Azure · evelyn-ys · Jan 25, 2024 · Oct 16, 2023 · Oct 16, 2023 · Oct 18, 2023
diff --git a/src/azure-cli/azure/cli/command_modules/redis/_client_factory.py b/src/azure-cli/azure/cli/command_modules/redis/_client_factory.py
@@ -26,3 +26,15 @@ def cf_linked_server(cli_ctx, _):
     from azure.cli.core.commands.client_factory import get_mgmt_service_client
     from azure.mgmt.redis import RedisManagementClient
     return get_mgmt_service_client(cli_ctx, RedisManagementClient).linked_server
+
+
+def cf_access_policy(cli_ctx, _):
+    from azure.cli.core.commands.client_factory import get_mgmt_service_client
+    from azure.mgmt.redis import RedisManagementClient
+    return get_mgmt_service_client(cli_ctx, RedisManagementClient).access_policy
+
+
+def cf_access_policy_assignment(cli_ctx, _):
+    from azure.cli.core.commands.client_factory import get_mgmt_service_client
+    from azure.mgmt.redis import RedisManagementClient
+    return get_mgmt_service_client(cli_ctx, RedisManagementClient).access_policy_assignment
@@ -47,6 +47,11 @@
           }
         ]
 
+        The content for a json file for configuring Microsoft Entra Authentication is
+        {
+        "aad-enabled": "true",
+        }
+
 examples:
   - name: Create new Redis Cache instance. (autogenerated)
     text: az redis create --location westus2 --name MyRedisCache --resource-group MyResourceGroup --sku Basic --vm-size c0
@@ -69,6 +74,8 @@
   - name: Deploying a Premium Azure Cache for Redis inside an existing Azure Virtual Network
     text: az redis create --location westus2 --name MyRedisCache --resource-group MyResourceGroup --sku Premium --vm-size p1 --subnet-id "/subscriptions/{subid}/resourceGroups/{resourceGroupName}/providers/Microsoft.{Network|ClassicNetwork}/virtualNetworks/vnet1/subnets/subnet1"
     crafted: true
+  - name: Deploying a Premium Azure Cache for Redis with Microsoft Entra Authentication configured
+    text: az redis create --location westus2 --name MyRedisCache --resource-group MyResourceGroup --sku Premium --vm-size p1 --redis-configuration @"config_enable-aad.json"
 """
 
 helps['redis export'] = """
@@ -111,6 +118,11 @@
 long-summary: Lists details about all caches within current Subscription or provided Resource Group.
 """
 
