From ac551b949b12f8da1763b94a339bd4b9baff7e8d Mon Sep 17 00:00:00 2001 From: Ray Boyd Date: Mon, 25 Sep 2023 20:16:25 -0500 Subject: [PATCH] Add AAD support to job agents version 2023-05-01-preview (#25553) * adding job agent identity support to 2023-05-01-preview * updated swagger with just aad changes --------- Co-authored-by: Ray Boyd --- .../preview/2023-05-01-preview/JobAgents.json | 76 ++++++++++++++++++- .../CreateOrUpdateJobAgentWithIdentity.json | 64 ++++++++++++++++ .../examples/UpdateJobAgentWithIdentity.json | 44 +++++++++++ 3 files changed, 182 insertions(+), 2 deletions(-) create mode 100644 specification/sql/resource-manager/Microsoft.Sql/preview/2023-05-01-preview/examples/CreateOrUpdateJobAgentWithIdentity.json create mode 100644 specification/sql/resource-manager/Microsoft.Sql/preview/2023-05-01-preview/examples/UpdateJobAgentWithIdentity.json diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2023-05-01-preview/JobAgents.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2023-05-01-preview/JobAgents.json index e7661bd71d52..9df58e5c0a65 100644 --- a/specification/sql/resource-manager/Microsoft.Sql/preview/2023-05-01-preview/JobAgents.json +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2023-05-01-preview/JobAgents.json @@ -147,7 +147,7 @@ } }, "default": { - "description": "*** Error Responses: ***\n\n * 400 ManagedInstanceStoppingOrStopped - Conflicting operation submitted while instance is in stopping/stopped state\n\n * 400 ManagedInstanceStarting - Conflicting operation submitted while instance is in starting state\n\n * 400 InvalidResourceRequestBody - The resource or resource properties in the request body is empty or invalid.\n\n * 400 MissingSkuName - Sku name is required.\n\n * 400 InvalidDatabaseResourceId - Invalid database resource identifier.\n\n * 400 MismatchingSubscriptionWithUrl - The provided subscription did not match the subscription in the Url.\n\n * 400 MismatchingResourceGroupNameWithUrl - The provided resource group name did not match the name in the Url.\n\n * 400 MismatchingServerNameWithUrl - The provided server name did not match the name in the Url.\n\n * 400 JobAgentDatabaseEditionUnsupported - The specified database's service level objective is not supported for use as a job agent database.\n\n * 400 JobAgentDatabaseSecondary - A job agent cannot be linked to a geo-secondary database.\n\n * 400 JobAgentDatabaseAlreadyLinked - The specified database is already linked to another job agent.\n\n * 400 DatabaseDoesNotExist - The requested database was not found\n\n * 400 CannotUseReservedDatabaseName - Cannot use reserved database name in this operation.\n\n * 400 ElasticJobsNotSupportedOnAutoPauseEnabledDatabase - Serverless database with auto-pause is not supported by Elastic jobs because job agent would stop database from pausing. Please disable auto-pause on your serverless database and retry Elastic Job agent creation. See here for more details: https://docs.microsoft.com/azure/azure-sql/database/serverless-tier-overview#auto-pausing\n\n * 400 JobAgentExceededQuota - Could not create job agent because it would exceed the quota.\n\n * 400 JobAgentAlreadyExists - The job agent already exists on the server.\n\n * 404 SubscriptionDoesNotHaveServer - The requested server was not found\n\n * 404 ServerNotInSubscriptionResourceGroup - Specified server does not exist in the specified resource group and subscription.\n\n * 404 PropertyChangeUnsupported - Property cannot be modified.\n\n * 404 SubscriptionNotFound - The requested subscription was not found.\n\n * 404 OperationIdNotFound - The operation with Id does not exist.\n\n * 409 ServerDisabled - Server is disabled.\n\n * 409 OperationCancelled - The operation has been cancelled by user.\n\n * 409 OperationInterrupted - The operation on the resource could not be completed because it was interrupted by another operation on the same resource.\n\n * 429 SubscriptionTooManyCreateUpdateRequests - Requests beyond max requests that can be processed by available resources.\n\n * 429 SubscriptionTooManyRequests - Requests beyond max requests that can be processed by available resources.\n\n * 500 OperationTimedOut - The operation timed out and automatically rolled back. Please retry the operation.\n\n * 503 TooManyRequests - Requests beyond max requests that can be processed by available resources." + "description": "*** Error Responses: ***\n\n * 400 ManagedInstanceStoppingOrStopped - Conflicting operation submitted while instance is in stopping/stopped state\n\n * 400 ManagedInstanceStarting - Conflicting operation submitted while instance is in starting state\n\n * 400 InvalidResourceRequestBody - The resource or resource properties in the request body is empty or invalid.