Updated support for synapse role assignment and Added support for role scope

src/Synapse/Synapse/Commands/DataPlaneCommands/AccessControl/NewAzureSynapseRoleAssignment.cs

@@ -20,16 +20,16 @@ public class NewAzureSynapseRoleAssignment : SynapseRoleCmdletBase
         private const string NewByWorkspaceNameAndIdParameterSet = "NewByWorkspaceNameAndIdParameterSet";
         private const string NewByWorkspaceObjectAndNameParameterSet = "NewByWorkspaceObjectAndNameParameterSet";
         private const string NewByWorkspaceObjectAndIdParameterSet = "NewByWorkspaceObjectAndIdParameterSet";
-        private const string NewByWorkspaceNameAndRoleDefinitionIdAndObjectIdParameterSet = "NewByWorkspaceNameAndRoleDefinitionIdAndObjectIdParameterSet";
-        private const string NewByWorkspaceObjectAndRoleDefinitionIdAndObjectIdParameterSet = "NewByWorkspaceObjectAndRoleDefinitionIdAndObjectIdParameterSet";
+        private const string NewByWorkspaceNameAndRoleAssignmentIdAndObjectIdParameterSet = "NewByWorkspaceNameAndRoleAssignmentIdAndObjectIdParameterSet";
+        private const string NewByWorkspaceObjectAndRoleAssignmentIdAndObjectIdParameterSet = "NewByWorkspaceObjectAndRoleAssignmentIdAndObjectIdParameterSet";
         private const string NewByWorkspaceNameAndServicePrincipalNameParameterSet = "NewByWorkspaceNameAndServicePrincipalNameParameterSet";
         private const string NewByWorkspaceObjectAndServicePrincipalNameParameterSet = "NewByWorkspaceObjectAndServicePrincipalNameParameterSet";
 
         [Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = NewByWorkspaceNameAndNameParameterSet,
             Mandatory = true, HelpMessage = HelpMessages.WorkspaceName)]
         [Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = NewByWorkspaceNameAndIdParameterSet,
             Mandatory = true, HelpMessage = HelpMessages.WorkspaceName)]
-        [Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = NewByWorkspaceNameAndRoleDefinitionIdAndObjectIdParameterSet,
+        [Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = NewByWorkspaceNameAndRoleAssignmentIdAndObjectIdParameterSet,
             Mandatory = true, HelpMessage = HelpMessages.WorkspaceName)]
         [Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = NewByWorkspaceNameAndServicePrincipalNameParameterSet,
             Mandatory = true, HelpMessage = HelpMessages.WorkspaceName)]
@@ -41,7 +41,7 @@ public class NewAzureSynapseRoleAssignment : SynapseRoleCmdletBase
             Mandatory = true, HelpMessage = HelpMessages.WorkspaceObject)]
         [Parameter(ValueFromPipeline = true, ParameterSetName = NewByWorkspaceObjectAndIdParameterSet,
             Mandatory = true, HelpMessage = HelpMessages.WorkspaceObject)]
-        [Parameter(ValueFromPipeline = true, ParameterSetName = NewByWorkspaceObjectAndRoleDefinitionIdAndObjectIdParameterSet,
+        [Parameter(ValueFromPipeline = true, ParameterSetName = NewByWorkspaceObjectAndRoleAssignmentIdAndObjectIdParameterSet,
             Mandatory = true, HelpMessage = HelpMessages.WorkspaceObject)]
         [Parameter(ValueFromPipeline = true, ParameterSetName = NewByWorkspaceObjectAndServicePrincipalNameParameterSet,
             Mandatory = true, HelpMessage = HelpMessages.WorkspaceObject)]
@@ -63,13 +63,20 @@ public class NewAzureSynapseRoleAssignment : SynapseRoleCmdletBase
         [ValidateNotNullOrEmpty]
         public string RoleDefinitionName { get; set; }
 
-        [Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = NewByWorkspaceNameAndRoleDefinitionIdAndObjectIdParameterSet,
+        [Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = NewByWorkspaceNameAndRoleAssignmentIdAndObjectIdParameterSet,
             Mandatory = true, HelpMessage = HelpMessages.RoleDefinitionId)]
-        [Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = NewByWorkspaceObjectAndRoleDefinitionIdAndObjectIdParameterSet,
+        [Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = NewByWorkspaceObjectAndRoleAssignmentIdAndObjectIdParameterSet,
             Mandatory = true, HelpMessage = HelpMessages.RoleDefinitionId)]
         [ValidateNotNullOrEmpty]
         public string RoleDefinitionId { get; set; }
 
