Merge pull request #6252 from idear1203/add_ps_support_for_catalog_acls

[ADLA] - Adding PS support for Catalog ACLs (v1)

Author: cormacpayne

src/ResourceManager/DataLakeAnalytics/Commands.DataLakeAnalytics.Test/Commands.DataLakeAnalytics.Test.csproj

@@ -64,7 +64,7 @@
     </Reference>
     <Reference Include="Microsoft.Azure.Management.DataLake.Analytics, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <SpecificVersion>False</SpecificVersion>
-      <HintPath>..\..\..\packages\Microsoft.Azure.Management.DataLake.Analytics.3.1.2-preview\lib\net452\Microsoft.Azure.Management.DataLake.Analytics.dll</HintPath>
+      <HintPath>..\..\..\packages\Microsoft.Azure.Management.DataLake.Analytics.3.3.0-preview\lib\net452\Microsoft.Azure.Management.DataLake.Analytics.dll</HintPath>
       <Private>True</Private>
     </Reference>
     <Reference Include="Microsoft.Azure.Management.DataLake.Store">

src/ResourceManager/DataLakeAnalytics/Commands.DataLakeAnalytics.Test/ScenarioTests/AdlaAliasTests.ps1

@@ -1215,6 +1215,207 @@ function Test-DataLakeAnalyticsCatalog
 		# verify that the second secret cannot be retrieved
 		Assert-Throws {Get-AdlCatalogItem -AccountName $accountName -ItemType Secret -Path "$databaseName.$secretName2"}
 
