public async Task CanListRoleDefinitions() { RoleAssignmentsClient assignmentsClient = CreateAssignmentClient(); RoleDefinitionsClient definitionsClient = CreateDefinitionsClient(); await using DisposableClientRole role = await DisposableClientRole.Create(assignmentsClient, definitionsClient, TestEnvironment); // TODO: This will change to pageable with next (Data Plane) client generator update Response listReponse = await definitionsClient.GetRoleDefinitionsAsync(new()); var listContent = listReponse.Content; using var roleDefinitionsJson = JsonDocument.Parse(listContent.ToMemory()); foreach (var expectedRoleDefinitionJson in roleDefinitionsJson.RootElement.EnumerateArray()) { string id = expectedRoleDefinitionJson.GetProperty("id").ToString(); var roleDefinitionResponse = await definitionsClient.GetRoleDefinitionByIdAsync(id, new()); var roleDefinitionContent = roleDefinitionResponse.Content; using var actualRoleDefinitionJson = JsonDocument.Parse(roleDefinitionContent.ToMemory()); Assert.AreEqual(expectedRoleDefinitionJson.GetProperty("id").ToString(), actualRoleDefinitionJson.RootElement.GetProperty("id").ToString()); Assert.AreEqual(expectedRoleDefinitionJson.GetProperty("name").ToString(), actualRoleDefinitionJson.RootElement.GetProperty("name").ToString()); } Assert.GreaterOrEqual(roleDefinitionsJson.RootElement.GetArrayLength(), 1); }
public async Task CanListRoleAssignments() { RoleAssignmentsClient assignmentsClient = CreateAssignmentClient(); RoleDefinitionsClient definitionsClient = CreateDefinitionsClient(); await using DisposableClientRole role = await DisposableClientRole.Create(assignmentsClient, definitionsClient, TestEnvironment); // TODO: This will change to pageable with https://github.com/azure/azure-sdk-for-net/issues/24680 Response listReponse = await assignmentsClient.GetRoleAssignmentsAsync(); var listContent = listReponse.Content; using var outerJson = JsonDocument.Parse(listContent.ToMemory()); var roleAssignmentsJson = outerJson.RootElement.GetProperty("value"); foreach (var expectedRoleAssignmentJson in roleAssignmentsJson.EnumerateArray()) { string id = expectedRoleAssignmentJson.GetProperty("id").ToString(); var roleAssignmentResponse = await assignmentsClient.GetRoleAssignmentByIdAsync(id, new()); var roleAssignmentContent = roleAssignmentResponse.Content; using var actualRoleDefinitionJson = JsonDocument.Parse(roleAssignmentContent.ToMemory()); Assert.AreEqual(expectedRoleAssignmentJson.GetProperty("id").ToString(), actualRoleDefinitionJson.RootElement.GetProperty("id").ToString()); Assert.AreEqual(expectedRoleAssignmentJson.GetProperty("roleDefinitionId").ToString(), actualRoleDefinitionJson.RootElement.GetProperty("roleDefinitionId").ToString()); Assert.AreEqual(expectedRoleAssignmentJson.GetProperty("principalId").ToString(), actualRoleDefinitionJson.RootElement.GetProperty("principalId").ToString()); Assert.AreEqual(expectedRoleAssignmentJson.GetProperty("scope").ToString(), actualRoleDefinitionJson.RootElement.GetProperty("scope").ToString()); } Assert.GreaterOrEqual(roleAssignmentsJson.GetArrayLength(), 1); }
public static async ValueTask <RoleAssignmentDetails> CreateResource(RoleAssignmentsClient assignmentsClient, RoleDefinitionsClient definitionsClient, SynapseTestEnvironment testEnvironment) { string scope = "workspaces/" + testEnvironment.WorkspaceName; Guid? roleID = (await definitionsClient.ListRoleDefinitionsAsync()).Value.First(x => x.Name == "Synapse Administrator").Id; Guid principalId = Guid.NewGuid(); string roleAssignmentId = Guid.NewGuid().ToString(); return(await assignmentsClient.CreateRoleAssignmentAsync(roleAssignmentId, roleID.Value, principalId, scope)); }
