5

I am trying to create a cosmos DB account using Azure CLI. One of required policies I have to comply with is "Cosmos DB database accounts should have local authentication methods disabled". In the following document I see how to set it using Azure Resource Manager templates . See below

"resources": [
    {
        "type": " Microsoft.DocumentDB/databaseAccounts",
        "properties": {
            "disableLocalAuth": true,
            // ...
        },
        // ...
    },
    // ...
 ]

Now my question is how to do the same using AZ CLI?

The command I am using is => az cosmosdb create ...

I don't see any flag that will allow the similar setting in AZ CLI.

Improve this question

5 Answers 5

Reset to default
19

It's not supported through the az cosmosdb commands but you could use the az resource update command to update this property:

$cosmosdbname = "<cosmos-db-account-name>"
$resourcegroup = "<resource-group-name>"
$cosmosdb = az cosmosdb show --name $cosmosdbname --resource-group $resourcegroup | ConvertFrom-Json

az resource update --ids $cosmosdb.id --set properties.disableLocalAuth=true --latest-include-preview
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Another way to get resource ID: az cosmosdb show --name $cosmosdbname --resource-group $resourcegroup --query id -o tsv
2

As of January 2022 this is only supported via ARM Templates but support for PS and CLI is planned. No ETA to share at this time.

Improve this answer

Comments

2

You can always use Azure REST API invocation to apply any change in the CosmosDB account, see here

https://learn.microsoft.com/en-us/rest/api/cosmos-db-resource-provider/2021-10-15/database-accounts/create-or-update

I've used Postman for that, btw I post a CURL example here by which I was able to modify a couple of properties (you need to get an oauth2 token before):

curl --location --request PUT 'https://management.azure.com/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.DocumentDB/databaseAccounts/<database-account-name>?api-version=2021-10-15' \
--header 'Authorization: Bearer <oauth2-token>' \
--header 'Content-Type: application/json' \
--data-raw '{
    "location": "North Europe",
    "properties": {
        "databaseAccountOfferType": "Standard",
        "disableLocalAuth": true,
        "disableKeyBasedMetadataWriteAccess":true,
        "locations": [
            {
                "isVirtualNetworkFilterEnabled": false,
                "locationName": "North Europe",
                "failoverPriority": 0,
                "isZoneRedundant": false
            }
        ]
    }
}'
Improve this answer

1 Comment

thank you. I will try it out
0

No , this is not supported through the Azure CLI when you are creating Azure Cosmos DB account via az cosmosdb create

Improve this answer

2 Comments

So it is only possible using ARM templates or setting it manually from portal?
ARM template as of now
0

FWIW, this can be done by below commands through Azure Cli.

// Get the cosmos db azure resource using your resourceGroupName and accountName
$resource = Get-AzResource -ResourceType Microsoft.DocumentDB/databaseAccounts -ResourceGroupName $resourceGroupName -ResourceName $accountName

// Update property
$resource.Properties.disableLocalAuth = "True"
$resource | Set-AzResource -Force
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.