public async Task CanListRoleDefinitions()
{
RoleAssignmentsClient assignmentsClient = CreateAssignmentClient();
RoleDefinitionsClient definitionsClient = CreateDefinitionsClient();
await using DisposableClientRole role = await DisposableClientRole.Create(assignmentsClient, definitionsClient, TestEnvironment);
// TODO: This will change to pageable with next (Data Plane) client generator update
Response listReponse = await definitionsClient.GetRoleDefinitionsAsync(new());
var listContent = listReponse.Content;
using var roleDefinitionsJson = JsonDocument.Parse(listContent.ToMemory());
foreach (var expectedRoleDefinitionJson in roleDefinitionsJson.RootElement.EnumerateArray())
{
string id = expectedRoleDefinitionJson.GetProperty("id").ToString();
var roleDefinitionResponse = await definitionsClient.GetRoleDefinitionByIdAsync(id, new());
var roleDefinitionContent = roleDefinitionResponse.Content;
using var actualRoleDefinitionJson = JsonDocument.Parse(roleDefinitionContent.ToMemory());
Assert.AreEqual(expectedRoleDefinitionJson.GetProperty("id").ToString(), actualRoleDefinitionJson.RootElement.GetProperty("id").ToString());
Assert.AreEqual(expectedRoleDefinitionJson.GetProperty("name").ToString(), actualRoleDefinitionJson.RootElement.GetProperty("name").ToString());
}
Assert.GreaterOrEqual(roleDefinitionsJson.RootElement.GetArrayLength(), 1);
}
public async Task CanListRoleAssignments()
{
RoleAssignmentsClient assignmentsClient = CreateAssignmentClient();
RoleDefinitionsClient definitionsClient = CreateDefinitionsClient();
await using DisposableClientRole role = await DisposableClientRole.Create(assignmentsClient, definitionsClient, TestEnvironment);
// TODO: This will change to pageable with https://github.com/azure/azure-sdk-for-net/issues/24680
Response listReponse = await assignmentsClient.GetRoleAssignmentsAsync();
var listContent = listReponse.Content;
using var outerJson = JsonDocument.Parse(listContent.ToMemory());
var roleAssignmentsJson = outerJson.RootElement.GetProperty("value");
foreach (var expectedRoleAssignmentJson in roleAssignmentsJson.EnumerateArray())
{
string id = expectedRoleAssignmentJson.GetProperty("id").ToString();
var roleAssignmentResponse = await assignmentsClient.GetRoleAssignmentByIdAsync(id, new());
var roleAssignmentContent = roleAssignmentResponse.Content;
using var actualRoleDefinitionJson = JsonDocument.Parse(roleAssignmentContent.ToMemory());
Assert.AreEqual(expectedRoleAssignmentJson.GetProperty("id").ToString(), actualRoleDefinitionJson.RootElement.GetProperty("id").ToString());
Assert.AreEqual(expectedRoleAssignmentJson.GetProperty("roleDefinitionId").ToString(), actualRoleDefinitionJson.RootElement.GetProperty("roleDefinitionId").ToString());
Assert.AreEqual(expectedRoleAssignmentJson.GetProperty("principalId").ToString(), actualRoleDefinitionJson.RootElement.GetProperty("principalId").ToString());
Assert.AreEqual(expectedRoleAssignmentJson.GetProperty("scope").ToString(), actualRoleDefinitionJson.RootElement.GetProperty("scope").ToString());
}
Assert.GreaterOrEqual(roleAssignmentsJson.GetArrayLength(), 1);
}
public async Task DeleteRoleAssignments()
{
AccessControlClient client = CreateClient();
RoleAssignmentDetails assignment = await DisposableClientRole.CreateResource(client, this.Recording);
Response response = await client.DeleteRoleAssignmentByIdAsync(assignment.Id);
response.AssertSuccess();
}
public async Task CreateRoleAssignment()
{
AccessControlClient client = CreateClient();
await using DisposableClientRole role = await DisposableClientRole.Create(client, this.Recording);
Assert.NotNull(role.Assignment.Id);
Assert.NotNull(role.Assignment.RoleId);
Assert.NotNull(role.Assignment.PrincipalId);
}
public async Task DeleteRoleAssignments()
{
RoleAssignmentsClient assignmentsClient = CreateAssignmentClient();
RoleDefinitionsClient definitionsClient = CreateDefinitionsClient();
RoleAssignmentDetails assignment = await DisposableClientRole.CreateResource(assignmentsClient, definitionsClient, TestEnvironment);
Response response = await assignmentsClient.DeleteRoleAssignmentByIdAsync(assignment.Id);
response.AssertSuccess();
}
public async Task GetRoleAssignment()
{
AccessControlClient client = CreateClient();
await using DisposableClientRole role = await DisposableClientRole.Create(client, this.Recording);
