Added support for specifying SQL Admin principal type

helderpinto · Jun 25, 2024 · 41f8856 · 41f8856
1 parent 5e04458
commit 41f8856
Show file tree

Hide file tree

Showing 7 changed files with 22 additions and 20 deletions.
diff --git a/.github/workflows/continuous-deployment-dev-new.yml b/.github/workflows/continuous-deployment-dev-new.yml
@@ -44,5 +44,5 @@ jobs:
       - name: Testing PowerShell script call
         shell: pwsh
         run: |
-          ./Deploy-AzureOptimizationEngine.ps1 -SilentDeploymentSettingsPath ./deploymentSettings.json -TemplateUri "https://raw.githubusercontent.com/helderpinto/AzureOptimizationEngine/dev/azuredeploy.bicep" -SqlAdminPrincipalName ${{ secrets.AOE_SQL_ADMIN_PRINCIPAL_NAME }} -SqlAdminPrincipalObjectId ${{ secrets.AOE_SQL_ADMIN_PRINCIPAL_ID }}
+          ./Deploy-AzureOptimizationEngine.ps1 -SilentDeploymentSettingsPath ./deploymentSettings.json -TemplateUri "https://raw.githubusercontent.com/helderpinto/AzureOptimizationEngine/dev/azuredeploy.bicep" -SqlAdminPrincipalType "Group" -SqlAdminPrincipalName ${{ secrets.AOE_SQL_ADMIN_PRINCIPAL_NAME }} -SqlAdminPrincipalObjectId ${{ secrets.AOE_SQL_ADMIN_PRINCIPAL_ID }}
       - run: echo "🍏 This job's status is ${{ job.status }}."
diff --git a/.github/workflows/continuous-deployment-dev.yml b/.github/workflows/continuous-deployment-dev.yml
@@ -48,5 +48,5 @@ jobs:
       - name: Testing PowerShell script call
         shell: pwsh
         run: |
-          ./Deploy-AzureOptimizationEngine.ps1 -SilentDeploymentSettingsPath ./deploymentSettings.json -TemplateUri "https://raw.githubusercontent.com/helderpinto/AzureOptimizationEngine/dev/azuredeploy.bicep" -DoPartialUpgrade -SqlAdminPrincipalName ${{ secrets.AOE_SQL_ADMIN_PRINCIPAL_NAME }} -SqlAdminPrincipalObjectId ${{ secrets.AOE_SQL_ADMIN_PRINCIPAL_ID }}
+          ./Deploy-AzureOptimizationEngine.ps1 -SilentDeploymentSettingsPath ./deploymentSettings.json -TemplateUri "https://raw.githubusercontent.com/helderpinto/AzureOptimizationEngine/dev/azuredeploy.bicep" -DoPartialUpgrade -SqlAdminPrincipalType "Group" -SqlAdminPrincipalName ${{ secrets.AOE_SQL_ADMIN_PRINCIPAL_NAME }} -SqlAdminPrincipalObjectId ${{ secrets.AOE_SQL_ADMIN_PRINCIPAL_ID }}
       - run: echo "🍏 This job's status is ${{ job.status }}."
diff --git a/.github/workflows/continuous-deployment-sqlauth.yml b/.github/workflows/continuous-deployment-sqlauth.yml
@@ -44,5 +44,5 @@ jobs:
       - name: Executing AOE PowerShell deployment script
         shell: pwsh
         run: |
-          ./Deploy-AzureOptimizationEngine.ps1 -SilentDeploymentSettingsPath ./deploymentSettings.json -TemplateUri "https://raw.githubusercontent.com/helderpinto/AzureOptimizationEngine/feature/sqlauth/azuredeploy.bicep" -SqlAdminPrincipalName ${{ secrets.AOE_SQL_ADMIN_PRINCIPAL_NAME }} -SqlAdminPrincipalObjectId ${{ secrets.AOE_SQL_ADMIN_PRINCIPAL_ID }}
+          ./Deploy-AzureOptimizationEngine.ps1 -SilentDeploymentSettingsPath ./deploymentSettings.json -TemplateUri "https://raw.githubusercontent.com/helderpinto/AzureOptimizationEngine/feature/sqlauth/azuredeploy.bicep" -SqlAdminPrincipalType "Group" -SqlAdminPrincipalName ${{ secrets.AOE_SQL_ADMIN_PRINCIPAL_NAME }} -SqlAdminPrincipalObjectId ${{ secrets.AOE_SQL_ADMIN_PRINCIPAL_ID }}
       - run: echo "🍏 This job's status is ${{ job.status }}."
diff --git a/.github/workflows/continuous-deployment.yml b/.github/workflows/continuous-deployment.yml
@@ -44,5 +44,5 @@ jobs:
       - name: Testing PowerShell script call
         shell: pwsh
         run: |
-          ./Deploy-AzureOptimizationEngine.ps1 -SilentDeploymentSettingsPath ./deploymentSettings.json -SqlAdminPrincipalName ${{ secrets.AOE_SQL_ADMIN_PRINCIPAL_NAME }} -SqlAdminPrincipalObjectId ${{ secrets.AOE_SQL_ADMIN_PRINCIPAL_ID }}
+          ./Deploy-AzureOptimizationEngine.ps1 -SilentDeploymentSettingsPath ./deploymentSettings.json -SqlAdminPrincipalType "Group" -SqlAdminPrincipalName ${{ secrets.AOE_SQL_ADMIN_PRINCIPAL_NAME }} -SqlAdminPrincipalObjectId ${{ secrets.AOE_SQL_ADMIN_PRINCIPAL_ID }}
       - run: echo "🍏 This job's status is ${{ job.status }}."
diff --git a/Deploy-AzureOptimizationEngine.ps1 b/Deploy-AzureOptimizationEngine.ps1
@@ -17,6 +17,9 @@ param (
     [Parameter(Mandatory = $false)]
     [hashtable] $ResourceTags = @{},
 
