From 110b84e2e70eaea9d18b468de5e33199839d922b Mon Sep 17 00:00:00 2001 From: sunsw1994 Date: Thu, 10 Dec 2020 15:44:23 +0800 Subject: [PATCH 01/13] add cmk support --- .../synapse/_client_factory.py | 4 ++ .../cli/command_modules/synapse/_help.py | 60 +++++++++++++++++++ .../cli/command_modules/synapse/_params.py | 23 ++++++- .../cli/command_modules/synapse/commands.py | 16 +++++ .../synapse/operations/workspace.py | 19 +++++- 5 files changed, 118 insertions(+), 4 deletions(-) diff --git a/src/azure-cli/azure/cli/command_modules/synapse/_client_factory.py b/src/azure-cli/azure/cli/command_modules/synapse/_client_factory.py index ea31164f78a..1462979c4c5 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/_client_factory.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/_client_factory.py @@ -46,6 +46,10 @@ def cf_synapse_client_ipfirewallrules_factory(cli_ctx, *_): return cf_synapse(cli_ctx).ip_firewall_rules +def cf_synapse_client_cmk_factory(cli_ctx, *_): + return cf_synapse(cli_ctx).keys + + def cf_synapse_client_operations_factory(cli_ctx, *_): return cf_synapse(cli_ctx).operations diff --git a/src/azure-cli/azure/cli/command_modules/synapse/_help.py b/src/azure-cli/azure/cli/command_modules/synapse/_help.py index ce76610167e..00f3677b430 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/_help.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/_help.py @@ -32,6 +32,22 @@ az synapse workspace create --name fromcli4 --resource-group rg \\ --storage-account /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg/providers/Microsoft.Storage/storageAccounts/testadlsgen2 --file-system testfilesystem \\ --sql-admin-login-user cliuser1 --sql-admin-login-password Password123! --location "East US" + - name: Create a Synapse workspace using customer-managed key + text: |- + az synapse workspace create --name fromcli4 --resource-group rg \\ + --storage-account testadlsgen2 --file-system testfilesystem \\ + --sql-admin-login-user cliuser1 --sql-admin-login-password Password123! --location "East US" \\ + --key-identitier https://{keyvaultname}.vault.azure.net/keys/{keyname} --key-name testcmk +""" + +helps['synapse workspace activate'] = """ +type: command +short-summary: Activate workspace using customer-managed key after creating. +examples: + - name: Activate workspace using customer-managed key after creating. + text: |- + az synapse workspace activate --key-name existedkey --workspace-name testsynapseworkspace \\ + --resource-group rg --key-vault-url https://{keyvaultname}.vault.azure.net/keys/{keyname} """ helps['synapse workspace list'] = """ @@ -454,6 +470,50 @@ --state Disabled """ +helps['synapse workspace key'] = """ +type: group +short-summary: Manage workspace's keys. +""" + +helps['synapse workspace key create'] = """ +type: command +short-summary: Create a workspace's key. +examples: + - name: Create a workspace's key. + text: |- + az synapse workspace key create --key-name newkey --workspace-name testsynapseworkspace \\ + --resource-group rg --key-vault-url https://{keyvaultname}.vault.azure.net/keys/{keyname} +""" + +helps['synapse workspace key delete'] = """ +type: command +short-summary: Delete a workspace's key. The key at active status can't be deleted. +examples: + - name: Delete a workspace's key. + text: |- + az synapse workspace key delete --key-name newkey --workspace-name testsynapseworkspace \\ + --resource-group rg +""" + +helps['synapse workspace key get'] = """ +type: command +short-summary: Get a workspace's key by name. +examples: + - name: Get a workspace's key. + text: |- + az synapse workspace key get --key-name newkey --workspace-name testsynapseworkspace \\ + --resource-group rg +""" + +helps['synapse workspace key list'] = """ +type: command +short-summary: List keys under specified workspace. +examples: + - name: List keys under specified workspace. + text: |- + az synapse workspace key list --workspace-name testsynapseworkspace --resource-group rg +""" + helps['synapse workspace firewall-rule'] = """ type: group short-summary: Manage a workspace's firewall rules. diff --git a/src/azure-cli/azure/cli/command_modules/synapse/_params.py b/src/azure-cli/azure/cli/command_modules/synapse/_params.py index 44298ade11b..6157f444011 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/_params.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/_params.py @@ -47,7 +47,7 @@ def _configure_security_or_audit_policy_storage_params(arg_ctx): def load_arguments(self, _): # synapse workspace - for scope in ['show', 'create', 'update', 'delete']: + for scope in ['show', 'create', 'update', 'delete', 'activate']: with self.argument_context('synapse workspace ' + scope) as c: c.argument('workspace_name', arg_type=name_type, id_part='name', help='The workspace name.') @@ -56,11 +56,13 @@ def load_arguments(self, _): c.argument('sql_admin_login_password', options_list=['--sql-admin-login-password', '-p'], help='The sql administrator login password.') c.argument('tags', arg_type=tags_type) + c.argument('key_name', help='The workspace key name.') with self.argument_context('synapse workspace create') as c: c.argument("storage_account", validator=validate_storage_account, help='The data lake storage account name or resource id.') c.argument('file_system', help='The file system of the data lake storage account.') + c.argument('key_identifier', help='The customer-managed key used to encrypt all data at rest in the workspace. Key identifier should be in the format of: https://{keyvaultname}.vault.azure.net/keys/{keyname}.', options_list=['--key-identifier', '--cmk']) c.argument('sql_admin_login_user', options_list=['--sql-admin-login-user', '-u'], help='The sql administrator login user name.') c.argument('enable_managed_virtual_network', options_list=['--enable-managed-vnet', @@ -68,6 +70,10 @@ def load_arguments(self, _): arg_type=get_three_state_flag(), help='The flag indicates whether enable managed virtual network.') + with self.argument_context('synapse workspace activate') as c: + c.argument('key_name', help='The workspace key name.') + c.argument('key_vault_url', help='The Key Vault Url of the workspace key.') + with self.argument_context('synapse workspace check-name') as c: c.argument('name', arg_type=name_type, help='The name you wanted to check.') @@ -291,6 +297,21 @@ def load_arguments(self, _): c.argument('end_ip_address', help='The end IP address of the firewall rule. Must be IPv4 format. ' 'Must be greater than or equal to startIpAddress.') + # synapse workspace key + with self.argument_context('synapse workspace key') as c: + c.argument('workspace_name', id_part='name', help='The workspace name.') + + with self.argument_context('synapse workspace key list') as c: + c.argument('workspace_name', id_part=None, help='The workspace name.') + + for scope in ['show', 'create', 'delete']: + with self.argument_context('synapse workspace key ' + scope) as c: + c.argument('key_name', arg_type=name_type, id_part='child_name_1', help='The workspace key name.') + + for scope in ['create']: + with self.argument_context('synapse workspace key create') as c: + c.argument('key_vault_url', help='The Key Vault Url of the workspace key.') + # synapse spark job for scope in ['job', 'session', 'statement']: with self.argument_context('synapse spark ' + scope) as c: diff --git a/src/azure-cli/azure/cli/command_modules/synapse/commands.py b/src/azure-cli/azure/cli/command_modules/synapse/commands.py index 0078d8667f5..7c470f369dc 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/commands.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/commands.py @@ -12,6 +12,7 @@ def load_command_table(self, _): from ._client_factory import cf_synapse_client_bigdatapool_factory from ._client_factory import cf_synapse_client_sqlpool_factory from ._client_factory import cf_synapse_client_ipfirewallrules_factory + from ._client_factory import cf_synapse_client_cmk_factory from ._client_factory import cf_synapse_client_sqlpool_sensitivity_labels_factory from ._client_factory import cf_synapse_client_restorable_dropped_sqlpools_factory from ._client_factory import cf_synapse_client_sqlpool_transparent_data_encryptions_factory @@ -69,6 +70,10 @@ def get_custom_sdk(custom_module, client_factory): operations_tmpl='azure.mgmt.synapse.operations#IpFirewallRulesOperations.{}', client_factory=cf_synapse_client_ipfirewallrules_factory) + synapse_cmk_sdk = CliCommandType( + operations_tmpl='azure.mgmt.synapse.operations#KeysOperations.{}', + client_factory=cf_synapse_client_cmk_factory) + synapse_spark_session_sdk = CliCommandType( operations_tmpl='azure.synapse.spark.operations#SparkSessionOperations.{}', client_factory=None) @@ -120,6 +125,7 @@ def get_custom_sdk(custom_module, client_factory): g.show_command('show', 'get') g.custom_command('list', 'list_workspaces') g.custom_command('create', 'create_workspace', supports_no_wait=True) + g.custom_command('activate', 'activate_workspace', client_factory=cf_synapse_client_cmk_factory, supports_no_wait=True) g.custom_command('update', 'update_workspace', supports_no_wait=True) g.custom_command('check-name', 'custom_check_name_availability', command_type=synapse_operations_sdk, @@ -210,6 +216,16 @@ def get_custom_sdk(custom_module, client_factory): g.command('delete', 'delete', confirmation=True, supports_no_wait=True) g.wait_command('wait') + # Management Plane Commands --Keys + with self.command_group('synapse workspace key', command_type=synapse_cmk_sdk, + custom_command_type=get_custom_sdk('workspace', cf_synapse_client_cmk_factory), + client_factory=cf_synapse_client_cmk_factory) as g: + g.command('list', 'list_by_workspace') + g.show_command('show', 'get') + g.custom_command('create', 'create_workspace_key', supports_no_wait=True) + g.command('delete', 'delete', confirmation=True, supports_no_wait=True) + g.wait_command('wait') + # Data Plane Commands --Spark batch opertions with self.command_group('synapse spark job', command_type=synapse_spark_batch_sdk, custom_command_type=get_custom_sdk('spark', None)) as g: diff --git a/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py b/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py index a13932aff3c..d548f3aed2d 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py @@ -2,10 +2,10 @@ # Copyright (c) Microsoft Corporation. All rights reserved. # Licensed under the MIT License. See License.txt in the project root for license information. # -------------------------------------------------------------------------------------------- -# pylint: disable=unused-argument +# pylint: disable=unused-argument, line-too-long from azure.cli.core.util import sdk_no_wait, CLIError from azure.mgmt.synapse.models import Workspace, WorkspacePatchInfo, ManagedIdentity, \ - DataLakeStorageAccountDetails + DataLakeStorageAccountDetails, WorkspaceKeyDetails, CustomerManagedKeyDetails, EncryptionDetails # Synapse workspace @@ -15,12 +15,16 @@ def list_workspaces(cmd, client, resource_group_name=None): def create_workspace(cmd, client, resource_group_name, workspace_name, storage_account, file_system, - sql_admin_login_user, sql_admin_login_password, location, enable_managed_virtual_network=None, + sql_admin_login_user, sql_admin_login_password, location, key_name="default", key_identifier=None, enable_managed_virtual_network=None, tags=None, no_wait=False): identity_type = "SystemAssigned" identity = ManagedIdentity(type=identity_type) account_url = "https://{}.dfs.{}".format(storage_account, cmd.cli_ctx.cloud.suffixes.storage_endpoint) default_data_lake_storage = DataLakeStorageAccountDetails(account_url=account_url, filesystem=file_system) + if str(key_identifier).endswith('/'): + key_identifier = key_identifier[:-1] + workspace_key_detail = WorkspaceKeyDetails(name=key_name, key_vault_url=key_identifier) + encryption = EncryptionDetails(cmk=CustomerManagedKeyDetails(key=workspace_key_detail)) workspace_info = Workspace( identity=identity, default_data_lake_storage=default_data_lake_storage, @@ -28,6 +32,7 @@ def create_workspace(cmd, client, resource_group_name, workspace_name, storage_a sql_administrator_login_password=sql_admin_login_password, location=location, managed_virtual_network="default" if enable_managed_virtual_network is True else None, + encryption=encryption, tags=tags ) return sdk_no_wait(no_wait, client.create_or_update, resource_group_name, workspace_name, workspace_info) @@ -55,3 +60,11 @@ def create_firewall_rule(cmd, client, resource_group_name, workspace_name, rule_ no_wait=False): return sdk_no_wait(no_wait, client.create_or_update, resource_group_name, workspace_name, rule_name, start_ip_address=start_ip_address, end_ip_address=end_ip_address) + + +def create_workspace_key(cmd, client, resource_group_name, workspace_name, key_name, key_vault_url, no_wait=False): + return sdk_no_wait(no_wait, client.create_or_update, resource_group_name, workspace_name, key_name=key_name, key_vault_url=key_vault_url) + + +def activate_workspace(cmd, client, resource_group_name, workspace_name, key_name, key_vault_url, no_wait=False): + return sdk_no_wait(no_wait, client.create_or_update, resource_group_name, workspace_name, is_active_cmk=True, key_name=key_name, key_vault_url=key_vault_url) From b78ccc99e2d63cba029a564c3401289e34686576 Mon Sep 17 00:00:00 2001 From: sunsw1994 Date: Thu, 10 Dec 2020 16:24:54 +0800 Subject: [PATCH 02/13] fix ci error --- .../azure/cli/command_modules/synapse/_help.py | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/azure-cli/azure/cli/command_modules/synapse/_help.py b/src/azure-cli/azure/cli/command_modules/synapse/_help.py index 00f3677b430..836bbf7bf9c 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/_help.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/_help.py @@ -495,13 +495,13 @@ --resource-group rg """ -helps['synapse workspace key get'] = """ +helps['synapse workspace key show'] = """ type: command -short-summary: Get a workspace's key by name. +short-summary: Show a workspace's key by name. examples: - - name: Get a workspace's key. + - name: Show a workspace's key. text: |- - az synapse workspace key get --key-name newkey --workspace-name testsynapseworkspace \\ + az synapse workspace key show --key-name newkey --workspace-name testsynapseworkspace \\ --resource-group rg """ @@ -514,6 +514,11 @@ az synapse workspace key list --workspace-name testsynapseworkspace --resource-group rg """ +helps['synapse workspace key wait'] = """ +type: command +short-summary: Place the CLI in a waiting state until a condition of a workspace key is met. +""" + helps['synapse workspace firewall-rule'] = """ type: group short-summary: Manage a workspace's firewall rules. From c57832093734089fff3625868d6aa25b59525b0b Mon Sep 17 00:00:00 2001 From: sunsw1994 Date: Thu, 10 Dec 2020 16:59:08 +0800 Subject: [PATCH 03/13] fix ci error --- .../azure/cli/command_modules/synapse/_help.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/azure-cli/azure/cli/command_modules/synapse/_help.py b/src/azure-cli/azure/cli/command_modules/synapse/_help.py index 836bbf7bf9c..cf44ec8e601 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/_help.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/_help.py @@ -37,7 +37,7 @@ az synapse workspace create --name fromcli4 --resource-group rg \\ --storage-account testadlsgen2 --file-system testfilesystem \\ --sql-admin-login-user cliuser1 --sql-admin-login-password Password123! --location "East US" \\ - --key-identitier https://{keyvaultname}.vault.azure.net/keys/{keyname} --key-name testcmk + --key-identifier https://{keyvaultname}.vault.azure.net/keys/{keyname} --key-name testcmk """ helps['synapse workspace activate'] = """ @@ -46,7 +46,7 @@ examples: - name: Activate workspace using customer-managed key after creating. text: |- - az synapse workspace activate --key-name existedkey --workspace-name testsynapseworkspace \\ + az synapse workspace activate --key-name existedkey --name testsynapseworkspace \\ --resource-group rg --key-vault-url https://{keyvaultname}.vault.azure.net/keys/{keyname} """ @@ -481,7 +481,7 @@ examples: - name: Create a workspace's key. text: |- - az synapse workspace key create --key-name newkey --workspace-name testsynapseworkspace \\ + az synapse workspace key create --name newkey --workspace-name testsynapseworkspace \\ --resource-group rg --key-vault-url https://{keyvaultname}.vault.azure.net/keys/{keyname} """ @@ -491,7 +491,7 @@ examples: - name: Delete a workspace's key. text: |- - az synapse workspace key delete --key-name newkey --workspace-name testsynapseworkspace \\ + az synapse workspace key delete --name newkey --workspace-name testsynapseworkspace \\ --resource-group rg """ @@ -501,7 +501,7 @@ examples: - name: Show a workspace's key. text: |- - az synapse workspace key show --key-name newkey --workspace-name testsynapseworkspace \\ + az synapse workspace key show --name newkey --workspace-name testsynapseworkspace \\ --resource-group rg """ From 2c68b1018bed69a9d0f4acd2e9ea8db174d7577d Mon Sep 17 00:00:00 2001 From: sunsw1994 Date: Fri, 11 Dec 2020 15:44:42 +0800 Subject: [PATCH 04/13] add data exfiltration protection support --- .../cli/command_modules/synapse/_params.py | 14 +++++++---- .../synapse/operations/workspace.py | 23 ++++++++++++------- 2 files changed, 24 insertions(+), 13 deletions(-) diff --git a/src/azure-cli/azure/cli/command_modules/synapse/_params.py b/src/azure-cli/azure/cli/command_modules/synapse/_params.py index 6157f444011..6a814fe0cd7 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/_params.