[SQL] Add 'AuthenticationMetadata' option to New and Set AzSqlInstance cmdlets (#25700)

* Added test and create option

* Updated examples

* Updated changelog

* Updated description of new parameter

* Changed indents

* Update ChangeLog.md

---------

Co-authored-by: Stefan Krivokapic <[email protected]>

Author: krivi37

src/Sql/Sql.Test/ScenarioTests/ManagedInstanceCrudScenarioTests.ps1

@@ -38,14 +38,16 @@ function Test-CreateManagedInstance
 	$timezoneId = "Central Europe Standard Time"
 	$proxyOverride = "Proxy"
 	$backupStorageRedundancy = "Local"
+	$authenticationMetadata = "Paired"
+	$defaultAuthenticationMetadata = "AzureAD"
 
  	try
  	{
  		# With SKU name specified
  		$job = New-AzSqlInstance -ResourceGroupName $rg.ResourceGroupName -Name $managedInstanceName `
  			-Location $rg.Location -AdministratorCredential $credentials -SubnetId $defaultParams.subnet `
   			-LicenseType $licenseType -StorageSizeInGB $storageSizeInGB -Vcore $vCore -SkuName $skuName -Collation $collation `
-			-TimezoneId $timezoneId -PublicDataEndpointEnabled -ProxyOverride $proxyOverride -BackupStorageRedundancy $backupStorageRedundancy -AsJob
+			-TimezoneId $timezoneId -PublicDataEndpointEnabled -ProxyOverride $proxyOverride -BackupStorageRedundancy $backupStorageRedundancy -AuthenticationMetadata $authenticationMetadata  -AsJob
  		$job | Wait-Job
  		$managedInstance1 = $job.Output
 
@@ -66,7 +68,8 @@ function Test-CreateManagedInstance
 		Assert-AreEqual $managedInstance1.CurrentBackupStorageRedundancy $backupStorageRedundancy
 		Assert-AreEqual $managedInstance1.BackupStorageRedundancy $backupStorageRedundancy
  		Assert-StartsWith ($managedInstance1.ManagedInstanceName + ".") $managedInstance1.FullyQualifiedDomainName
-        Assert-NotNull $managedInstance1.DnsZone
+		Assert-NotNull $managedInstance1.DnsZone
+		Assert-AreEqual $managedInstance1.AuthenticationMetadata $authenticationMetadata
 
 		$edition = "GeneralPurpose"
 		$computeGeneration = "Gen5"
@@ -90,8 +93,8 @@ function Test-CreateManagedInstance
 		Assert-AreEqual $managedInstance1.LicenseType $licenseType
 		Assert-AreEqual $managedInstance1.VCores $vCore
 		Assert-AreEqual $managedInstance1.StorageSizeInGB $storageSizeInGB
- 		Assert-StartsWith ($managedInstance1.ManagedInstanceName + ".") $managedInstance1.FullyQualifiedDomainName
-        Assert-AreEqual $managedInstance1.DnsZone $originalDnsZone
+		Assert-StartsWith ($managedInstance1.ManagedInstanceName + ".") $managedInstance1.FullyQualifiedDomainName
+		Assert-AreEqual $managedInstance1.DnsZone $originalDnsZone
 
 		## Get-AzSqlInstance test ##
 		############################
@@ -106,6 +109,7 @@ function Test-CreateManagedInstance
 		Assert-AreEqual $managedInstance1.VCores $resp1.VCores
 		Assert-AreEqual $managedInstance1.StorageSizeInGB $resp1.StorageSizeInGB
 		Assert-AreEqual $false $managedInstance1.ZoneRedundant
+		Assert-AreEqual $managedInstance1.AuthenticationMetadata $defaultAuthenticationMetadata
 
 		$all = Get-AzSqlInstance -ResourceGroupName $rg.ResourceGroupName -Name *
 		Assert-AreEqual 2 $all.Count
@@ -281,16 +285,18 @@ function Test-SetManagedInstance
 		$targetSubnetResourceId = "/subscriptions/8313371e-0879-428e-b1da-6353575a9192/resourceGroups/CustomerExperienceTeam_RG/providers/Microsoft.Network/virtualNetworks/vnet-mi-tooling/subnets/ManagedInstance2"
 		$generalPurpose = "GeneralPurpose"
 		$businessCritical = "BusinessCritical"
+		$authenticationMetadata = "Windows"
 
 		$managedInstance1 = Set-AzSqlInstance -ResourceGroupName $rg.ResourceGroupName -Name $managedInstance.ManagedInstanceName `
-			-AdministratorPassword $credentials.Password -LicenseType $licenseType -StorageSizeInGB $storageSizeInGB -Force
+			-AdministratorPassword $credentials.Password -LicenseType $licenseType -StorageSizeInGB $storageSizeInGB -Force -AuthenticationMetadata $authenticationMetadata
 
