From 41f8856e1f68aeeeabfaac5b4835e3756162067b Mon Sep 17 00:00:00 2001 From: Helder Pinto Date: Tue, 25 Jun 2024 18:00:31 +0100 Subject: [PATCH] Added support for specifying SQL Admin principal type --- .../continuous-deployment-dev-new.yml | 2 +- .../workflows/continuous-deployment-dev.yml | 2 +- .../continuous-deployment-sqlauth.yml | 2 +- .github/workflows/continuous-deployment.yml | 2 +- Deploy-AzureOptimizationEngine.ps1 | 29 +++++++++---------- azuredeploy-nested.bicep | 3 +- azuredeploy.bicep | 2 ++ 7 files changed, 22 insertions(+), 20 deletions(-) diff --git a/.github/workflows/continuous-deployment-dev-new.yml b/.github/workflows/continuous-deployment-dev-new.yml index 010e39c..c7913f1 100644 --- a/.github/workflows/continuous-deployment-dev-new.yml +++ b/.github/workflows/continuous-deployment-dev-new.yml @@ -44,5 +44,5 @@ jobs: - name: Testing PowerShell script call shell: pwsh run: | - ./Deploy-AzureOptimizationEngine.ps1 -SilentDeploymentSettingsPath ./deploymentSettings.json -TemplateUri "https://raw.githubusercontent.com/helderpinto/AzureOptimizationEngine/dev/azuredeploy.bicep" -SqlAdminPrincipalName ${{ secrets.AOE_SQL_ADMIN_PRINCIPAL_NAME }} -SqlAdminPrincipalObjectId ${{ secrets.AOE_SQL_ADMIN_PRINCIPAL_ID }} + ./Deploy-AzureOptimizationEngine.ps1 -SilentDeploymentSettingsPath ./deploymentSettings.json -TemplateUri "https://raw.githubusercontent.com/helderpinto/AzureOptimizationEngine/dev/azuredeploy.bicep" -SqlAdminPrincipalType "Group" -SqlAdminPrincipalName ${{ secrets.AOE_SQL_ADMIN_PRINCIPAL_NAME }} -SqlAdminPrincipalObjectId ${{ secrets.AOE_SQL_ADMIN_PRINCIPAL_ID }} - run: echo "🍏 This job's status is ${{ job.status }}." diff --git a/.github/workflows/continuous-deployment-dev.yml b/.github/workflows/continuous-deployment-dev.yml index c247906..7a5890e 100644 --- a/.github/workflows/continuous-deployment-dev.yml +++ b/.github/workflows/continuous-deployment-dev.yml @@ -48,5 +48,5 @@ jobs: - name: Testing PowerShell script call shell: pwsh run: | - ./Deploy-AzureOptimizationEngine.ps1 -SilentDeploymentSettingsPath ./deploymentSettings.json -TemplateUri "https://raw.githubusercontent.com/helderpinto/AzureOptimizationEngine/dev/azuredeploy.bicep" -DoPartialUpgrade -SqlAdminPrincipalName ${{ secrets.AOE_SQL_ADMIN_PRINCIPAL_NAME }} -SqlAdminPrincipalObjectId ${{ secrets.AOE_SQL_ADMIN_PRINCIPAL_ID }} + ./Deploy-AzureOptimizationEngine.ps1 -SilentDeploymentSettingsPath ./deploymentSettings.json -TemplateUri "https://raw.githubusercontent.com/helderpinto/AzureOptimizationEngine/dev/azuredeploy.bicep" -DoPartialUpgrade -SqlAdminPrincipalType "Group" -SqlAdminPrincipalName ${{ secrets.AOE_SQL_ADMIN_PRINCIPAL_NAME }} -SqlAdminPrincipalObjectId ${{ secrets.AOE_SQL_ADMIN_PRINCIPAL_ID }} - run: echo "🍏 This job's status is ${{ job.status }}." diff --git a/.github/workflows/continuous-deployment-sqlauth.yml b/.github/workflows/continuous-deployment-sqlauth.yml index 046f5db..2b581ce 100644 --- a/.github/workflows/continuous-deployment-sqlauth.yml +++ b/.github/workflows/continuous-deployment-sqlauth.yml @@ -44,5 +44,5 @@ jobs: - name: Executing AOE PowerShell deployment script shell: pwsh run: | - ./Deploy-AzureOptimizationEngine.ps1 -SilentDeploymentSettingsPath ./deploymentSettings.json -TemplateUri "https://raw.githubusercontent.com/helderpinto/AzureOptimizationEngine/feature/sqlauth/azuredeploy.bicep" -SqlAdminPrincipalName ${{ secrets.AOE_SQL_ADMIN_PRINCIPAL_NAME }} -SqlAdminPrincipalObjectId ${{ secrets.AOE_SQL_ADMIN_PRINCIPAL_ID }} + ./Deploy-AzureOptimizationEngine.ps1 -SilentDeploymentSettingsPath ./deploymentSettings.json -TemplateUri "https://raw.githubusercontent.com/helderpinto/AzureOptimizationEngine/feature/sqlauth/azuredeploy.bicep" -SqlAdminPrincipalType "Group" -SqlAdminPrincipalName ${{ secrets.AOE_SQL_ADMIN_PRINCIPAL_NAME }} -SqlAdminPrincipalObjectId ${{ secrets.AOE_SQL_ADMIN_PRINCIPAL_ID }} - run: echo "🍏 This job's status is ${{ job.status }}." diff --git a/.github/workflows/continuous-deployment.yml b/.github/workflows/continuous-deployment.yml index b9d3e2b..474d77c 100644 --- a/.github/workflows/continuous-deployment.yml +++ b/.github/workflows/continuous-deployment.yml @@ -44,5 +44,5 @@ jobs: - name: Testing PowerShell script call shell: pwsh run: | - ./Deploy-AzureOptimizationEngine.ps1 -SilentDeploymentSettingsPath ./deploymentSettings.json -SqlAdminPrincipalName ${{ secrets.AOE_SQL_ADMIN_PRINCIPAL_NAME }} -SqlAdminPrincipalObjectId ${{ secrets.AOE_SQL_ADMIN_PRINCIPAL_ID }} + ./Deploy-AzureOptimizationEngine.ps1 -SilentDeploymentSettingsPath ./deploymentSettings.json -SqlAdminPrincipalType "Group" -SqlAdminPrincipalName ${{ secrets.AOE_SQL_ADMIN_PRINCIPAL_NAME }} -SqlAdminPrincipalObjectId ${{ secrets.AOE_SQL_ADMIN_PRINCIPAL_ID }} - run: echo "🍏 This job's status is ${{ job.status }}." diff --git a/Deploy-AzureOptimizationEngine.ps1 b/Deploy-AzureOptimizationEngine.ps1 index 807d47c..e35f9b7 100644 --- a/Deploy-AzureOptimizationEngine.ps1 +++ b/Deploy-AzureOptimizationEngine.ps1 @@ -17,6 +17,9 @@ param ( [Parameter(Mandatory = $false)] [hashtable] $ResourceTags = @{}, + [Parameter(Mandatory = $false)] + [string] $SqlAdminPrincipalType = "User", + [Parameter(Mandatory = $false)] [string] $SqlAdminPrincipalName, @@ -213,7 +216,12 @@ else { } } -try +if (-not([string]::IsNullOrEmpty($SqlAdminPrincipalName)) -and -not([string]::IsNullOrEmpty($SqlAdminPrincipalObjectId))) +{ + $userPrincipalName = $SqlAdminPrincipalName + $userObjectId = $SqlAdminPrincipalObjectId +} +elseif ($SqlAdminPrincipalType -eq "User") { $user = Get-AzADUser -SignedIn -Select UserType, UserPrincipalName, Id if (-not([string]::IsNullOrEmpty($user.UserPrincipalName)) -and -not([string]::IsNullOrEmpty($user.Id))) @@ -224,21 +232,12 @@ try else { throw "Could not get the signed-in user details." - } + } } -catch +else { - if (-not([string]::IsNullOrEmpty($SqlAdminPrincipalName)) -and -not([string]::IsNullOrEmpty($SqlAdminPrincipalObjectId))) - { - $userPrincipalName = $SqlAdminPrincipalName - - $userObjectId = $SqlAdminPrincipalObjectId - } - else - { - throw "Could not get the principal user details." - } -} + throw "You must provide the SQL Admin principal name and object Id for non-User principal types." +} $cloudDetails = Get-AzEnvironment -Name $AzureEnvironment @@ -668,7 +667,7 @@ if ("Y", "y" -contains $continueInput) { -logAnalyticsWorkspaceName $laWorkspaceName -logAnalyticsWorkspaceRG $laWorkspaceResourceGroup ` -storageAccountName $storageAccountName -automationAccountName $automationAccountName ` -sqlServerName $sqlServerName -sqlDatabaseName $sqlDatabaseName -cloudEnvironment $AzureEnvironment ` - -userPrincipalName $userPrincipalName -userObjectId $userObjectId -resourceTags $ResourceTags -WarningAction SilentlyContinue + -userPrincipalName $userPrincipalName -userObjectId $userObjectId -sqlAdminPrincipalType $SqlAdminPrincipalType -resourceTags $ResourceTags -WarningAction SilentlyContinue $deploymentSucceeded = $true } catch { diff --git a/azuredeploy-nested.bicep b/azuredeploy-nested.bicep index 392fc90..a6ac1f3 100644 --- a/azuredeploy-nested.bicep +++ b/azuredeploy-nested.bicep @@ -12,6 +12,7 @@ param logAnalyticsRetentionDays int param sqlBackupRetentionDays int param userObjectId string param userPrincipalName string +param sqlAdminPrincipalType string param cloudEnvironment string param authenticationOption string @@ -1682,7 +1683,7 @@ resource sqlServer 'Microsoft.Sql/servers@2022-05-01-preview' = { administratorType: 'ActiveDirectory' azureADOnlyAuthentication: true login: userPrincipalName - principalType: 'User' + principalType: sqlAdminPrincipalType sid: userObjectId tenantId: tenant().tenantId } diff --git a/azuredeploy.bicep b/azuredeploy.bicep index e2d3178..45a1e8f 100644 --- a/azuredeploy.bicep +++ b/azuredeploy.bicep @@ -18,6 +18,7 @@ param logAnalyticsRetentionDays int = 120 param sqlBackupRetentionDays int = 7 param userPrincipalName string param userObjectId string +param sqlAdminPrincipalType string = 'User' param cloudEnvironment string = 'AzureCloud' param authenticationOption string = 'ManagedIdentity' @@ -56,6 +57,7 @@ module resourcesDeployment './azuredeploy-nested.bicep' = { resourceTags: resourceTags userPrincipalName: userPrincipalName userObjectId: userObjectId + sqlAdminPrincipalType: sqlAdminPrincipalType } dependsOn: [ rg