update functionalities

src/azure-cli/azure/cli/command_modules/rdbms/_flexible_server_util.py

@@ -13,13 +13,15 @@
 import string
 import yaml
 from knack.log import get_logger
+from msrestazure.tools import parse_resource_id
+from msrestazure.azure_exceptions import CloudError
+from azure.cli.core.azclierror import AuthenticationError
 from azure.core.paging import ItemPaged
 from azure.cli.core.commands.client_factory import get_subscription_id
 from azure.cli.core.commands import LongRunningOperation, _is_poller
 from azure.cli.core.azclierror import RequiredArgumentMissingError, InvalidArgumentValueError
 from azure.cli.command_modules.role.custom import create_service_principal_for_rbac
 from azure.mgmt.resource.resources.models import ResourceGroup
-from msrestazure.tools import parse_resource_id
 from ._client_factory import resource_client_factory, cf_mysql_flexible_location_capabilities, cf_postgres_flexible_location_capabilities
 
 logger = get_logger(__name__)
@@ -337,6 +339,7 @@ def run_subprocess_get_output(command):
 
 
 def register_credential_secrets(cmd, database_engine, server, repository):
+    logger.warning('Adding secret "AZURE_CREDENTIALS" to github repository')
     resource_group = parse_resource_id(server.id)["resource_group"]
     provider = "DBforMySQL"
     if database_engine == "postgresql":
@@ -362,13 +365,14 @@ def register_credential_secrets(cmd, database_engine, server, repository):
     os.remove(credential_file)
 
 
-def register_connection_secrets(cmd, database_engine, server, database_name, administrator_login, administrator_login_password, repository):
+def register_connection_secrets(cmd, database_engine, server, database_name, administrator_login, administrator_login_password, repository, connection_string_name):
+    logger.warning("Added secret %s to github repository", connection_string_name)
     if database_engine == 'postgresql':
         connection_string = "host={} port=5432 dbname={} user={} password={} sslmode=require".format(server.fully_qualified_domain_name, database_name, administrator_login, administrator_login_password)
-        run_subprocess('gh secret set {} --repo {} -b"{}"'.format(AZURE_POSTGRESQL_CONNECTION_STRING, repository, connection_string))
+        run_subprocess('gh secret set {} --repo {} -b"{}"'.format(connection_string_name, repository, connection_string))
     elif database_engine == 'mysql':
         connection_string = "Server={}; Port=3306; Database={}; Uid={}; Pwd={}; SslMode=Preferred;".format(server.fully_qualified_domain_name, database_name, administrator_login, administrator_login_password)
-        run_subprocess('gh secret set {} --repo {} -b"{}"'.format(AZURE_MYSQL_CONNECTION_STRING, repository, connection_string))
+        run_subprocess('gh secret set {} --repo {} -b"{}"'.format(connection_string_name, repository, connection_string))
 
 
 def fill_action_template(cmd, database_engine, server, database_name, administrator_login, administrator_login_password, file_name, action_name, repository):
@@ -379,29 +383,40 @@ def fill_action_template(cmd, database_engine, server, database_name, administra
 
     process = run_subprocess_get_output("gh secret list --repo {}".format(repository))
     github_secrets = process.stdout.read().strip().decode('UTF-8')
-    connection_string = AZURE_POSTGRESQL_CONNECTION_STRING if database_engine == 'postgresql' else AZURE_MYSQL_CONNECTION_STRING
+    # connection_string = AZURE_POSTGRESQL_CONNECTION_STRING if database_engine == 'postgresql' else AZURE_MYSQL_CONNECTION_STRING
 
     if AZURE_CREDENTIALS not in github_secrets:
-        register_credential_secrets(cmd,
-                                    database_engine=database_engine,
-                                    server=server,
-                                    repository=repository)
-
-    if connection_string not in github_secrets:
+        try:
+            register_credential_secrets(cmd,
+                                        database_engine=database_engine,
+                                        server=server,
+                                        repository=repository)
+        except CloudError:
+            raise AuthenticationError('You do not have authorization to create a service principal to run azure service in github actions. \n'
+                                      'Please create a service principal that has access to the database server and add "AZURE_CREDENTIALS" secret to your github repository. \n'
+                                      'Follow the instruction here "aka.ms/github-actions-azure-credentials".')
+
+    connection_string_name = server.name.upper().replace("-", "_") + "_" + database_name.upper().replace("-", "_") + "_" + database_engine.upper() + "_CONNECTION_STRING"
+    if connection_string_name not in github_secrets:
         register_connection_secrets(cmd,
                                     database_engine=database_engine,
                                     server=server,
                                     database_name=database_name,
                                     administrator_login=administrator_login,
                                     administrator_login_password=administrator_login_password,
-                                    repository=repository)
+                                    repository=repository,
+                                    connection_string_name=connection_string_name)
 
     current_location = os.path.dirname(__file__)
 
     with open(current_location + "/templates/" + database_engine + "_githubaction_template.yaml", "r") as template_file:
         template = yaml.safe_load(template_file)
         template['jobs']['build']['steps'][2]['with']['server-name'] = server.fully_qualified_domain_name
-        template['jobs']['build']['steps'][2]['with']['sql-file'] = file_name
+        if database_engine == 'postgresql':
+            template['jobs']['build']['steps'][2]['with']['plsql-file'] = file_name
+        else:
+            template['jobs']['build']['steps'][2]['with']['sql-file'] = file_name
+        template['jobs']['build']['steps'][2]['with']['connection-string'] = "${{ secrets." + connection_string_name + " }}"
         with open(action_dir + action_name + '.yml', 'w', encoding='utf8') as yml_file:
             yml_file.write("on: [push, workflow_dispatch]\n")
             yml_file.write(yaml.dump(template))

src/azure-cli/azure/cli/command_modules/rdbms/flexible_server_custom_common.py

@@ -203,7 +203,7 @@ def github_actions_setup(cmd, client, resource_group_name, server_name, database
 def github_actions_run(action_name, branch):
 
     gitcli_check_and_login()
-    logger.warning("Created event for %s.yml in branch %s", action_name, branch)
+    logger.warning("Created an event for %s.yml in branch %s", action_name, branch)
     run_subprocess("gh workflow run {}.yml --ref {}".format(action_name, branch))
 
 

src/azure-cli/azure/cli/command_modules/rdbms/templates/mysql_githubaction_template.yaml

@@ -9,5 +9,5 @@ jobs:
       - uses: azure/mysql@v1
         with:
           server-name: MYSQL_SERVER_NAME
-          connection-string: ${{ secrets.AZURE_MYSQL_CONNECTION_STRING }}
+          connection-string: MYSQL_CONNECTION_STRING
           sql-file: MYSQL_FILE_NAME

src/azure-cli/azure/cli/command_modules/rdbms/templates/postgresql_githubaction_template.yaml

@@ -9,5 +9,5 @@ jobs:
       - uses: azure/postgresql@v1
         with:
           server-name: POSTGRESQL_SERVER_NAME
-          connection-string: ${{ secrets.AZURE_POSTGRESQL_CONNECTION_STRING }}
+          connection-string: POSTGRESQL_CONNECTION_STRING
           plsql-file: POSTGRESQL_FILE_NAME