update RA calls with new version

Author: darshanhs90

src/ResourceManager/Resources/ChangeLog.md

@@ -24,6 +24,8 @@
     - Users can now use Set-AzureRMRoleRoleDefinition with assignable scopes including new scopes irrespective of the position of the scope
 * Allow scopes to end with "/"
     - Users can now use RoleDefinition and RoleAssignment commandlets with scopes ending with "/" ,consistent with API and CLI
+* Allow users to create RoleAssignment using delegation flag
+    - Users can now use New-AzureRMRoleAssignment with an option of adding the delegation flag
 
 ## Version 5.0.0
 * Add support for online help

src/ResourceManager/Resources/Commands.Resources.Test/packages.config

@@ -8,6 +8,7 @@
   <package id="Microsoft.Azure.Insights" version="0.10.0-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.KeyVault.Core" version="1.0.0" targetFramework="net45" />  
   <package id="Microsoft.Azure.Management.ResourceManager" version="1.6.0-preview" targetFramework="net452" />
+  <package id="Microsoft.Azure.Management.Authorization" version="2.6.0-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.Management.Resources" version="2.20.0-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.Test.Framework" version="1.0.6179.26854-prerelease" targetFramework="net45" />
   <package id="Microsoft.Azure.Test.HttpRecorder" version="1.6.7-preview" targetFramework="net45" />

src/ResourceManager/Resources/Commands.Resources/Commands.Resources.Netcore.csproj

@@ -28,7 +28,7 @@
   <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp2.0' ">
     <PackageReference Include="Microsoft.Azure.Management.ResourceManager" Version="1.6.0-preview" />
     <PackageReference Include="Microsoft.Azure.Graph.RBAC" Version="3.4.0-preview" />
-    <PackageReference Include="Microsoft.Azure.Management.Authorization" Version="2.5.0-preview" />
+    <PackageReference Include="Microsoft.Azure.Management.Authorization" Version="2.6.0-preview" />
     <PackageReference Include="System.Collections.Specialized" Version="4.3.0" />
     <PackageReference Include="System.Reflection" Version="4.3.0" />
     <PackageReference Include="System.Security.SecureString" Version="4.3.0" />

src/ResourceManager/Resources/Commands.Resources/Commands.Resources.csproj

@@ -54,6 +54,9 @@
     <Reference Include="Microsoft.Azure.ResourceManager, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <HintPath>..\..\..\packages\Microsoft.Azure.Management.Resources.2.20.0-preview\lib\net40\Microsoft.Azure.ResourceManager.dll</HintPath>
     </Reference>
+    <Reference Include="Microsoft.Azure.Management.Authorization, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\..\..\packages\Microsoft.Azure.Management.Authorization.2.6.0-preview\lib\net452\Microsoft.Azure.Management.Authorization.dll</HintPath>
+    </Reference>
     <Reference Include="System.Management.Automation, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL" />
   </ItemGroup>
   <ItemGroup>
@@ -144,10 +147,10 @@
       <Project>{70527617-7598-4aef-b5bd-db9186b8184b}</Project>
       <Name>Commands.Common.Authentication.Abstractions</Name>
     </ProjectReference>
-    <ProjectReference Include="..\..\..\Common\Commands.Common.Authorization\Commands.Common.Authorization.csproj">
+<!--    <ProjectReference Include="..\..\..\Common\Commands.Common.Authorization\Commands.Common.Authorization.csproj">
       <Project>{24508e26-154d-47f1-80ee-439bf0710996}</Project>
       <Name>Commands.Common.Authorization</Name>
-    </ProjectReference>
+    </ProjectReference>-->
     <ProjectReference Include="..\..\..\Common\Commands.Common.Graph.RBAC\Commands.Common.Graph.RBAC.csproj">
       <Project>{269acf73-0a34-42dc-ab9c-4b15931a489d}</Project>
       <Name>Commands.Common.Graph.RBAC</Name>

