Remove principaltype in Synapse Role-based access control (#14767)

* update changelog7

* remove principal type

* update change log

* improve changelog

* skipbreakingchanges

* Update ChangeLog.md

Co-authored-by: Yabo Hu <[email protected]>

Author: zesluo1

src/Synapse/Synapse/ChangeLog.md

@@ -18,6 +18,7 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
+* Removed principaltype in Synapse Role-based access control
 
 ## Version 0.10.0
 * Add support for Synapse Role-based access control

src/Synapse/Synapse/Commands/DataPlaneCommands/AccessControl/NewAzureSynapseRoleAssignment.cs

@@ -106,10 +106,6 @@ public class NewAzureSynapseRoleAssignment : SynapseRoleCmdletBase
         [ValidateNotNullOrEmpty]
         public string Item { get; set; }
 
-        [Parameter(ValueFromPipelineByPropertyName = false, Mandatory = false, HelpMessage = HelpMessages.WorkspacePrincipalType)]
-        [ValidateNotNullOrEmpty]
-        public PrincipalType PrincipalType { get; set; }
-
         [Parameter(Mandatory = false, HelpMessage = HelpMessages.AsJob)]
         public SwitchParameter AsJob { get; set; }
 
@@ -141,12 +137,6 @@ public override void ExecuteCmdlet()
                 itemType = this.ItemType.GetItemTypeString();
             }
 
-            string principalType = null;
-            if (this.IsParameterBound(c => c.PrincipalType))
-            {
-                principalType = this.PrincipalType.GetPrincipalTypeString();
-            }
-
             if (this.ShouldProcess(this.WorkspaceName, String.Format(Resources.CreatingSynapseRoleAssignment, this.WorkspaceName, this.RoleDefinitionId, this.ObjectId)))
             {
                 // Item type and item should appear Report error if either item type or item is specified.
@@ -158,7 +148,7 @@ public override void ExecuteCmdlet()
 
                 string roleAssignmentId = Guid.NewGuid().ToString();
                 string scope = SynapseAnalyticsClient.GetRoleAssignmentScope(this.WorkspaceName, itemType, this.Item);
-                PSRoleAssignmentDetails roleAssignmentDetails = new PSRoleAssignmentDetails(SynapseAnalyticsClient.CreateRoleAssignment(roleAssignmentId, this.RoleDefinitionId, this.ObjectId, scope, principalType));
+                PSRoleAssignmentDetails roleAssignmentDetails = new PSRoleAssignmentDetails(SynapseAnalyticsClient.CreateRoleAssignment(roleAssignmentId, this.RoleDefinitionId, this.ObjectId, scope));
                 WriteObject(roleAssignmentDetails);
             }
         }

src/Synapse/Synapse/Common/HelpMessages.cs

@@ -421,8 +421,6 @@ SELECT on dbo.myTable by public
 
         public const string WorkspaceItem = "The workspace item.";
 
-        public const string WorkspacePrincipalType = "The workspace principal type.";
-
         public const string IsActiveCustomerManagedKey = "Indicates whether to activate the workspace after a customer managed key is provided.";
 
         public const string KeyResourceId = "The resource identifier of Synapse SQL Pool.";

src/Synapse/Synapse/Common/Utils.cs

@@ -220,24 +220,5 @@ public static string GetItemTypeString(this WorkspaceItemType itemType)
 
             return itemTypeString;
         }
-
-        public static string GetPrincipalTypeString(this PrincipalType principalType)
-        {
-            string principalTypeString = null;
-            switch (principalType)
-            {
-                case PrincipalType.User:
-                    principalTypeString = "User";
-                    break;
-                case PrincipalType.Group:
-                    principalTypeString = "Group";
-                    break;
-                case PrincipalType.ServicePrincipal:
-                    principalTypeString = "ServicePrincipal";
-                    break;
-            }
-
-            return principalTypeString;
-        }
     }
 }

src/Synapse/Synapse/Models/SynapseAnalyticsRoleClient.cs

@@ -43,9 +43,9 @@ public RoleAssignmentDetails GetRoleAssignmentById(string roleAssignmentId)
             return _roleAssignmentsClient.GetRoleAssignmentById(roleAssignmentId);
         }
 
