Support data plane RBAC

src/Common/Constants.ts

@@ -179,6 +179,9 @@ export class CassandraProxyAPIs {
 export class Queries {
   public static CustomPageOption: string = "custom";
   public static UnlimitedPageOption: string = "unlimited";
+  public static setAutomaticRBACOption: string = "Automatic";
+  public static setTrueRBACOption: string = "True";
+  public static setFalseRBACOption: string = "False";
   public static itemsPerPage: number = 100;
   public static unlimitedItemsPerPage: number = 100; // TODO: Figure out appropriate value so it works for accounts with a large number of partitions
   public static containersPerPage: number = 50;

src/Common/MongoProxyClient.ts

@@ -690,9 +690,16 @@ export function getARMCreateCollectionEndpoint(params: DataModels.MongoParameter
 }
 
 function useMongoProxyEndpoint(api: string): boolean {
-  const activeMongoProxyEndpoints: string[] = [MongoProxyEndpoints.Development, MongoProxyEndpoints.Mpac];
+  const activeMongoProxyEndpoints: string[] = [
+    MongoProxyEndpoints.Development,
+    MongoProxyEndpoints.Mpac,
+    MongoProxyEndpoints.Prod,
+  ];
   let canAccessMongoProxy: boolean = userContext.databaseAccount.properties.publicNetworkAccess === "Enabled";
-  if (userContext.databaseAccount.properties.ipRules?.length > 0) {
+  if (
+    configContext.MONGO_PROXY_ENDPOINT !== MongoProxyEndpoints.Development &&
+    userContext.databaseAccount.properties.ipRules?.length > 0
+  ) {
     canAccessMongoProxy = canAccessMongoProxy && configContext.MONGO_PROXY_OUTBOUND_IPS_ALLOWLISTED;
   }
 

src/Explorer/Panes/SettingsPane/SettingsPane.tsx

@@ -41,6 +41,13 @@ export const SettingsPane: FunctionComponent<{ explorer: Explorer }> = ({
       ? Constants.Queries.UnlimitedPageOption
       : Constants.Queries.CustomPageOption,
   );
+  const [enableDataPlaneRBACOption, setEnableDataPlaneRBACOption] = useState<string>(
+    LocalStorageUtility.getEntryString(StorageKey.DataPlaneRbacEnabled) === Constants.Queries.setAutomaticRBACOption
+      ? Constants.Queries.setAutomaticRBACOption
+      : LocalStorageUtility.getEntryString(StorageKey.DataPlaneRbacEnabled) === Constants.Queries.setTrueRBACOption
+        ? Constants.Queries.setTrueRBACOption
+        : Constants.Queries.setFalseRBACOption
+  );
   const [ruThresholdEnabled, setRUThresholdEnabled] = useState<boolean>(isRUThresholdEnabled());
   const [ruThreshold, setRUThreshold] = useState<number>(getRUThreshold());
   const [queryTimeoutEnabled, setQueryTimeoutEnabled] = useState<boolean>(
@@ -110,7 +117,14 @@ export const SettingsPane: FunctionComponent<{ explorer: Explorer }> = ({
       StorageKey.ActualItemPerPage,
       isCustomPageOptionSelected() ? customItemPerPage : Constants.Queries.unlimitedItemsPerPage,
     );
+
     LocalStorageUtility.setEntryNumber(StorageKey.CustomItemPerPage, customItemPerPage);
+
+    LocalStorageUtility.setEntryString(
+      StorageKey.DataPlaneRbacEnabled,
+      enableDataPlaneRBACOption
+    );
+
     LocalStorageUtility.setEntryBoolean(StorageKey.RUThresholdEnabled, ruThresholdEnabled);
     LocalStorageUtility.setEntryBoolean(StorageKey.QueryTimeoutEnabled, queryTimeoutEnabled);
     LocalStorageUtility.setEntryNumber(StorageKey.RetryAttempts, retryAttempts);
@@ -197,6 +211,12 @@ export const SettingsPane: FunctionComponent<{ explorer: Explorer }> = ({
     { key: Constants.PriorityLevel.High, text: "High" },
   ];
 
+  const dataPlaneRBACOptionsList: IChoiceGroupOption[] = [
+    { key: Constants.Queries.setAutomaticRBACOption, text: "Automatic" },
+    { key: Constants.Queries.setTrueRBACOption, text: "True" },
+    { key: Constants.Queries.setFalseRBACOption, text: "False"}
+  ];
+
   const handleOnPriorityLevelOptionChange = (
     ev: React.FormEvent<HTMLInputElement>,
     option: IChoiceGroupOption,
@@ -208,6 +228,10 @@ export const SettingsPane: FunctionComponent<{ explorer: Explorer }> = ({
     setPageOption(option.key);
   };
 
+  const handleOnDataPlaneRBACOptionChange = (ev: React.FormEvent<HTMLInputElement>, option: IChoiceGroupOption): void => {
+    setEnableDataPlaneRBACOption(option.key);
+  };
+
   const handleOnRUThresholdToggleChange = (ev: React.MouseEvent<HTMLElement>, checked?: boolean): void => {
     setRUThresholdEnabled(checked);
   };
@@ -361,6 +385,27 @@ export const SettingsPane: FunctionComponent<{ explorer: Explorer }> = ({
             </div>
           </div>
         )}
+        {(
+          <div className="settingsSection">
+            <div className="settingsSectionPart">
+              <fieldset>
+                <legend id="enableDataPlaneRBACOptions" className="settingsSectionLabel legendLabel">
+                  Enable DataPlane RBAC
+                </legend>
+                <InfoTooltip>
+                  Choose Automatic to enable DataPlane RBAC automatically. True/False to voluntarily enable/disable DataPlane RBAC
+                </InfoTooltip>
+                <ChoiceGroup
+                  ariaLabelledBy="enableDataPlaneRBACOptions"
+                  selectedKey={enableDataPlaneRBACOption}
+                  options={dataPlaneRBACOptionsList}
+                  styles={choiceButtonStyles}
+                  onChange={handleOnDataPlaneRBACOptionChange}
+                />
+              </fieldset>
+            </div>
+          </div>
+        )}
         {userContext.apiType === "SQL" && (
           <>
             <div className="settingsSection">

src/Explorer/Tables/TableDataClient.ts

@@ -3,6 +3,7 @@ import * as ko from "knockout";
 import Q from "q";
 import { AuthType } from "../../AuthType";
 import * as Constants from "../../Common/Constants";
+import { CassandraProxyAPIs, CassandraProxyEndpoints } from "../../Common/Constants";
 import { handleError } from "../../Common/ErrorHandlingUtils";
 import * as HeadersUtility from "../../Common/HeadersUtility";
 import { createDocument } from "../../Common/dataAccess/createDocument";
@@ -19,7 +20,6 @@ import Explorer from "../Explorer";
 import * as TableConstants from "./Constants";
 import * as Entities from "./Entities";
 import * as TableEntityProcessor from "./TableEntityProcessor";
-import { CassandraProxyAPIs, CassandraProxyEndpoints } from "../../Common/Constants";
 
 export interface CassandraTableKeys {
   partitionKeys: CassandraTableKey[];
@@ -732,9 +732,15 @@ export class CassandraAPIDataClient extends TableDataClient {
   }
 
   private useCassandraProxyEndpoint(api: string): boolean {
-    const activeCassandraProxyEndpoints: string[] = [CassandraProxyEndpoints.Development, CassandraProxyEndpoints.Mpac];
+    const activeCassandraProxyEndpoints: string[] = [
+      CassandraProxyEndpoints.Mpac,
+      CassandraProxyEndpoints.Prod,
+    ];
     let canAccessCassandraProxy: boolean = userContext.databaseAccount.properties.publicNetworkAccess === "Enabled";
-    if (userContext.databaseAccount.properties.ipRules?.length > 0) {
+    if (
+      configContext.CASSANDRA_PROXY_ENDPOINT !== CassandraProxyEndpoints.Development &&
+      userContext.databaseAccount.properties.ipRules?.length > 0
+    ) {
       canAccessCassandraProxy = canAccessCassandraProxy && configContext.CASSANDRA_PROXY_OUTBOUND_IPS_ALLOWLISTED;
     }
 