 		Assert-AreEqual $managedInstance1.ManagedInstanceName $managedInstance.ManagedInstanceName
 		Assert-AreEqual $managedInstance1.AdministratorLogin $managedInstance.AdministratorLogin
 		Assert-AreEqual $managedInstance1.LicenseType $licenseType
 		Assert-AreEqual $managedInstance1.VCores $managedInstance.VCores
 		Assert-AreEqual $managedInstance1.StorageSizeInGB $storageSizeInGB
-		Assert-StartsWith ($managedInstance1.ManagedInstanceName + ".") $managedInstance1.FullyQualifiedDomainName
+		Assert-StartsWith ($managedInstance1.ManagedInstanceName + ".") $managedInstance1.FullyQualifiedDomainName]
+		Assert-AreEqual $managedInstance1.AuthenticationMetadata $authenticationMetadata
 
 		# Test using piping
 		$credentials = Get-ServerCredential

src/Sql/Sql.Test/SessionRecords/Microsoft.Azure.Commands.Sql.Test.ScenarioTests.ManagedInstanceCrudScenarioTests/TestCreateManagedInstance.json

@@ -25,6 +25,7 @@
 * Added IsGeneralPurposeV2 and StorageIOps fields to the model of the managed instance so that it displays information about GPv2 instances that are returned by `Get-AzSqlInstance`.
 * Added new cmdlet `Set-AzSqlDatabaseReplicationLink` for updating replication link type
 * Updated `Get-AzSqlDatabaseReplicationLink` to use the new sdk
+* Added new parameter AuthenticationMetadata to `New-AzSqlInstance` and `Set-AzSqlInstance`
 
 ## Version 5.1.0
 * Added cross-subscription support for `Copy-AzSqlInstanceDatabase`, `Move-AzSqlInstanceDatabase`

src/Sql/Sql.Test/SessionRecords/Microsoft.Azure.Commands.Sql.Test.ScenarioTests.ManagedInstanceCrudScenarioTests/TestSetManagedInstance.json

@@ -437,6 +437,15 @@ public class NewAzureSqlManagedInstance : ManagedInstanceCmdletBase
             HelpMessage = "Determines how much Storage IOps to associate with instance.",
             ParameterSetName = NewByEditionAndComputeGenerationParameterSet)]
         public int StorageIOps { get; set; }
+        
+        /// <summary>
+        /// Specifies weather or not Managed Instance is freemium
+        /// </summary>
+        [Parameter(Mandatory = false,
+            HelpMessage = "Preferred metadata to use for authentication of synced on-prem users. Default is AzureAD.")]
+        [ValidateSet("AzureAD", "Paired", "Windows")]
+        [PSArgumentCompleter("AzureAD", "Paired", "Windows")]
+        public string AuthenticationMetadata { get; set; }
 
         /// <summary>
         /// Overriding to add warning message
@@ -614,7 +623,8 @@ public override void ExecuteCmdlet()
                 // For non-MI database, we can just pass in 0 and the server will treat 0 as default.
                 // However this is (currently) not the case for MI. We need to convert the 0 to null
                 // here in client before sending to the server.
-                StorageIOps = SqlSkuUtils.ValueIfNonZero(this.StorageIOps)
+                StorageIOps = SqlSkuUtils.ValueIfNonZero(this.StorageIOps),
+                AuthenticationMetadata = this.AuthenticationMetadata
             });
             return newEntity;
         }

src/Sql/Sql/ChangeLog.md

@@ -298,6 +298,15 @@ public class SetAzureSqlManagedInstance : ManagedInstanceCmdletBase
             HelpMessage = "Determines how much Storage IOps to associate with instance.")]
         public int? StorageIOps { get; set; }
 
+        /// <summary>
+        /// Specifies weather or not Managed Instance is freemium
+        /// </summary>
+        [Parameter(Mandatory = false,
+            HelpMessage = "Preferred metadata to use for authentication of synced on-prem users. Default is AzureAD.")]
+        [ValidateSet("AzureAD", "Paired", "Windows")]
+        [PSArgumentCompleter("AzureAD", "Paired", "Windows")]
+        public string AuthenticationMetadata { get; set; }
+
         /// <summary>
         /// Get the instance to update
         /// </summary>
@@ -394,6 +403,7 @@ protected override IEnumerable<AzureSqlManagedInstanceModel> ApplyUserInputToMod
             // This is due to the fact that this update might have a target edition that does not use this parameter.
             // If the target edition uses the parameter, the current value will get picked up later in the update process.
             updateData[0].StorageIOps = this.StorageIOps;
+            updateData[0].AuthenticationMetadata = this.AuthenticationMetadata ?? updateData[0].AuthenticationMetadata;
 