\n\n * 400 MissingSkuName - Sku name is required.\n\n * 400 InvalidDatabaseResourceId - Invalid database resource identifier.\n\n * 400 InvalidIdentityTenantId - tenantId cannot be specified on a create or update request.\n\n * 400 MismatchingSubscriptionWithUrl - The provided subscription did not match the subscription in the Url.\n\n * 400 MismatchingResourceGroupNameWithUrl - The provided resource group name did not match the name in the Url.\n\n * 400 MismatchingServerNameWithUrl - The provided server name did not match the name in the Url.\n\n * 400 MissingUserAssignedIdentities - identity.userAssignedIdentities must be provided when identity.type is equal to \"UserAssigned\".\n\n * 400 MissingIdentityType - Please specify the identity type.\n\n * 400 MultipleIdentitiesOnJobAgent - Please specify only one user managed identity per job agent.\n\n * 400 InvalidIdentityType - Please specify only \"None\" or \"UserAssigned\" identity types.\n\n * 400 JobAgentDatabaseEditionUnsupported - The specified database's service level objective is not supported for use as a job agent database.\n\n * 400 JobAgentDatabaseSecondary - A job agent cannot be linked to a geo-secondary database.\n\n * 400 JobAgentDatabaseAlreadyLinked - The specified database is already linked to another job agent.\n\n * 400 DatabaseDoesNotExist - The requested database was not found\n\n * 400 CannotUseReservedDatabaseName - Cannot use reserved database name in this operation.\n\n * 400 ElasticJobsNotSupportedOnAutoPauseEnabledDatabase - Serverless database with auto-pause is not supported by Elastic jobs because job agent would stop database from pausing. Please disable auto-pause on your serverless database and retry Elastic Job agent creation. See here for more details: https://docs.microsoft.com/azure/azure-sql/database/serverless-tier-overview#auto-pausing\n\n * 400 JobAgentExceededQuota - Could not create job agent because it would exceed the quota.\n\n * 400 JobAgentAlreadyExists - The job agent already exists on the server.\n\n * 404 SubscriptionDoesNotHaveServer - The requested server was not found\n\n * 404 ServerNotInSubscriptionResourceGroup - Specified server does not exist in the specified resource group and subscription.\n\n * 404 PropertyChangeUnsupported - Property cannot be modified.\n\n * 404 SubscriptionNotFound - The requested subscription was not found.\n\n * 404 OperationIdNotFound - The operation with Id does not exist.\n\n * 409 ServerDisabled - Server is disabled.\n\n * 409 OperationCancelled - The operation has been cancelled by user.\n\n * 409 OperationInterrupted - The operation on the resource could not be completed because it was interrupted by another operation on the same resource.\n\n * 429 SubscriptionTooManyCreateUpdateRequests - Requests beyond max requests that can be processed by available resources.\n\n * 429 SubscriptionTooManyRequests - Requests beyond max requests that can be processed by available resources.\n\n * 500 OperationTimedOut - The operation timed out and automatically rolled back. Please retry the operation.\n\n * 503 TooManyRequests - Requests beyond max requests that can be processed by available resources." }, "202": { "description": "Accepted" @@ -163,6 +163,9 @@ "x-ms-examples": { "Create or update a job agent": { "$ref": "./examples/CreateOrUpdateJobAgent.json" + }, + "Create or update a job agent with identity": { + "$ref": "./examples/CreateOrUpdateJobAgentWithIdentity.json" } } }, @@ -258,7 +261,7 @@ } }, "default": { - "description": "*** Error Responses: ***\n\n * 400 ManagedInstanceStoppingOrStopped - Conflicting operation submitted while instance is in stopping/stopped state\n\n * 400 ManagedInstanceStarting - Conflicting operation submitted while instance is in starting state\n\n * 400 InvalidResourceRequestBody - The resource or resource properties in the request body is empty or invalid.\n\n * 400 ElasticJobsNotSupportedOnAutoPauseEnabledDatabase - Serverless database with auto-pause is not supported by Elastic jobs because job agent would stop database from pausing. Please disable auto-pause on your serverless database and retry Elastic Job agent creation. See here for more details: https://docs.microsoft.com/azure/azure-sql/database/serverless-tier-overview#auto-pausing\n\n * 404 SubscriptionDoesNotHaveServer - The requested server was not found\n\n * 404 ServerNotInSubscriptionResourceGroup - Specified server does not exist in the specified resource group and subscription.\n\n * 404 PropertyChangeUnsupported - Property cannot be modified.\n\n * 404 JobAgentNotFound - Specified job agent does not exist in the specified logical server.