Code changes for provisioning Server & ManagedInstance with AD Only A…

…uthentication & External Administrator Properties (#15151)

* Rebase master

* Update Changelog

* Switch to singular noun

* Fix bug

* Check for administrator object

* Fix test

src/Sql/Sql.Test/UnitTests/AzureSqlDatabaseServerAttributeTests.cs

@@ -38,7 +38,7 @@ public void NewAzureSqlServerAttributes()
             UnitTestHelper.CheckConfirmImpact(type, System.Management.Automation.ConfirmImpact.Low);
 
             UnitTestHelper.CheckCmdletParameterAttributes(type, "ServerName", isMandatory: true, valueFromPipelineByName: false);
-            UnitTestHelper.CheckCmdletParameterAttributes(type, "SqlAdministratorCredentials", isMandatory: true, valueFromPipelineByName: false);
+            UnitTestHelper.CheckCmdletParameterAttributes(type, "SqlAdministratorCredentials", isMandatory: false, valueFromPipelineByName: false);
             UnitTestHelper.CheckCmdletParameterAttributes(type, "Tags", isMandatory: false, valueFromPipelineByName: false);
             UnitTestHelper.CheckCmdletParameterAttributes(type, "ServerVersion", isMandatory: false, valueFromPipelineByName: false);
         }

src/Sql/Sql/ChangeLog.md

@@ -20,6 +20,9 @@
 ## Upcoming Release
 * Added option to support short version of maintenance configuration id for Managed Instance in `New-AzSqlInstance` and `Set-AzSqlInstance` cmdlets
 * Added HighAvailabilityReplicaCount to `New-AzSqlDatabaseSecondary`
+* Add External Administrator and AAD Only Properties to AzSqlServer and AzSqlInstance
+    - Added option to specify `-ExternalAdminName`, `-ExternalAdminSid`, `-EnableActiveDirectoryOnlyAuthentication` in `New-AzSqlInstance` and `Set-AzSqlInstance` cmdlets
+    - Added option to expand external administrators information using `-ExpandActiveDirectoryAdministrator` in `Get-AzSqlServer` and `Get-AzSqlInstance` cmdlets
 
 ## Version 3.1.0
 * Updated `Set-AzSqlDatabaseVulnerabilityAssessmentRuleBaseline` documentation to include example of define array of array with one inner array.

src/Sql/Sql/ManagedInstance/Cmdlet/GetAzureSqlManagedInstance.cs

@@ -112,6 +112,13 @@ public class GetAzureSqlManagedInstance : ManagedInstanceCmdletBase
         [ValidateNotNullOrEmpty]
         public override string ResourceGroupName { get; set; }
 
+        /// <summary>
+        /// Expand Active Directory Administrator Information on the Managed Instance
+        /// </summary>
+        [Parameter(Mandatory = false,
+            HelpMessage = "Expand Active Directory Administrator Information on the server.")]
+        public SwitchParameter ExpandActiveDirectoryAdministrator { get; set; }
+
         /// <summary>
         /// Entry point for the cmdlet
         /// </summary>
@@ -148,25 +155,27 @@ protected override IEnumerable<AzureSqlManagedInstanceModel> GetEntity()
         {
             ICollection<AzureSqlManagedInstanceModel> results = new List<AzureSqlManagedInstanceModel>();
 
+            string expand = (this.ExpandActiveDirectoryAdministrator.IsPresent) ? "administrators/activeDirectory" : null;
+
             if (ShouldGetByName(ResourceGroupName, Name))
             {
                 results = new List<AzureSqlManagedInstanceModel>();
-                results.Add(ModelAdapter.GetManagedInstance(this.ResourceGroupName, this.Name));
+                results.Add(ModelAdapter.GetManagedInstance(this.ResourceGroupName, this.Name, expand));
             }
             else if (ShouldListByResourceGroup(ResourceGroupName, Name))
             {
                 if (this.InstancePoolName != null)
                 {
-                    results = ModelAdapter.ListManagedInstancesByInstancePool(this.ResourceGroupName, this.InstancePoolName);
+                    results = ModelAdapter.ListManagedInstancesByInstancePool(this.ResourceGroupName, this.InstancePoolName, expand);
                 }
                 else
                 {
-                    results = ModelAdapter.ListManagedInstancesByResourceGroup(this.ResourceGroupName);
+                    results = ModelAdapter.ListManagedInstancesByResourceGroup(this.ResourceGroupName, expand);
                 }
             }
             else
             {
-                results = ModelAdapter.ListManagedInstances();
+                results = ModelAdapter.ListManagedInstances(expand);
             }
 
             return TopLevelWildcardFilter(ResourceGroupName, Name, results);

src/Sql/Sql/ManagedInstance/Cmdlet/NewAzureSqlManagedInstance.cs

@@ -28,6 +28,7 @@
 using Microsoft.WindowsAzure.Commands.Utilities.Common;
 using Microsoft.Azure.Commands.Sql.Instance_Pools.Services;
 using Microsoft.Azure.Management.Internal.Resources.Utilities.Models;
+using System;
 
 namespace Microsoft.Azure.Commands.Sql.ManagedInstance.Cmdlet
 {
@@ -120,8 +121,7 @@ public class NewAzureSqlManagedInstance : ManagedInstanceCmdletBase
         /// <summary>
         /// Gets or sets the admin credential of the instance
         /// </summary>
-        [Parameter(Mandatory = true, HelpMessage = "The SQL authentication credential of the instance.")]
-        [ValidateNotNull]
+        [Parameter(Mandatory = false, HelpMessage = "The SQL authentication credential of the instance.")]
         public PSCredential AdministratorCredential { get; set; }
 
