Azure · evelyn-ys · Jan 9, 2024 · Jan 8, 2024 · Jan 8, 2024 · Jan 8, 2024
@@ -394,6 +394,18 @@ def cf_postgres_flexible_private_dns_zone_suffix_operations(cli_ctx, _):
     return get_postgresql_flexible_management_client(cli_ctx).get_private_dns_zone_suffix
 
 
+def cf_postgres_flexible_private_endpoint_connections(cli_ctx, _):
+    return get_postgresql_flexible_management_client(cli_ctx).private_endpoint_connections
+
+
+def cf_postgres_flexible_private_endpoint_connection(cli_ctx, _):
+    return get_postgresql_flexible_management_client(cli_ctx).private_endpoint_connection
+
+
+def cf_postgres_flexible_private_link_resources(cli_ctx, _):
+    return get_postgresql_flexible_management_client(cli_ctx).private_link_resources
+
+
 def resource_client_factory(cli_ctx, subscription_id=None):
     return get_mgmt_service_client(cli_ctx, ResourceType.MGMT_RESOURCE_RESOURCES, subscription_id=subscription_id)
 

@@ -968,3 +968,81 @@
   - name: List log files for 'testsvr' containing name 'serverlogs'.
     text: az postgres flexible-server server-logs list -g testgroup -s testsvr --subscription testSubscription --filename-contains serverlogs
 """
+
+helps['postgres flexible-server private-endpoint-connection'] = """
+type: group
+short-summary: Manage PostgreSQL flexible server private endpoint connections.
+"""
+
+helps['postgres flexible-server private-endpoint-connection list'] = """
+type: command
+short-summary: List all private endpoint connections associated with a PostgreSQL flexible server.
+examples:
+  - name: List all private endpoint connections associated with a PostgreSQL flexible server.
+    text: az postgres flexible-server private-endpoint-connection list -g testgroup -s testsvr
+"""
+
+helps['postgres flexible-server private-endpoint-connection show'] = """
+type: command
+short-summary: Show details of a private endpoint connection associated with a PostgreSQL flexible server.
+examples:
+  - name: Show details of a private endpoint connection associated with a PostgreSQL flexible server.
+    text: az postgres flexible-server private-endpoint-connection show -g testgroup -s testsvr -n pec-connection.40e3d3a8-7d8f-41eb-8462-1cd05bc3e33b
+"""
+
+helps['postgres flexible-server private-endpoint-connection approve'] = """
+type: command
+short-summary: Approve the specified private endpoint connection associated with a PostgreSQL flexible server.
+examples:
+  - name: Approve a private endpoint connection associated with a PostgreSQL flexible server.
+    text: >
+      az postgres flexible-server private-endpoint-connection approve -g testgroup -s testsvr \
+        -n pec-connection.40e3d3a8-7d8f-41eb-8462-1cd05bc3e33b \
+        --description "Approve connection"
+"""
+
+helps['postgres flexible-server private-endpoint-connection reject'] = """
+type: command
+short-summary: Reject the specified private endpoint connection associated with a PostgreSQL flexible server.
+examples:
+  - name: Reject a private endpoint connection associated with a PostgreSQL flexible server.
+    text: >
+      az postgres flexible-server private-endpoint-connection reject -g testgroup -s testsvr \
+        -n pec-connection.40e3d3a8-7d8f-41eb-8462-1cd05bc3e33b \
+        --description "Reject connection"
+"""
+
+helps['postgres flexible-server private-endpoint-connection delete'] = """
+type: command
+short-summary: Delete the specified private endpoint connection associated with a PostgreSQL flexible server.
+examples:
+  - name: Delete a private endpoint connection associated with a PostgreSQL flexible server.
+    text: >
+      az postgres flexible-server private-endpoint-connection delete -g testgroup -s testsvr \
+        --id /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testgroup/providers/Microsoft.DBforPostgreSQL/flexibleServers/testsvr/privateEndpointConnections/pec-connection.40e3d3a8-7d8f-41eb-8462-1cd05bc3e33b
+"""
+
+helps['postgres flexible-server private-link-resource'] = """
+type: group
+short-summary: Get Private link resource for a PostgreSQL flexible server.
+"""
+
+helps['postgres flexible-server private-link-resource list'] = """
+type: command
+short-summary: List private link resources associated with a PostgreSQL flexible server.
+examples:
+  - name: List private link resources associated with a PostgreSQL flexible server.
+    text: az postgres flexible-server private-link-resource list -g testgroup -s testsvr
+"""
+
+helps['postgres flexible-server private-link-resource show'] = """
+type: command
+short-summary: Get private link  resource for a PostgreSQL flexible server.
+examples:
+  - name: Get the private link  resource for a flexible server.
+    text: az postgres flexible-server private-link-resource show --resource-group testGroup --server-name testserver
+  - name: Get the private link  resource for a flexible server in a different subscription.
+    text: az postgres flexible-server private-link-resource show --subscription testSubscription --resource-group testGroup --server-name testserver
+  - name: Get the private link resource for a flexible server using --ids parameter.
+    text: az postgres flexible-server private-link-resource show --ids /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/testGroup/providers/Microsoft.DBforPostgreSQL/flexibleServers/testServer
+"""
@@ -932,6 +932,28 @@ def _flexible_server_params(command_group):
             c.argument('file_last_written', type=int, help='Integer in hours to indicate file last modify time.', default=72)
             c.argument('max_file_size', type=int, help='The file size limitation to filter files.')
 
