Enable pgaadauth extension, add Private DNS dependsOn, fix firewall CLI syntax, and fail on SQL errors

tjementum · tjementum · commit 68f023514302 · 2026-03-16T10:19:34.000+01:00
diff --git a/cloud-infrastructure/cluster/grant-database-permissions.sh b/cloud-infrastructure/cluster/grant-database-permissions.sh
@@ -25,7 +25,7 @@ echo "$(date +"%Y-%m-%dT%H:%M:%S") Granting $MANAGED_IDENTITY_NAME (Client ID: $
 # and grant it the necessary permissions. The pgaadauth_create_principal function handles
 # Entra ID principal creation in Azure Database for PostgreSQL Flexible Server.
 ENTRA_USER=$(az postgres flexible-server microsoft-entra-admin list --resource-group $CLUSTER_RESOURCE_GROUP_NAME --server-name $POSTGRES_SERVER_NAME --query "[0].principalName" --output tsv)
-PGPASSWORD=$ACCESS_TOKEN psql "host=$POSTGRES_HOST dbname=$DATABASE_NAME user='$ENTRA_USER' sslmode=require" << EOF
+PGPASSWORD=$ACCESS_TOKEN psql -v ON_ERROR_STOP=1 "host=$POSTGRES_HOST dbname=$DATABASE_NAME user='$ENTRA_USER' sslmode=require" << EOF
 DO \$\$
 BEGIN
     IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = '$MANAGED_IDENTITY_NAME') THEN
diff --git a/cloud-infrastructure/modules/postgresql-flexible-server.bicep b/cloud-infrastructure/modules/postgresql-flexible-server.bicep
@@ -60,6 +60,7 @@ resource privateEndpoint 'Microsoft.Network/privateEndpoints@2025-01-01' = {
   location: location
   tags: tags
   properties: {
+    customNetworkInterfaceName: '${name}-postgres'
     subnet: {
       id: subnetId
     }

Original file line number	Diff line number	Diff line change
`@@ -60,6 +60,7 @@ resource privateEndpoint 'Microsoft.Network/privateEndpoints@2025-01-01' = {`
`60`	`60`	`location: location`
`61`	`61`	`tags: tags`
`62`	`62`	`properties: {`
	`63`	`+ customNetworkInterfaceName: '${name}-postgres'`
`63`	`64`	`subnet: {`
`64`	`65`	`id: subnetId`
`65`	`66`	`}`