Added soft delete feature

Author: rambabu-yalla

src/azure-cli/azure/cli/command_modules/sql/_help.py

@@ -1594,13 +1594,31 @@
 helps['sql server create'] = """
 type: command
 short-summary: Create a server.
+long-summary: |
+    Create a new SQL server. The server can be configured with various security, networking, 
+    and identity management options including soft delete protection for disaster recovery.
+parameters:
+  - name: --enable-soft-delete
+    short-summary: Enable soft delete protection for the server.
+    long-summary: |
+        When enabled, allows the server to be recovered after deletion within the retention period.
+        This provides protection against accidental deletion.
+  - name: --soft-delete-retention-days
+    short-summary: Number of days to retain a soft-deleted server.
+    long-summary: |
+        Specifies how many days to keep the server in a soft-deleted state before permanent deletion.
+        Valid range is 1-7 days. Requires --enable-soft-delete to be true.
 examples:
   - name: Create a server.
     text: az sql server create -l westus -g mygroup -n myserver -u myadminuser -p myadminpassword
   - name: Create a server with tags.
     text: az sql server create -l westus -g mygroup -n myserver -u myadminuser -p myadminpassword --tags key1=value1 key2=value2
   - name: Create a server with disabled public network access to server.
     text: az sql server create -l westus -g mygroup -n myserver -u myadminuser -p myadminpassword -e false
+  - name: Create a server with soft delete enabled and 7-day retention period.
+    text: az sql server create -l westus -g mygroup -n myserver -u myadminuser -p myadminpassword --enable-soft-delete --soft-delete-retention-days 7
+  - name: Create a server with minimal TLS version and soft delete protection.
+    text: az sql server create -l westus -g mygroup -n myserver -u myadminuser -p myadminpassword --minimal-tls-version 1.2 --enable-soft-delete --soft-delete-retention-days 3
   - name: Create a server without SQL Admin, with AD admin and AD Only enabled.
     text: az sql server create --enable-ad-only-auth --external-admin-principal-type User --external-admin-name myUserName --external-admin-sid c5e964e2-6bb2-1111-1111-3b16ec0e1234 -g myResourceGroup -n myServer
   - name: Create a server without SQL Admin, with AD admin, AD Only enabled, User ManagedIdenties and Identity Type is SystemAssigned,UserAssigned.
@@ -1615,6 +1633,36 @@
               --identity-type UserAssigned --pid /subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testumi
 """
 