public async Task DeleteRoleAssignments() { RoleAssignmentsClient assignmentsClient = CreateAssignmentClient(); RoleDefinitionsClient definitionsClient = CreateDefinitionsClient(); RoleAssignmentDetails assignment = await DisposableClientRole.CreateResource(assignmentsClient, definitionsClient, TestEnvironment); Response response = await assignmentsClient.DeleteRoleAssignmentByIdAsync(assignment.Id); response.AssertSuccess(); }
public async Task CanCreateRoleAssignment() { RoleAssignmentsClient assignmentsClient = CreateAssignmentClient(); RoleDefinitionsClient definitionsClient = CreateDefinitionsClient(); await using DisposableClientRole role = await DisposableClientRole.Create(assignmentsClient, definitionsClient, TestEnvironment); Assert.NotNull(role.RoleAssignmentId); Assert.NotNull(role.RoleAssignmentRoleDefinitionId); Assert.NotNull(role.RoleAssignmentPrincipalId); }
public async Task CanGetRoleAssignmentViaGrowUpHelper() { RoleAssignmentsClient assignmentsClient = CreateAssignmentClient(); RoleDefinitionsClient definitionsClient = CreateDefinitionsClient(); await using DisposableClientRole role = await DisposableClientRole.Create(assignmentsClient, definitionsClient, TestEnvironment); Response <RoleAssignmentDetails> response = await assignmentsClient.GetRoleAssignmentByIdAsync(role.RoleAssignmentId); Assert.AreEqual(role.RoleAssignmentRoleDefinitionId, response.Value.RoleDefinitionId.ToString()); Assert.AreEqual(role.RoleAssignmentPrincipalId, response.Value.PrincipalId.ToString()); }
public async Task GetRoleAssignment() { RoleAssignmentsClient assignmentsClient = CreateAssignmentClient(); RoleDefinitionsClient definitionsClient = CreateDefinitionsClient(); await using DisposableClientRole role = await DisposableClientRole.Create(assignmentsClient, definitionsClient, TestEnvironment); RoleAssignmentDetails roleAssignment = await assignmentsClient.GetRoleAssignmentByIdAsync(role.Assignment.Id); Assert.AreEqual(role.Assignment.RoleDefinitionId, roleAssignment.RoleDefinitionId); Assert.AreEqual(role.Assignment.PrincipalId, roleAssignment.PrincipalId); }
private DisposableClientRole(RoleAssignmentsClient assignmentsClient, RoleDefinitionsClient definitionsClient, Response createResponse) { _client = assignmentsClient; var content = createResponse.Content; using var roleAssignmentDetailsJson = JsonDocument.Parse(content.ToMemory()); RoleAssignmentId = roleAssignmentDetailsJson.RootElement.GetProperty("id").GetString(); RoleAssignmentRoleDefinitionId = roleAssignmentDetailsJson.RootElement.GetProperty("roleDefinitionId").GetString(); RoleAssignmentPrincipalId = roleAssignmentDetailsJson.RootElement.GetProperty("principalId").GetString(); }
public async Task CanCheckPrincipalAccess() { // Arrange RoleAssignmentsClient assignmentsClient = CreateAssignmentClient(); RoleDefinitionsClient definitionsClient = CreateDefinitionsClient(); string scope = "workspaces/" + TestEnvironment.WorkspaceName; string actionId = "Microsoft.Synapse/workspaces/read"; await using DisposableClientRole role = await DisposableClientRole.Create(assignmentsClient, definitionsClient, TestEnvironment); // Act var accessRequest = new { subject = new { principalId = role.RoleAssignmentPrincipalId, groupIds = new