src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClient.cs

@@ -17,8 +17,8 @@
 using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
 using Microsoft.Azure.Commands.Common.Authentication.Models;
 using Microsoft.Azure.Graph.RBAC.Version1_6.ActiveDirectory;
-using Microsoft.Azure.Management.Authorization.Version2015_07_01;
-using Microsoft.Azure.Management.Authorization.Version2015_07_01.Models;
+using Microsoft.Azure.Management.Authorization;
+using Microsoft.Azure.Management.Authorization.Models;
 using System;
 using System.Collections.Generic;
 using System.Linq;
@@ -152,7 +152,7 @@ public List<PSRoleDefinition> FilterRoleDefinitionsByCustom(string scope, bool s
             List<PSRoleDefinition> result = new List<PSRoleDefinition>();
             result.AddRange(AuthorizationManagementClient.RoleDefinitions.List(
                     scope, scopeAndBelow ? new Rest.Azure.OData.ODataQuery<RoleDefinitionFilter>(filter => filter.AtScopeAndBelow()) : null)
-                .Where(r => r.Properties.Type == AuthorizationClientExtensions.CustomRole)
+                .Where(r => r.RoleType == AuthorizationClientExtensions.CustomRole)
                 .Select(r => r.ToPSRoleDefinition()));
             return result;
         }
@@ -170,12 +170,12 @@ public PSRoleAssignment CreateRoleAssignment(FilterRoleAssignmentsOptions parame
             string roleDefinitionId = !string.IsNullOrEmpty(parameters.RoleDefinitionName)
                 ? AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, GetSingleRoleDefinitionByName(parameters.RoleDefinitionName, scope).Id)
                 : AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, parameters.RoleDefinitionId);
-            var createProperties = new RoleAssignmentProperties
+            var createParameters = new RoleAssignmentCreateParameters
             {
                 PrincipalId = principalId.ToString(),
-                RoleDefinitionId = roleDefinitionId
+                RoleDefinitionId = roleDefinitionId,
+                CanDelegate = parameters.CanDelegate
             };
-            var createParameters = new RoleAssignmentCreateParameters(createProperties);
 
             RoleAssignment assignment = AuthorizationManagementClient.RoleAssignments.Create(
                 parameters.Scope, roleAssignmentId.ToString(), createParameters);
@@ -473,22 +473,18 @@ private PSRoleDefinition CreateOrUpdateRoleDefinition(Guid roleDefinitionId, PSR
             PSRoleDefinition roleDef = null;
             var parameters = new RoleDefinition()
             {
-                Name = roleDefinitionId.ToString(),
-                Properties = new RoleDefinitionProperties()
-                {
-                    AssignableScopes = roleDefinition.AssignableScopes,
-                    Description = roleDefinition.Description,
-                    Permissions = new List<Permission>()
+                AssignableScopes = roleDefinition.AssignableScopes,
+                Description = roleDefinition.Description,
+                Permissions = new List<Permission>()
+                    {
+                        new Permission()
                         {
-                            new Permission()
-                            {
-                                Actions = roleDefinition.Actions,
-                                NotActions = roleDefinition.NotActions
-                            }
-                        },
-                    RoleName = roleDefinition.Name,
-                    Type = "CustomRole"
-                }
+                            Actions = roleDefinition.Actions,
+                            NotActions = roleDefinition.NotActions
+                        }
+                    },
+                RoleName = roleDefinition.Name,
+                RoleType = "CustomRole"
             };
 
             try

src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClientExtensions.cs

@@ -14,7 +14,7 @@
 
 using Hyak.Common;
 using Microsoft.Azure.Graph.RBAC.Version1_6.ActiveDirectory;
-using Microsoft.Azure.Management.Authorization.Version2015_07_01.Models;
+using Microsoft.Azure.Management.Authorization.Models;
 using System;
 using System.Collections.Generic;
 using System.Linq;
@@ -30,7 +30,7 @@ public static IEnumerable<RoleAssignment> FilterRoleAssignmentsOnRoleId(this IEn
         {
             if (!string.IsNullOrEmpty(roleId))
             {
-                return assignments.Where(a => a.Properties.RoleDefinitionId.GuidFromFullyQualifiedId() == roleId);
+                return assignments.Where(a => a.RoleDefinitionId.GuidFromFullyQualifiedId() == roleId);
             }
 
