public async Task CanCheckPrincipalAccess() { // Arrange RoleAssignmentsClient assignmentsClient = CreateAssignmentClient(); RoleDefinitionsClient definitionsClient = CreateDefinitionsClient(); string scope = "workspaces/" + TestEnvironment.WorkspaceName; string actionId = "Microsoft.Synapse/workspaces/read"; await using DisposableClientRole role = await DisposableClientRole.Create(assignmentsClient, definitionsClient, TestEnvironment); // Act var accessRequest = new { subject = new { principalId = role.RoleAssignmentPrincipalId, groupIds = new string[] { }, }, scope = scope, actions = new[] { new { id = actionId, isDataAction = true } } }; var response = await assignmentsClient.CheckPrincipalAccessAsync(RequestContent.Create(accessRequest)); // Assert var content = response.Content; using var accessDecisionsJson = JsonDocument.Parse(content.ToMemory()); var accessDecisionsEnumerator = accessDecisionsJson.RootElement.GetProperty("AccessDecisions").EnumerateArray(); Assert.AreEqual(1, accessDecisionsEnumerator.Count()); var accessDecisionJson = accessDecisionsEnumerator.First(); Assert.AreEqual("Allowed", accessDecisionJson.GetProperty("accessDecision").ToString()); Assert.AreEqual(actionId, accessDecisionJson.GetProperty("actionId").ToString()); var roleAssignmentJson = accessDecisionJson.GetProperty("roleAssignment"); Assert.AreEqual(role.RoleAssignmentId, roleAssignmentJson.GetProperty("id").ToString()); Assert.AreEqual(role.RoleAssignmentRoleDefinitionId, roleAssignmentJson.GetProperty("roleDefinitionId").ToString()); Assert.AreEqual(role.RoleAssignmentPrincipalId, roleAssignmentJson.GetProperty("principalId").ToString()); Assert.AreEqual(scope, roleAssignmentJson.GetProperty("scope").ToString()); }
public async Task CanCheckPrincipalAccessViaGrowUpHelper() { // Arrange RoleAssignmentsClient assignmentsClient = CreateAssignmentClient(); RoleDefinitionsClient definitionsClient = CreateDefinitionsClient(); string scope = "workspaces/" + TestEnvironment.WorkspaceName; string actionId = "Microsoft.Synapse/workspaces/read"; await using DisposableClientRole role = await DisposableClientRole.Create(assignmentsClient, definitionsClient, TestEnvironment); // Act CheckPrincipalAccessRequest checkAccessRequest = new CheckPrincipalAccessRequest( new SubjectInfo(new Guid(role.RoleAssignmentPrincipalId)), new List <RequiredAction>() { new RequiredAction(actionId, isDataAction: true) }, scope); Response <CheckPrincipalAccessResponse> response = await assignmentsClient.CheckPrincipalAccessAsync(checkAccessRequest); // Assert var decisions = response.Value.AccessDecisions; Assert.AreEqual(1, decisions.Count); var decision = decisions[0]; Assert.AreEqual("Allowed", decision.AccessDecision); Assert.AreEqual(actionId, decision.ActionId); Assert.AreEqual(role.RoleAssignmentPrincipalId, decision.RoleAssignment.PrincipalId.ToString()); Assert.AreEqual(role.RoleAssignmentRoleDefinitionId, decision.RoleAssignment.RoleDefinitionId.ToString()); Assert.AreEqual(scope, decision.RoleAssignment.Scope); Assert.AreEqual(role.RoleAssignmentId, decision.RoleAssignment.Id); }