public async Task CanCheckPrincipalAccess()
{
// Arrange
RoleAssignmentsClient assignmentsClient = CreateAssignmentClient();
RoleDefinitionsClient definitionsClient = CreateDefinitionsClient();
string scope = "workspaces/" + TestEnvironment.WorkspaceName;
string actionId = "Microsoft.Synapse/workspaces/read";
await using DisposableClientRole role = await DisposableClientRole.Create(assignmentsClient, definitionsClient, TestEnvironment);
// Act
var accessRequest = new
{
subject = new
{
principalId = role.RoleAssignmentPrincipalId,
groupIds = new string[] { },
},
scope = scope,
actions = new[]
{
new
{
id = actionId,
isDataAction = true
}
}
};
var response = await assignmentsClient.CheckPrincipalAccessAsync(RequestContent.Create(accessRequest));
// Assert
var content = response.Content;
using var accessDecisionsJson = JsonDocument.Parse(content.ToMemory());
var accessDecisionsEnumerator = accessDecisionsJson.RootElement.GetProperty("AccessDecisions").EnumerateArray();
Assert.AreEqual(1, accessDecisionsEnumerator.Count());
var accessDecisionJson = accessDecisionsEnumerator.First();
Assert.AreEqual("Allowed", accessDecisionJson.GetProperty("accessDecision").ToString());
Assert.AreEqual(actionId, accessDecisionJson.GetProperty("actionId").ToString());
var roleAssignmentJson = accessDecisionJson.GetProperty("roleAssignment");
Assert.AreEqual(role.RoleAssignmentId, roleAssignmentJson.GetProperty("id").ToString());
Assert.AreEqual(role.RoleAssignmentRoleDefinitionId, roleAssignmentJson.GetProperty("roleDefinitionId").ToString());
Assert.AreEqual(role.RoleAssignmentPrincipalId, roleAssignmentJson.GetProperty("principalId").ToString());
Assert.AreEqual(scope, roleAssignmentJson.GetProperty("scope").ToString());
}
public async Task CanCheckPrincipalAccessViaGrowUpHelper()
{
// Arrange
RoleAssignmentsClient assignmentsClient = CreateAssignmentClient();
RoleDefinitionsClient definitionsClient = CreateDefinitionsClient();
string scope = "workspaces/" + TestEnvironment.WorkspaceName;
string actionId = "Microsoft.Synapse/workspaces/read";
await using DisposableClientRole role = await DisposableClientRole.Create(assignmentsClient, definitionsClient, TestEnvironment);
// Act
CheckPrincipalAccessRequest checkAccessRequest = new CheckPrincipalAccessRequest(
new SubjectInfo(new Guid(role.RoleAssignmentPrincipalId)),
new List <RequiredAction>()
{
new RequiredAction(actionId, isDataAction: true)
},
scope);
Response <CheckPrincipalAccessResponse> response = await assignmentsClient.CheckPrincipalAccessAsync(checkAccessRequest);
// Assert
var decisions = response.Value.AccessDecisions;
Assert.AreEqual(1, decisions.Count);
var decision = decisions[0];
Assert.AreEqual("Allowed", decision.AccessDecision);
Assert.AreEqual(actionId, decision.ActionId);
Assert.AreEqual(role.RoleAssignmentPrincipalId, decision.RoleAssignment.PrincipalId.ToString());
Assert.AreEqual(role.RoleAssignmentRoleDefinitionId, decision.RoleAssignment.RoleDefinitionId.ToString());
Assert.AreEqual(scope, decision.RoleAssignment.Scope);
Assert.AreEqual(role.RoleAssignmentId, decision.RoleAssignment.Id);
}
