public void RoleAssignmentSample()
{
#region Snippet:CreateAccessControlClient
// Replace the string below with your actual endpoint url.
string endpoint = "<my-endpoint-url>";
/*@@*/ endpoint = TestEnvironment.EndpointUrl;
AccessControlClient client = new AccessControlClient(endpoint: new Uri(endpoint), credential: new DefaultAzureCredential());
#endregion
string principalId = TestEnvironment.PrincipalId;
#region Snippet:CreateRoleAssignment
Pageable <SynapseRole> roles = client.GetRoleDefinitions();
SynapseRole sqlAdminRole = roles.Single(role => role.Name == "Sql Admin");
RoleAssignmentOptions options = new RoleAssignmentOptions(sqlAdminRole.Id, principalId);
RoleAssignmentDetails createdRoleAssignment = client.CreateRoleAssignment(options);
#endregion
#region Snippet:RetrieveRoleAssignment
RoleAssignmentDetails retrievedRoleAssignment = client.GetRoleAssignmentById(createdRoleAssignment.Id);
#endregion
#region Snippet:ListRoleAssignments
IReadOnlyList <RoleAssignmentDetails> roleAssignments = client.GetRoleAssignments().Value;
foreach (RoleAssignmentDetails roleAssignment in roleAssignments)
{
Console.WriteLine(roleAssignment.Id);
}
#endregion
#region Snippet:DeleteRoleAssignment
client.DeleteRoleAssignmentById(retrievedRoleAssignment.Id);
#endregion
}
public void AddAndRemoveRoleAssignmentSync()
{
// Environment variable with the Synapse workspace endpoint.
string endpoint = TestEnvironment.EndpointUrl;
AccessControlClient client = new AccessControlClient(new Uri(endpoint), new DefaultAzureCredential());
Pageable <SynapseRole> roles = client.GetRoleDefinitions();
SynapseRole role = roles.Single(role => role.Name == "Workspace Admin");
string principalId = Guid.NewGuid().ToString();
RoleAssignmentOptions request = new RoleAssignmentOptions(role.Id, principalId);
Response <RoleAssignmentDetails> response = client.CreateRoleAssignment(request);
RoleAssignmentDetails roleAssignmentAdded = response.Value;
RoleAssignmentDetails roleAssignment = client.GetRoleAssignmentById(roleAssignmentAdded.Id);
Debug.WriteLine($"Role {roleAssignment.RoleId} is assigned to {roleAssignment.PrincipalId}. Role assignment id: {roleAssignment.Id}");
IReadOnlyList <RoleAssignmentDetails> roleAssignments = client.GetRoleAssignments().Value;
foreach (RoleAssignmentDetails assignment in roleAssignments)
{
Console.WriteLine(assignment.Id);
}
client.DeleteRoleAssignmentById(roleAssignment.Id);
}
public PSRoleAssignmentDetails(RoleAssignmentDetails roleAssignmentDetails)
{
this.RoleAssignmentId = roleAssignmentDetails.Id;
this.RoleDefinitionId = roleAssignmentDetails.RoleDefinitionId?.ToString();
this.ObjectId = roleAssignmentDetails.PrincipalId?.ToString();
this.Scope = roleAssignmentDetails.Scope;
this.principalType = roleAssignmentDetails.PrincipalType;
}
public void RetrieveRoleAssignment()
{
string principalId = TestEnvironment.PrincipalId;
#region Snippet:RetrieveRoleAssignment
RoleAssignmentDetails roleAssignment = client.GetRoleAssignmentById(principalId);
#endregion
}
public void DeleteRoleAssignment()
{
string principalId = TestEnvironment.PrincipalId;
RoleAssignmentDetails roleAssignment = client.GetRoleAssignmentById(principalId);
#region Snippet:DeleteRoleAssignment
client.DeleteRoleAssignmentById(roleAssignment.Id);
#endregion
}
public async Task DeleteRoleAssignments()
{
AccessControlClient client = CreateClient();
RoleAssignmentDetails assignment = await DisposableClientRole.CreateResource(client, this.Recording);
