-
Notifications
You must be signed in to change notification settings - Fork 4k
[Doc]: New-AzSqlDatabaseExport Doesn't Contain Guidance for Managed Identity #27631
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
Found this on your documentation: https://learn.microsoft.com/en-us/azure/azure-sql/database/database-export?view=azuresql#:~:text=Import%5CExport%20services%20only%20support%20SQL%20authentication%20and%20Microsoft%20Entra%20ID.%20Import%5CExport%20is%20not%20compatible%20with%20Microsoft%20Identity%20application%20registration. If managed identity is not possible, can you please clear up your docs to not mention it? |
That PR #26884 added ManagedIdentity as allowed Enum values. Does anyone know why if they can't be used? The Azure REST API docs for the endpoint this calls have a specific error which makes me hopeful this could actually work:
https://learn.microsoft.com/en-us/rest/api/sql/databases/export?view=rest-sql-2023-08-01&tabs=HTTP |
It does work! What a headache - there's zero documentation around this... It wants a user-assigned MI which is assigned to the SQL server, like this with Bicep:
The MI also needs to be an Entra admin for the server. Grant the MI a Storage Blob Data Contributor role on the storage account, and add a login for it in SQL server:
Then the powershell wants
How are we meant to guess you should pass a resource ID into StorageKey and AdministratorLogin? I may have spoken too soon, but I can see it's created an entry under Data Management -> Import/Export history in the Azure portal for the Azure SQL instance. It can take a while according to https://learn.microsoft.com/en-us/azure/azure-sql/database/database-import-export-hang?view=azuresql - I'll update this comment if that doesn't work. |
@matthetherington your analysis is correct. We are really sorry for the inconvenience caused to everyone. This is a new feature and we are already working on removing the password requirement for SQL login as well as update public documentation with description on how to use Managed identity with import export. |
No worries @debalinaroy - I'm just happy it's working! If I can find the time, I'll PR a change to the docs. I think it would make sense to also change the parameter names, it's quite confusing that parameters named Also, the command still validates that a SQL admin password is provided, despite it being unused. For posterity, both the storage account and SQL server I am interacting with have public access off. I had to make the user-assigned MI an administrator of the SQL server, and the final command I'm using is:
As per the docs, I then had to approve the private endpoint connections in the Azure Portal, after which the copy was successful. |
Type of issue
Missing information
Feedback
Hello,
I have been trying to use the updated New-AzSqlDatabaseExport cmdlet with Managed Identity, but I keep running into:
| Cannot process command because of one or more missing mandatory | parameters: AdministratorLogin AdministratorLoginPassword.
What should these fields be for utilizing ManagedIdentity for the Database Export capability?
Looks like this is the PR that introduced the verbiage about managed identity: #26884
Thank you
Page URL
No response
Content source URL
No response
Author
No response
Document Id
No response
Platform Id
No response
The text was updated successfully, but these errors were encountered: