Skip to content

Commit

Permalink
feat: TrustServerCertificate on AzSqlDatabaseMigration (#434)
Browse files Browse the repository at this point in the history
* TrustServerCertificate on AzSqlDatabaseMigration

Added TrustServerCertificate for scenario's where you want to build locally for integration testing.

* Correct description for parameter

* Version 22+ of SqlServer module is needed

TrustServerCertificate was introduced in version 22
  • Loading branch information
LodewijkSioen authored Sep 17, 2024
1 parent b7446c6 commit de395da
Show file tree
Hide file tree
Showing 6 changed files with 44 additions and 26 deletions.
20 changes: 11 additions & 9 deletions docs/preview/03-Features/powershell/azure-sql.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,15 +24,16 @@ If the DatabaseVersion table doesn't exist it will automatically create it.
This function allows you to trigger a database migration, which will only execute the newly provided SQL scripts, based on the provided version number in each of the scripts.
The current version is stored in a table "DatabaseVersion", which will be created if it doesn't exist yet.

| Parameter | Mandatory | Description |
| ------------------- | --------------------------------------- | ----------------------------------------------------------------------------------- |
| `ServerName` | yes | The full name of the SQL Server that hosts the SQL Database. |
| `DatabaseName` | yes | The name of the SQL Database |
| `UserName` | yes | The UserName of the SQL Database |
| `Password` | yes | The Password of the SQL Database |
| `ScriptsFolder` | no (default: `$PSScriptRoot/sqlScripts` | The directory folder where the SQL migration scripts are located on the file system |
| `ScriptsFileFilter` | no (default: `*.sql`) | The file filter to limit the SQL script files to use during the migrations |
| `DatabaseSchema` | no (default: `dbo`) | The database schema to use when running SQL commands on the target database |
| Parameter | Mandatory | Description |
| ------------------------| --------------------------------------- | ----------------------------------------------------------------------------------- |
| `ServerName` | yes | The full name of the SQL Server that hosts the SQL Database. |
| `DatabaseName` | yes | The name of the SQL Database |
| `UserName` | yes | The UserName of the SQL Database |
| `Password` | yes | The Password of the SQL Database |
| `TrustServerCertificate`| no (default: `$false`) | Indicates whether the channel will be encrypted while bypassing walking the certificate chain to validate trust. |
| `ScriptsFolder` | no (default: `$PSScriptRoot/sqlScripts` | The directory folder where the SQL migration scripts are located on the file system |
| `ScriptsFileFilter` | no (default: `*.sql`) | The file filter to limit the SQL script files to use during the migrations |
| `DatabaseSchema` | no (default: `dbo`) | The database schema to use when running SQL commands on the target database |

Make sure that the credentials that you provide can write tables to the database + any action that you specify in the SQL scripts. (If the user is a member of the `db_ddlamin` role, then that user should have the necessary rights)

Expand All @@ -56,6 +57,7 @@ PS> Invoke-AzSqlDatabaseMigration `
-DatabaseName "my-database-name" `
-Username "my-sql-username" `
-Password "my-sql-password" `
-TrustServerCertificate `
-ScriptsFolder "$PSScriptRoot/sql-scripts" `
-ScriptsFileFilter "*.MyScript.sql" `
-DatabaseSchema "custom"
Expand Down
Binary file modified src/Arcus.Scripting.Sql/Arcus.Scripting.Sql.psd1
Binary file not shown.
6 changes: 5 additions & 1 deletion src/Arcus.Scripting.Sql/Arcus.Scripting.Sql.psm1
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,9 @@ class DatabaseVersion : System.IComparable {
.Parameter Password
The password to be used to connect to the Azure SQL Database.
.Parameter TrustServerCertificate
Indicates whether the channel will be encrypted while bypassing walking the certificate chain to validate trust.
.Parameter ScriptsFolder
The directory folder where the SQL migration scripts are located on the file system.
Expand All @@ -88,12 +91,13 @@ function Invoke-AzSqlDatabaseMigration {
[Parameter(Mandatory = $true)][string] $DatabaseName = $(throw "Please provide the name of the SQL Database"),
[Parameter(Mandatory = $true)][string] $UserName = $(throw "Please provide the UserName of the SQL Database"),
[Parameter(Mandatory = $true)][string] $Password = $(throw "Please provide the Password of the SQL Database"),
[Parameter(Mandatory = $false)][switch] $TrustServerCertificate,
[Parameter(Mandatory = $false)][string] $ScriptsFolder = "$PSScriptRoot/sqlScripts",
[Parameter(Mandatory = $false)][string] $ScriptsFileFilter = "*.sql",
[Parameter(Mandatory = $false)][string] $DatabaseSchema = "dbo"
)

