Add AAD support to job agents version 2023-05-01-preview #25553
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -147,7 +147,7 @@ | |
| } | ||
| }, | ||
| "default": { | ||
| "description": "*** Error Responses: ***\n\n * 400 ManagedInstanceStoppingOrStopped - Conflicting operation submitted while instance is in stopping/stopped state\n\n * 400 ManagedInstanceStarting - Conflicting operation submitted while instance is in starting state\n\n * 400 InvalidResourceRequestBody - The resource or resource properties in the request body is empty or invalid.\n\n * 400 MissingSkuName - Sku name is required.\n\n * 400 InvalidDatabaseResourceId - Invalid database resource identifier.\n\n * 400 InvalidIdentityTenantId - tenantId cannot be specified on a create or update request.\n\n * 400 MismatchingSubscriptionWithUrl - The provided subscription did not match the subscription in the Url.\n\n * 400 MismatchingResourceGroupNameWithUrl - The provided resource group name did not match the name in the Url.\n\n * 400 MismatchingServerNameWithUrl - The provided server name did not match the name in the Url.\n\n * 400 MissingUserAssignedIdentities - identity.userAssignedIdentities must be provided when identity.type is equal to \"UserAssigned\".\n\n * 400 MissingIdentityType - Please specify the identity type.\n\n * 400 MultipleIdentitiesOnJobAgent - Please specify only one user managed identity per job agent.\n\n * 400 InvalidIdentityType - Please specify only \"None\" or \"UserAssigned\" identity types.\n\n * 400 JobAgentDatabaseEditionUnsupported - The specified database's service level objective is not supported for use as a job agent database.\n\n * 400 JobAgentDatabaseSecondary - A job agent cannot be linked to a geo-secondary database.\n\n * 400 JobAgentDatabaseAlreadyLinked - The specified database is already linked to another job agent.\n\n * 400 DatabaseDoesNotExist - The requested database was not found\n\n * 400 CannotUseReservedDatabaseName - Cannot use reserved database name in this operation.\n\n * 400 ElasticJobsNotSupportedOnAutoPauseEnabledDatabase - Serverless database with auto-pause is not supported by Elastic jobs because job agent would stop database from pausing. Please disable auto-pause on your serverless database and retry Elastic Job agent creation. See here for more details: https://docs.microsoft.com/azure/azure-sql/database/serverless-tier-overview#auto-pausing\n\n * 400 JobAgentExceededQuota - Could not create job agent because it would exceed the quota.\n\n * 400 JobAgentAlreadyExists - The job agent already exists on the server.\n\n * 404 SubscriptionDoesNotHaveServer - The requested server was not found\n\n * 404 ServerNotInSubscriptionResourceGroup - Specified server does not exist in the specified resource group and subscription.\n\n * 404 PropertyChangeUnsupported - Property cannot be modified.\n\n * 404 SubscriptionNotFound - The requested subscription was not found.\n\n * 404 OperationIdNotFound - The operation with Id does not exist.\n\n * 409 ServerDisabled - Server is disabled.\n\n * 409 OperationCancelled - The operation has been cancelled by user.\n\n * 409 OperationInterrupted - The operation on the resource could not be completed because it was interrupted by another operation on the same resource.\n\n * 429 SubscriptionTooManyCreateUpdateRequests - Requests beyond max requests that can be processed by available resources.\n\n * 429 SubscriptionTooManyRequests - Requests beyond max requests that can be processed by available resources.\n\n * 500 OperationTimedOut - The operation timed out and automatically rolled back. Please retry the operation.\n\n * 503 TooManyRequests - Requests beyond max requests that can be processed by available resources." | ||
| }, | ||
| "202": { | ||
| "description": "Accepted" | ||
|
|
@@ -163,6 +163,9 @@ | |
| "x-ms-examples": { | ||
| "Create or update a job agent": { | ||
| "$ref": "./examples/CreateOrUpdateJobAgent.json" | ||
| }, | ||
| "Create or update a job agent with identity": { | ||
| "$ref": "./examples/CreateOrUpdateJobAgentWithIdentity.json" | ||
| } | ||
| } | ||
| }, | ||
|
|
@@ -258,7 +261,7 @@ | |
| } | ||
| }, | ||
| "default": { | ||
| "description": "*** Error Responses: ***\n\n * 400 ManagedInstanceStoppingOrStopped - Conflicting operation submitted while instance is in stopping/stopped state\n\n * 400 ManagedInstanceStarting - Conflicting operation submitted while instance is in starting state\n\n * 400 InvalidResourceRequestBody - The resource or resource properties in the request body is empty or invalid.\n\n * 400 MissingIdentityType - Please specify the identity type.\n\n * 400 MultipleIdentitiesOnJobAgent - Please specify only one user managed identity per job agent.\n\n * 400 InvalidIdentityTenantId - tenantId cannot be specified on a create or update request.\n\n * 400 InvalidIdentityType - Please specify only \"None\" or \"UserAssigned\" identity types.\n\n * 400 ElasticJobsNotSupportedOnAutoPauseEnabledDatabase - Serverless database with auto-pause is not supported by Elastic jobs because job agent would stop database from pausing. Please disable auto-pause on your serverless database and retry Elastic Job agent creation. See here for more details: https://docs.microsoft.com/azure/azure-sql/database/serverless-tier-overview#auto-pausing\n\n * 404 SubscriptionDoesNotHaveServer - The requested server was not found\n\n * 404 ServerNotInSubscriptionResourceGroup - Specified server does not exist in the specified resource group and subscription.\n\n * 404 PropertyChangeUnsupported - Property cannot be modified.\n\n * 404 JobAgentNotFound - Specified job agent does not exist in the specified logical server.\n\n * 404 OperationIdNotFound - The operation with Id does not exist.\n\n * 409 ServerDisabled - Server is disabled.\n\n * 409 OperationCancelled - The operation has been cancelled by user.\n\n * 409 OperationInterrupted - The operation on the resource could not be completed because it was interrupted by another operation on the same resource.\n\n * 429 SubscriptionTooManyCreateUpdateRequests - Requests beyond max requests that can be processed by available resources.\n\n * 429 SubscriptionTooManyRequests - Requests beyond max requests that can be processed by available resources.\n\n * 500 OperationTimedOut - The operation timed out and automatically rolled back. Please retry the operation.\n\n * 503 TooManyRequests - Requests beyond max requests that can be processed by available resources." | ||
| }, | ||
| "202": { | ||
| "description": "Accepted" | ||
|
|
@@ -268,6 +271,9 @@ | |
| "x-ms-examples": { | ||
| "Update a job agent's tags.": { | ||
| "$ref": "./examples/UpdateJobAgent.json" | ||
| }, | ||
| "Update a job agent's identity.": { | ||
| "$ref": "./examples/UpdateJobAgentWithIdentity.json" | ||
| } | ||
| } | ||
| } | ||
|
|
@@ -290,13 +296,52 @@ | |
| "$ref": "../../../common/v1/types.json#/definitions/Sku", | ||
| "description": "The name and tier of the SKU." | ||
| }, | ||
| "identity": { | ||
| "$ref": "#/definitions/JobAgentIdentity", | ||
| "description": "The identity of the job agent." | ||
| }, | ||
| "properties": { | ||
| "$ref": "#/definitions/JobAgentProperties", | ||
| "description": "Resource properties.", | ||
| "x-ms-client-flatten": true | ||
| } | ||
| } | ||
| }, | ||
| "JobAgentIdentity": { | ||
| "description": "Azure Active Directory identity configuration for a resource.", | ||
| "required": [ | ||
| "type" | ||
| ], | ||
| "type": "object", | ||
| "properties": { | ||
| "tenantId": { | ||
| "format": "uuid", | ||
| "description": "The job agent identity tenant id", | ||
| "type": "string" | ||
| }, | ||
| "type": { | ||
| "description": "The job agent identity type", | ||
| "enum": [ | ||
| "None", | ||
| "SystemAssigned", | ||
| "UserAssigned", | ||
| "SystemAssignedUserAssigned" | ||
| ], | ||
| "type": "string", | ||
| "x-ms-enum": { | ||
| "name": "JobAgentIdentityType", | ||
| "modelAsString": true | ||
| } | ||
| }, | ||
| "userAssignedIdentities": { | ||
| "description": "The resource ids of the user assigned identities to use", | ||
| "type": "object", | ||
| "additionalProperties": { | ||
| "$ref": "#/definitions/JobAgentUserAssignedIdentity" | ||