Response response = await client.DeleteRoleAssignmentByIdAsync(assignment.Id);
response.AssertSuccess();
}
public void CreateRoleAssignment()
{
string principalId = TestEnvironment.PrincipalId;
string sqlAdminRoleId = client.GetRoleDefinitions().AsEnumerable().Single(role => role.Name == "Sql Admin").Id;
#region Snippet:CreateRoleAssignment
RoleAssignmentOptions options = new RoleAssignmentOptions(sqlAdminRoleId, principalId);
RoleAssignmentDetails roleAssignment = client.CreateRoleAssignment(options);
#endregion
}
public async Task DeleteRoleAssignments()
{
RoleAssignmentsClient assignmentsClient = CreateAssignmentClient();
RoleDefinitionsClient definitionsClient = CreateDefinitionsClient();
RoleAssignmentDetails assignment = await DisposableClientRole.CreateResource(assignmentsClient, definitionsClient, TestEnvironment);
Response response = await assignmentsClient.DeleteRoleAssignmentByIdAsync(assignment.Id);
response.AssertSuccess();
}
public async Task GetRoleAssignment()
{
AccessControlClient client = CreateClient();
await using DisposableClientRole role = await DisposableClientRole.Create(client, this.Recording);
RoleAssignmentDetails roleAssignment = await client.GetRoleAssignmentByIdAsync(role.Assignment.Id);
Assert.AreEqual(role.Assignment.RoleId, roleAssignment.RoleId);
Assert.AreEqual(role.Assignment.PrincipalId, roleAssignment.PrincipalId);
}
public async Task GetRoleAssignment()
{
RoleAssignmentsClient assignmentsClient = CreateAssignmentClient();
RoleDefinitionsClient definitionsClient = CreateDefinitionsClient();
await using DisposableClientRole role = await DisposableClientRole.Create(assignmentsClient, definitionsClient, TestEnvironment);
RoleAssignmentDetails roleAssignment = await assignmentsClient.GetRoleAssignmentByIdAsync(role.Assignment.Id);
Assert.AreEqual(role.Assignment.RoleDefinitionId, roleAssignment.RoleDefinitionId);
Assert.AreEqual(role.Assignment.PrincipalId, roleAssignment.PrincipalId);
}
public async Task TestGetRoleAssignment()
{
IReadOnlyList <RoleAssignmentDetails> roleAssignments = (await AccessControlClient.GetRoleAssignmentsAsync()).Value;
CollectionAssert.IsNotEmpty(roleAssignments);
foreach (RoleAssignmentDetails expectedRoleAssignment in roleAssignments)
{
RoleAssignmentDetails actualRoleAssignment = await AccessControlClient.GetRoleAssignmentByIdAsync(expectedRoleAssignment.Id);
Assert.AreEqual(expectedRoleAssignment.Id, actualRoleAssignment.Id);
Assert.AreEqual(expectedRoleAssignment.PrincipalId, actualRoleAssignment.PrincipalId);
Assert.AreEqual(expectedRoleAssignment.RoleId, actualRoleAssignment.RoleId);
}
}
public void AddAndRemoveRoleAssignmentSync()
{
#region Snippet:CreateAccessControlClient
// Replace the string below with your actual endpoint url.
string endpoint = "<my-endpoint-url>";
/*@@*/ endpoint = TestEnvironment.EndpointUrl;
RoleAssignmentsClient roleAssignmentsClient = new RoleAssignmentsClient(endpoint, new DefaultAzureCredential());
RoleDefinitionsClient definitionsClient = new RoleDefinitionsClient(endpoint, new DefaultAzureCredential());
#endregion
#region Snippet:PrepCreateRoleAssignment
Response <IReadOnlyList <SynapseRoleDefinition> > roles = definitionsClient.ListRoleDefinitions();
SynapseRoleDefinition role = roles.Value.Single(role => role.Name == "Synapse Administrator");
Guid roleId = role.Id.Value;
string assignedScope = "workspaces/<my-workspace-name>";
/*@@*/ assignedScope = "workspaces/" + TestEnvironment.WorkspaceName;
// Replace the string below with the ID you'd like to assign the role.
