Skip to content

Commit

Permalink
Add new synapse rbac api spec (Azure#11384)
Browse files Browse the repository at this point in the history 
* Add files via upload

* Fix validation issues

* Fix validation issues

* Fix prettier check issue

* fix validation errors

* Made review fixes

* Run prettier check

* Review fix

Co-authored-by: Dongwei Wang <[email protected]>
  • Loading branch information
@srkakuru
srkakuru and Dongwei Wang authored Nov 18, 2020
1 parent 146aefa commit a16488b
Show file tree
Hide file tree
Showing 12 changed files with 1,282 additions and 0 deletions.
264 changes: 264 additions & 0 deletions ...napse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/checkAccessSynapseRbac.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,264 @@
{
"swagger": "2.0",
"info": {
"version": "2020-08-01-preview",
"title": "AccessControlClient"
},
"x-ms-parameterized-host": {
"hostTemplate": "{endpoint}",
"useSchemePrefix": false,
"parameters": [
{
"$ref": "#/parameters/Endpoint"
}
]
},
"schemes": [
"https"
],
"paths": {
"/checkAccessSynapseRbac": {
"post": {
"tags": [
"CheckPrincipalAccess"
],
"operationId": "CheckPrincipalAccess",
"description": "Check if the given principalId has access to perform list of actions at a given scope.",
"x-ms-examples": {
"Check access": {
"$ref": "./examples/CheckAccessSynapseRbac.json"
}
},
"consumes": [
"application/json",
"text/json"
],
"produces": [
"application/json",
"text/json"
],
"parameters": [
{
"name": "request",
"in": "body",
"required": true,
"x-ms-client-flatten": true,
"description": "Details of scope, list of actions and principal.",
"schema": {
"$ref": "#/definitions/CheckPrincipalAccessRequest"
}
},
{
"$ref": "#/parameters/ApiVersionParameter"
}
],
"responses": {
"200": {
"description": "Success response.",
"schema": {
"$ref": "#/definitions/CheckPrincipalAccessResponse"
}
},
"default": {
"description": "Error response describing why the operation failed.",
"schema": {
"$ref": "#/definitions/ErrorContract"
}
}
}
}
}
},
"definitions": {
"ErrorContract": {
"title": "Error details.",
"description": "Contains details when the response code indicates an error.",
"type": "object",
"properties": {
"error": {
"description": "The error details.",
"$ref": "#/definitions/ErrorResponse"
}
}
},
"ErrorResponse": {
"required": [
"code",
"message"
],
"type": "object",
"properties": {
"code": {
"type": "string"
},
"message": {
"type": "string"
},
"target": {
"type": "string"
},
"details": {
"type": "array",
"items": {
"$ref": "#/definitions/ErrorDetail"
}
}
}
},
"ErrorDetail": {
"required": [
"code",
"message"
],
"type": "object",
"properties": {
"code": {
"type": "string"
},
"message": {
"type": "string"
},
"target": {
"type": "string"
}
}
},
"CheckPrincipalAccessRequest": {
"description": "Check access request details",
"type": "object",
"required": [
"scope",
"actions",
"subject"
],
"properties": {
"subject": {
"description": "Subject details",
"type": "object",
"$ref": "#/definitions/SubjectInfo"
},
"actions": {
"description": "List of actions.",
"type": "array",
"items": {
"$ref": "#/definitions/Action"
}
},
"scope": {
"description": "Scope at which the check access is done.",
"type": "string"
}
}
},
"Action": {
"description": "Action Info",
"type": "object",
"required": [
"id",
"isDataAction"
],
"properties": {
"id": {
"description": "Action Id.",
"type": "string"
},
"isDataAction": {
"description": "Is a data action or not.",
"type": "boolean"
}
}
},
"CheckPrincipalAccessResponse": {
"description": "Check access response details",
"type": "array",
"items": {
"$ref": "#/definitions/CheckAccessDecision"
}
},
"SubjectInfo": {
"description": "Subject details",
"type": "object",
"required": [
"principalId"
],
"properties": {
"principalId": {
"description": "Principal Id",
"format": "uuid",
"type": "string"
},
"groupIds": {
"description": "List of group Ids that the principalId is part of.",
"type": "array",
"items": {
"format": "uuid",
"type": "string"
}
}
}
},
"CheckAccessDecision": {
"description": "Check access response details",
"type": "object",
"properties": {
"accessDecision": {
"description": "Access Decision.",
