Azure · evelyn-ys · Jul 19, 2021 · Jul 4, 2021 · Jul 7, 2021 · Jul 7, 2021
@@ -373,6 +373,31 @@ def _firewall_rule_table_format(result):
     return _apply_format(result, _firewall_rule_table_format)
 
 
+########################################################
+#            sql server outbound-firewall-rule         #
+########################################################
+
+
+def outbound_firewall_rule_table_format(result):
+    '''
+    Formats a single or list of server outbound firewall rules as summary results for display with "-o table".
+    '''
+
+    def _outbound_firewall_rule_table_format(result):
+        '''
+        Formats a server outbound firewall rule as summary results for display with "-o table".
+        '''
+        from collections import OrderedDict
+
+        return OrderedDict([
+            ('resourceGroupName', result['resourceGroupName']),
+            ('serverName', result['serverName']),
+            ('outboundRuleFqdn', result['outboundRuleFqdn'])
+        ])
+
+    return _apply_format(result, _outbound_firewall_rule_table_format)
+
+
 ###############################################
 #                sql mi             #
 ###############################################

@@ -1361,6 +1361,49 @@
     text: az sql server firewall-rule update -g mygroup -s myserver -n myrule --start-ip-address 5.4.3.2 --end-ip-address 9.8.7.6
 """
 
+helps['sql server outbound-firewall-rule'] = """
+type: group
+short-summary: Manage a server's outbound firewall rules.
+"""
+
+helps['sql server outbound-firewall-rule create'] = """
+type: command
+short-summary: Create a new outbound firewall rule.
+examples:
+  - name: Create a new outbound firewall rule
+    text: az sql server outbound-firewall-rule create -g mygroup -s myserver -n allowedFQDN
+  - name: Create a new outbound firewall rule
+    text: az sql server outbound-firewall-rule create -g mygroup -s myserver --outbound-rule-fqdn allowedFQDN
+"""
+
+helps['sql server outbound-firewall-rule list'] = """
+type: command
+short-summary: List a server's outbound firewall rules.
+examples:
+  - name: List a server's outbound firewall rules
+    text: az sql server outbound-firewall-rule list -g mygroup -s myserver
+"""
+
+helps['sql server outbound-firewall-rule show'] = """
+type: command
+short-summary: Show the details for an outbound firewall rule.
+examples:
+  - name: Show the outbound firewall rule
+    text: az sql server outbound-firewall-rule show -g mygroup -s myserver -n myrule
+  - name: Show the outbound firewall rule
+    text: az sql server outbound-firewall-rule show -g mygroup -s myserver --outbound-rule-fqdn allowedFQDN
+"""
+
+helps['sql server outbound-firewall-rule delete'] = """
+type: command
+short-summary: Delete the outbound firewall rule.
+examples:
+  - name: Delete the outbound firewall rule
+    text: az sql server outbound-firewall-rule delete -g mygroup -s myserver -n myrule
+  - name: Delete the outbound firewall rule
+    text: az sql server outbound-firewall-rule delete -g mygroup -s myserver --outbound-rule-fqdn allowedFQDN
+"""
+
 helps['sql server key'] = """
 type: group
 short-summary: Manage a server's keys.

@@ -1398,6 +1398,13 @@ def _configure_security_policy_storage_params(arg_ctx):
                    'only connections made through Private Links can reach this server.',
                    is_preview=True)
 
+        c.argument('restrict_outbound_network_access',
+                   options_list=['--restrict-outbound-network-access', '-r'],
+                   arg_type=get_three_state_flag(),
+                   help='Set whether outbound network access to server is restricted or not. When true,'
+                   'the outbound connections from the server will be restricted.',
+                   is_preview=True)
+
         c.argument('primary_user_assigned_identity_id',
                    options_list=['--primary-user-assigned-identity-id', '--pid'],
                    help='The ID of the primary user managed identity.')
@@ -1652,6 +1659,19 @@ def _configure_security_policy_storage_params(arg_ctx):
                    help='The end IP address of the firewall rule. Must be IPv4 format. Use value'
                    ' \'0.0.0.0\' to represent all Azure-internal IP addresses.')
 
