diff --git a/specification/synapse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/checkAccessSynapseRbac.json b/specification/synapse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/checkAccessSynapseRbac.json new file mode 100644 index 000000000000..7dcbd04aa09f --- /dev/null +++ b/specification/synapse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/checkAccessSynapseRbac.json @@ -0,0 +1,264 @@ +{ + "swagger": "2.0", + "info": { + "version": "2020-08-01-preview", + "title": "AccessControlClient" + }, + "x-ms-parameterized-host": { + "hostTemplate": "{endpoint}", + "useSchemePrefix": false, + "parameters": [ + { + "$ref": "#/parameters/Endpoint" + } + ] + }, + "schemes": [ + "https" + ], + "paths": { + "/checkAccessSynapseRbac": { + "post": { + "tags": [ + "CheckPrincipalAccess" + ], + "operationId": "CheckPrincipalAccess", + "description": "Check if the given principalId has access to perform list of actions at a given scope.", + "x-ms-examples": { + "Check access": { + "$ref": "./examples/CheckAccessSynapseRbac.json" + } + }, + "consumes": [ + "application/json", + "text/json" + ], + "produces": [ + "application/json", + "text/json" + ], + "parameters": [ + { + "name": "request", + "in": "body", + "required": true, + "x-ms-client-flatten": true, + "description": "Details of scope, list of actions and principal.", + "schema": { + "$ref": "#/definitions/CheckPrincipalAccessRequest" + } + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Success response.", + "schema": { + "$ref": "#/definitions/CheckPrincipalAccessResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorContract" + } + } + } + } + } + }, + "definitions": { + "ErrorContract": { + "title": "Error details.", + "description": "Contains details when the response code indicates an error.", + "type": "object", + "properties": { + "error": { + "description": "The error details.", + "$ref": "#/definitions/ErrorResponse" + } + } + }, + "ErrorResponse": { + "required": [ + "code", + "message" + ], + "type": "object", + "properties": { + "code": { + "type": "string" + }, + "message": { + "type": "string" + }, + "target": { + "type": "string" + }, + "details": { + "type": "array", + "items": { + "$ref": "#/definitions/ErrorDetail" + } + } + } + }, + "ErrorDetail": { + "required": [ + "code", + "message" + ], + "type": "object", + "properties": { + "code": { + "type": "string" + }, + "message": { + "type": "string" + }, + "target": { + "type": "string" + } + } + }, + "CheckPrincipalAccessRequest": { + "description": "Check access request details", + "type": "object", + "required": [ + "scope", + "actions", + "subject" + ], + "properties": { + "subject": { + "description": "Subject details", + "type": "object", + "$ref": "#/definitions/SubjectInfo" + }, + "actions": { + "description": "List of actions.", + "type": "array", + "items": { + "$ref": "#/definitions/Action" + } + }, + "scope": { + "description": "Scope at which the check access is done.", + "type": "string" + } + } + }, + "Action": { + "description": "Action Info", + "type": "object", + "required": [ + "id", + "isDataAction" + ], + "properties": { + "id": { + "description": "Action Id.", + "type": "string" + }, + "isDataAction": { + "description": "Is a data action or not.", + "type": "boolean" + } + } + }, + "CheckPrincipalAccessResponse": { + "description": "Check access response details", + "type": "array", + "items": { + "$ref": "#/definitions/CheckAccessDecision" + } + }, + "SubjectInfo": { + "description": "Subject details", + "type": "object", + "required": [ + "principalId" + ], + "properties": { + "principalId": { + "description": "Principal Id", + "format": "uuid", + "type": "string" + }, + "groupIds": { + "description": "List of group Ids that the principalId is part of.", + "type": "array", + "items": { + "format": "uuid", + "type": "string" + } + } + } + }, + "CheckAccessDecision": { + "description": "Check access response details", + "type": "object", + "properties": { + "accessDecision": { + "description": "Access Decision.", + "type": "string" + }, + "actionId": { + "description": "Action Id.", + "type": "string" + }, + "roleAssignment": { + "$ref": "#/definitions/RoleAssignmentDetails" + } + } + }, + "RoleAssignmentDetails": { + "description": "Role Assignment response details", + "type": "object", + "properties": { + "id": { + "description": "Role Assignment