|
21 | 21 | aif_account_resource_id="" |
22 | 22 | # Add global variable for SQL Server public access |
23 | 23 | original_sql_public_access="" |
| 24 | + created_sql_allow_all_firewall_rule="false" |
| 25 | + original_full_range_rule_present="false" |
24 | 26 |
|
25 | 27 | # Function to enable public network access temporarily |
26 | 28 | enable_public_access() { |
|
127 | 129 | else |
128 | 130 | echo "✓ SQL Server public access already enabled" |
129 | 131 | fi |
| 132 | + |
| 133 | + # Add (or verify) a firewall rule allowing all IPs (TEMPORARY) |
| 134 | + echo "Ensuring temporary wide-open firewall rule exists for data load" |
| 135 | + sql_allow_all_rule_name="temp-allow-all-ip" |
| 136 | + |
| 137 | + # Detect if a full-range rule (any name) already existed before we potentially create one |
| 138 | + pre_existing_full_range_rule=$(az sql server firewall-rule list \ |
| 139 | + --server "$sqlServerName" \ |
| 140 | + --resource-group "$resourceGroupName" \ |
| 141 | + --query "[?startIpAddress=='0.0.0.0' && endIpAddress=='255.255.255.255'] | [0].name" \ |
| 142 | + -o tsv 2>/dev/null) |
| 143 | + if [ -n "$pre_existing_full_range_rule" ]; then |
| 144 | + original_full_range_rule_present="true" |
| 145 | + fi |
| 146 | + |
| 147 | + existing_allow_all_rule=$(az sql server firewall-rule list \ |
| 148 | + --server "$sqlServerName" \ |
| 149 | + --resource-group "$resourceGroupName" \ |
| 150 | + --query "[?name=='${sql_allow_all_rule_name}'] | [0].name" \ |
| 151 | + -o tsv 2>/dev/null) |
| 152 | + |
| 153 | + if [ -z "$existing_allow_all_rule" ]; then |
| 154 | + if [ -n "$pre_existing_full_range_rule" ]; then |
| 155 | + echo "✓ Existing rule ($pre_existing_full_range_rule) already allows full IP range." |
| 156 | + else |
| 157 | + echo "Creating temporary allow-all firewall rule ($sql_allow_all_rule_name)..." |
| 158 | + if az sql server firewall-rule create \ |
| 159 | + --resource-group "$resourceGroupName" \ |
| 160 | + --server "$sqlServerName" \ |
| 161 | + --name "$sql_allow_all_rule_name" \ |
| 162 | + --start-ip-address 0.0.0.0 \ |
| 163 | + --end-ip-address 255.255.255.255 \ |
| 164 | + --output none; then |
| 165 | + created_sql_allow_all_firewall_rule="true" |
| 166 | + echo "✓ Temporary allow-all firewall rule created" |
| 167 | + else |
| 168 | + echo "⚠ Warning: Failed to create allow-all firewall rule" |
| 169 | + fi |
| 170 | + fi |
| 171 | + else |
| 172 | + echo "✓ Temporary allow-all firewall rule already present" |
| 173 | + # Since it was present beforehand, mark that a full-range rule existed originally |
| 174 | + original_full_range_rule_present="true" |
| 175 | + fi |
130 | 176 |
|
131 | 177 | # Wait a bit for changes to take effect |
132 | 178 | echo "Waiting for network access changes to propagate..." |
|
0 commit comments