public async Task CanListRoleDefinitions()
{
RoleAssignmentsClient assignmentsClient = CreateAssignmentClient();
RoleDefinitionsClient definitionsClient = CreateDefinitionsClient();
await using DisposableClientRole role = await DisposableClientRole.Create(assignmentsClient, definitionsClient, TestEnvironment);
// TODO: This will change to pageable with next (Data Plane) client generator update
Response listReponse = await definitionsClient.GetRoleDefinitionsAsync(new());
var listContent = listReponse.Content;
using var roleDefinitionsJson = JsonDocument.Parse(listContent.ToMemory());
foreach (var expectedRoleDefinitionJson in roleDefinitionsJson.RootElement.EnumerateArray())
{
string id = expectedRoleDefinitionJson.GetProperty("id").ToString();
var roleDefinitionResponse = await definitionsClient.GetRoleDefinitionByIdAsync(id, new());
var roleDefinitionContent = roleDefinitionResponse.Content;
using var actualRoleDefinitionJson = JsonDocument.Parse(roleDefinitionContent.ToMemory());
Assert.AreEqual(expectedRoleDefinitionJson.GetProperty("id").ToString(), actualRoleDefinitionJson.RootElement.GetProperty("id").ToString());
Assert.AreEqual(expectedRoleDefinitionJson.GetProperty("name").ToString(), actualRoleDefinitionJson.RootElement.GetProperty("name").ToString());
}
Assert.GreaterOrEqual(roleDefinitionsJson.RootElement.GetArrayLength(), 1);
}
public async Task CanListRoleAssignments()
{
RoleAssignmentsClient assignmentsClient = CreateAssignmentClient();
RoleDefinitionsClient definitionsClient = CreateDefinitionsClient();
await using DisposableClientRole role = await DisposableClientRole.Create(assignmentsClient, definitionsClient, TestEnvironment);
// TODO: This will change to pageable with https://github.com/azure/azure-sdk-for-net/issues/24680
Response listReponse = await assignmentsClient.GetRoleAssignmentsAsync();
var listContent = listReponse.Content;
using var outerJson = JsonDocument.Parse(listContent.ToMemory());
var roleAssignmentsJson = outerJson.RootElement.GetProperty("value");
foreach (var expectedRoleAssignmentJson in roleAssignmentsJson.EnumerateArray())
{
string id = expectedRoleAssignmentJson.GetProperty("id").ToString();
var roleAssignmentResponse = await assignmentsClient.GetRoleAssignmentByIdAsync(id, new());
var roleAssignmentContent = roleAssignmentResponse.Content;
using var actualRoleDefinitionJson = JsonDocument.Parse(roleAssignmentContent.ToMemory());
Assert.AreEqual(expectedRoleAssignmentJson.GetProperty("id").ToString(), actualRoleDefinitionJson.RootElement.GetProperty("id").ToString());
Assert.AreEqual(expectedRoleAssignmentJson.GetProperty("roleDefinitionId").ToString(), actualRoleDefinitionJson.RootElement.GetProperty("roleDefinitionId").ToString());
Assert.AreEqual(expectedRoleAssignmentJson.GetProperty("principalId").ToString(), actualRoleDefinitionJson.RootElement.GetProperty("principalId").ToString());
Assert.AreEqual(expectedRoleAssignmentJson.GetProperty("scope").ToString(), actualRoleDefinitionJson.RootElement.GetProperty("scope").ToString());
}
Assert.GreaterOrEqual(roleAssignmentsJson.GetArrayLength(), 1);
}
public static async ValueTask <RoleAssignmentDetails> CreateResource(RoleAssignmentsClient assignmentsClient, RoleDefinitionsClient definitionsClient, SynapseTestEnvironment testEnvironment)
