diff --git a/src/azure-cli/azure/cli/command_modules/synapse/manual/_params.py b/src/azure-cli/azure/cli/command_modules/synapse/manual/_params.py index f4e8e74a155..694b44fcc12 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/manual/_params.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/manual/_params.py @@ -105,6 +105,7 @@ def load_arguments(self, _): c.argument('user_assigned_identity_id', options_list=['--uami-id'], nargs='+', help='The list of User-assigned Managed Identity Id for workspace.') c.argument('user_assigned_identity_in_encryption', options_list=['--uami-id-in-encrypt'], help='User assigned identity resource Id used in Workspace Encryption') c.argument('use_system_assigned_identity_in_encryption', options_list=['--use-sami-in-encrypt'], help='Whether use System assigned identity in Workspace Encryption. If use uami, please set True.If not, set False') + c.argument('public_network_access', arg_type=get_three_state_flag(), help="Whether to enable public network access to the workspace.") with self.argument_context('synapse workspace create') as c: c.argument('location', get_location_type(self.cli_ctx), validator=get_default_location_from_resource_group) diff --git a/src/azure-cli/azure/cli/command_modules/synapse/manual/operations/workspace.py b/src/azure-cli/azure/cli/command_modules/synapse/manual/operations/workspace.py index 3e2e6e38cba..63cc2b2f8d0 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/manual/operations/workspace.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/manual/operations/workspace.py @@ -7,7 +7,7 @@ from azure.mgmt.synapse.models import Workspace, WorkspacePatchInfo, ManagedIdentity, \ DataLakeStorageAccountDetails, WorkspaceKeyDetails, CustomerManagedKeyDetails, EncryptionDetails, ManagedVirtualNetworkSettings, \ ManagedIdentitySqlControlSettingsModelPropertiesGrantSqlControlToManagedIdentity, IpFirewallRuleInfo, Key, ManagedIdentitySqlControlSettingsModel, WorkspaceRepositoryConfiguration, \ - KekIdentityProperties, UserAssignedManagedIdentity + KekIdentityProperties, UserAssignedManagedIdentity, WorkspacePublicNetworkAccess from azure.mgmt.cdn.models import CheckNameAvailabilityInput @@ -102,7 +102,7 @@ def update_workspace(cmd, client, resource_group_name, workspace_name, sql_admin allowed_aad_tenant_ids=None, tags=None, key_name=None, repository_type=None, host_name=None, account_name=None, collaboration_branch=None, repository_name=None, root_folder=None, project_name=None, last_commit_id=None, tenant_id=None, user_assigned_identity_id=None, user_assigned_identity_action=None, user_assigned_identity_in_encryption=None, - use_system_assigned_identity_in_encryption=None, no_wait=False): + use_system_assigned_identity_in_encryption=None, public_network_access=None, no_wait=False): encryption = None identity = None tenant_ids_list = None @@ -192,8 +192,14 @@ def update_workspace(cmd, client, resource_group_name, workspace_name, sql_admin last_commit_id=last_commit_id, tenant_id=tenant_id) + if public_network_access is not None: + if public_network_access: + public_network_access = WorkspacePublicNetworkAccess.ENABLED + else: + public_network_access = WorkspacePublicNetworkAccess.DISABLED + updated_vnet_settings = ManagedVirtualNetworkSettings(allowed_aad_tenant_ids_for_linking=tenant_ids_list) if allowed_aad_tenant_ids is not None else None - workspace_patch_info = WorkspacePatchInfo(tags=tags, sql_administrator_login_password=sql_admin_login_password, encryption=encryption, managed_virtual_network_settings=updated_vnet_settings, workspace_repository_configuration=workspace_repository_configuration, identity=identity) + workspace_patch_info = WorkspacePatchInfo(tags=tags, sql_administrator_login_password=sql_admin_login_password, encryption=encryption, managed_virtual_network_settings=updated_vnet_settings, workspace_repository_configuration=workspace_repository_configuration, identity=identity, public_network_access=public_network_access) return sdk_no_wait(no_wait, client.begin_update, resource_group_name, workspace_name, workspace_patch_info) diff --git a/src/azure-cli/azure/cli/command_modules/synapse/tests/latest/test_synapse_scenario.py b/src/azure-cli/azure/cli/command_modules/synapse/tests/latest/test_synapse_scenario.py index 69d06c90762..2e638e9496d 100644 --- a/src/azure-cli/azure/cli/command_modules/synapse/tests/latest/test_synapse_scenario.py +++ b/src/azure-cli/azure/cli/command_modules/synapse/tests/latest/test_synapse_scenario.py @@ -3177,3 +3177,41 @@ def test_user_assigned_identity_id_workspace(self): self.not_exists('identity.userAssignedIdentities[1]') ]) + @ResourceGroupPreparer(name_prefix='synapse-cli', random_name_length=16) + @StorageAccountPreparer(name_prefix='adlsgen2', length=16, location=location, key='storage-account') + def test_workspace_update_network_access(self, resource_group, storage_account): + # create a workspace + self._create_workspace() + + # check workspace name + self.cmd('az synapse workspace check-name --name {workspace}', checks=[ + self.check('available', False) + ]) + + # get workspace with workspace name + workspace = self.cmd('az synapse workspace show --name {workspace} --resource-group {rg}', checks=[ + self.check('publicNetworkAccess', True) + ]).get_output_in_json() + self.kwargs["workspace-id"] = workspace['id'] + + # Disable public network access + self.cmd('az synapse workspace update --ids {workspace-id} --public_network_access=False', checks=[ + self.check('publicNetworkAccess', False) + ]) + + # update tags; shouldn't change network access + self.cmd('az synapse workspace update --ids {workspace-id} --tags key1=value1', checks=[ + self.check('tags.key1', 'value1'), + self.check('publicNetworkAccess', False) + ]) + + # Enable public network access + self.cmd('az synapse workspace update --ids {workspace-id} --public_network_access=True', checks=[ + self.check('publicNetworkAccess', True) + ]) + + # update tags; shouldn't change network access + self.cmd('az synapse workspace update --ids {workspace-id} --tags key1=value2', checks=[ + self.check('tags.key1', 'value1'), + self.check('publicNetworkAccess', True) + ])