Make blueprint object optional for blueprint assignment done with an assignment JSON file./n Parse assignment object to determine the assignment type to decide if we should go through the code path of owner role assignment for Blueprint SPN. Only go through the role assignment if the assignment has system assigned identity defined.

Author: Filiz Topatan

src/Blueprint/Blueprint/Cmdlets/BlueprintAssignment/BlueprintAssignmentCmdletBase.cs

@@ -240,5 +240,21 @@ protected void ThrowIfAssignmentNotExist(string scope, string name)
                 throw new Exception(string.Format(Resources.AssignmentNotExist, name, scope));
             }
         }
+
+        /// <summary>
+        /// Checks if an assignment uses user assigned identity.
+        /// </summary>
+        /// <param name="identity"></param>
+        /// <returns></returns>
+        protected bool IsUserAssignedIdentity(ManagedServiceIdentity identity)
+        {
+            if (String.IsNullOrEmpty(identity?.Type))
+            {
+                throw new Exception(Resources.IdentityTypeNotProvided);
+            }
+
+            return identity.Type.Equals(ManagedServiceIdentityType.UserAssigned, StringComparison.OrdinalIgnoreCase);
+
+        }
     }
 }

src/Blueprint/Blueprint/Cmdlets/BlueprintAssignment/NewAzureRMBlueprintAssignment.cs

@@ -38,7 +38,7 @@ public class NewAzureRmBlueprintAssignment : BlueprintAssignmentCmdletBase
         [ValidateNotNullOrEmpty]
         public string Name { get; set; }
 
-        [Parameter(ParameterSetName = ParameterSetNames.CreateBlueprintAssignmentByFile, Mandatory = true, HelpMessage = BlueprintConstants.ParameterHelpMessages.BlueprintObject)]
+        [Parameter(ParameterSetName = ParameterSetNames.CreateBlueprintAssignmentByFile, Mandatory = false, HelpMessage = BlueprintConstants.ParameterHelpMessages.BlueprintObject)]
         [Parameter(ParameterSetName = ParameterSetNames.CreateBlueprintAssignment, Mandatory = true, ValueFromPipeline = true, HelpMessage = BlueprintConstants.ParameterHelpMessages.BlueprintObject)]
         [ValidateNotNull]
         public PSBlueprintBase Blueprint { get; set; }
@@ -151,8 +151,15 @@ public override void ExecuteCmdlet()
                                 // Register Blueprint RP
                                 RegisterBlueprintRp(subscription);
 
-                                if (!this.IsParameterBound(c => c.UserAssignedIdentity))
+                                if (!IsUserAssignedIdentity(assignmentObject.Identity))
                                 {
+                                    // If user assigned identity is defined as the identity in the assignment
+                                    // we consider the user assigned MSI, otherwise system assigned MSI.
+                                    //
+                                    // Assign owner permission to Blueprint SPN only if assignment is being done using
+                                    // System assigned identity.
+                                    // This is a no-op for user assigned identity.
+
                                     var spnObjectId = GetBlueprintSpn(scope, Name);
                                     AssignOwnerPermission(subscription, spnObjectId);
                                 }

src/Blueprint/Blueprint/Properties/Resources.Designer.cs

@@ -159,6 +159,9 @@
   <data name="DeleteBlueprintFolderContentsProcessString" xml:space="preserve">
     <value>Folder '{0}' already exists. This operation will replace contents of the folder with specified blueprint and its artifacts. Would you like to continue?</value>
   </data>
+  <data name="IdentityTypeNotProvided" xml:space="preserve">
+    <value>Can't determine the identity to be used with the assignment. Make sure the assignment file contains Identity property and identity Type property.</value>
+  </data>
   <data name="OverwriteExistingOutputFileContinueMessage" xml:space="preserve">
     <value>Overwriting the output file.</value>
   </data>