string[] { }, }, scope = scope, actions = new[] { new { id = actionId, isDataAction = true } } }; var response = await assignmentsClient.CheckPrincipalAccessAsync(RequestContent.Create(accessRequest)); // Assert var content = response.Content; using var accessDecisionsJson = JsonDocument.Parse(content.ToMemory()); var accessDecisionsEnumerator = accessDecisionsJson.RootElement.GetProperty("AccessDecisions").EnumerateArray(); Assert.AreEqual(1, accessDecisionsEnumerator.Count()); var accessDecisionJson = accessDecisionsEnumerator.First(); Assert.AreEqual("Allowed", accessDecisionJson.GetProperty("accessDecision").ToString()); Assert.AreEqual(actionId, accessDecisionJson.GetProperty("actionId").ToString()); var roleAssignmentJson = accessDecisionJson.GetProperty("roleAssignment"); Assert.AreEqual(role.RoleAssignmentId, roleAssignmentJson.GetProperty("id").ToString()); Assert.AreEqual(role.RoleAssignmentRoleDefinitionId, roleAssignmentJson.GetProperty("roleDefinitionId").ToString()); Assert.AreEqual(role.RoleAssignmentPrincipalId, roleAssignmentJson.GetProperty("principalId").ToString()); Assert.AreEqual(scope, roleAssignmentJson.GetProperty("scope").ToString()); }
public SynapseAnalyticsRoleClient(string workspaceName, IAzureContext context) { if (context == null) { throw new AzPSInvalidOperationException(Resources.InvalidDefaultSubscription); } string suffix = context.Environment.GetEndpoint(AzureEnvironment.ExtendedEndpoint.AzureSynapseAnalyticsEndpointSuffix); Uri uri = new Uri("https://" + workspaceName + "." + suffix); _roleAssignmentsClient = new RoleAssignmentsClient(uri, new AzureSessionCredential(context)); _roleDefinitionsClient = new RoleDefinitionsClient(uri, new AzureSessionCredential(context)); _activeDirectoryClient = new ActiveDirectoryClient(context); }
public void AddAndRemoveRoleAssignmentSync() { #region Snippet:CreateAccessControlClient // Replace the string below with your actual endpoint url. string endpoint = "<my-endpoint-url>"; /*@@*/ endpoint = TestEnvironment.EndpointUrl; RoleAssignmentsClient roleAssignmentsClient = new RoleAssignmentsClient(endpoint, new DefaultAzureCredential()); RoleDefinitionsClient definitionsClient = new RoleDefinitionsClient(endpoint, new DefaultAzureCredential()); #endregion #region Snippet:PrepCreateRoleAssignment Response <IReadOnlyList <SynapseRoleDefinition> > roles = definitionsClient.ListRoleDefinitions(); SynapseRoleDefinition role = roles.Value.Single(role => role.Name == "Synapse Administrator"); Guid roleId = role.Id.Value; string assignedScope = "workspaces/<my-workspace-name>"; /*@@*/ assignedScope = "workspaces/" + TestEnvironment.WorkspaceName; // Replace the string below with the ID you'd like to assign the role. Guid principalId = /*<my-principal-id>"*/ Guid.NewGuid(); // Replace the string below with the ID of the assignment you'd like to use. string assignmentId = "<my-assignment-id>"; /*@@*/ assignmentId = Guid.NewGuid().ToString(); #endregion #region Snippet:CreateRoleAssignment Response <RoleAssignmentDetails> response = roleAssignmentsClient.CreateRoleAssignment(assignmentId, roleId, principalId, assignedScope); RoleAssignmentDetails roleAssignmentAdded = response.Value; #endregion #region Snippet:RetrieveRoleAssignment RoleAssignmentDetails roleAssignment = roleAssignmentsClient.GetRoleAssignmentById(roleAssignmentAdded.Id); Console.WriteLine($"Role {roleAssignment.RoleDefinitionId} is assigned to {roleAssignment.PrincipalId}."); #endregion #region Snippet:ListRoleAssignments Response <IReadOnlyList <SynapseRoleDefinition> > roleAssignments = definitionsClient.ListRoleDefinitions(); foreach (SynapseRoleDefinition assignment in roleAssignments.Value) { Console.WriteLine(assignment.Id); } #endregion #region Snippet:DeleteRoleAssignment roleAssignmentsClient.DeleteRoleAssignmentById(roleAssignment.Id); #endregion }