Guid principalId = /*<my-principal-id>"*/ Guid.NewGuid();
// Replace the string below with the ID of the assignment you'd like to use.
string assignmentId = "<my-assignment-id>";
/*@@*/ assignmentId = Guid.NewGuid().ToString();
#endregion
#region Snippet:CreateRoleAssignment
Response <RoleAssignmentDetails> response = roleAssignmentsClient.CreateRoleAssignment(assignmentId, roleId, principalId, assignedScope);
RoleAssignmentDetails roleAssignmentAdded = response.Value;
#endregion
#region Snippet:RetrieveRoleAssignment
RoleAssignmentDetails roleAssignment = roleAssignmentsClient.GetRoleAssignmentById(roleAssignmentAdded.Id);
Console.WriteLine($"Role {roleAssignment.RoleDefinitionId} is assigned to {roleAssignment.PrincipalId}.");
#endregion
#region Snippet:ListRoleAssignments
Response <IReadOnlyList <SynapseRoleDefinition> > roleAssignments = definitionsClient.ListRoleDefinitions();
foreach (SynapseRoleDefinition assignment in roleAssignments.Value)
{
Console.WriteLine(assignment.Id);
}
#endregion
#region Snippet:DeleteRoleAssignment
roleAssignmentsClient.DeleteRoleAssignmentById(roleAssignment.Id);
#endregion
}
public async Task ListRoleAssignments()
{
AccessControlClient client = CreateClient();
await using DisposableClientRole role = await DisposableClientRole.Create(client, this.Recording);
Response <IReadOnlyList <RoleAssignmentDetails> > roleAssignments = await client.GetRoleAssignmentsAsync();
foreach (RoleAssignmentDetails expected in roleAssignments.Value)
{
RoleAssignmentDetails actual = await client.GetRoleAssignmentByIdAsync(expected.Id);
Assert.AreEqual(expected.Id, actual.Id);
Assert.AreEqual(expected.PrincipalId, actual.PrincipalId);
Assert.AreEqual(expected.RoleId, actual.RoleId);
}
Assert.GreaterOrEqual(roleAssignments.Value.Count, 1);
}
public async Task DeleteRoleAssignments()
{
AccessControlClient client = CreateClient();
RoleAssignmentDetails assignment = await DisposableClientRole.CreateResource(client, this.Recording);
Response response = await client.DeleteRoleAssignmentByIdAsync(assignment.Id);
switch (response.Status)
{
case 200:
case 204:
break;
default:
Assert.Fail($"Unexpected status ${response.Status} returned");
break;
}
}
public void AddAndRemoveRoleAssignmentSync()
{
#region Snippet:CreateAccessControlClient
// Replace the string below with your actual endpoint url.
string endpoint = "<my-endpoint-url>";
/*@@*/ endpoint = TestEnvironment.EndpointUrl;
AccessControlClient client = new AccessControlClient(new Uri(endpoint), new DefaultAzureCredential());
#endregion
#region Snippet:PrepCreateRoleAssignment
Pageable <SynapseRole> roles = client.GetRoleDefinitions();
SynapseRole role = roles.Single(role => role.Name == "Workspace Admin");
string roleID = role.Id;
// Replace the string below with the ID you'd like to assign the role.
string principalId = "<my-principal-id>";
/*@@*/ principalId = Guid.NewGuid().ToString();
#endregion
#region Snippet:CreateRoleAssignment
RoleAssignmentOptions request = new RoleAssignmentOptions(roleID, principalId);
Response <RoleAssignmentDetails> response = client.CreateRoleAssignment(request);
RoleAssignmentDetails roleAssignmentAdded = response.Value;
#endregion
#region Snippet:RetrieveRoleAssignment
RoleAssignmentDetails roleAssignment = client.GetRoleAssignmentById(roleAssignmentAdded.Id);
Console.WriteLine($"Role {roleAssignment.RoleId} is assigned to {roleAssignment.PrincipalId}.");
#endregion
#region Snippet:ListRoleAssignments
Response <IReadOnlyList <RoleAssignmentDetails> > roleAssignments = client.GetRoleAssignments();
foreach (RoleAssignmentDetails assignment in roleAssignments.Value)
{
Console.WriteLine(assignment.Id);
}
#endregion
#region Snippet:DeleteRoleAssignment
client.DeleteRoleAssignmentById(roleAssignment.Id);
#endregion
}
public async Task TestCreateAndDeleteRoleAssignment()
{
string sqlAdminRoleId = "7af0c69a-a548-47d6-aea3-d00e69bd83aa";
string principalId = Recording.Random.NewGuid().ToString();
// Create role assignment.
