Add support for Login and User management (#21981)

* initial commit

* leave only march release objects

* clean up

* login dialog

* localize and use background operation

* code cleanup

* remove tab

* support server role in login

* remove canEditName

* add user support

* comments and bug fixes

* remove hasDBAccess for now

* refactoring

* fix error

* user dialog UI

* telemetry, error handling and refactoring

* Fix references to dialogInfo (#21914)

* update telemetry

* Bump STS and use actual object management service

* add preview and handle no-change scenario

* fix merge issue

---------

Co-authored-by: Karl Burtram <karlb@microsoft.com>

extensions/mssql/src/mssql.d.ts

@@ -414,8 +414,6 @@ declare module 'mssql' {
 
 	// SqlAssessment interfaces  -----------------------------------------------------------------------
 
-
-
 	export interface ISqlAssessmentService {
 		assessmentInvoke(ownerUri: string, targetType: azdata.sqlAssessment.SqlAssessmentTargetType): Promise<azdata.SqlAssessmentResult>;
 		getAssessmentItems(ownerUri: string, targetType: azdata.sqlAssessment.SqlAssessmentTargetType): Promise<azdata.SqlAssessmentResult>;
@@ -438,4 +436,385 @@ declare module 'mssql' {
 		 */
 		createSas(connectionUri: string, blobContainerUri: string, blobStorageKey: string, storageAccountName: string, expirationDate: string): Promise<CreateSasResponse>;
 	}
+
+	// Object Management - Begin.
+	export namespace ObjectManagement {
+		/**
+		 * Base interface for all the objects.
+		 */
+		export interface SqlObject {
+			/**
+			 * Name of the object.
+			 */
+			name: string;
+		}
+
+		/**
+		 * Base interface for the object view information
+		 */
+		export interface ObjectViewInfo<T extends SqlObject> {
+			/**
+			 * The object information
+			 */
+			objectInfo: T;
+		}
+
+		/**
+		 * Server level login.
+		 */
+		export interface Login extends SqlObject {
+			/**
+			 * Authentication type.
+			 */
+			authenticationType: AuthenticationType;
+			/**
+			 * Password for the login.
+			 * Only applicable when the authentication type is 'Sql'.
+			 */
+			password: string | undefined;
+			/**
+			 * Old password of the login.
+			 * Only applicable when the authentication type is 'Sql'.
+			 * The old password is required when updating the login's own password and it doesn't have the 'ALTER ANY LOGIN' permission.
+			 */
+			oldPassword: string | undefined;
+			/**
+			 * Whether the password complexity policy is enforced.
+			 * Only applicable when the authentication type is 'Sql'.
+			 */
+			enforcePasswordPolicy: boolean | undefined;
+			/**
+			 * Whether the password expiration policy is enforced.
+			 * Only applicable when the authentication type is 'Sql'.
+			 */
+			enforcePasswordExpiration: boolean | undefined;
+			/**
+			 * Whether SQL Server should prompt for an updated password when the next the login is used.
+			 * Only applicable when the authentication type is 'Sql'.
+			 */
+			mustChangePassword: boolean | undefined;
+			/**
+			 * Whether the login is locked out due to password policy violation.
+			 * Only applicable when the authentication type is 'Sql'.
+			 */
+			isLockedOut: boolean;
+			/**
+			 * The default database for the login.
+			 */
+			defaultDatabase: string;
+			/**
+			 * The default language for the login.
+			 */
+			defaultLanguage: string;
+			/**
+			 * The server roles of the login.
+			 */
+			serverRoles: string[];
+			/**
+			 * The database users the login is mapped to.
+			 */
+			userMapping: ServerLoginUserInfo[];
+			/**
+			 * Whether the login is enabled.
+			 */
+			isEnabled: boolean;
+			/**
+			 * Whether the connect permission is granted to the login.
+			 */
+			connectPermission: boolean;
+		}
+
+		/**
+		 * The authentication types.
+		 */
+		export enum AuthenticationType {
+			Windows = 'Windows',
+			Sql = 'Sql',
+			AzureActiveDirectory = 'AAD'
+		}
+
+		/**
+		 * The user mapping information for login.
+		 */
+		export interface ServerLoginUserInfo {
+			/**