+        [Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = NewByWorkspaceNameAndRoleAssignmentIdAndObjectIdParameterSet,
+            Mandatory = true, HelpMessage = HelpMessages.RoleAssignmentId)]
+        [Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = NewByWorkspaceObjectAndRoleAssignmentIdAndObjectIdParameterSet,
+            Mandatory = true, HelpMessage = HelpMessages.RoleAssignmentId)]
+        [ValidateNotNullOrEmpty]
+        public string RoleAssignmentId { get; set; }
+
         [Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = NewByWorkspaceNameAndNameParameterSet,
             Mandatory = true, HelpMessage = HelpMessages.SignInName)]
         [Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = NewByWorkspaceObjectAndNameParameterSet,
@@ -89,14 +96,21 @@ public class NewAzureSynapseRoleAssignment : SynapseRoleCmdletBase
             Mandatory = true, HelpMessage = HelpMessages.PrincipalId)]
         [Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = NewByWorkspaceObjectAndIdParameterSet,
             Mandatory = true, HelpMessage = HelpMessages.PrincipalId)]
-        [Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = NewByWorkspaceNameAndRoleDefinitionIdAndObjectIdParameterSet,
+        [Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = NewByWorkspaceNameAndRoleAssignmentIdAndObjectIdParameterSet,
             Mandatory = true, HelpMessage = HelpMessages.PrincipalId)]
-        [Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = NewByWorkspaceObjectAndRoleDefinitionIdAndObjectIdParameterSet,
+        [Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = NewByWorkspaceObjectAndRoleAssignmentIdAndObjectIdParameterSet,
             Mandatory = true, HelpMessage = HelpMessages.PrincipalId)]
         [Alias("Id", "PrincipalId")]
         [ValidateNotNullOrEmpty]
         public string ObjectId { get; set; }
 
+        [Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = NewByWorkspaceNameAndIdParameterSet,
+            Mandatory = true, HelpMessage = HelpMessages.Scope)]
+        [Parameter(ValueFromPipelineByPropertyName = false, ParameterSetName = NewByWorkspaceObjectAndIdParameterSet,
+            Mandatory = true, HelpMessage = HelpMessages.Scope)]
+        [ValidateNotNullOrEmpty]
+        public string Scope { get; set; }
+
         [Parameter(Mandatory = false, HelpMessage = HelpMessages.AsJob)]
         public SwitchParameter AsJob { get; set; }
 
@@ -122,9 +136,9 @@ public override void ExecuteCmdlet()
                 this.ObjectId = SynapseAnalyticsClient.GetObjectIdFromServicePrincipalName(this.ServicePrincipalName);
             }
 
-            if (this.ShouldProcess(this.WorkspaceName, String.Format(Resources.CreatingSynapseRoleAssignment, this.WorkspaceName, this.RoleDefinitionId, this.ObjectId)))
+            if (this.ShouldProcess(this.WorkspaceName, String.Format(Resources.CreatingSynapseRoleAssignment, this.WorkspaceName, this.RoleAssignmentId, this.ObjectId)))
             {
-                PSRoleAssignmentDetails roleAssignmentDetails = new PSRoleAssignmentDetails(SynapseAnalyticsClient.CreateRoleAssignment(this.RoleDefinitionId, this.ObjectId));
+                PSRoleAssignmentDetails roleAssignmentDetails = new PSRoleAssignmentDetails(SynapseAnalyticsClient.CreateRoleAssignment(this.RoleAssignmentId, this.RoleDefinitionId, this.ObjectId,  this.Scope));
                 WriteObject(roleAssignmentDetails);
             }
         }

src/Synapse/Synapse/Common/HelpMessages.cs

@@ -267,6 +267,8 @@ SELECT on dbo.myTable by public
 
         public const string PrincipalId = "The Azure AD ObjectId of the User, Group or Service Principal.";
 
+        public const string Scope = "The Scope of the user.";
+
         public const string SignInName = "The email address or the user principal name of the user.";
 
         public const string ServicePrincipalName = "The ServicePrincipalName of the service principal.";

src/Synapse/Synapse/Models/PSRoleAssignmentDetails.cs

@@ -11,8 +11,8 @@ public class PSRoleAssignmentDetails
         public PSRoleAssignmentDetails(RoleAssignmentDetails roleAssignmentDetails)
         {
             this.RoleAssignmentId = roleAssignmentDetails.Id;
-            this.RoleDefinitionId = roleAssignmentDetails.RoleId;
-            this.ObjectId = roleAssignmentDetails.PrincipalId;
+            this.RoleDefinitionId = roleAssignmentDetails.RoleDefinitionId.ToString();
+            this.ObjectId = roleAssignmentDetails.PrincipalId.ToString();
         }
 
         public string RoleAssignmentId { get; set; }

src/Synapse/Synapse/Models/PSSynapseRole.cs

@@ -7,9 +7,9 @@ namespace Microsoft.Azure.Commands.Synapse.Models
 {
     public class PSSynapseRole
     {
-        public PSSynapseRole(SynapseRole synapseRole)
+        public PSSynapseRole(SynapseRoleDefinition synapseRole)
         {
-            this.Id = synapseRole.Id;
+            this.Id = synapseRole.Id.ToString();
             this.Name = synapseRole.Name;
             this.IsBuiltIn = synapseRole.IsBuiltIn;
         }
@@ -18,6 +18,6 @@ public PSSynapseRole(SynapseRole synapseRole)
 
         public string Name { get; set; }
 
-        public bool IsBuiltIn { get; set; }
+        public bool? IsBuiltIn { get; set; }
     }
 }