ID", + "type": "string" + }, + "roleDefinitionId": { + "description": "Role ID of the Synapse Built-In Role", + "format": "uuid", + "type": "string" + }, + "principalId": { + "description": "Object ID of the AAD principal or security-group", + "format": "uuid", + "type": "string" + }, + "scope": { + "description": "Scope at the role assignment is created", + "type": "string" + }, + "principalType": { + "description": "Type of the principal Id: User, Group or ServicePrincipal", + "type": "string" + } + } + } + }, + "parameters": { + "Endpoint": { + "name": "endpoint", + "description": "The workspace development endpoint, for example https://myworkspace.dev.azuresynapse.net.", + "required": true, + "type": "string", + "in": "path", + "x-ms-skip-url-encoding": true, + "x-ms-parameter-location": "client" + }, + "ApiVersionParameter": { + "name": "api-version", + "in": "query", + "required": true, + "type": "string", + "description": "The Synapse client API Version." + } + } +} diff --git a/specification/synapse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/examples/CheckAccessSynapseRbac.json b/specification/synapse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/examples/CheckAccessSynapseRbac.json new file mode 100644 index 000000000000..6b4ddb1f1df1 --- /dev/null +++ b/specification/synapse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/examples/CheckAccessSynapseRbac.json @@ -0,0 +1,62 @@ +{ + "parameters": { + "endpoint": "exampleWorkspace.dev.azuresynapse.net", + "api-version": "2020-08-01-preview", + "request": { + "subject": { + "principalId": "00000000-0000-0000-0000-000000000000", + "groupIds": [ + "00000000-0000-0000-0000-000000000000", + "00000000-0000-0000-0000-000000000000" + ] + }, + "scope": "workspaces/exampleWorkspace", + "actions": [ + { + "id": "Action 1", + "isDataAction": true + }, + { + "id": "Action 2", + "isDataAction": true + } + ] + } + }, + "responses": { + "200": { + "body": [ + { + "accessDecision": "Allowed || NotAllowed", + "actionId": "Action 1", + "roleAssignment": { + "id": "00000000-0000-0000-0000-000000000000", + "roleDefinitionId": "00000000-0000-0000-0000-000000000000", + "principalId": "00000000-0000-0000-0000-000000000000", + "scope": "workspaces/exampleWorkspace", + "principalType": "User || Group || ServicePrincipal" + } + }, + { + "accessDecision": "Allowed || NotAllowed", + "actionId": "Action 1", + "roleAssignment": { + "id": "00000000-0000-0000-0000-000000000000", + "roleDefinitionId": "00000000-0000-0000-0000-000000000000", + "principalId": "00000000-0000-0000-0000-000000000000", + "scope": "workspaces/exampleWorkspace", + "principalType": "User || Group || ServicePrincipal" + } + } + ] + }, + "default": { + "body": { + "error": { + "code": "Error code", + "message": "Error message" + } + } + } + } +} diff --git a/specification/synapse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/examples/RoleAssignments_CreateRoleAssignment.json b/specification/synapse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/examples/RoleAssignments_CreateRoleAssignment.json new file mode 100644 index 000000000000..11b7f8841481 --- /dev/null +++ b/specification/synapse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/examples/RoleAssignments_CreateRoleAssignment.json @@ -0,0 +1,32 @@ +{ + "parameters": { + "endpoint": "exampleWorkspace.dev.azuresynapse.net", + "roleAssignmentId": "00000000-0000-0000-0000-000000000000", + "api-version": "2020-08-01-preview", + "request": { + "roleId": "00000000-0000-0000-0000-000000000000", + "principalId": "00000000-0000-0000-0000-000000000000", + "scope": "workspaces/exampleWorkspace", + "principalType": "User || Group || ServicePrincipal" + } + }, + "responses": { + "200": { + "body": { + "id": "00000000-0000-0000-0000-000000000000", + "roleDefinitionId": "00000000-0000-0000-0000-000000000000", + "principalId": "00000000-0000-0000-0000-000000000000", + "scope": "workspaces/exampleWorkspace", + "principalType": "User || Group || ServicePrincipal" + } + }, + "default": { + "body": { + "error": { + "code": "Error code", + "message": "Error message" + } + } + } + } +} diff --git a/specification/synapse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/examples/RoleAssignments_DeleteRoleAssignmentById.json b/specification/synapse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/examples/RoleAssignments_DeleteRoleAssignmentById.json new file mode 100644 