{Mysql} az mysql flexible-server import create: Add firewall rule migration from single to flex (#27640)

nitishsharma25 · web-flow · commit e5716c1f5e50 · 2023-10-24T17:54:57.000+08:00
* added firewall rule changes

* u

* u

* u

* u

* u
diff --git a/src/azure-cli/azure/cli/command_modules/mysql/_client_factory.py b/src/azure-cli/azure/cli/command_modules/mysql/_client_factory.py
@@ -132,3 +132,7 @@ def private_dns_link_client_factory(cli_ctx, subscription_id=None):
 # Operations for single server
 def cf_mysql_servers(cli_ctx, _):
     return get_mysql_management_client(cli_ctx).servers
+
+
+def cf_mysql_firewall_rules(cli_ctx, _):
+    return get_mysql_management_client(cli_ctx).firewall_rules
diff --git a/src/azure-cli/azure/cli/command_modules/mysql/_params.py b/src/azure-cli/azure/cli/command_modules/mysql/_params.py
@@ -467,7 +467,7 @@ def load_arguments(self, _):    # pylint: disable=too-many-statements, too-many-
         argument_context_string = 'mysql flexible-server firewall-rule {}'.format(scope)
         with self.argument_context(argument_context_string) as c:
             c.argument('firewall_rule_name', id_part='child_name_1', options_list=['--rule-name', '-r'], validator=firewall_rule_name_validator,
-                       help='The name of the firewall rule. If name is omitted, default name will be chosen for firewall name. The firewall rule name can only contain 0-9, a-z, A-Z, \'-\' and \'_\'. Additionally, the name of the firewall rule must be at least 3 characters and no more than 128 characters in length. ')
+                       help='The name of the firewall rule. If name is omitted, default name will be chosen for firewall name. The firewall rule name can only contain 0-9, a-z, A-Z, \'-\' and \'_\'. Additionally, the name of the firewall rule must be at least 1 character and no more than 80 characters in length. ')
             c.argument('end_ip_address', options_list=['--end-ip-address'], validator=ip_address_validator,
                        help='The end IP address of the firewall rule. Must be IPv4 format. Use value \'0.0.0.0\' to represent all Azure-internal IP addresses. ')
             c.argument('start_ip_address', options_list=['--start-ip-address'], validator=ip_address_validator,
diff --git a/src/azure-cli/azure/cli/command_modules/mysql/_util.py b/src/azure-cli/azure/cli/command_modules/mysql/_util.py
@@ -566,3 +566,7 @@ def get_single_to_flex_sku_mapping(source_single_server_sku, tier, sku_name):
         else:
             sku_name = single_to_flex_sku_mapping.get(tier).get(source_single_server_sku.capacity)
     return tier, sku_name
+
+
+def get_firewall_rules_from_paged_response(firewall_rules):
+    return list(firewall_rules) if isinstance(firewall_rules, ItemPaged) else firewall_rules
diff --git a/src/azure-cli/azure/cli/command_modules/mysql/_validators.py b/src/azure-cli/azure/cli/command_modules/mysql/_validators.py
@@ -405,10 +405,10 @@ def _valid_range(addr_range):
 
 
 def firewall_rule_name_validator(ns):
-    if not re.search(r'^[a-zA-Z0-9][-_a-zA-Z0-9]{1,126}[_a-zA-Z0-9]$', ns.firewall_rule_name):
+    if not re.search(r'^[a-zA-Z0-9][-_a-zA-Z0-9]{0,79}(?<!-)$', ns.firewall_rule_name):
         raise ValidationError("The firewall rule name can only contain 0-9, a-z, A-Z, \'-\' and \'_\'. "
-                              "Additionally, the name of the firewall rule must be at least 3 characters "
-                              "and no more than 128 characters in length. ")
+                              "Additionally, the name of the firewall rule must be at least 1 character "
+                              "and no more than 80 characters in length. ")
 
