Merge pull request Azure#909 from shuagarw/BugFixFilterDeletedRA

ogail · ogail · commit 6c61e03f7169 · 2015-09-15T11:33:54.000-07:00
Bug Fixes in Get-AzureRMRoleAssignment and Delete-AzureRMRoleAssignment
diff --git a/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClient.cs b/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClient.cs
@@ -140,25 +140,25 @@ public List<PSRoleAssignment> FilterRoleAssignments(FilterRoleAssignmentsOptions
                 // Filter first by principal
                 parameters.PrincipalId = string.IsNullOrEmpty(options.ADObjectFilter.Id) ? ActiveDirectoryClient.GetObjectId(options.ADObjectFilter) : Guid.Parse(options.ADObjectFilter.Id);
                 result.AddRange(AuthorizationManagementClient.RoleAssignments.List(parameters)
-                    .RoleAssignments.Select(r => r.ToPSRoleAssignment(this, ActiveDirectoryClient)));
+                    .RoleAssignments.Select(r => r.ToPSRoleAssignment(this, ActiveDirectoryClient, options.ExcludeAssignmentsForDeletedPrincipals)).Where(r => r != null));
 
                 // Filter out by scope
                 if (!string.IsNullOrEmpty(options.Scope))
                 {
-                    result.RemoveAll(r => !options.Scope.StartsWith(r.Scope, StringComparison.InvariantCultureIgnoreCase));                    
+                    result.RemoveAll(r => !options.Scope.StartsWith(r.Scope, StringComparison.InvariantCultureIgnoreCase));
                 }
             }
             else if (!string.IsNullOrEmpty(options.Scope))
             {
                 // Filter by scope and above directly
                 parameters.AtScope = true;
                 result.AddRange(AuthorizationManagementClient.RoleAssignments.ListForScope(options.Scope, parameters)
-                    .RoleAssignments.Select(r => r.ToPSRoleAssignment(this, ActiveDirectoryClient)));
+                    .RoleAssignments.Select(r => r.ToPSRoleAssignment(this, ActiveDirectoryClient, options.ExcludeAssignmentsForDeletedPrincipals)).Where(r => r != null));
             }
             else
             {
                 result.AddRange(AuthorizationManagementClient.RoleAssignments.List(parameters)
-                    .RoleAssignments.Select(r => r.ToPSRoleAssignment(this, ActiveDirectoryClient)));
+                    .RoleAssignments.Select(r => r.ToPSRoleAssignment(this, ActiveDirectoryClient, options.ExcludeAssignmentsForDeletedPrincipals)).Where(r => r != null));
             }
 
             if (!string.IsNullOrEmpty(options.RoleDefinition))
@@ -176,7 +176,10 @@ public List<PSRoleAssignment> FilterRoleAssignments(FilterRoleAssignmentsOptions
         /// <returns>The deleted role assignments</returns>
         public PSRoleAssignment RemoveRoleAssignment(FilterRoleAssignmentsOptions options)
         {
-            PSRoleAssignment roleAssignment = FilterRoleAssignments(options).FirstOrDefault();
+            // Match role assignments at exact scope. At most 1 roleAssignment should match the criteria
+            PSRoleAssignment roleAssignment = FilterRoleAssignments(options)
+                                                .Where(ra => ra.Scope == options.Scope.TrimEnd('/'))
+                                                .FirstOrDefault();
 
             if (roleAssignment != null)
             {
diff --git a/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClientExtensions.cs b/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClientExtensions.cs
@@ -44,7 +44,7 @@ public static PSRoleDefinition ToPSRoleDefinition(this RoleDefinition role)
             return roleDefinition;
         }
 
