{Synapse} az synapse workspace update: Add support for public-network-access

Frankkkkk · Frankkkkk · commit cb73c6be64a7 · 2023-11-14T11:35:47.000+01:00
This adds support for enabling/disabling public network access to the
synapse workspace

Signed-off-by: Frank Villaro-Dixon &lt;frank.villarodixon@merkle.com&gt;
diff --git a/src/azure-cli/azure/cli/command_modules/synapse/manual/_params.py b/src/azure-cli/azure/cli/command_modules/synapse/manual/_params.py
@@ -105,6 +105,7 @@ def load_arguments(self, _):
             c.argument('user_assigned_identity_id', options_list=['--uami-id'], nargs='+', help='The list of User-assigned Managed Identity Id for workspace.')
             c.argument('user_assigned_identity_in_encryption', options_list=['--uami-id-in-encrypt'], help='User assigned identity resource Id used in Workspace Encryption')
             c.argument('use_system_assigned_identity_in_encryption', options_list=['--use-sami-in-encrypt'], help='Whether use System assigned identity in Workspace Encryption. If use uami, please set True.If not, set False')
+            c.argument('public_network_access', arg_type=get_three_state_flag(), help="Whether to enable public network access to the workspace.")
 
     with self.argument_context('synapse workspace create') as c:
         c.argument('location', get_location_type(self.cli_ctx), validator=get_default_location_from_resource_group)
diff --git a/src/azure-cli/azure/cli/command_modules/synapse/manual/operations/workspace.py b/src/azure-cli/azure/cli/command_modules/synapse/manual/operations/workspace.py
@@ -7,7 +7,7 @@
 from azure.mgmt.synapse.models import Workspace, WorkspacePatchInfo, ManagedIdentity, \
     DataLakeStorageAccountDetails, WorkspaceKeyDetails, CustomerManagedKeyDetails, EncryptionDetails, ManagedVirtualNetworkSettings, \
     ManagedIdentitySqlControlSettingsModelPropertiesGrantSqlControlToManagedIdentity, IpFirewallRuleInfo, Key, ManagedIdentitySqlControlSettingsModel, WorkspaceRepositoryConfiguration, \
-    KekIdentityProperties, UserAssignedManagedIdentity
+    KekIdentityProperties, UserAssignedManagedIdentity, WorkspacePublicNetworkAccess
 from azure.mgmt.cdn.models import CheckNameAvailabilityInput
 
 
@@ -102,7 +102,7 @@ def update_workspace(cmd, client, resource_group_name, workspace_name, sql_admin
                      allowed_aad_tenant_ids=None, tags=None, key_name=None, repository_type=None, host_name=None, account_name=None,
                      collaboration_branch=None, repository_name=None, root_folder=None, project_name=None, last_commit_id=None, tenant_id=None,
                      user_assigned_identity_id=None, user_assigned_identity_action=None, user_assigned_identity_in_encryption=None,
-                     use_system_assigned_identity_in_encryption=None, no_wait=False):
+                     use_system_assigned_identity_in_encryption=None, public_network_access=None, no_wait=False):
     encryption = None
     identity = None
     tenant_ids_list = None
@@ -192,8 +192,14 @@ def update_workspace(cmd, client, resource_group_name, workspace_name, sql_admin
                                                                               last_commit_id=last_commit_id,
                                                                               tenant_id=tenant_id)
 
+    if public_network_access is not None:
+        if public_network_access:
+            public_network_access = WorkspacePublicNetworkAccess.ENABLED
+        else:
+            public_network_access = WorkspacePublicNetworkAccess.DISABLED
+
     updated_vnet_settings = ManagedVirtualNetworkSettings(allowed_aad_tenant_ids_for_linking=tenant_ids_list) if allowed_aad_tenant_ids is not None else None
-    workspace_patch_info = WorkspacePatchInfo(tags=tags, sql_administrator_login_password=sql_admin_login_password, encryption=encryption, managed_virtual_network_settings=updated_vnet_settings, workspace_repository_configuration=workspace_repository_configuration, identity=identity)
+    workspace_patch_info = WorkspacePatchInfo(tags=tags, sql_administrator_login_password=sql_admin_login_password, encryption=encryption, managed_virtual_network_settings=updated_vnet_settings, workspace_repository_configuration=workspace_repository_configuration, identity=identity, public_network_access=public_network_access)
     return sdk_no_wait(no_wait, client.begin_update, resource_group_name, workspace_name, workspace_patch_info)
 
 
diff --git a/src/azure-cli/azure/cli/command_modules/synapse/tests/latest/test_synapse_scenario.py b/src/azure-cli/azure/cli/command_modules/synapse/tests/latest/test_synapse_scenario.py
@@ -3177,3 +3177,41 @@ def test_user_assigned_identity_id_workspace(self):
             self.not_exists('identity.userAssignedIdentities[1]')
         ])
 
+    @ResourceGroupPreparer(name_prefix='synapse-cli', random_name_length=16)
+    @StorageAccountPreparer(name_prefix='adlsgen2', length=16, location=location, key='storage-account')
+    def test_workspace_update_network_access(self, resource_group, storage_account):
+        # create a workspace
+        self._create_workspace()
+
+        # check workspace name
+        self.cmd('az synapse workspace check-name --name {workspace}', checks=[
+            self.check('available', False)
+        ])
+
+        # get workspace with workspace name
+        workspace = self.cmd('az synapse workspace show --name {workspace} --resource-group {rg}', checks=[
+            self.check('publicNetworkAccess', True)
+        ]).get_output_in_json()
+        self.kwargs["workspace-id"] = workspace['id']
+
+        # Disable public network access
+        self.cmd('az synapse workspace update --ids {workspace-id} --public_network_access=False', checks=[
+            self.check('publicNetworkAccess', False)
+        ])
+
+        # update tags; shouldn't change network access
+        self.cmd('az synapse workspace update --ids {workspace-id} --tags key1=value1', checks=[
+            self.check('tags.key1', 'value1'),
+            self.check('publicNetworkAccess', False)
+        ])
+
+        # Enable public network access
+        self.cmd('az synapse workspace update --ids {workspace-id} --public_network_access=True', checks=[
+            self.check('publicNetworkAccess', True)
+        ])
+
+        # update tags; shouldn't change network access
+        self.cmd('az synapse workspace update --ids {workspace-id} --tags key1=value2', checks=[
+            self.check('tags.key1', 'value1'),
+            self.check('publicNetworkAccess', True)
+        ])