{
string scope = "workspaces/" + testEnvironment.WorkspaceName;
Guid? roleID = (await definitionsClient.ListRoleDefinitionsAsync()).Value.First(x => x.Name == "Synapse Administrator").Id;
Guid principalId = Guid.NewGuid();
string roleAssignmentId = Guid.NewGuid().ToString();
return(await assignmentsClient.CreateRoleAssignmentAsync(roleAssignmentId, roleID.Value, principalId, scope));
}
public async Task DeleteRoleAssignments()
{
RoleAssignmentsClient assignmentsClient = CreateAssignmentClient();
RoleDefinitionsClient definitionsClient = CreateDefinitionsClient();
RoleAssignmentDetails assignment = await DisposableClientRole.CreateResource(assignmentsClient, definitionsClient, TestEnvironment);
Response response = await assignmentsClient.DeleteRoleAssignmentByIdAsync(assignment.Id);
response.AssertSuccess();
}
public async Task CanCreateRoleAssignment()
{
RoleAssignmentsClient assignmentsClient = CreateAssignmentClient();
RoleDefinitionsClient definitionsClient = CreateDefinitionsClient();
await using DisposableClientRole role = await DisposableClientRole.Create(assignmentsClient, definitionsClient, TestEnvironment);
Assert.NotNull(role.RoleAssignmentId);
Assert.NotNull(role.RoleAssignmentRoleDefinitionId);
Assert.NotNull(role.RoleAssignmentPrincipalId);
}
public async Task CanGetRoleAssignmentViaGrowUpHelper()
{
RoleAssignmentsClient assignmentsClient = CreateAssignmentClient();
RoleDefinitionsClient definitionsClient = CreateDefinitionsClient();
await using DisposableClientRole role = await DisposableClientRole.Create(assignmentsClient, definitionsClient, TestEnvironment);
Response <RoleAssignmentDetails> response = await assignmentsClient.GetRoleAssignmentByIdAsync(role.RoleAssignmentId);
Assert.AreEqual(role.RoleAssignmentRoleDefinitionId, response.Value.RoleDefinitionId.ToString());
Assert.AreEqual(role.RoleAssignmentPrincipalId, response.Value.PrincipalId.ToString());
}
public async Task GetRoleAssignment()
{
RoleAssignmentsClient assignmentsClient = CreateAssignmentClient();
RoleDefinitionsClient definitionsClient = CreateDefinitionsClient();
await using DisposableClientRole role = await DisposableClientRole.Create(assignmentsClient, definitionsClient, TestEnvironment);
RoleAssignmentDetails roleAssignment = await assignmentsClient.GetRoleAssignmentByIdAsync(role.Assignment.Id);
Assert.AreEqual(role.Assignment.RoleDefinitionId, roleAssignment.RoleDefinitionId);
Assert.AreEqual(role.Assignment.PrincipalId, roleAssignment.PrincipalId);
}
private DisposableClientRole(RoleAssignmentsClient assignmentsClient, RoleDefinitionsClient definitionsClient, Response createResponse)
{
_client = assignmentsClient;
var content = createResponse.Content;
using var roleAssignmentDetailsJson = JsonDocument.Parse(content.ToMemory());
RoleAssignmentId = roleAssignmentDetailsJson.RootElement.GetProperty("id").GetString();
RoleAssignmentRoleDefinitionId = roleAssignmentDetailsJson.RootElement.GetProperty("roleDefinitionId").GetString();
RoleAssignmentPrincipalId = roleAssignmentDetailsJson.RootElement.GetProperty("principalId").GetString();
}
public async Task CanCheckPrincipalAccess()
{
// Arrange
RoleAssignmentsClient assignmentsClient = CreateAssignmentClient();