+        for scope in ['list', 'show', 'delete', 'approve', 'reject']:
+            with self.argument_context('{} flexible-server private-endpoint-connection {}'.format(command_group, scope)) as c:
+                c.argument('resource_group_name', arg_type=resource_group_name_type)
+                if scope == "list":
+                    c.argument('server_name', options_list=['--server-name', '-s'], id_part='name', arg_type=server_name_arg_type, required=False)
+                else:
+                    c.argument('server_name', options_list=['--server-name', '-s'], id_part='name', arg_type=server_name_arg_type, required=False,
+                               help='Name of the Server. Required if --id is not specified')
+                    c.argument('private_endpoint_connection_name', options_list=['--name', '-n'], required=False,
+                               help='The name of the private endpoint connection associated with the Server. '
+                               'Required if --id is not specified')
+                    c.extra('connection_id', options_list=['--id'], required=False,
+                            help='The ID of the private endpoint connection associated with the Server. '
+                            'If specified --server-name/-s and --name/-n, this should be omitted.')
+                if scope == "approve" or scope == "reject":
+                    c.argument('description', help='Comments for {} operation.'.format(scope), required=True)
+
+        for scope in ['list', 'show']:
+            with self.argument_context('{} flexible-server private-link-resource {}'.format(command_group, scope)) as c:
+                c.argument('resource_group_name', arg_type=resource_group_name_type)
+                c.argument('server_name', options_list=['--server-name', '-s'], id_part='name', arg_type=server_name_arg_type, required=False)
+
         # GTID
         if command_group == 'mysql':
             with self.argument_context('{} flexible-server gtid reset'.format(command_group)) as c:

@@ -3,6 +3,7 @@
 # Licensed under the MIT License. See License.txt in the project root for license information.
 # --------------------------------------------------------------------------------------------
 
+from azure.cli.command_modules.rdbms.validators import validate_private_endpoint_connection_id
 from azure.cli.core.commands import CliCommandType
 
 from azure.cli.command_modules.rdbms._client_factory import (
@@ -15,6 +16,9 @@
     cf_postgres_flexible_replica,
     cf_postgres_flexible_adadmin,
     cf_postgres_flexible_migrations,
+    cf_postgres_flexible_private_endpoint_connection,
+    cf_postgres_flexible_private_endpoint_connections,
+    cf_postgres_flexible_private_link_resources,
     cf_postgres_flexible_virtual_endpoints,
     cf_postgres_flexible_server_threat_protection_settings,
     cf_postgres_flexible_server_log_files)
@@ -94,6 +98,21 @@ def load_flexibleserver_command_table(self, _):
         client_factory=cf_postgres_flexible_server_log_files
     )
 
