Merge pull request #275837 from xfz11/svc/passwordless

prmerger-automator[bot] · web-flow · commit 866f256d9ba1 · 2024-05-24T03:30:08.000Z
{Service Connector} update passwordless doc
diff --git a/articles/service-connector/includes/code-postgres-me-id.md b/articles/service-connector/includes/code-postgres-me-id.md
@@ -100,6 +100,7 @@ For more tutorials, see [Use Spring Data JDBC with Azure Database for PostgreSQL
     ```bash
     pip install azure-identity
     pip install psycopg2-binary
+    pip freeze > requirements.txt # Save the dependencies to a file
     ```
 1. Get access token using `azure-identity` library and use the token as password. Get connection information from the environment variables added by Service Connector. When using the code below, uncomment the part of the code snippet for the authentication type you want to use.
     
diff --git a/articles/service-connector/includes/install-passwordless-extension.md b/articles/service-connector/includes/install-passwordless-extension.md
@@ -6,8 +6,11 @@ ms.date: 05/21/2023
 ms.author: xiaofanzhou
 ---
 
-Install the Service Connector passwordless extension for the Azure CLI:
+Install the latest Service Connector passwordless extension for the Azure CLI:
 
 ```azurecli-interactive
 az extension add --name serviceconnector-passwordless --upgrade
 ```
+
+> [!NOTE]
+> Please check the extension "serviceconnector-passwordless" version is "2.0.2" or higher by running `az version`. You may need to upgrade Azure CLI first to upgrade the extension version.
diff --git a/articles/service-connector/includes/passwordless-tutorial-snippet.md b/articles/service-connector/includes/passwordless-tutorial-snippet.md
@@ -25,7 +25,7 @@ If you use:
 
 ::: zone pivot="postgresql"
 
-The following Azure CLI command uses a `--client-type` parameter. Run the `az webapp connection create postgres-flexible -h` to get the supported client types, and choose the one that matches your application.
+The following Azure CLI command uses a `--client-type` parameter, it can be java, dotnet, python, etc. Run the `az webapp connection create postgres-flexible -h` to get the supported client types, and choose the one that matches your application.
 
 ### [User-assigned managed identity](#tab/user)
 
@@ -37,7 +37,7 @@ az webapp connection create postgres-flexible \
     --server $POSTGRESQL_HOST \
     --database $DATABASE_NAME \
     --user-identity client-id=XX subs-id=XX \
-    --client-type java
+    --client-type $CLIENT_TYPE
 ```
 
 ### [System-assigned managed identity](#tab/system)
@@ -50,7 +50,7 @@ az webapp connection create postgres-flexible \
     --server $POSTGRESQL_HOST \
     --database $DATABASE_NAME \
     --system-identity \
-    --client-type java
+    --client-type $CLIENT_TYPE
 ```
 
 ### [Service principal](#tab/sp)
@@ -63,7 +63,7 @@ az webapp connection create postgres-flexible \
     --server $POSTGRESQL_HOST \
     --database $DATABASE_NAME \
     --service-principal client-id=XX secret=XX\
-    --client-type java
+    --client-type $CLIENT_TYPE
 ```
 
 ::: zone-end
@@ -185,12 +185,39 @@ az webapp connection create sql \
 This Service Connector command completes the following tasks in the background:
 
 * Enable system-assigned managed identity, or assign a user identity for the app `$APPSERVICE_NAME` hosted by Azure App Service/Azure Spring Apps/Azure Container Apps.
+* Enable Microsoft Entra Authentication for the database server if it's not enabled before.
 * Set the Microsoft Entra admin to the current signed-in user.
 * Add a database user for the system-assigned managed identity, user-assigned managed identity, or service principal. Grant all privileges of the database `$DATABASE_NAME` to this user. The username can be found in the connection string in preceding command output.
 * Set configurations named `AZURE_MYSQL_CONNECTIONSTRING`, `AZURE_POSTGRESQL_CONNECTIONSTRING`, or `AZURE_SQL_CONNECTIONSTRING` to the Azure resource based on the database type.
   * For App Service, the configurations are set in the **App Settings** blade.
   * For Spring Apps, the configurations are set when the application is launched.
   * For Container Apps, the configurations are set to the environment variables. You can get all configurations and their values in the **Service Connector** blade in the Azure portal.
+ 
+
+Service Connector will assign the following privileges to the user, you can revoke them and adjust the privileges based on your requirements.
+
+::: zone pivot="postgresql"
+```
+GRANT ALL PRIVILEGES ON DATABASE "$DATABASE_NAME" TO "username"; 
+
+GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO "username"; 
+
+GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO "username"; 
+```
+::: zone-end
+
+::: zone pivot="mysql"
+```
+
+GRANT ALL PRIVILEGES ON $DATABASE_NAME.* TO 'username'@'%'; 
+```
+::: zone-end
+
+::: zone pivot="sql"
+```
+GRANT CONTROL ON DATABASE::"$DATABASE_NAME" TO "username";
+```
+::: zone-end
 
 ## Connect to a database with Microsoft Entra authentication
 
diff --git a/articles/service-connector/tutorial-passwordless.md b/articles/service-connector/tutorial-passwordless.md
@@ -28,7 +28,7 @@ In this tutorial, you use the Azure CLI to complete the following tasks:
 
 ## Prerequisites
 
-* [Azure CLI](/cli/azure/install-azure-cli) version 2.48.1 or higher.
+* [Azure CLI](/cli/azure/install-azure-cli) version 2.61.0 or higher.
 * An Azure account with an active subscription. [Create an Azure account for free](https://azure.microsoft.com/free).
 * An app deployed to [Azure App Service](../app-service/overview.md) in a [region supported by Service Connector](./concept-region-support.md).
 
@@ -47,15 +47,16 @@ Finally, deploy your application to an Azure hosting service. That source servic
 
 ### [App Service](#tab/appservice)
 
-For Azure App Service, you can deploy the application code via the `az webapp deploy` command. For more information, see [Quickstart: Deploy an ASP.NET web app](../app-service/quickstart-dotnetcore.md).
+For Azure App Service, you can check the document to choose a way to deploy, see [Quickstart: Deploy an ASP.NET web app](../app-service/quickstart-dotnetcore.md).
 
 ### [Spring Apps](#tab/springapp)
 
-For Azure Spring Apps, you can deploy the application code via the `az spring app deploy` command. For more information, see [Quickstart: Deploy your first application to Azure Spring Apps](../spring-apps/enterprise/quickstart.md).
+For Azure Spring Apps, you can check the document for more details about building app and deployment, see [Build and deploy the app](/azure/developer/java/spring-framework/deploy-passwordless-spring-database-app?#build-and-deploy-the-app).
+
 
 ### [Container Apps](#tab/containerapp)
 
-For Azure Container Apps, you can deploy the application code via the `az containerapp create` command. For more information, see [Quickstart: Deploy your first container app](../container-apps/get-started.md).
+For Azure Container Apps, you can check the document about how to deploy your app, see [Quickstart: Deploy your first container app](../container-apps/get-started.md).
 
 ---
 