RoleDefinitionsClient definitionsClient = CreateDefinitionsClient();
string scope = "workspaces/" + TestEnvironment.WorkspaceName;
string actionId = "Microsoft.Synapse/workspaces/read";
await using DisposableClientRole role = await DisposableClientRole.Create(assignmentsClient, definitionsClient, TestEnvironment);
// Act
var accessRequest = new
{
subject = new
{
principalId = role.RoleAssignmentPrincipalId,
groupIds = new string[] { },
},
scope = scope,
actions = new[]
{
new
{
id = actionId,
isDataAction = true
}
}
};
var response = await assignmentsClient.CheckPrincipalAccessAsync(RequestContent.Create(accessRequest));
// Assert
var content = response.Content;
using var accessDecisionsJson = JsonDocument.Parse(content.ToMemory());
var accessDecisionsEnumerator = accessDecisionsJson.RootElement.GetProperty("AccessDecisions").EnumerateArray();
Assert.AreEqual(1, accessDecisionsEnumerator.Count());
var accessDecisionJson = accessDecisionsEnumerator.First();
Assert.AreEqual("Allowed", accessDecisionJson.GetProperty("accessDecision").ToString());
Assert.AreEqual(actionId, accessDecisionJson.GetProperty("actionId").ToString());
var roleAssignmentJson = accessDecisionJson.GetProperty("roleAssignment");
Assert.AreEqual(role.RoleAssignmentId, roleAssignmentJson.GetProperty("id").ToString());
Assert.AreEqual(role.RoleAssignmentRoleDefinitionId, roleAssignmentJson.GetProperty("roleDefinitionId").ToString());
Assert.AreEqual(role.RoleAssignmentPrincipalId, roleAssignmentJson.GetProperty("principalId").ToString());
Assert.AreEqual(scope, roleAssignmentJson.GetProperty("scope").ToString());
}
public SynapseAnalyticsRoleClient(string workspaceName, IAzureContext context)
{
if (context == null)
{
throw new AzPSInvalidOperationException(Resources.InvalidDefaultSubscription);
}
string suffix = context.Environment.GetEndpoint(AzureEnvironment.ExtendedEndpoint.AzureSynapseAnalyticsEndpointSuffix);
Uri uri = new Uri("https://" + workspaceName + "." + suffix);
_roleAssignmentsClient = new RoleAssignmentsClient(uri, new AzureSessionCredential(context));
_roleDefinitionsClient = new RoleDefinitionsClient(uri, new AzureSessionCredential(context));
_activeDirectoryClient = new ActiveDirectoryClient(context);
}
public void AddAndRemoveRoleAssignmentSync()
{
#region Snippet:CreateAccessControlClient
// Replace the string below with your actual endpoint url.
string endpoint = "<my-endpoint-url>";
/*@@*/ endpoint = TestEnvironment.EndpointUrl;
RoleAssignmentsClient roleAssignmentsClient = new RoleAssignmentsClient(endpoint, new DefaultAzureCredential());
RoleDefinitionsClient definitionsClient = new RoleDefinitionsClient(endpoint, new DefaultAzureCredential());
#endregion
#region Snippet:PrepCreateRoleAssignment
Response <IReadOnlyList <SynapseRoleDefinition> > roles = definitionsClient.ListRoleDefinitions();
SynapseRoleDefinition role = roles.Value.Single(role => role.Name == "Synapse Administrator");
Guid roleId = role.Id.Value;
string assignedScope = "workspaces/<my-workspace-name>";
/*@@*/ assignedScope = "workspaces/" + TestEnvironment.WorkspaceName;
// Replace the string below with the ID you'd like to assign the role.
Guid principalId = /*<my-principal-id>"*/ Guid.NewGuid();
// Replace the string below with the ID of the assignment you'd like to use.