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/_params.py @@ -56,7 +56,10 @@ def load_arguments(self, _): c.argument('sql_admin_login_password', options_list=['--sql-admin-login-password', '-p'], help='The sql administrator login password.') c.argument('tags', arg_type=tags_type) - c.argument('key_name', help='The workspace key name.') + c.argument('allowed_aad_tenant_ids', options_list=['--allowed-tenant-ids'], nargs='+', help="The approved Azure AD tenants which outbound data traffic allowed to. The Azure AD tenant of the current user will be included by default.") + + with self.argument_context('synapse workspace update') as c: + c.argument('disable_all_allowed_aad_tenant_ids', options_list=['--disable-tenant-ids'], arg_type=get_three_state_flag(), help="Disable all approved Azure AD tenants which outbound data traffic allowed to.") with self.argument_context('synapse workspace create') as c: c.argument("storage_account", validator=validate_storage_account, @@ -69,10 +72,11 @@ def load_arguments(self, _): '--enable-managed-virtual-network'], arg_type=get_three_state_flag(), help='The flag indicates whether enable managed virtual network.') + c.argument('key_name', help='The workspace customer-managed key display name. All existing keys can be found using "az synapse workspace key list" cmdlet.') with self.argument_context('synapse workspace activate') as c: - c.argument('key_name', help='The workspace key name.') - c.argument('key_vault_url', help='The Key Vault Url of the workspace key.') + c.argument('key_name', help='The workspace customer-managed key display name. All existing keys can be found using "az synapse workspace key list" cmdlet.') + c.argument('key_identifier', help='The Key Vault Url of the workspace encryption key. should be in the format of: https://{keyvaultname}.vault.azure.net/keys/{keyname}.') with self.argument_context('synapse workspace check-name') as c: c.argument('name', arg_type=name_type, help='The name you wanted to check.') @@ -306,11 +310,11 @@ def load_arguments(self, _): for scope in ['show', 'create', 'delete']: with self.argument_context('synapse workspace key ' + scope) as c: - c.argument('key_name', arg_type=name_type, id_part='child_name_1', help='The workspace key name.') + c.argument('key_name', arg_type=name_type, id_part='child_name_1', help='The workspace customer-managed key display name. All existing keys can be found using /"az synapse workspace key list/" cmdlet.') for scope in ['create']: with self.argument_context('synapse workspace key create') as c: - c.argument('key_vault_url', help='The Key Vault Url of the workspace key.') + c.argument('key_identifier', help='The Key Vault Url of the workspace encryption key. should be in the format of: https://{keyvaultname}.vault.azure.net/keys/{keyname}.') # synapse spark job for scope in ['job', 'session', 'statement']: diff --git a/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py b/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py index d548f3aed2d..c7df9865a2a 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py @@ -5,7 +5,7 @@ # pylint: disable=unused-argument, line-too-long from azure.cli.core.util import sdk_no_wait, CLIError from azure.mgmt.synapse.models import Workspace, WorkspacePatchInfo, ManagedIdentity, \ - DataLakeStorageAccountDetails, WorkspaceKeyDetails, CustomerManagedKeyDetails, EncryptionDetails + DataLakeStorageAccountDetails, WorkspaceKeyDetails, CustomerManagedKeyDetails, EncryptionDetails, ManagedVirtualNetworkSettings # Synapse workspace @@ -16,7 +16,7 @@ def list_workspaces(cmd, client, resource_group_name=None): def create_workspace(cmd, client, resource_group_name, workspace_name, storage_account, file_system, sql_admin_login_user, sql_admin_login_password, location, key_name="default", key_identifier=None, enable_managed_virtual_network=None, - tags=None, no_wait=False): + allowed_aad_tenant_ids=None, tags=None, no_wait=False): identity_type = "SystemAssigned" identity = ManagedIdentity(type=identity_type) account_url = "https://{}.dfs.{}".format(storage_account, cmd.cli_ctx.cloud.suffixes.storage_endpoint) @@ -25,6 +25,9 @@ def create_workspace(cmd, client, resource_group_name, workspace_name, storage_a key_identifier = key_identifier[:-1] workspace_key_detail = WorkspaceKeyDetails(name=key_name, key_vault_url=key_identifier) encryption = EncryptionDetails(cmk=CustomerManagedKeyDetails(key=workspace_key_detail)) + managed_virtual_network_settings = None + if enable_managed_virtual_network: + managed_virtual_network_settings = ManagedVirtualNetworkSettings(preventDataExfiltration=True, allowed_aad_tenant_ids_for_linking=allowed_aad_tenant_ids) workspace_info = Workspace( identity=identity, default_data_lake_storage=default_data_lake_storage, @@ -32,6 +35,7 @@ def create_workspace(cmd, client, resource_group_name, workspace_name, storage_a sql_administrator_login_password=sql_admin_login_password, location=location, managed_virtual_network="default" if enable_managed_virtual_network is True else None, + managed_virtual_network_settings=managed_virtual_network_settings, encryption=encryption, tags=tags ) @@ -39,8 +43,11 @@ def create_workspace(cmd, client, resource_group_name, workspace_name, storage_a def update_workspace(cmd, client, resource_group_name, workspace_name, sql_admin_login_password=None, - tags=None, no_wait=False): - workspace_patch_info = WorkspacePatchInfo(tags=tags, sql_admin_login_password=sql_admin_login_password) + allowed_aad_tenant_ids=None, disable_all_allowed_aad_tenant_ids=None, tags=None, no_wait=False): + if disable_all_allowed_aad_tenant_ids is True: + allowed_aad_tenant_ids = [] + updated_vnet_settings = ManagedVirtualNetworkSettings(allowed_aad_tenant_ids_for_linking=allowed_aad_tenant_ids) if allowed_aad_tenant_ids is not None else None + workspace_patch_info = WorkspacePatchInfo(tags=tags, sql_admin_login_password=sql_admin_login_password, managed_virtual_network_settings=updated_vnet_settings) return sdk_no_wait(no_wait, client.update, resource_group_name, workspace_name, workspace_patch_info) @@ -62,9 +69,9 @@ def create_firewall_rule(cmd, client, resource_group_name, workspace_name, rule_ start_ip_address=start_ip_address, end_ip_address=end_ip_address) -def create_workspace_key(cmd, client, resource_group_name, workspace_name, key_name, key_vault_url, no_wait=False): - return sdk_no_wait(no_wait, client.create_or_update, resource_group_name, workspace_name, key_name=key_name, key_vault_url=key_vault_url) +def create_workspace_key(cmd, client, resource_group_name, workspace_name, key_name, key_identifier, no_wait=False): + return sdk_no_wait(no_wait, client.create_or_update, resource_group_name, workspace_name, key_name=key_name, key_vault_url=key_identifier) -def activate_workspace(cmd, client, resource_group_name, workspace_name, key_name, key_vault_url, no_wait=False): - return sdk_no_wait(no_wait, client.create_or_update, resource_group_name, workspace_name, is_active_cmk=True, key_name=key_name, key_vault_url=key_vault_url) +def activate_workspace(cmd, client, resource_group_name, workspace_name, key_name, key_identifier, no_wait=False): + return sdk_no_wait(no_wait, client.create_or_update, resource_group_name, workspace_name, is_active_cmk=True, key_name=key_name, key_vault_url=key_identifier) From b0c48fe682cdf4a30a4b974834fab42ab3354277 Mon Sep 17 00:00:00 2001 From: sunsw1994 Date: Tue, 22 Dec 2020 15:54:05 +0800 Subject: [PATCH 05/13] 1.support sql control to managed identity 2.upgrade azure-mgmt-synapse==0.6.0 --- .../synapse/_client_factory.py | 4 ++ .../cli/command_modules/synapse/_help.py | 39 ++++++++++++++++++- .../cli/command_modules/synapse/_params.py | 12 +++++- .../cli/command_modules/synapse/commands.py | 14 +++++++ .../synapse/operations/workspace.py | 21 ++++++++-- src/azure-cli/requirements.py3.Darwin.txt | 2 +- src/azure-cli/requirements.py3.Linux.txt | 2 +- src/azure-cli/requirements.py3.windows.txt | 2 +- src/azure-cli/setup.py | 2 +- 9 files changed, 87 insertions(+), 11 deletions(-) diff --git a/src/azure-cli/azure/cli/command_modules/synapse/_client_factory.py b/src/azure-cli/azure/cli/command_modules/synapse/_client_factory.py index 1462979c4c5..7b8251e49c7 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/_client_factory.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/_client_factory.py @@ -50,6 +50,10 @@ def cf_synapse_client_cmk_factory(cli_ctx, *_): return cf_synapse(cli_ctx).keys +def cf_synapse_client_managed_identity_sqlcontrol_factory(cli_ctx, *_): + return cf_synapse(cli_ctx).workspace_managed_identity_sql_control_settings + + def cf_synapse_client_operations_factory(cli_ctx, *_): return cf_synapse(cli_ctx).operations diff --git a/src/azure-cli/azure/cli/command_modules/synapse/_help.py b/src/azure-cli/azure/cli/command_modules/synapse/_help.py index cf44ec8e601..91f15b1d0f5 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/_help.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/_help.py @@ -47,7 +47,7 @@ - name: Activate workspace using customer-managed key after creating. text: |- az synapse workspace activate --key-name existedkey --name testsynapseworkspace \\ - --resource-group rg --key-vault-url https://{keyvaultname}.vault.azure.net/keys/{keyname} + --resource-group rg --key-identifier https://{keyvaultname}.vault.azure.net/keys/{keyname} """ helps['synapse workspace list'] = """ @@ -482,7 +482,7 @@ - name: Create a workspace's key. text: |- az synapse workspace key create --name newkey --workspace-name testsynapseworkspace \\ - --resource-group rg --key-vault-url https://{keyvaultname}.vault.azure.net/keys/{keyname} + --resource-group rg --key-identifier https://{keyvaultname}.vault.azure.net/keys/{keyname} """ helps['synapse workspace key delete'] = """ @@ -519,6 +519,41 @@ short-summary: Place the CLI in a waiting state until a condition of a workspace key is met. """ +helps['synapse workspace managed-identity show-sql-access'] = """ +type: command +short-summary: Show workspace's sql-access state to managed-identity. +examples: + - name: Show workspace's sql-access state to managed-identity. + text: |- + az synapse workspace managed-identity show-sql-access --workspace-name testsynapseworkspace \\ + --resource-group rg +""" + +helps['synapse workspace managed-identity revoke-sql-access'] = """ +type: command +short-summary: Revoke workspace's sql-access to managed-identity. +examples: + - name: Revoke workspace's sql-access to managed-identity. + text: |- + az synapse workspace managed-identity revoke-sql-access --workspace-name testsynapseworkspace \\ + --resource-group rg +""" + +helps['synapse workspace managed-identity grant-sql-access'] = """ +type: command +short-summary: Grant workspace's sql-access to managed-identity. +examples: + - name: Grant workspace's sql-access to managed-identity. + text: |- + az synapse workspace managed-identity grant-sql-access --workspace-name testsynapseworkspace \\ + --resource-group rg +""" + +helps['synapse workspace managed-identity wait'] = """ +type: command +short-summary: Place the CLI in a waiting state until a condition of sql-access state to managed-identity is met. +""" + helps['synapse workspace firewall-rule'] = """ type: group short-summary: Manage a workspace's firewall rules. diff --git a/src/azure-cli/azure/cli/command_modules/synapse/_params.py b/src/azure-cli/azure/cli/command_modules/synapse/_params.py index 6a814fe0cd7..526c043bf26 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/_params.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/_params.py @@ -57,6 +57,8 @@ def load_arguments(self, _): help='The sql administrator login password.') c.argument('tags', arg_type=tags_type) c.argument('allowed_aad_tenant_ids', options_list=['--allowed-tenant-ids'], nargs='+', help="The approved Azure AD tenants which outbound data traffic allowed to. The Azure AD tenant of the current user will be included by default.") + c.argument('key_identifier', help='The customer-managed key used to encrypt all data at rest in the workspace. Key identifier should be in the format of: https://{keyvaultname}.vault.azure.net/keys/{keyname}.', options_list=['--key-identifier', '--cmk']) + c.argument('key_name', help='The workspace customer-managed key display name. All existing keys can be found using "az synapse workspace key list" cmdlet.') with self.argument_context('synapse workspace update') as c: c.argument('disable_all_allowed_aad_tenant_ids', options_list=['--disable-tenant-ids'], arg_type=get_three_state_flag(), help="Disable all approved Azure AD tenants which outbound data traffic allowed to.") @@ -65,14 +67,12 @@ def load_arguments(self, _): c.argument("storage_account", validator=validate_storage_account, help='The data lake storage account name or resource id.') c.argument('file_system', help='The file system of the data lake storage account.') - c.argument('key_identifier', help='The customer-managed key used to encrypt all data at rest in the workspace. Key identifier should be in the format of: https://{keyvaultname}.vault.azure.net/keys/{keyname}.', options_list=['--key-identifier', '--cmk']) c.argument('sql_admin_login_user', options_list=['--sql-admin-login-user', '-u'], help='The sql administrator login user name.') c.argument('enable_managed_virtual_network', options_list=['--enable-managed-vnet', '--enable-managed-virtual-network'], arg_type=get_three_state_flag(), help='The flag indicates whether enable managed virtual network.') - c.argument('key_name', help='The workspace customer-managed key display name. All existing keys can be found using "az synapse workspace key list" cmdlet.') with self.argument_context('synapse workspace activate') as c: c.argument('key_name', help='The workspace customer-managed key display name. All existing keys can be found using "az synapse workspace key list" cmdlet.') @@ -316,6 +316,14 @@ def load_arguments(self, _): with self.argument_context('synapse workspace key create') as c: c.argument('key_identifier', help='The Key Vault Url of the workspace encryption key. should be in the format of: https://{keyvaultname}.vault.azure.net/keys/{keyname}.') + # synapse workspace managed-identity + with self.argument_context('synapse workspace managed-identity') as c: + c.argument('workspace_name', id_part='name', help='The workspace name.') + + for scope in ['grant-sql-access', 'revoke-sql-access', ' show-sql-access']: + with self.argument_context('synapse workspace managed-identity ' + scope) as c: + c.argument('workspace_name', id_part='name', help='The workspace name.') + # synapse spark job for scope in ['job', 'session', 'statement']: with self.argument_context('synapse spark ' + scope) as c: diff --git a/src/azure-cli/azure/cli/command_modules/synapse/commands.py b/src/azure-cli/azure/cli/command_modules/synapse/commands.py index 7c470f369dc..cdc30634b0c 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/commands.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/commands.py @@ -18,6 +18,7 @@ def load_command_table(self, _): from ._client_factory import cf_synapse_client_sqlpool_transparent_data_encryptions_factory from ._client_factory import cf_synapse_client_sqlpool_security_alert_policies_factory from ._client_factory import cf_synapse_client_sqlpool_blob_auditing_policies_factory + from ._client_factory import cf_synapse_client_managed_identity_sqlcontrol_factory def get_custom_sdk(custom_module, client_factory): return CliCommandType( @@ -74,6 +75,10 @@ def get_custom_sdk(custom_module, client_factory): operations_tmpl='azure.mgmt.synapse.operations#KeysOperations.{}', client_factory=cf_synapse_client_cmk_factory) + synapse_managedidentitysqlcontrol_sdk = CliCommandType( + operations_tmpl='azure.mgmt.synapse.operations#WorkspaceManagedIdentitySqlControlSettingsOperations.{}', + client_factory=cf_synapse_client_managed_identity_sqlcontrol_factory) + synapse_spark_session_sdk = CliCommandType( operations_tmpl='azure.synapse.spark.operations#SparkSessionOperations.