+helps['redis flush'] = """
+type: command
+short-summary: Delete all of the keys in a cache.
+"""
+
 helps['redis patch-schedule'] = """
 type: group
 short-summary: Manage Redis patch schedules.
@@ -216,3 +228,93 @@
 type: command
 short-summary: Show the identity assigned for Azure cache for Redis.
 """
+
+helps['redis access-policy'] = """
+type: group
+short-summary: Manage Access Policies for Redis Cache
+"""
+
+helps['redis access-policy create'] = """
+type: command
+short-summary: Add an Access Policy to the Redis Cache
+examples:
+    - name: Create a custom Access Policy with the given permissions
+      text: az redis access-policy create -g testResourceGroup -n testCacheName --access-policy-name testAccessPolicy --permissions "+get +hget"
+"""
+
+helps['redis access-policy update'] = """
+type: command
+short-summary: Update an Access Policy of the Redis Cache
+examples:
+    - name: Update the permissions of the custom Access Policy
+      text: az redis access-policy update -g testResourceGroup -n testCacheName --access-policy-name testAccessPolicy --permissions "+get"
+"""
+
+helps['redis access-policy delete'] = """
+type: command
+short-summary: Delete the Access Policy
+examples:
+    - name: Delete the custom Access Policy
+      text: az redis access-policy delete -g testResourceGroup -n testCacheName --access-policy-name testAccessPolicy
+"""
+
+helps['redis access-policy show'] = """
+type: command
+short-summary: Get the detailed information about an Access Policy of the Redis Cache
+examples:
+    - name: Show the permissions of the custom Access Policy
+      text: az redis access-policy show -g testResourceGroup -n testCacheName --access-policy-name testAccessPolicy
+"""
+
+helps['redis access-policy list'] = """
+type: command
+short-summary: Get the list of Access Policies associated with the Redis Cache
+examples:
+    - name: List the Access Policies of the Redis Cache
+      text: az redis access-policy list -g testResourceGroup -n testCacheName
+"""
+
+helps['redis access-policy-assignment'] = """
+type: group
+short-summary: Manage Access Policy Assignments (Redis Users) for Redis Cache
+"""
+
+helps['redis access-policy-assignment create'] = """
+type: command
+short-summary: Add an Access Policy Assignment (Redis User) to the Redis Cache
+examples:
+    - name: Configure Redis User for role based access control
+      text: az redis access-policy-assignment create -g testResourceGroup -n testCacheName --object-id 932b5c60-66e4-4fbf-b8b0-xxxxxxxxxxxx --object-id-alias testAlias --access-policy-name testAccessPolicy --policy-assignment-name testAccessPolicyAssignment
+"""
+
+helps['redis access-policy-assignment update'] = """
+type: command
+short-summary: Update an Access Policy Assignment (Redis User) of the Redis Cache
+examples:
+    - name: Update Redis User for role based access control
+      text: az redis access-policy-assignment update -g testResourceGroup -n testCacheName --object-id 932b5c60-66e4-4fbf-b8b0-xxxxxxxxxxxx --object-id-alias testAlias --access-policy-name testAccessPolicy --policy-assignment-name testAccessPolicyAssignment
+"""
+
+helps['redis access-policy-assignment delete'] = """
+type: command
+short-summary: Delete the Access Policy Assignment (Redis User)
+examples:
+    - name: Delete the Redis User
+      text: az redis access-policy-assignment delete -g testResourceGroup -n testCacheName --policy-assignment-name testAccessPolicyAssignment
+"""
+
+helps['redis access-policy-assignment show'] = """
+type: command
+short-summary: Get the detailed information about an Access Policy Assignment (Redis User) of the Redis Cache
+examples:
+    - name: Get the Object Id, Object Id Alias and Access Policy assigned to the Redis User
+      text: az redis access-policy-assignment show -g testResourceGroup -n testCacheName --policy-assignment-name testAccessPolicyAssignment
+"""
+
+helps['redis access-policy-assignment list'] = """
+type: command
+short-summary: Get the list of Access Policy Assignments (Redis Users) associated with the Redis Cache
+examples:
+    - name: List the Redis Users of the Redis Cache
+      text: az redis access-policy-assignment list -g testResourceGroup -n testCacheName
+"""
diff --git a/src/azure-cli/azure/cli/command_modules/redis/_params.py b/src/azure-cli/azure/cli/command_modules/redis/_params.py
@@ -8,7 +8,7 @@
 
 
 def load_arguments(self, _):  # pylint: disable=too-many-statements
-    from azure.mgmt.redis.models import RebootType, RedisKeyType, SkuName, TlsVersion, ReplicationRole
+    from azure.mgmt.redis.models import RebootType, RedisKeyType, SkuName, TlsVersion, ReplicationRole, UpdateChannel
     from azure.cli.command_modules.redis._validators import JsonString, ScheduleEntryList
     from azure.cli.command_modules.redis.custom import allowed_c_family_sizes, allowed_p_family_sizes, allowed_auth_methods
     from azure.cli.core.commands.parameters import get_enum_type, tags_type, zones_type
@@ -49,6 +49,7 @@ def load_arguments(self, _):  # pylint: disable=too-many-statements
         c.argument('redis_version', help='Redis version. This should be in the form \'major[.minor]\' (only \'major\' is required) or the value \'latest\' which refers to the latest stable Redis version that is available. Supported versions: 4.0, 6.0 (latest). Default value is \'latest\'.')
         c.argument('mi_system_assigned', arg_type=system_identity_type)
         c.argument('mi_user_assigned', arg_type=user_identity_type)
+        c.argument('update_channel', arg_type=get_enum_type(UpdateChannel), help='Specifies the update channel for the monthly Redis updates your Redis Cache will receive. Caches using "Preview" update channel get latest Redis updates at least 4 weeks ahead of "Stable" channel caches. Default value is "Stable".')
         c.argument('storage_subscription_id', options_list=['--storage-subscription-id', '--storage-sub-id'], help='SubscriptionId of the storage account')
 
     with self.argument_context('redis firewall-rules list') as c:
@@ -60,6 +61,25 @@ def load_arguments(self, _):  # pylint: disable=too-many-statements
         c.argument('rule_name', help='The name of the firewall rule.')
         c.argument('start_ip', help='Lowest IP address included in the range.')
 
