Skip to content

Commit 96b6d6f

Browse files
author
Wan Yang
committed
add support for access control
1 parent 1e10d0a commit 96b6d6f

20 files changed

+1874
-1
lines changed

src/Synapse/Synapse/Az.Synapse.psd1

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -89,7 +89,9 @@ CmdletsToExport = 'Get-AzSynapseSparkJob', 'Stop-AzSynapseSparkJob',
8989
'Update-AzSynapseSqlPool', 'Test-AzSynapseWorkspace',
9090
'Test-AzSynapseSparkPool', 'Test-AzSynapseSqlPool',
9191
'New-AzSynapseFirewallRule', 'Remove-AzSynapseFirewallRule',
92-
'Get-AzSynapseFirewallRule', 'Update-AzSynapseFirewallRule'
92+
'Get-AzSynapseFirewallRule', 'Update-AzSynapseFirewallRule',
93+
'Get-AzSynapseRoleAssignment','New-AzSynapseRoleAssignment',
94+
'Remove-AzSynapseRoleAssignment','Get-AzSynapseRoleDefinition'
9395

9496
# Variables to export from this module
9597
# VariablesToExport = @()

src/Synapse/Synapse/ChangeLog.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,11 @@
2929
- Change `PluginInfo` to `Plugin`
3030
- Change `ErrorInfo` to `Errors`
3131
- Change `Log` to `LogLines`
32+
* Added support for operation of Synapse access control
33+
- Add `Get-AzSynapseRoleDefinition` cmdlet
34+
- Add `New-AzSynapseRoleAssignment` cmdlet
35+
- Add `Remove-AzSynapseRoleAssignment` cmdlet
36+
- Add `Get-AzSynapseRoleAssignment` cmdlet
3237

3338
## Version 0.1.1
3439

src/Synapse/Synapse/Commands/DataPlaneCommands/AccessControl/GetAzureSynapseRoleAssignment.cs