index 000000000000..4f6934c613b0 --- /dev/null +++ b/specification/synapse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/examples/RoleAssignments_DeleteRoleAssignmentById.json @@ -0,0 +1,19 @@ +{ + "parameters": { + "endpoint": "exampleWorkspace.dev.azuresynapse.net", + "roleAssignmentId": "00000000-0000-0000-0000-000000000000", + "api-version": "2020-08-01-preview" + }, + "responses": { + "200": {}, + "204": {}, + "default": { + "body": { + "error": { + "code": "Error code", + "message": "Error message" + } + } + } + } +} diff --git a/specification/synapse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/examples/RoleAssignments_GetRoleAssignmentById.json b/specification/synapse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/examples/RoleAssignments_GetRoleAssignmentById.json new file mode 100644 index 000000000000..22701a834ab9 --- /dev/null +++ b/specification/synapse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/examples/RoleAssignments_GetRoleAssignmentById.json @@ -0,0 +1,26 @@ +{ + "parameters": { + "endpoint": "exampleWorkspace.dev.azuresynapse.net", + "roleAssignmentId": "00000000-0000-0000-0000-000000000000", + "api-version": "2020-08-01-preview" + }, + "responses": { + "200": { + "body": { + "id": "00000000-0000-0000-0000-000000000000", + "roleDefinitionId": "00000000-0000-0000-0000-000000000000", + "principalId": "00000000-0000-0000-0000-000000000000", + "scope": "workspaces/exampleWorkspace", + "principalType": "User || Group || ServicePrincipal" + } + }, + "default": { + "body": { + "error": { + "code": "Error code", + "message": "Error message" + } + } + } + } +} diff --git a/specification/synapse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/examples/RoleAssignments_ListRoleAssignments.json b/specification/synapse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/examples/RoleAssignments_ListRoleAssignments.json new file mode 100644 index 000000000000..ced7b5ef11b4 --- /dev/null +++ b/specification/synapse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/examples/RoleAssignments_ListRoleAssignments.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "endpoint": "exampleWorkspace.dev.azuresynapse.net", + "api-version": "2020-08-01-preview", + "roleId": "00000000-0000-0000-0000-000000000000", + "principalId": "00000000-0000-0000-0000-000000000000", + "scope": "workspaces/exampleWorkspace" + }, + "responses": { + "200": { + "headers": { + "x-ms-continuation": null + }, + "body": { + "count": 2, + "value": [ + { + "id": "00000000-0000-0000-0000-000000000000", + "roleDefinitionId": "00000000-0000-0000-0000-000000000000", + "principalId": "00000000-0000-0000-0000-000000000000", + "scope": "workspaces/exampleWorkspace", + "principalType": "User || Group || ServicePrincipal" + }, + { + "id": "00000000-0000-0000-0000-000000000000", + "roleDefinitionId": "00000000-0000-0000-0000-000000000000", + "principalId": "00000000-0000-0000-0000-000000000000", + "scope": "workspaces/exampleWorkspace", + "principalType": "User || Group || ServicePrincipal" + } + ] + } + }, + "default": { + "body": { + "error": { + "code": "Error code", + "message": "Error message" + } + } + } + } +} diff --git a/specification/synapse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/examples/RoleDefinitions_GetRoleDefinitionById.json b/specification/synapse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/examples/RoleDefinitions_GetRoleDefinitionById.json new file mode 100644 index 000000000000..69fcf735b5fa --- /dev/null +++ b/specification/synapse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/examples/RoleDefinitions_GetRoleDefinitionById.json @@ -0,0 +1,50 @@ +{ + "parameters": { + "endpoint": "exampleWorkspace.dev.azuresynapse.net", + "roleDefinitionId": "00000000-0000-0000-0000-000000000000", + "api-version": "2020-08-01-preview" + }, + "responses": { + "200": { + "body": { + "id": "00000000-0000-0000-0000-000000000000", + "name": "Synapse role name", + "isBuiltIn": true, + "description": "Role description", + "permissions": [ + { + "actions": [ + "Action 1", + "Action 2" + ], + "dataActions": [ + "Data Action 1", + "Data Action 2" + ], + "notActions": [ + "Not Action 1", + "Not Action 2" + ], + "notDataActions": [ + "Data Action 1", + "Data Action 2" + ] + } + ], + "scopes": [ + "scope 1", + "scope 2" + ], + "availabilityStatus": "AvailabilityStatusValue" + } + }, + "default": { + "body": { + "error": { + "code": "Error