+helps['sql server restore'] = """
+type: command
+short-summary: Restore a deleted SQL server.
+long-summary: |
+    Restore a deleted SQL server from a soft-deleted state. The server must have been deleted 
+    with soft delete enabled and must be within the retention period. The server will be restored 
+    to the specified name in the same location where it was originally deleted.
+parameters:
+  - name: --name -n
+    short-summary: Name of the server to restore to.
+    long-summary: |
+        The name for the restored server. This is typically the same name as the deleted server 
+        you want to restore.
+  - name: --resource-group -g
+    short-summary: Name of the resource group.
+    long-summary: |
+        The resource group where the server will be restored. This is typically the same 
+        resource group where the deleted server was originally located.
+  - name: --location -l
+    short-summary: Location where the deleted server was originally located.
+    long-summary: |
+        Specifies the location where the deleted server was originally located. The restored 
+        server will be created in this same location.
+examples:
+  - name: Restore a deleted server.
+    text: az sql server restore -g mygroup -n myserver -l westus2
+  - name: Restore a deleted server with no-wait option for asynchronous operation.
+    text: az sql server restore -g mygroup -n myserver -l westus2 --no-wait
+"""
+
 helps['sql server dns-alias'] = """
 type: group
 short-summary: Manage a server's DNS aliases.
@@ -1796,10 +1844,41 @@
 helps['sql server update'] = """
 type: command
 short-summary: Update a server.
-examples:
-  - name: Update a server. (autogenerated)
+long-summary: |
+    Update an existing SQL server's configuration including security settings, networking options, 
+    identity management, and soft delete protection settings.
+parameters:
+  - name: --enable-soft-delete
+    short-summary: Enable or disable soft delete protection for the server.
+    long-summary: |
+        When enabled, allows the server to be recovered after deletion within the retention period.
+        This provides protection against accidental deletion. Can be enabled or disabled on existing servers.
+  - name: --soft-delete-retention-days
+    short-summary: Update the number of days to retain a soft-deleted server.
+    long-summary: |
+        Specifies how many days to keep the server in a soft-deleted state before permanent deletion.
+        Valid range is 1-7 days. Requires soft delete to be enabled.
+  - name: --enable-public-network -e
+    short-summary: Update public network access to server.
+    long-summary: |
+        Controls whether the server can be accessed from public networks. When false, only private 
+        endpoint connections are allowed.
+  - name: --restrict-outbound-network-access
+    short-summary: Update outbound network access restriction.
+    long-summary: |
+        Controls whether the server can initiate outbound network connections. When enabled, 
+        restricts outbound connections for enhanced security.
+examples:
+  - name: Update a server password.
     text: az sql server update --admin-password myadminpassword --name MyAzureSQLServer --resource-group MyResourceGroup
-    crafted: true
+  - name: Enable soft delete protection with 7-day retention.
+    text: az sql server update --name MyAzureSQLServer --resource-group MyResourceGroup --enable-soft-delete --soft-delete-retention-days 7
+  - name: Disable public network access for enhanced security.
+    text: az sql server update --name MyAzureSQLServer --resource-group MyResourceGroup --enable-public-network false
+  - name: Update TLS version and enable outbound network restrictions.
+    text: az sql server update --name MyAzureSQLServer --resource-group MyResourceGroup --minimal-tls-version 1.2 --restrict-outbound-network-access
+  - name: Modify soft delete retention period.
+    text: az sql server update --name MyAzureSQLServer --resource-group MyResourceGroup --enable-soft-delete --soft-delete-retention-days 5
   - name: Update a server with User Managed Identies and Identity Type is SystemAssigned,UserAssigned.
     text: az sql server update -g myResourceGroup -n myServer -i \\
               --user-assigned-identity-id /subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testumi \\
@@ -1808,6 +1887,12 @@
     text: az sql server update -g myResourceGroup -n myServer -i \\
               --user-assigned-identity-id /subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testumi \\
               --identity-type UserAssigned --pid /subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testumi
+  - name: Configure server for maximum security compliance.
+    text: az sql server update --name MyAzureSQLServer --resource-group MyResourceGroup \\
+              --minimal-tls-version 1.2 --enable-public-network false \\
+              --restrict-outbound-network-access --enable-soft-delete --soft-delete-retention-days 7
+  - name: Disable soft delete protection (not recommended for production).
+    text: az sql server update --name MyAzureSQLServer --resource-group MyResourceGroup --enable-soft-delete false
 """
 
 helps['sql server vnet-rule'] = """

src/azure-cli/azure/cli/command_modules/sql/_params.py

@@ -73,7 +73,8 @@
     create_args_for_complex_type,
     validate_managed_instance_storage_size,
     validate_backup_storage_redundancy,
-    validate_subnet
+    validate_subnet,
+    validate_soft_delete_parameters
 )
 
 #####
@@ -1911,6 +1912,18 @@ def _configure_security_policy_storage_params(arg_ctx):
         c.argument('federated_client_id',
                    options_list=['--federated-client-id', '--fid'],
                    help='The federated client id used in cross tenant CMK scenario.')
+        
+        c.argument('enable_soft_delete',
+                   options_list=['--enable-soft-delete', '-esd'],
+                   arg_type=get_three_state_flag(),
+                   help='Set whether soft delete is enabled or not. When true,'
+                   'the soft delete is enabled for 7 days by default.',
+                   is_preview=True)
+
+        c.argument('soft_delete_retention_days',
+                   options_list=['--soft-delete-retention-days', '--sdrd'],
+                   help='The number of days to retain soft deleted resources.',
+                   validator=validate_soft_delete_parameters)
 