\n\n * 404 OperationIdNotFound - The operation with Id does not exist.\n\n * 409 ServerDisabled - Server is disabled.\n\n * 409 OperationCancelled - The operation has been cancelled by user.\n\n * 409 OperationInterrupted - The operation on the resource could not be completed because it was interrupted by another operation on the same resource.\n\n * 429 SubscriptionTooManyCreateUpdateRequests - Requests beyond max requests that can be processed by available resources.\n\n * 429 SubscriptionTooManyRequests - Requests beyond max requests that can be processed by available resources.\n\n * 500 OperationTimedOut - The operation timed out and automatically rolled back. Please retry the operation.\n\n * 503 TooManyRequests - Requests beyond max requests that can be processed by available resources." + "description": "*** Error Responses: ***\n\n * 400 ManagedInstanceStoppingOrStopped - Conflicting operation submitted while instance is in stopping/stopped state\n\n * 400 ManagedInstanceStarting - Conflicting operation submitted while instance is in starting state\n\n * 400 InvalidResourceRequestBody - The resource or resource properties in the request body is empty or invalid.\n\n * 400 MissingIdentityType - Please specify the identity type.\n\n * 400 MultipleIdentitiesOnJobAgent - Please specify only one user managed identity per job agent.\n\n * 400 InvalidIdentityTenantId - tenantId cannot be specified on a create or update request.\n\n * 400 InvalidIdentityType - Please specify only \"None\" or \"UserAssigned\" identity types.\n\n * 400 ElasticJobsNotSupportedOnAutoPauseEnabledDatabase - Serverless database with auto-pause is not supported by Elastic jobs because job agent would stop database from pausing. Please disable auto-pause on your serverless database and retry Elastic Job agent creation. See here for more details: https://docs.microsoft.com/azure/azure-sql/database/serverless-tier-overview#auto-pausing\n\n * 404 SubscriptionDoesNotHaveServer - The requested server was not found\n\n * 404 ServerNotInSubscriptionResourceGroup - Specified server does not exist in the specified resource group and subscription.\n\n * 404 PropertyChangeUnsupported - Property cannot be modified.\n\n * 404 JobAgentNotFound - Specified job agent does not exist in the specified logical server.\n\n * 404 OperationIdNotFound - The operation with Id does not exist.\n\n * 409 ServerDisabled - Server is disabled.\n\n * 409 OperationCancelled - The operation has been cancelled by user.\n\n * 409 OperationInterrupted - The operation on the resource could not be completed because it was interrupted by another operation on the same resource.\n\n * 429 SubscriptionTooManyCreateUpdateRequests - Requests beyond max requests that can be processed by available resources.\n\n * 429 SubscriptionTooManyRequests - Requests beyond max requests that can be processed by available resources.\n\n * 500 OperationTimedOut - The operation timed out and automatically rolled back. Please retry the operation.\n\n * 503 TooManyRequests - Requests beyond max requests that can be processed by available resources." }, "202": { "description": "Accepted" @@ -268,6 +271,9 @@ "x-ms-examples": { "Update a job agent's tags.": { "$ref": "./examples/UpdateJobAgent.json" + }, + "Update a job agent's identity.": { + "$ref": "./examples/UpdateJobAgentWithIdentity.json" } } } @@ -290,6 +296,10 @@ "$ref": "../../../common/v1/types.json#/definitions/Sku", "description": "The name and tier of the SKU." }, + "identity": { + "$ref": "#/definitions/JobAgentIdentity", + "description": "The identity of the job agent." + }, "properties": { "$ref": "#/definitions/JobAgentProperties", "description": "Resource properties.", @@ -297,6 +307,41 @@ } } }, + "JobAgentIdentity": { + "description": "Azure Active Directory identity configuration for a resource.", + "required": [ + "type" + ], + "type": "object", + "properties": { + "tenantId": { + "format": "uuid", + "description": "The job agent identity tenant id", + "type": "string" + }, + "type": { + "description": "The job agent identity type", + "enum": [ + "None", + "SystemAssigned", + "UserAssigned", + "SystemAssignedUserAssigned" + ], + "type": "string", + "x-ms-enum": { + "name": "JobAgentIdentityType", + "modelAsString": true + } + }, + "userAssignedIdentities": { + "description": "The resource ids of the user assigned identities to use", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/JobAgentUserAssignedIdentity" + } + } + } + }, "JobAgentListResult": { "description": "A list of Azure SQL job agents.", "type": "object", @@ -327,6 +372,11 @@ "description": "Resource ID of the database to store job metadata in.", "type": "string", "format": "arm-id", + "x-ms-arm-id-details": { + "allowedResources": [ + {} + ] + }, "x-ms-mutability": [ "read", "create" @@ -354,6 +404,10 @@ "description": "An update to an Azure SQL job agent.", "type": "object", "properties": { + "identity": { + "$ref": "#/definitions/JobAgentIdentity", + "description": "Managed identity assigned to job agent" + }, "tags": { "description": "Resource tags.", "type": "object", @@ -362,6 +416,24 @@ } } } + }, + "JobAgentUserAssignedIdentity": { + "description": "Azure Active Directory identity configuration for a resource.", + "type": "object", + "properties": { + "principalId": { + "format": "uuid", + "description": "The Azure Active Directory principal id.", + "type": "string", + "readOnly": true + }, + "clientId": { + "format": "uuid", + "description": "The Azure Active Directory client id.", + "type": "string", + "readOnly": true + } + } } }, "parameters": { diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2023-05-01-preview/examples/CreateOrUpdateJobAgentWithIdentity.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2023-05-01-preview/examples/CreateOrUpdateJobAgentWithIdentity.json new file mode 100644 index 000000000000..d23a01f89782 --- /dev/null +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2023-05-01-preview/examples/CreateOrUpdateJobAgentWithIdentity.json @@ -0,0 +1,64 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "resourceGroupName": "group1", + "serverName": "server1", + "jobAgentName": "agent1", + "api-version": "2023-05-01-preview", + "parameters": { + "location": "southeastasia", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/group1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-umi": {} + } + }, + "properties": { + "databaseId": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/group1/providers/Microsoft.Sql/servers/server1/databases/db1" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/group1/providers/Microsoft.Sql/servers/server1/jobAgents/agent1", + "name": "agent1", + "type": "Microsoft.Sql/servers/jobAgents", + "location": "southeastasia", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/group1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-umi": { + "clientId": "0c29d9b7-0ae2-4014-96ea-faf8e0cf2bc7", + "principalId": "0c29d9b7-0ae2-4014-96ea-faf8e0cf2bc7" + } + } + }, + "properties": { + "databaseId": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/group1/providers/Microsoft.Sql/servers/server1/databases/db1" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/group1/providers/Microsoft.Sql/servers/server1/jobAgents/agent1", + "name": "agent1", + "type": "Microsoft.Sql/servers/jobAgents", + "location": "southeastasia", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/group1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-umi": { + "clientId": "0c29d9b7-0ae2-4014-96ea-faf8e0cf2bc7", + "principalId": "0c29d9b7-0ae2-4014-96ea-faf8e0cf2bc7" + } + } + }, + "properties": { + "databaseId": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/group1/providers/Microsoft.Sql/servers/server1/databases/db1" + } + } + }, + "202": {} + } +} diff --git a/specification/sql/resource-manager/Microsoft.Sql/preview/2023-05-01-preview/examples/UpdateJobAgentWithIdentity.json b/specification/sql/resource-manager/Microsoft.Sql/preview/2023-05-01-preview/examples/UpdateJobAgentWithIdentity.json new file mode 100644 index 000000000000..ec23cbaac38c --- /dev/null +++ b/specification/sql/resource-manager/Microsoft.Sql/preview/2023-05-01-preview/examples/UpdateJobAgentWithIdentity.json @@ -0,0 +1,44 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "resourceGroupName": "group1", + "serverName": "server1", + "jobAgentName": "agent1", + "api-version": "2023-05-01-preview", + "parameters": { + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/group1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-umi": {} + } + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/group1/providers/Microsoft.Sql/servers/server1/jobAgents/agent1", + "name": "agent1", + "type": "Microsoft.Sql/servers/jobAgents", + "location": "southeastasia", + "properties": { + "databaseId": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/group1/providers/Microsoft.Sql/servers/server1/databases/db1" + }, + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/group1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-umi": { + "clientId": "e09c8507-0000-0000-97e2-18c5beec59dc", + "principalId": "0c29d9b7-0ae2-4014-96ea-faf8e0cf2bc7" + } + } + } + } + }, + "202": { + "headers": { + "Location": "https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/providers/Microsoft.Sql/locations/southeastasia/jobAgentOperationResults/00000000-1111-2222-3333-444444444444?api-version=2017-03-01-preview" + } + } + } +}