Loading source
Pulling the file list, source metadata, and syntax-aware rendering for this listing.
Source from repo
Deploy applications and infrastructure to Azure using Copilot-guided workflows and Azure MCP
Files
Skill
Size
Entrypoint
Format
Open file
Syntax-highlighted preview of this file as included in the skill package.
references/recipes/azd/scripts/grant-and-migrate.ps1
1# Grant Azure SQL data-plane access to the managed identity AND apply EF Core migrations.2#3# USAGE: Copy this file to scripts/grant-and-migrate.ps1 in your project root and add4# a postprovision hook in azure.yaml:5#6# hooks:7# postprovision:8# posix:9# shell: sh10# run: ./scripts/grant-and-migrate.sh11# windows:12# shell: pwsh13# run: ./scripts/grant-and-migrate.ps114#15# ENVIRONMENT VARIABLES (sourced from azd env):16# SQL_SERVER - SQL server name (without .database.windows.net)17# SQL_DATABASE - Database name18# AZURE_RESOURCE_GROUP - Resource group name19# SERVICE_WEB_NAME - App Service name (used when set, takes priority)20# SERVICE_API_NAME - API service name (fallback when SERVICE_WEB_NAME is not set)21#22# CONFIGURATION:23# Set $AppProjectPath below to the path of your application project (.csproj directory)24$ErrorActionPreference = 'Stop'26$AppProjectPath = "src/api" # Adjust to your project directory28# Load azd environment variables30azd env get-values | ForEach-Object {31$name, $value = $_.Split('=', 2)32Set-Item "env:$name" $value.Trim('"')33}34# Determine app identity name (App Service uses SERVICE_WEB_NAME, APIs use SERVICE_API_NAME)36$AppName = if ($env:SERVICE_WEB_NAME) { $env:SERVICE_WEB_NAME } else { $env:SERVICE_API_NAME }37if (-not $AppName) {39throw "ERROR: Neither SERVICE_WEB_NAME nor SERVICE_API_NAME is set in azd environment."40}41# ─── Step 1: Grant SQL data-plane access ────────────────────────────────────43Write-Host "Granting SQL data-plane access to managed identity: $AppName"44$SqlQuery = @"46IF NOT EXISTS (SELECT * FROM sys.database_principals WHERE name = '$AppName')47CREATE USER [$AppName] FROM EXTERNAL PROVIDER;48IF NOT EXISTS (50SELECT 1 FROM sys.database_role_members drm51JOIN sys.database_principals r ON drm.role_principal_id = r.principal_id52JOIN sys.database_principals m ON drm.member_principal_id = m.principal_id53WHERE r.name = 'db_datareader' AND m.name = '$AppName'54)55ALTER ROLE db_datareader ADD MEMBER [$AppName];56IF NOT EXISTS (58SELECT 1 FROM sys.database_role_members drm59JOIN sys.database_principals r ON drm.role_principal_id = r.principal_id60JOIN sys.database_principals m ON drm.member_principal_id = m.principal_id61WHERE r.name = 'db_datawriter' AND m.name = '$AppName'62)63ALTER ROLE db_datawriter ADD MEMBER [$AppName];64IF NOT EXISTS (66SELECT 1 FROM sys.database_role_members drm67JOIN sys.database_principals r ON drm.role_principal_id = r.principal_id68JOIN sys.database_principals m ON drm.member_principal_id = m.principal_id69WHERE r.name = 'db_ddladmin' AND m.name = '$AppName'70)71ALTER ROLE db_ddladmin ADD MEMBER [$AppName];72"@73# Ensure the rdbms-connect extension is installed (provides 'az sql db query')75az extension show --name rdbms-connect 1>$null 2>$null76if ($LASTEXITCODE -ne 0) {77az extension add --name rdbms-connect --yes78if ($LASTEXITCODE -ne 0) {79throw "Failed to install Azure CLI extension 'rdbms-connect', which is required for 'az sql db query'."80}81}82az sql db query `84--server $env:SQL_SERVER `85--database $env:SQL_DATABASE `86--resource-group $env:AZURE_RESOURCE_GROUP `87--auth-mode ActiveDirectoryDefault `88--queries $SqlQuery89Write-Host "SQL access granted successfully."91# ─── Step 2: Apply EF Core migrations ───────────────────────────────────────93# Install dotnet-ef only when it is not already installed94$globalTools = dotnet tool list --global 2>$null95if ($LASTEXITCODE -ne 0) {96throw "Failed to list globally installed .NET tools."97}98if (-not ($globalTools | Select-String -Pattern '^\s*dotnet-ef\s')) {99dotnet tool install --global dotnet-ef100if ($LASTEXITCODE -ne 0) {101throw "Failed to install dotnet-ef."102}103}104$env:PATH += ";$env:USERPROFILE\.dotnet\tools"105$ConnectionString = "Server=tcp:$($env:SQL_SERVER).database.windows.net,1433;Database=$($env:SQL_DATABASE);Authentication=Active Directory Default;Encrypt=True;"107Write-Host "Applying EF Core migrations..."109Set-Location $AppProjectPath110dotnet ef database update --connection $ConnectionString111Write-Host "Migrations applied successfully."112