Merge pull request #10215 from filizt/BugFixUserAssingedIdentity

[Blueprint] A fix related to blueprint assignment with user assigned identity

Author: wyunchi-ms

src/Blueprint/Blueprint/Cmdlets/BlueprintAssignment/BlueprintAssignmentCmdletBase.cs

@@ -240,5 +240,21 @@ protected void ThrowIfAssignmentNotExist(string scope, string name)
                 throw new Exception(string.Format(Resources.AssignmentNotExist, name, scope));
             }
         }
+
+        /// <summary>
+        /// Checks if an assignment uses user assigned identity.
+        /// </summary>
+        /// <param name="identity"></param>
+        /// <returns></returns>
+        protected bool IsUserAssignedIdentity(ManagedServiceIdentity identity)
+        {
+            if (String.IsNullOrEmpty(identity?.Type))
+            {
+                throw new Exception(Resources.IdentityTypeNotProvided);
+            }
+
+            return identity.Type.Equals(ManagedServiceIdentityType.UserAssigned, StringComparison.OrdinalIgnoreCase);
+
+        }
     }
 }

src/Blueprint/Blueprint/Cmdlets/BlueprintAssignment/NewAzureRMBlueprintAssignment.cs

@@ -38,7 +38,7 @@ public class NewAzureRmBlueprintAssignment : BlueprintAssignmentCmdletBase
         [ValidateNotNullOrEmpty]
         public string Name { get; set; }
 
-        [Parameter(ParameterSetName = ParameterSetNames.CreateBlueprintAssignmentByFile, Mandatory = true, HelpMessage = BlueprintConstants.ParameterHelpMessages.BlueprintObject)]
+        [Parameter(ParameterSetName = ParameterSetNames.CreateBlueprintAssignmentByFile, Mandatory = false, HelpMessage = BlueprintConstants.ParameterHelpMessages.BlueprintObject)]
         [Parameter(ParameterSetName = ParameterSetNames.CreateBlueprintAssignment, Mandatory = true, ValueFromPipeline = true, HelpMessage = BlueprintConstants.ParameterHelpMessages.BlueprintObject)]
         [ValidateNotNull]
         public PSBlueprintBase Blueprint { get; set; }
@@ -151,8 +151,15 @@ public override void ExecuteCmdlet()
                                 // Register Blueprint RP
                                 RegisterBlueprintRp(subscription);
 
-                                if (!this.IsParameterBound(c => c.UserAssignedIdentity))
+                                if (!IsUserAssignedIdentity(assignmentObject.Identity))
                                 {
+                                    // If user assigned identity is defined as the identity in the assignment
+                                    // we consider the user assigned MSI, otherwise system assigned MSI.
+                                    //
+                                    // Assign owner permission to Blueprint SPN only if assignment is being done using
+                                    // System assigned identity.
+                                    // This is a no-op for user assigned identity.
+
                                     var spnObjectId = GetBlueprintSpn(scope, Name);
                                     AssignOwnerPermission(subscription, spnObjectId);
                                 }

src/Blueprint/Blueprint/Properties/Resources.Designer.cs

@@ -159,6 +159,9 @@
   <data name="DeleteBlueprintFolderContentsProcessString" xml:space="preserve">
     <value>Folder '{0}' already exists. This operation will replace contents of the folder with specified blueprint and its artifacts. Would you like to continue?</value>
   </data>
+  <data name="IdentityTypeNotProvided" xml:space="preserve">
+    <value>Can't determine the identity to be used with the assignment. Make sure the assignment file contains Identity property and identity Type property.</value>
+  </data>
   <data name="OverwriteExistingOutputFileContinueMessage" xml:space="preserve">
     <value>Overwriting the output file.</value>
   </data>