Locoxella · December 22, 2021 19:58
diff --git a/private-sql-hosts.sh b/private-sql-hosts.sh
 #!/usr/bin/env bash

 # Use azure cli to check if the given SQL is private and add its private IP and host to hosts file

 # Use the command below to download and run this script directly from this gist:
 #   $ curl -sL <raw gist url> | bash -s /subscriptions/<subscription>/resourceGroups/<resource group>/providers/Microsoft.Sql/servers/<SQL name>
 # Use sudo to run it as superuser and let the script edit /etc/hosts file directly:
 #   $ curl -sL <raw gist url> | sudo bash -s /subscriptions/<subscription>/resourceGroups/<resource group>/providers/Microsoft.Sql/servers/<SQL name>
 # The <raw gist url> is the url provided by the GitHub Gist raw button.
 # Once you checked the code, its safe to run it with sudo since the script cannot be modified for that version's raw gist url

 # Check if the required commands are available
 for command in az jq grep sed; do
    if ! command -v $command &>/dev/null; then
        printf "$command command could not be found!\n"
        missingCommands="true"
    fi
 done
 if [ "$missingCommands" = "true" ]; then
    exit 1
 fi

 # Trigger interactive local login if not logged in
 az account show &>/dev/null || az login

 # Check if argument provided seems to be a vaild sql resource id
 echo $1 | grep -oPq '^\/subscriptions\/.*\/resourceGroups\/.*\/providers\/Microsoft.Sql\/servers\/.*$'
 if [ $? -ne 0 ]; then
    printf "Please provide as a single argument a valid SQL server resource id.\n"
    printf "\nFormat: /subscriptions/[subscription ID]/resourceGroups/[resource group]/providers/Microsoft.Sql/servers/[sql name]\n"
    exit 2
 fi

 # Query SQL
 subscription=$(echo $1 | grep -oP '(?<=\/subscriptions\/).*?(?=\/)')
 resourceGroup=$(echo $1 | grep -oP '(?<=\/resourceGroups\/).*?(?=\/)')
 name=$(echo $1 | grep -oP '(?<=\/providers\/Microsoft.Sql\/servers\/).*')
 sql=$(az sql server show --name $name --resource-group $resourceGroup --subscription $subscription --output json)
 if [ $? -ne 0 ]; then
    printf "\nSeems that SQL $1 does not exists or cannot be reached.\n"
    exit 3
 fi

 # Check if SQL is private and not public accesible
 # This checks the first private link conection ONLY
 privateLinkUp=$(echo $sql | jq --raw-output '.privateEndpointConnections[0].properties.provisioningState')
 if [ $privateLinkUp != "Ready" ]; then
    printf "The provided SQL DOES NOT has its first private endpoint link ready\n$(echo $sql | jq --raw-output .privateEndpointConnections.0.id)"
    exit 4
 fi
 isPublic=$(echo $sql | jq --raw-output .publicNetworkAccess)
 if [ $isPublic != "Disabled" ]; then
    printf "WARNING: The provided SQL IS public accesible, therefore accesing it through private IP might not be neccesary\n"
 fi

 # Save required SQL info
 privateFqdn=$(echo $sql | jq --raw-output .fullyQualifiedDomainName)
 record=$(echo -n $privateFqdn | grep -oP '^[^\.]*')
 zone="privatelink.$(echo -n $privateFqdn | grep -oP '(?<=\.).*')"
 echo "az network private-dns record-set a show --zone-name $zone --name $record --resource-group $resourceGroup --subscription $subscription --query 'aRecords[*].ipv4Address' --output tsv"
 ipv4=$(az network private-dns record-set a show --zone-name $zone --name $record --resource-group $resourceGroup --subscription $subscription --query 'aRecords[*].ipv4Address' --output tsv)

 # Modify /etc/hosts to add or edit private SQL hosts
 # Return custom line if hosts file is not writable
 file='/etc/hosts'
 fileline="$ipv4     $privateFqdn"
 if [ ! -w "$file" ]; then
    printf "\nTo access this private SQL cluster through VPN add this to your hosts file ($file):\n"
    printf "\n$fileline\n"
    printf "\nRun this script as root allow it to modify $file for you.\n"
 else
    grep -q $privateFqdn $file
    if [ $? -eq 0 ]; then
        sed -i "/$privateFqdn/c\\$fileline" $file
    else
        echo "$fileline" >>$file
    fi
    printf "Succesfully added to $file:\n"
    printf "\n$fileline\n"
 fi
	#!/usr/bin/env bash