code", + "message": "Error message" + } + } + } + } +} diff --git a/specification/synapse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/examples/RoleDefinitions_ListRoleDefinitions.json b/specification/synapse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/examples/RoleDefinitions_ListRoleDefinitions.json new file mode 100644 index 000000000000..e247b1fb8eb1 --- /dev/null +++ b/specification/synapse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/examples/RoleDefinitions_ListRoleDefinitions.json @@ -0,0 +1,82 @@ +{ + "parameters": { + "endpoint": "exampleWorkspace.dev.azuresynapse.net", + "api-version": "2020-08-01-preview" + }, + "responses": { + "200": { + "body": [ + { + "id": "00000000-0000-0000-0000-000000000000", + "name": "Synapse role name 1", + "isBuiltIn": true, + "description": "Role description 1", + "permissions": [ + { + "actions": [ + "Action 1", + "Action 2" + ], + "dataActions": [ + "Data Action 1", + "Data Action 2" + ], + "notActions": [ + "Not Action 1", + "Not Action 2" + ], + "notDataActions": [ + "Data Action 1", + "Data Action 2" + ] + } + ], + "scopes": [ + "scope 1", + "scope 2" + ], + "availabilityStatus": "AvailabilityStatusValue" + }, + { + "id": "00000000-0000-0000-0000-000000000000", + "name": "Synapse role name 2", + "isBuiltIn": true, + "description": "Role description 2", + "permissions": [ + { + "actions": [ + "Action 1", + "Action 2" + ], + "dataActions": [ + "Data Action 1", + "Data Action 2" + ], + "notActions": [ + "Not Action 1", + "Not Action 2" + ], + "notDataActions": [ + "Data Action 1", + "Data Action 2" + ] + } + ], + "scopes": [ + "scope 1", + "scope 2" + ], + "availabilityStatus": "AvailabilityStatusValue" + } + ] + }, + "default": { + "body": { + "error": { + "code": "Error code", + "message": "Error message" + } + } + } + } +} diff --git a/specification/synapse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/examples/RoleDefinitions_ListScopes.json b/specification/synapse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/examples/RoleDefinitions_ListScopes.json new file mode 100644 index 000000000000..3323776f2bea --- /dev/null +++ b/specification/synapse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/examples/RoleDefinitions_ListScopes.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "endpoint": "exampleWorkspace.dev.azuresynapse.net", + "api-version": "2020-08-01-preview" + }, + "responses": { + "200": { + "body": [ + "scope 1", + "scope 2", + "scope 3" + ] + }, + "default": { + "body": { + "error": { + "code": "Error code", + "message": "Error message" + } + } + } + } +} diff --git a/specification/synapse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/roleAssignments.json b/specification/synapse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/roleAssignments.json new file mode 100644 index 000000000000..247cb292486d --- /dev/null +++ b/specification/synapse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/roleAssignments.json @@ -0,0 +1,398 @@ +{ + "swagger": "2.0", + "info": { + "version": "2020-08-01-preview", + "title": "AccessControlClient" + }, + "x-ms-parameterized-host": { + "hostTemplate": "{endpoint}", + "useSchemePrefix": false, + "parameters": [ + { + "$ref": "#/parameters/Endpoint" + } + ] + }, + "schemes": [ + "https" + ], + "paths": { + "/roleAssignments": { + "get": { + "tags": [ + "RoleAssignments" + ], + "operationId": "RoleAssignments_ListRoleAssignments", + "description": "List role assignments.", + "x-ms-examples": { + "List role assignments": { + "$ref": "./examples/RoleAssignments_ListRoleAssignments.json" + } + }, + "consumes": [], + "produces": [ + "application/json", + "text/json" + ], + "parameters": [ + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/RoleIdParameter" + }, + { + "$ref": "#/parameters/PrincipalIdParameter" + }, + { + "$ref": "#/parameters/ScopeParameter" + }, + { + "$ref": "#/parameters/XMsContinuationToken" + } + ], + "responses": { + "200": { + "description": "Success response.", + "headers": { + "x-ms-continuation": { + "description": "If the number of role assignments to be listed exceeds the maxResults limit, a continuation token is returned in this response header. When a continuation token is returned in the response, it must be specified in a subsequent invocation of the list operation to continue listing the role