{}', client_factory=None) @@ -226,6 +231,15 @@ def get_custom_sdk(custom_module, client_factory): g.command('delete', 'delete', confirmation=True, supports_no_wait=True) g.wait_command('wait') + # Management Plane Commands --Managed-Identity + with self.command_group('synapse workspace managed-identity', command_type=synapse_managedidentitysqlcontrol_sdk, + custom_command_type=get_custom_sdk('workspace', cf_synapse_client_managed_identity_sqlcontrol_factory), + client_factory=cf_synapse_client_managed_identity_sqlcontrol_factory) as g: + g.show_command('show-sql-access', 'get') + g.custom_command('grant-sql-access', 'grant_sql_access_to_managed_identity', supports_no_wait=True) + g.custom_command('revoke-sql-access', 'revoke_sql_access_to_managed_identity', supports_no_wait=True) + g.wait_command('wait') + # Data Plane Commands --Spark batch opertions with self.command_group('synapse spark job', command_type=synapse_spark_batch_sdk, custom_command_type=get_custom_sdk('spark', None)) as g: diff --git a/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py b/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py index c7df9865a2a..7d7af527639 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py @@ -5,7 +5,8 @@ # pylint: disable=unused-argument, line-too-long from azure.cli.core.util import sdk_no_wait, CLIError from azure.mgmt.synapse.models import Workspace, WorkspacePatchInfo, ManagedIdentity, \ - DataLakeStorageAccountDetails, WorkspaceKeyDetails, CustomerManagedKeyDetails, EncryptionDetails, ManagedVirtualNetworkSettings + DataLakeStorageAccountDetails, WorkspaceKeyDetails, CustomerManagedKeyDetails, EncryptionDetails, ManagedVirtualNetworkSettings, \ + ManagedIdentitySqlControlSettingsModelPropertiesGrantSqlControlToManagedIdentity # Synapse workspace @@ -43,11 +44,15 @@ def create_workspace(cmd, client, resource_group_name, workspace_name, storage_a def update_workspace(cmd, client, resource_group_name, workspace_name, sql_admin_login_password=None, - allowed_aad_tenant_ids=None, disable_all_allowed_aad_tenant_ids=None, tags=None, no_wait=False): + allowed_aad_tenant_ids=None, disable_all_allowed_aad_tenant_ids=None, tags=None, key_name=None, key_identifier=None, no_wait=False): + if str(key_identifier).endswith('/'): + key_identifier = key_identifier[:-1] + workspace_key_detail = WorkspaceKeyDetails(name=key_name, key_vault_url=key_identifier) + encryption = EncryptionDetails(cmk=CustomerManagedKeyDetails(key=workspace_key_detail)) if disable_all_allowed_aad_tenant_ids is True: allowed_aad_tenant_ids = [] updated_vnet_settings = ManagedVirtualNetworkSettings(allowed_aad_tenant_ids_for_linking=allowed_aad_tenant_ids) if allowed_aad_tenant_ids is not None else None - workspace_patch_info = WorkspacePatchInfo(tags=tags, sql_admin_login_password=sql_admin_login_password, managed_virtual_network_settings=updated_vnet_settings) + workspace_patch_info = WorkspacePatchInfo(tags=tags, sql_admin_login_password=sql_admin_login_password, encryption=encryption, managed_virtual_network_settings=updated_vnet_settings) return sdk_no_wait(no_wait, client.update, resource_group_name, workspace_name, workspace_patch_info) @@ -75,3 +80,13 @@ def create_workspace_key(cmd, client, resource_group_name, workspace_name, key_n def activate_workspace(cmd, client, resource_group_name, workspace_name, key_name, key_identifier, no_wait=False): return sdk_no_wait(no_wait, client.create_or_update, resource_group_name, workspace_name, is_active_cmk=True, key_name=key_name, key_vault_url=key_identifier) + + +def grant_sql_access_to_managed_identity(cmd, client, resource_group_name, workspace_name, no_wait=False): + grant_sql_access_setting = ManagedIdentitySqlControlSettingsModelPropertiesGrantSqlControlToManagedIdentity(desired_state="Enabled") + return sdk_no_wait(no_wait, client.create_or_update, resource_group_name, workspace_name, grant_sql_access_setting) + + +def revoke_sql_access_to_managed_identity(cmd, client, resource_group_name, workspace_name, no_wait=False): + revoke_sql_access_setting = ManagedIdentitySqlControlSettingsModelPropertiesGrantSqlControlToManagedIdentity(desired_state="Disabled") + return sdk_no_wait(no_wait, client.create_or_update, resource_group_name, workspace_name, revoke_sql_access_setting) diff --git a/src/azure-cli/requirements.py3.Darwin.txt b/src/azure-cli/requirements.py3.Darwin.txt index d62f4ccb6bb..cdd192780ab 100644 --- a/src/azure-cli/requirements.py3.Darwin.txt +++ b/src/azure-cli/requirements.py3.Darwin.txt @@ -79,7 +79,7 @@ azure-mgmt-sqlvirtualmachine==0.5.0 azure-mgmt-storage==16.0.0 azure-mgmt-trafficmanager==0.51.0 azure-mgmt-web==0.48.0 -azure-mgmt-synapse==0.5.0 +azure-mgmt-synapse==0.6.0 azure-multiapi-storage==0.5.2 azure-nspkg==3.0.2 azure-loganalytics==0.1.0 diff --git a/src/azure-cli/requirements.py3.Linux.txt b/src/azure-cli/requirements.py3.Linux.txt index d62f4ccb6bb..cdd192780ab 100644 --- a/src/azure-cli/requirements.py3.Linux.txt +++ b/src/azure-cli/requirements.py3.Linux.txt @@ -79,7 +79,7 @@ azure-mgmt-sqlvirtualmachine==0.5.0 azure-mgmt-storage==16.0.0 azure-mgmt-trafficmanager==0.51.0 azure-mgmt-web==0.48.0 -azure-mgmt-synapse==0.5.0 +azure-mgmt-synapse==0.6.0 azure-multiapi-storage==0.5.2 azure-nspkg==3.0.2 azure-loganalytics==0.1.0 diff --git a/src/azure-cli/requirements.py3.windows.txt b/src/azure-cli/requirements.py3.windows.txt index 761999c3e44..d19f4db3d8c 100644 --- a/src/azure-cli/requirements.py3.windows.txt +++ b/src/azure-cli/requirements.py3.windows.txt @@ -79,7 +79,7 @@ azure-mgmt-sqlvirtualmachine==0.5.0 azure-mgmt-storage==16.0.0 azure-mgmt-trafficmanager==0.51.0 azure-mgmt-web==0.48.0 -azure-mgmt-synapse==0.5.0 +azure-mgmt-synapse==0.6.0 azure-multiapi-storage==0.5.2 azure-nspkg==3.0.2 azure-loganalytics==0.1.0 diff --git a/src/azure-cli/setup.py b/src/azure-cli/setup.py index ccabf3f61c9..ea74a38ee60 100644 --- a/src/azure-cli/setup.py +++ b/src/azure-cli/setup.py @@ -123,7 +123,7 @@ 'azure-mgmt-storage~=16.0.0', 'azure-mgmt-trafficmanager~=0.51.0', 'azure-mgmt-web~=0.48.0', - 'azure-mgmt-synapse~=0.5.0', + 'azure-mgmt-synapse~=0.6.0', 'azure-multiapi-storage~=0.5.2', 'azure-loganalytics~=0.1.0', 'azure-storage-common~=1.4', From 419b47c67192f2a4828c71b6fb9dbb93b1792a8c Mon Sep 17 00:00:00 2001 From: sunsw1994 Date: Tue, 22 Dec 2020 16:11:04 +0800 Subject: [PATCH 06/13] code style updated --- src/azure-cli/azure/cli/command_modules/synapse/_help.py | 5 +++++ src/azure-cli/azure/cli/command_modules/synapse/_params.py | 5 ++--- src/azure-cli/azure/cli/command_modules/synapse/commands.py | 4 ++-- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/src/azure-cli/azure/cli/command_modules/synapse/_help.py b/src/azure-cli/azure/cli/command_modules/synapse/_help.py index 91f15b1d0f5..a2b0043d1ac 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/_help.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/_help.py @@ -519,6 +519,11 @@ short-summary: Place the CLI in a waiting state until a condition of a workspace key is met. """ +helps['synapse workspace managed-identity'] = """ +type: group +short-summary: Manage workspace's managed-identity. +""" + helps['synapse workspace managed-identity show-sql-access'] = """ type: command short-summary: Show workspace's sql-access state to managed-identity. diff --git a/src/azure-cli/azure/cli/command_modules/synapse/_params.py b/src/azure-cli/azure/cli/command_modules/synapse/_params.py index 526c043bf26..417f1bddd56 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/_params.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/_params.py @@ -312,9 +312,8 @@ def load_arguments(self, _): with self.argument_context('synapse workspace key ' + scope) as c: c.argument('key_name', arg_type=name_type, id_part='child_name_1', help='The workspace customer-managed key display name. All existing keys can be found using /"az synapse workspace key list/" cmdlet.') - for scope in ['create']: - with self.argument_context('synapse workspace key create') as c: - c.argument('key_identifier', help='The Key Vault Url of the workspace encryption key. should be in the format of: https://{keyvaultname}.vault.azure.net/keys/{keyname}.') + with self.argument_context('synapse workspace key create') as c: + c.argument('key_identifier', help='The Key Vault Url of the workspace encryption key. should be in the format of: https://{keyvaultname}.vault.azure.net/keys/{keyname}.') # synapse workspace managed-identity with self.argument_context('synapse workspace managed-identity') as c: diff --git a/src/azure-cli/azure/cli/command_modules/synapse/commands.py b/src/azure-cli/azure/cli/command_modules/synapse/commands.py index cdc30634b0c..59eac48ee7e 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/commands.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/commands.py @@ -233,8 +233,8 @@ def get_custom_sdk(custom_module, client_factory): # Management Plane Commands --Managed-Identity with self.command_group('synapse workspace managed-identity', command_type=synapse_managedidentitysqlcontrol_sdk, - custom_command_type=get_custom_sdk('workspace', cf_synapse_client_managed_identity_sqlcontrol_factory), - client_factory=cf_synapse_client_managed_identity_sqlcontrol_factory) as g: + custom_command_type=get_custom_sdk('workspace', cf_synapse_client_managed_identity_sqlcontrol_factory), + client_factory=cf_synapse_client_managed_identity_sqlcontrol_factory) as g: g.show_command('show-sql-access', 'get') g.custom_command('grant-sql-access', 'grant_sql_access_to_managed_identity', supports_no_wait=True) g.custom_command('revoke-sql-access', 'revoke_sql_access_to_managed_identity', supports_no_wait=True) From 869129e44b85c3dbeb8c49ed7501b8cc7308703f Mon Sep 17 00:00:00 2001 From: sunsw1994 Date: Thu, 24 Dec 2020 15:43:09 +0800 Subject: [PATCH 07/13] fix ci error --- .../azure/cli/command_modules/synapse/operations/workspace.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py b/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py index cf30d31cc03..2a6aa71a10d 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py @@ -83,7 +83,7 @@ def update_firewall_rule(cmd, client, resource_group_name, workspace_name, rule_ start_ip_address = start_ip_address or firewall.start_ip_address end_ip_address = end_ip_address or firewall.end_ip_address return sdk_no_wait(no_wait, client.create_or_update, resource_group_name, workspace_name, rule_name, - start_ip_address=start_ip_address, end_ip_address=end_ip_address) + start_ip_address=start_ip_address, end_ip_address=end_ip_address) def create_workspace_key(cmd, client, resource_group_name, workspace_name, key_name, key_identifier, no_wait=False): From a4ebe49ccfe966eafc1a180cc665f4ce3cc6f6e7 Mon Sep 17 00:00:00 2001 From: sunsw1994 Date: Tue, 19 Jan 2021 16:31:39 +0800 Subject: [PATCH 08/13] address comments --- .../cli/command_modules/synapse/_params.py | 5 ++-- .../synapse/operations/workspace.py | 30 +++++++++++-------- 2 files changed, 20 insertions(+), 15 deletions(-) diff --git a/src/azure-cli/azure/cli/command_modules/synapse/_params.py b/src/azure-cli/azure/cli/command_modules/synapse/_params.py index e23f6ecd1ef..8be4f638957 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/_params.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/_params.py @@ -61,9 +61,6 @@ def load_arguments(self, _): c.argument('key_identifier', help='The customer-managed key used to encrypt all data at rest in the workspace. Key identifier should be in the format of: https://{keyvaultname}.vault.azure.net/keys/{keyname}.', options_list=['--key-identifier', '--cmk']) c.argument('key_name', help='The workspace customer-managed key display name. All existing keys can be found using "az synapse workspace key list" cmdlet.') - with self.argument_context('synapse workspace update') as c: - c.argument('disable_all_allowed_aad_tenant_ids', options_list=['--disable-tenant-ids'], arg_type=get_three_state_flag(), help="Disable all approved Azure AD tenants which outbound data traffic allowed to.") - with self.argument_context('synapse workspace create') as c: c.argument('location', get_location_type(self.cli_ctx), validator=get_default_location_from_resource_group) c.argument("storage_account", validator=validate_storage_account, @@ -75,6 +72,8 @@ def load_arguments(self, _): '--enable-managed-virtual-network'], arg_type=get_three_state_flag(), help='The flag indicates whether enable managed virtual network.') + c.argument('enable_data_exfiltration', arg_type=get_three_state_flag(), + help='The flag indicates whether enable data exfiltration.') with self.argument_context('synapse workspace activate') as c: c.argument('key_name', help='The workspace customer-managed key display name. All existing keys can be found using "az synapse workspace key list" cmdlet.') diff --git a/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py b/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py index 2a6aa71a10d..6c19e67085e 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py @@ -17,18 +17,22 @@ def list_workspaces(cmd, client, resource_group_name=None): def create_workspace(cmd, client, resource_group_name, workspace_name, storage_account, file_system, sql_admin_login_user, sql_admin_login_password, location=None, key_name="default", key_identifier=None, enable_managed_virtual_network=None, - allowed_aad_tenant_ids=None, tags=None, no_wait=False): + allowed_aad_tenant_ids=None, enable_data_exfiltration=None, tags=None, no_wait=False): identity_type = "SystemAssigned" identity = ManagedIdentity(type=identity_type) account_url = "https://{}.dfs.{}".format(storage_account, cmd.cli_ctx.cloud.suffixes.storage_endpoint) default_data_lake_storage = DataLakeStorageAccountDetails(account_url=account_url, filesystem=file_system) - if str(key_identifier).endswith('/'): - key_identifier = key_identifier[:-1] - workspace_key_detail = WorkspaceKeyDetails(name=key_name, key_vault_url=key_identifier) - encryption = EncryptionDetails(cmk=CustomerManagedKeyDetails(key=workspace_key_detail)) + encryption = None managed_virtual_network_settings = None + if key_identifier is not None: + workspace_key_detail = WorkspaceKeyDetails(name=key_name, key_vault_url=key_identifier) + encryption = EncryptionDetails(cmk=CustomerManagedKeyDetails(key=workspace_key_detail)) + if enable_managed_virtual_network: - managed_virtual_network_settings = ManagedVirtualNetworkSettings(preventDataExfiltration=True, allowed_aad_tenant_ids_for_linking=allowed_aad_tenant_ids) + if enable_data_exfiltration: + managed_virtual_network_settings = ManagedVirtualNetworkSettings(preventDataExfiltration=True, allowed_aad_tenant_ids_for_linking=allowed_aad_tenant_ids) + else: + managed_virtual_network_settings = ManagedVirtualNetworkSettings(preventDataExfiltration=False) workspace_info = Workspace( identity=identity, @@ -45,13 +49,15 @@ def create_workspace(cmd, client, resource_group_name, workspace_name, storage_a def update_workspace(cmd, client, resource_group_name, workspace_name, sql_admin_login_password=None, - allowed_aad_tenant_ids=None, disable_all_allowed_aad_tenant_ids=None, tags=None, key_name=None, key_identifier=None, no_wait=False): - if str(key_identifier).endswith('/'): - key_identifier = key_identifier[:-1] - workspace_key_detail = WorkspaceKeyDetails(name=key_name, key_vault_url=key_identifier) - encryption = EncryptionDetails(cmk=CustomerManagedKeyDetails(key=workspace_key_detail)) - if disable_all_allowed_aad_tenant_ids is True: + allowed_aad_tenant_ids=None, tags=None, key_name=None, key_identifier=None, no_wait=False): + encryption = None + if key_name and key_identifier: + workspace_key_detail = WorkspaceKeyDetails(name=key_name, key_vault_url=key_identifier) + encryption = EncryptionDetails(cmk=CustomerManagedKeyDetails(key=workspace_key_detail)) + + if allowed_aad_tenant_ids is not None and "None" in allowed_aad_tenant_ids: allowed_aad_tenant_ids = [] + updated_vnet_settings = ManagedVirtualNetworkSettings(allowed_aad_tenant_ids_for_linking=allowed_aad_tenant_ids) if allowed_aad_tenant_ids is not None else None workspace_patch_info = WorkspacePatchInfo(tags=tags, sql_admin_login_password=sql_admin_login_password, encryption=encryption, managed_virtual_network_settings=updated_vnet_settings) return sdk_no_wait(no_wait, client.update, resource_group_name, workspace_name, workspace_patch_info) From 6510226680ac364009a5e108f8024a58a706601f Mon Sep 17 00:00:00 2001 From: sunsw1994 Date: Wed, 20 Jan 2021 18:58:18 +0800 Subject: [PATCH 09/13] address comments --- .../cli/command_modules/synapse/_help.py | 20 +++++++++---------- .../cli/command_modules/synapse/_params.py | 14 ++++++------- .../cli/command_modules/synapse/commands.py | 1 + .../synapse/operations/workspace.py | 8 +++----- 4 files changed, 21 insertions(+), 22 deletions(-) diff --git a/src/azure-cli/azure/cli/command_modules/synapse/_help.py b/src/azure-cli/azure/cli/command_modules/synapse/_help.py index a76093b6907..240d5168312 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/_help.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/_help.py @@ -40,16 +40,6 @@ --key-identifier https://{keyvaultname}.vault.azure.net/keys/{keyname} --key-name testcmk """ -helps['synapse workspace activate'] = """ -type: command -short-summary: Activate workspace using customer-managed key after creating. -examples: - - name: Activate workspace using customer-managed key after creating. - text: |- - az synapse workspace activate --key-name existedkey --name testsynapseworkspace \\ - --resource-group rg --key-identifier https://{keyvaultname}.vault.azure.net/keys/{keyname} -""" - helps['synapse workspace list'] = """ type: command short-summary: List all Synapse workspaces. @@ -575,6 +565,16 @@ --resource-group rg --key-identifier https://{keyvaultname}.vault.azure.net/keys/{keyname} """ +helps['synapse workspace key update'] = """ +type: command +short-summary: Update a workspace's key or update the state of key to change the workspace state from pending to success state when the workspace is first being provisioned. +examples: + - name: Update a workspace's key. + text: |- + az synapse workspace key update --name newkey --workspace-name testsynapseworkspace \\ + --resource-group rg --key-identifier https://{keyvaultname}.vault.azure.net/keys/{keyname} +""" + helps['synapse workspace key delete'] = """ type: command short-summary: Delete a workspace's key. The key at active status can't be deleted. diff --git a/src/azure-cli/azure/cli/command_modules/synapse/_params.py b/src/azure-cli/azure/cli/command_modules/synapse/_params.py index 8be4f638957..0aa83160f23 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/_params.