     with self.argument_context('sql server create') as c:
         c.argument('location',
@@ -1923,7 +1936,9 @@ def _configure_security_policy_storage_params(arg_ctx):
                 'administrator_login_password',
                 'location',
                 'minimal_tls_version',
-                'tags'
+                'tags',
+                'enable_soft_delete',
+                'soft_delete_retention_days'
             ])
 
         c.argument('administrator_login',
@@ -1963,6 +1978,12 @@ def _configure_security_policy_storage_params(arg_ctx):
                    options_list=['--expand-ad-admin'],
                    help='Expand the Active Directory Administrator for the server.')
 
+    with self.argument_context('sql server restore') as c:
+        c.argument('location',
+                   arg_type=get_location_type_with_default_from_resource_group(self.cli_ctx),
+                   required=True,
+                   help='Location where the deleted server was originally located.')
+
     with self.argument_context('sql server list') as c:
         c.argument('expand_ad_admin',
                    options_list=['--expand-ad-admin'],

src/azure-cli/azure/cli/command_modules/sql/_util.py

@@ -262,3 +262,6 @@ def get_sql_managed_database_ledger_digest_uploads_operations(cli_ctx, _):
 
 def get_sql_managed_database_move_operations(cli_ctx, _):
     return get_sql_management_client(cli_ctx).managed_database_move_operations
+
+def get_sql_deleted_servers_operations(cli_ctx, _):
+    return get_sql_management_client(cli_ctx).deleted_servers

src/azure-cli/azure/cli/command_modules/sql/_validators.py

@@ -138,3 +138,38 @@ def validate_managed_instance_storage_size(namespace):
         pass
     else:
         raise CLIError('incorrect usage: --storage must be specified in increments of 32 GB')
+
+
+###############################################
+#                sql server                   #
+###############################################
+
+
+def validate_soft_delete_parameters(namespace):
+    enable_soft_delete = getattr(namespace, 'enable_soft_delete', None)
+    soft_delete_retention_days = getattr(namespace, 'soft_delete_retention_days', None)
+    
+    # Check if soft_delete_retention_days is specified without enable_soft_delete
+    if soft_delete_retention_days is not None and enable_soft_delete is None:
+        raise CLIError('incorrect usage: --soft-delete-retention-days can only be specified when --enable-soft-delete is also specified')
+    
+    # Validate soft_delete_retention_days value when specified
+    if soft_delete_retention_days is not None:
+        try:
+            retention_days = int(soft_delete_retention_days)
+            namespace.soft_delete_retention_days = retention_days
+        except (ValueError, TypeError):
+            raise CLIError('incorrect usage: --soft-delete-retention-days must be a valid integer')
+        
+        # Validate range based on enable_soft_delete value
+        if enable_soft_delete is True:
+            # When enable_soft_delete is true, retention days must be 1-7
+            if not (1 <= retention_days <= 7):
+                raise CLIError('incorrect usage: --soft-delete-retention-days must be between 1 and 7 (inclusive) when --enable-soft-delete is true')
+        elif enable_soft_delete is False:
+            # When enable_soft_delete is false, retention days must be 0
+            if retention_days != 0:
+                raise CLIError('incorrect usage: --soft-delete-retention-days must be 0 when --enable-soft-delete is false')
+        else:
+            # This shouldn't happen since we check above, but for safety
+            raise CLIError('incorrect usage: --soft-delete-retention-days can only be specified when --enable-soft-delete is also specified')

src/azure-cli/azure/cli/command_modules/sql/commands.py

@@ -572,6 +572,9 @@ def load_command_table(self, _):
         g.custom_command('create', 'server_create',
                          table_transformer=server_table_format,
                          supports_no_wait=True)
+        g.custom_command('restore', 'server_restore',
+                         table_transformer=server_table_format,
+                         supports_no_wait=True)
         g.command('delete', 'begin_delete',
                   confirmation=True)
         g.custom_show_command('show', 'server_get',