-        public static PSRoleAssignment ToPSRoleAssignment(this RoleAssignment role, AuthorizationClient policyClient, ActiveDirectoryClient activeDirectoryClient)
+        public static PSRoleAssignment ToPSRoleAssignment(this RoleAssignment role, AuthorizationClient policyClient, ActiveDirectoryClient activeDirectoryClient, bool excludeAssignmentsForDeletedPrincipals = true)
         {
             PSRoleDefinition roleDefinition = policyClient.GetRoleDefinition(role.Properties.RoleDefinitionId);
             PSADObject adObject = activeDirectoryClient.GetADObject(new ADObjectFilterOptions { Id = role.Properties.PrincipalId.ToString() }) ?? new PSADObject() { Id = role.Properties.PrincipalId };
@@ -92,7 +92,7 @@ public static PSRoleAssignment ToPSRoleAssignment(this RoleAssignment role, Auth
                     ObjectId = adObject.Id
                 };
             }
-            else
+            else if (!excludeAssignmentsForDeletedPrincipals)
             {
                 return new PSRoleAssignment()
                 {
@@ -105,6 +105,8 @@ public static PSRoleAssignment ToPSRoleAssignment(this RoleAssignment role, Auth
                     ObjectId = adObject.Id
                 };
             }
+
+            return null;
         }
     }
 }
diff --git a/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/FilterRoleAssignmentsOptions.cs b/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/FilterRoleAssignmentsOptions.cs
@@ -53,5 +53,7 @@ public string Scope
         public ResourceIdentifier ResourceIdentifier { get; set; }
 
         public ADObjectFilterOptions ADObjectFilter { get; set; }
+
+        public bool ExcludeAssignmentsForDeletedPrincipals { get; set; }
     }
 }
diff --git a/src/ResourceManager/Resources/Commands.Resources/RoleAssignments/GetAzureRoleAssignmentCommand.cs b/src/ResourceManager/Resources/Commands.Resources/RoleAssignments/GetAzureRoleAssignmentCommand.cs
@@ -212,10 +212,11 @@ protected override void ProcessRecord()
                     ResourceName = ResourceName,
                     ResourceType = ResourceType,
                     Subscription = string.IsNullOrEmpty(ResourceGroupName) ? null : DefaultProfile.DefaultContext.Subscription.Id.ToString()
-                }
+                },
+                ExcludeAssignmentsForDeletedPrincipals = true
             };
 
-            WriteObject(PoliciesClient.FilterRoleAssignments(options), true);
+            WriteObject(PoliciesClient.FilterRoleAssignments(options), enumerateCollection: true);
         }
     }
 }
diff --git a/src/ResourceManager/Resources/Commands.Resources/RoleAssignments/RemoveAzureRoleAssignmentCommand.cs b/src/ResourceManager/Resources/Commands.Resources/RoleAssignments/RemoveAzureRoleAssignmentCommand.cs
@@ -30,108 +30,70 @@ public class RemoveAzureRoleAssignmentCommand : ResourcesBaseCmdlet
     {
         [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Empty,
             HelpMessage = "The user or group object id")]
-        [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithObjectId,
-            HelpMessage = "The user or group object id.")]
         [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithObjectId,
             HelpMessage = "The user or group object id.")]
         [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithObjectId,
             HelpMessage = "The user or group object id.")]
-        [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ObjectId,
-            HelpMessage = "The user or group object id.")]
         [ValidateNotNullOrEmpty]
         [Alias("Id", "PrincipalId")]
         public Guid ObjectId { get; set; }
 
-        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Empty,
-            HelpMessage = "The user or group email address.")]
-        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithMail,
-            HelpMessage = "The user or group email address.")]
-        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithMail,
-            HelpMessage = "The user or group email address.")]
-        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithMail,
+        [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithMail,
             HelpMessage = "The user or group email address.")]
-        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Mail,
+        [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithMail,
             HelpMessage = "The user or group email address.")]
         [ValidateNotNullOrEmpty]
         public string Mail { get; set; }
 
-        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Empty,
-            HelpMessage = "The user UPN.")]
-        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithUPN,
-            HelpMessage = "The user UPN.")]
-        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithUPN,
-            HelpMessage = "The user UPN.")]
-        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithUPN,
+        [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithUPN,
             HelpMessage = "The user UPN.")]
-        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.UPN,
+        [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithUPN,
             HelpMessage = "The user UPN.")]
         [ValidateNotNullOrEmpty]
         [Alias("UPN")]
         public string UserPrincipalName { get; set; }
 