             return updateData;
         }

src/Sql/Sql/ManagedInstance/Cmdlet/NewAzureSqlManagedInstance.cs

@@ -206,5 +206,11 @@ public class AzureSqlManagedInstanceModel
         /// Possible values include: 'Enabled', 'Disabled'
         /// </summary>
         public string ExternalGovernanceStatus { get; set; }
+
+        /// <summary>
+        /// Gets or sets the authentication metadata mode of the managed instance.
+        /// Possible values include: &#39;AzureAD&#39;, &#39;Paired&#39;, &#39;Windows&#39;
+        /// </summary>
+        public string AuthenticationMetadata { get; set; }
     }
 }

src/Sql/Sql/ManagedInstance/Cmdlet/SetAzureSqlManagedInstance.cs

@@ -177,7 +177,8 @@ public AzureSqlManagedInstanceModel UpsertManagedInstance(AzureSqlManagedInstanc
                 DatabaseFormat = model.DatabaseFormat,
                 PricingModel = model.PricingModel,
                 IsGeneralPurposeV2 = model.IsGeneralPurposeV2,
-                StorageIOps = model.StorageIOps
+                StorageIOps = model.StorageIOps,
+                AuthenticationMetadata = model.AuthenticationMetadata
             });
 
             return CreateManagedInstanceModelFromResponse(resp);
@@ -299,6 +300,7 @@ private static AzureSqlManagedInstanceModel CreateManagedInstanceModelFromRespon
             managedInstance.DatabaseFormat = resp.DatabaseFormat;
             managedInstance.PricingModel = resp.PricingModel;
             managedInstance.ExternalGovernanceStatus = resp.ExternalGovernanceStatus;
+            managedInstance.AuthenticationMetadata = resp.AuthenticationMetadata;
 
             return managedInstance;
         }

src/Sql/Sql/ManagedInstance/Model/AzureSqlManagedInstanceModel.cs

@@ -24,8 +24,8 @@ New-AzSqlInstance [-Name] <String> [-ResourceGroupName] <String> [-Administrator
  [-UserAssignedIdentityId <System.Collections.Generic.List`1[System.String]>] [-IdentityType <String>] [-AsJob]
  [-Force] [-EnableActiveDirectoryOnlyAuthentication] [-ExternalAdminName <String>] [-ExternalAdminSID <Guid>]
  [-ZoneRedundant] [-ServicePrincipalType <String>] [-DatabaseFormat <String>] [-PricingModel <String>]
- [-DefaultProfile <IAzureContextContainer>] [-WhatIf]
- [-Confirm] [<CommonParameters>]
+ [-AuthenticationMetadata <String>] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm]
+ [<CommonParameters>]
 ```
 
 ### NewByInstancePoolParentObjectParameterSet
@@ -38,8 +38,8 @@ New-AzSqlInstance [-InstancePool] <AzureSqlInstancePoolModel> [-Name] <String>
  [-UserAssignedIdentityId <System.Collections.Generic.List`1[System.String]>] [-IdentityType <String>] [-AsJob]
  [-Force] [-EnableActiveDirectoryOnlyAuthentication] [-ExternalAdminName <String>] [-ExternalAdminSID <Guid>]
  [-ZoneRedundant] [-ServicePrincipalType <String>] [-DatabaseFormat <String>] [-PricingModel <String>]
- [-DefaultProfile <IAzureContextContainer>] [-WhatIf]
- [-Confirm] [<CommonParameters>]
+ [-AuthenticationMetadata <String>] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm]
+ [<CommonParameters>]
 ```
 
