{Service Connector}: add prompt for postgresql server Entra auth (#7652)

* update

* lint

src/serviceconnector-passwordless/HISTORY.rst

@@ -2,6 +2,10 @@
 
 Release History
 ===============
+2.0.3
+++++++
+* Prompt confirmation when update PostgreSQL server
+
 2.0.2
 ++++++
 * Fix no attribute error

src/serviceconnector-passwordless/azext_serviceconnector_passwordless/_credential_free.py

@@ -31,7 +31,7 @@
     get_source_resource_name,
     get_target_resource_name,
 )
-from ._utils import run_cli_cmd, get_local_ip, confirm_all_ip_allow, confirm_admin_set
+from ._utils import run_cli_cmd, get_local_ip, confirm_all_ip_allow, confirm_admin_set, confirm_enable_entra_auth
 logger = get_logger(__name__)
 
 AUTHTYPES = {
@@ -400,11 +400,10 @@ def create_aad_user_in_mysql(self, connection_kwargs, query_list):
             for q in query_list:
                 if q:
                     try:
-                        logger.debug(q)
+                        logger.warning("Running query: %s", q)
                         cursor.execute(q)
                     except Exception as e:  # pylint: disable=broad-except
-                        logger.warning(
-                            "Query %s, error: %s", q, str(e))
+                        logger.warning("Query execution failed: %s", str(e))
         except pymysql.Error as e:
             raise AzureConnectionError(
                 "Fail to connect mysql. " + str(e)) from e
@@ -595,10 +594,10 @@ def create_aad_user_in_sql(self, connection_args, query_list):
                         "Adding new Microsoft Entra user %s to database...", self.aad_username)
                     for execution_query in query_list:
                         try:
-                            logger.debug(execution_query)
+                            logger.warning("Running query: %s", execution_query)
                             cursor.execute(execution_query)
                         except pyodbc.ProgrammingError as e:
-                            logger.warning(e)
+                            logger.warning("Query execution failed: %s", str(e))
                         conn.commit()
         except pyodbc.Error as e:
             search_ip = re.search(
@@ -678,6 +677,8 @@ def enable_target_aad_auth(self):
                 self.resource_group, self.db_server, self.subscription))
         if target.get('authConfig').get('activeDirectoryAuth') == "Enabled":
             return
+        if not self.skip_prompt:
+            confirm_enable_entra_auth()
         run_cli_cmd('az postgres flexible-server update --ids {} --active-directory-auth Enabled'.format(
             self.target_id))
 
@@ -805,10 +806,10 @@ def create_aad_user_in_pg(self, conn_string, query_list):
         for execution_query in query_list:
             if execution_query:
                 try:
-                    logger.debug(execution_query)
+                    logger.warning("Running query: %s", execution_query)
                     cursor.execute(execution_query)
                 except psycopg2.Error as e:  # role "aad_user" already exists
-                    logger.warning(e)
+                    logger.warning("Query execution failed: %s", str(e))
 
         # Clean up
         conn.commit()

src/serviceconnector-passwordless/azext_serviceconnector_passwordless/_utils.py

@@ -22,6 +22,8 @@
 IP_ADDRESS_CHECKER = 'https://api.ipify.org'
 OPEN_ALL_IP_MESSAGE = 'Do you want to enable access for all IPs to allow local environment connecting to database?'
 SET_ADMIN_MESSAGE = 'Do you want to set current user as Entra admin?'
+ENABLE_ENTRA_AUTH_MESSAGE = 'Do you want to enable Microsoft Entra Authentication for the database server?\
+ It may cause the server restart.'
 
 
 def should_load_source(source):
@@ -85,6 +87,19 @@ def confirm_all_ip_allow():
             'Unable to prompt for confirmation as no tty available. Use --yes.') from e
 
 
+def confirm_enable_entra_auth():
+    try:
+        if not prompt_y_n(ENABLE_ENTRA_AUTH_MESSAGE):
+            ex = AzureConnectionError(
+                "Please enable Microsoft Entra authentication manually and try again.")
+            telemetry.set_exception(ex, "Refuse-Entra-Auth")
+            raise ex
+    except NoTTYException as e:
+        telemetry.set_exception(e, "No-TTY")
+        raise CLIInternalError(
+            'Unable to prompt for confirmation as no tty available. Use --yes.') from e
+
+
 def confirm_admin_set():
     try:
         return prompt_y_n(SET_ADMIN_MESSAGE)

src/serviceconnector-passwordless/azext_serviceconnector_passwordless/commands.py

@@ -8,6 +8,7 @@
 
 from azure.cli.command_modules.serviceconnector._resource_config import (
     SOURCE_RESOURCES,
+    TARGET_RESOURCES_DEPRECATED
 )
 from azure.cli.command_modules.serviceconnector._transformers import (
     transform_linker_properties,
@@ -32,8 +33,12 @@ def load_command_table(self, _):
     for target in PASSWORDLESS_TARGET_RESOURCES:
         with self.command_group('connection create',
                                 local_connection_type, client_factory=cf_connector) as ig:
-            ig.custom_command(target.value, 'local_connection_create_ext',
-                              supports_no_wait=True)
+            if target in TARGET_RESOURCES_DEPRECATED:
+                ig.custom_command(target.value, 'local_connection_create_ext', deprecate_info=self.deprecate(hide=False),
+                                  supports_no_wait=True, transform=transform_linker_properties)
+            else:
+                ig.custom_command(target.value, 'local_connection_create_ext',
+                                  supports_no_wait=True, transform=transform_linker_properties)
 
     for source in SOURCE_RESOURCES:
         # if source resource is released as an extension, load our command groups
@@ -42,5 +47,9 @@ def load_command_table(self, _):
             for target in PASSWORDLESS_TARGET_RESOURCES:
                 with self.command_group(f'{source.value} connection create',
                                         connection_type, client_factory=cf_linker) as ig:
-                    ig.custom_command(target.value, 'connection_create_ext',
-                                      supports_no_wait=True, transform=transform_linker_properties)
+                    if target in TARGET_RESOURCES_DEPRECATED:
+                        ig.custom_command(target.value, 'connection_create_ext', deprecate_info=self.deprecate(hide=False),
+                                          supports_no_wait=True, transform=transform_linker_properties)
+                    else:
+                        ig.custom_command(target.value, 'connection_create_ext',
+                                          supports_no_wait=True, transform=transform_linker_properties)

src/serviceconnector-passwordless/azext_serviceconnector_passwordless/config.py

@@ -4,5 +4,5 @@
 # --------------------------------------------------------------------------------------------
 
 
-VERSION = '2.0.2'
+VERSION = '2.0.3'
 NAME = 'serviceconnector-passwordless'

src/serviceconnector-passwordless/setup.py

@@ -15,7 +15,7 @@
     logger.warn("Wheel is not available, disabling bdist_wheel hook")
 
 
-VERSION = '2.0.2'
+VERSION = '2.0.3'
 try:
     from azext_serviceconnector_passwordless.config import VERSION
 except ImportError: