[ServiceConnector] az webapp connection create redis: Add `--system…

…-identity` param (#30630) * add --system-identity for redis * lint * fix
Azure · Jan 14, 2025 · 07ecde8 · 07ecde8
1 parent b912e02
commit 07ecde8
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 5 deletions.
diff --git a/src/azure-cli/azure/cli/command_modules/serviceconnector/_resource_config.py b/src/azure-cli/azure/cli/command_modules/serviceconnector/_resource_config.py
@@ -782,7 +782,7 @@ class CLIENT_TYPE(Enum):
         RESOURCE.Mysql: [AUTH_TYPE.Secret],
         RESOURCE.MysqlFlexible: [AUTH_TYPE.Secret, AUTH_TYPE.UserAccount],
         RESOURCE.Sql: [AUTH_TYPE.Secret, AUTH_TYPE.UserAccount],
-        RESOURCE.Redis: [AUTH_TYPE.SecretAuto],
+        RESOURCE.Redis: [AUTH_TYPE.SecretAuto, AUTH_TYPE.UserAccount, AUTH_TYPE.ServicePrincipalSecret],
         RESOURCE.RedisEnterprise: [AUTH_TYPE.SecretAuto],
 
         RESOURCE.CosmosCassandra: [AUTH_TYPE.SecretAuto, AUTH_TYPE.UserAccount, AUTH_TYPE.ServicePrincipalSecret],
@@ -811,7 +811,7 @@ class CLIENT_TYPE(Enum):
         RESOURCE.Mysql: [AUTH_TYPE.Secret],
         RESOURCE.MysqlFlexible: [AUTH_TYPE.Secret, AUTH_TYPE.SystemIdentity, AUTH_TYPE.UserIdentity, AUTH_TYPE.ServicePrincipalSecret],
         RESOURCE.Sql: [AUTH_TYPE.Secret, AUTH_TYPE.SystemIdentity, AUTH_TYPE.UserIdentity, AUTH_TYPE.ServicePrincipalSecret],
-        RESOURCE.Redis: [AUTH_TYPE.SecretAuto],
+        RESOURCE.Redis: [AUTH_TYPE.SystemIdentity, AUTH_TYPE.UserIdentity, AUTH_TYPE.SecretAuto, AUTH_TYPE.ServicePrincipalSecret],
         RESOURCE.RedisEnterprise: [AUTH_TYPE.SecretAuto],
 
         RESOURCE.CosmosCassandra: [AUTH_TYPE.SystemIdentity, AUTH_TYPE.SecretAuto, AUTH_TYPE.UserIdentity, AUTH_TYPE.ServicePrincipalSecret],
@@ -843,7 +843,7 @@ class CLIENT_TYPE(Enum):
         RESOURCE.Mysql: [AUTH_TYPE.Secret],
         RESOURCE.MysqlFlexible: [AUTH_TYPE.Secret, AUTH_TYPE.SystemIdentity, AUTH_TYPE.UserIdentity, AUTH_TYPE.ServicePrincipalSecret],
         RESOURCE.Sql: [AUTH_TYPE.Secret, AUTH_TYPE.SystemIdentity, AUTH_TYPE.UserIdentity, AUTH_TYPE.ServicePrincipalSecret],
-        RESOURCE.Redis: [AUTH_TYPE.SecretAuto],
+        RESOURCE.Redis: [AUTH_TYPE.SystemIdentity, AUTH_TYPE.UserIdentity, AUTH_TYPE.SecretAuto, AUTH_TYPE.ServicePrincipalSecret],
         RESOURCE.RedisEnterprise: [AUTH_TYPE.SecretAuto],
 
         RESOURCE.CosmosCassandra: [AUTH_TYPE.SystemIdentity, AUTH_TYPE.SecretAuto, AUTH_TYPE.UserIdentity, AUTH_TYPE.ServicePrincipalSecret],
@@ -875,7 +875,7 @@ class CLIENT_TYPE(Enum):
         RESOURCE.Mysql: [AUTH_TYPE.Secret],
         RESOURCE.MysqlFlexible: [AUTH_TYPE.Secret],
         RESOURCE.Sql: [AUTH_TYPE.Secret],
-        RESOURCE.Redis: [AUTH_TYPE.SecretAuto],
+        RESOURCE.Redis: [AUTH_TYPE.WorkloadIdentity, AUTH_TYPE.SecretAuto, AUTH_TYPE.ServicePrincipalSecret],
         RESOURCE.RedisEnterprise: [AUTH_TYPE.SecretAuto],
 
         RESOURCE.CosmosCassandra: [AUTH_TYPE.WorkloadIdentity, AUTH_TYPE.SecretAuto, AUTH_TYPE.ServicePrincipalSecret],

diff --git a/src/azure-cli/azure/cli/command_modules/serviceconnector/_validators.py b/src/azure-cli/azure/cli/command_modules/serviceconnector/_validators.py
@@ -962,14 +962,26 @@ def validate_service_state(linker_parameters):
         segments = parse_resource_id(target_id)
         rg = segments.get('resource_group')
         name = segments.get('name')
+        sub = segments.get('subscription')
         if not rg or not name:
             return
 
-        output = run_cli_cmd('az appconfig show -g "{}" -n "{}"'.format(rg, name))
+        output = run_cli_cmd('az appconfig show -g "{}" -n "{}" --subscription "{}"'.format(rg, name, sub))
         if output and output.get('disableLocalAuth') is True:
             raise ValidationError('Secret as auth type is not allowed when local auth is disabled for the '
                                   'specified appconfig, you may use service principal or managed identity.')
 
+    if target_type == RESOURCE.Redis:
+        auth_type = linker_parameters.get('auth_info', {}).get('auth_type')
+        if auth_type == AUTH_TYPE.Secret.value or auth_type == AUTH_TYPE.SecretAuto.value:
+            return
+        redis = run_cli_cmd('az redis show --ids "{}"'.format(target_id))
+        if redis.get('redisConfiguration', {}).get('aadEnabled', 'False') != "True":
+            raise ValidationError('Please enable Microsoft Entra Authentication on your Redis first. '
+                                  'Note that it will cause your cache instances to reboot to load new '
+                                  'configuration and result in a failover. Consider performing the '
+                                  'operation during low traffic or outside of business hours.')
+
 
 def get_default_object_id_of_current_user(cmd, namespace):  # pylint: disable=unused-argument
     user_account_auth_info = getattr(namespace, 'user_account_auth_info', None)