'Disable local authentication methods for Cosmos DB database accounts using Azure CLI

I am trying to create a cosmos DB account using Azure CLI. One of required policies I have to comply with is "Cosmos DB database accounts should have local authentication methods disabled". In the following document I see how to set it using Azure Resource Manager templates . See below

"resources": [
    {
        "type": " Microsoft.DocumentDB/databaseAccounts",
        "properties": {
            "disableLocalAuth": true,
            // ...
        },
        // ...
    },
    // ...
 ]

Now my question is how to do the same using AZ CLI?

The command I am using is => az cosmosdb create ...

I don't see any flag that will allow the similar setting in AZ CLI.

azure-cosmosdb


Solution 1:[1]

As of January 2022 this is only supported via ARM Templates but support for PS and CLI is planned. No ETA to share at this time.

Solution 2:[2]

You can always use Azure REST API invocation to apply any change in the CosmosDB account, see here

https://docs.microsoft.com/en-us/rest/api/cosmos-db-resource-provider/2021-10-15/database-accounts/create-or-update

I've used Postman for that, btw I post a CURL example here by which I was able to modify a couple of properties (you need to get an oauth2 token before):

curl --location --request PUT 'https://management.azure.com/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.DocumentDB/databaseAccounts/<database-account-name>?api-version=2021-10-15' \
--header 'Authorization: Bearer <oauth2-token>' \
--header 'Content-Type: application/json' \
--data-raw '{
    "location": "North Europe",
    "properties": {
        "databaseAccountOfferType": "Standard",
        "disableLocalAuth": true,
        "disableKeyBasedMetadataWriteAccess":true,
        "locations": [
            {
                "isVirtualNetworkFilterEnabled": false,
                "locationName": "North Europe",
                "failoverPriority": 0,
                "isZoneRedundant": false
            }
        ]
    }
}'

Solution 3:[3]

No , this is not supported through the Azure CLI when you are creating Azure Cosmos DB account via az cosmosdb create

Solution 4:[4]

It's not supported through the az cosmosdb commands but you could use the az resource update command to update this property:

$cosmosdbname = "<cosmos-db-account-name>"
$resourcegroup = "<resource-group-name>"
$cosmosdb = az cosmosdb show --name $cosmosdbname --resource-group $resourcegroup | ConvertFrom-Json

az resource update --ids $cosmosdb.id --set properties.disableLocalAuth=true --latest-include-preview

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Mark Brown
Solution 2 Antonio
Solution 3 Sajeetharan
Solution 4 Thomas

Related Questions

Need a direct way of implementing Azure spring data cosmos db query implementation for a nested parameter

How to prevent data factory from running out Cosmos DB RU/s

How to order results of a query by the results of an aggregate function in ComosDb?

Check if parameter is null in CosmosDB query

Get all the Partition Keys in Azure Cosmos DB collection

How atom-record-sequence (ARS) helps CosmosDB to be Multimodel?

Azure cosmosdb reservation

CosmosDB emulator can't start since port is already in use

Azure Cosmos DB - Understanding Partition Key

Azure Stream Analytics CreateOrReplace Transformation Conflict or Bad Request

Provision throughput on Database level using Table API in cosmos db

Entity Framework Core 5 and CosmosDB SQL API - Include extension method does not work

React executing code before the previous function call has finished

azure-cosmos-emulator hangs when I try to create a database

Is it possible to create a new Gremlin Graph DB and Graph using c# code