src/Explorer/Tabs/Tabs.tsx

@@ -324,7 +324,12 @@ const getReactTabContent = (activeReactTab: ReactTabKind, explorer: Explorer): J
 
 const showMongoAndCassandraProxiesNetworkSettingsWarning = (): boolean => {
   const ipRules: IpRule[] = userContext.databaseAccount?.properties?.ipRules;
-  if ((userContext.apiType === "Mongo" || userContext.apiType === "Cassandra") && ipRules?.length) {
+  if (
+    ((userContext.apiType === "Mongo" && configContext.MONGO_PROXY_ENDPOINT !== MongoProxyEndpoints.Development) ||
+      (userContext.apiType === "Cassandra" &&
+        configContext.CASSANDRA_PROXY_ENDPOINT !== CassandraProxyEndpoints.Development)) &&
+    ipRules?.length
+  ) {
     const legacyPortalBackendIPs: string[] = PortalBackendIPs[configContext.BACKEND_ENDPOINT];
     const ipAddressesFromIPRules: string[] = ipRules.map((ipRule) => ipRule.ipAddressOrRange);
     const ipRulesIncludeLegacyPortalBackend: boolean = legacyPortalBackendIPs.every((legacyPortalBackendIP: string) =>

src/Platform/Hosted/extractFeatures.ts

@@ -14,6 +14,7 @@ export type Features = {
   readonly enableTtl: boolean;
   readonly executeSproc: boolean;
   readonly enableAadDataPlane: boolean;
+  readonly enableDataPlaneRbac: boolean;
   readonly enableResourceGraph: boolean;
   readonly enableKoResourceTree: boolean;
   readonly hostedDataExplorer: boolean;
@@ -74,6 +75,7 @@ export function extractFeatures(given = new URLSearchParams(window.location.sear
     canExceedMaximumValue: "true" === get("canexceedmaximumvalue"),
     cosmosdb: "true" === get("cosmosdb"),
     enableAadDataPlane: "true" === get("enableaaddataplane"),
+    enableDataPlaneRbac: "true" === get("enabledataplanerbac"),
     enableResourceGraph: "true" === get("enableresourcegraph"),
     enableChangeFeedPolicy: "true" === get("enablechangefeedpolicy"),
     enableFixedCollectionWithSharedThroughput: "true" === get("enablefixedcollectionwithsharedthroughput"),

src/Shared/StorageUtility.ts

@@ -5,6 +5,9 @@ import * as StringUtility from "./StringUtility";
 export { LocalStorageUtility, SessionStorageUtility };
 export enum StorageKey {
   ActualItemPerPage,
+  DataPlaneRbacEnabled,
+  DataPlaneRbacDisabled,
+  isDataPlaneRbacAutomatic,
   RUThresholdEnabled,
   RUThreshold,
   QueryTimeoutEnabled,

src/UserContext.ts

@@ -101,6 +101,7 @@ interface UserContext {
   sampleDataConnectionInfo?: ParsedResourceTokenConnectionString;
   readonly vcoreMongoConnectionParams?: VCoreMongoConnectionParams;
   readonly feedbackPolicies?: AdminFeedbackPolicySettings;
+  readonly dataPlaneRbacEnabled?: boolean;
 }
 
 export type ApiType = "SQL" | "Mongo" | "Gremlin" | "Tables" | "Cassandra" | "Postgres" | "VCoreMongo";