             return assignments;
@@ -44,13 +44,13 @@ public static PSRoleDefinition ToPSRoleDefinition(this RoleDefinition role)
             {
                 roleDefinition = new PSRoleDefinition
                 {
-                    Name = role.Properties.RoleName,
-                    Actions = new List<string>(role.Properties.Permissions.SelectMany(r => r.Actions)),
-                    NotActions = new List<string>(role.Properties.Permissions.SelectMany(r => r.NotActions)),
+                    Name = role.RoleName,
+                    Actions = new List<string>(role.Permissions.SelectMany(r => r.Actions)),
+                    NotActions = new List<string>(role.Permissions.SelectMany(r => r.NotActions)),
                     Id = role.Id.GuidFromFullyQualifiedId(),
-                    AssignableScopes = role.Properties.AssignableScopes.ToList(),
-                    Description = role.Properties.Description,
-                    IsCustom = role.Properties.Type == CustomRole ? true : false
+                    AssignableScopes = role.AssignableScopes.ToList(),
+                    Description = role.Description,
+                    IsCustom = role.RoleType == CustomRole ? true : false
                 };
             }
 
@@ -63,7 +63,7 @@ public static PSRoleAssignment ToPSRoleAssignment(this RoleAssignment assignment
 
             try
             {
-                roleDefinitions = new List<PSRoleDefinition> { policyClient.GetRoleDefinition(assignment.Properties.RoleDefinitionId) };
+                roleDefinitions = new List<PSRoleDefinition> { policyClient.GetRoleDefinition(assignment.RoleDefinitionId) };
             }
             catch (CloudException ce)
             {
@@ -116,17 +116,17 @@ private static IEnumerable<PSRoleAssignment> ToPSRoleAssignments(this IEnumerabl
             }
 
             List<string> objectIds = new List<string>();
-            objectIds.AddRange(assignments.Select(r => r.Properties.PrincipalId.ToString()));
+            objectIds.AddRange(assignments.Select(r => r.PrincipalId.ToString()));
             List<PSADObject> adObjects = activeDirectoryClient.GetObjectsByObjectId(objectIds);
 