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/_params.py @@ -57,7 +57,7 @@ def load_arguments(self, _): c.argument('sql_admin_login_password', options_list=['--sql-admin-login-password', '-p'], help='The sql administrator login password.') c.argument('tags', arg_type=tags_type) - c.argument('allowed_aad_tenant_ids', options_list=['--allowed-tenant-ids'], nargs='+', help="The approved Azure AD tenants which outbound data traffic allowed to. The Azure AD tenant of the current user will be included by default.") + c.argument('allowed_aad_tenant_ids', options_list=['--allowed-tenant-ids'], nargs='*', help="The approved Azure AD tenants which outbound data traffic allowed to. The Azure AD tenant of the current user will be included by default. If no argument, will disable all allowed tenant ids.") c.argument('key_identifier', help='The customer-managed key used to encrypt all data at rest in the workspace. Key identifier should be in the format of: https://{keyvaultname}.vault.azure.net/keys/{keyname}.', options_list=['--key-identifier', '--cmk']) c.argument('key_name', help='The workspace customer-managed key display name. All existing keys can be found using "az synapse workspace key list" cmdlet.') @@ -73,11 +73,7 @@ def load_arguments(self, _): arg_type=get_three_state_flag(), help='The flag indicates whether enable managed virtual network.') c.argument('enable_data_exfiltration', arg_type=get_three_state_flag(), - help='The flag indicates whether enable data exfiltration.') - - with self.argument_context('synapse workspace activate') as c: - c.argument('key_name', help='The workspace customer-managed key display name. All existing keys can be found using "az synapse workspace key list" cmdlet.') - c.argument('key_identifier', help='The Key Vault Url of the workspace encryption key. should be in the format of: https://{keyvaultname}.vault.azure.net/keys/{keyname}.') + help='The flag indicates whether enable data exfiltration.', options_list=['--enable_exfiltration', '--enable_data_exfiltration']) with self.argument_context('synapse workspace check-name') as c: c.argument('name', arg_type=name_type, help='The name you wanted to check.') @@ -327,13 +323,17 @@ def load_arguments(self, _): with self.argument_context('synapse workspace key list') as c: c.argument('workspace_name', id_part=None, help='The workspace name.') - for scope in ['show', 'create', 'delete']: + for scope in ['show', 'create', 'delete', 'update']: with self.argument_context('synapse workspace key ' + scope) as c: c.argument('key_name', arg_type=name_type, id_part='child_name_1', help='The workspace customer-managed key display name. All existing keys can be found using /"az synapse workspace key list/" cmdlet.') with self.argument_context('synapse workspace key create') as c: c.argument('key_identifier', help='The Key Vault Url of the workspace encryption key. should be in the format of: https://{keyvaultname}.vault.azure.net/keys/{keyname}.') + with self.argument_context('synapse workspace key update') as c: + c.argument('key_identifier', help='The Key Vault Url of the workspace encryption key. should be in the format of: https://{keyvaultname}.vault.azure.net/keys/{keyname}.') + c.argument('is_active', arg_type=get_three_state_flag(), help='Set True to change the workspace state from pending to success state.') + # synapse workspace managed-identity with self.argument_context('synapse workspace managed-identity') as c: c.argument('workspace_name', id_part='name', help='The workspace name.') diff --git a/src/azure-cli/azure/cli/command_modules/synapse/commands.py b/src/azure-cli/azure/cli/command_modules/synapse/commands.py index 585647e0247..79bf5d6afc5 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/commands.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/commands.py @@ -329,6 +329,7 @@ def get_custom_sdk(custom_module, client_factory): g.command('list', 'list_by_workspace') g.show_command('show', 'get') g.custom_command('create', 'create_workspace_key', supports_no_wait=True) + g.custom_command('update', 'update_workspace_key', supports_no_wait=True) g.command('delete', 'delete', confirmation=True, supports_no_wait=True) g.wait_command('wait') diff --git a/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py b/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py index 6c19e67085e..30bdd938659 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py @@ -55,9 +55,6 @@ def update_workspace(cmd, client, resource_group_name, workspace_name, sql_admin workspace_key_detail = WorkspaceKeyDetails(name=key_name, key_vault_url=key_identifier) encryption = EncryptionDetails(cmk=CustomerManagedKeyDetails(key=workspace_key_detail)) - if allowed_aad_tenant_ids is not None and "None" in allowed_aad_tenant_ids: - allowed_aad_tenant_ids = [] - updated_vnet_settings = ManagedVirtualNetworkSettings(allowed_aad_tenant_ids_for_linking=allowed_aad_tenant_ids) if allowed_aad_tenant_ids is not None else None workspace_patch_info = WorkspacePatchInfo(tags=tags, sql_admin_login_password=sql_admin_login_password, encryption=encryption, managed_virtual_network_settings=updated_vnet_settings) return sdk_no_wait(no_wait, client.update, resource_group_name, workspace_name, workspace_patch_info) @@ -96,8 +93,9 @@ def create_workspace_key(cmd, client, resource_group_name, workspace_name, key_n return sdk_no_wait(no_wait, client.create_or_update, resource_group_name, workspace_name, key_name=key_name, key_vault_url=key_identifier) -def activate_workspace(cmd, client, resource_group_name, workspace_name, key_name, key_identifier, no_wait=False): - return sdk_no_wait(no_wait, client.create_or_update, resource_group_name, workspace_name, is_active_cmk=True, key_name=key_name, key_vault_url=key_identifier) + +def update_workspace_key(cmd, client, resource_group_name, workspace_name, key_name, key_identifier, is_active=False, no_wait=False): + return sdk_no_wait(no_wait, client.create_or_update, resource_group_name, workspace_name, is_active_cmk=is_active, key_name=key_name, key_vault_url=key_identifier) def grant_sql_access_to_managed_identity(cmd, client, resource_group_name, workspace_name, no_wait=False): From 809e79eceed150067c42d7105c9c1775871cfff7 Mon Sep 17 00:00:00 2001 From: sunsw1994 Date: Thu, 21 Jan 2021 13:29:27 +0800 Subject: [PATCH 10/13] fix ci issuses --- src/azure-cli/azure/cli/command_modules/synapse/commands.py | 1 - .../azure/cli/command_modules/synapse/operations/workspace.py | 1 - 2 files changed, 2 deletions(-) diff --git a/src/azure-cli/azure/cli/command_modules/synapse/commands.py b/src/azure-cli/azure/cli/command_modules/synapse/commands.py index 79bf5d6afc5..cc50e57c645 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/commands.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/commands.py @@ -182,7 +182,6 @@ def get_custom_sdk(custom_module, client_factory): g.show_command('show', 'get') g.custom_command('list', 'list_workspaces') g.custom_command('create', 'create_workspace', supports_no_wait=True) - g.custom_command('activate', 'activate_workspace', client_factory=cf_synapse_client_cmk_factory, supports_no_wait=True) g.custom_command('update', 'update_workspace', supports_no_wait=True) g.custom_command('check-name', 'custom_check_name_availability', command_type=synapse_operations_sdk, diff --git a/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py b/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py index 30bdd938659..2937c4d7bd4 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py @@ -93,7 +93,6 @@ def create_workspace_key(cmd, client, resource_group_name, workspace_name, key_n return sdk_no_wait(no_wait, client.create_or_update, resource_group_name, workspace_name, key_name=key_name, key_vault_url=key_identifier) - def update_workspace_key(cmd, client, resource_group_name, workspace_name, key_name, key_identifier, is_active=False, no_wait=False): return sdk_no_wait(no_wait, client.create_or_update, resource_group_name, workspace_name, is_active_cmk=is_active, key_name=key_name, key_vault_url=key_identifier) From 4a8819f62b86209fde3444a9d746f48f0ac66d93 Mon Sep 17 00:00:00 2001 From: sunsw1994 Date: Thu, 21 Jan 2021 14:26:22 +0800 Subject: [PATCH 11/13] fix ci issuses --- src/azure-cli/azure/cli/command_modules/synapse/_params.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/azure-cli/azure/cli/command_modules/synapse/_params.py b/src/azure-cli/azure/cli/command_modules/synapse/_params.py index 0aa83160f23..0afdb507a70 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/_params.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/_params.py @@ -73,7 +73,7 @@ def load_arguments(self, _): arg_type=get_three_state_flag(), help='The flag indicates whether enable managed virtual network.') c.argument('enable_data_exfiltration', arg_type=get_three_state_flag(), - help='The flag indicates whether enable data exfiltration.', options_list=['--enable_exfiltration', '--enable_data_exfiltration']) + help='The flag indicates whether enable data exfiltration.', options_list=['--enable-exfiltration', '--enable-data-exfiltration']) with self.argument_context('synapse workspace check-name') as c: c.argument('name', arg_type=name_type, help='The name you wanted to check.') From f52f74ac1f9a87b38d8794dde9d4b85c702045f9 Mon Sep 17 00:00:00 2001 From: sunsw1994 Date: Fri, 22 Jan 2021 09:37:12 +0800 Subject: [PATCH 12/13] add scenario test and test recording --- .../cli/command_modules/synapse/_params.py | 6 +- .../synapse/operations/workspace.py | 14 +- .../recordings/test_workspace_with_cmk.yaml | 2041 +++++++++++++++++ .../tests/latest/test_synapse_scenario.py | 101 + 4 files changed, 2152 insertions(+), 10 deletions(-) create mode 100644 src/azure-cli/azure/cli/command_modules/synapse/tests/latest/recordings/test_workspace_with_cmk.yaml diff --git a/src/azure-cli/azure/cli/command_modules/synapse/_params.py b/src/azure-cli/azure/cli/command_modules/synapse/_params.py index 0afdb507a70..dd1b56491f9 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/_params.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/_params.py @@ -58,7 +58,6 @@ def load_arguments(self, _): help='The sql administrator login password.') c.argument('tags', arg_type=tags_type) c.argument('allowed_aad_tenant_ids', options_list=['--allowed-tenant-ids'], nargs='*', help="The approved Azure AD tenants which outbound data traffic allowed to. The Azure AD tenant of the current user will be included by default. If no argument, will disable all allowed tenant ids.") - c.argument('key_identifier', help='The customer-managed key used to encrypt all data at rest in the workspace. Key identifier should be in the format of: https://{keyvaultname}.vault.azure.net/keys/{keyname}.', options_list=['--key-identifier', '--cmk']) c.argument('key_name', help='The workspace customer-managed key display name. All existing keys can be found using "az synapse workspace key list" cmdlet.') with self.argument_context('synapse workspace create') as c: @@ -72,8 +71,9 @@ def load_arguments(self, _): '--enable-managed-virtual-network'], arg_type=get_three_state_flag(), help='The flag indicates whether enable managed virtual network.') - c.argument('enable_data_exfiltration', arg_type=get_three_state_flag(), - help='The flag indicates whether enable data exfiltration.', options_list=['--enable-exfiltration', '--enable-data-exfiltration']) + c.argument('prevent_data_exfiltration', arg_type=get_three_state_flag(), + help='The flag indicates whether enable data exfiltration.', options_list=['--prevent-exfiltration', '--prevent-data-exfiltration']) + c.argument('key_identifier', help='The customer-managed key used to encrypt all data at rest in the workspace. Key identifier should be in the format of: https://{keyvaultname}.vault.azure.net/keys/{keyname}.', options_list=['--key-identifier', '--cmk']) with self.argument_context('synapse workspace check-name') as c: c.argument('name', arg_type=name_type, help='The name you wanted to check.') diff --git a/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py b/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py index 2937c4d7bd4..1e1b16ef3af 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py @@ -17,7 +17,7 @@ def list_workspaces(cmd, client, resource_group_name=None): def create_workspace(cmd, client, resource_group_name, workspace_name, storage_account, file_system, sql_admin_login_user, sql_admin_login_password, location=None, key_name="default", key_identifier=None, enable_managed_virtual_network=None, - allowed_aad_tenant_ids=None, enable_data_exfiltration=None, tags=None, no_wait=False): + allowed_aad_tenant_ids=None, prevent_data_exfiltration=None, tags=None, no_wait=False): identity_type = "SystemAssigned" identity = ManagedIdentity(type=identity_type) account_url = "https://{}.dfs.{}".format(storage_account, cmd.cli_ctx.cloud.suffixes.storage_endpoint) @@ -29,10 +29,10 @@ def create_workspace(cmd, client, resource_group_name, workspace_name, storage_a encryption = EncryptionDetails(cmk=CustomerManagedKeyDetails(key=workspace_key_detail)) if enable_managed_virtual_network: - if enable_data_exfiltration: - managed_virtual_network_settings = ManagedVirtualNetworkSettings(preventDataExfiltration=True, allowed_aad_tenant_ids_for_linking=allowed_aad_tenant_ids) + if prevent_data_exfiltration: + managed_virtual_network_settings = ManagedVirtualNetworkSettings(prevent_data_exfiltration=True, allowed_aad_tenant_ids_for_linking=allowed_aad_tenant_ids) else: - managed_virtual_network_settings = ManagedVirtualNetworkSettings(preventDataExfiltration=False) + managed_virtual_network_settings = ManagedVirtualNetworkSettings(prevent_data_exfiltration=False) workspace_info = Workspace( identity=identity, @@ -49,10 +49,10 @@ def create_workspace(cmd, client, resource_group_name, workspace_name, storage_a def update_workspace(cmd, client, resource_group_name, workspace_name, sql_admin_login_password=None, - allowed_aad_tenant_ids=None, tags=None, key_name=None, key_identifier=None, no_wait=False): + allowed_aad_tenant_ids=None, tags=None, key_name=None, no_wait=False): encryption = None - if key_name and key_identifier: - workspace_key_detail = WorkspaceKeyDetails(name=key_name, key_vault_url=key_identifier) + if key_name: + workspace_key_detail = WorkspaceKeyDetails(name=key_name) encryption = EncryptionDetails(cmk=CustomerManagedKeyDetails(key=workspace_key_detail)) updated_vnet_settings = ManagedVirtualNetworkSettings(allowed_aad_tenant_ids_for_linking=allowed_aad_tenant_ids) if allowed_aad_tenant_ids is not None else None diff --git a/src/azure-cli/azure/cli/command_modules/synapse/tests/latest/recordings/test_workspace_with_cmk.yaml b/src/azure-cli/azure/cli/command_modules/synapse/tests/latest/recordings/test_workspace_with_cmk.yaml new file mode 100644 index 00000000000..6cf16af5c00 --- /dev/null +++ b/src/azure-cli/azure/cli/command_modules/synapse/tests/latest/recordings/test_workspace_with_cmk.yaml @@ -0,0 +1,2041 @@ +interactions: +- request: + body: '{"location": "eastus", "properties": {"defaultDataLakeStorage": {"accountUrl": + "https://teststorageforsynapsecmk.dfs.core.windows.net", "filesystem": "fs000001"}, + "sqlAdministratorLoginPassword": "Pswd1000002", "sqlAdministratorLogin": "cliuser1", + "managedVirtualNetwork": "default", "encryption": {"cmk": {"key": {"name": "default", + "keyVaultUrl": "https://testcmksoftdelete.vault.azure.net/keys/newcmk"}}}, "managedVirtualNetworkSettings": + {"preventDataExfiltration": true, "allowedAadTenantIdsForLinking": []}}, "identity": + {"type": "SystemAssigned"}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - synapse workspace create + Connection: + - keep-alive + Content-Length: + - '567' + Content-Type: + - application/json; charset=utf-8 + ParameterSetName: + - --name --resource-group --storage-account --file-system --sql-admin-login-user + --sql-admin-login-password --key-identifier --location --enable-managed-vnet + --prevent-exfiltration --allowed-tenant-ids + User-Agent: + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 + azure-mgmt-synapse/0.6.0 Azure-SDK-For-Python AZURECLI/2.16.0 + accept-language: + - en-US + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk?api-version=2019-06-01-preview + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk","location":"eastus","name":"testsynapseworkspacecmk","type":"Microsoft.Synapse/workspaces","identity":{"type":"SystemAssigned","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","principalId":"adc616dd-67f7-4e47-bfb9-ade858d7c92b"},"properties":{"managedVirtualNetwork":"default","connectivityEndpoints":{"web":"https://web.azuresynapse.net?workspace=%2fsubscriptions%2f964c10bb-8a6c-43bc-83d3-6b318c6c7305%2fresourceGroups%2ftestrg%2fproviders%2fMicrosoft.Synapse%2fworkspaces%2ftestsynapseworkspacecmk","dev":"https://testsynapseworkspacecmk.dev.azuresynapse.net","sqlOnDemand":"testsynapseworkspacecmk-ondemand.sql.azuresynapse.net","sql":"testsynapseworkspacecmk.sql.azuresynapse.net"},"managedResourceGroupName":"synapseworkspace-managedrg-bacba1bd-03ae-409e-bfc4-dc2b14c574d5","defaultDataLakeStorage":{"accountUrl":"https://teststorageforsynapsecmk.dfs.core.windows.net","filesystem":"fs000001"},"privateEndpointConnections":[],"workspaceUID":"79171a39-a360-4444-a301-fa6f95a830e9","extraProperties":{"IsScopeEnabled":false,"WorkspaceType":"Normal"},"managedVirtualNetworkSettings":{"preventDataExfiltration":true,"allowedAadTenantIdsForLinking":[]},"encryption":{"doubleEncryptionEnabled":true,"cmk":{"status":"AwaitingUserAction","key":{"name":"default","keyVaultUrl":"https://testcmksoftdelete.vault.azure.net/keys/newcmk"}}},"provisioningState":"Provisioning"}}' + headers: + azure-asyncoperation: + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/operationStatuses/7a39fb2e-4d19-424d-b103-4b6837d91649?api-version=2019-06-01-preview + cache-control: + - no-cache + content-length: + - '1536' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:03:32 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1199' + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - synapse workspace create + Connection: + - keep-alive + ParameterSetName: + - --name --resource-group --storage-account --file-system --sql-admin-login-user + --sql-admin-login-password --key-identifier --location --enable-managed-vnet + --prevent-exfiltration --allowed-tenant-ids + User-Agent: + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 + azure-mgmt-synapse/0.6.0 Azure-SDK-For-Python AZURECLI/2.16.