-        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Empty,
-            HelpMessage = "The app SPN.")]
-        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithSPN,
-            HelpMessage = "The app SPN.")]
-        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSPN,
-            HelpMessage = "The app SPN.")]
-        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithSPN,
+        [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSPN,
             HelpMessage = "The app SPN.")]
-        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.SPN,
+        [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithSPN,
             HelpMessage = "The app SPN.")]
         [ValidateNotNullOrEmpty]
         [Alias("SPN")]
         public string ServicePrincipalName { get; set; }
 
-        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Empty,
-            HelpMessage = "Resource group to assign the role to.")]
-        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithObjectId,
-            HelpMessage = "Resource group to assign the role to.")]
         [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithObjectId,
             HelpMessage = "Resource group to assign the role to.")]
-        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithMail,
-            HelpMessage = "Resource group to assign the role to.")]
         [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithMail,
             HelpMessage = "Resource group to assign the role to.")]
-        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithUPN,
-            HelpMessage = "Resource group to assign the role to.")]
         [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithUPN,
             HelpMessage = "Resource group to assign the role to.")]
-        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithSPN,
-            HelpMessage = "Resource group to assign the role to.")]
         [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSPN,
             HelpMessage = "Resource group to assign the role to.")]
         [ValidateNotNullOrEmpty]
         public string ResourceGroupName { get; set; }
 
-        [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Resource,
-            HelpMessage = "Resource to assign the role to.")]
-        [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithObjectId,
+        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithObjectId,
             HelpMessage = "Resource to assign the role to.")]
-        [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithMail,
+        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithMail,
             HelpMessage = "Resource to assign the role to.")]
-        [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithUPN,
+        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithUPN,
             HelpMessage = "Resource to assign the role to.")]
-        [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSPN,
+        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSPN,
             HelpMessage = "Resource to assign the role to.")]
         [ValidateNotNullOrEmpty]
         public string ResourceName { get; set; }
 
-        [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Resource,
-            HelpMessage = "Type of the resource to assign the role to.")]
-        [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithObjectId,
+        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithObjectId,
             HelpMessage = "Type of the resource to assign the role to.")]
-        [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithMail,
+        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithMail,
             HelpMessage = "Type of the resource to assign the role to.")]
-        [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithUPN,
+        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithUPN,
             HelpMessage = "Type of the resource to assign the role to.")]
-        [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSPN,
+        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSPN,
             HelpMessage = "Type of the resource to assign the role to.")]
         [ValidateNotNullOrEmpty]
         public string ResourceType { get; set; }
 
-        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Resource,
-            HelpMessage = "Parent resource of the resource to assign the role to, if there is any.")]
         [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithObjectId,
             HelpMessage = "Parent resource of the resource to assign the role to, if there is any.")]
         [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithMail,
@@ -143,10 +105,8 @@ public class RemoveAzureRoleAssignmentCommand : ResourcesBaseCmdlet
         [ValidateNotNullOrEmpty]
         public string ParentResource { get; set; }
 
-         [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Empty,
+        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Empty,
             HelpMessage = "Role to assign the principals with.")]
-        [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Scope,
-            HelpMessage = "Scope of the role assignment. In the format of relative URI. If not specified, will assign the role at subscription level. If specified, it can either start with \"/subscriptions/<id>\" or the part after that. If it's latter, the current subscription id will be used.")]
         [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithObjectId,
             HelpMessage = "Scope of the role assignment. In the format of relative URI. If not specified, will assign the role at subscription level. If specified, it can either start with \"/subscriptions/<id>\" or the part after that. If it's latter, the current subscription id will be used.")]
         [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithMail,
@@ -158,9 +118,7 @@ public class RemoveAzureRoleAssignmentCommand : ResourcesBaseCmdlet
         [ValidateNotNullOrEmpty]
         public string Scope { get; set; }
 
