Question

grajee on Tue, 01 Oct 2019 05:59:39


Based on clarification regarding Azure Context Autosave from a previous question, have a follow up question and using this sample script as a reference.

I understand that below code snippet is creating the SQL instance with my login credentials

# Create a server with a system wide unique server name
$server = New-AzSqlServer -ResourceGroupName $resourceGroupName `
    -ServerName $serverName `
    -Location $location `
    -SqlAdministratorCredentials $(New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $adminSqlLogin, $(ConvertTo-SecureString -String $password -AsPlainText -Force))

Below code snippet is used to create firewall rules and creating a database

# Create a server firewall rule that allows access from the specified IP range
$serverFirewallRule = New-AzSqlServerFirewallRule -ResourceGroupName $resourceGroupName `
    -ServerName $serverName `
    -FirewallRuleName "AllowedIPs" -StartIpAddress $startIp -EndIpAddress $endIp

# Create a blank database with an S0 performance level
$database = New-AzSqlDatabase  -ResourceGroupName $resourceGroupName `
    -ServerName $serverName `
    -DatabaseName $databaseName `
    -RequestedServiceObjectiveName "S0" `
    -SampleName "AdventureWorksLT"

However I am trying to understand for above PowerShell cmdlets to run successfully it needs to connect to the SQL instance first and I don’t see any connection to SQL instance at all, is anything missing in the script. 

Replies

BharathN-MSFT on Wed, 02 Oct 2019 00:10:04


Hi grajee,

Formatted the above question, so that other community members can leverage this thread. For future use and your reference please feel free to use the same thread for follow up questions. 

Regarding your query on the script , based on the azure context autosave functionality enabled or disabled you can use below command to connect to Azure and set the context to a specific subscription. The individual user context and subscription context is propagated through the script

Connect-AzAccount

# Set subscription 
Set-AzContext -SubscriptionId $subscriptionId 

New-AzSqlServer is used in the below snippet to creates a New SQL server instance object with a specific name on Azure with in your subscription and the specified resource group 

# Create a server with a system wide unique server name
$server = New-AzSqlServer -ResourceGroupName $resourceGroupName `
    -ServerName $serverName `
    -Location $location `
    -SqlAdministratorCredentials $(New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $adminSqlLogin, $(ConvertTo-SecureString -String $password -AsPlainText -Force))

For the below snippet to run in order to create Azure SQL Firewall Rule and database , it only needs the SQL server instance name. It doesn't require to connect to SQL instance because these commands are running in user and subscription context which has right set of permissions to create these resources in Azure and its a REST based API call to Azure, it only checks the required resources and parameters are there to create the new resource or configuration and creates it. 

New-AzSqlServerFirewallRule

New-AzSQLDatabase

# Create a server firewall rule that allows access from the specified IP range
$serverFirewallRule = New-AzSqlServerFirewallRule -ResourceGroupName $resourceGroupName `
    -ServerName $serverName `
    -FirewallRuleName "AllowedIPs" -StartIpAddress $startIp -EndIpAddress $endIp

# Create a blank database with an S0 performance level
$database = New-AzSqlDatabase  -ResourceGroupName $resourceGroupName `
    -ServerName $serverName `
    -DatabaseName $databaseName `
    -RequestedServiceObjectiveName "S0" `
    -SampleName "AdventureWorksLT"

Hope this information helps and clarifies your question. Please feel free to revert back if you have any queries. Thanks


grajee on Wed, 02 Oct 2019 02:55:06


Bharath,

Ok. So, by virtue of being logged into the portal I have access to other resources as well without having to login each time to the other services and this contrasts with an application id that connects to A database (for example). Very insightful.

Are these documented anywhere so that I can get to the finer details?

rgn

BharathN-MSFT on Wed, 02 Oct 2019 16:26:45


Thanks grajee, I did share the same documentation in previous thread . Thanks for sharing it for the community here. 

Persist Azure user credentials across PowerShell sessions