[RDBMS] Added support for minimal tls version and deny public access (A…

…zure#12724) * Added support for minimal tls version and public access * Added history and help * Fix linting * Updated tests and SDK version * Merge * Removing TLS fir now as API changes are not deployed * FIxed linting
qianwens · Mar 27, 2020 · 3f0d72d · 3f0d72d
1 parent 8b855ec
commit 3f0d72d
Show file tree

Hide file tree

Showing 13 changed files with 1,235 additions and 5,989 deletions.
diff --git a/src/azure-cli/HISTORY.rst b/src/azure-cli/HISTORY.rst
@@ -3,6 +3,11 @@
 Release History
 ===============
 
+**RDBMS**
+
+* Bump the azure-mgmt-rdbms SDK version to 2.2.0
+* Add --public-network-access to control whether a server supports public access or not
+
 2.2.0
 ++++++
 

diff --git a/src/azure-cli/azure/cli/command_modules/rdbms/_help.py b/src/azure-cli/azure/cli/command_modules/rdbms/_help.py
@@ -433,7 +433,7 @@
   - name: Create a MySQL server in North Europe with sku GP_Gen5_2 (General Purpose, Gen 5 hardware, 2 vCores).
     text: az mysql server create -l northeurope -g testgroup -n testsvr -u username -p password \\ --sku-name GP_Gen5_2
   - name: Create a MySQL server with all paramaters set.
-    text: az mysql server create -l northeurope -g testgroup -n testsvr -u username -p password \\ --sku-name B_Gen5_1 --ssl-enforcement Disabled \\ --backup-retention 10 --geo-redundant-backup Enabled --storage-size 51200 --tags "key=value" --version {server-version}
+    text: az mysql server create -l northeurope -g testgroup -n testsvr -u username -p password \\ --sku-name B_Gen5_1 --ssl-enforcement Disabled --public-network-access Disabled \\ --backup-retention 10 --geo-redundant-backup Enabled --storage-size 51200 --tags "key=value" --version {server-version}
 """
 
 helps['mysql server delete'] = """
@@ -798,7 +798,7 @@
   - name: Create a PostgreSQL server in North Europe with sku GP_Gen5_2 (General Purpose, Gen 5 hardware, 2 vCores).
     text: az postgres server create -l northeurope -g testgroup -n testsvr -u username -p password \\ --sku-name GP_Gen5_2
   - name: Create a PostgreSQL server with all paramaters set.
-    text: az postgres server create -l northeurope -g testgroup -n testsvr -u username -p password \\ --sku-name B_Gen5_1 --ssl-enforcement Disabled \\ --backup-retention 10 --geo-redundant-backup Enabled --storage-size 51200 --tags "key=value" --version {server-version}
+    text: az postgres server create -l northeurope -g testgroup -n testsvr -u username -p password \\ --sku-name B_Gen5_1 --ssl-enforcement Enabled --public-network-access Disabled \\ --backup-retention 10 --geo-redundant-backup Enabled --storage-size 51200 --tags "key=value" --version {server-version}
 """
 
 helps['postgres server delete'] = """

diff --git a/src/azure-cli/azure/cli/command_modules/rdbms/_params.py b/src/azure-cli/azure/cli/command_modules/rdbms/_params.py
@@ -82,6 +82,7 @@ def _complex_params(command_group):
             c.argument('administrator_login', options_list=['--admin-user', '-u'], help='Administrator username for the server. Once set, it cannot be changed.')
             c.argument('administrator_login_password', options_list=['--admin-password', '-p'], help='The password of the administrator. Minimum 8 characters and maximum 128 characters. Password must contain characters from three of the following categories: English uppercase letters, English lowercase letters, numbers, and non-alphanumeric characters.')
             c.argument('ssl_enforcement', arg_type=get_enum_type(['Enabled', 'Disabled']), options_list=['--ssl-enforcement'], help='Enable or disable ssl enforcement for connections to server. Default is Enabled.')
+            c.argument('public_network_access', arg_type=get_enum_type(['Enabled', 'Disabled']), options_list=['--public-network-access'], help='Set whether public network access to server is allowed or not. When false, only connections made through Private Links can reach this server.')
             c.argument('tier', arg_type=get_enum_type(['Basic', 'GeneralPurpose', 'MemoryOptimized']), options_list=['--performance-tier'], help='The performance tier of the server.')
             c.argument('capacity', options_list=['--vcore'], type=int, help='Number of vcore.')
             c.argument('family', options_list=['--family'], arg_type=get_enum_type(['Gen4', 'Gen5']), help='Hardware generation.')

diff --git a/src/azure-cli/azure/cli/command_modules/rdbms/custom.py b/src/azure-cli/azure/cli/command_modules/rdbms/custom.py
@@ -19,7 +19,7 @@
 def _server_create(cmd, client, resource_group_name, server_name, sku_name, no_wait=False,
                    location=None, administrator_login=None, administrator_login_password=None, backup_retention=None,
                    geo_redundant_backup=None, ssl_enforcement=None, storage_mb=None, tags=None, version=None, auto_grow='Enabled',
-                   assign_identity=False):
+                   assign_identity=False, public_network_access=None):
     provider = 'Microsoft.DBforPostgreSQL'
     if isinstance(client, MySqlServersOperations):
         provider = 'Microsoft.DBforMySQL'
@@ -36,6 +36,7 @@ def _server_create(cmd, client, resource_group_name, server_name, sku_name, no_w
                 administrator_login_password=administrator_login_password,
                 version=version,
                 ssl_enforcement=ssl_enforcement,
+                public_network_access=public_network_access,
                 storage_profile=mysql.models.StorageProfile(
                     backup_retention_days=backup_retention,
                     geo_redundant_backup=geo_redundant_backup,
@@ -54,6 +55,7 @@ def _server_create(cmd, client, resource_group_name, server_name, sku_name, no_w
                 administrator_login_password=administrator_login_password,
                 version=version,
                 ssl_enforcement=ssl_enforcement,
+                public_network_access=public_network_access,
                 storage_profile=postgresql.models.StorageProfile(
                     backup_retention_days=backup_retention,
                     geo_redundant_backup=geo_redundant_backup,
@@ -72,6 +74,7 @@ def _server_create(cmd, client, resource_group_name, server_name, sku_name, no_w
                 administrator_login_password=administrator_login_password,
                 version=version,
                 ssl_enforcement=ssl_enforcement,
+                public_network_access=public_network_access,
                 storage_profile=mariadb.models.StorageProfile(
                     backup_retention_days=backup_retention,
                     geo_redundant_backup=geo_redundant_backup,
@@ -289,7 +292,8 @@ def _server_update_custom_func(instance,
                                ssl_enforcement=None,
                                tags=None,
                                auto_grow=None,
-                               assign_identity=False):
+                               assign_identity=False,
+                               public_network_access=None):
     from importlib import import_module
     server_module_path = instance.__module__
     module = import_module(server_module_path.replace('server', 'server_update_parameters'))
@@ -317,7 +321,8 @@ def _server_update_custom_func(instance,
                                     administrator_login_password=administrator_login_password,
                                     version=None,
                                     ssl_enforcement=ssl_enforcement,
-                                    tags=tags)
+                                    tags=tags,
+                                    public_network_access=public_network_access)
 
     if assign_identity:
         if server_module_path.find('postgres'):