. $PSScriptRoot\Scripts\Invoke-AzSqlDatabaseMigration.ps1 -ServerName $ServerName -DatabaseName $DatabaseName -UserName $UserName -Password $Password -ScriptsFolder $ScriptsFolder -ScriptsFileFilter $ScriptsFileFilter -DatabaseSchema $DatabaseSchema
. $PSScriptRoot\Scripts\Invoke-AzSqlDatabaseMigration.ps1 -ServerName $ServerName -DatabaseName $DatabaseName -UserName $UserName -Password $Password -TrustServerCertificate $TrustServerCertificate -ScriptsFolder $ScriptsFolder -ScriptsFileFilter $ScriptsFileFilter -DatabaseSchema $DatabaseSchema
}

Export-ModuleMember -Function Invoke-AzSqlDatabaseMigration
18 changes: 10 additions & 8 deletions src/Arcus.Scripting.Sql/Scripts/Invoke-AzSqlDatabaseMigration.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ param(
[Parameter(Mandatory = $true)][string] $DatabaseName = $(throw "Please provide the name of the SQL Database"),
[Parameter(Mandatory = $true)][string] $UserName = $(throw "Please provide the user name of the user that must be used to perform the update"),
[Parameter(Mandatory = $true)][string] $Password = $(throw "Please provide the password of the user that must be used to perform the update"),
[Parameter(Mandatory = $false)][bool] $TrustServerCertificate = $false,
[Parameter(Mandatory = $false)][string] $ScriptsFolder = "$PSScriptRoot/sqlScripts",
[Parameter(Mandatory = $false)][string] $ScriptsFileFilter = "*.sql",
[Parameter(Mandatory = $false)][string] $DatabaseSchema = "dbo"
Expand All @@ -27,18 +28,19 @@ function Execute-DbCommandWithResult($params, [string] $query) {
return $result
}

function Create-DbParams([string] $DatabaseName, [string] $serverInstance, [string] $UserName, [string] $Password) {
function Create-DbParams([string] $DatabaseName, [string] $serverInstance, [string] $UserName, [string] $Password, [bool] $TrustServerCertificate) {
Write-Debug "databasename = $DatabaseName"
Write-Debug "serverinstance = $serverInstance"
Write-Debug "username = $UserName"

return $params = @{
'Database' = $DatabaseName
'ServerInstance' = $serverInstance
'Username' = $UserName
'Password' = $Password
'OutputSqlErrors' = $true
'AbortOnError' = $true
'Database' = $DatabaseName
'ServerInstance' = $serverInstance
'Username' = $UserName
'Password' = $Password
'TrustServerCertificate' = $TrustServerCertificate
'OutputSqlErrors' = $true
'AbortOnError' = $true
}
}

Expand All @@ -47,7 +49,7 @@ function Get-SqlScriptFileText([string] $scriptPath, [string] $fileName) {
return $query = Get-Content $currentfilepath
}

$params = Create-DbParams $DatabaseName $ServerName $UserName $Password
$params = Create-DbParams $DatabaseName $ServerName $UserName $Password $TrustServerCertificate

$createDatabaseVersionTable = "IF NOT EXISTS ( SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = 'DatabaseVersion' AND TABLE_SCHEMA = '$DatabaseSchema' ) " +
"BEGIN " +
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -101,14 +101,15 @@ InModuleScope Arcus.Scripting.Sql {
Describe "Arcus Azure SQL integration tests" {
BeforeAll {
$config = & $PSScriptRoot\Load-JsonAppsettings.ps1
$serverInstance = $config.Arcus.Sql.ServerName + '.database.windows.net'
$serverInstance = If($config.Arcus.Sql.UseLocalDb) { $config.Arcus.Sql.ServerName } Else { $config.Arcus.Sql.ServerName + '.database.windows.net' }
$params = @{
'ServerInstance' = $serverInstance
'Database' = $config.Arcus.Sql.DatabaseName
'Username' = $config.Arcus.Sql.UserName
'Password' = $config.Arcus.Sql.Password
'OutputSqlErrors' = $true
'AbortOnError' = $true
'ServerInstance' = $serverInstance
'Database' = $config.Arcus.Sql.DatabaseName
'Username' = $config.Arcus.Sql.UserName
'Password' = $config.Arcus.Sql.Password
'TrustServerCertificate' = $config.Arcus.Sql.TrustServerCertificate
'OutputSqlErrors' = $true
'AbortOnError' = $true
}