string assignmentId = "<my-assignment-id>";
/*@@*/ assignmentId = Guid.NewGuid().ToString();
#endregion
#region Snippet:CreateRoleAssignment
Response <RoleAssignmentDetails> response = roleAssignmentsClient.CreateRoleAssignment(assignmentId, roleId, principalId, assignedScope);
RoleAssignmentDetails roleAssignmentAdded = response.Value;
#endregion
#region Snippet:RetrieveRoleAssignment
RoleAssignmentDetails roleAssignment = roleAssignmentsClient.GetRoleAssignmentById(roleAssignmentAdded.Id);
Console.WriteLine($"Role {roleAssignment.RoleDefinitionId} is assigned to {roleAssignment.PrincipalId}.");
#endregion
#region Snippet:ListRoleAssignments
Response <IReadOnlyList <SynapseRoleDefinition> > roleAssignments = definitionsClient.ListRoleDefinitions();
foreach (SynapseRoleDefinition assignment in roleAssignments.Value)
{
Console.WriteLine(assignment.Id);
}
#endregion
#region Snippet:DeleteRoleAssignment
roleAssignmentsClient.DeleteRoleAssignmentById(roleAssignment.Id);
#endregion
}
public SynapseAnalyticsRoleClient(string workspaceName, IAzureContext context)
{
if (context == null)
{
throw new AzPSInvalidOperationException(Resources.InvalidDefaultSubscription);
}
string suffix = context.Environment.GetEndpoint(AzureEnvironment.ExtendedEndpoint.AzureSynapseAnalyticsEndpointSuffix);
Uri uri = new Uri("https://" + workspaceName + "." + suffix);
_roleAssignmentsClient = new RoleAssignmentsClient(uri, new AzureSessionCredential(context));
_roleDefinitionsClient = new RoleDefinitionsClient(uri, new AzureSessionCredential(context));
_graphClient = AzureSession.Instance.ClientFactory.CreateArmClient <MicrosoftGraphClient>(context, AzureEnvironment.ExtendedEndpoint.MicrosoftGraphUrl);
_graphClient.TenantID = context.Tenant.Id.ToString();
}
public async Task CanDeleteRoleAssignments()
{
RoleAssignmentsClient assignmentsClient = CreateAssignmentClient();
RoleDefinitionsClient definitionsClient = CreateDefinitionsClient();
var createResponse = await DisposableClientRole.CreateResource(assignmentsClient, definitionsClient, TestEnvironment);
var content = createResponse.Content;
using var roleAssignmentDetailsJson = JsonDocument.Parse(content.ToMemory());
Response deleteResponse = await assignmentsClient.DeleteRoleAssignmentByIdAsync(roleAssignmentDetailsJson.RootElement.GetProperty("id").GetString());
deleteResponse.AssertSuccess();
}
public Clients(HttpClient httpClient)
{
HttpClient = httpClient;
UsersClient = new UsersClient(HttpClient);
SpacesClient = new SpacesClient(HttpClient);
DevicesClient = new DevicesClient(HttpClient);
SensorsClient = new SensorsClient(HttpClient);
ResourcesClient = new ResourcesClient(HttpClient);
EndpointsClient = new EndpointsClient(HttpClient);
OntologiesClient = new OntologiesClient(HttpClient);
PropertyKeysClient = new PropertyKeysClient(HttpClient);
TypesClient = new TypesClient(HttpClient);
UserDefinedFunctionsClient = new UserDefinedFunctionsClient(HttpClient);
MatchersClient = new MatchersClient(HttpClient);
RoleAssignmentsClient = new RoleAssignmentsClient(HttpClient);
}
public async Task CanGetRoleAssignment()
{
RoleAssignmentsClient assignmentsClient = CreateAssignmentClient();
RoleDefinitionsClient definitionsClient = CreateDefinitionsClient();
await using DisposableClientRole role = await DisposableClientRole.Create(assignmentsClient, definitionsClient, TestEnvironment);
var response = await assignmentsClient.GetRoleAssignmentByIdAsync(role.RoleAssignmentId, new());
var content = response.Content;
using var roleAssignmentJson = JsonDocument.Parse(content.ToMemory());
Assert.AreEqual(role.RoleAssignmentRoleDefinitionId, roleAssignmentJson.RootElement.GetProperty("roleDefinitionId").GetString());
Assert.AreEqual(role.RoleAssignmentPrincipalId, roleAssignmentJson.RootElement.GetProperty("principalId").GetString());