Lines changed: 154 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,154 @@
1+
using Azure.Analytics.Synapse.AccessControl;
2+
using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
3+
using Microsoft.Azure.Commands.Synapse.Common;
4+
using Microsoft.Azure.Commands.Synapse.Models;
5+
using Microsoft.WindowsAzure.Commands.Utilities.Common;
6+
using System;
7+
using System.Collections.Generic;
8+
using System.Linq;
9+
using System.Management.Automation;
10+
using System.Text;
11+
12+
namespace Microsoft.Azure.Commands.Synapse
13+
{
14+
[Cmdlet(VerbsCommon.Get, ResourceManager.Common.AzureRMConstants.AzureRMPrefix + SynapseConstants.SynapsePrefix + SynapseConstants.RoleAssignment,
15+
DefaultParameterSetName = GetByWorkspaceNameAndNameParameterSet)]
16+
[OutputType(typeof(PSRoleAssignmentDetails))]
17+
public class GetAzureSynapseRoleAssignment : SynapseRoleCmdletBase
18+
{
19+
private const string GetByWorkspaceNameAndNameParameterSet = "GetByWorkspaceNameAndNameParameterSet";
20+
private const string GetByWorkspaceNameAndIdParameterSet = "GetByWorkspaceNameAndIdParameterSet";
21+
private const string GetByWorkspaceObjectAndNameParameterSet = "GetByWorkspaceObjectAndNameParameterSet";
22+
private const string GetByWorkspaceObjectAndIdParameterSet = "GetByWorkspaceObjectAndIdParameterSet";
23+
private const string GetByWorkspaceNameAndRoleDefinitionIdAndObjectIdParameterSet = "GetByWorkspaceNameAndRoleDefinitionIdAndObjectIdParameterSet";
24+
private const string GetByWorkspaceObjectAndRoleDefinitionIdAndObjectIdParameterSet = "GetByWorkspaceObjectAndRoleDefinitionIdAndObjectIdParameterSet";
25+
private const string GetByWorkspaceNameAndAssignmentIdParameterSet = "GetByWorkspaceNameAndAssignmentIdParameterSet";
26+
private const string GetByWorkspaceObjectAndAssignmentIdParameterSet = "GetByWorkspaceObjectAndAssignmentIdParameterSet";
27+
private const string GetByWorkspaceNameAndServicePrincipalNameParameterSet = "GetByWorkspaceNameAndServicePrincipalNameParameterSet";
28+
private const string GetByWorkspaceObjectAndServicePrincipalNameParameterSet = "GetByWorkspaceObjectAndServicePrincipalNameParameterSet";
29+
30+
[Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = GetByWorkspaceNameAndNameParameterSet,
31+
Mandatory = true, HelpMessage = HelpMessages.WorkspaceName)]
32+
[Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = GetByWorkspaceNameAndIdParameterSet,
33+
Mandatory = true, HelpMessage = HelpMessages.WorkspaceName)]
34+
[Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = GetByWorkspaceNameAndRoleDefinitionIdAndObjectIdParameterSet,
35+
Mandatory = true, HelpMessage = HelpMessages.WorkspaceName)]
36+
[Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = GetByWorkspaceNameAndAssignmentIdParameterSet,
37+
Mandatory = true, HelpMessage = HelpMessages.WorkspaceName)]
38+
[Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = GetByWorkspaceNameAndServicePrincipalNameParameterSet,
39+
Mandatory = true, HelpMessage = HelpMessages.WorkspaceName)]
40+
[ResourceNameCompleter(ResourceTypes.Workspace, "ResourceGroupName")]
41+
[ValidateNotNullOrEmpty]
42+
public override string WorkspaceName { get; set; }
43+
44+
[Parameter(ValueFromPipeline = true, ParameterSetName = GetByWorkspaceObjectAndNameParameterSet,
45+
Mandatory = true, HelpMessage = HelpMessages.WorkspaceObject)]
46+
[Parameter(ValueFromPipeline = true, ParameterSetName = GetByWorkspaceObjectAndIdParameterSet,
47+
Mandatory = true, HelpMessage = HelpMessages.WorkspaceObject)]
48+
[Parameter(ValueFromPipeline = true, ParameterSetName = GetByWorkspaceObjectAndRoleDefinitionIdAndObjectIdParameterSet,
49+
Mandatory = true, HelpMessage = HelpMessages.WorkspaceObject)]
50+
[Parameter(ValueFromPipeline = true, ParameterSetName = GetByWorkspaceObjectAndAssignmentIdParameterSet,
51+
Mandatory = true, HelpMessage = HelpMessages.WorkspaceObject)]
52+
[Parameter(ValueFromPipeline = true, ParameterSetName = GetByWorkspaceObjectAndServicePrincipalNameParameterSet,
53+
Mandatory = true, HelpMessage = HelpMessages.WorkspaceObject)]
54+
[ValidateNotNull]
55+
public PSSynapseWorkspace WorkspaceObject { get; set; }
56+
57+
[Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = GetByWorkspaceNameAndAssignmentIdParameterSet,
58+
Mandatory = true, HelpMessage = HelpMessages.RoleAssignmentId)]
59+
[Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = GetByWorkspaceObjectAndAssignmentIdParameterSet,
60+
Mandatory = true, HelpMessage = HelpMessages.RoleAssignmentId)]
61+
[ValidateNotNullOrEmpty]
62+
public string RoleAssignmentId { get; set; }
63+
64+
[Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = GetByWorkspaceNameAndNameParameterSet,