assignments.", + "type": "string" + } + }, + "schema": { + "$ref": "#/definitions/RoleAssignmentDetailsList" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorContract" + } + } + } + } + }, + "/roleAssignments/{roleAssignmentId}": { + "put": { + "tags": [ + "RoleAssignments" + ], + "operationId": "RoleAssignments_CreateRoleAssignment", + "description": "Create role assignment.", + "x-ms-examples": { + "Create role assignment": { + "$ref": "./examples/RoleAssignments_CreateRoleAssignment.json" + } + }, + "consumes": [ + "application/json", + "text/json" + ], + "produces": [ + "application/json", + "text/json" + ], + "parameters": [ + { + "name": "request", + "in": "body", + "required": true, + "x-ms-client-flatten": true, + "description": "Details of role id, scope and object id.", + "schema": { + "$ref": "#/definitions/RoleAssignmentRequest" + } + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/RoleAssignmentIdParameter" + } + ], + "responses": { + "200": { + "description": "Success response.", + "schema": { + "$ref": "#/definitions/RoleAssignmentDetails" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorContract" + } + } + } + }, + "get": { + "tags": [ + "RoleAssignments" + ], + "operationId": "RoleAssignments_GetRoleAssignmentById", + "description": "Get role assignment by role assignment Id.", + "x-ms-examples": { + "Get role assignment information": { + "$ref": "./examples/RoleAssignments_GetRoleAssignmentById.json" + } + }, + "consumes": [], + "produces": [ + "application/json", + "text/json" + ], + "parameters": [ + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/RoleAssignmentIdParameter" + } + ], + "responses": { + "200": { + "description": "Success response.", + "schema": { + "$ref": "#/definitions/RoleAssignmentDetails" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorContract" + } + } + } + }, + "delete": { + "tags": [ + "RoleAssignments" + ], + "operationId": "RoleAssignments_DeleteRoleAssignmentById", + "description": "Delete role assignment by role assignment Id.", + "x-ms-examples": { + "Delete role assignment": { + "$ref": "./examples/RoleAssignments_DeleteRoleAssignmentById.json" + } + }, + "consumes": [], + "produces": [ + "application/json", + "text/json" + ], + "parameters": [ + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/RoleAssignmentIdParameter" + } + ], + "responses": { + "200": { + "description": "Success response." + }, + "204": { + "description": "No Content." + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorContract" + } + } + } + } + } + }, + "definitions": { + "ErrorContract": { + "title": "Error details.", + "description": "Contains details when the response code indicates an error.", + "type": "object", + "properties": { + "error": { + "description": "The error details.", + "$ref": "#/definitions/ErrorResponse" + } + } + }, + "ErrorResponse": { + "required": [ + "code", + "message" + ], + "type": "object", + "properties": { + "code": { + "type": "string" + }, + "message": { + "type": "string" + }, + "target": { + "type": "string" + }, + "details": { + "type": "array", + "items": { + "$ref": "#/definitions/ErrorDetail" + } + } + } + }, + "ErrorDetail": { + "required": [ + "code", + "message" + ], + "type": "object", + "properties": { + "code": { + "type": "string" + }, + "message": { + "type": "string" + }, + "target": { + "type": "string" + } + } + }, + "RoleAssignmentRequest": { + "description": "Role Assignment request details", + "type": "object", + "required": [ + "roleId", + "principalId", + "scope" + ], + "properties": { + "roleId": { + "description": "Role ID of the Synapse Built-In Role", + "format": "uuid", + "type": "string" + }, + "principalId": { + "description": "Object ID of the AAD principal or security-group", + "format": "uuid", + "type": "string" + }, + "scope": { + "description": "Scope at which the role assignment is created", + "type": "string" + }, + "principalType": { + "description": "Type of the principal Id: User, Group or ServicePrincipal", + "type": "string" + } + } + }, + "RoleAssignmentDetailsList": { + "description": "Role Assignment response details", + "type": "object", + "properties": { + "count": { + "description": "Number of role assignments", + "type": "integer" + }, + "value": { + "description": "A list of role assignments", + "type": "array", + "items": { + "$ref": "#/definitions/RoleAssignmentDetails" + } + } + } + }, + "RoleAssignmentDetails": { + "description": "Role