-        public RoleAssignmentDetails CreateRoleAssignment(string roleAssignmentId, string roleDefinitionId, string objectId, string scope, string principalType)
+        public RoleAssignmentDetails CreateRoleAssignment(string roleAssignmentId, string roleDefinitionId, string objectId, string scope)
         {
-            return _roleAssignmentsClient.CreateRoleAssignment(roleAssignmentId, new Guid(roleDefinitionId), new Guid(objectId), scope, principalType);
+            return _roleAssignmentsClient.CreateRoleAssignment(roleAssignmentId, new Guid(roleDefinitionId), new Guid(objectId), scope);
         }
 
         public void DeleteRoleAssignmentById(string roleAssignmentId)

src/Synapse/Synapse/Models/SynapseConstants.cs

@@ -235,12 +235,5 @@ public enum WorkspaceItemType
             LinkedService,
             Credential
         }
-
-        public enum PrincipalType
-        {
-            User,
-            Group,
-            ServicePrincipal
-        }
     }
 }

src/Synapse/Synapse/help/New-AzSynapseRoleAssignment.md

@@ -15,58 +15,57 @@ Creates a Synapse Analytics role assignment.
 ### NewByWorkspaceNameAndNameParameterSet (Default)
 ```
 New-AzSynapseRoleAssignment -WorkspaceName <String> -RoleDefinitionName <String> -SignInName <String>
- [-ItemType <WorkspaceItemType>] [-Item <String>] [-PrincipalType <PrincipalType>] [-AsJob]
- [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
+ [-ItemType <WorkspaceItemType>] [-Item <String>] [-AsJob] [-DefaultProfile <IAzureContextContainer>] [-WhatIf]
+ [-Confirm] [<CommonParameters>]
 ```
 
 ### NewByWorkspaceNameAndIdParameterSet
 ```
 New-AzSynapseRoleAssignment -WorkspaceName <String> -RoleDefinitionName <String> -ObjectId <String>
- [-ItemType <WorkspaceItemType>] [-Item <String>] [-PrincipalType <PrincipalType>] [-AsJob]
- [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
+ [-ItemType <WorkspaceItemType>] [-Item <String>] [-AsJob] [-DefaultProfile <IAzureContextContainer>] [-WhatIf]
+ [-Confirm] [<CommonParameters>]
 ```
 
 ### NewByWorkspaceNameAndRoleDefinitionIdAndObjectIdParameterSet
 ```
 New-AzSynapseRoleAssignment -WorkspaceName <String> -RoleDefinitionId <String> -ObjectId <String>
- [-ItemType <WorkspaceItemType>] [-Item <String>] [-PrincipalType <PrincipalType>] [-AsJob]
- [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
+ [-ItemType <WorkspaceItemType>] [-Item <String>] [-AsJob] [-DefaultProfile <IAzureContextContainer>] [-WhatIf]
+ [-Confirm] [<CommonParameters>]
 ```
 
 ### NewByWorkspaceNameAndServicePrincipalNameParameterSet
 ```
 New-AzSynapseRoleAssignment -WorkspaceName <String> -RoleDefinitionName <String> -ServicePrincipalName <String>
- [-ItemType <WorkspaceItemType>] [-Item <String>] [-PrincipalType <PrincipalType>] [-AsJob]
- [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
+ [-ItemType <WorkspaceItemType>] [-Item <String>] [-AsJob] [-DefaultProfile <IAzureContextContainer>] [-WhatIf]
+ [-Confirm] [<CommonParameters>]
 ```
 