65+
Mandatory = false, HelpMessage = HelpMessages.RoleDefinitionName)]
66+
[Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = GetByWorkspaceNameAndIdParameterSet,
67+
Mandatory = false, HelpMessage = HelpMessages.RoleDefinitionName)]
68+
[Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = GetByWorkspaceObjectAndNameParameterSet,
69+
Mandatory = false, HelpMessage = HelpMessages.RoleDefinitionName)]
70+
[Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = GetByWorkspaceObjectAndIdParameterSet,
71+
Mandatory = false, HelpMessage = HelpMessages.RoleDefinitionName)]
72+
[Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = GetByWorkspaceNameAndServicePrincipalNameParameterSet,
73+
Mandatory = false, HelpMessage = HelpMessages.RoleDefinitionName)]
74+
[Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = GetByWorkspaceObjectAndServicePrincipalNameParameterSet,
75+
Mandatory = false, HelpMessage = HelpMessages.RoleDefinitionName)]
76+
[ValidateNotNullOrEmpty]
77+
public string RoleDefinitionName { get; set; }
78+
79+
[Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = GetByWorkspaceNameAndRoleDefinitionIdAndObjectIdParameterSet,
80+
Mandatory = true, HelpMessage = HelpMessages.RoleDefinitionId)]
81+
[Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = GetByWorkspaceObjectAndRoleDefinitionIdAndObjectIdParameterSet,
82+
Mandatory = true, HelpMessage = HelpMessages.RoleDefinitionId)]
83+
[ValidateNotNullOrEmpty]
84+
public string RoleDefinitionId { get; set; }
85+
86+
[Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = GetByWorkspaceNameAndNameParameterSet,
87+
Mandatory = false, HelpMessage = HelpMessages.SignInName)]
88+
[Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = GetByWorkspaceObjectAndNameParameterSet,
89+
Mandatory = true, HelpMessage = HelpMessages.SignInName)]
90+
[Alias("Email", "UserPrincipalName")]
91+
[ValidateNotNullOrEmpty]
92+
public string SignInName { get; set; }
93+
94+
[Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = GetByWorkspaceNameAndServicePrincipalNameParameterSet,
95+
Mandatory = false, HelpMessage = HelpMessages.ServicePrincipalName)]
96+
[Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = GetByWorkspaceObjectAndServicePrincipalNameParameterSet,
97+
Mandatory = true, HelpMessage = HelpMessages.ServicePrincipalName)]
98+
[ValidateNotNullOrEmpty]
99+
public string ServicePrincipalName { get; set; }
100+
101+
[Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = GetByWorkspaceNameAndIdParameterSet,
102+
Mandatory = false, HelpMessage = HelpMessages.PrincipalId)]
103+
[Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = GetByWorkspaceObjectAndIdParameterSet,
104+
Mandatory = false, HelpMessage = HelpMessages.PrincipalId)]
105+
[Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = GetByWorkspaceNameAndRoleDefinitionIdAndObjectIdParameterSet,
106+
Mandatory = false, HelpMessage = HelpMessages.PrincipalId)]
107+
[Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = GetByWorkspaceObjectAndRoleDefinitionIdAndObjectIdParameterSet,
108+
Mandatory = false, HelpMessage = HelpMessages.PrincipalId)]
109+
[Alias("Id", "PrincipalId")]
110+
[ValidateNotNullOrEmpty]
111+
public string ObjectId { get; set; }
112+
113+
public override void ExecuteCmdlet()
114+
{
115+
if (this.IsParameterBound(c => c.WorkspaceObject))
116+
{
117+
this.WorkspaceName = this.WorkspaceObject.Name;
118+
}
119+
120+
if (this.IsParameterBound(c => c.RoleDefinitionName))
121+
{
122+
this.RoleDefinitionId = SynapseAnalyticsClient.GetRoleDefinitionIdFromRoleDefinitionName(this.RoleDefinitionName);
123+
}
124+
125+
if (this.IsParameterBound(c => c.SignInName))
126+
{
127+
this.ObjectId = SynapseAnalyticsClient.GetObjectIdFromSignInName(this.SignInName);
128+
}
129+
130+
if (this.IsParameterBound(c => c.ServicePrincipalName))
131+
{
132+
this.ObjectId = SynapseAnalyticsClient.GetObjectIdFromServicePrincipalName(this.ServicePrincipalName);
133+
}
134+
135+
if (this.IsParameterBound(c => c.RoleAssignmentId))
136+
{
137+
WriteObject(new PSRoleAssignmentDetails(SynapseAnalyticsClient.GetRoleAssignmentById(this.RoleAssignmentId)));
138+
}
139+
else
140+
{
141+
var roleAssignment = SynapseAnalyticsClient.ListRoleAssignments(this.RoleDefinitionId, this.ObjectId)
142+
.Select(element => new PSRoleAssignmentDetails(element));
143+
144+
// TODO: Currently, when only `ObjectId` is specified, the cmdlet returns incorrect result. Filter from client side as a workaround
145+
if (!string.IsNullOrEmpty(this.ObjectId))
146+
{
147+
roleAssignment = roleAssignment.Where(element => element.ObjectId == this.ObjectId);
148+
}
149+
150+
WriteObject(roleAssignment, true);
151+
}
152+
}
153+
}
154+
}

