Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add new synapse rbac api spec #11384

Merged
merged 8 commits into from
Nov 18, 2020
Merged

Add new synapse rbac api spec #11384

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
11cb77a
Add files via upload
srkakuru Oct 26, 2020
33a4e07
Fix validation issues
Oct 27, 2020
3bcf50a
Fix validation issues
Oct 27, 2020
524225f
Fix prettier check issue
Oct 27, 2020
b0df2e2
fix validation errors
Oct 27, 2020
e549237
Made review fixes
srkakuru Nov 5, 2020
d5a420c
Run prettier check
srkakuru Nov 12, 2020
4aaf3eb
Review fix
srkakuru Nov 18, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
264 changes: 264 additions & 0 deletions ...napse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/checkAccessSynapseRbac.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,264 @@
{
"swagger": "2.0",
"info": {
"version": "2020-08-01-preview",
"title": "AccessControlClient"
},
"x-ms-parameterized-host": {
"hostTemplate": "{endpoint}",
"useSchemePrefix": false,
"parameters": [
{
"$ref": "#/parameters/Endpoint"
}
]
},
"schemes": [
"https"
],
"paths": {
"/checkAccessSynapseRbac": {
"post": {
"tags": [
"CheckPrincipalAccess"
],
"operationId": "CheckPrincipalAccess",
"description": "Check if the given principalId has access to perform list of actions at a given scope.",
"x-ms-examples": {
"Check access": {
"$ref": "./examples/CheckAccessSynapseRbac.json"
}
},
"consumes": [
"application/json",
"text/json"
],
"produces": [
"application/json",
"text/json"
],
"parameters": [
{
"name": "request",
"in": "body",
"required": true,
"x-ms-client-flatten": true,
"description": "Details of scope, list of actions and principal.",
"schema": {
"$ref": "#/definitions/CheckPrincipalAccessRequest"
}
},
{
"$ref": "#/parameters/ApiVersionParameter"
}
],
"responses": {
"200": {
"description": "Success response.",
"schema": {
"$ref": "#/definitions/CheckPrincipalAccessResponse"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"$ref": "#/definitions/ErrorContract"
}
}
}
}
}
},
"definitions": {
"ErrorContract": {
"title": "Error details.",
"description": "Contains details when the response code indicates an error.",
"type": "object",
"properties": {
"error": {
"description": "The error details.",
"$ref": "#/definitions/ErrorResponse"
}
}
},
"ErrorResponse": {
"required": [
"code",
"message"
],
"type": "object",
"properties": {
"code": {
"type": "string"
},
"message": {
"type": "string"
},
"target": {
"type": "string"
},
"details": {
"type": "array",
"items": {
"$ref": "#/definitions/ErrorDetail"
}
}
}
},
"ErrorDetail": {
"required": [
"code",
"message"
],
"type": "object",
"properties": {
"code": {
"type": "string"
},
"message": {
"type": "string"
},
"target": {
"type": "string"
}
}
},
"CheckPrincipalAccessRequest": {
"description": "Check access request details",
"type": "object",
"required": [
"scope",
"actions",
"subject"
],
"properties": {
"subject": {
"description": "Subject details",
"type": "object",
"$ref": "#/definitions/SubjectInfo"
},
"actions": {
"description": "List of actions.",
"type": "array",
"items": {
"$ref": "#/definitions/Action"
}
},
"scope": {
"description": "Scope at which the check access is done.",
"type": "string"
}
}
},
"Action": {
"description": "Action Info",
"type": "object",
"required": [
"id",
"isDataAction"
],
"properties": {
"id": {
"description": "Action Id.",
"type": "string"
},
"isDataAction": {
"description": "Is a data action or not.",
"type": "boolean"
}
}
},
"CheckPrincipalAccessResponse": {
"description": "Check access response details",
"type": "array",
"items": {
"$ref": "#/definitions/CheckAccessDecision"
}
},
"SubjectInfo": {
"description": "Subject details",
"type": "object",
"required": [
"principalId"
],
"properties": {
"principalId": {
"description": "Principal Id",
"format": "uuid",
"type": "string"
},
"groupIds": {
"description": "List of group Ids that the principalId is part of.",
"type": "array",
"items": {
"format": "uuid",
"type": "string"
}
}
}
},
"CheckAccessDecision": {
"description": "Check access response details",
"type": "object",
"properties": {
"accessDecision": {