}
public async Task ListRoleAssignments()
{
RoleAssignmentsClient assignmentsClient = CreateAssignmentClient();
RoleDefinitionsClient definitionsClient = CreateDefinitionsClient();
await using DisposableClientRole role = await DisposableClientRole.Create(assignmentsClient, definitionsClient, TestEnvironment);
Response <IReadOnlyList <SynapseRoleDefinition> > roleAssignments = await definitionsClient.ListRoleDefinitionsAsync();
foreach (SynapseRoleDefinition expected in roleAssignments.Value)
{
SynapseRoleDefinition actual = await definitionsClient.GetRoleDefinitionByIdAsync(expected.Id.ToString());
Assert.AreEqual(expected.Id, actual.Id);
Assert.AreEqual(expected.Name, actual.Name);
}
Assert.GreaterOrEqual(roleAssignments.Value.Count, 1);
}
public static async ValueTask <Response> CreateResource(RoleAssignmentsClient assignmentsClient, RoleDefinitionsClient definitionsClient, SynapseTestEnvironment testEnvironment)
{
Response listResponse = await definitionsClient.GetRoleDefinitionsAsync(new());
var listContent = listResponse.Content;
using var roleDefinitionsJson = JsonDocument.Parse(listContent.ToMemory());
var count = roleDefinitionsJson.RootElement.GetArrayLength();
var roleId = roleDefinitionsJson.RootElement.EnumerateArray().First(roleDefinitionJson => roleDefinitionJson.GetProperty("name").ToString() == "Synapse Administrator").GetProperty("id").ToString();
string roleAssignmentId = Guid.NewGuid().ToString();
var roleAssignmentDetails = new
{
roleId = roleId,
principalId = Guid.NewGuid(),
scope = "workspaces/" + testEnvironment.WorkspaceName
};
return(await assignmentsClient.CreateRoleAssignmentAsync(roleAssignmentId, RequestContent.Create(roleAssignmentDetails)));
}
public async Task CanCheckPrincipalAccessViaGrowUpHelper()
{
// Arrange
RoleAssignmentsClient assignmentsClient = CreateAssignmentClient();
RoleDefinitionsClient definitionsClient = CreateDefinitionsClient();
string scope = "workspaces/" + TestEnvironment.WorkspaceName;
string actionId = "Microsoft.Synapse/workspaces/read";
await using DisposableClientRole role = await DisposableClientRole.Create(assignmentsClient, definitionsClient, TestEnvironment);
// Act
CheckPrincipalAccessRequest checkAccessRequest = new CheckPrincipalAccessRequest(
new SubjectInfo(new Guid(role.RoleAssignmentPrincipalId)),
new List <RequiredAction>()
{
new RequiredAction(actionId, isDataAction: true)
},
scope);
Response <CheckPrincipalAccessResponse> response = await assignmentsClient.CheckPrincipalAccessAsync(checkAccessRequest);
// Assert
var decisions = response.Value.AccessDecisions;
Assert.AreEqual(1, decisions.Count);
var decision = decisions[0];
Assert.AreEqual("Allowed", decision.AccessDecision);
Assert.AreEqual(actionId, decision.ActionId);
Assert.AreEqual(role.RoleAssignmentPrincipalId, decision.RoleAssignment.PrincipalId.ToString());
Assert.AreEqual(role.RoleAssignmentRoleDefinitionId, decision.RoleAssignment.RoleDefinitionId.ToString());
Assert.AreEqual(scope, decision.RoleAssignment.Scope);
Assert.AreEqual(role.RoleAssignmentId, decision.RoleAssignment.Id);
}
public static async ValueTask <DisposableClientRole> Create(RoleAssignmentsClient assignmentsClient, RoleDefinitionsClient definitionsClient, SynapseTestEnvironment testEnvironment)
{
var clientRole = new DisposableClientRole(assignmentsClient, definitionsClient, await CreateResource(assignmentsClient, definitionsClient, testEnvironment));
return(clientRole);
}
private DisposableClientRole(RoleAssignmentsClient assignmentsClient, RoleDefinitionsClient definitionsClient, RoleAssignmentDetails assignment)
{
_client = assignmentsClient;
Assignment = assignment;
}
public void AddAndRemoveRoleAssignmentSync()
{
#region Snippet:CreateAccessControlClient
// Replace the string below with your actual endpoint url.