Assignment response details", + "type": "object", + "properties": { + "id": { + "description": "Role Assignment ID", + "type": "string" + }, + "roleDefinitionId": { + "description": "Role ID of the Synapse Built-In Role", + "format": "uuid", + "type": "string" + }, + "principalId": { + "description": "Object ID of the AAD principal or security-group", + "format": "uuid", + "type": "string" + }, + "scope": { + "description": "Scope at the role assignment is created", + "type": "string" + }, + "principalType": { + "description": "Type of the principal Id: User, Group or ServicePrincipal", + "type": "string" + } + } + } + }, + "parameters": { + "Endpoint": { + "name": "endpoint", + "description": "The workspace development endpoint, for example https://myworkspace.dev.azuresynapse.net.", + "required": true, + "type": "string", + "in": "path", + "x-ms-skip-url-encoding": true, + "x-ms-parameter-location": "client" + }, + "ApiVersionParameter": { + "name": "api-version", + "in": "query", + "required": true, + "type": "string", + "description": "The Synapse client API Version." + }, + "RoleIdParameter": { + "name": "roleId", + "in": "query", + "required": false, + "type": "string", + "description": "Synapse Built-In Role Id.", + "x-ms-parameter-location": "method" + }, + "PrincipalIdParameter": { + "name": "principalId", + "in": "query", + "required": false, + "type": "string", + "description": "Object ID of the AAD principal or security-group.", + "x-ms-parameter-location": "method" + }, + "RoleAssignmentIdParameter": { + "name": "roleAssignmentId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the role assignment.", + "minLength": 1, + "x-ms-parameter-location": "method" + }, + "ScopeParameter": { + "name": "scope", + "in": "query", + "required": false, + "type": "string", + "description": "Scope of the Synapse Built-in Role.", + "x-ms-parameter-location": "method" + }, + "XMsContinuationToken": { + "name": "x-ms-continuation", + "x-ms-client-name": "continuationToken", + "in": "header", + "required": false, + "type": "string", + "description": "Continuation token.", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/synapse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/roleDefinitions.json b/specification/synapse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/roleDefinitions.json new file mode 100644 index 000000000000..b4e68820be5c --- /dev/null +++ b/specification/synapse/data-plane/Microsoft.Synapse/preview/2020-08-01-preview/roleDefinitions.json @@ -0,0 +1,272 @@ +{ + "swagger": "2.0", + "info": { + "version": "2020-08-01-preview", + "title": "AccessControlClient" + }, + "x-ms-parameterized-host": { + "hostTemplate": "{endpoint}", + "useSchemePrefix": false, + "parameters": [ + { + "$ref": "#/parameters/Endpoint" + } + ] + }, + "schemes": [ + "https" + ], + "paths": { + "/roleDefinitions": { + "get": { + "tags": [ + "SynapseRoleDefinitions" + ], + "operationId": "RoleDefinitions_ListRoleDefinitions", + "description": "List role definitions.", + "x-ms-examples": { + "List role definitions": { + "$ref": "./examples/RoleDefinitions_ListRoleDefinitions.json" + } + }, + "consumes": [], + "produces": [ + "application/json", + "text/json" + ], + "parameters": [ + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/IsBuiltInParameter" + }, + { + "$ref": "#/parameters/ScopeParameter" + } + ], + "responses": { + "200": { + "description": "Success response.", + "schema": { + "$ref": "#/definitions/RoleDefinitionsListResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./roleAssignments.json#/definitions/ErrorContract" + } + } + } + } + }, + "/roleDefinitions/{roleDefinitionId}": { + "get": { + "tags": [ + "SynapseRoleDefinitions" + ], + "operationId": "RoleDefinitions_GetRoleDefinitionById", + "description": "Get role definition by role definition Id.", + "x-ms-examples": { + "Get role definition information": { + "$ref": "./examples/RoleDefinitions_GetRoleDefinitionById.json" + } + }, + "consumes": [], + "produces": [ + "application/json", + "text/json" + ], + "parameters": [ + { + "$ref": "#/parameters/RoleDefinitionIdParameter" + } + ], + "responses": { + "200": { + "description": "Success response.", + "schema": { + "$ref": "#/definitions/SynapseRoleDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./roleAssignments.json#/definitions/ErrorContract" + } + } + } + } + }, + "/rbacScopes": { + "get": { + "tags": [ + "SynapseRbacScopes" + ], + "operationId": "RoleDefinitions_ListScopes", + "description": "List rbac scopes.", + "x-ms-examples": { + "List rbac scopes": { + "$ref": "./examples/RoleDefinitions_ListScopes.json" + } + }, + "consumes": [], + "produces": [ + "application/json", + "text/json" + ], + "parameters": [ + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Success response.", + "schema": { + "description": "A list of Synapse rbac scopes available.", + "type": "array", + "items": { + "description": "Synapse rbac scope.