 ### NewByInstancePoolResourceIdParameterSet
@@ -52,8 +52,8 @@ New-AzSqlInstance [-InstancePoolResourceId] <String> [-Name] <String> [-Administ
  [-UserAssignedIdentityId <System.Collections.Generic.List`1[System.String]>] [-IdentityType <String>] [-AsJob]
  [-Force] [-EnableActiveDirectoryOnlyAuthentication] [-ExternalAdminName <String>] [-ExternalAdminSID <Guid>]
  [-ZoneRedundant] [-ServicePrincipalType <String>] [-DatabaseFormat <String>] [-PricingModel <String>]
- [-DefaultProfile <IAzureContextContainer>] [-WhatIf]
- [-Confirm] [<CommonParameters>]
+ [-AuthenticationMetadata <String>] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm]
+ [<CommonParameters>]
 ```
 
 ### NewBySkuNameParameterSetParameter
@@ -67,8 +67,8 @@ New-AzSqlInstance [-Name] <String> [-ResourceGroupName] <String> [-Administrator
  [-UserAssignedIdentityId <System.Collections.Generic.List`1[System.String]>] [-IdentityType <String>] [-AsJob]
  [-Force] [-EnableActiveDirectoryOnlyAuthentication] [-ExternalAdminName <String>] [-ExternalAdminSID <Guid>]
  [-ZoneRedundant] [-ServicePrincipalType <String>] [-DatabaseFormat <String>] [-PricingModel <String>]
- [-DefaultProfile <IAzureContextContainer>] [-WhatIf]
- [-Confirm] [<CommonParameters>]
+ [-AuthenticationMetadata <String>] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm]
+ [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -360,7 +360,7 @@ TenantId                  : f553829b-6d84-481b-86a9-42db57c1dc73
 AzureADOnlyAuthentication : True
 ```
 
-This command creates a new zone - redundant instance
+This command creates a new instance with external administrator properties and Microsoft Entra-only authentication enabled.
 
 ### Example 10: Create a new zone - redundant instance
 ```powershell
@@ -389,7 +389,7 @@ InstancePoolName         :
 ZoneRedundant            : true
 ```
 
-This command creates a new instance with external administrator properties and Microsoft Entra-only authentication enabled.
+This command creates a new zone - redundant instance.
 
 ### Example 11: Create a new instance with TDE CMK
 ```powershell
@@ -448,7 +448,53 @@ DatabaseFormat           : AlwaysUpToDate
 PricingModel             : Regular
 ```
 
-This command creates a new instance with external administrator properties and Microsoft Entra-only authentication enabled.
+This command creates a new instance with database format and pricing model specified.
+
+### Example 10: Create a new managed instance which uses Windows authentication metadata mode
+```powershell
+New-AzSqlInstance -Name managedInstance1 -ResourceGroupName ResourceGroup01 -Location westcentralus -AdministratorCredential (Get-Credential) -SubnetId "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/resourcegroup01/providers/Microsoft.Network/virtualNetworks/vnet_name/subnets/subnet_name" -LicenseType LicenseIncluded -StorageSizeInGB 1024 -VCore 16 -SkuName GP_Gen5 -AuthenticationMetadata Windows
+```
+
+```output
+Location                         : westcentralus
+Id                               : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/resourcegroup01/providers/Microsoft.Sql/managedInstances/managedInstance1
+ResourceGroupName                : resourcegroup01
+ManagedInstanceName              : managedInstance1
+Tags                             :
+Identity                         :
+Sku                              : Microsoft.Azure.Management.Internal.Resources.Models.Sku
+FullyQualifiedDomainName         : managedInstance1.xxxxxxxxxxxx.database.windows.net
+AdministratorLogin               : adminLogin1
+AdministratorPassword            :
+SubnetId                         : subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/resourcegroup01/providers/Microsoft.Network/virtualNetworks/vnet_name/subnets/subnet_name
+LicenseType                      : LicenseIncluded
+VCores                           : 16
+StorageSizeInGB                  : 1024
+Collation                        : SQL_Latin1_General_CP1_CI_AS
+PublicDataEndpointEnabled        : False
+ProxyOverride                    : Default
+TimezoneId                       : UTC
+DnsZonePartner                   :
+DnsZone                          : ad35cna0mw
+InstancePoolName                 :
+MinimalTlsVersion                : None
+BackupStorageRedundancy          : Geo
+RequestedBackupStorageRedundancy : Geo
+CurrentBackupStorageRedundancy   : Geo
+MaintenanceConfigurationId       : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/providers/Microsoft.Maintenance/
+                                   publicMaintenanceConfigurations/SQL_Default
+Administrators                   :
+PrimaryUserAssignedIdentityId    :
+KeyId                            :
+ZoneRedundant                    : False
+ServicePrincipal                 :
+DatabaseFormat                   : SQLServer2022
+PricingModel                     : Regular
+ExternalGovernanceStatus         : Disabled
+AuthenticationMetadata           : Windows
+```
+
+This command creates a new managed instance which uses Windows metadata for authentication of synced users.
 
 ## PARAMETERS
 
@@ -497,6 +543,22 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -AuthenticationMetadata
+Preferred metadata to use for authentication of synced on-prem users. Default is AzureAD.
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+Accepted values: AzureAD, Paired, Windows
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -BackupStorageRedundancy
 The Backup storage redundancy used to store backups for the Sql Azure Managed Instance. Options are: Local, Zone and Geo
 
@@ -1105,5 +1167,3 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable
 ## NOTES
 
 ## RELATED LINKS
-
-## RELATED LINKS