RoleAssignmentDetails roleAssignment = await client.GetRoleAssignmentByIdAsync(role.Assignment.Id);
Assert.AreEqual(role.Assignment.RoleId, roleAssignment.RoleId);
Assert.AreEqual(role.Assignment.PrincipalId, roleAssignment.PrincipalId);
}
public async Task CanCreateRoleAssignment()
{
RoleAssignmentsClient assignmentsClient = CreateAssignmentClient();
RoleDefinitionsClient definitionsClient = CreateDefinitionsClient();
await using DisposableClientRole role = await DisposableClientRole.Create(assignmentsClient, definitionsClient, TestEnvironment);
Assert.NotNull(role.RoleAssignmentId);
Assert.NotNull(role.RoleAssignmentRoleDefinitionId);
Assert.NotNull(role.RoleAssignmentPrincipalId);
}
public async Task GetRoleAssignment()
{
RoleAssignmentsClient assignmentsClient = CreateAssignmentClient();
RoleDefinitionsClient definitionsClient = CreateDefinitionsClient();
await using DisposableClientRole role = await DisposableClientRole.Create(assignmentsClient, definitionsClient, TestEnvironment);
RoleAssignmentDetails roleAssignment = await assignmentsClient.GetRoleAssignmentByIdAsync(role.Assignment.Id);
Assert.AreEqual(role.Assignment.RoleDefinitionId, roleAssignment.RoleDefinitionId);
Assert.AreEqual(role.Assignment.PrincipalId, roleAssignment.PrincipalId);
}
public async Task CanGetRoleAssignmentViaGrowUpHelper()
{
RoleAssignmentsClient assignmentsClient = CreateAssignmentClient();
RoleDefinitionsClient definitionsClient = CreateDefinitionsClient();
await using DisposableClientRole role = await DisposableClientRole.Create(assignmentsClient, definitionsClient, TestEnvironment);
Response <RoleAssignmentDetails> response = await assignmentsClient.GetRoleAssignmentByIdAsync(role.RoleAssignmentId);
Assert.AreEqual(role.RoleAssignmentRoleDefinitionId, response.Value.RoleDefinitionId.ToString());
Assert.AreEqual(role.RoleAssignmentPrincipalId, response.Value.PrincipalId.ToString());
}
public async Task CanCheckPrincipalAccess()
{
// Arrange
RoleAssignmentsClient assignmentsClient = CreateAssignmentClient();
RoleDefinitionsClient definitionsClient = CreateDefinitionsClient();
string scope = "workspaces/" + TestEnvironment.WorkspaceName;
string actionId = "Microsoft.Synapse/workspaces/read";
await using DisposableClientRole role = await DisposableClientRole.Create(assignmentsClient, definitionsClient, TestEnvironment);
// Act
var accessRequest = new
{
subject = new
{
principalId = role.RoleAssignmentPrincipalId,
groupIds = new string[] { },
},
scope = scope,
actions = new[]
{
new
{
id = actionId,
isDataAction = true
}
}
};
var response = await assignmentsClient.CheckPrincipalAccessAsync(RequestContent.Create(accessRequest));
// Assert
var content = response.Content;
using var accessDecisionsJson = JsonDocument.Parse(content.ToMemory());
var accessDecisionsEnumerator = accessDecisionsJson.RootElement.GetProperty("AccessDecisions").EnumerateArray();
Assert.AreEqual(1, accessDecisionsEnumerator.Count());
var accessDecisionJson = accessDecisionsEnumerator.First();
Assert.AreEqual("Allowed", accessDecisionJson.GetProperty("accessDecision").ToString());
Assert.AreEqual(actionId, accessDecisionJson.GetProperty("actionId").ToString());
var roleAssignmentJson = accessDecisionJson.GetProperty("roleAssignment");
Assert.AreEqual(role.RoleAssignmentId, roleAssignmentJson.GetProperty("id").ToString());
Assert.AreEqual(role.RoleAssignmentRoleDefinitionId, roleAssignmentJson.GetProperty("roleDefinitionId").ToString());
Assert.AreEqual(role.RoleAssignmentPrincipalId, roleAssignmentJson.GetProperty("principalId").ToString());
Assert.AreEqual(scope, roleAssignmentJson.GetProperty("scope").ToString());
}
public async Task CanDeleteRoleAssignments()
{
RoleAssignmentsClient assignmentsClient = CreateAssignmentClient();
RoleDefinitionsClient definitionsClient = CreateDefinitionsClient();
var createResponse = await DisposableClientRole.CreateResource(assignmentsClient, definitionsClient, TestEnvironment);
var content = createResponse.Content;
using var roleAssignmentDetailsJson = JsonDocument.Parse(content.ToMemory());
Response deleteResponse = await assignmentsClient.DeleteRoleAssignmentByIdAsync(roleAssignmentDetailsJson.RootElement.GetProperty("id").GetString());
deleteResponse.AssertSuccess();
}