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "./roleAssignments.json#/definitions/ErrorContract" + } + } + } + } + } + }, + "definitions": { + "RoleDefinitionsListResponse": { + "description": "A list of Synapse roles available.", + "type": "array", + "items": { + "$ref": "#/definitions/SynapseRoleDefinition" + } + }, + "SynapseRoleDefinition": { + "description": "Synapse role definition details", + "type": "object", + "properties": { + "id": { + "description": "Role Definition ID", + "format": "uuid", + "type": "string" + }, + "name": { + "description": "Name of the Synapse role", + "type": "string" + }, + "isBuiltIn": { + "description": "Is a built-in role or not", + "type": "boolean" + }, + "description": { + "description": "Description for the Synapse role", + "type": "string" + }, + "permissions": { + "description": "Permissions for the Synapse role", + "type": "array", + "items": { + "$ref": "#/definitions/SynapseRbacPermission" + } + }, + "scopes": { + "description": "Allowed scopes for the Synapse role", + "type": "array", + "items": { + "type": "string" + } + }, + "availabilityStatus": { + "description": "Availability of the Synapse role", + "type": "string" + } + } + }, + "SynapseRbacPermission": { + "description": "Synapse role definition details", + "type": "object", + "properties": { + "actions": { + "description": "List of actions", + "type": "array", + "items": { + "type": "string" + } + }, + "notActions": { + "description": "List of Not actions", + "type": "array", + "items": { + "type": "string" + } + }, + "dataActions": { + "description": "List of data actions", + "type": "array", + "items": { + "type": "string" + } + }, + "notDataActions": { + "description": "List of Not data actions", + "type": "array", + "items": { + "type": "string" + } + } + } + } + }, + "parameters": { + "Endpoint": { + "name": "endpoint", + "description": "The workspace development endpoint, for example https://myworkspace.dev.azuresynapse.net.", + "required": true, + "type": "string", + "in": "path", + "x-ms-skip-url-encoding": true, + "x-ms-parameter-location": "client" + }, + "ApiVersionParameter": { + "name": "api-version", + "in": "query", + "required": true, + "type": "string", + "description": "The Synapse client API Version." + }, + "RoleDefinitionIdParameter": { + "name": "roleDefinitionId", + "in": "path", + "required": true, + "type": "string", + "description": "Synapse Built-In Role Definition Id.", + "x-ms-parameter-location": "method" + }, + "IsBuiltInParameter": { + "name": "isBuiltIn", + "in": "query", + "required": false, + "type": "boolean", + "description": "Is a Synapse Built-In Role or not.", + "x-ms-parameter-location": "method" + }, + "ScopeParameter": { + "name": "scope", + "in": "query", + "required": false, + "type": "string", + "description": "Scope of the Synapse Built-in Role.", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/synapse/data-plane/readme.md b/specification/synapse/data-plane/readme.md index afa6ec3bc6df..304b5141ede2 100644 --- a/specification/synapse/data-plane/readme.md +++ b/specification/synapse/data-plane/readme.md @@ -88,6 +88,17 @@ input-file: - Microsoft.Synapse/preview/2020-02-01-preview/roleAssignments.json ``` +### Tag: package-access-control-2020-08-01-preview + +These settings apply only when `--tag=package-access-control-2020-02-01-preview` is specified on the command line. + +``` yaml $(tag) == 'package-access-control-2020-08-01-preview' +input-file: +- Microsoft.Synapse/preview/2020-08-01-preview/checkAccessSynapseRbac.json +- Microsoft.Synapse/preview/2020-08-01-preview/roleDefinitions.json +- Microsoft.Synapse/preview/2020-08-01-preview/roleAssignments.json +``` + ### Tag: package-vnet-2019-06-01-preview These settings apply only when `--tag=package-vnet-2019-06-01-preview` is specified on the command line