RoleAssignmentDetails actualRoleAssignment = await AccessControlClient.CreateRoleAssignmentAsync(new RoleAssignmentOptions(roleId : sqlAdminRoleId, principalId : principalId));
// Verify the role assignment exists.
Assert.NotNull(actualRoleAssignment);
Assert.AreEqual(sqlAdminRoleId, actualRoleAssignment.RoleId);
Assert.AreEqual(principalId, actualRoleAssignment.PrincipalId);
// Remove the role assignment.
await AccessControlClient.DeleteRoleAssignmentByIdAsync(actualRoleAssignment.Id);
// Verify the role assignment doesn't exist.
actualRoleAssignment = (await AccessControlClient.GetRoleAssignmentsAsync()).Value.FirstOrDefault(ra => ra.PrincipalId == principalId);
Assert.IsNull(actualRoleAssignment);
}
public void SubmitSparkJobSync()
{
// Environment variable with the Synapse workspace endpoint.
string workspaceUrl = TestEnvironment.WorkspaceUrl;
#region Snippet:AccessControlSample1AccessControlClient
AccessControlClient client = new AccessControlClient(new Uri(workspaceUrl), new DefaultAzureCredential());
#endregion
#region Snippet:AccessControlSample1GetWorkspaceAdminRole
SynapseRole role = client.GetRoleDefinitions().Single(role => role.Name == "Workspace Admin");
#endregion
#region Snippet:AccessControlSample1AddRoleAssignment
string principalId = Guid.NewGuid().ToString();
RoleAssignmentOptions request = new RoleAssignmentOptions(roleId: role.Id, principalId: principalId);
RoleAssignmentDetails roleAssignmentAdded = client.CreateRoleAssignment(request);
#endregion
#region Snippet:AccessControlSample1GetRoleAssignment
RoleAssignmentDetails roleAssignment = client.GetRoleAssignmentById(principalId);
Debug.WriteLine($"Role {roleAssignment.RoleId} is assigned to {roleAssignment.PrincipalId}. Role assignment id: {roleAssignment.Id}");
#endregion
#region Snippet:AccessControlSample1ListRoleAssignments
IReadOnlyList <RoleAssignmentDetails> roleAssignments = client.GetRoleAssignments().Value;
foreach (RoleAssignmentDetails assignment in roleAssignments)
{
Console.WriteLine(assignment.Id);
}
#endregion
#region Snippet:AccessControlSample1RemoveRoleAssignment
client.DeleteRoleAssignmentById(roleAssignment.Id);
#endregion
}
private DisposableClientRole(RoleAssignmentsClient assignmentsClient, RoleDefinitionsClient definitionsClient, RoleAssignmentDetails assignment)
{
_client = assignmentsClient;
Assignment = assignment;
}
private DisposableClientRole(AccessControlClient client, RoleAssignmentDetails assignment)
{
_client = client;
Assignment = assignment;
}
internal CheckAccessDecision(string accessDecision, string actionId, RoleAssignmentDetails roleAssignment)
{
AccessDecision = accessDecision;
ActionId = actionId;
RoleAssignment = roleAssignment;
}
public PSRoleAssignmentDetails(RoleAssignmentDetails roleAssignmentDetails)
{
this.RoleAssignmentId = roleAssignmentDetails.Id;
this.RoleDefinitionId = roleAssignmentDetails.RoleId;
this.ObjectId = roleAssignmentDetails.PrincipalId;
}