src/Synapse/Synapse/Commands/DataPlaneCommands/AccessControl/GetAzureSynapseRoleDefinition.cs

Lines changed: 85 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,85 @@
1+
using Azure.Analytics.Synapse.AccessControl.Models;
2+
using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
3+
using Microsoft.Azure.Commands.Synapse.Common;
4+
using Microsoft.Azure.Commands.Synapse.Models;
5+
using Microsoft.Azure.Commands.Synapse.Properties;
6+
using Microsoft.WindowsAzure.Commands.Utilities.Common;
7+
using System;
8+
using System.Collections.Generic;
9+
using System.Linq;
10+
using System.Management.Automation;
11+
using System.Text;
12+
13+
namespace Microsoft.Azure.Commands.Synapse
14+
{
15+
[Cmdlet(VerbsCommon.Get, ResourceManager.Common.AzureRMConstants.AzureRMPrefix + SynapseConstants.SynapsePrefix + SynapseConstants.RoleDefinition,
16+
DefaultParameterSetName = GetByWorkspaceNameAndIdParameterSet)]
17+
[OutputType(typeof(PSSynapseRole))]
18+
public class GetAzureSynapseRoleDefinition : SynapseRoleCmdletBase
19+
{
20+
private const string GetByWorkspaceNameAndIdParameterSet = "GetByWorkspaceNameAndIdParameterSet";
21+
private const string GetByWorkspaceObjectAndIdParameterSet = "GetByWorkspaceObjectAndIdParameterSet";
22+
private const string GetByWorkspaceNameAndNameParameterSet = "GetByWorkspaceNameAndNameParameterSet";
23+
private const string GetByWorkspaceObjectAndNameParameterSet = "GetByWorkspaceObjectAndNameParameterSet";
24+
25+
[Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = GetByWorkspaceNameAndIdParameterSet,
26+
Mandatory = true, HelpMessage = HelpMessages.WorkspaceName)]
27+
[Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = GetByWorkspaceNameAndNameParameterSet,
28+
Mandatory = true, HelpMessage = HelpMessages.WorkspaceName)]
29+
[ResourceNameCompleter(ResourceTypes.Workspace, "ResourceGroupName")]
30+
[ValidateNotNullOrEmpty]
31+
public override string WorkspaceName { get; set; }
32+
33+
[Parameter(ValueFromPipeline = true, ParameterSetName = GetByWorkspaceObjectAndIdParameterSet,
34+
Mandatory = true, HelpMessage = HelpMessages.WorkspaceObject)]
35+
[Parameter(ValueFromPipeline = true, ParameterSetName = GetByWorkspaceObjectAndNameParameterSet,
36+
Mandatory = true, HelpMessage = HelpMessages.WorkspaceObject)]
37+
[ValidateNotNull]
38+
public PSSynapseWorkspace WorkspaceObject { get; set; }
39+
40+
[Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = GetByWorkspaceNameAndIdParameterSet,
41+
Mandatory = false, HelpMessage = HelpMessages.RoleDefinitionId)]
42+
[Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = GetByWorkspaceObjectAndIdParameterSet,
43+
Mandatory = true, HelpMessage = HelpMessages.RoleDefinitionId)]
44+
[ValidateNotNullOrEmpty]
45+
public string Id { get; set; }
46+
47+
[Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = GetByWorkspaceNameAndNameParameterSet,
48+
Mandatory = false, HelpMessage = HelpMessages.RoleDefinitionName)]
49+
[Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = GetByWorkspaceObjectAndNameParameterSet,
50+
Mandatory = false, HelpMessage = HelpMessages.RoleDefinitionName)]
51+
[ValidateNotNullOrEmpty]
52+
public string Name { get; set; }
53+
54+
public override void ExecuteCmdlet()
55+
{
56+
if (this.IsParameterBound(c => c.WorkspaceObject))
57+
{
58+
this.WorkspaceName = this.WorkspaceObject.Name;
59+
}
60+
61+
if (this.IsParameterBound(c => c.Id))
62+
{
63+
WriteObject(new PSSynapseRole(SynapseAnalyticsClient.GetRoleDefinitionById(this.Id)));
64+
}
65+
else
66+
{
67+
var roleDefinitions = SynapseAnalyticsClient.GetRoleDefinitions()
68+
.Select(element => new PSSynapseRole(element));
69+
if (this.IsParameterBound(c => c.Name))
70+
{
71+
PSSynapseRole role = roleDefinitions.SingleOrDefault(element => element.Name == this.Name);
72+
if (role == null)
73+
{
74+
throw new InvalidOperationException(String.Format(Resources.RoleDefinitionNameDoesNotExist, this.Name));
75+
}
76+
WriteObject(role);
77+
}
78+
else
79+
{
80+
WriteObject(roleDefinitions, true);
81+
}
82+
}
83+
}
84+
}
85+
}

0 commit comments

Comments
 (0)