| } | ||
| } | ||
| } | ||
| }, | ||
| "JobAgentListResult": { | ||
| "description": "A list of Azure SQL job agents.", | ||
| "type": "object", | ||
|
|
@@ -327,6 +372,11 @@ | |
| "description": "Resource ID of the database to store job metadata in.", | ||
| "type": "string", | ||
| "format": "arm-id", | ||
| "x-ms-arm-id-details": { | ||
| "allowedResources": [ | ||
| {} | ||
| ] | ||
| }, | ||
| "x-ms-mutability": [ | ||
| "read", | ||
| "create" | ||
|
|
@@ -354,6 +404,10 @@ | |
| "description": "An update to an Azure SQL job agent.", | ||
| "type": "object", | ||
| "properties": { | ||
| "identity": { | ||
| "$ref": "#/definitions/JobAgentIdentity", | ||
| "description": "Managed identity assigned to job agent" | ||
| }, | ||
| "tags": { | ||
| "description": "Resource tags.", | ||
| "type": "object", | ||
|
|
@@ -362,6 +416,24 @@ | |
| } | ||
| } | ||
| } | ||
| }, | ||
| "JobAgentUserAssignedIdentity": { | ||
|
There was a problem hiding this comment. Looks exactly like There was a problem hiding this comment. We would like to keep this consistent with other Microsoft.Sql APIs such as: https://github.com/Azure/azure-rest-api-specs/blob/def187e2e78d7173d8fdd7f77740dd9719e1dfbf/specification/sql/resource-manager/Microsoft.Sql/preview/2023-02-01-preview/Databases.json#L875C7-L875C7 |
||
| "description": "Azure Active Directory identity configuration for a resource.", | ||
| "type": "object", | ||
| "properties": { | ||
| "principalId": { | ||
| "format": "uuid", | ||
| "description": "The Azure Active Directory principal id.", | ||
| "type": "string", | ||
| "readOnly": true | ||
| }, | ||
| "clientId": { | ||
| "format": "uuid", | ||
| "description": "The Azure Active Directory client id.", | ||
| "type": "string", | ||
| "readOnly": true | ||
| } | ||
| } | ||
| } | ||
| }, | ||
| "parameters": { | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,64 @@ | ||
| { | ||
| "parameters": { | ||
| "subscriptionId": "00000000-1111-2222-3333-444444444444", | ||
| "resourceGroupName": "group1", | ||
| "serverName": "server1", | ||
| "jobAgentName": "agent1", | ||
| "api-version": "2023-05-01-preview", | ||
| "parameters": { | ||
| "location": "southeastasia", | ||
| "identity": { | ||
| "type": "UserAssigned", | ||
| "userAssignedIdentities": { | ||
| "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/group1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-umi": {} | ||
| } | ||
| }, | ||
| "properties": { | ||
| "databaseId": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/group1/providers/Microsoft.Sql/servers/server1/databases/db1" | ||
| } | ||
| } | ||
| }, | ||
| "responses": { | ||
| "200": { | ||
| "body": { | ||
| "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/group1/providers/Microsoft.Sql/servers/server1/jobAgents/agent1", | ||
| "name": "agent1", | ||
| "type": "Microsoft.Sql/servers/jobAgents", | ||
| "location": "southeastasia", | ||
| "identity": { | ||
| "type": "UserAssigned", | ||
| "userAssignedIdentities": { | ||
| "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/group1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-umi": { | ||
| "clientId": "0c29d9b7-0ae2-4014-96ea-faf8e0cf2bc7", | ||
| "principalId": "0c29d9b7-0ae2-4014-96ea-faf8e0cf2bc7" | ||
| } | ||
| } | ||
| }, | ||
| "properties": { | ||
| "databaseId": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/group1/providers/Microsoft.Sql/servers/server1/databases/db1" | ||
| } | ||
| } | ||
| }, | ||
| "201": { | ||
| "body": { | ||
| "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/group1/providers/Microsoft.Sql/servers/server1/jobAgents/agent1", | ||
| "name": "agent1", | ||
| "type": "Microsoft.Sql/servers/jobAgents", | ||
| "location": "southeastasia", | ||
| "identity": { | ||
| "type": "UserAssigned", | ||
| "userAssignedIdentities": { | ||
| "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/group1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-umi": { | ||
| "clientId": "0c29d9b7-0ae2-4014-96ea-faf8e0cf2bc7", | ||
| "principalId": "0c29d9b7-0ae2-4014-96ea-faf8e0cf2bc7" | ||