-        [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Empty,
-            HelpMessage = "Role to assign the principals with.")]
-        [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, HelpMessage = "Role to assign the principals with.")]
+        [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, HelpMessage = "Role the principal is assigned to.")]
         [ValidateNotNullOrEmpty]
         public string RoleDefinitionName { get; set; }
 
@@ -191,7 +149,8 @@ protected override void ProcessRecord()
                     ResourceName = ResourceName,
                     ResourceType = ResourceType,
                     Subscription = DefaultProfile.DefaultContext.Subscription.Id.ToString()
-                }
+                },
+                ExcludeAssignmentsForDeletedPrincipals = false
             };
 
             ConfirmAction(

Original file line number	Diff line number	Diff line change
`@@ -140,25 +140,25 @@ public List<PSRoleAssignment> FilterRoleAssignments(FilterRoleAssignmentsOptions`
`140`	`140`	`// Filter first by principal`
`141`	`141`	`parameters.PrincipalId = string.IsNullOrEmpty(options.ADObjectFilter.Id) ? ActiveDirectoryClient.GetObjectId(options.ADObjectFilter) : Guid.Parse(options.ADObjectFilter.Id);`
`142`	`142`	`result.AddRange(AuthorizationManagementClient.RoleAssignments.List(parameters)`
`143`		`- .RoleAssignments.Select(r => r.ToPSRoleAssignment(this, ActiveDirectoryClient)));`
	`143`	`+ .RoleAssignments.Select(r => r.ToPSRoleAssignment(this, ActiveDirectoryClient, options.ExcludeAssignmentsForDeletedPrincipals)).Where(r => r != null));`
`144`	`144`
`145`	`145`	`// Filter out by scope`
`146`	`146`	`if (!string.IsNullOrEmpty(options.Scope))`
`147`	`147`	`{`
`148`		`- result.RemoveAll(r => !options.Scope.StartsWith(r.Scope, StringComparison.InvariantCultureIgnoreCase));`
	`148`	`+ result.RemoveAll(r => !options.Scope.StartsWith(r.Scope, StringComparison.InvariantCultureIgnoreCase));`
`149`	`149`	`}`
`150`	`150`	`}`
`151`	`151`	`else if (!string.IsNullOrEmpty(options.Scope))`
`152`	`152`	`{`
`153`	`153`	`// Filter by scope and above directly`
`154`	`154`	`parameters.AtScope = true;`
`155`	`155`	`result.AddRange(AuthorizationManagementClient.RoleAssignments.ListForScope(options.Scope, parameters)`
`156`		`- .RoleAssignments.Select(r => r.ToPSRoleAssignment(this, ActiveDirectoryClient)));`
	`156`	`+ .RoleAssignments.Select(r => r.ToPSRoleAssignment(this, ActiveDirectoryClient, options.ExcludeAssignmentsForDeletedPrincipals)).Where(r => r != null));`
`157`	`157`	`}`
`158`	`158`	`else`
`159`	`159`	`{`
`160`	`160`	`result.AddRange(AuthorizationManagementClient.RoleAssignments.List(parameters)`
`161`		`- .RoleAssignments.Select(r => r.ToPSRoleAssignment(this, ActiveDirectoryClient)));`
	`161`	`+ .RoleAssignments.Select(r => r.ToPSRoleAssignment(this, ActiveDirectoryClient, options.ExcludeAssignmentsForDeletedPrincipals)).Where(r => r != null));`
`162`	`162`	`}`
`163`	`163`
`164`	`164`	`if (!string.IsNullOrEmpty(options.RoleDefinition))`
`@@ -176,7 +176,10 @@ public List<PSRoleAssignment> FilterRoleAssignments(FilterRoleAssignmentsOptions`