 ### NewByWorkspaceObjectAndNameParameterSet
 ```
 New-AzSynapseRoleAssignment -WorkspaceObject <PSSynapseWorkspace> -RoleDefinitionName <String>
- -SignInName <String> [-ItemType <WorkspaceItemType>] [-Item <String>] [-PrincipalType <PrincipalType>]
- [-AsJob] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
+ -SignInName <String> [-ItemType <WorkspaceItemType>] [-Item <String>] [-AsJob]
+ [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
 ### NewByWorkspaceObjectAndIdParameterSet
 ```
 New-AzSynapseRoleAssignment -WorkspaceObject <PSSynapseWorkspace> -RoleDefinitionName <String>
- -ObjectId <String> [-ItemType <WorkspaceItemType>] [-Item <String>] [-PrincipalType <PrincipalType>] [-AsJob]
+ -ObjectId <String> [-ItemType <WorkspaceItemType>] [-Item <String>] [-AsJob]
  [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
 ### NewByWorkspaceObjectAndRoleDefinitionIdAndObjectIdParameterSet
 ```
 New-AzSynapseRoleAssignment -WorkspaceObject <PSSynapseWorkspace> -RoleDefinitionId <String> -ObjectId <String>
- [-ItemType <WorkspaceItemType>] [-Item <String>] [-PrincipalType <PrincipalType>] [-AsJob]
- [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
+ [-ItemType <WorkspaceItemType>] [-Item <String>] [-AsJob] [-DefaultProfile <IAzureContextContainer>] [-WhatIf]
+ [-Confirm] [<CommonParameters>]
 ```
 
 ### NewByWorkspaceObjectAndServicePrincipalNameParameterSet
 ```
 New-AzSynapseRoleAssignment -WorkspaceObject <PSSynapseWorkspace> -RoleDefinitionName <String>
- -ServicePrincipalName <String> [-ItemType <WorkspaceItemType>] [-Item <String>]
- [-PrincipalType <PrincipalType>] [-AsJob] [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm]
- [<CommonParameters>]
+ -ServicePrincipalName <String> [-ItemType <WorkspaceItemType>] [-Item <String>] [-AsJob]
+ [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -90,10 +89,10 @@ This command assigns ContosoRole to the user whose principal name is ContosoName
 
 ### Example 3
 ```powershell
-PS C:\> New-AzSynapseRoleAssignment -WorkspaceName ContosoWorkspace -RoleDefinitionName ContosoRole -SignInName ContosoName -ItemType ContosoItemType -Item ContosoItem -PrincipalType ContosoPrincipalType
+PS C:\> New-AzSynapseRoleAssignment -WorkspaceName ContosoWorkspace -RoleDefinitionName ContosoRole -SignInName ContosoName -ItemType ContosoItemType -Item ContosoItem
 ```
 
-This command assigns ContosoRole to the user whose principal name is ContosoName and item type is ContosoItemType, item is ContosoItem, principal type is ContosoPrincipalType.
+This command assigns ContosoRole to the user whose principal name is ContosoName and item type is ContosoItemType, item is ContosoItem.
 
 ### Example 4
 ```powershell
@@ -181,22 +180,6 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -PrincipalType
-The workspace principal type.
-
-```yaml
-Type: Microsoft.Azure.Commands.Synapse.Models.SynapseConstants+PrincipalType
-Parameter Sets: (All)
-Aliases:
-Accepted values: User, Group, ServicePrincipal
-
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
 ### -RoleDefinitionId
 Id of the Role that is assigned to the principal.
 

src/Synapse/Synapse/help/Remove-AzSynapseRoleAssignment.md

@@ -358,5 +358,3 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable
 ## NOTES
 