"description": "Access Decision.",
"type": "string"
},
"actionId": {
"description": "Action Id.",
"type": "string"
},
"roleAssignment": {
"$ref": "#/definitions/RoleAssignmentDetails"
}
}
},
"RoleAssignmentDetails": {
"description": "Role Assignment response details",
"type": "object",
"properties": {
"id": {
"description": "Role Assignment ID",
"type": "string"
},
"roleDefinitionId": {
"description": "Role ID of the Synapse Built-In Role",
"format": "uuid",
"type": "string"
},
"principalId": {
"description": "Object ID of the AAD principal or security-group",
"format": "uuid",
"type": "string"
},
"scope": {
"description": "Scope at the role assignment is created",
"type": "string"
},
"principalType": {
"description": "Type of the principal Id: User, Group or ServicePrincipal",
"type": "string"
}
}
}
},
"parameters": {
"Endpoint": {
"name": "endpoint",
"description": "The workspace development endpoint, for example https://myworkspace.dev.azuresynapse.net.",
"required": true,
"type": "string",
"in": "path",
"x-ms-skip-url-encoding": true,
"x-ms-parameter-location": "client"
},
"ApiVersionParameter": {
"name": "api-version",
"in": "query",
"required": true,
"type": "string",
"description": "The Synapse client API Version."
}
}
}
62 changes: 62 additions & 0 deletions ...a-plane/Microsoft.Synapse/preview/2020-08-01-preview/examples/CheckAccessSynapseRbac.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
{
"parameters": {
"endpoint": "exampleWorkspace.dev.azuresynapse.net",
"api-version": "2020-08-01-preview",
"request": {
"subject": {
"principalId": "00000000-0000-0000-0000-000000000000",
"groupIds": [
"00000000-0000-0000-0000-000000000000",
"00000000-0000-0000-0000-000000000000"
]
},
"scope": "workspaces/exampleWorkspace",
"actions": [
{
"id": "Action 1",
"isDataAction": true
},
{
"id": "Action 2",
"isDataAction": true
}
]
}
},
"responses": {
"200": {
"body": [
{
"accessDecision": "Allowed || NotAllowed",
"actionId": "Action 1",
"roleAssignment": {
"id": "00000000-0000-0000-0000-000000000000",
"roleDefinitionId": "00000000-0000-0000-0000-000000000000",
"principalId": "00000000-0000-0000-0000-000000000000",
"scope": "workspaces/exampleWorkspace",
"principalType": "User || Group || ServicePrincipal"
}
},
{
"accessDecision": "Allowed || NotAllowed",
"actionId": "Action 1",
"roleAssignment": {
"id": "00000000-0000-0000-0000-000000000000",
"roleDefinitionId": "00000000-0000-0000-0000-000000000000",
"principalId": "00000000-0000-0000-0000-000000000000",
"scope": "workspaces/exampleWorkspace",
"principalType": "User || Group || ServicePrincipal"
}
}
]
},
"default": {
"body": {
"error": {
"code": "Error code",
"message": "Error message"
}
}
}
}
}
32 changes: 32 additions & 0 deletions ...oft.Synapse/preview/2020-08-01-preview/examples/RoleAssignments_CreateRoleAssignment.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
{
"parameters": {
"endpoint": "exampleWorkspace.dev.azuresynapse.net",
"roleAssignmentId": "00000000-0000-0000-0000-000000000000",
"api-version": "2020-08-01-preview",
"request": {
"roleId": "00000000-0000-0000-0000-000000000000",
"principalId": "00000000-0000-0000-0000-000000000000",
"scope": "workspaces/exampleWorkspace",
"principalType": "User || Group || ServicePrincipal"
}
},
"responses": {
"200": {
"body": {
"id": "00000000-0000-0000-0000-000000000000",
"roleDefinitionId": "00000000-0000-0000-0000-000000000000",
"principalId": "00000000-0000-0000-0000-000000000000",
"scope": "workspaces/exampleWorkspace",
"principalType": "User || Group || ServicePrincipal"
}
},
"default": {
"body": {
"error": {
"code": "Error code",
"message": "Error message"
}
}
}
}
}
19 changes: 19 additions & 0 deletions ...Synapse/preview/2020-08-01-preview/examples/RoleAssignments_DeleteRoleAssignmentById.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{
"parameters": {
"endpoint": "exampleWorkspace.dev.azuresynapse.net",
"roleAssignmentId": "00000000-0000-0000-0000-000000000000",
"api-version": "2020-08-01-preview"
},
"responses": {
"200": {},
"204": {},
"default": {
"body": {
"error": {
"code": "Error code",
"message": "Error message"
}
}
}
}
}
Loading