+		# prepare to grant/revoke ACLs
+		$userPrincipalId = "027c28d5-c91d-49f0-98c5-d10134b169b3"
+		$groupPrincipalId = "58d2027c-d19c-0f94-5c89-1b43101d3b96"
+
+		# get the initial number of ACL by db
+		$aclByDbList = Get-AdlCatalogItemAclEntry -AccountName $accountName -ItemType Database -Path $databaseName
+		$aclByDbInitialCount = $aclByDbList.count
+
+		# get the initial number of ACL by catalog
+		$aclList = Get-AdlCatalogItemAclEntry -AccountName $accountName
+		$aclInitialCount = $aclList.count
+
+		# grant ACL entry for user to the db
+		$aclByDbList = Set-AdlCatalogItemAclEntry -AccountName $accountName -User -Id $userPrincipalId -ItemType Database -Path $databaseName -Permissions Read
+
+		Assert-AreEqual $($aclByDbInitialCount+1) $aclByDbList.count
+		$found = $false
+		foreach($acl in $aclByDbList)
+		{
+			if($acl.Id -eq $userPrincipalId)
+			{
+				# confirm the ACE's information
+				Assert-AreEqual User $acl.Type
+				Assert-AreEqual $userPrincipalId $acl.Id
+				Assert-AreEqual Read $acl.Permissions
+				$found = $true
+				break
+			}
+		}
+
+		Assert-True {$found} "Could not find the entry for $userPrincipalId in the ACL list of $databaseName"
+
+		# revoke ACE for user from the db
+		Assert-True {Remove-AdlCatalogItemAclEntry -AccountName $accountName -User -Id $userPrincipalId -ItemType Database -Path $databaseName -PassThru} "Remove ACE failed."
+
+		$aclByDbList = Get-AdlCatalogItemAclEntry -AccountName $accountName -ItemType Database -Path $databaseName
+		Assert-AreEqual $aclByDbInitialCount $aclByDbList.count
+
+		# grant ACL entry for group to the db
+		$aclByDbList = Set-AdlCatalogItemAclEntry -AccountName $accountName -Group -Id $groupPrincipalId -ItemType Database -Path $databaseName -Permissions Read
+
+		Assert-AreEqual $($aclByDbInitialCount+1) $aclByDbList.count
+		$found = $false
+		foreach($acl in $aclByDbList)
+		{
+			if($acl.Id -eq $groupPrincipalId)
+			{
+				# confirm the ACE's information
+				Assert-AreEqual Group $acl.Type
+				Assert-AreEqual $groupPrincipalId $acl.Id
+				Assert-AreEqual Read $acl.Permissions
+				$found = $true
+				break
+			}
+		}
+
+		Assert-True {$found} "Could not find the entry for $groupPrincipalId in the ACL list of $databaseName"
+
+		# revoke ACE for group from the db
+		Assert-True {Remove-AdlCatalogItemAclEntry -AccountName $accountName -Group -Id $groupPrincipalId -ItemType Database -Path $databaseName -PassThru} "Remove ACE failed."
+
+		$aclByDbList = Get-AdlCatalogItemAclEntry -AccountName $accountName -ItemType Database -Path $databaseName
+		Assert-AreEqual $aclByDbInitialCount $aclByDbList.count
+
+		# set ACL entry for other
+		$aclByDbList = Set-AdlCatalogItemAclEntry -AccountName $accountName -Other -ItemType Database -Path $databaseName -Permissions None
+		Assert-AreEqual $aclByDbInitialCount $aclByDbList.count
+		$found = $false
+		foreach($acl in $aclByDbList)
+		{
+			if($acl.Type -eq "Other")
+			{
+				# confirm the ACE's information
+				Assert-AreEqual None $acl.Permissions
+				$found = $true
+				break
+			}
+		}
+
+		Assert-True {$found} "Could not find the entry for Other in the ACL list of $databaseName"
+
+		$aclByDbList = Set-AdlCatalogItemAclEntry -AccountName $accountName -Other -ItemType Database -Path $databaseName -Permissions Read
+		Assert-AreEqual $aclByDbInitialCount $aclByDbList.count
+		$found = $false
+		foreach($acl in $aclByDbList)
+		{
+			if($acl.Type -eq "Other")
+			{
+				# confirm the ACE's information
+				Assert-AreEqual Read $acl.Permissions
+				$found = $true
+				break
+			}
+		}
+
+		Assert-True {$found} "Could not find the entry for Other in the ACL list of $databaseName"
+
+		# set owner permission to the db
+		$prevDbOwnerAcl = Get-AdlCatalogItemAclEntry -AccountName $accountName -UserOwner -ItemType Database -Path $databaseName
+		Assert-AreNotEqual None $prevDbOwnerAcl.Permissions
+		$currentDbOwnerAcl = Set-AdlCatalogItemAclEntry -AccountName $accountName -UserOwner -ItemType Database -Path $databaseName -Permissions None
+		Assert-AreEqual None $currentDbOwnerAcl.Permissions
+		$prevDbGroupAcl = Get-AdlCatalogItemAclEntry -AccountName $accountName -GroupOwner -ItemType Database -Path $databaseName
+		Assert-AreNotEqual None $prevDbGroupAcl.Permissions
+		$currentDbGroupAcl = Set-AdlCatalogItemAclEntry -AccountName $accountName -GroupOwner -ItemType Database -Path $databaseName -Permissions None
+		Assert-AreEqual None $currentDbGroupAcl.Permissions
+
+		# grant ACE for user to the catalog
+		$aclList = Set-AdlCatalogItemAclEntry -AccountName $accountName -User -Id $userPrincipalId -Permissions Read
+		Assert-AreEqual $($aclInitialCount+1) $aclList.count
+		$found = $false
+		foreach($acl in $aclList)
+		{
+			if($acl.Id -eq $userPrincipalId)
+			{
+				# confirm the ACE's information
+				Assert-AreEqual User $acl.Type
+				Assert-AreEqual $userPrincipalId $acl.Id
+				Assert-AreEqual Read $acl.Permissions
+				$found = $true
+				break
+			}
+		}
+
+		Assert-True {$found} "Could not find the entry for $userPrincipalId in the Catalog ACL list"
+
+		# revoke ACE for user from the catalog
+		Assert-True {Remove-AdlCatalogItemAclEntry -AccountName $accountName -User -Id $userPrincipalId -PassThru} "Remove ACE failed."
+
+		$aclList = Get-AdlCatalogItemAclEntry -AccountName $accountName
+		Assert-AreEqual $aclInitialCount $aclList.count
+
+		# grant ACL entry for group to the catalog
+		$aclList = Set-AdlCatalogItemAclEntry -AccountName $accountName -Group -Id $groupPrincipalId -Permissions Read
+
+		Assert-AreEqual $($aclInitialCount+1) $aclList.count
+		$found = $false
+		foreach($acl in $aclList)
+		{
+			if($acl.Id -eq $groupPrincipalId)
+			{
+				# confirm the ACE's information
+				Assert-AreEqual Group $acl.Type
+				Assert-AreEqual $groupPrincipalId $acl.Id
+				Assert-AreEqual Read $acl.Permissions
+				$found = $true
+				break
+			}
+		}
+
+		Assert-True {$found} "Could not find the entry for $groupPrincipalId in the Catalog ACL list"
+
+		# revoke ACE for group from the catalog
+		Assert-True {Remove-AdlCatalogItemAclEntry -AccountName $accountName -Group -Id $groupPrincipalId -PassThru} "Remove ACE failed."
+
+		$aclList = Get-AdlCatalogItemAclEntry -AccountName $accountName
+		Assert-AreEqual $aclInitialCount $aclList.count
+
+		# set ACL entry for other
+		$aclList = Set-AdlCatalogItemAclEntry -AccountName $accountName -Other -Permissions None
+		Assert-AreEqual $aclInitialCount $aclList.count
+		$found = $false
+		foreach($acl in $aclList)
+		{
+			if($acl.Type -eq "Other")
+			{
+				# confirm the ACE's information
+				Assert-AreEqual None $acl.Permissions
+				$found = $true
+				break
+			}
+		}
+
+		Assert-True {$found} "Could not find the entry for Other in the Catalog ACL list"
+
+		$aclList = Set-AdlCatalogItemAclEntry -AccountName $accountName -Other -Permissions Read
+		Assert-AreEqual $aclInitialCount $aclList.count
+		$found = $false
+		foreach($acl in $aclList)
+		{
+			if($acl.Type -eq "Other")
+			{
+				# confirm the ACE's information
+				Assert-AreEqual Read $acl.Permissions
+				$found = $true
+				break
+			}
+		}
+
+		Assert-True {$found} "Could not find the entry for Other in the Catalog ACL list"
+
+		# set owner permission to the catalog
+		$prevCatalogOwnerAcl = Get-AdlCatalogItemAclEntry -AccountName $accountName -UserOwner
+		Assert-AreNotEqual None $prevCatalogOwnerAcl.Permissions
+		$currentCatalogOwnerAcl = Set-AdlCatalogItemAclEntry -AccountName $accountName -UserOwner -Permissions None
+		Assert-AreEqual None $currentCatalogOwnerAcl.Permissions
+		$prevCatalogGroupAcl = Get-AdlCatalogItemAclEntry -AccountName $accountName -GroupOwner
+		Assert-AreNotEqual None $prevCatalogGroupAcl.Permissions
+		$currentCatalogGroupAcl = Set-AdlCatalogItemAclEntry -AccountName $accountName -GroupOwner -Permissions None
+		Assert-AreEqual None $currentCatalogGroupAcl.Permissions
+
 		# Delete the DataLakeAnalytics account
 		Assert-True {Remove-AdlAnalyticsAccount -ResourceGroupName $resourceGroupName -Name $accountName -Force -PassThru} "Remove Account failed."