[RDBMS] Add server data encryption key management commands for PostgreSQL and MySQL

[shinilm]

Description of PR (Mandatory)
OSSRDBMS enabled customers to bring own keys for data encryption. This PR is to introduce tOssrdbms data encryption CLI commands for PostgreSQL and MySQL

Testing Guide

PostgreSQL Server update/create with identity

az postgres server update --name -g <resoure_group> --assign_identity

az postgres server create --name -g <resoure_group> --location eastus --storage-size 51200 -u -p --backup-retention 7 --sku-name gp_gen5_2 --geo-redundant-backup Disabled --assign_identity

Set Wrap/UNWRAP/Get permissions on key vault for the server identiry
az keyvault set-policy --name -g <resoure_group> --key-permissions get unwrapKey wrapKey --object-id <principl id of the server - 4e647c70-733b-4dbf-b7b2-0bcc537dc450>

Set the key to the server
az postgres server key --name -g <resoure_group> --kid <key url like https://YourVaultName.vault.azure.net/keys/YourKeyName/01234567890123456789012345678901>

Get the key
az postgres server key show --name -g <resoure_group> --kid <key url like https://YourVaultName.vault.azure.net/keys/YourKeyName/01234567890123456789012345678901>

List the Key
az postgres server key list --name orcas-byok-tst -g shinim

Drop the Key
az postgres server key delete -g <resoure_group> --kid <key url like https://YourVaultName.vault.azure.net/keys/YourKeyName/01234567890123456789012345678901>

===================================================================================================================================
MYSQL Server update/create with identity

az mysql server update --name -g <resoure_group> --assign_identity

az mysql server create --name -g <resoure_group> --location eastus --storage-size 51200 -u -p --backup-retention 7 --sku-name gp_gen5_2 --geo-redundant-backup Disabled --assign_identity

Set Wrap/UNWRAP/Get permissions on key vault for the server identiry
az keyvault set-policy --name -g <resoure_group> --key-permissions get unwrapKey wrapKey --object-id <principl id of the server - 4e647c70-733b-4dbf-b7b2-0bcc537dc450>

Set the key to the server
az mysql server key --name -g <resoure_group> --kid <key url like https://YourVaultName.vault.azure.net/keys/YourKeyName/01234567890123456789012345678901>

Get the key
az mysql server key show --name -g <resoure_group> --kid <key url like https://YourVaultName.vault.azure.net/keys/YourKeyName/01234567890123456789012345678901>

List the Key
az mysql server key list --name orcas-byok-tst -g shinim

Drop the Key
az mysql server key delete -g <resoure_group> --kid <key url like https://YourVaultName.vault.azure.net/keys/YourKeyName/01234567890123456789012345678901>

This checklist is used to make sure that common guidelines for a pull request are followed.

• The PR title and description has followed the guideline in Submitting Pull Requests.

• I adhere to the Command Guidelines.

[yonzhan]

add to S167

[bim-msft]

@shinilm You may try out the following code:

    @ResourceGroupPreparer()
    @ServerPreparer(engine_type='mysql')
    def test_mysql_proxy_resources_mgmt(self, resource_group, server, database_engine):
        self._test_firewall_mgmt(resource_group, server, database_engine)
        self._test_vnet_firewall_mgmt(resource_group, server, database_engine)
        self._test_db_mgmt(resource_group, server, database_engine)
        self._test_configuration_mgmt(resource_group, server, database_engine)
        self._test_log_file_mgmt(resource_group, server, database_engine)
        self._test_private_link_resource(resource_group, server, database_engine, 'mysqlServer')
        self._test_private_endpoint_connection(resource_group, server, database_engine)

        vault_name = self.create_random_name('testmysqlproxy', 24)
        self._test_data_encryption(resource_group, server, database_engine, vault_name)

    @ResourceGroupPreparer()
    @ServerPreparer(engine_type='postgres')
    def test_postgres_proxy_resources_mgmt(self, resource_group, server, database_engine):
        self._test_firewall_mgmt(resource_group, server, database_engine)
        self._test_vnet_firewall_mgmt(resource_group, server, database_engine)
        self._test_db_mgmt(resource_group, server, database_engine)
        self._test_configuration_mgmt(resource_group, server, database_engine)
        self._test_log_file_mgmt(resource_group, server, database_engine)
        self._test_private_link_resource(resource_group, server, database_engine, 'postgresqlServer')
        self._test_private_endpoint_connection(resource_group, server, database_engine)

        vault_name = self.create_random_name('testpgproxy', 24)
        self._test_data_encryption(resource_group, server, database_engine, vault_name)

def _test_data_encryption(self, resource_group, server, database_engine, vault_name):
        resource_prefix = 'ossrdbmsbyok'
        key_name = self.create_random_name(resource_prefix, 32)

        # add identity to server
        server_resp = self.cmd('{} server update -g {} --name {} --assign-identity'
                               .format(database_engine, resource_group, server)).get_output_in_json()
        server_identity = server_resp['identity']['principalId']

        # create vault and acl server identity
        self.cmd('keyvault create -g {} -n {} --enable-soft-delete true --enable-purge-protection true'
                 .format(resource_group, vault_name))

        # create key
        key_resp = self.cmd('keyvault key create --name {} -p software --vault-name {}'
                            .format(key_name, vault_name)).get_output_in_json()

        self.cmd('keyvault set-policy -g {} -n {} --object-id {} --key-permissions wrapKey unwrapKey get list'
                 .format(resource_group, vault_name, server_identity))

[Juliehzl]

LGTM