Merge pull request #333 from darshanhs90/darshanhs90/preview

update remove role assignment commandlet

Author: markcowl

ChangeLog.md

@@ -133,6 +133,8 @@
     * Add -PolicySetDefinition, -Sku and -NotScope parameters to New-AzureRmPolicyAssignment and Set-AzureRmPolicyAssignment cmdlets
     * Add support to pass in policy url to New-AzureRmPolicyDefinition and Set-AzureRmPolicyDefinition cmdlets
     * Add -Mode parameter to New-AzureRmPolicyDefinition cmdlet
+    * Add Support for removal of roleassignment using PSRoleAssignment object
+        - Users can now use PSRoleassignmnet inputobject with Remove-AzureRMRoleAssignment commandlet to remove the roleassignment.
     * Add ManagedApplication cmdlets
         - New-AzureRmManagedApplication cmdlet to create a managed application
         - Get-AzureRmManagedApplication cmdlet to list all managed applications under a subscription or to get a specific managed application

src/Common/Commands.Common.Graph.RBAC/ActiveDirectory/ParameterSet.cs

@@ -133,5 +133,7 @@ public static class ParameterSet
         public const string SpObjectIdWithDisplayName = "SpObjectIdWithDisplayNameParameterSet";
 
         public const string SPNWithDisplayName = "SPNWithDisplayNameParameterSet";
-    }
+
+		public const string RoleAssignment = "RoleAssignmentParameterSet";
+	}
 }

src/ResourceManager/Resources/AzureRM.Resources.psd1

@@ -159,6 +159,8 @@ PrivateData = @{
 * Add -PolicySetDefinition, -Sku and -NotScope parameters to New-AzureRmPolicyAssignment and Set-AzureRmPolicyAssignment cmdlets
 * Add support to pass in policy url to New-AzureRmPolicyDefinition and Set-AzureRmPolicyDefinition cmdlets
 * Add -Mode parameter to New-AzureRmPolicyDefinition cmdlet
+* Add Support for removal of roleassignment using PSRoleAssignment object
+    - Users can now use PSRoleassignmnet inputobject with Remove-AzureRMRoleAssignment commandlet to remove the roleassignment.
 * Add ManagedApplicationDefinition cmdlets
 * Add ManagedApplication cmdlets
 '

src/ResourceManager/Resources/ChangeLog.md

@@ -36,7 +36,9 @@
 * Add -PolicySetDefinition, -Sku and -NotScope parameters to New-AzureRmPolicyAssignment and Set-AzureRmPolicyAssignment cmdlets
 * Add support to pass in policy url to New-AzureRmPolicyDefinition and Set-AzureRmPolicyDefinition cmdlets
 * Add -Mode parameter to New-AzureRmPolicyDefinition cmdlet
-
+* Add Support for removal of roleassignment using PSRoleAssignment object
+    - Users can now use PSRoleassignmnet inputobject with Remove-AzureRMRoleAssignment commandlet to remove the roleassignment.
+    
 ## Version 4.3.1
 
 ## Version 4.3.0

src/ResourceManager/Resources/Commands.Resources.Test/Commands.Resources.Test.csproj

@@ -694,6 +694,9 @@
     <None Include="SessionRecords\Microsoft.Azure.Commands.Resources.Test.ScenarioTests.RoleAssignmentTests\RaUserPermissions_Setup.json">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>
+    <None Include="SessionRecords\Microsoft.Azure.Commands.Resources.Test.ScenarioTests.RoleAssignmentTests\RaDeleteByPSRoleAssignment.json">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </None>
     <None Include="SessionRecords\Microsoft.Azure.Commands.Resources.Test.ScenarioTests.RoleAssignmentTests\RaUserPermissions_Test.json">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </None>

src/ResourceManager/Resources/Commands.Resources.Test/ScenarioTests/RoleAssignmentTests.cs

@@ -57,6 +57,13 @@ public void RaByScope()
         {
             ResourcesController.NewInstance.RunPsTest("Test-RaByScope");
         }
+        
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void RaDeleteByPSRoleAssignment()
+        {
+            ResourcesController.NewInstance.RunPsTest("Test-RaDeleteByPSRoleAssignment");
+        }
 
         [Fact]
         [Trait(Category.AcceptanceType, Category.CheckIn)]

src/ResourceManager/Resources/Commands.Resources.Test/ScenarioTests/RoleAssignmentTests.ps1

@@ -56,6 +56,33 @@ function Test-RaNegativeScenarios
     Assert-Throws { Get-AzureRmRoleAssignment -ServicePrincipalName $badSpn } $badObjectResult
 }
 