public SynapseAnalyticsRoleClient(string workspaceName, IAzureContext context) { if (context == null) { throw new AzPSInvalidOperationException(Resources.InvalidDefaultSubscription); } string suffix = context.Environment.GetEndpoint(AzureEnvironment.ExtendedEndpoint.AzureSynapseAnalyticsEndpointSuffix); Uri uri = new Uri("https://" + workspaceName + "." + suffix); _roleAssignmentsClient = new RoleAssignmentsClient(uri, new AzureSessionCredential(context)); _roleDefinitionsClient = new RoleDefinitionsClient(uri, new AzureSessionCredential(context)); _graphClient = AzureSession.Instance.ClientFactory.CreateArmClient <MicrosoftGraphClient>(context, AzureEnvironment.ExtendedEndpoint.MicrosoftGraphUrl); _graphClient.TenantID = context.Tenant.Id.ToString(); }
public async Task CanDeleteRoleAssignments() { RoleAssignmentsClient assignmentsClient = CreateAssignmentClient(); RoleDefinitionsClient definitionsClient = CreateDefinitionsClient(); var createResponse = await DisposableClientRole.CreateResource(assignmentsClient, definitionsClient, TestEnvironment); var content = createResponse.Content; using var roleAssignmentDetailsJson = JsonDocument.Parse(content.ToMemory()); Response deleteResponse = await assignmentsClient.DeleteRoleAssignmentByIdAsync(roleAssignmentDetailsJson.RootElement.GetProperty("id").GetString()); deleteResponse.AssertSuccess(); }
public Clients(HttpClient httpClient) { HttpClient = httpClient; UsersClient = new UsersClient(HttpClient); SpacesClient = new SpacesClient(HttpClient); DevicesClient = new DevicesClient(HttpClient); SensorsClient = new SensorsClient(HttpClient); ResourcesClient = new ResourcesClient(HttpClient); EndpointsClient = new EndpointsClient(HttpClient); OntologiesClient = new OntologiesClient(HttpClient); PropertyKeysClient = new PropertyKeysClient(HttpClient); TypesClient = new TypesClient(HttpClient); UserDefinedFunctionsClient = new UserDefinedFunctionsClient(HttpClient); MatchersClient = new MatchersClient(HttpClient); RoleAssignmentsClient = new RoleAssignmentsClient(HttpClient); }
public async Task CanGetRoleAssignment() { RoleAssignmentsClient assignmentsClient = CreateAssignmentClient(); RoleDefinitionsClient definitionsClient = CreateDefinitionsClient(); await using DisposableClientRole role = await DisposableClientRole.Create(assignmentsClient, definitionsClient, TestEnvironment); var response = await assignmentsClient.GetRoleAssignmentByIdAsync(role.RoleAssignmentId, new()); var content = response.Content; using var roleAssignmentJson = JsonDocument.Parse(content.ToMemory()); Assert.AreEqual(role.RoleAssignmentRoleDefinitionId, roleAssignmentJson.RootElement.GetProperty("roleDefinitionId").GetString()); Assert.AreEqual(role.RoleAssignmentPrincipalId, roleAssignmentJson.RootElement.GetProperty("principalId").GetString()); }