+			 * Target database name.
+			 */
+			database: string;
+			/**
+			 * User name.
+			 */
+			user: string;
+			/**
+			 * Default schema of the user.
+			 */
+			defaultSchema: string;
+			/**
+			 * Databases roles of the user.
+			 */
+			databaseRoles: string[];
+		}
+
+		/**
+		 * The information required to render the login view.
+		 */
+		export interface LoginViewInfo extends ObjectViewInfo<Login> {
+			/**
+			 * Whether Windows Authentication is supported.
+			 */
+			supportWindowsAuthentication: boolean;
+			/**
+			 * Whether Azure Active Directory Authentication is supported.
+			 */
+			supportAADAuthentication: boolean;
+			/**
+			 * Whether SQL Authentication is supported.
+			 */
+			supportSQLAuthentication: boolean;
+			/**
+			 * Whether the locked out state can be changed.
+			 */
+			canEditLockedOutState: boolean;
+			/**
+			 * Name of the databases in the server.
+			 */
+			databases: string[];
+			/**
+			 * Available languages in the server.
+			 */
+			languages: string[];
+			/**
+			 * All server roles in the server.
+			 */
+			serverRoles: string[];
+			/**
+			 * Whether advanced password options are supported.
+			 * Advanced password options: check policy, check expiration, must change, unlock.
+			 * Notes: 2 options to control the advanced options because Analytics Platform supports advanced options but does not support advanced options.
+			 */
+			supportAdvancedPasswordOptions: boolean;
+			/**
+			 * Whether advanced options are supported.
+			 * Advanced options: default database, default language and connect permission.
+			 */
+			supportAdvancedOptions: boolean;
+		}
+
+		/**
+		 * The permission information a principal has on a securable.
+		 */
+		export interface Permission {
+			/**
+			 * Name of the permission.
+			 */
+			name: string;
+			/**
+			 * Whether the permission is granted or denied.
+			 */
+			grant: boolean;
+			/**
+			 * Whether the pincipal can grant this permission to other principals.
+			 * The value will be ignored if the grant property is set to false.
+			 */
+			withGrant: boolean;
+		}
+
+		/**
+		 * The permissions a principal has over a securable.
+		 */
+		export interface SecurablePermissions {
+			/**
+			 * The securable.
+			 */
+			securable: SqlObject;
+			/**
+			 * The Permissions.
+			 */
+			permissions: Permission[];
+		}
+
+		/**
+		 * Extend property for objects.
+		 */
+		export interface ExtendedProperty {
+			/**
+			 * Name of the property.
+			 */
+			name: string;
+			/**
+			 * Value of the property.
+			 */
+			value: string;
+		}
+
+		/**
+		 * User types.
+		 */
+		export enum UserType {
+			/**
+			 * User with a server level login.
+			 */
+			WithLogin = 'WithLogin',
+			/**
+			 * User based on a Windows user/group that has no login, but can connect to the Database Engine through membership in a Windows group.
+			 */
+			WithWindowsGroupLogin = 'WithWindowsGroupLogin',
+			/**
+			 * Contained user, authentication is done within the database.
+			 */
+			Contained = 'Contained',
+			/**
+			 * User that cannot authenticate.
+			 */
+			NoConnectAccess = 'NoConnectAccess'
+		}
+
+		/**
+		 * Database user.
+		 */
+		export interface User extends SqlObject {
+			/**
+			 * Type of the user.
+			 */
+			type: UserType;
+			/**
+			 * Default schema of the user.
+			 */
+			defaultSchema: string | undefined;
+			/**
+			 * Schemas owned by the user.
+			 */
+			ownedSchemas: string[] | undefined;
+			/**
+			 * Database roles that the user belongs to.
+			 */
+			databaseRoles: string[] | undefined;
+			/**
+			 * The name of the server login associated with the user.
+			 * Only applicable when the user type is 'WithLogin'.
+			 */
+			loginName: string | undefined;
+			/**
+			 * The default language of the user.
+			 * Only applicable when the user type is 'Contained'.
+			 */
+			defaultLanguage: string | undefined;
+			/**
+			 * Authentication type.
+			 * Only applicable when user type is 'Contained'.
+			 */
+			authenticationType: AuthenticationType | undefined;