 ## RELATED LINKS
-
-## RELATED LINKS

tools/StaticAnalysis/Exceptions/Az.Synapse/BreakingChangeIssues.csv

@@ -47,4 +47,14 @@
 "Microsoft.Azure.PowerShell.Cmdlets.Synapse.dll","Microsoft.Azure.Commands.Synaspe.NewAzureSynapseWorkspace","New-AzSynapseWorkspace","0","2020","The cmdlet 'New-AzSynapseWorkspace' no longer supports the type 'System.String' for parameter 'ManagedVirtualNetwork'.","Change the type for parameter 'ManagedVirtualNetwork' back to 'System.String'."
  "Microsoft.Azure.PowerShell.Cmdlets.Synapse.dll","Microsoft.Azure.Commands.Synapse.NewAzureSynapseFirewallRule","New-AzSynapseFirewallRule","0","2000","The cmdlet 'New-AzSynapseFirewallRule' no longer supports the parameter 'AllowAllAzureIP' and no alias was found for the original parameter name.","Add the parameter 'AllowAllAzureIP' back to the cmdlet 'New-AzSynapseFirewallRule', or add an alias to the original parameter name."
  "Microsoft.Azure.PowerShell.Cmdlets.Synapse.dll","Microsoft.Azure.Commands.Synapse.NewAzureSynapseFirewallRule","New-AzSynapseFirewallRule","0","1050","The parameter set 'CreateByNameAllowAllIpParameterSet' for cmdlet 'New-AzSynapseFirewallRule' has been removed.","Add parameter set 'CreateByNameAllowAllIpParameterSet' back to cmdlet 'New-AzSynapseFirewallRule'."
- "Microsoft.Azure.PowerShell.Cmdlets.Synapse.dll","Microsoft.Azure.Commands.Synapse.NewAzureSynapseFirewallRule","New-AzSynapseFirewallRule","0","1050","The parameter set 'CreateByParentObjectAllowAllIpParameterSet' for cmdlet 'New-AzSynapseFirewallRule' has been removed.","Add parameter set 'CreateByParentObjectAllowAllIpParameterSet' back to cmdlet 'New-AzSynapseFirewallRule'."
+ "Microsoft.Azure.PowerShell.Cmdlets.Synapse.dll","Microsoft.Azure.Commands.Synapse.NewAzureSynapseFirewallRule","New-AzSynapseFirewallRule","0","1050","The parameter set 'CreateByParentObjectAllowAllIpParameterSet' for cmdlet 'New-AzSynapseFirewallRule' has been removed.","Add parameter set 'CreateByParentObjectAllowAllIpParameterSet' back to cmdlet 'New-AzSynapseFirewallRule'."
+"Microsoft.Azure.PowerShell.Cmdlets.Synapse.dll","Microsoft.Azure.Commands.Synapse.NewAzureSynapseRoleAssignment","New-AzSynapseRoleAssignment","0","2000","The cmdlet 'New-AzSynapseRoleAssignment' no longer supports the parameter 'PrincipalType' and no alias was found for the original parameter name.","Add the parameter 'PrincipalType' back to the cmdlet 'New-AzSynapseRoleAssignment', or add an alias to the original parameter name."
+"Microsoft.Azure.PowerShell.Cmdlets.Synapse.dll","Microsoft.Azure.Commands.Synapse.NewAzureSynapseRoleAssignment","New-AzSynapseRoleAssignment","0","1050","The parameter set 'NewByWorkspaceNameAndNameParameterSet' for cmdlet 'New-AzSynapseRoleAssignment' has been removed.","Add parameter set 'NewByWorkspaceNameAndNameParameterSet' back to cmdlet 'New-AzSynapseRoleAssignment'."