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/operationStatuses/7a39fb2e-4d19-424d-b103-4b6837d91649?api-version=2019-06-01-preview + response: + body: + string: '{"status":"InProgress"}' + headers: + cache-control: + - no-cache + content-length: + - '23' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:04:03 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - synapse workspace create + Connection: + - keep-alive + ParameterSetName: + - --name --resource-group --storage-account --file-system --sql-admin-login-user + --sql-admin-login-password --key-identifier --location --enable-managed-vnet + --prevent-exfiltration --allowed-tenant-ids + User-Agent: + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 + azure-mgmt-synapse/0.6.0 Azure-SDK-For-Python AZURECLI/2.16.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/operationStatuses/7a39fb2e-4d19-424d-b103-4b6837d91649?api-version=2019-06-01-preview + response: + body: + string: '{"status":"InProgress"}' + headers: + cache-control: + - no-cache + content-length: + - '23' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:04:34 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - synapse workspace create + Connection: + - keep-alive + ParameterSetName: + - --name --resource-group --storage-account --file-system --sql-admin-login-user + --sql-admin-login-password --key-identifier --location --enable-managed-vnet + --prevent-exfiltration --allowed-tenant-ids + User-Agent: + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 + azure-mgmt-synapse/0.6.0 Azure-SDK-For-Python AZURECLI/2.16.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/operationStatuses/7a39fb2e-4d19-424d-b103-4b6837d91649?api-version=2019-06-01-preview + response: + body: + string: '{"status":"InProgress"}' + headers: + cache-control: + - no-cache + content-length: + - '23' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:05:04 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - synapse workspace create + Connection: + - keep-alive + ParameterSetName: + - --name --resource-group --storage-account --file-system --sql-admin-login-user + --sql-admin-login-password --key-identifier --location --enable-managed-vnet + --prevent-exfiltration --allowed-tenant-ids + User-Agent: + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 + azure-mgmt-synapse/0.6.0 Azure-SDK-For-Python AZURECLI/2.16.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/operationStatuses/7a39fb2e-4d19-424d-b103-4b6837d91649?api-version=2019-06-01-preview + response: + body: + string: '{"status":"InProgress"}' + headers: + cache-control: + - no-cache + content-length: + - '23' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:05:33 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - synapse workspace create + Connection: + - keep-alive + ParameterSetName: + - --name --resource-group --storage-account --file-system --sql-admin-login-user + --sql-admin-login-password --key-identifier --location --enable-managed-vnet + --prevent-exfiltration --allowed-tenant-ids + User-Agent: + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 + azure-mgmt-synapse/0.6.0 Azure-SDK-For-Python AZURECLI/2.16.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/operationStatuses/7a39fb2e-4d19-424d-b103-4b6837d91649?api-version=2019-06-01-preview + response: + body: + string: '{"status":"InProgress"}' + headers: + cache-control: + - no-cache + content-length: + - '23' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:06:04 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - synapse workspace create + Connection: + - keep-alive + ParameterSetName: + - --name --resource-group --storage-account --file-system --sql-admin-login-user + --sql-admin-login-password --key-identifier --location --enable-managed-vnet + --prevent-exfiltration --allowed-tenant-ids + User-Agent: + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 + azure-mgmt-synapse/0.6.0 Azure-SDK-For-Python AZURECLI/2.16.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/operationStatuses/7a39fb2e-4d19-424d-b103-4b6837d91649?api-version=2019-06-01-preview + response: + body: + string: '{"status":"InProgress"}' + headers: + cache-control: + - no-cache + content-length: + - '23' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:06:34 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - synapse workspace create + Connection: + - keep-alive + ParameterSetName: + - --name --resource-group --storage-account --file-system --sql-admin-login-user + --sql-admin-login-password --key-identifier --location --enable-managed-vnet + --prevent-exfiltration --allowed-tenant-ids + User-Agent: + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 + azure-mgmt-synapse/0.6.0 Azure-SDK-For-Python AZURECLI/2.16.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/operationStatuses/7a39fb2e-4d19-424d-b103-4b6837d91649?api-version=2019-06-01-preview + response: + body: + string: '{"status":"InProgress"}' + headers: + cache-control: + - no-cache + content-length: + - '23' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:07:04 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - synapse workspace create + Connection: + - keep-alive + ParameterSetName: + - --name --resource-group --storage-account --file-system --sql-admin-login-user + --sql-admin-login-password --key-identifier --location --enable-managed-vnet + --prevent-exfiltration --allowed-tenant-ids + User-Agent: + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 + azure-mgmt-synapse/0.6.0 Azure-SDK-For-Python AZURECLI/2.16.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/operationStatuses/7a39fb2e-4d19-424d-b103-4b6837d91649?api-version=2019-06-01-preview + response: + body: + string: '{"status":"InProgress"}' + headers: + cache-control: + - no-cache + content-length: + - '23' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:07:35 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - synapse workspace create + Connection: + - keep-alive + ParameterSetName: + - --name --resource-group --storage-account --file-system --sql-admin-login-user + --sql-admin-login-password --key-identifier --location --enable-managed-vnet + --prevent-exfiltration --allowed-tenant-ids + User-Agent: + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 + azure-mgmt-synapse/0.6.0 Azure-SDK-For-Python AZURECLI/2.16.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/operationStatuses/7a39fb2e-4d19-424d-b103-4b6837d91649?api-version=2019-06-01-preview + response: + body: + string: '{"status":"InProgress"}' + headers: + cache-control: + - no-cache + content-length: + - '23' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:08:05 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - synapse workspace create + Connection: + - keep-alive + ParameterSetName: + - --name --resource-group --storage-account --file-system --sql-admin-login-user + --sql-admin-login-password --key-identifier --location --enable-managed-vnet + --prevent-exfiltration --allowed-tenant-ids + User-Agent: + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 + azure-mgmt-synapse/0.6.0 Azure-SDK-For-Python AZURECLI/2.16.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/operationStatuses/7a39fb2e-4d19-424d-b103-4b6837d91649?api-version=2019-06-01-preview + response: + body: + string: '{"status":"InProgress"}' + headers: + cache-control: + - no-cache + content-length: + - '23' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:08:36 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - synapse workspace create + Connection: + - keep-alive + ParameterSetName: + - --name --resource-group --storage-account --file-system --sql-admin-login-user + --sql-admin-login-password --key-identifier --location --enable-managed-vnet + --prevent-exfiltration --allowed-tenant-ids + User-Agent: + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 + azure-mgmt-synapse/0.6.0 Azure-SDK-For-Python AZURECLI/2.16.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/operationStatuses/7a39fb2e-4d19-424d-b103-4b6837d91649?api-version=2019-06-01-preview + response: + body: + string: '{"status":"InProgress"}' + headers: + cache-control: + - no-cache + content-length: + - '23' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:09:07 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - synapse workspace create + Connection: + - keep-alive + ParameterSetName: + - --name --resource-group --storage-account --file-system --sql-admin-login-user + --sql-admin-login-password --key-identifier --location --enable-managed-vnet + --prevent-exfiltration --allowed-tenant-ids + User-Agent: + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 + azure-mgmt-synapse/0.6.0 Azure-SDK-For-Python AZURECLI/2.16.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/operationStatuses/7a39fb2e-4d19-424d-b103-4b6837d91649?api-version=2019-06-01-preview + response: + body: + string: '{"status":"InProgress"}' + headers: + cache-control: + - no-cache + content-length: + - '23' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:09:37 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - synapse workspace create + Connection: + - keep-alive + ParameterSetName: + - --name --resource-group --storage-account --file-system --sql-admin-login-user + --sql-admin-login-password --key-identifier --location --enable-managed-vnet + --prevent-exfiltration --allowed-tenant-ids + User-Agent: + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 + azure-mgmt-synapse/0.6.0 Azure-SDK-For-Python AZURECLI/2.16.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/operationStatuses/7a39fb2e-4d19-424d-b103-4b6837d91649?api-version=2019-06-01-preview + response: + body: + string: '{"status":"InProgress"}' + headers: + cache-control: + - no-cache + content-length: + - '23' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:10:07 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - synapse workspace create + Connection: + - keep-alive + ParameterSetName: + - --name --resource-group --storage-account --file-system --sql-admin-login-user + --sql-admin-login-password --key-identifier --location --enable-managed-vnet + --prevent-exfiltration --allowed-tenant-ids + User-Agent: + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 + azure-mgmt-synapse/0.6.0 Azure-SDK-For-Python AZURECLI/2.16.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/operationStatuses/7a39fb2e-4d19-424d-b103-4b6837d91649?api-version=2019-06-01-preview + response: + body: + string: '{"status":"InProgress"}' + headers: + cache-control: + - no-cache + content-length: + - '23' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:10:37 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - synapse workspace create + Connection: + - keep-alive + ParameterSetName: + - --name --resource-group --storage-account --file-system --sql-admin-login-user + --sql-admin-login-password --key-identifier --location --enable-managed-vnet + --prevent-exfiltration --allowed-tenant-ids + User-Agent: + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 + azure-mgmt-synapse/0.6.0 Azure-SDK-For-Python AZURECLI/2.16.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/operationStatuses/7a39fb2e-4d19-424d-b103-4b6837d91649?api-version=2019-06-01-preview + response: + body: + string: '{"status":"Succeeded"}' + headers: + cache-control: + - no-cache + content-length: + - '22' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:11:08 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - synapse workspace create + Connection: + - keep-alive + ParameterSetName: + - --name --resource-group --storage-account --file-system --sql-admin-login-user + --sql-admin-login-password --key-identifier --location --enable-managed-vnet + --prevent-exfiltration --allowed-tenant-ids + User-Agent: + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 + azure-mgmt-synapse/0.6.0 Azure-SDK-For-Python AZURECLI/2.16.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk?api-version=2019-06-01-preview + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk","location":"eastus","name":"testsynapseworkspacecmk","type":"Microsoft.Synapse/workspaces","identity":{"type":"SystemAssigned","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","principalId":"adc616dd-67f7-4e47-bfb9-ade858d7c92b"},"properties":{"managedVirtualNetwork":"default","connectivityEndpoints":{"web":"https://web.azuresynapse.net?workspace=%2fsubscriptions%2f964c10bb-8a6c-43bc-83d3-6b318c6c7305%2fresourceGroups%2ftestrg%2fproviders%2fMicrosoft.Synapse%2fworkspaces%2ftestsynapseworkspacecmk","dev":"https://testsynapseworkspacecmk.dev.azuresynapse.net","sqlOnDemand":"testsynapseworkspacecmk-ondemand.sql.azuresynapse.net","sql":"testsynapseworkspacecmk.sql.azuresynapse.net"},"managedResourceGroupName":"synapseworkspace-managedrg-bacba1bd-03ae-409e-bfc4-dc2b14c574d5","defaultDataLakeStorage":{"accountUrl":"https://teststorageforsynapsecmk.dfs.core.windows.net","filesystem":"fs000001"},"sqlAdministratorLogin":"cliuser1","privateEndpointConnections":[],"workspaceUID":"79171a39-a360-4444-a301-fa6f95a830e9","extraProperties":{"IsScopeEnabled":false,"WorkspaceType":"Normal"},"managedVirtualNetworkSettings":{"preventDataExfiltration":true,"allowedAadTenantIdsForLinking":[]},"encryption":{"doubleEncryptionEnabled":true,"cmk":{"status":"AwaitingUserAction","key":{"name":"default","keyVaultUrl":"https://testcmksoftdelete.vault.azure.net/keys/newcmk"}}},"provisioningState":"Succeeded"}}' + headers: + cache-control: + - no-cache + content-length: + - '1568' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:11:08 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - keyvault set-policy + Connection: + - keep-alive + ParameterSetName: + - --name --object-id --key-permissions + User-Agent: + - AZURECLI/2.16.0 azsdk-python-azure-mgmt-keyvault/8.0.0 Python/3.8.3 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resources?$filter=resourceType%20eq%20%27Microsoft.KeyVault%2Fvaults%27&api-version=2015-11-01 + response: + body: + string: '{"value":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/adkorlep-devrp/providers/Microsoft.KeyVault/vaults/adkorlep-test","name":"adkorlep-test","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/hdi-developers/providers/Microsoft.KeyVault/vaults/hdi-devrp","name":"hdi-devrp","type":"Microsoft.KeyVault/vaults","location":"westus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/hdi-developers/providers/Microsoft.KeyVault/vaults/hdi-onboarding","name":"hdi-onboarding","type":"Microsoft.KeyVault/vaults","location":"westus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/HDI-EV2-Rollout-Test/providers/Microsoft.KeyVault/vaults/hdi-ev2-rollout-test1","name":"hdi-ev2-rollout-test1","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/HDICP-ESP-ENV/providers/Microsoft.KeyVault/vaults/ESPENV","name":"ESPENV","type":"Microsoft.KeyVault/vaults","location":"westus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/hdiInternal-EastUS/providers/Microsoft.KeyVault/vaults/hdieastus31e81","name":"hdieastus31e81","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/hdiInternal-WestUS/providers/Microsoft.KeyVault/vaults/hdiwestus34e82","name":"hdiwestus34e82","type":"Microsoft.KeyVault/vaults","location":"westus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/karkrish/providers/Microsoft.KeyVault/vaults/byokkv1102","name":"byokkv1102","type":"Microsoft.KeyVault/vaults","location":"eastus2euap","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/karthik-eastus2/providers/Microsoft.KeyVault/vaults/karthik-cert-kv","name":"karthik-cert-kv","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/martin-rg/providers/Microsoft.KeyVault/vaults/mawolfenApKv","name":"mawolfenApKv","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/martin-rg/providers/Microsoft.KeyVault/vaults/mawolfenRbacKv","name":"mawolfenRbacKv","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mktestrg/providers/Microsoft.KeyVault/vaults/mktestvalut123","name":"mktestvalut123","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/nabikhchdevrprg/providers/Microsoft.KeyVault/vaults/nabikhch-test-kv","name":"nabikhch-test-kv","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ngzerotouchtest/providers/Microsoft.KeyVault/vaults/ngcert123test","name":"ngcert123test","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/nisgoel-devrp/providers/Microsoft.KeyVault/vaults/ngcerts","name":"ngcerts","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ReddyRG/providers/Microsoft.KeyVault/vaults/reddytest","name":"reddytest","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.KeyVault/vaults/testcmksoftdelete","name":"testcmksoftdelete","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.KeyVault/vaults/testsynapsecmk","name":"testsynapsecmk","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.KeyVault/vaults/test-testsas","name":"test-testsas","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.KeyVault/vaults/testml9680309920","name":"testml9680309920","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.KeyVault/vaults/tertatgsgasgasg","name":"tertatgsgasgasg","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/x1rg/providers/Microsoft.KeyVault/vaults/x1kv0925","name":"x1kv0925","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/x1rg/providers/Microsoft.KeyVault/vaults/x1kvwmsi","name":"x1kvwmsi","type":"Microsoft.KeyVault/vaults","location":"eastasia","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/yalu6-ev2rp/providers/Microsoft.KeyVault/vaults/hdi-yalu6-test3","name":"hdi-yalu6-test3","type":"Microsoft.KeyVault/vaults","location":"eastus2","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/zzy-test-rg/providers/Microsoft.KeyVault/vaults/zzykeyvaultforvmss","name":"zzykeyvaultforvmss","type":"Microsoft.KeyVault/vaults","location":"canadaeast","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/zzy-test-rg/providers/Microsoft.KeyVault/vaults/zzytestkeyvault","name":"zzytestkeyvault","type":"Microsoft.KeyVault/vaults","location":"southcentralus","tags":{}}]}' + headers: + cache-control: + - no-cache + content-length: + - '5947' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:11:10 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - keyvault set-policy + Connection: + - keep-alive + ParameterSetName: + - --name --object-id --key-permissions + User-Agent: + - AZURECLI/2.16.0 azsdk-python-azure-mgmt-keyvault/8.0.0 Python/3.8.3 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.KeyVault/vaults/testcmksoftdelete?api-version=2019-09-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.KeyVault/vaults/testcmksoftdelete","name":"testcmksoftdelete","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{},"properties":{"sku":{"family":"A","name":"Standard"},"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","accessPolicies":[{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","objectId":"a3dce655-d019-49d7-99d2-5a7f6b6421fc","permissions":{"keys":["Get","UnwrapKey","WrapKey"],"secrets":[],"certificates":[]}},{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","objectId":"5e4102d6-d956-4205-a6a9-b3a0f73f195f","permissions":{"keys":["Get","WrapKey","UnwrapKey"],"secrets":[],"certificates":[]}},{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","objectId":"6ae2ff4b-4939-4952-a097-d234aad383a3","permissions":{"keys":["Get","List","Update","Create","Import","Delete","Recover","Backup","Restore"],"secrets":["Get","List","Set","Delete","Recover","Backup","Restore"],"certificates":["Get","List","Update","Create","Import","Delete","Recover","Backup","Restore","ManageContacts","ManageIssuers","GetIssuers","ListIssuers","SetIssuers","DeleteIssuers"]}},{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","objectId":"00000000-0000-1111-2222-333333333333","permissions":{"keys":["wrapKey","get","unwrapKey"]}},{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","objectId":"e385c60a-5e71-4b6c-97cd-7bb51d910201","permissions":{"keys":["unwrapKey","get","wrapKey"]}},{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","objectId":"eed677bf-0425-49ee-aee3-f4ae319555b4","permissions":{"keys":["wrapKey","unwrapKey","get"]}}],"enabledForDeployment":false,"enabledForDiskEncryption":false,"enabledForTemplateDeployment":false,"enableSoftDelete":true,"softDeleteRetentionInDays":90,"enableRbacAuthorization":false,"enablePurgeProtection":true,"vaultUri":"https://testcmksoftdelete.vault.azure.net/","provisioningState":"Succeeded"}}' + headers: + cache-control: + - no-cache + content-length: + - '1955' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:11:11 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-keyvault-service-version: + - 1.1.190.0 + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"location": "eastus", "tags": {}, "properties": {"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", + "sku": {"family": "A", "name": "Standard"}, "accessPolicies": [{"tenantId": + "72f988bf-86f1-41af-91ab-2d7cd011db47", "objectId": "a3dce655-d019-49d7-99d2-5a7f6b6421fc", + "permissions": {"keys": ["Get", "UnwrapKey", "WrapKey"], "secrets": [], "certificates": + []}}, {"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", "objectId": "5e4102d6-d956-4205-a6a9-b3a0f73f195f", + "permissions": {"keys": ["Get", "WrapKey", "UnwrapKey"], "secrets": [], "certificates": + []}}, {"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", "objectId": "6ae2ff4b-4939-4952-a097-d234aad383a3", + "permissions": {"keys": ["Get", "List", "Update", "Create", "Import", "Delete", + "Recover", "Backup", "Restore"], "secrets": ["Get", "List", "Set", "Delete", + "Recover", "Backup", "Restore"], "certificates": ["Get", "List", "Update", "Create", + "Import", "Delete", "Recover", "Backup", "Restore", "ManageContacts", "ManageIssuers", + "GetIssuers", "ListIssuers", "SetIssuers", "DeleteIssuers"]}}, {"tenantId": + "72f988bf-86f1-41af-91ab-2d7cd011db47", "objectId": "00000000-0000-1111-2222-333333333333", + "permissions": {"keys": ["wrapKey", "get", "unwrapKey"]}}, {"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", + "objectId": "e385c60a-5e71-4b6c-97cd-7bb51d910201", "permissions": {"keys": + ["unwrapKey", "get", "wrapKey"]}}, {"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", + "objectId": "eed677bf-0425-49ee-aee3-f4ae319555b4", "permissions": {"keys": + ["wrapKey", "unwrapKey", "get"]}}, {"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", + "objectId": "adc616dd-67f7-4e47-bfb9-ade858d7c92b", "permissions": {"keys": + ["get", "wrapKey", "unwrapKey"]}}], "vaultUri": "https://testcmksoftdelete.vault.azure.net/", + "enabledForDeployment": false, "enabledForDiskEncryption": false, "enabledForTemplateDeployment": + false, "enableSoftDelete": true, "softDeleteRetentionInDays": 90, "enableRbacAuthorization": + false, "enablePurgeProtection": true}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - keyvault set-policy + Connection: + - keep-alive + Content-Length: + - '2004' + Content-Type: + - application/json + ParameterSetName: + - --name --object-id --key-permissions + User-Agent: + - AZURECLI/2.16.0 azsdk-python-azure-mgmt-keyvault/8.0.0 Python/3.8.3 (Windows-10-10.0.19041-SP0) + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.KeyVault/vaults/testcmksoftdelete?api-version=2019-09-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.KeyVault/vaults/testcmksoftdelete","name":"testcmksoftdelete","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{},"properties":{"sku":{"family":"A","name":"Standard"},"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","accessPolicies":[{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","objectId":"a3dce655-d019-49d7-99d2-5a7f6b6421fc","permissions":{"keys":["Get","UnwrapKey","WrapKey"],"secrets":[],"certificates":[]}},{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","objectId":"5e4102d6-d956-4205-a6a9-b3a0f73f195f","permissions":{"keys":["Get","WrapKey","UnwrapKey"],"secrets":[],"certificates":[]}},{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","objectId":"6ae2ff4b-4939-4952-a097-d234aad383a3","permissions":{"keys":["Get","List","Update","Create","Import","Delete","Recover","Backup","Restore"],"secrets":["Get","List","Set","Delete","Recover","Backup","Restore"],"certificates":["Get","List","Update","Create","Import","Delete","Recover","Backup","Restore","ManageContacts","ManageIssuers","GetIssuers","ListIssuers","SetIssuers","DeleteIssuers"]}},{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","objectId":"00000000-0000-1111-2222-333333333333","permissions":{"keys":["wrapKey","get","unwrapKey"]}},{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","objectId":"e385c60a-5e71-4b6c-97cd-7bb51d910201","permissions":{"keys":["unwrapKey","get","wrapKey"]}},{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","objectId":"eed677bf-0425-49ee-aee3-f4ae319555b4","permissions":{"keys":["wrapKey","unwrapKey","get"]}},{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","objectId":"adc616dd-67f7-4e47-bfb9-ade858d7c92b","permissions":{"keys":["get","wrapKey","unwrapKey"]}}],"enabledForDeployment":false,"enabledForDiskEncryption":false,"enabledForTemplateDeployment":false,"enableSoftDelete":true,"softDeleteRetentionInDays":90,"enableRbacAuthorization":false,"enablePurgeProtection":true,"vaultUri":"https://testcmksoftdelete.vault.azure.net/","provisioningState":"Succeeded"}}' + headers: + cache-control: + - no-cache + content-length: + - '2110' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:11:11 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-keyvault-service-version: + - 1.1.190.0 + x-ms-ratelimit-remaining-subscription-writes: + - '1196' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"properties": {"isActiveCMK": true, "keyVaultUrl": "https://testcmksoftdelete.vault.azure.net/keys/newcmk"}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - synapse workspace key update + Connection: + - keep-alive + Content-Length: + - '109' + Content-Type: + - application/json; charset=utf-8 + ParameterSetName: + - --name --key-identifier --is-active --resource-group --workspace-name + User-Agent: + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 + azure-mgmt-synapse/0.6.0 Azure-SDK-For-Python AZURECLI/2.16.0 + accept-language: + - en-US + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/keys/default?api-version=2019-06-01-preview + response: + body: + string: '{"properties":{"keyVaultUrl":"https://testcmksoftdelete.vault.azure.net/keys/newcmk","isActiveCMK":false},"id":"subscriptions/964c10bb-8a6c-43bc-83d3-6b318c6c7305/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/keys/default","name":"default","type":"Microsoft.Synapse/workspaces/keys","location":"eastus"}' + headers: + cache-control: + - no-cache + content-length: + - '348' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:11:13 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1199' + status: + code: 200 + message: OK +- request: + body: '{"properties": {"keyVaultUrl": "https://testcmksoftdelete.vault.azure.net/keys/newkey"}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - synapse workspace key create + Connection: + - keep-alive + Content-Length: + - '88' + Content-Type: + - application/json; charset=utf-8 + ParameterSetName: + - --name --key-identifier --resource-group --workspace-name + User-Agent: + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 + azure-mgmt-synapse/0.6.0 Azure-SDK-For-Python AZURECLI/2.16.0 + accept-language: + - en-US + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/keys/newkey?api-version=2019-06-01-preview + response: + body: + string: '{"properties":{"keyVaultUrl":"https://testcmksoftdelete.vault.azure.net/keys/newkey","isActiveCMK":false},"id":"subscriptions/964c10bb-8a6c-43bc-83d3-6b318c6c7305/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/keys/newkey","name":"newkey","type":"Microsoft.Synapse/workspaces/keys","location":"eastus"}' + headers: + cache-control: + - no-cache + content-length: + - '346' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:13:15 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1198' + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - keyvault set-policy + Connection: + - keep-alive + ParameterSetName: + - --name --object-id --key-permissions + User-Agent: + - AZURECLI/2.16.0 azsdk-python-azure-mgmt-keyvault/8.0.0 Python/3.8.3 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resources?$filter=resourceType%20eq%20%27Microsoft.KeyVault%2Fvaults%27&api-version=2015-11-01 + response: + body: + string: '{"value":[{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/adkorlep-devrp/providers/Microsoft.KeyVault/vaults/adkorlep-test","name":"adkorlep-test","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/hdi-developers/providers/Microsoft.KeyVault/vaults/hdi-devrp","name":"hdi-devrp","type":"Microsoft.KeyVault/vaults","location":"westus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/hdi-developers/providers/Microsoft.KeyVault/vaults/hdi-onboarding","name":"hdi-onboarding","type":"Microsoft.KeyVault/vaults","location":"westus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/HDI-EV2-Rollout-Test/providers/Microsoft.KeyVault/vaults/hdi-ev2-rollout-test1","name":"hdi-ev2-rollout-test1","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/HDICP-ESP-ENV/providers/Microsoft.KeyVault/vaults/ESPENV","name":"ESPENV","type":"Microsoft.KeyVault/vaults","location":"westus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/hdiInternal-EastUS/providers/Microsoft.KeyVault/vaults/hdieastus31e81","name":"hdieastus31e81","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/hdiInternal-WestUS/providers/Microsoft.KeyVault/vaults/hdiwestus34e82","name":"hdiwestus34e82","type":"Microsoft.KeyVault/vaults","location":"westus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/karkrish/providers/Microsoft.KeyVault/vaults/byokkv1102","name":"byokkv1102","type":"Microsoft.KeyVault/vaults","location":"eastus2euap","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/karthik-eastus2/providers/Microsoft.KeyVault/vaults/karthik-cert-kv","name":"karthik-cert-kv","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/martin-rg/providers/Microsoft.KeyVault/vaults/mawolfenApKv","name":"mawolfenApKv","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/martin-rg/providers/Microsoft.KeyVault/vaults/mawolfenRbacKv","name":"mawolfenRbacKv","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mktestrg/providers/Microsoft.KeyVault/vaults/mktestvalut123","name":"mktestvalut123","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/nabikhchdevrprg/providers/Microsoft.KeyVault/vaults/nabikhch-test-kv","name":"nabikhch-test-kv","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ngzerotouchtest/providers/Microsoft.KeyVault/vaults/ngcert123test","name":"ngcert123test","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/nisgoel-devrp/providers/Microsoft.KeyVault/vaults/ngcerts","name":"ngcerts","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/ReddyRG/providers/Microsoft.KeyVault/vaults/reddytest","name":"reddytest","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.KeyVault/vaults/testcmksoftdelete","name":"testcmksoftdelete","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.KeyVault/vaults/testsynapsecmk","name":"testsynapsecmk","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.KeyVault/vaults/test-testsas","name":"test-testsas","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.KeyVault/vaults/testml9680309920","name":"testml9680309920","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.KeyVault/vaults/tertatgsgasgasg","name":"tertatgsgasgasg","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/x1rg/providers/Microsoft.KeyVault/vaults/x1kv0925","name":"x1kv0925","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/x1rg/providers/Microsoft.KeyVault/vaults/x1kvwmsi","name":"x1kvwmsi","type":"Microsoft.KeyVault/vaults","location":"eastasia","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/yalu6-ev2rp/providers/Microsoft.KeyVault/vaults/hdi-yalu6-test3","name":"hdi-yalu6-test3","type":"Microsoft.KeyVault/vaults","location":"eastus2","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/zzy-test-rg/providers/Microsoft.KeyVault/vaults/zzykeyvaultforvmss","name":"zzykeyvaultforvmss","type":"Microsoft.KeyVault/vaults","location":"canadaeast","tags":{}},{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/zzy-test-rg/providers/Microsoft.KeyVault/vaults/zzytestkeyvault","name":"zzytestkeyvault","type":"Microsoft.KeyVault/vaults","location":"southcentralus","tags":{}}]}' + headers: + cache-control: + - no-cache + content-length: + - '5947' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:13:15 GMT + expires: + - '-1' + pragma: + - no-cache + strict-transport-security: + - max-age=31536000; includeSubDomains + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - keyvault set-policy + Connection: + - keep-alive + ParameterSetName: + - --name --object-id --key-permissions + User-Agent: + - AZURECLI/2.16.0 azsdk-python-azure-mgmt-keyvault/8.0.0 Python/3.8.3 (Windows-10-10.0.19041-SP0) + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.KeyVault/vaults/testcmksoftdelete?api-version=2019-09-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.KeyVault/vaults/testcmksoftdelete","name":"testcmksoftdelete","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{},"properties":{"sku":{"family":"A","name":"Standard"},"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","accessPolicies":[{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","objectId":"a3dce655-d019-49d7-99d2-5a7f6b6421fc","permissions":{"keys":["Get","UnwrapKey","WrapKey"],"secrets":[],"certificates":[]}},{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","objectId":"5e4102d6-d956-4205-a6a9-b3a0f73f195f","permissions":{"keys":["Get","WrapKey","UnwrapKey"],"secrets":[],"certificates":[]}},{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","objectId":"6ae2ff4b-4939-4952-a097-d234aad383a3","permissions":{"keys":["Get","List","Update","Create","Import","Delete","Recover","Backup","Restore"],"secrets":["Get","List","Set","Delete","Recover","Backup","Restore"],"certificates":["Get","List","Update","Create","Import","Delete","Recover","Backup","Restore","ManageContacts","ManageIssuers","GetIssuers","ListIssuers","SetIssuers","DeleteIssuers"]}},{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","objectId":"00000000-0000-1111-2222-333333333333","permissions":{"keys":["wrapKey","get","unwrapKey"]}},{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","objectId":"e385c60a-5e71-4b6c-97cd-7bb51d910201","permissions":{"keys":["unwrapKey","get","wrapKey"]}},{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","objectId":"eed677bf-0425-49ee-aee3-f4ae319555b4","permissions":{"keys":["wrapKey","unwrapKey","get"]}},{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","objectId":"adc616dd-67f7-4e47-bfb9-ade858d7c92b","permissions":{"keys":["get","wrapKey","unwrapKey"]}}],"enabledForDeployment":false,"enabledForDiskEncryption":false,"enabledForTemplateDeployment":false,"enableSoftDelete":true,"softDeleteRetentionInDays":90,"enableRbacAuthorization":false,"enablePurgeProtection":true,"vaultUri":"https://testcmksoftdelete.vault.azure.net/","provisioningState":"Succeeded"}}' + headers: + cache-control: + - no-cache + content-length: + - '2110' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:13:15 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-keyvault-service-version: + - 1.1.190.0 + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: '{"location": "eastus", "tags": {}, "properties": {"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", + "sku": {"family": "A", "name": "Standard"}, "accessPolicies": [{"tenantId": + "72f988bf-86f1-41af-91ab-2d7cd011db47", "objectId": "a3dce655-d019-49d7-99d2-5a7f6b6421fc", + "permissions": {"keys": ["Get", "UnwrapKey", "WrapKey"], "secrets": [], "certificates": + []}}, {"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", "objectId": "5e4102d6-d956-4205-a6a9-b3a0f73f195f", + "permissions": {"keys": ["Get", "WrapKey", "UnwrapKey"], "secrets": [], "certificates": + []}}, {"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", "objectId": "6ae2ff4b-4939-4952-a097-d234aad383a3", + "permissions": {"keys": ["Get", "List", "Update", "Create", "Import", "Delete", + "Recover", "Backup", "Restore"], "secrets": ["Get", "List", "Set", "Delete", + "Recover", "Backup", "Restore"], "certificates": ["Get", "List", "Update", "Create", + "Import", "Delete", "Recover", "Backup", "Restore", "ManageContacts", "ManageIssuers", + "GetIssuers", "ListIssuers", "SetIssuers", "DeleteIssuers"]}}, {"tenantId": + "72f988bf-86f1-41af-91ab-2d7cd011db47", "objectId": "00000000-0000-1111-2222-333333333333", + "permissions": {"keys": ["wrapKey", "get", "unwrapKey"]}}, {"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", + "objectId": "e385c60a-5e71-4b6c-97cd-7bb51d910201", "permissions": {"keys": + ["unwrapKey", "get", "wrapKey"]}}, {"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", + "objectId": "eed677bf-0425-49ee-aee3-f4ae319555b4", "permissions": {"keys": + ["wrapKey", "unwrapKey", "get"]}}, {"tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47", + "objectId": "adc616dd-67f7-4e47-bfb9-ade858d7c92b", "permissions": {"keys": + ["get", "wrapKey", "unwrapKey"]}}], "vaultUri": "https://testcmksoftdelete.vault.azure.net/", + "enabledForDeployment": false, "enabledForDiskEncryption": false, "enabledForTemplateDeployment": + false, "enableSoftDelete": true, "softDeleteRetentionInDays": 90, "enableRbacAuthorization": + false, "enablePurgeProtection": true}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - keyvault set-policy + Connection: + - keep-alive + Content-Length: + - '2004' + Content-Type: + - application/json + ParameterSetName: + - --name --object-id --key-permissions + User-Agent: + - AZURECLI/2.16.0 azsdk-python-azure-mgmt-keyvault/8.0.0 Python/3.8.3 (Windows-10-10.0.19041-SP0) + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.KeyVault/vaults/testcmksoftdelete?api-version=2019-09-01 + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.KeyVault/vaults/testcmksoftdelete","name":"testcmksoftdelete","type":"Microsoft.KeyVault/vaults","location":"eastus","tags":{},"properties":{"sku":{"family":"A","name":"Standard"},"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","accessPolicies":[{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","objectId":"a3dce655-d019-49d7-99d2-5a7f6b6421fc","permissions":{"keys":["Get","UnwrapKey","WrapKey"],"secrets":[],"certificates":[]}},{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","objectId":"5e4102d6-d956-4205-a6a9-b3a0f73f195f","permissions":{"keys":["Get","WrapKey","UnwrapKey"],"secrets":[],"certificates":[]}},{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","objectId":"6ae2ff4b-4939-4952-a097-d234aad383a3","permissions":{"keys":["Get","List","Update","Create","Import","Delete","Recover","Backup","Restore"],"secrets":["Get","List","Set","Delete","Recover","Backup","Restore"],"certificates":["Get","List","Update","Create","Import","Delete","Recover","Backup","Restore","ManageContacts","ManageIssuers","GetIssuers","ListIssuers","SetIssuers","DeleteIssuers"]}},{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","objectId":"00000000-0000-1111-2222-333333333333","permissions":{"keys":["wrapKey","get","unwrapKey"]}},{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","objectId":"e385c60a-5e71-4b6c-97cd-7bb51d910201","permissions":{"keys":["unwrapKey","get","wrapKey"]}},{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","objectId":"eed677bf-0425-49ee-aee3-f4ae319555b4","permissions":{"keys":["wrapKey","unwrapKey","get"]}},{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","objectId":"adc616dd-67f7-4e47-bfb9-ade858d7c92b","permissions":{"keys":["get","wrapKey","unwrapKey"]}}],"enabledForDeployment":false,"enabledForDiskEncryption":false,"enabledForTemplateDeployment":false,"enableSoftDelete":true,"softDeleteRetentionInDays":90,"enableRbacAuthorization":false,"enablePurgeProtection":true,"vaultUri":"https://testcmksoftdelete.vault.azure.net/","provisioningState":"Succeeded"}}' + headers: + cache-control: + - no-cache + content-length: + - '2110' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:13:16 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-IIS/10.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-aspnet-version: + - 4.0.30319 + x-content-type-options: + - nosniff + x-ms-keyvault-service-version: + - 1.1.190.0 + x-ms-ratelimit-remaining-subscription-writes: + - '1198' + x-powered-by: + - ASP.NET + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - synapse workspace key list + Connection: + - keep-alive + ParameterSetName: + - --resource-group --workspace-name + User-Agent: + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 + azure-mgmt-synapse/0.6.0 Azure-SDK-For-Python AZURECLI/2.16.0 + accept-language: + - en-US + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/keys?api-version=2019-06-01-preview + response: + body: + string: '{"value":[{"properties":{"keyVaultUrl":"https://testcmksoftdelete.vault.azure.net/keys/newcmk","isActiveCMK":true},"id":"subscriptions/964c10bb-8a6c-43bc-83d3-6b318c6c7305/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/keys/default","name":"default","type":"Microsoft.Synapse/workspaces/keys","location":"eastus"},{"properties":{"keyVaultUrl":"https://testcmksoftdelete.vault.azure.net/keys/newkey","isActiveCMK":false},"id":"subscriptions/964c10bb-8a6c-43bc-83d3-6b318c6c7305/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/keys/newkey","name":"newkey","type":"Microsoft.Synapse/workspaces/keys","location":"eastus"}]}' + headers: + cache-control: + - no-cache + content-length: + - '706' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:13:17 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - synapse workspace key show + Connection: + - keep-alive + ParameterSetName: + - --name --resource-group --workspace-name + User-Agent: + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 + azure-mgmt-synapse/0.6.0 Azure-SDK-For-Python AZURECLI/2.16.0 + accept-language: + - en-US + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/keys/default?api-version=2019-06-01-preview + response: + body: + string: '{"properties":{"keyVaultUrl":"https://testcmksoftdelete.vault.azure.net/keys/newcmk","isActiveCMK":true},"id":"subscriptions/964c10bb-8a6c-43bc-83d3-6b318c6c7305/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/keys/default","name":"default","type":"Microsoft.Synapse/workspaces/keys","location":"eastus"}' + headers: + cache-control: + - no-cache + content-length: + - '347' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:13:17 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - synapse workspace managed-identity show-sql-access + Connection: + - keep-alive + ParameterSetName: + - --resource-group --workspace-name + User-Agent: + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 + azure-mgmt-synapse/0.6.0 Azure-SDK-For-Python AZURECLI/2.16.0 + accept-language: + - en-US + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/managedIdentitySqlControlSettings/default?api-version=2019-06-01-preview + response: + body: + string: '{"properties":{"grantSqlControlToManagedIdentity":{"desiredState":"Disabled","actualState":"Disabled"}},"id":"subscriptions/964c10bb-8a6c-43bc-83d3-6b318c6c7305/resourcegroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/managedIdentitySqlControlSettings/default","name":"default","type":"Microsoft.Synapse/workspaces/managedIdentitySqlControlSettings"}' + headers: + cache-control: + - no-cache + content-length: + - '384' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:13:19 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: '{"properties": {"grantSqlControlToManagedIdentity": {"desiredState": "Enabled"}}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - synapse workspace managed-identity grant-sql-access + Connection: + - keep-alive + Content-Length: + - '81' + Content-Type: + - application/json; charset=utf-8 + ParameterSetName: + - --resource-group --workspace-name + User-Agent: + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 + azure-mgmt-synapse/0.6.0 Azure-SDK-For-Python AZURECLI/2.16.0 + accept-language: + - en-US + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/managedIdentitySqlControlSettings/default?api-version=2019-06-01-preview + response: + body: + string: '{"properties":{"grantSqlControlToManagedIdentity":{"desiredState":"Enabled","actualState":"Enabling"}},"id":"subscriptions/964c10bb-8a6c-43bc-83d3-6b318c6c7305/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/managedIdentitySqlControlSettings/default","name":"default","type":"Microsoft.Synapse/workspaces/managedIdentitySqlControlSettings"}' + headers: + azure-asyncoperation: + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/operationStatuses/d064ffcc-9cbe-403e-bbaa-02e343be6a9f?api-version=2019-06-01-preview + cache-control: + - no-cache + content-length: + - '383' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:13:20 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1196' + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - synapse workspace managed-identity grant-sql-access + Connection: + - keep-alive + ParameterSetName: + - --resource-group --workspace-name + User-Agent: + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 + azure-mgmt-synapse/0.6.0 Azure-SDK-For-Python AZURECLI/2.16.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/operationStatuses/d064ffcc-9cbe-403e-bbaa-02e343be6a9f?api-version=2019-06-01-preview + response: + body: + string: '{"status":"Succeeded"}' + headers: + cache-control: + - no-cache + content-length: + - '22' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:13:51 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - synapse workspace managed-identity grant-sql-access + Connection: + - keep-alive + ParameterSetName: + - --resource-group --workspace-name + User-Agent: + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 + azure-mgmt-synapse/0.6.0 Azure-SDK-For-Python AZURECLI/2.16.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/managedIdentitySqlControlSettings/default?api-version=2019-06-01-preview + response: + body: + string: '{"properties":{"grantSqlControlToManagedIdentity":{"desiredState":"Enabled","actualState":"Enabled"}},"id":"subscriptions/964c10bb-8a6c-43bc-83d3-6b318c6c7305/resourcegroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/managedIdentitySqlControlSettings/default","name":"default","type":"Microsoft.Synapse/workspaces/managedIdentitySqlControlSettings"}' + headers: + cache-control: + - no-cache + content-length: + - '382' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:13:52 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: '{"properties": {"grantSqlControlToManagedIdentity": {"desiredState": "Disabled"}}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - synapse workspace managed-identity revoke-sql-access + Connection: + - keep-alive + Content-Length: + - '82' + Content-Type: + - application/json; charset=utf-8 + ParameterSetName: + - --resource-group --workspace-name + User-Agent: + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 + azure-mgmt-synapse/0.6.0 Azure-SDK-For-Python AZURECLI/2.16.0 + accept-language: + - en-US + method: PUT + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/managedIdentitySqlControlSettings/default?api-version=2019-06-01-preview + response: + body: + string: '{"properties":{"grantSqlControlToManagedIdentity":{"desiredState":"Disabled","actualState":"Disabling"}},"id":"subscriptions/964c10bb-8a6c-43bc-83d3-6b318c6c7305/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/managedIdentitySqlControlSettings/default","name":"default","type":"Microsoft.Synapse/workspaces/managedIdentitySqlControlSettings"}' + headers: + azure-asyncoperation: + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/operationStatuses/3e8b1c6e-21dd-4651-9813-3b739fbd88a2?api-version=2019-06-01-preview + cache-control: + - no-cache + content-length: + - '385' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:13:55 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1198' + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - synapse workspace managed-identity revoke-sql-access + Connection: + - keep-alive + ParameterSetName: + - --resource-group --workspace-name + User-Agent: + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 + azure-mgmt-synapse/0.6.0 Azure-SDK-For-Python AZURECLI/2.16.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/operationStatuses/3e8b1c6e-21dd-4651-9813-3b739fbd88a2?api-version=2019-06-01-preview + response: + body: + string: '{"status":"Succeeded"}' + headers: + cache-control: + - no-cache + content-length: + - '22' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:14:25 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - synapse workspace managed-identity revoke-sql-access + Connection: + - keep-alive + ParameterSetName: + - --resource-group --workspace-name + User-Agent: + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 + azure-mgmt-synapse/0.6.0 Azure-SDK-For-Python AZURECLI/2.16.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/managedIdentitySqlControlSettings/default?api-version=2019-06-01-preview + response: + body: + string: '{"properties":{"grantSqlControlToManagedIdentity":{"desiredState":"Disabled","actualState":"Disabled"}},"id":"subscriptions/964c10bb-8a6c-43bc-83d3-6b318c6c7305/resourcegroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/managedIdentitySqlControlSettings/default","name":"default","type":"Microsoft.Synapse/workspaces/managedIdentitySqlControlSettings"}' + headers: + cache-control: + - no-cache + content-length: + - '384' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:14:25 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: '{"properties": {"encryption": {"cmk": {"key": {"name": "newkey"}}}}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - synapse workspace update + Connection: + - keep-alive + Content-Length: + - '68' + Content-Type: + - application/json; charset=utf-8 + ParameterSetName: + - --resource-group --name --key-name + User-Agent: + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 + azure-mgmt-synapse/0.6.0 Azure-SDK-For-Python AZURECLI/2.16.0 + accept-language: + - en-US + method: PATCH + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk?api-version=2019-06-01-preview + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk","location":"eastus","name":"testsynapseworkspacecmk","type":"Microsoft.Synapse/workspaces","identity":{"type":"SystemAssigned","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","principalId":"adc616dd-67f7-4e47-bfb9-ade858d7c92b"},"properties":{"managedVirtualNetwork":"default","connectivityEndpoints":{"web":"https://web.azuresynapse.net?workspace=%2fsubscriptions%2f964c10bb-8a6c-43bc-83d3-6b318c6c7305%2fresourceGroups%2ftestrg%2fproviders%2fMicrosoft.Synapse%2fworkspaces%2ftestsynapseworkspacecmk","dev":"https://testsynapseworkspacecmk.dev.azuresynapse.net","sqlOnDemand":"testsynapseworkspacecmk-ondemand.sql.azuresynapse.net","sql":"testsynapseworkspacecmk.sql.azuresynapse.net"},"managedResourceGroupName":"synapseworkspace-managedrg-bacba1bd-03ae-409e-bfc4-dc2b14c574d5","defaultDataLakeStorage":{"accountUrl":"https://teststorageforsynapsecmk.dfs.core.windows.net","filesystem":"fs000001"},"sqlAdministratorLogin":"cliuser1","privateEndpointConnections":[],"workspaceUID":"79171a39-a360-4444-a301-fa6f95a830e9","extraProperties":{"IsScopeEnabled":false,"WorkspaceType":"Normal"},"managedVirtualNetworkSettings":{"preventDataExfiltration":true,"allowedAadTenantIdsForLinking":[]},"encryption":{"doubleEncryptionEnabled":true,"cmk":{"status":"Updating","key":{"name":"newkey","keyVaultUrl":"https://testcmksoftdelete.vault.azure.net/keys/newkey"}}},"provisioningState":"Provisioning"}}' + headers: + azure-asyncoperation: + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/operationStatuses/f8b7fbf0-3094-43c9-81ae-2e9aaa15a4d4?api-version=2019-06-01-preview + cache-control: + - no-cache + content-length: + - '1560' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:14:28 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1199' + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - synapse workspace update + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --key-name + User-Agent: + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 + azure-mgmt-synapse/0.6.0 Azure-SDK-For-Python AZURECLI/2.16.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/operationStatuses/f8b7fbf0-3094-43c9-81ae-2e9aaa15a4d4?api-version=2019-06-01-preview + response: + body: + string: '{"status":"Succeeded"}' + headers: + cache-control: + - no-cache + content-length: + - '22' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:14:58 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - synapse workspace update + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --key-name + User-Agent: + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 + azure-mgmt-synapse/0.6.0 Azure-SDK-For-Python AZURECLI/2.16.