#if SNIPPET
string endpoint = "<my-endpoint-url>";
#else
string endpoint = TestEnvironment.EndpointUrl;
#endif
RoleAssignmentsClient roleAssignmentsClient = new RoleAssignmentsClient(new Uri(endpoint), new DefaultAzureCredential());
RoleDefinitionsClient definitionsClient = new RoleDefinitionsClient(new Uri(endpoint), new DefaultAzureCredential());
#endregion
#region Snippet:PrepCreateRoleAssignment
Response roleDefinitionsResponse = definitionsClient.GetRoleDefinitions(new());
BinaryData roleDefinitionsContent = roleDefinitionsResponse.Content;
JsonDocument roleDefinitionsJson = JsonDocument.Parse(roleDefinitionsContent.ToMemory());
JsonElement adminRoleJson = roleDefinitionsJson.RootElement.EnumerateArray().
Single(role => role.GetProperty("name").ToString() == "Synapse Administrator");
Guid adminRoleId = new Guid(adminRoleJson.GetProperty("id").ToString());
#if SNIPPET
string assignedScope = "workspaces/<my-workspace-name>";
#else
string assignedScope = "workspaces/" + TestEnvironment.WorkspaceName;
#endif
// Replace the string below with the ID you'd like to assign the role.
Guid principalId = /*<my-principal-id>"*/ Guid.NewGuid();
// Replace the string below with the ID of the assignment you'd like to use.
#if SNIPPET
string assignmentId = "<my-assignment-id>";
#else
string assignmentId = Guid.NewGuid().ToString();
#endif
#endregion
#region Snippet:CreateRoleAssignment
var roleAssignmentDetails = new
{
roleId = adminRoleId,
principalId = Guid.NewGuid(),
scope = assignedScope
};
Response addedRoleAssignmentResponse = roleAssignmentsClient.CreateRoleAssignment(assignmentId, RequestContent.Create(roleAssignmentDetails));
BinaryData addedRoleAssignmentContent = addedRoleAssignmentResponse.Content;
JsonDocument addedRoleAssignmentJson = JsonDocument.Parse(addedRoleAssignmentContent.ToMemory());
string addedRoleAssignmentId = addedRoleAssignmentJson.RootElement.GetProperty("id").ToString();
#endregion
#region Snippet:RetrieveRoleAssignment
Response roleAssignmentResponse = roleAssignmentsClient.GetRoleAssignmentById(addedRoleAssignmentId, new());
BinaryData roleAssignmentContent = roleAssignmentResponse.Content;
JsonDocument roleAssignmentJson = JsonDocument.Parse(roleAssignmentContent.ToMemory());
string roleAssignmentRoleDefinitionId = roleAssignmentJson.RootElement.GetProperty("roleDefinitionId").ToString();
string roleAssignmentPrincipalId = roleAssignmentJson.RootElement.GetProperty("principalId").ToString();
Console.WriteLine($"Role {roleAssignmentRoleDefinitionId} is assigned to {roleAssignmentPrincipalId}.");
#endregion
#region Snippet:ListRoleAssignments
Response roleAssignmentsResponse = roleAssignmentsClient.GetRoleAssignments();
BinaryData roleAssignmentsContent = roleAssignmentsResponse.Content;
JsonDocument roleAssignmentsJson = JsonDocument.Parse(roleAssignmentsContent.ToMemory());
foreach (JsonElement assignmentJson in roleAssignmentsJson.RootElement.GetProperty("value").EnumerateArray())
{
Console.WriteLine(assignmentJson.GetProperty("id").ToString());
}
#endregion
#region Snippet:DeleteRoleAssignment
roleAssignmentsClient.DeleteRoleAssignmentById(addedRoleAssignmentId);
#endregion
}
public static async ValueTask <DisposableClientRole> Create(RoleAssignmentsClient assignmentsClient, RoleDefinitionsClient definitionsClient) => new DisposableClientRole(assignmentsClient, definitionsClient, await CreateResource(assignmentsClient, definitionsClient));