             foreach (RoleAssignment assignment in assignments)
             {
-                assignment.Properties.RoleDefinitionId = assignment.Properties.RoleDefinitionId.GuidFromFullyQualifiedId();
-                PSADObject adObject = adObjects.SingleOrDefault(o => o.Id == Guid.Parse(assignment.Properties.PrincipalId)) ??
-                    new PSADObject() { Id = Guid.Parse(assignment.Properties.PrincipalId) };
-                PSRoleDefinition roleDefinition = roleDefinitions.SingleOrDefault(r => r.Id == assignment.Properties.RoleDefinitionId) ?? 
-                    new PSRoleDefinition() { Id = assignment.Properties.RoleDefinitionId };
-
+                assignment.RoleDefinitionId = assignment.RoleDefinitionId.GuidFromFullyQualifiedId();
+                PSADObject adObject = adObjects.SingleOrDefault(o => o.Id == Guid.Parse(assignment.PrincipalId)) ??
+                    new PSADObject() { Id = Guid.Parse(assignment.PrincipalId) };
+                PSRoleDefinition roleDefinition = roleDefinitions.SingleOrDefault(r => r.Id == assignment.RoleDefinitionId) ?? 
+                    new PSRoleDefinition() { Id = assignment.RoleDefinitionId };
+                bool delegationFlag = assignment.CanDelegate.HasValue ? (bool)assignment.CanDelegate : false;
                 if (adObject is PSADUser)
                 {
                     psAssignments.Add(new PSRoleAssignment()
@@ -135,10 +135,11 @@ private static IEnumerable<PSRoleAssignment> ToPSRoleAssignments(this IEnumerabl
                         DisplayName = adObject.DisplayName,
                         RoleDefinitionId = roleDefinition.Id,
                         RoleDefinitionName = roleDefinition.Name,
-                        Scope = assignment.Properties.Scope,
+                        Scope = assignment.Scope,
                         SignInName = ((PSADUser)adObject).UserPrincipalName,
                         ObjectId = adObject.Id,
-                        ObjectType = adObject.Type
+                        ObjectType = adObject.Type,
+                        CanDelegate = delegationFlag
                     });
                 }
                 else if (adObject is PSADGroup)
@@ -149,9 +150,10 @@ private static IEnumerable<PSRoleAssignment> ToPSRoleAssignments(this IEnumerabl
                         DisplayName = adObject.DisplayName,
                         RoleDefinitionId = roleDefinition.Id,
                         RoleDefinitionName = roleDefinition.Name,
-                        Scope = assignment.Properties.Scope,
+                        Scope = assignment.Scope,
                         ObjectId = adObject.Id,
-                        ObjectType = adObject.Type
+                        ObjectType = adObject.Type,
+                        CanDelegate = delegationFlag
                     });
                 }
                 else if (adObject is PSADServicePrincipal)
@@ -162,9 +164,10 @@ private static IEnumerable<PSRoleAssignment> ToPSRoleAssignments(this IEnumerabl
                         DisplayName = adObject.DisplayName,
                         RoleDefinitionId = roleDefinition.Id,
                         RoleDefinitionName = roleDefinition.Name,
-                        Scope = assignment.Properties.Scope,
+                        Scope = assignment.Scope,
                         ObjectId = adObject.Id,
-                        ObjectType = adObject.Type
+                        ObjectType = adObject.Type,
+                        CanDelegate = delegationFlag
                     });
                 }
                 else if (!excludeAssignmentsForDeletedPrincipals)
@@ -175,8 +178,9 @@ private static IEnumerable<PSRoleAssignment> ToPSRoleAssignments(this IEnumerabl
                         DisplayName = adObject.DisplayName,
                         RoleDefinitionId = roleDefinition.Id,
                         RoleDefinitionName = roleDefinition.Name,
-                        Scope = assignment.Properties.Scope,
+                        Scope = assignment.Scope,
                         ObjectId = adObject.Id,
+                        CanDelegate = delegationFlag
                     });
                 }
 
@@ -190,9 +194,9 @@ public static PSRoleAssignment ToPSRoleAssignment(this ClassicAdministrator clas
         {
             return new PSRoleAssignment()
             {
-                RoleDefinitionName = classicAdministrator.Properties.Role,
-                DisplayName = classicAdministrator.Properties.EmailAddress,
-                SignInName = classicAdministrator.Properties.EmailAddress,
+                RoleDefinitionName = classicAdministrator.Role,
+                DisplayName = classicAdministrator.EmailAddress,
+                SignInName = classicAdministrator.EmailAddress,
                 Scope = AuthorizationHelper.GetSubscriptionScope(currentSubscriptionId),
                 ObjectType = "User"
             };

src/ResourceManager/Resources/Commands.Resources/Models.Authorization/FilterRoleAssignmentsOptions.cs

@@ -60,5 +60,7 @@ public string Scope
         public bool IncludeClassicAdministrators { get; set; }
 
         public bool ExcludeAssignmentsForDeletedPrincipals { get; set; }
+
+        public bool CanDelegate { get; set; }
     }
 }

src/ResourceManager/Resources/Commands.Resources/Models.Authorization/PSRoleAssignment.cs