+    postgres_flexible_server_private_endpoint_connection_sdk = CliCommandType(
+        operations_tmpl='azure.mgmt.rdbms.postgresql_flexibleservers.operations#PrivateEndpointConnectionOperations.{}',
+        client_factory=cf_postgres_flexible_private_endpoint_connection
+    )
+
+    postgres_flexible_server_private_endpoint_connections_sdk = CliCommandType(
+        operations_tmpl='azure.mgmt.rdbms.postgresql_flexibleservers.operations#PrivateEndpointConnectionsOperations.{}',
+        client_factory=cf_postgres_flexible_private_endpoint_connections
+    )
+
+    postgres_flexible_server_private_link_resources_sdk = CliCommandType(
+        operations_tmpl='azure.mgmt.rdbms.postgresql_flexibleservers.operations#PrivateLinkResourcesOperations.{}',
+        client_factory=cf_postgres_flexible_private_link_resources
+    )
+
     # MERU COMMANDS
     flexible_server_custom_common = CliCommandType(
         operations_tmpl='azure.cli.command_modules.rdbms.flexible_server_custom_common#{}')
@@ -224,3 +243,22 @@ def load_flexibleserver_command_table(self, _):
                             client_factory=cf_postgres_flexible_server_log_files) as g:
         g.custom_command('list', 'flexible_server_list_log_files_with_filter', custom_command_type=flexible_servers_custom_postgres)
         g.custom_command('download', 'flexible_server_download_log_files', custom_command_type=flexible_servers_custom_postgres)
+
+    with self.command_group('postgres flexible-server private-endpoint-connection', postgres_flexible_server_private_endpoint_connections_sdk) as g:
+        g.command('list', 'list_by_server')
+        g.show_command('show', 'get', validator=validate_private_endpoint_connection_id)
+
+    with self.command_group('postgres flexible-server private-endpoint-connection', postgres_flexible_server_private_endpoint_connection_sdk,
+                            custom_command_type=flexible_servers_custom_postgres,
+                            client_factory=cf_postgres_flexible_private_endpoint_connection) as g:
+        g.command('delete', 'begin_delete', validator=validate_private_endpoint_connection_id)
+        g.custom_command('approve', 'flexible_server_approve_private_endpoint_connection', custom_command_type=flexible_servers_custom_postgres,
+                         validator=validate_private_endpoint_connection_id)
+        g.custom_command('reject', 'flexible_server_reject_private_endpoint_connection', custom_command_type=flexible_servers_custom_postgres,
+                         validator=validate_private_endpoint_connection_id)
+
+    with self.command_group('postgres flexible-server private-link-resource', postgres_flexible_server_private_link_resources_sdk,
+                            custom_command_type=flexible_servers_custom_postgres,
+                            client_factory=cf_postgres_flexible_private_link_resources) as g:
+        g.command('list', 'list_by_server')
+        g.custom_show_command('show', 'flexible_server_private_link_resource_get', custom_command_type=flexible_servers_custom_postgres)
@@ -24,7 +24,8 @@
 from ._client_factory import cf_postgres_flexible_firewall_rules, get_postgresql_flexible_management_client, \
     cf_postgres_flexible_db, cf_postgres_check_resource_availability, cf_postgres_flexible_servers, \
     cf_postgres_check_resource_availability_with_location, \
-    cf_postgres_flexible_private_dns_zone_suffix_operations
+    cf_postgres_flexible_private_dns_zone_suffix_operations, \
+    cf_postgres_flexible_private_endpoint_connections
 from ._flexible_server_util import generate_missing_parameters, resolve_poller, \
     generate_password, parse_maintenance_window, get_current_time, build_identity_and_data_encryption, \
     _is_resource_name, get_tenant_id, get_case_insensitive_key_value, get_enum_value_true_false
@@ -1231,6 +1232,59 @@ def virtual_endpoint_update_func(client, resource_group_name, server_name, virtu
         parameters)
 
 
+def flexible_server_approve_private_endpoint_connection(cmd, client, resource_group_name, server_name, private_endpoint_connection_name,
+                                                        description=None):
+    """Approve a private endpoint connection request for a server."""
+
+    return _update_private_endpoint_connection_status(
+        cmd, client, resource_group_name, server_name, private_endpoint_connection_name, is_approved=True,
+        description=description)
+
+
+def flexible_server_reject_private_endpoint_connection(cmd, client, resource_group_name, server_name, private_endpoint_connection_name,
+                                                       description=None):
+    """Reject a private endpoint connection request for a server."""
+
+    return _update_private_endpoint_connection_status(
+        cmd, client, resource_group_name, server_name, private_endpoint_connection_name, is_approved=False,
+        description=description)
+
+
+def flexible_server_private_link_resource_get(
+        client,
+        resource_group_name,
+        server_name):
+    '''
+    Gets a private link resource for a PostgreSQL flexible server.
+    '''
+
+    return client.get(
+        resource_group_name=resource_group_name,
+        server_name=server_name,
+        group_name="postgresqlServer")
+
+
+def _update_private_endpoint_connection_status(cmd, client, resource_group_name, server_name,
+                                               private_endpoint_connection_name, is_approved=True, description=None):  # pylint: disable=unused-argument
+    private_endpoint_connections_client = cf_postgres_flexible_private_endpoint_connections(cmd.cli_ctx, None)
+    private_endpoint_connection = private_endpoint_connections_client.get(resource_group_name=resource_group_name,
+                                                                          server_name=server_name,
+                                                                          private_endpoint_connection_name=private_endpoint_connection_name)
+    new_status = 'Approved' if is_approved else 'Rejected'
+
+    private_link_service_connection_state = {
+        'status': new_status,
+        'description': description
+    }
+
+    private_endpoint_connection.private_link_service_connection_state = private_link_service_connection_state
+
+    return client.begin_update(resource_group_name=resource_group_name,
+                               server_name=server_name,
+                               private_endpoint_connection_name=private_endpoint_connection_name,
+                               parameters=private_endpoint_connection)
+
+
 def _create_postgresql_connection_strings(host, user, password, database, port):
 
     result = {