	# Use azure cli to check if the given SQL is private and add its private IP and host to hosts file

	# Use the command below to download and run this script directly from this gist:
	# $ curl -sL <raw gist url> \| bash -s /subscriptions/<subscription>/resourceGroups/<resource group>/providers/Microsoft.Sql/servers/<SQL name>
	# Use sudo to run it as superuser and let the script edit /etc/hosts file directly:
	# $ curl -sL <raw gist url> \| sudo bash -s /subscriptions/<subscription>/resourceGroups/<resource group>/providers/Microsoft.Sql/servers/<SQL name>
	# The <raw gist url> is the url provided by the GitHub Gist raw button.
	# Once you checked the code, its safe to run it with sudo since the script cannot be modified for that version's raw gist url

	# Check if the required commands are available
	for command in az jq grep sed; do
	if ! command -v $command &>/dev/null; then
	printf "$command command could not be found!\n"
	missingCommands="true"
	fi
	done
	if [ "$missingCommands" = "true" ]; then
	exit 1
	fi

	# Trigger interactive local login if not logged in
	az account show &>/dev/null \|\| az login

	# Check if argument provided seems to be a vaild sql resource id
	echo $1 \| grep -oPq '^\/subscriptions\/.\/resourceGroups\/.\/providers\/Microsoft.Sql\/servers\/.*$'
	if [ $? -ne 0 ]; then
	printf "Please provide as a single argument a valid SQL server resource id.\n"
	printf "\nFormat: /subscriptions/[subscription ID]/resourceGroups/[resource group]/providers/Microsoft.Sql/servers/[sql name]\n"
	exit 2
	fi

	# Query SQL
	subscription=$(echo $1 \| grep -oP '(?<=\/subscriptions\/).*?(?=\/)')
	resourceGroup=$(echo $1 \| grep -oP '(?<=\/resourceGroups\/).*?(?=\/)')
	name=$(echo $1 \| grep -oP '(?<=\/providers\/Microsoft.Sql\/servers\/).*')
	sql=$(az sql server show --name $name --resource-group $resourceGroup --subscription $subscription --output json)
	if [ $? -ne 0 ]; then
	printf "\nSeems that SQL $1 does not exists or cannot be reached.\n"
	exit 3
	fi

	# Check if SQL is private and not public accesible
	# This checks the first private link conection ONLY
	privateLinkUp=$(echo $sql \| jq --raw-output '.privateEndpointConnections[0].properties.provisioningState')
	if [ $privateLinkUp != "Ready" ]; then
	printf "The provided SQL DOES NOT has its first private endpoint link ready\n$(echo $sql \| jq --raw-output .privateEndpointConnections.0.id)"
	exit 4
	fi
	isPublic=$(echo $sql \| jq --raw-output .publicNetworkAccess)
	if [ $isPublic != "Disabled" ]; then
	printf "WARNING: The provided SQL IS public accesible, therefore accesing it through private IP might not be neccesary\n"
	fi

	# Save required SQL info
	privateFqdn=$(echo $sql \| jq --raw-output .fullyQualifiedDomainName)
	record=$(echo -n $privateFqdn \| grep -oP '^[^\.]*')
	zone="privatelink.$(echo -n $privateFqdn \| grep -oP '(?<=\.).*')"
	echo "az network private-dns record-set a show --zone-name $zone --name $record --resource-group $resourceGroup --subscription $subscription --query 'aRecords[*].ipv4Address' --output tsv"
	ipv4=$(az network private-dns record-set a show --zone-name $zone --name $record --resource-group $resourceGroup --subscription $subscription --query 'aRecords[*].ipv4Address' --output tsv)

	# Modify /etc/hosts to add or edit private SQL hosts
	# Return custom line if hosts file is not writable
	file='/etc/hosts'
	fileline="$ipv4 $privateFqdn"
	if [ ! -w "$file" ]; then
	printf "\nTo access this private SQL cluster through VPN add this to your hosts file ($file):\n"
	printf "\n$fileline\n"
	printf "\nRun this script as root allow it to modify $file for you.\n"
	else
	grep -q $privateFqdn $file
	if [ $? -eq 0 ]; then
	sed -i "/$privateFqdn/c\\$fileline" $file
	else
	echo "$fileline" >>$file
	fi
	printf "Succesfully added to $file:\n"
	printf "\n$fileline\n"
	fi