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk?api-version=2019-06-01-preview + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk","location":"eastus","name":"testsynapseworkspacecmk","type":"Microsoft.Synapse/workspaces","identity":{"type":"SystemAssigned","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","principalId":"adc616dd-67f7-4e47-bfb9-ade858d7c92b"},"properties":{"managedVirtualNetwork":"default","connectivityEndpoints":{"web":"https://web.azuresynapse.net?workspace=%2fsubscriptions%2f964c10bb-8a6c-43bc-83d3-6b318c6c7305%2fresourceGroups%2ftestrg%2fproviders%2fMicrosoft.Synapse%2fworkspaces%2ftestsynapseworkspacecmk","dev":"https://testsynapseworkspacecmk.dev.azuresynapse.net","sqlOnDemand":"testsynapseworkspacecmk-ondemand.sql.azuresynapse.net","sql":"testsynapseworkspacecmk.sql.azuresynapse.net"},"managedResourceGroupName":"synapseworkspace-managedrg-bacba1bd-03ae-409e-bfc4-dc2b14c574d5","defaultDataLakeStorage":{"accountUrl":"https://teststorageforsynapsecmk.dfs.core.windows.net","filesystem":"fs000001"},"sqlAdministratorLogin":"cliuser1","privateEndpointConnections":[],"workspaceUID":"79171a39-a360-4444-a301-fa6f95a830e9","extraProperties":{"IsScopeEnabled":false,"WorkspaceType":"Normal"},"managedVirtualNetworkSettings":{"preventDataExfiltration":true,"allowedAadTenantIdsForLinking":[]},"encryption":{"doubleEncryptionEnabled":true,"cmk":{"status":"Updating","key":{"name":"newkey","keyVaultUrl":"https://testcmksoftdelete.vault.azure.net/keys/newkey"}}},"provisioningState":"Succeeded"}}' + headers: + cache-control: + - no-cache + content-length: + - '1557' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:14:59 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: '{"properties": {"managedVirtualNetworkSettings": {"allowedAadTenantIdsForLinking": + ["72f988bf-86f1-41af-91ab-2d7cd011db47"]}}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - synapse workspace update + Connection: + - keep-alive + Content-Length: + - '126' + Content-Type: + - application/json; charset=utf-8 + ParameterSetName: + - --resource-group --name --allowed-tenant-ids + User-Agent: + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 + azure-mgmt-synapse/0.6.0 Azure-SDK-For-Python AZURECLI/2.16.0 + accept-language: + - en-US + method: PATCH + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk?api-version=2019-06-01-preview + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk","location":"eastus","name":"testsynapseworkspacecmk","type":"Microsoft.Synapse/workspaces","identity":{"type":"SystemAssigned","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","principalId":"adc616dd-67f7-4e47-bfb9-ade858d7c92b"},"properties":{"managedVirtualNetwork":"default","connectivityEndpoints":{"web":"https://web.azuresynapse.net?workspace=%2fsubscriptions%2f964c10bb-8a6c-43bc-83d3-6b318c6c7305%2fresourceGroups%2ftestrg%2fproviders%2fMicrosoft.Synapse%2fworkspaces%2ftestsynapseworkspacecmk","dev":"https://testsynapseworkspacecmk.dev.azuresynapse.net","sqlOnDemand":"testsynapseworkspacecmk-ondemand.sql.azuresynapse.net","sql":"testsynapseworkspacecmk.sql.azuresynapse.net"},"managedResourceGroupName":"synapseworkspace-managedrg-bacba1bd-03ae-409e-bfc4-dc2b14c574d5","defaultDataLakeStorage":{"accountUrl":"https://teststorageforsynapsecmk.dfs.core.windows.net","filesystem":"fs000001"},"sqlAdministratorLogin":"cliuser1","privateEndpointConnections":[],"workspaceUID":"79171a39-a360-4444-a301-fa6f95a830e9","extraProperties":{"IsScopeEnabled":false,"WorkspaceType":"Normal"},"managedVirtualNetworkSettings":{"preventDataExfiltration":true,"allowedAadTenantIdsForLinking":["72f988bf-86f1-41af-91ab-2d7cd011db47"]},"encryption":{"doubleEncryptionEnabled":true,"cmk":{"status":"Updating","key":{"name":"newkey","keyVaultUrl":"https://testcmksoftdelete.vault.azure.net/keys/newkey"}}},"provisioningState":"Provisioning"}}' + headers: + azure-asyncoperation: + - https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/operationStatuses/b8a592ae-b9b0-4d12-ac7d-7e998dc32179?api-version=2019-06-01-preview + cache-control: + - no-cache + content-length: + - '1598' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:15:01 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + x-content-type-options: + - nosniff + x-ms-ratelimit-remaining-subscription-writes: + - '1196' + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - synapse workspace update + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --allowed-tenant-ids + User-Agent: + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 + azure-mgmt-synapse/0.6.0 Azure-SDK-For-Python AZURECLI/2.16.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk/operationStatuses/b8a592ae-b9b0-4d12-ac7d-7e998dc32179?api-version=2019-06-01-preview + response: + body: + string: '{"status":"Succeeded"}' + headers: + cache-control: + - no-cache + content-length: + - '22' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:15:33 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + CommandName: + - synapse workspace update + Connection: + - keep-alive + ParameterSetName: + - --resource-group --name --allowed-tenant-ids + User-Agent: + - python/3.8.3 (Windows-10-10.0.19041-SP0) msrest/0.6.18 msrest_azure/0.6.3 + azure-mgmt-synapse/0.6.0 Azure-SDK-For-Python AZURECLI/2.16.0 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk?api-version=2019-06-01-preview + response: + body: + string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testrg/providers/Microsoft.Synapse/workspaces/testsynapseworkspacecmk","location":"eastus","name":"testsynapseworkspacecmk","type":"Microsoft.Synapse/workspaces","identity":{"type":"SystemAssigned","tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","principalId":"adc616dd-67f7-4e47-bfb9-ade858d7c92b"},"properties":{"managedVirtualNetwork":"default","connectivityEndpoints":{"web":"https://web.azuresynapse.net?workspace=%2fsubscriptions%2f964c10bb-8a6c-43bc-83d3-6b318c6c7305%2fresourceGroups%2ftestrg%2fproviders%2fMicrosoft.Synapse%2fworkspaces%2ftestsynapseworkspacecmk","dev":"https://testsynapseworkspacecmk.dev.azuresynapse.net","sqlOnDemand":"testsynapseworkspacecmk-ondemand.sql.azuresynapse.net","sql":"testsynapseworkspacecmk.sql.azuresynapse.net"},"managedResourceGroupName":"synapseworkspace-managedrg-bacba1bd-03ae-409e-bfc4-dc2b14c574d5","defaultDataLakeStorage":{"accountUrl":"https://teststorageforsynapsecmk.dfs.core.windows.net","filesystem":"fs000001"},"sqlAdministratorLogin":"cliuser1","privateEndpointConnections":[],"workspaceUID":"79171a39-a360-4444-a301-fa6f95a830e9","extraProperties":{"IsScopeEnabled":false,"WorkspaceType":"Normal"},"managedVirtualNetworkSettings":{"preventDataExfiltration":true,"allowedAadTenantIdsForLinking":["72f988bf-86f1-41af-91ab-2d7cd011db47"]},"encryption":{"doubleEncryptionEnabled":true,"cmk":{"status":"Updating","key":{"name":"newkey","keyVaultUrl":"https://testcmksoftdelete.vault.azure.net/keys/newkey"}}},"provisioningState":"Succeeded"}}' + headers: + cache-control: + - no-cache + content-length: + - '1595' + content-type: + - application/json; charset=utf-8 + date: + - Thu, 21 Jan 2021 13:15:33 GMT + expires: + - '-1' + pragma: + - no-cache + server: + - Microsoft-HTTPAPI/2.0 + strict-transport-security: + - max-age=31536000; includeSubDomains + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-content-type-options: + - nosniff + status: + code: 200 + message: OK +version: 1 diff --git a/src/azure-cli/azure/cli/command_modules/synapse/tests/latest/test_synapse_scenario.py b/src/azure-cli/azure/cli/command_modules/synapse/tests/latest/test_synapse_scenario.py index 00951c15490..849509fbeae 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/tests/latest/test_synapse_scenario.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/tests/latest/test_synapse_scenario.py @@ -111,6 +111,107 @@ def test_spark_pool(self): self.cmd('az synapse spark pool show --name {spark-pool} --workspace {workspace} --resource-group {rg}', expect_failure=True) + @record_only() + def test_workspace_with_cmk(self): + self.kwargs.update({ + 'location': 'eastus', + 'workspace': 'testsynapseworkspacecmk', + 'rg': 'testrg', + 'storage-account': 'teststorageforsynapsecmk', + 'file-system': self.create_random_name(prefix='fs', length=16), + 'login-user': 'cliuser1', + 'login-password': self.create_random_name(prefix='Pswd1', length=16), + 'key-identifier': 'https://testcmksoftdelete.vault.azure.net/keys/newcmk', + 'new-key-identifier': 'https://testcmksoftdelete.vault.azure.net/keys/newkey', + 'managed-identity': '00000000-0000-1111-2222-333333333333' + }) + + # create workspace supporting cmk, data exfiltration + workspace_cmk = self.cmd( + 'az synapse workspace create --name {workspace} --resource-group {rg} --storage-account {storage-account} ' + '--file-system {file-system} --sql-admin-login-user {login-user} ' + '--sql-admin-login-password {login-password} --key-identifier {key-identifier} ' + ' --location {location} --enable-managed-vnet True --prevent-exfiltration True --allowed-tenant-ids', checks=[ + self.check('name', self.kwargs['workspace']), + self.check('type', 'Microsoft.Synapse/workspaces'), + self.check('provisioningState', 'Succeeded') + ]).get_output_in_json() + + self.kwargs['managed-identity'] = workspace_cmk['identity']['principalId'] + + # set access policy + self.cmd( + 'az keyvault set-policy --name testcmksoftdelete --object-id {managed-identity} --key-permissions get unwrapKey wrapKey ') + + # active workspace + self.cmd( + 'az synapse workspace key update --name default --key-identifier {key-identifier} --is-active True --resource-group {rg} --workspace-name {workspace}', checks=[ + self.check('name', 'default'), + self.check('type', 'Microsoft.Synapse/workspaces/keys') + ]) + import time + time.sleep(120) + + # create workspace key + self.cmd( + 'az synapse workspace key create --name newkey --key-identifier {new-key-identifier} --resource-group {rg} --workspace-name {workspace}', checks=[ + self.check('name', 'newkey'), + self.check('type', 'Microsoft.Synapse/workspaces/keys') + ]) + + # set access policy + self.cmd( + 'az keyvault set-policy --name testcmksoftdelete --object-id {managed-identity} --key-permissions get unwrapKey wrapKey ') + + # list workspace key + self.cmd( + 'az synapse workspace key list --resource-group {rg} --workspace-name {workspace}', checks=[ + self.check('[0].name', 'default'), + self.check('[0].type', 'Microsoft.Synapse/workspaces/keys'), + self.check('[0].keyVaultUrl', self.kwargs['key-identifier']), + ]) + + # show workspace key + self.cmd( + 'az synapse workspace key show --name default --resource-group {rg} --workspace-name {workspace}', checks=[ + self.check('name', 'default'), + self.check('type', 'Microsoft.Synapse/workspaces/keys'), + self.check('keyVaultUrl', self.kwargs['key-identifier']), + ]) + + # show sql access to managed identity + self.cmd( + 'az synapse workspace managed-identity show-sql-access --resource-group {rg} --workspace-name {workspace}', checks=[ + self.check('grantSqlControlToManagedIdentity.actualState', 'Disabled'), + self.check('type', 'Microsoft.Synapse/workspaces/managedIdentitySqlControlSettings') + ]) + + # grant sql access to managed identity + self.cmd( + 'az synapse workspace managed-identity grant-sql-access --resource-group {rg} --workspace-name {workspace}', checks=[ + self.check('grantSqlControlToManagedIdentity.actualState', 'Enabled'), + self.check('type', 'Microsoft.Synapse/workspaces/managedIdentitySqlControlSettings') + ]) + + # invoke sql access to managed identity + self.cmd( + 'az synapse workspace managed-identity revoke-sql-access --resource-group {rg} --workspace-name {workspace}', checks=[ + self.check('grantSqlControlToManagedIdentity.actualState', 'Disabled'), + self.check('type', 'Microsoft.Synapse/workspaces/managedIdentitySqlControlSettings') + ]) + + # switch active key + self.cmd( + 'az synapse workspace update --resource-group {rg} --name {workspace} --key-name newkey ', checks=[ + self.check('encryption.cmk.key.name', 'newkey') + ]) + + # update allowed tenant ids + self.cmd( + 'az synapse workspace update --resource-group {rg} --name {workspace} --allowed-tenant-ids 72f988bf-86f1-41af-91ab-2d7cd011db47 ', checks=[ + self.check('managedVirtualNetworkSettings.allowedAadTenantIdsForLinking[0]', "72f988bf-86f1-41af-91ab-2d7cd011db47") + ]) + @record_only() def test_sql_pool(self): self.kwargs.update({ From f78679a9697b3f996a440be3f0d8663fc0ccc080 Mon Sep 17 00:00:00 2001 From: sunsw1994 Date: Mon, 25 Jan 2021 16:09:25 +0800 Subject: [PATCH 13/13] address comment about disable allowed tenant ids --- .../cli/command_modules/synapse/_params.py | 2 +- .../synapse/operations/workspace.py | 17 +++++++++++++++-- .../tests/latest/test_synapse_scenario.py | 2 +- 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/src/azure-cli/azure/cli/command_modules/synapse/_params.py b/src/azure-cli/azure/cli/command_modules/synapse/_params.py index dd1b56491f9..7e20333e5e9 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/_params.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/_params.py @@ -57,7 +57,7 @@ def load_arguments(self, _): c.argument('sql_admin_login_password', options_list=['--sql-admin-login-password', '-p'], help='The sql administrator login password.') c.argument('tags', arg_type=tags_type) - c.argument('allowed_aad_tenant_ids', options_list=['--allowed-tenant-ids'], nargs='*', help="The approved Azure AD tenants which outbound data traffic allowed to. The Azure AD tenant of the current user will be included by default. If no argument, will disable all allowed tenant ids.") + c.argument('allowed_aad_tenant_ids', options_list=['--allowed-tenant-ids'], nargs='+', help="The approved Azure AD tenants which outbound data traffic allowed to. The Azure AD tenant of the current user will be included by default. Use ""(\'""\' in PowerShell) to disable all allowed tenant ids.") c.argument('key_name', help='The workspace customer-managed key display name. All existing keys can be found using "az synapse workspace key list" cmdlet.') with self.argument_context('synapse workspace create') as c: diff --git a/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py b/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py index 1e1b16ef3af..e34000e81ab 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/operations/workspace.py @@ -24,13 +24,19 @@ def create_workspace(cmd, client, resource_group_name, workspace_name, storage_a default_data_lake_storage = DataLakeStorageAccountDetails(account_url=account_url, filesystem=file_system) encryption = None managed_virtual_network_settings = None + tenant_ids_list = None if key_identifier is not None: workspace_key_detail = WorkspaceKeyDetails(name=key_name, key_vault_url=key_identifier) encryption = EncryptionDetails(cmk=CustomerManagedKeyDetails(key=workspace_key_detail)) + if [''] == allowed_aad_tenant_ids: + tenant_ids_list = [] + else: + tenant_ids_list = allowed_aad_tenant_ids + if enable_managed_virtual_network: if prevent_data_exfiltration: - managed_virtual_network_settings = ManagedVirtualNetworkSettings(prevent_data_exfiltration=True, allowed_aad_tenant_ids_for_linking=allowed_aad_tenant_ids) + managed_virtual_network_settings = ManagedVirtualNetworkSettings(prevent_data_exfiltration=True, allowed_aad_tenant_ids_for_linking=tenant_ids_list) else: managed_virtual_network_settings = ManagedVirtualNetworkSettings(prevent_data_exfiltration=False) @@ -51,11 +57,18 @@ def create_workspace(cmd, client, resource_group_name, workspace_name, storage_a def update_workspace(cmd, client, resource_group_name, workspace_name, sql_admin_login_password=None, allowed_aad_tenant_ids=None, tags=None, key_name=None, no_wait=False): encryption = None + tenant_ids_list = None + if key_name: workspace_key_detail = WorkspaceKeyDetails(name=key_name) encryption = EncryptionDetails(cmk=CustomerManagedKeyDetails(key=workspace_key_detail)) - updated_vnet_settings = ManagedVirtualNetworkSettings(allowed_aad_tenant_ids_for_linking=allowed_aad_tenant_ids) if allowed_aad_tenant_ids is not None else None + if allowed_aad_tenant_ids and '' in allowed_aad_tenant_ids: + tenant_ids_list = [] + else: + tenant_ids_list = allowed_aad_tenant_ids + + updated_vnet_settings = ManagedVirtualNetworkSettings(allowed_aad_tenant_ids_for_linking=tenant_ids_list) if allowed_aad_tenant_ids is not None else None workspace_patch_info = WorkspacePatchInfo(tags=tags, sql_admin_login_password=sql_admin_login_password, encryption=encryption, managed_virtual_network_settings=updated_vnet_settings) return sdk_no_wait(no_wait, client.update, resource_group_name, workspace_name, workspace_patch_info) diff --git a/src/azure-cli/azure/cli/command_modules/synapse/tests/latest/test_synapse_scenario.py b/src/azure-cli/azure/cli/command_modules/synapse/tests/latest/test_synapse_scenario.py index 849509fbeae..a60e7f0832e 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/tests/latest/test_synapse_scenario.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/tests/latest/test_synapse_scenario.py @@ -131,7 +131,7 @@ def test_workspace_with_cmk(self): 'az synapse workspace create --name {workspace} --resource-group {rg} --storage-account {storage-account} ' '--file-system {file-system} --sql-admin-login-user {login-user} ' '--sql-admin-login-password {login-password} --key-identifier {key-identifier} ' - ' --location {location} --enable-managed-vnet True --prevent-exfiltration True --allowed-tenant-ids', checks=[ + ' --location {location} --enable-managed-vnet True --prevent-exfiltration True --allowed-tenant-ids \'""\' ', checks=[ self.check('name', self.kwargs['workspace']), self.check('type', 'Microsoft.Synapse/workspaces'), self.check('provisioningState', 'Succeeded')