@@ -33,5 +33,7 @@ public class PSRoleAssignment
         public Guid ObjectId { get; set; }
 
         public string ObjectType { get; set; }
+
+        public bool CanDelegate { get; set; }
     }
 }

src/ResourceManager/Resources/Commands.Resources/Models.ResourceGroups/ResourceClient.cs

@@ -19,8 +19,8 @@
 using Microsoft.Azure.Commands.ResourceManager.Cmdlets.Components;
 using Microsoft.Azure.Commands.ResourceManager.Cmdlets.Utilities;
 using Microsoft.Azure.Commands.Resources.Models.Authorization;
-using Microsoft.Azure.Management.Authorization.Version2015_07_01;
-using Microsoft.Azure.Management.Authorization.Version2015_07_01.Models;
+using Microsoft.Azure.Management.Authorization;
+using Microsoft.Azure.Management.Authorization.Models;
 using Microsoft.WindowsAzure.Commands.Utilities.Common;
 using Newtonsoft.Json;
 using System;

src/ResourceManager/Resources/Commands.Resources/Models.ResourceGroups/ResourcesExtensions.cs

@@ -21,7 +21,7 @@
 using Microsoft.Azure.Commands.Common.Authentication;
 using Microsoft.Azure.Commands.ResourceManager.Common.Tags;
 using Microsoft.Azure.Commands.Resources.Models.Authorization;
-using Microsoft.Azure.Management.Authorization.Version2015_07_01.Models;
+using Microsoft.Azure.Management.Authorization.Models;
 using Microsoft.WindowsAzure.Commands.Utilities.Common;
 using Newtonsoft.Json;
 using Microsoft.WindowsAzure.Commands.Common;

src/ResourceManager/Resources/Commands.Resources/Providers/GetAzureProviderOperationCmdlet.cs

@@ -22,7 +22,7 @@ namespace Microsoft.Azure.Commands.Resources
     using ProjectResources = Microsoft.Azure.Commands.Resources.Properties.Resources;
     using Microsoft.Azure.Management.ResourceManager;
     using Microsoft.Azure.Management.ResourceManager.Models;
-    using Microsoft.Azure.Management.Authorization.Version2015_07_01.Models;
+    using Microsoft.Azure.Management.Authorization.Models;
 
     /// <summary>
     /// Get an existing resource.

src/ResourceManager/Resources/Commands.Resources/RoleAssignments/NewAzureRoleAssignmentCommand.cs

@@ -146,6 +146,29 @@ public class NewAzureRoleAssignmentCommand : ResourcesBaseCmdlet
         [ValidateGuidNotEmpty]
         public Guid RoleDefinitionId { get; set; }
 
+        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Empty,
+            HelpMessage = "Delegation flag.")]
+        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithObjectId,
+            HelpMessage = "Delegation flag.")]
+        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithSignInName,
+            HelpMessage = "Delegation flag.")]
+        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithSPN,
+            HelpMessage = "Delegation flag.")]
+        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithObjectId,
+            HelpMessage = "Delegation flag.")]
+        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithObjectId,
+            HelpMessage = "Delegation flag.")]
+        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithSignInName,
+            HelpMessage = "Delegation flag.")]
+        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSignInName,
+            HelpMessage = "Delegation flag.")]
+        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithSPN,
+            HelpMessage = "Delegation flag.")]
+        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSPN,
+            HelpMessage = "Delegation flag.")]
+        [ValidateNotNullOrEmpty]
+        public bool CanDelegate { get; set; }
+
         public override void ExecuteCmdlet()
         {
             FilterRoleAssignmentsOptions parameters = new FilterRoleAssignmentsOptions()
@@ -166,7 +189,8 @@ public override void ExecuteCmdlet()
                     ResourceName = ResourceName,
                     ResourceType = ResourceType,
                     Subscription = DefaultProfile.DefaultContext.Subscription.Id.ToString(),
-                }
+                },
+                CanDelegate = CanDelegate
             };
 
             AuthorizationClient.ValidateScope(parameters.Scope, false);