 
 def validate_server_name(db_context, server_name, type_):
diff --git a/src/azure-cli/azure/cli/command_modules/mysql/custom.py b/src/azure-cli/azure/cli/command_modules/mysql/custom.py
@@ -23,10 +23,11 @@
 from azure.cli.core.azclierror import ClientRequestError, RequiredArgumentMissingError, ArgumentUsageError, InvalidArgumentValueError, ValidationError
 from ._client_factory import get_mysql_flexible_management_client, cf_mysql_flexible_firewall_rules, cf_mysql_flexible_db, \
     cf_mysql_check_resource_availability, cf_mysql_check_resource_availability_without_location, cf_mysql_flexible_config, \
-    cf_mysql_flexible_servers, cf_mysql_flexible_replica, cf_mysql_flexible_adadmin, cf_mysql_flexible_private_dns_zone_suffix_operations, cf_mysql_servers
+    cf_mysql_flexible_servers, cf_mysql_flexible_replica, cf_mysql_flexible_adadmin, cf_mysql_flexible_private_dns_zone_suffix_operations, cf_mysql_servers, \
+    cf_mysql_firewall_rules
 from ._util import resolve_poller, generate_missing_parameters, get_mysql_list_skus_info, generate_password, parse_maintenance_window, \
     replace_memory_optimized_tier, build_identity_and_data_encryption, get_identity_and_data_encryption, get_tenant_id, run_subprocess, \
-    run_subprocess_get_output, fill_action_template, get_git_root_dir, get_single_to_flex_sku_mapping, GITHUB_ACTION_PATH
+    run_subprocess_get_output, fill_action_template, get_git_root_dir, get_single_to_flex_sku_mapping, get_firewall_rules_from_paged_response, GITHUB_ACTION_PATH
 from ._network import prepare_mysql_exist_private_dns_zone, prepare_mysql_exist_private_network, prepare_private_network, prepare_private_dns_zone, prepare_public_network
 from ._validators import mysql_arguments_validator, mysql_auto_grow_validator, mysql_georedundant_backup_validator, mysql_restore_tier_validator, \
     mysql_retention_validator, mysql_sku_name_validator, mysql_storage_validator, validate_mysql_replica, validate_server_name, \
@@ -167,15 +168,16 @@ def database_delete_func(client, resource_group_name=None, server_name=None, dat
     return result
 
 
-def create_firewall_rule(db_context, cmd, resource_group_name, server_name, start_ip, end_ip):
+def create_firewall_rule(db_context, cmd, resource_group_name, server_name, start_ip, end_ip, firewall_rule_name=None):
     # allow access to azure ip addresses
     cf_firewall = db_context.cf_firewall  # NOQA pylint: disable=unused-variable
     firewall_client = cf_firewall(cmd.cli_ctx, None)
     firewall = firewall_rule_create_func(cmd=cmd,
                                          client=firewall_client,
                                          resource_group_name=resource_group_name,
                                          server_name=server_name,
-                                         start_ip_address=start_ip, end_ip_address=end_ip)
+                                         start_ip_address=start_ip, end_ip_address=end_ip,
+                                         firewall_rule_name=firewall_rule_name)
     return firewall.result().name
 
 
@@ -630,6 +632,13 @@ def flexible_server_import_create(cmd, client,
     if start_ip != -1 and end_ip != -1:
         firewall_name = create_firewall_rule(db_context, cmd, resource_group_name, server_name, start_ip, end_ip)
 
+    # Migrating firewall rules from single server to flexible server
+    if data_source_type.lower() == 'mysql_single' and create_mode.lower() == 'migrate':
+        if network.public_network_access.lower() == 'disabled':
+            logger.warning('Firewall rules cannot be migrated for private access enabled server.')
+        else:
+            migrate_firewall_rules_from_single_to_flex(db_context=db_context, cmd=cmd, source_server_id=source_server_id, target_server_name=server_name)
+
     user = server_result.administrator_login
     server_id = server_result.id
     loc = server_result.location
@@ -1878,6 +1887,25 @@ def flexible_server_export_create(cmd, client, resource_group_name, server_name,
     return resolve_poller(client.begin_create(resource_group_name, server_name, parameters), cmd.cli_ctx, 'Create backup')
 
 
+def migrate_firewall_rules_from_single_to_flex(db_context, cmd, source_server_id, target_server_name):
+    id_parts = parse_resource_id(source_server_id)
+    firewall_client = cf_mysql_firewall_rules(cmd.cli_ctx, _=None)
+    firewall_rules = get_firewall_rules_from_paged_response(firewall_client.list_by_server(id_parts['resource_group'], id_parts['name']))
+    for rule in firewall_rules:
+        if not re.search(r'^[a-zA-Z0-9][-_a-zA-Z0-9]{0,79}(?<!-)$', rule.name):
+            logger.warning("Could not migrate firewall rule \'%s\' since firewall rule name can only contain 0-9, a-z, A-Z, \'-\' and \'_\'. "
+                           "Additionally, the name of the firewall rule must be at least 1 character "
+                           "and no more than 80 characters in length. ", rule.name)
+            continue
+        create_firewall_rule(db_context=db_context,
+                             cmd=cmd,
+                             resource_group_name=id_parts['resource_group'],
+                             server_name=target_server_name,
+                             start_ip=rule.start_ip_address,
+                             end_ip=rule.end_ip_address,
+                             firewall_rule_name=rule.name)
+
+
 # pylint: disable=too-many-instance-attributes, too-few-public-methods, useless-object-inheritance
 class DbContext(object):
     def __init__(self, cmd=None, azure_sdk=None, logging_name=None, cf_firewall=None, cf_db=None,
diff --git a/src/azure-cli/azure/cli/command_modules/mysql/tests/latest/recordings/test_mysql_flexible_server_import_create.yaml b/src/azure-cli/azure/cli/command_modules/mysql/tests/latest/recordings/test_mysql_flexible_server_import_create.yaml
