CODEWITHSUNDEEP
azureazure-cosmosdb
Inako
Inako

Reputation: 399

Disable local authentication methods for Cosmos DB database accounts using Azure CLI

I am trying to create a cosmos DB account using Azure CLI. One of required policies I have to comply with is "Cosmos DB database accounts should have local authentication methods disabled". In the following document I see how to set it using Azure Resource Manager templates . See below

"resources": [
    {
        "type": " Microsoft.DocumentDB/databaseAccounts",
        "properties": {
            "disableLocalAuth": true,
            // ...
        },
        // ...
    },
    // ...
 ]

Now my question is how to do the same using AZ CLI?

The command I am using is => az cosmosdb create ...

I don't see any flag that will allow the similar setting in AZ CLI.

Upvotes: 5

Views: 14743

Answers (5)

Dravidian
Dravidian

Reputation: 339

FWIW, this can be done by below commands through Azure Cli.

// Get the cosmos db azure resource using your resourceGroupName and accountName
$resource = Get-AzResource -ResourceType Microsoft.DocumentDB/databaseAccounts -ResourceGroupName $resourceGroupName -ResourceName $accountName

// Update property
$resource.Properties.disableLocalAuth = "True"
$resource | Set-AzResource -Force

Upvotes: 0

Thomas
Thomas

Reputation: 29562

It's not supported through the az cosmosdb commands but you could use the az resource update command to update this property:

$cosmosdbname = "<cosmos-db-account-name>"
$resourcegroup = "<resource-group-name>"
$cosmosdb = az cosmosdb show --name $cosmosdbname --resource-group $resourcegroup | ConvertFrom-Json

az resource update --ids $cosmosdb.id --set properties.disableLocalAuth=true --latest-include-preview

Upvotes: 17

Antonio
Antonio

Reputation: 31

You can always use Azure REST API invocation to apply any change in the CosmosDB account, see here

https://learn.microsoft.com/en-us/rest/api/cosmos-db-resource-provider/2021-10-15/database-accounts/create-or-update

I've used Postman for that, btw I post a CURL example here by which I was able to modify a couple of properties (you need to get an oauth2 token before):

curl --location --request PUT 'https://management.azure.com/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.DocumentDB/databaseAccounts/<database-account-name>?api-version=2021-10-15' \
--header 'Authorization: Bearer <oauth2-token>' \
--header 'Content-Type: application/json' \
--data-raw '{
    "location": "North Europe",
    "properties": {
        "databaseAccountOfferType": "Standard",
        "disableLocalAuth": true,
        "disableKeyBasedMetadataWriteAccess":true,
        "locations": [
            {
                "isVirtualNetworkFilterEnabled": false,
                "locationName": "North Europe",
                "failoverPriority": 0,
                "isZoneRedundant": false
            }
        ]
    }
}'

Upvotes: 2

Mark Brown
Mark Brown

Reputation: 8763

As of January 2022 this is only supported via ARM Templates but support for PS and CLI is planned. No ETA to share at this time.

Upvotes: 2

Sajeetharan
Sajeetharan

Reputation: 222592

No , this is not supported through the Azure CLI when you are creating Azure Cosmos DB account via az cosmosdb create

Upvotes: 0

Related Questions