public async Task ListRoleAssignments() { RoleAssignmentsClient assignmentsClient = CreateAssignmentClient(); RoleDefinitionsClient definitionsClient = CreateDefinitionsClient(); await using DisposableClientRole role = await DisposableClientRole.Create(assignmentsClient, definitionsClient, TestEnvironment); Response <IReadOnlyList <SynapseRoleDefinition> > roleAssignments = await definitionsClient.ListRoleDefinitionsAsync(); foreach (SynapseRoleDefinition expected in roleAssignments.Value) { SynapseRoleDefinition actual = await definitionsClient.GetRoleDefinitionByIdAsync(expected.Id.ToString()); Assert.AreEqual(expected.Id, actual.Id); Assert.AreEqual(expected.Name, actual.Name); } Assert.GreaterOrEqual(roleAssignments.Value.Count, 1); }
public static async ValueTask <Response> CreateResource(RoleAssignmentsClient assignmentsClient, RoleDefinitionsClient definitionsClient, SynapseTestEnvironment testEnvironment) { Response listResponse = await definitionsClient.GetRoleDefinitionsAsync(new()); var listContent = listResponse.Content; using var roleDefinitionsJson = JsonDocument.Parse(listContent.ToMemory()); var count = roleDefinitionsJson.RootElement.GetArrayLength(); var roleId = roleDefinitionsJson.RootElement.EnumerateArray().First(roleDefinitionJson => roleDefinitionJson.GetProperty("name").ToString() == "Synapse Administrator").GetProperty("id").ToString(); string roleAssignmentId = Guid.NewGuid().ToString(); var roleAssignmentDetails = new { roleId = roleId, principalId = Guid.NewGuid(), scope = "workspaces/" + testEnvironment.WorkspaceName }; return(await assignmentsClient.CreateRoleAssignmentAsync(roleAssignmentId, RequestContent.Create(roleAssignmentDetails))); }
public async Task CanCheckPrincipalAccessViaGrowUpHelper() { // Arrange RoleAssignmentsClient assignmentsClient = CreateAssignmentClient(); RoleDefinitionsClient definitionsClient = CreateDefinitionsClient(); string scope = "workspaces/" + TestEnvironment.WorkspaceName; string actionId = "Microsoft.Synapse/workspaces/read"; await using DisposableClientRole role = await DisposableClientRole.Create(assignmentsClient, definitionsClient, TestEnvironment); // Act CheckPrincipalAccessRequest checkAccessRequest = new CheckPrincipalAccessRequest( new SubjectInfo(new Guid(role.RoleAssignmentPrincipalId)), new List <RequiredAction>() { new RequiredAction(actionId, isDataAction: true) }, scope); Response <CheckPrincipalAccessResponse> response = await assignmentsClient.CheckPrincipalAccessAsync(checkAccessRequest); // Assert var decisions = response.Value.AccessDecisions; Assert.AreEqual(1, decisions.Count); var decision = decisions[0]; Assert.AreEqual("Allowed", decision.AccessDecision); Assert.AreEqual(actionId, decision.ActionId); Assert.AreEqual(role.RoleAssignmentPrincipalId, decision.RoleAssignment.PrincipalId.ToString()); Assert.AreEqual(role.RoleAssignmentRoleDefinitionId, decision.RoleAssignment.RoleDefinitionId.ToString()); Assert.AreEqual(scope, decision.RoleAssignment.Scope); Assert.AreEqual(role.RoleAssignmentId, decision.RoleAssignment.Id); }
public static async ValueTask <DisposableClientRole> Create(RoleAssignmentsClient assignmentsClient, RoleDefinitionsClient definitionsClient, SynapseTestEnvironment testEnvironment) { var clientRole = new DisposableClientRole(assignmentsClient, definitionsClient, await CreateResource(assignmentsClient, definitionsClient, testEnvironment)); return(clientRole); }
private DisposableClientRole(RoleAssignmentsClient assignmentsClient, RoleDefinitionsClient definitionsClient, RoleAssignmentDetails assignment) { _client = assignmentsClient; Assignment = assignment; }