public async Task CanGetRoleAssignment()
{
RoleAssignmentsClient assignmentsClient = CreateAssignmentClient();
RoleDefinitionsClient definitionsClient = CreateDefinitionsClient();
await using DisposableClientRole role = await DisposableClientRole.Create(assignmentsClient, definitionsClient, TestEnvironment);
var response = await assignmentsClient.GetRoleAssignmentByIdAsync(role.RoleAssignmentId, new());
var content = response.Content;
using var roleAssignmentJson = JsonDocument.Parse(content.ToMemory());
Assert.AreEqual(role.RoleAssignmentRoleDefinitionId, roleAssignmentJson.RootElement.GetProperty("roleDefinitionId").GetString());
Assert.AreEqual(role.RoleAssignmentPrincipalId, roleAssignmentJson.RootElement.GetProperty("principalId").GetString());
}
public async Task DeleteRoleAssignments()
{
AccessControlClient client = CreateClient();
RoleAssignmentDetails assignment = await DisposableClientRole.CreateResource(client, this.Recording);
Response response = await client.DeleteRoleAssignmentByIdAsync(assignment.Id);
switch (response.Status)
{
case 200:
case 204:
break;
default:
Assert.Fail($"Unexpected status ${response.Status} returned");
break;
}
}
public async Task ListRoleAssignments()
{
RoleAssignmentsClient assignmentsClient = CreateAssignmentClient();
RoleDefinitionsClient definitionsClient = CreateDefinitionsClient();
await using DisposableClientRole role = await DisposableClientRole.Create(assignmentsClient, definitionsClient, TestEnvironment);
Response <IReadOnlyList <SynapseRoleDefinition> > roleAssignments = await definitionsClient.ListRoleDefinitionsAsync();
foreach (SynapseRoleDefinition expected in roleAssignments.Value)
{
SynapseRoleDefinition actual = await definitionsClient.GetRoleDefinitionByIdAsync(expected.Id.ToString());
Assert.AreEqual(expected.Id, actual.Id);
Assert.AreEqual(expected.Name, actual.Name);
}
Assert.GreaterOrEqual(roleAssignments.Value.Count, 1);
}
public async Task ListRoleAssignments()
{
AccessControlClient client = CreateClient();
await using DisposableClientRole role = await DisposableClientRole.Create(client, this.Recording);
Response <IReadOnlyList <RoleAssignmentDetails> > roleAssignments = await client.GetRoleAssignmentsAsync();
foreach (RoleAssignmentDetails expected in roleAssignments.Value)
{
RoleAssignmentDetails actual = await client.GetRoleAssignmentByIdAsync(expected.Id);
Assert.AreEqual(expected.Id, actual.Id);
Assert.AreEqual(expected.PrincipalId, actual.PrincipalId);
Assert.AreEqual(expected.RoleId, actual.RoleId);
}
Assert.GreaterOrEqual(roleAssignments.Value.Count, 1);
}
public async Task CanCheckPrincipalAccessViaGrowUpHelper()
{
// Arrange
RoleAssignmentsClient assignmentsClient = CreateAssignmentClient();
RoleDefinitionsClient definitionsClient = CreateDefinitionsClient();
string scope = "workspaces/" + TestEnvironment.WorkspaceName;
string actionId = "Microsoft.Synapse/workspaces/read";
await using DisposableClientRole role = await DisposableClientRole.Create(assignmentsClient, definitionsClient, TestEnvironment);
// Act
CheckPrincipalAccessRequest checkAccessRequest = new CheckPrincipalAccessRequest(
new SubjectInfo(new Guid(role.RoleAssignmentPrincipalId)),
new List <RequiredAction>()
{
new RequiredAction(actionId, isDataAction: true)
},
scope);
Response <CheckPrincipalAccessResponse> response = await assignmentsClient.CheckPrincipalAccessAsync(checkAccessRequest);
// Assert
var decisions = response.Value.AccessDecisions;
Assert.AreEqual(1, decisions.Count);
var decision = decisions[0];
Assert.AreEqual("Allowed", decision.AccessDecision);
Assert.AreEqual(actionId, decision.ActionId);
Assert.AreEqual(role.RoleAssignmentPrincipalId, decision.RoleAssignment.PrincipalId.ToString());
Assert.AreEqual(role.RoleAssignmentRoleDefinitionId, decision.RoleAssignment.RoleDefinitionId.ToString());
Assert.AreEqual(scope, decision.RoleAssignment.Scope);
Assert.AreEqual(role.RoleAssignmentId, decision.RoleAssignment.Id);
}
public static async ValueTask <DisposableClientRole> Create(RoleAssignmentsClient assignmentsClient, RoleDefinitionsClient definitionsClient, SynapseTestEnvironment testEnvironment)
{
var clientRole = new DisposableClientRole(assignmentsClient, definitionsClient, await CreateResource(assignmentsClient, definitionsClient, testEnvironment));
return(clientRole);
}