         /// <summary>
@@ -335,11 +335,42 @@ public class NewAzureSqlManagedInstance : ManagedInstanceCmdletBase
         [Parameter(HelpMessage = "Skip confirmation message for performing the action")]
         public SwitchParameter Force { get; set; }
 
+        /// <summary>
+        /// Enable Active Directory Only Authentication on the server
+        /// </summary>
+        [Parameter(Mandatory = false,
+            HelpMessage = "Enable Active Directory Only Authentication on the server.")]
+        public SwitchParameter EnableActiveDirectoryOnlyAuthentication { get; set; }
+
+        /// <summary>
+        /// Azure Active Directory display name for a user or group
+        /// </summary>
+        [Parameter(Mandatory = false,
+            HelpMessage = "Specifies the display name of the user, group or application which is the Azure Active Directory administrator for the server. This display name must exist in the active directory associated with the current subscription.")]
+        public string ExternalAdminName { get; set; }
+
+        /// <summary>
+        /// Azure Active Directory object id for a user, group or application
+        /// </summary>
+        [Parameter(Mandatory = false,
+            HelpMessage = "Specifies the object ID of the user, group or application which is the Azure Active Directory administrator.")]
+        public Guid? ExternalAdminSID { get; set; }
+
         /// <summary>
         /// Overriding to add warning message
         /// </summary>
         public override void ExecuteCmdlet()
         {
+            if (this.EnableActiveDirectoryOnlyAuthentication.IsPresent && this.ExternalAdminName == null)
+            {
+                throw new PSArgumentException(Properties.Resources.MissingExternalAdmin, "ExternalAdminName");
+            }
+
+            if (!this.EnableActiveDirectoryOnlyAuthentication.IsPresent && this.AdministratorCredential == null)
+            {
+                throw new PSArgumentException(Properties.Resources.MissingSQLAdministratorCredentials, "AdministratorCredential");
+            }
+
             if (this.IsParameterBound(c => c.InstancePool))
             {
                 this.ResourceGroupName = this.InstancePool.ResourceGroupName;
@@ -462,8 +493,8 @@ public override void ExecuteCmdlet()
                 Location = this.Location,
                 ResourceGroupName = this.ResourceGroupName,
                 FullyQualifiedDomainName = this.Name,
-                AdministratorLogin = this.AdministratorCredential.UserName,
-                AdministratorPassword = this.AdministratorCredential.Password,
+                AdministratorPassword = (this.AdministratorCredential != null) ? this.AdministratorCredential.Password : null,
+                AdministratorLogin = (this.AdministratorCredential != null) ? this.AdministratorCredential.UserName : null,
                 Tags = TagsConversionHelper.CreateTagDictionary(Tag, validate: true),
                 Identity = ResourceIdentityHelper.GetIdentityObjectFromType(this.AssignIdentity.IsPresent),
                 LicenseType = this.LicenseType,
@@ -483,7 +514,13 @@ public override void ExecuteCmdlet()
                 InstancePoolName = this.InstancePoolName,
                 MinimalTlsVersion = this.MinimalTlsVersion,
                 BackupStorageRedundancy = this.BackupStorageRedundancy,
-                MaintenanceConfigurationId = this.MaintenanceConfigurationId
+                MaintenanceConfigurationId = this.MaintenanceConfigurationId,
+                Administrators = new Management.Sql.Models.ManagedInstanceExternalAdministrator()
+                {
+                    AzureADOnlyAuthentication = (this.EnableActiveDirectoryOnlyAuthentication.IsPresent) ? (bool?)true : null,
+                    Login = this.ExternalAdminName,
+                    Sid = this.ExternalAdminSID
+                }
             });
             return newEntity;
         }

src/Sql/Sql/ManagedInstance/Model/AzureSqlManagedInstanceModel.cs

@@ -144,5 +144,10 @@ public class AzureSqlManagedInstanceModel
         /// Gets or sets the managed instance maintenance configuration id
         /// </summary>
         public string MaintenanceConfigurationId { get; set; }
+
+        /// <summary>
+        /// Gets or sets the Azure SQL Managed Instance Active Directory administrator
+        /// </summary>
+        public Management.Sql.Models.ManagedInstanceExternalAdministrator Administrators { get; set; }
     }
 }