"type": "string"
},
"actionId": {
"description": "Action Id.",
"type": "string"
},
"roleAssignment": {
"$ref": "#/definitions/RoleAssignmentDetails"
}
}
},
"RoleAssignmentDetails": {
"description": "Role Assignment response details",
"type": "object",
"properties": {
"id": {
"description": "Role Assignment ID",
"type": "string"
},
"roleDefinitionId": {
"description": "Role ID of the Synapse Built-In Role",
"format": "uuid",
"type": "string"
},
"principalId": {
"description": "Object ID of the AAD principal or security-group",
"format": "uuid",
"type": "string"
},
"scope": {
"description": "Scope at the role assignment is created",
"type": "string"
},
"principalType": {
"description": "Type of the principal Id: User, Group or ServicePrincipal",
"type": "string"
}
}
}
},
"parameters": {
"Endpoint": {
"name": "endpoint",
"description": "The workspace development endpoint, for example https://myworkspace.dev.azuresynapse.net.",
"required": true,
"type": "string",
"in": "path",
"x-ms-skip-url-encoding": true,
"x-ms-parameter-location": "client"
},
"ApiVersionParameter": {
"name": "api-version",
"in": "query",
"required": true,
"type": "string",
"description": "The Synapse client API Version."
}
}
}
62 changes: 62 additions & 0 deletions ...a-plane/Microsoft.Synapse/preview/2020-08-01-preview/examples/CheckAccessSynapseRbac.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
{
"parameters": {
"endpoint": "exampleWorkspace.dev.azuresynapse.net",
"api-version": "2020-08-01-preview",
"request": {
"subject": {
"principalId": "00000000-0000-0000-0000-000000000000",
"groupIds": [
"00000000-0000-0000-0000-000000000000",
"00000000-0000-0000-0000-000000000000"
]
},
"scope": "workspaces/exampleWorkspace",
"actions": [
{
"id": "Action 1",
"isDataAction": true
},
{
"id": "Action 2",
"isDataAction": true
}
]
}
},
"responses": {
"200": {
"body": [
{
"accessDecision": "Allowed || NotAllowed",
"actionId": "Action 1",
"roleAssignment": {
"id": "00000000-0000-0000-0000-000000000000",
"roleDefinitionId": "00000000-0000-0000-0000-000000000000",
"principalId": "00000000-0000-0000-0000-000000000000",
"scope": "workspaces/exampleWorkspace",
"principalType": "User || Group || ServicePrincipal"
}
},
{
"accessDecision": "Allowed || NotAllowed",
"actionId": "Action 1",
"roleAssignment": {
"id": "00000000-0000-0000-0000-000000000000",
"roleDefinitionId": "00000000-0000-0000-0000-000000000000",
"principalId": "00000000-0000-0000-0000-000000000000",
"scope": "workspaces/exampleWorkspace",
"principalType": "User || Group || ServicePrincipal"
}
}
]
},
"default": {
"body": {
"error": {
"code": "Error code",
"message": "Error message"
}
}
}
}
}
32 changes: 32 additions & 0 deletions ...oft.Synapse/preview/2020-08-01-preview/examples/RoleAssignments_CreateRoleAssignment.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
{
"parameters": {
"endpoint": "exampleWorkspace.dev.azuresynapse.net",
"roleAssignmentId": "00000000-0000-0000-0000-000000000000",
"api-version": "2020-08-01-preview",
"request": {
"roleId": "00000000-0000-0000-0000-000000000000",
"principalId": "00000000-0000-0000-0000-000000000000",
"scope": "workspaces/exampleWorkspace",
"principalType": "User || Group || ServicePrincipal"
}
},
"responses": {
"200": {
"body": {
"id": "00000000-0000-0000-0000-000000000000",
"roleDefinitionId": "00000000-0000-0000-0000-000000000000",
"principalId": "00000000-0000-0000-0000-000000000000",
"scope": "workspaces/exampleWorkspace",
"principalType": "User || Group || ServicePrincipal"
}
},
"default": {
"body": {
"error": {
"code": "Error code",
"message": "Error message"
}
}
}
}
}
19 changes: 19 additions & 0 deletions ...Synapse/preview/2020-08-01-preview/examples/RoleAssignments_DeleteRoleAssignmentById.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{
"parameters": {
"endpoint": "exampleWorkspace.dev.azuresynapse.net",
"roleAssignmentId": "00000000-0000-0000-0000-000000000000",
"api-version": "2020-08-01-preview"
},
"responses": {
"200": {},
"204": {},
"default": {
"body": {
"error": {
"code": "Error code",
"message": "Error message"
}
}
}
}
}
Loading

0 comments on commit a16488b

Please sign in to comment.