Container Copy Job implementation for SQL accounts (#2241)

* Initial dev for container copy * remove padding from label * Added Copy Job prerequisites screen * Added hooks to evaluate reader role access * added copyjob pre-requsite screen along with it's validations * Added monitor copy job list screen * added copy job list refresh and reset functionality * remove arm token dependency * fetch account details from account id instead of context * Fix lint & typescript checks * show copyjob screen from portal navigation * adding copy job details screen * remove duplicate code & show sql accounts only * ui fixes for list job page * pending icon * copy job details screen ui * reset .vscode/settings.json * Fixed existing UTs * disabling action buttons until it's in progress * fixed formatting * Adding loader on submit button and show job creation errors in the panel itself * updating disabling action menu item logic * added custom pager * fix lint and ts errors * updating file names and removing comments * remove comments * modularize the arom common code * Adding content and removing tooltip * updating job details screen * updating online copy enabled screen * Adding below changes - Don't show permission screen for same account in offline mode - Don't show identity permissions for same account in online mode - Show error message if selected containers are identical - Update abort signal messages * added feedback code from explorer * Add tooltips and long polling - Added tooltips to permission sections - Implemented long polling for PITR and online copy enabled sections - Long polling automatically stops after 15 minutes - After polling ends, a refresh button will be displayed --------- Co-authored-by: nishthaAhujaa <nishtha17354@iiittd.ac.in>
2026-04-20 05:19:28 +01:00 · 2025-11-05 22:54:00 +05:30
parent 3718f5a16a
commit 2417da152d
78 changed files with 4152 additions and 36 deletions
--- a/src/Utils/arm/RbacUtils.ts
+++ b/src/Utils/arm/RbacUtils.ts
@@ -0,0 +1,115 @@
+import { configContext } from "ConfigContext";
+import { buildArmUrl } from "Utils/arm/armUtils";
+import { armRequest } from "Utils/arm/request";
+import { getCopyJobAuthorizationHeader } from "../CopyJobAuthUtils";
+
+export type FetchAccountDetailsParams = {
+  subscriptionId: string;
+  resourceGroupName: string;
+  accountName: string;
+};
+
+export type RoleAssignmentPropertiesType = {
+  roleDefinitionId: string;
+  principalId: string;
+  scope: string;
+};
+
+export type RoleAssignmentType = {
+  id: string;
+  name: string;
+  properties: RoleAssignmentPropertiesType;
+  type: string;
+};
+
+type RoleDefinitionDataActions = {
+  dataActions: string[];
+};
+
+export type RoleDefinitionType = {
+  assignableScopes: string[];
+  id: string;
+  name: string;
+  permissions: RoleDefinitionDataActions[];
+  resourceGroup: string;
+  roleName: string;
+  type: string;
+  typePropertiesType: string;
+};
+
+const apiVersion = "2025-04-15";
+
+const handleResponse = async (response: Response, context: string) => {
+  if (!response.ok) {
+    const body = await response.text().catch(() => "");
+    throw new Error(`Failed to fetch ${context}. Status: ${response.status}. ${body || ""}`);
+  }
+  return response.json();
+};
+
+export const fetchRoleAssignments = async (
+  subscriptionId: string,
+  resourceGroupName: string,
+  accountName: string,
+  principalId: string,
+): Promise<RoleAssignmentType[]> => {
+  const uri = buildArmUrl(
+    `/subscriptions/${subscriptionId}/resourceGroups/${resourceGroupName}/providers/Microsoft.DocumentDB/databaseAccounts/${accountName}/sqlRoleAssignments`,
+    apiVersion,
+  );
+
+  const response = await fetch(uri, { method: "GET", headers: getCopyJobAuthorizationHeader() });
+  const data = await handleResponse(response, "role assignments");
+
+  return (data.value || []).filter(
+    (assignment: RoleAssignmentType) => assignment?.properties?.principalId === principalId,
+  );
+};
+
+export const fetchRoleDefinitions = async (roleAssignments: RoleAssignmentType[]): Promise<RoleDefinitionType[]> => {
+  const roleDefinitionIds = roleAssignments.map((assignment) => assignment.properties.roleDefinitionId);
+  const uniqueRoleDefinitionIds = Array.from(new Set(roleDefinitionIds));
+
+  const headers = getCopyJobAuthorizationHeader();
+  const roleDefinitionUris = uniqueRoleDefinitionIds.map((id) => buildArmUrl(id, apiVersion));
+
+  const promises = roleDefinitionUris.map((url) => fetch(url, { method: "GET", headers }));
+  const responses = await Promise.all(promises);
+
+  const roleDefinitions = await Promise.all(
+    responses.map((res, i) => handleResponse(res, `role definition ${uniqueRoleDefinitionIds[i]}`)),
+  );
+
+  return roleDefinitions;
+};
+
+export const assignRole = async (
+  subscriptionId: string,
+  resourceGroupName: string,
+  accountName: string,
+  principalId: string,
+): Promise<RoleAssignmentType | null> => {
+  if (!principalId) {
+    return null;
+  }
+  const accountScope = `/subscriptions/${subscriptionId}/resourceGroups/${resourceGroupName}/providers/Microsoft.DocumentDB/databaseAccounts/${accountName}`;
+  const roleDefinitionId = `${accountScope}/sqlRoleDefinitions/00000000-0000-0000-0000-000000000001`;
+  const roleAssignmentName = crypto.randomUUID();
+  const path = `${accountScope}/sqlRoleAssignments/${roleAssignmentName}`;
+
+  const body = {
+    properties: {
+      roleDefinitionId,
+      scope: `${accountScope}/`,
+      principalId,
+    },
+  };
+  const response: RoleAssignmentType = await armRequest({
+    host: configContext.ARM_ENDPOINT,
+    path,
+    method: "PUT",
+    apiVersion,
+    body,
+  });
+  return response;
+};