+    with self.argument_context('redis access-policy') as c:
+        c.argument('access_policy_name', help='The name of the access policy that is being assigned')
+        c.argument('permissions', help='Permissions for the access policy. Learn how to configure permissions at '
+                                       'https://aka.ms/redis/AADPreRequisites')
+
+    with self.argument_context('redis access-policy list') as c:
+        c.argument('cache_name', arg_type=cache_name, id_part=None)
+
+    with self.argument_context('redis access-policy-assignment') as c:
+        c.argument('access_policy_assignment_name', options_list=['--policy-assignment-name'],
+                   help='The name of the access policy assignment')
+        c.argument('object_id', help='Object Id to assign access policy to')
+        c.argument('object_id_alias', help='User friendly name for object id. Also represents username for token '
+                                           'based authentication')
+        c.argument('access_policy_name', help='The name of the access policy that is being assigned')
+
+    with self.argument_context('redis access-policy-assignment list') as c:
+        c.argument('cache_name', arg_type=cache_name, id_part=None)
+
     with self.argument_context('redis force-reboot') as c:
         c.argument('shard_id', help='If clustering is enabled, the ID of the shard to be rebooted.')
 

diff --git a/src/azure-cli/azure/cli/command_modules/redis/commands.py b/src/azure-cli/azure/cli/command_modules/redis/commands.py
@@ -6,7 +6,7 @@
 from azure.cli.core.commands import CliCommandType
 
 # pylint: disable=line-too-long
-from azure.cli.command_modules.redis._client_factory import cf_redis, cf_patch_schedules, cf_firewall_rule, cf_linked_server
+from azure.cli.command_modules.redis._client_factory import cf_redis, cf_patch_schedules, cf_firewall_rule, cf_linked_server, cf_access_policy, cf_access_policy_assignment
 
 
 def load_command_table(self, _):
@@ -22,6 +22,14 @@ def load_command_table(self, _):
         operations_tmpl='azure.mgmt.redis.operations#FirewallRulesOperations.{}',
         client_factory=cf_firewall_rule)
 
+    redis_access_policies = CliCommandType(
+        operations_tmpl='azure.mgmt.redis.operations#AccessPolicyOperations.{}',
+        client_factory=cf_access_policy)
+
+    redis_access_policy_assignments = CliCommandType(
+        operations_tmpl='azure.mgmt.redis.operations#AccessPolicyAssignmentOperations.{}',
+        client_factory=cf_access_policy_assignment)
+
     redis_linked_server = CliCommandType(
         operations_tmpl='azure.mgmt.redis.operations#LinkedServerOperations.{}',
         client_factory=cf_linked_server)
@@ -35,6 +43,12 @@ def load_command_table(self, _):
     redis_firewall_rules_custom = CliCommandType(
         operations_tmpl='azure.cli.command_modules.redis.custom#{}',
         client_factory=cf_firewall_rule)
+    redis_access_policies_custom = CliCommandType(
+        operations_tmpl='azure.cli.command_modules.redis.custom#{}',
+        client_factory=cf_access_policy)
+    redis_access_policy_assignments_custom = CliCommandType(
+        operations_tmpl='azure.cli.command_modules.redis.custom#{}',
+        client_factory=cf_access_policy_assignment)
     redis_linked_server_custom = CliCommandType(
         operations_tmpl='azure.cli.command_modules.redis.custom#{}',
         client_factory=cf_linked_server)
@@ -51,6 +65,7 @@ def load_command_table(self, _):
         g.custom_command('regenerate-keys', 'cli_redis_regenerate_key')
         g.show_command('show', 'get')
         g.generic_update_command('update', setter_name='custom_update_setter', setter_type=redis_operations_custom, custom_func_name='cli_redis_update')
+        g.command('flush', 'begin_flush_cache', confirmation=True)
 