src/Synapse/Synapse/Models/SynapseAnalyticsRoleClient.cs

@@ -17,7 +17,8 @@ namespace Microsoft.Azure.Commands.Synapse.Models
 {
     public class SynapseAnalyticsRoleClient
     {
-        private readonly AccessControlClient _accessControlClient;
+        private readonly RoleAssignmentsClient _roleAssignmentsClient;
+        private readonly RoleDefinitionsClient _roleDefinitionsClient;
         private readonly ActiveDirectoryClient _activeDirectoryClient;
 
         public SynapseAnalyticsRoleClient(string workspaceName, IAzureContext context)
@@ -29,45 +30,46 @@ public SynapseAnalyticsRoleClient(string workspaceName, IAzureContext context)
 
             string suffix = context.Environment.GetEndpoint(AzureEnvironment.ExtendedEndpoint.AzureSynapseAnalyticsEndpointSuffix);
             Uri uri = new Uri("https://" + workspaceName + "." + suffix);
-            _accessControlClient = new AccessControlClient(uri, new AzureSessionCredential(context));
+            _roleAssignmentsClient = new RoleAssignmentsClient(uri, new AzureSessionCredential(context));
+            _roleDefinitionsClient = new RoleDefinitionsClient(uri, new AzureSessionCredential(context));
             _activeDirectoryClient = new ActiveDirectoryClient(context);
         }
 
         public IReadOnlyList<RoleAssignmentDetails> ListRoleAssignments(string roleDefinitionId = null, string objectId = null, string continuationToken = null)
         {
-            return _accessControlClient.GetRoleAssignments(roleDefinitionId, objectId, continuationToken).Value;
+            return (IReadOnlyList<RoleAssignmentDetails>)_roleAssignmentsClient.ListRoleAssignments(roleDefinitionId, objectId, continuationToken).Value;
         }
 
         public RoleAssignmentDetails GetRoleAssignmentById(string roleAssignmentId)
         {
-            return _accessControlClient.GetRoleAssignmentById(roleAssignmentId);
+            return _roleAssignmentsClient.GetRoleAssignmentById(roleAssignmentId);
         }
 
-        public RoleAssignmentDetails CreateRoleAssignment(string roleDefinitionId, string objectId)
+        public RoleAssignmentDetails CreateRoleAssignment(string roleAssignmentId, string RoleDefinitionId, string objectId, string scope)
         {
-            RoleAssignmentOptions roleAssignmentOptions = new RoleAssignmentOptions(roleDefinitionId, objectId);
-            return _accessControlClient.CreateRoleAssignment(roleAssignmentOptions).Value;
+            //RoleAssignmentOptions roleAssignmentOptions = new RoleAssignmentOptions(roleAssignmentId, objectId);
+            return _roleAssignmentsClient.CreateRoleAssignment(roleAssignmentId, new Guid(RoleDefinitionId), new Guid(objectId), scope);
         }
 
         public void DeleteRoleAssignmentById(string roleAssignmentId)
         {
-            _accessControlClient.DeleteRoleAssignmentById(roleAssignmentId);
+            _roleAssignmentsClient.DeleteRoleAssignmentById(roleAssignmentId);
         }
 
         public void DeleteRoleAssignmentByName(string roleDefinitionId, string objectId)
         {
             string roleAssignmentId = roleDefinitionId + "-" + objectId;
-            _accessControlClient.DeleteRoleAssignmentById(roleAssignmentId);
+            _roleAssignmentsClient.DeleteRoleAssignmentById(roleAssignmentId);
         }
 
-        public Pageable<SynapseRole> GetRoleDefinitions()
+        public IReadOnlyList<SynapseRoleDefinition> GetRoleDefinitions()
         {
-            return _accessControlClient.GetRoleDefinitions();
+            return (IReadOnlyList<SynapseRoleDefinition>)_roleDefinitionsClient.ListRoleDefinitions();
         }
 
-        public SynapseRole GetRoleDefinitionById(string roleId)
+        public SynapseRoleDefinition GetRoleDefinitionById(string roleId)
         {
-            return _accessControlClient.GetRoleDefinitionById(roleId).Value;
+            return _roleDefinitionsClient.GetRoleDefinitionById(roleId).Value;
         }
 
         public string GetObjectIdFromSignInName(string signInName)
@@ -106,12 +108,12 @@ public string GetRoleDefinitionIdFromRoleDefinitionName(string roleDefinitionNam
             {
                 return null;
             }
-            var roleDefinition = _accessControlClient.GetRoleDefinitions().SingleOrDefault(element => element.Name == roleDefinitionName);
+            var roleDefinition = _roleDefinitionsClient.ListRoleDefinitions().Value.SingleOrDefault(element => element.Name == roleDefinitionName);
             if (roleDefinition == null)
             {
                 throw new InvalidOperationException(String.Format(Resources.RoleDefinitionNameDoesNotExist, roleDefinitionName));
             }
-            return roleDefinition.Id;
+            return roleDefinition.Id.ToString();
         }
     }
 }