`176`	`176`	`/// <returns>The deleted role assignments</returns>`
`177`	`177`	`public PSRoleAssignment RemoveRoleAssignment(FilterRoleAssignmentsOptions options)`
`178`	`178`	`{`
`179`		`- PSRoleAssignment roleAssignment = FilterRoleAssignments(options).FirstOrDefault();`
	`179`	`+ // Match role assignments at exact scope. At most 1 roleAssignment should match the criteria`
	`180`	`+ PSRoleAssignment roleAssignment = FilterRoleAssignments(options)`
	`181`	`+ .Where(ra => ra.Scope == options.Scope.TrimEnd('/'))`
	`182`	`+ .FirstOrDefault();`
`180`	`183`
`181`	`184`	`if (roleAssignment != null)`
`182`	`185`	`{`
Original file line number	Diff line number	Diff line change
`@@ -44,7 +44,7 @@ public static PSRoleDefinition ToPSRoleDefinition(this RoleDefinition role)`
`44`	`44`	`return roleDefinition;`
`45`	`45`	`}`
`46`	`46`
`47`		`- public static PSRoleAssignment ToPSRoleAssignment(this RoleAssignment role, AuthorizationClient policyClient, ActiveDirectoryClient activeDirectoryClient)`
	`47`	`+ public static PSRoleAssignment ToPSRoleAssignment(this RoleAssignment role, AuthorizationClient policyClient, ActiveDirectoryClient activeDirectoryClient, bool excludeAssignmentsForDeletedPrincipals = true)`
`48`	`48`	`{`
`49`	`49`	`PSRoleDefinition roleDefinition = policyClient.GetRoleDefinition(role.Properties.RoleDefinitionId);`
`50`	`50`	`PSADObject adObject = activeDirectoryClient.GetADObject(new ADObjectFilterOptions { Id = role.Properties.PrincipalId.ToString() }) ?? new PSADObject() { Id = role.Properties.PrincipalId };`
`@@ -92,7 +92,7 @@ public static PSRoleAssignment ToPSRoleAssignment(this RoleAssignment role, Auth`
`92`	`92`	`ObjectId = adObject.Id`
`93`	`93`	`};`
`94`	`94`	`}`
`95`		`- else`
	`95`	`+ else if (!excludeAssignmentsForDeletedPrincipals)`
`96`	`96`	`{`
`97`	`97`	`return new PSRoleAssignment()`
`98`	`98`	`{`
`@@ -105,6 +105,8 @@ public static PSRoleAssignment ToPSRoleAssignment(this RoleAssignment role, Auth`
`105`	`105`	`ObjectId = adObject.Id`
`106`	`106`	`};`
`107`	`107`	`}`
	`108`	`+`
	`109`	`+ return null;`
`108`	`110`	`}`
`109`	`111`	`}`
`110`	`112`	`}`
Original file line number	Diff line number	Diff line change
`@@ -53,5 +53,7 @@ public string Scope`
`53`	`53`	`public ResourceIdentifier ResourceIdentifier { get; set; }`
`54`	`54`
`55`	`55`	`public ADObjectFilterOptions ADObjectFilter { get; set; }`
	`56`	`+`
	`57`	`+ public bool ExcludeAssignmentsForDeletedPrincipals { get; set; }`
`56`	`58`	`}`
`57`	`59`	`}`
Original file line number	Diff line number	Diff line change
`@@ -212,10 +212,11 @@ protected override void ProcessRecord()`
`212`	`212`	`ResourceName = ResourceName,`
`213`	`213`	`ResourceType = ResourceType,`
`214`	`214`	`Subscription = string.IsNullOrEmpty(ResourceGroupName) ? null : DefaultProfile.DefaultContext.Subscription.Id.ToString()`
`215`		`- }`
	`215`	`+ },`
	`216`	`+ ExcludeAssignmentsForDeletedPrincipals = true`
`216`	`217`	`};`
`217`	`218`
`218`		`- WriteObject(PoliciesClient.FilterRoleAssignments(options), true);`
	`219`	`+ WriteObject(PoliciesClient.FilterRoleAssignments(options), enumerateCollection: true);`
`219`	`220`	`}`
`220`	`221`	`}`
`221`	`222`	`}`