src/hooks/useKnockoutExplorer.ts

@@ -4,6 +4,7 @@ import { FABRIC_RPC_VERSION, FabricMessageV2 } from "Contracts/FabricMessagesCon
 import Explorer from "Explorer/Explorer";
 import { useSelectedNode } from "Explorer/useSelectedNode";
 import { scheduleRefreshDatabaseResourceToken } from "Platform/Fabric/FabricUtil";
+import { LocalStorageUtility, StorageKey } from "Shared/StorageUtility";
 import { getNetworkSettingsWarningMessage } from "Utils/NetworkUtility";
 import { logConsoleError } from "Utils/NotificationConsoleUtils";
 import { useQueryCopilot } from "hooks/useQueryCopilot";
@@ -270,9 +271,31 @@ async function configureHostedWithAAD(config: AAD): Promise<Explorer> {
     }
   }
   try {
+    if(LocalStorageUtility.hasItem(StorageKey.DataPlaneRbacEnabled)) {
+      var isDataPlaneRbacSetting = LocalStorageUtility.getEntryString(StorageKey.DataPlaneRbacEnabled);
+        if (isDataPlaneRbacSetting == "Automatic")
+        {
           if (!account.properties.disableLocalAuth) {
             keys = await listKeys(subscriptionId, resourceGroup, account.name);
           }
+          else {
+            updateUserContext({
+              dataPlaneRbacEnabled: true
+            });
+          }
+        }
+        else if(isDataPlaneRbacSetting == "True") {
+          updateUserContext({
+            dataPlaneRbacEnabled: true
+          });
+        }
+        else {
+          keys = await listKeys(subscriptionId, resourceGroup, account.name);
+          updateUserContext({
+            dataPlaneRbacEnabled: false
+          });
+        }
+    }
   } catch (e) {
     if (userContext.features.enableAadDataPlane) {
       console.warn(e);
@@ -393,8 +416,9 @@ async function configurePortal(): Promise<Explorer> {
   updateUserContext({
     authType: AuthType.AAD,
   });
+  
   let explorer: Explorer;
-  return new Promise((resolve) => {
+  return new Promise(async (resolve) => {
     // In development mode, try to load the iframe message from session storage.
     // This allows webpack hot reload to function properly in the portal
     if (process.env.NODE_ENV === "development" && !window.location.search.includes("disablePortalInitCache")) {
@@ -407,6 +431,7 @@ async function configurePortal(): Promise<Explorer> {
         console.dir(message);
         updateContextsFromPortalMessage(message);
         explorer = new Explorer();
+
         // In development mode, save the iframe message from the portal in session storage.
         // This allows webpack hot reload to funciton properly
         if (process.env.NODE_ENV === "development") {
@@ -419,7 +444,7 @@ async function configurePortal(): Promise<Explorer> {
     // In the Portal, configuration of Explorer happens via iframe message
     window.addEventListener(
       "message",
-      (event) => {
+      async (event) => {
         if (isInvalidParentFrameOrigin(event)) {
           return;
         }
@@ -449,6 +474,37 @@ async function configurePortal(): Promise<Explorer> {
             setTimeout(() => explorer.openNPSSurveyDialog(), 3000);
           }
 
+          let dbAccount = userContext.databaseAccount;
+          let keys: DatabaseAccountListKeysResult = {};
+          const account = userContext.databaseAccount;
+          const subscriptionId = userContext.subscriptionId;
+          const resourceGroup = userContext.resourceGroup;
+          if(LocalStorageUtility.hasItem(StorageKey.DataPlaneRbacEnabled)) {
+            var isDataPlaneRbacSetting = LocalStorageUtility.getEntryString(StorageKey.DataPlaneRbacEnabled);
+              if (isDataPlaneRbacSetting == "Automatic")
+              {
+                if (!account.properties.disableLocalAuth) {
+                  keys = await listKeys(subscriptionId, resourceGroup, account.name);
+                }
+                else {
+                  updateUserContext({
+                    dataPlaneRbacEnabled: true
+                  });
+                }
+              }
+              else if(isDataPlaneRbacSetting == "True") {
+                updateUserContext({
+                  dataPlaneRbacEnabled: true
+                });
+              }
+              else {
+                keys = await listKeys(subscriptionId, resourceGroup, account.name);
+                updateUserContext({
+                  dataPlaneRbacEnabled: false
+                });
+              }
+          }
+            
           if (openAction) {
             handleOpenAction(openAction, useDatabases.getState().databases, explorer);
           }
@@ -471,7 +527,9 @@ async function configurePortal(): Promise<Explorer> {
     );
     
     sendReadyMessage();
+
   });
+
 }
 
 function shouldForwardMessage(message: PortalMessage, messageOrigin: string) {