+    [Parameter(Mandatory = $false)]
+    [string] $SqlAdminPrincipalType = "User",
+
     [Parameter(Mandatory = $false)]
     [string] $SqlAdminPrincipalName,
 
@@ -213,7 +216,12 @@ else {
     }
 }
 
-try 
+if (-not([string]::IsNullOrEmpty($SqlAdminPrincipalName)) -and -not([string]::IsNullOrEmpty($SqlAdminPrincipalObjectId)))
+{
+    $userPrincipalName = $SqlAdminPrincipalName
+    $userObjectId = $SqlAdminPrincipalObjectId
+}
+elseif ($SqlAdminPrincipalType -eq "User")
 {
     $user = Get-AzADUser -SignedIn -Select UserType, UserPrincipalName, Id
     if (-not([string]::IsNullOrEmpty($user.UserPrincipalName)) -and -not([string]::IsNullOrEmpty($user.Id)))
@@ -224,21 +232,12 @@ try
     else
     {
         throw "Could not get the signed-in user details."
-    }
+    }            
 }
-catch
+else
 {
-    if (-not([string]::IsNullOrEmpty($SqlAdminPrincipalName)) -and -not([string]::IsNullOrEmpty($SqlAdminPrincipalObjectId)))
-    {
-        $userPrincipalName = $SqlAdminPrincipalName
-
-        $userObjectId = $SqlAdminPrincipalObjectId
-    }
-    else
-    {
-        throw "Could not get the principal user details."
-    }
-}
+    throw "You must provide the SQL Admin principal name and object Id for non-User principal types."
+}            
 
 $cloudDetails = Get-AzEnvironment -Name $AzureEnvironment
 
@@ -668,7 +667,7 @@ if ("Y", "y" -contains $continueInput) {
                     -logAnalyticsWorkspaceName $laWorkspaceName -logAnalyticsWorkspaceRG $laWorkspaceResourceGroup `
                     -storageAccountName $storageAccountName -automationAccountName $automationAccountName `
                     -sqlServerName $sqlServerName -sqlDatabaseName $sqlDatabaseName -cloudEnvironment $AzureEnvironment `
-                    -userPrincipalName $userPrincipalName -userObjectId $userObjectId -resourceTags $ResourceTags -WarningAction SilentlyContinue
+                    -userPrincipalName $userPrincipalName -userObjectId $userObjectId -sqlAdminPrincipalType $SqlAdminPrincipalType -resourceTags $ResourceTags -WarningAction SilentlyContinue
                 $deploymentSucceeded = $true
             }
             catch {

diff --git a/azuredeploy-nested.bicep b/azuredeploy-nested.bicep
@@ -12,6 +12,7 @@ param logAnalyticsRetentionDays int
 param sqlBackupRetentionDays int
 param userObjectId string
 param userPrincipalName string
+param sqlAdminPrincipalType string
 
 param cloudEnvironment string
 param authenticationOption string
@@ -1682,7 +1683,7 @@ resource sqlServer 'Microsoft.Sql/servers@2022-05-01-preview' = {
       administratorType: 'ActiveDirectory'
       azureADOnlyAuthentication: true
       login: userPrincipalName
-      principalType: 'User'
+      principalType: sqlAdminPrincipalType
       sid: userObjectId
       tenantId: tenant().tenantId
     }

diff --git a/azuredeploy.bicep b/azuredeploy.bicep
@@ -18,6 +18,7 @@ param logAnalyticsRetentionDays int = 120
 param sqlBackupRetentionDays int = 7
 param userPrincipalName string
 param userObjectId string
+param sqlAdminPrincipalType string = 'User'
 param cloudEnvironment string = 'AzureCloud'
 param authenticationOption string = 'ManagedIdentity'
 
@@ -56,6 +57,7 @@ module resourcesDeployment './azuredeploy-nested.bicep' = {
     resourceTags: resourceTags
     userPrincipalName: userPrincipalName
     userObjectId: userObjectId
+    sqlAdminPrincipalType: sqlAdminPrincipalType
   }
   dependsOn: [
     rg