+    #####
+    #           sql server outbound firewall-rule
+    #####
+    with self.argument_context('sql server outbound-firewall-rule') as c:
+        # Help text needs to be specified because 'sql server outbound-firewall-rule update' is a custom
+        # command.
+        c.argument('server_name',
+                   arg_type=server_param_type)
+
+        c.argument('outbound_rule_fqdn',
+                   options_list=['--outbound-rule-fqdn', '-n'],
+                   help='The allowed FQDN for the outbound firewall rule.')
+
     #####
     #           sql server key
     #####

@@ -96,6 +96,10 @@ def get_sql_firewall_rules_operations(cli_ctx, _):
     return get_sql_management_client(cli_ctx).firewall_rules
 
 
+def get_sql_outbound_firewall_rules_operations(cli_ctx, _):
+    return get_sql_management_client(cli_ctx).outbound_firewall_rules
+
+
 def get_sql_instance_pools_operations(cli_ctx, _):
     return get_sql_management_client(cli_ctx).instance_pools
 

@@ -16,6 +16,7 @@
     elastic_pool_edition_table_format,
     firewall_rule_table_format,
     instance_pool_table_format,
+    outbound_firewall_rule_table_format,
     server_table_format,
     usage_table_format,
     LongRunningOperationResultTransform,
@@ -44,6 +45,7 @@
     get_sql_encryption_protectors_operations,
     get_sql_failover_groups_operations,
     get_sql_firewall_rules_operations,
+    get_sql_outbound_firewall_rules_operations,
     get_sql_instance_pools_operations,
     get_sql_managed_databases_operations,
     get_sql_managed_database_restore_details_operations,
@@ -532,6 +534,21 @@ def load_command_table(self, _):
         g.command('list', 'list_by_server',
                   table_transformer=firewall_rule_table_format)
 
+    outbound_firewall_rules_operations = CliCommandType(
+        operations_tmpl='azure.mgmt.sql.operations#OutboundFirewallRulesOperations.{}',
+        client_factory=get_sql_outbound_firewall_rules_operations)
+
+    with self.command_group('sql server outbound-firewall-rule',
+                            outbound_firewall_rules_operations,
+                            client_factory=get_sql_outbound_firewall_rules_operations) as g:
+        g.custom_command('create', 'outbound_firewall_rule_create',
+                         table_transformer=outbound_firewall_rule_table_format)
+        g.command('delete', 'delete')
+        g.show_command('show', 'get',
+                       table_transformer=outbound_firewall_rule_table_format)
+        g.command('list', 'list_by_server',
+                  table_transformer=outbound_firewall_rule_table_format)
+
     aadadmin_operations = CliCommandType(
         operations_tmpl='azure.mgmt.sql.operations#ServerAzureADAdministratorsOperations.{}',
         client_factory=get_sql_server_azure_ad_administrators_operations)

@@ -3451,6 +3451,7 @@ def server_create(
         assign_identity=False,
         no_wait=False,
         enable_public_network=None,
+        restrict_outbound_network_access=None,
         key_id=None,
         user_assigned_identity_id=None,
         primary_user_assigned_identity_id=None,
@@ -3474,6 +3475,11 @@ def server_create(
             ServerNetworkAccessFlag.enabled if enable_public_network
             else ServerNetworkAccessFlag.disabled)
 
+    if restrict_outbound_network_access is not None:
+        kwargs['restrict_outbound_network_access'] = (
+            ServerNetworkAccessFlag.enabled if restrict_outbound_network_access
+            else ServerNetworkAccessFlag.disabled)
+
     kwargs['key_id'] = key_id
 
     kwargs['primary_user_assigned_identity_id'] = primary_user_assigned_identity_id
@@ -3543,6 +3549,7 @@ def server_update(
         assign_identity=False,
         minimal_tls_version=None,
         enable_public_network=None,
+        restrict_outbound_network_access=None,
         primary_user_assigned_identity_id=None,
         key_id=None,
         identity_type=None,
@@ -3572,6 +3579,11 @@ def server_update(
             ServerNetworkAccessFlag.enabled if enable_public_network
             else ServerNetworkAccessFlag.disabled)
 
+    if restrict_outbound_network_access is not None:
+        instance.public_network_access = (
+            ServerNetworkAccessFlag.enabled if restrict_outbound_network_access
+            else ServerNetworkAccessFlag.disabled)
+
     instance.primary_user_assigned_identity_id = (
         primary_user_assigned_identity_id or instance.primary_user_assigned_identity_id)
 
@@ -3690,6 +3702,25 @@ def firewall_rule_create(
                                 end_ip_address=end_ip_address))
 
 
+#########################################################
+#           sql server outbound-firewall-rule           #
+#########################################################
+
+
+def outbound_firewall_rule_create(
+        client,
+        server_name,
+        resource_group_name,
+        outbound_rule_fqdn):
+    '''
+    Creates a new outbound firewall rule.
+    '''
+    return client.create_or_update(
+        server_name=server_name,
+        resource_group_name=resource_group_name,
+        outbound_rule_fqdn=outbound_rule_fqdn)
+
+
 #####
 #           sql server key
 #####