+"Microsoft.Azure.PowerShell.Cmdlets.Synapse.dll","Microsoft.Azure.Commands.Synapse.NewAzureSynapseRoleAssignment","New-AzSynapseRoleAssignment","0","1050","The parameter set 'NewByWorkspaceNameAndIdParameterSet' for cmdlet 'New-AzSynapseRoleAssignment' has been removed.","Add parameter set 'NewByWorkspaceNameAndIdParameterSet' back to cmdlet 'New-AzSynapseRoleAssignment'."
+"Microsoft.Azure.PowerShell.Cmdlets.Synapse.dll","Microsoft.Azure.Commands.Synapse.NewAzureSynapseRoleAssignment","New-AzSynapseRoleAssignment","0","1050","The parameter set 'NewByWorkspaceNameAndRoleDefinitionIdAndObjectIdParameterSet' for cmdlet 'New-AzSynapseRoleAssignment' has been removed.","Add parameter set 'NewByWorkspaceNameAndRoleDefinitionIdAndObjectIdParameterSet' back to cmdlet 'New-AzSynapseRoleAssignment'."
+"Microsoft.Azure.PowerShell.Cmdlets.Synapse.dll","Microsoft.Azure.Commands.Synapse.NewAzureSynapseRoleAssignment","New-AzSynapseRoleAssignment","0","1050","The parameter set 'NewByWorkspaceNameAndServicePrincipalNameParameterSet' for cmdlet 'New-AzSynapseRoleAssignment' has been removed.","Add parameter set 'NewByWorkspaceNameAndServicePrincipalNameParameterSet' back to cmdlet 'New-AzSynapseRoleAssignment'."
+"Microsoft.Azure.PowerShell.Cmdlets.Synapse.dll","Microsoft.Azure.Commands.Synapse.NewAzureSynapseRoleAssignment","New-AzSynapseRoleAssignment","0","1050","The parameter set 'NewByWorkspaceObjectAndNameParameterSet' for cmdlet 'New-AzSynapseRoleAssignment' has been removed.","Add parameter set 'NewByWorkspaceObjectAndNameParameterSet' back to cmdlet 'New-AzSynapseRoleAssignment'."
+"Microsoft.Azure.PowerShell.Cmdlets.Synapse.dll","Microsoft.Azure.Commands.Synapse.NewAzureSynapseRoleAssignment","New-AzSynapseRoleAssignment","0","1050","The parameter set 'NewByWorkspaceObjectAndIdParameterSet' for cmdlet 'New-AzSynapseRoleAssignment' has been removed.","Add parameter set 'NewByWorkspaceObjectAndIdParameterSet' back to cmdlet 'New-AzSynapseRoleAssignment'."
+"Microsoft.Azure.PowerShell.Cmdlets.Synapse.dll","Microsoft.Azure.Commands.Synapse.NewAzureSynapseRoleAssignment","New-AzSynapseRoleAssignment","0","1050","The parameter set 'NewByWorkspaceObjectAndRoleDefinitionIdAndObjectIdParameterSet' for cmdlet 'New-AzSynapseRoleAssignment' has been removed.","Add parameter set 'NewByWorkspaceObjectAndRoleDefinitionIdAndObjectIdParameterSet' back to cmdlet 'New-AzSynapseRoleAssignment'."
+"Microsoft.Azure.PowerShell.Cmdlets.Synapse.dll","Microsoft.Azure.Commands.Synapse.NewAzureSynapseRoleAssignment","New-AzSynapseRoleAssignment","0","1050","The parameter set 'NewByWorkspaceObjectAndServicePrincipalNameParameterSet' for cmdlet 'New-AzSynapseRoleAssignment' has been removed.","Add parameter set 'NewByWorkspaceObjectAndServicePrincipalNameParameterSet' back to cmdlet 'New-AzSynapseRoleAssignment'."
+"Microsoft.Azure.PowerShell.Cmdlets.Synapse.dll","Microsoft.Azure.Commands.Synapse.NewAzureSynapseRoleAssignment","New-AzSynapseRoleAssignment","0","1050","The parameter set '__AllParameterSets' for cmdlet 'New-AzSynapseRoleAssignment' has been removed.","Add parameter set '__AllParameterSets' back to cmdlet 'New-AzSynapseRoleAssignment'."