public void AddAndRemoveRoleAssignmentSync() { #region Snippet:CreateAccessControlClient // Replace the string below with your actual endpoint url. #if SNIPPET string endpoint = "<my-endpoint-url>"; #else string endpoint = TestEnvironment.EndpointUrl; #endif RoleAssignmentsClient roleAssignmentsClient = new RoleAssignmentsClient(new Uri(endpoint), new DefaultAzureCredential()); RoleDefinitionsClient definitionsClient = new RoleDefinitionsClient(new Uri(endpoint), new DefaultAzureCredential()); #endregion #region Snippet:PrepCreateRoleAssignment Response roleDefinitionsResponse = definitionsClient.GetRoleDefinitions(new()); BinaryData roleDefinitionsContent = roleDefinitionsResponse.Content; JsonDocument roleDefinitionsJson = JsonDocument.Parse(roleDefinitionsContent.ToMemory()); JsonElement adminRoleJson = roleDefinitionsJson.RootElement.EnumerateArray(). Single(role => role.GetProperty("name").ToString() == "Synapse Administrator"); Guid adminRoleId = new Guid(adminRoleJson.GetProperty("id").ToString()); #if SNIPPET string assignedScope = "workspaces/<my-workspace-name>"; #else string assignedScope = "workspaces/" + TestEnvironment.WorkspaceName; #endif // Replace the string below with the ID you'd like to assign the role. Guid principalId = /*<my-principal-id>"*/ Guid.NewGuid(); // Replace the string below with the ID of the assignment you'd like to use. #if SNIPPET string assignmentId = "<my-assignment-id>"; #else string assignmentId = Guid.NewGuid().ToString(); #endif #endregion #region Snippet:CreateRoleAssignment var roleAssignmentDetails = new { roleId = adminRoleId, principalId = Guid.NewGuid(), scope = assignedScope }; Response addedRoleAssignmentResponse = roleAssignmentsClient.CreateRoleAssignment(assignmentId, RequestContent.Create(roleAssignmentDetails)); BinaryData addedRoleAssignmentContent = addedRoleAssignmentResponse.Content; JsonDocument addedRoleAssignmentJson = JsonDocument.Parse(addedRoleAssignmentContent.ToMemory()); string addedRoleAssignmentId = addedRoleAssignmentJson.RootElement.GetProperty("id").ToString(); #endregion #region Snippet:RetrieveRoleAssignment Response roleAssignmentResponse = roleAssignmentsClient.GetRoleAssignmentById(addedRoleAssignmentId, new()); BinaryData roleAssignmentContent = roleAssignmentResponse.Content; JsonDocument roleAssignmentJson = JsonDocument.Parse(roleAssignmentContent.ToMemory()); string roleAssignmentRoleDefinitionId = roleAssignmentJson.RootElement.GetProperty("roleDefinitionId").ToString(); string roleAssignmentPrincipalId = roleAssignmentJson.RootElement.GetProperty("principalId").ToString(); Console.WriteLine($"Role {roleAssignmentRoleDefinitionId} is assigned to {roleAssignmentPrincipalId}."); #endregion #region Snippet:ListRoleAssignments Response roleAssignmentsResponse = roleAssignmentsClient.GetRoleAssignments(); BinaryData roleAssignmentsContent = roleAssignmentsResponse.Content; JsonDocument roleAssignmentsJson = JsonDocument.Parse(roleAssignmentsContent.ToMemory()); foreach (JsonElement assignmentJson in roleAssignmentsJson.RootElement.GetProperty("value").EnumerateArray()) { Console.WriteLine(assignmentJson.GetProperty("id").ToString()); } #endregion #region Snippet:DeleteRoleAssignment roleAssignmentsClient.DeleteRoleAssignmentById(addedRoleAssignmentId); #endregion }
public static async ValueTask <DisposableClientRole> Create(RoleAssignmentsClient assignmentsClient, RoleDefinitionsClient definitionsClient) => new DisposableClientRole(assignmentsClient, definitionsClient, await CreateResource(assignmentsClient, definitionsClient));