+			/**
+			 * Password of the user.
+			 * Only applicable when the user type is 'Contained' and the authentication type is 'Sql'.
+			 */
+			password: string | undefined;
+		}
+
+		/**
+		 * The information required to render the user view.
+		 */
+		export interface UserViewInfo extends ObjectViewInfo<User> {
+			/**
+			 * Whether contained user is supported.
+			 */
+			supportContainedUser: boolean;
+			/**
+			 * Whether Windows authentication is supported.
+			 */
+			supportWindowsAuthentication: boolean;
+			/**
+			 * Whether Azure Active Directory authentication is supported.
+			 */
+			supportAADAuthentication: boolean;
+			/**
+			 * Whether SQL Authentication is supported.
+			 */
+			supportSQLAuthentication: boolean;
+			/**
+			 * All languages supported by the database.
+			 */
+			languages: string[];
+			/**
+			 * All schemas in the database.
+			 */
+			schemas: string[];
+			/**
+			 * Name of all the logins in the server.
+			 */
+			logins: string[];
+			/**
+			 * Name of all the database roles.
+			 */
+			databaseRoles: string[];
+		}
+	}
+
+	export interface IObjectManagementService {
+		/**
+		 * Initialize the login view and return the information to render the view.
+		 * @param connectionUri The original connection's URI.
+		 * @param contextId The context id of the view, generated by the extension and will be used in subsequent create/update/dispose operations.
+		 * @param isNewObject Whether the view is for creating a new login object.
+		 * @param name Name of the login. Only applicable when isNewObject is false.
+		 */
+		initializeLoginView(connectionUri: string, contextId: string, isNewObject: boolean, name: string | undefined): Thenable<ObjectManagement.LoginViewInfo>;
+		/**
+		 * Create a login.
+		 * @param contextId The login view's context id.
+		 * @param login The login information.
+		 */
+		createLogin(contextId: string, login: ObjectManagement.Login): Thenable<void>;
+		/**
+		 * Update a login.
+		 * @param contextId The login view's context id.
+		 * @param login The login information.
+		 */
+		updateLogin(contextId: string, login: ObjectManagement.Login): Thenable<void>;
+		/**
+		 * Delete a login.
+		 * @param connectionUri The URI of the server connection.
+		 * @param name Name of the login.
+		 */
+		deleteLogin(connectionUri: string, name: string): Thenable<void>;
+		/**
+		 * Dispose the login view.
+		 * @param contextId The id of the view.
+		 */
+		disposeLoginView(contextId: string): Thenable<void>;
+		/**
+		 * Initialize the user view and return the information to render the view.
+		 * @param connectionUri The original connection's URI.
+		 * @param database Name of the database.
+		 * @param contextId The id of the view, generated by the extension and will be used in subsequent create/update/dispose operations.
+		 * @param isNewObject Whether the view is for creating a new user object.
+		 * @param name Name of the user. Only applicable when isNewObject is false.
+		 */
+		initializeUserView(connectionUri: string, database: string, contextId: string, isNewObject: boolean, name: string | undefined): Thenable<ObjectManagement.UserViewInfo>;
+		/**
+		 * Create a user.
+		 * @param contextId Id of the view.
+		 * @param user The user information.
+		 */
+		createUser(contextId: string, user: ObjectManagement.User): Thenable<void>;
+		/**
+		 * Create a login.
+		 * @param contextId Id of the view.
+		 * @param user The user information.
+		 */
+		updateUser(contextId: string, user: ObjectManagement.User): Thenable<void>;
+		/**
+		 * Create a login.
+		 * @param connectionUri The URI of the server connection.
+		 * @param database Name of the database.
+		 * @param name Name of the user.
+		 */
+		deleteUser(connectionUri: string, database: string, name: string): Thenable<void>;
+		/**
+		 * Dispose the user view.
+		 * @param contextId The id of the view.
+		 */
+		disposeUserView(contextId: string): Thenable<void>;
+	}
+	// Object Management - End.
 }