& $PSScriptRoot\Connect-AzAccountFromConfig.ps1 -config $config
Expand Down Expand Up @@ -147,6 +148,7 @@ InModuleScope Arcus.Scripting.Sql {
-DatabaseName $config.Arcus.Sql.DatabaseName `
-Username $config.Arcus.Sql.Username `
-Password $config.Arcus.Sql.Password `
-TrustServerCertificate:([bool]::Parse($config.Arcus.Sql.TrustServerCertificate)) `
-ScriptsFolder "$PSScriptRoot\SqlScripts"

# Assert
Expand All @@ -169,6 +171,7 @@ InModuleScope Arcus.Scripting.Sql {
-DatabaseName $config.Arcus.Sql.DatabaseName `
-Username $config.Arcus.Sql.Username `
-Password $config.Arcus.Sql.Password `
-TrustServerCertificate:([bool]::Parse($config.Arcus.Sql.TrustServerCertificate)) `
-DatabaseSchema $customSchema `
-ScriptsFolder "$PSScriptRoot\SqlScripts"

Expand Down Expand Up @@ -201,6 +204,7 @@ InModuleScope Arcus.Scripting.Sql {
-DatabaseName $config.Arcus.Sql.DatabaseName `
-Username $config.Arcus.Sql.Username `
-Password $config.Arcus.Sql.Password `
-TrustServerCertificate:([bool]::Parse($config.Arcus.Sql.TrustServerCertificate)) `
-ScriptsFolder "$PSScriptRoot\SqlScripts"

# Assert
Expand Down Expand Up @@ -235,6 +239,7 @@ InModuleScope Arcus.Scripting.Sql {
-DatabaseName $config.Arcus.Sql.DatabaseName `
-Username $config.Arcus.Sql.Username `
-Password $config.Arcus.Sql.Password `
-TrustServerCertificate:([bool]::Parse($config.Arcus.Sql.TrustServerCertificate)) `
-ScriptsFolder "$PSScriptRoot\SqlScripts\MigrationScriptsAreSuccessfullyExecuted"

# Assert
Expand Down Expand Up @@ -282,6 +287,7 @@ InModuleScope Arcus.Scripting.Sql {
-DatabaseName $config.Arcus.Sql.DatabaseName `
-Username $config.Arcus.Sql.Username `
-Password $config.Arcus.Sql.Password `
-TrustServerCertificate:([bool]::Parse($config.Arcus.Sql.TrustServerCertificate)) `
-ScriptsFolder "$PSScriptRoot\SqlScripts\MigrationStopsOnError" } | Should -Throw

$version = Get-AzSqlDatabaseVersion $params
Expand All @@ -301,6 +307,7 @@ InModuleScope Arcus.Scripting.Sql {
-DatabaseName $config.Arcus.Sql.DatabaseName `
-Username $config.Arcus.Sql.Username `
-Password $config.Arcus.Sql.Password `
-TrustServerCertificate:([bool]::Parse($config.Arcus.Sql.TrustServerCertificate)) `
-ScriptsFolder "$PSScriptRoot\SqlScripts\OldMigrationScriptsAreStillSupported"

$version = Get-AzSqlDatabaseVersion $params
Expand All @@ -316,6 +323,7 @@ InModuleScope Arcus.Scripting.Sql {
-DatabaseName $config.Arcus.Sql.DatabaseName `
-Username $config.Arcus.Sql.Username `
-Password $config.Arcus.Sql.Password `
-TrustServerCertificate:([bool]::Parse($config.Arcus.Sql.TrustServerCertificate)) `
-ScriptsFolder "$PSScriptRoot\SqlScripts\OldAndNewNamingConventionSupported"

$version = Get-AzSqlDatabaseVersion $params
Expand Down
4 changes: 3 additions & 1 deletion src/Arcus.Scripting.Tests.Integration/appsettings.json
Original file line number Diff line number Diff line change
Expand Up @@ -29,10 +29,12 @@
}
},
"Sql": {
"UseLocalDb": false,
"ServerName": "#{Arcus.Scripting.Sql.ServerName}#",
"DatabaseName": "#{Arcus.Scripting.Sql.DatabaseName}#",
"UserName": "#{Arcus.Scripting.Sql.UserName}#",
"Password": "#{Arcus.Scripting.Sql.Password}#"
"Password": "#{Arcus.Scripting.Sql.Password}#",
"TrustServerCertificate": false
},
"ActiveDirectory": {
"TenantId": "#{Arcus.Scripting.ActiveDirectory.TenantId}#",
Expand Down

0 comments on commit de395da

Please sign in to comment.