| } | ||
| } | ||
| }, | ||
| "properties": { | ||
| "databaseId": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/group1/providers/Microsoft.Sql/servers/server1/databases/db1" | ||
| } | ||
| } | ||
| }, | ||
| "202": {} | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| { | ||
| "parameters": { | ||
| "subscriptionId": "00000000-1111-2222-3333-444444444444", | ||
| "resourceGroupName": "group1", | ||
| "serverName": "server1", | ||
| "jobAgentName": "agent1", | ||
| "api-version": "2023-05-01-preview", | ||
| "parameters": { | ||
| "identity": { | ||
| "type": "UserAssigned", | ||
| "userAssignedIdentities": { | ||
| "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/group1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-umi": {} | ||
| } | ||
| } | ||
| } | ||
| }, | ||
| "responses": { | ||
| "200": { | ||
| "body": { | ||
| "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/group1/providers/Microsoft.Sql/servers/server1/jobAgents/agent1", | ||
| "name": "agent1", | ||
| "type": "Microsoft.Sql/servers/jobAgents", | ||
| "location": "southeastasia", | ||
| "properties": { | ||
| "databaseId": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/group1/providers/Microsoft.Sql/servers/server1/databases/db1" | ||
| }, | ||
| "identity": { | ||
| "type": "UserAssigned", | ||
| "userAssignedIdentities": { | ||
| "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/group1/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-umi": { | ||
| "clientId": "e09c8507-0000-0000-97e2-18c5beec59dc", | ||
| "principalId": "0c29d9b7-0ae2-4014-96ea-faf8e0cf2bc7" | ||
| } | ||
| } | ||
| } | ||
| } | ||
| }, | ||
| "202": { | ||
| "headers": { | ||
| "Location": "https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/providers/Microsoft.Sql/locations/southeastasia/jobAgentOperationResults/00000000-1111-2222-3333-444444444444?api-version=2017-03-01-preview" | ||
| } | ||
| } | ||
| } | ||
| } |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please see if you can refactor this part to define it using definitions from common-types instead
e.g. with
https://github.com/Azure/azure-rest-api-specs/blob/main/specification/common-types/resource-management/v5/managedidentity.json
or
azure-rest-api-specs/specification/common-types/resource-management/v5/types.json
Line 201 in 5dd1107
#Resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We would like to keep this consistent with other Microsoft.Sql APIs such as: https://github.com/Azure/azure-rest-api-specs/blob/def187e2e78d7173d8fdd7f77740dd9719e1dfbf/specification/sql/resource-manager/Microsoft.Sql/preview/2023-02-01-preview/Databases.json#L875C7-L875C7
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Either define a common version of identity types under Microsoft.Sql RP or refer it from ARM Common Types. Don't define the same type for all different resource types separately in their swagger json files.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just in case you want to define your own RP common types, I strongly recommend having them in your own 'common.json' or similar name json file, to help everyone remember that they're shared contracts (not to be broken), and also avoid accidental circular dependencies between JSON files, which some tools can't handle today.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
aligning with SQL common type def needs extra efforts from SQL security team. We have to ask for an exception in current version. we will coordinate with SQL security team to fix it in next version. But for this version, please unblock.
Here is the work item to align common types: https://msdata.visualstudio.com/Database%20Systems/_workitems/edit/2697929
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it possible to set an ETA and link it to a Feature/user Story to track this task? Just want to make sure that the next person who makes changes for next API version, is able to address this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The item has been added to SQL API committer task queue and will be fixed in the next API version.