From f499bfa18e1c916354b9e3b82fe84b7469c53cc1 Mon Sep 17 00:00:00 2001
From: Matthew Boentoro <mattboentoro@yahoo.com>
Date: Thu, 2 Jan 2025 23:12:59 -0800
Subject: [PATCH] {RDBMS} az postgres flexible-server identity_remove: Add a
 check to determine whether the user identity is used for geo backup data
 encryption (#30588)

Co-authored-by: Matthew Boentoro <mboentoro@microsoft.com>
---
 .../command_modules/rdbms/flexible_server_custom_postgres.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/azure-cli/azure/cli/command_modules/rdbms/flexible_server_custom_postgres.py b/src/azure-cli/azure/cli/command_modules/rdbms/flexible_server_custom_postgres.py
index 78071c2b722..32fa9270b32 100644
--- a/src/azure-cli/azure/cli/command_modules/rdbms/flexible_server_custom_postgres.py
+++ b/src/azure-cli/azure/cli/command_modules/rdbms/flexible_server_custom_postgres.py
@@ -982,6 +982,11 @@ def flexible_server_identity_remove(cmd, client, resource_group_name, server_nam
         if primary_id and primary_id.lower() in [identity.lower() for identity in identities]:
             raise CLIError("Cannot remove identity {} because it's used for data encryption.".format(primary_id))
 
+        geo_backup_id = instance.data_encryption.geo_backup_user_assigned_identity_id
+
+        if geo_backup_id and geo_backup_id.lower() in [identity.lower() for identity in identities]:
+            raise CLIError("Cannot remove identity {} because it's used for geo backup data encryption.".format(geo_backup_id))
+
     identities_map = {}
     for identity in identities:
         identities_map[identity] = None