, + 'username': username, + 'password': password, 'skuname': sku, 'location': location, 'id': server_id, @@ -1787,9 +1776,6 @@ def _form_response(username, sku, location, server_id, host, version, password, 'databaseName': database_name, 'connectionString': connection_string } - if password_auth is not None and password_auth != "Disabled": - output['username'] = username - output['password'] = password if firewall_id is not None: output['firewallName'] = firewall_id if subnet_id is not None: From 24c2af1cc893ffc9a9407c9605b137a1930e61bd Mon Sep 17 00:00:00 2001 From: Naia Scott Date: Thu, 24 Apr 2025 13:47:39 -0400 Subject: [PATCH 6/6] Check for None arg value and set public access to disabled --- .../command_modules/rdbms/flexible_server_custom_postgres.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/azure-cli/azure/cli/command_modules/rdbms/flexible_server_custom_postgres.py b/src/azure-cli/azure/cli/command_modules/rdbms/flexible_server_custom_postgres.py index 441302bdef0..27dad760e82 100644 --- a/src/azure-cli/azure/cli/command_modules/rdbms/flexible_server_custom_postgres.py +++ b/src/azure-cli/azure/cli/command_modules/rdbms/flexible_server_custom_postgres.py @@ -1196,7 +1196,10 @@ def flexible_server_provision_network_resource(cmd, resource_group_name, server_ raise RequiredArgumentMissingError("Private DNS zone can only be used with private access setting. Use vnet or/and subnet parameters.") else: start_ip, end_ip = prepare_public_network(public_access, yes=yes) - network.public_network_access = public_access if str(public_access).lower() in ['disabled', 'enabled'] else 'Enabled' + if public_access is not None and str(public_access).lower() in ['disabled', 'none']: + network.public_network_access = 'Disabled' + else: + network.public_network_access = 'Enabled' return network, start_ip, end_ip