     with self.command_group('redis patch-schedule', redis_patch, custom_command_type=redis_patch_schedules_custom) as g:
         g.custom_command('create', 'cli_redis_patch_schedule_create_or_update')
@@ -75,3 +90,19 @@ def load_command_table(self, _):
         g.custom_show_command('show', 'cli_redis_identity_show')
         g.custom_command('assign', 'cli_redis_identity_assign')
         g.custom_command('remove', 'cli_redis_identity_remove')
+
+    with self.command_group('redis access-policy', redis_access_policies,
+                            custom_command_type=redis_access_policies_custom) as g:
+        g.custom_command('create', 'cli_redis_access_policy_create')
+        g.custom_command('update', 'cli_redis_access_policy_create')
+        g.command('delete', 'begin_delete')
+        g.show_command('show', 'get')
+        g.command('list', 'list')
+
+    with self.command_group('redis access-policy-assignment', redis_access_policy_assignments,
+                            custom_command_type=redis_access_policy_assignments_custom) as g:
+        g.custom_command('create', 'cli_redis_access_policy_assignment_create')
+        g.custom_command('update', 'cli_redis_access_policy_assignment_create')
+        g.command('delete', 'begin_delete')
+        g.show_command('show', 'get')
+        g.command('list', 'list')
diff --git a/src/azure-cli/azure/cli/command_modules/redis/custom.py b/src/azure-cli/azure/cli/command_modules/redis/custom.py
@@ -15,6 +15,8 @@
                               'For Standard Sku : (C0, C1, C2, C3, C4, C5, C6), '
                               'for Premium Sku : (P1, P2, P3, P4, P5)')
 allowed_auth_methods = ['SAS', 'ManagedIdentity']
+
+
 # region Custom Commands
 
 
@@ -71,7 +73,8 @@ def cli_redis_update(cmd, instance, sku=None, vm_size=None):
         redis_version=instance.redis_version,
         public_network_access=instance.public_network_access,
         sku=instance.sku,
-        tags=instance.tags
+        tags=instance.tags,
+        update_channel=instance.update_channel
     )
     return update_params
 
@@ -88,9 +91,10 @@ def cli_redis_create(cmd, client,
                      redis_configuration=None, enable_non_ssl_port=None, tenant_settings=None,
                      shard_count=None, minimum_tls_version=None, subnet_id=None, static_ip=None,
                      zones=None, replicas_per_master=None, redis_version=None, mi_system_assigned=None,
-                     mi_user_assigned=None):
+                     mi_user_assigned=None, update_channel=None):
     # pylint:disable=line-too-long
-    if ((sku.lower() in ['standard', 'basic'] and vm_size.lower() not in allowed_c_family_sizes) or (sku.lower() in ['premium'] and vm_size.lower() not in allowed_p_family_sizes)):
+    if ((sku.lower() in ['standard', 'basic'] and vm_size.lower() not in allowed_c_family_sizes) or (
+            sku.lower() in ['premium'] and vm_size.lower() not in allowed_p_family_sizes)):
         raise wrong_vmsize_error
     tenant_settings_in_json = {}
     if tenant_settings is not None:
@@ -116,7 +120,8 @@ def cli_redis_create(cmd, client,
         redis_version=redis_version,
         identity=identity,
         public_network_access=None,
-        tags=tags)
+        tags=tags,
+        update_channel=update_channel)
     return client.begin_create(resource_group_name, name, params)
 
 
@@ -283,4 +288,19 @@ def build_identity(mi_system_assigned, mi_user_assigned):
         type=identityType.value,
         user_assigned_identities=userIdentities)
 
+
+def cli_redis_access_policy_create(client, resource_group_name, cache_name, access_policy_name, permissions):
+    from azure.mgmt.redis.models import RedisCacheAccessPolicy
+    param = RedisCacheAccessPolicy(permissions=permissions)
+    return client.begin_create_update(resource_group_name, cache_name, access_policy_name, param)
+
+
+def cli_redis_access_policy_assignment_create(client, resource_group_name, cache_name, access_policy_assignment_name,
+                                              access_policy_name, object_id, object_id_alias):
+    from azure.mgmt.redis.models import RedisCacheAccessPolicyAssignment
+    param = RedisCacheAccessPolicyAssignment(object_id=object_id,
+                                             object_id_alias=object_id_alias,
+                                             access_policy_name=access_policy_name)
+    return client.begin_create_update(resource_group_name, cache_name, access_policy_assignment_name, param)
+
 # endregion
diff --git a/src/azure-cli/azure/cli/command_modules/redis/tests/latest/config_enable-aad.json b/src/azure-cli/azure/cli/command_modules/redis/tests/latest/config_enable-aad.json
@@ -0,0 +1,3 @@
+{
+	"aad-enabled": "true"
+}