+<#
+.SYNOPSIS
+Tests verifies delete scenario for RoleAssignments by using PSRoleAssignment Object
+#>
+function Test-RaDeleteByPSRoleAssignment
+{
+    # Setup
+    $definitionName = 'Reader'
+    $users = Get-AzureRmADUser | Select-Object -First 1 -Wait
+    $subscription = Get-AzureRmSubscription
+    $resourceGroups = Get-AzureRmResourceGroup | Select-Object -Last 1 -Wait
+    $scope = '/subscriptions/'+ $subscription[0].Id +'/resourceGroups/' + $resourceGroups[0].ResourceGroupName
+    Assert-AreEqual 1 $users.Count "There should be at least one user to run the test."
+    
+    # Test
+    [Microsoft.Azure.Commands.Resources.Models.Authorization.AuthorizationClient]::RoleAssignmentNames.Enqueue("fa1a4d3b-2cca-406b-8956-6b6b32377641")
+    $newAssignment = New-AzureRmRoleAssignment `
+                        -ObjectId $users[0].Id.Guid `
+                        -RoleDefinitionName $definitionName `
+                        -Scope $scope 
+
+    Remove-AzureRmRoleAssignment $newAssignment
+
+    # Assert
+    VerifyRoleAssignmentDeleted $newAssignment
+}
+
 <#
 .SYNOPSIS
 Tests verifies creation and deletion of a RoleAssignments by Scope
@@ -193,11 +220,11 @@ function Test-RaValidateInputParameters ($cmdName)
     Assert-Throws { &$cmdName -Scope $scope -ObjectId $groups[0].Id.Guid -RoleDefinitionName $definitionName } $invalidScope
 
     # Check if ResourceType is valid
-    Assert-AreEqual $resource.ResourceType "Microsoft.KeyVault/vaults"
-    
+    Assert-AreEqual $resource.ResourceType "Microsoft.ServiceBus/namespaces"
+    $subscription = Get-AzureRmSubscription | Select-Object -Last 1 -Wait
     # Below invalid resource type should not return 'Not supported api version'.
     $resource.ResourceType = "Microsoft.KeyVault/"
-    $invalidResourceType = "Scope '/subscriptions/0b1f6471-1bf0-4dda-aec3-cb9272f09590/resourceGroups/zzzzlastgroupzz/providers/Microsoft.KeyVault/zzzzlastgroupzz' should have even number of parts."
+    $invalidResourceType = "Scope '/subscriptions/"+$subscription.Id+"/resourceGroups/"+$resource.ResourceGroupName+"/providers/Microsoft.KeyVault/"+$resource.ResourceGroupName+"' should have even number of parts."
     Assert-Throws { &$cmdName `
                         -ObjectId $groups[0].Id.Guid `
                         -RoleDefinitionName $definitionName `
@@ -213,7 +240,7 @@ Tests verifies creation and deletion of a RoleAssignments for Service principal
 function Test-RaByServicePrincipal
 {
     # Setup
-    $definitionName = 'Reader'
+    $definitionName = 'Contributor'
     $servicePrincipals = Get-AzureRmADServicePrincipal | Select-Object -Last 1 -Wait
     $subscription = Get-AzureRmSubscription
     $resourceGroups = Get-AzureRmResourceGroup | Select-Object -Last 1 -Wait

src/ResourceManager/Resources/Commands.Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.RoleAssignmentTests/RaByServicePrincipal.json

@@ -150,9 +150,19 @@ public class RemoveAzureRoleAssignmentCommand : ResourcesBaseCmdlet
         [Parameter(Mandatory = false)]
         public SwitchParameter PassThru { get; set; }
 
+        [ValidateNotNullOrEmpty]
+        [Parameter(Position = 0, Mandatory = true, ValueFromPipeline = true, ParameterSetName = ParameterSet.RoleAssignment, HelpMessage = "Role Assignment.")]
+        public PSRoleAssignment InputObject { get; set; }
+
         public override void ExecuteCmdlet()
         {
             IEnumerable<PSRoleAssignment> roleAssignments = null;
+            if (InputObject != null) {
+                Scope = InputObject.Scope;
+                ObjectId = InputObject.ObjectId;
+                RoleDefinitionName = InputObject.RoleDefinitionName;
+            }
+
             FilterRoleAssignmentsOptions options = new FilterRoleAssignmentsOptions()
             {
                 Scope = Scope,

src/ResourceManager/Resources/Commands.Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.RoleAssignmentTests/RaDeleteByPSRoleAssignment.json

@@ -81,6 +81,11 @@ Remove-AzureRmRoleAssignment -ServicePrincipalName <String> [-Scope <String>] -R
  [-PassThru] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
+### RoleAssignmentParameterSet
+```
+Remove-AzureRmRoleAssignment [-InputObject] <PSRoleAssignment> [<CommonParameters>]
+```
+
 ## DESCRIPTION
 Use the Remove-AzureRmRoleAssignment commandlet to revoke access to any principal at given scope and given role.
 
@@ -117,6 +122,14 @@ PS C:\> Remove-AzureRmRoleAssignment -ObjectId 36f81fc3-b00f-48cd-8218-3879f51ff
 Removes the role assignment to the group principal identified by the ObjectId and assigned to the Reader role.
 Defaults to using the current subscription as the scope to find the assignment to be deleted.
 
+### --------------------------  Example 3  --------------------------
+```
+PS C:\> $roleassignment = Get-AzureRmRoleAssignment |Select-Object -First 1 -Wait
+PS C:\> Remove-AzureRmRoleAssignment -InputObject $roleassignment
+```
+
+Removes the first role assignment object which is fetched from the Get-AzureRmRoleAssignment commandlet.
+
 ## PARAMETERS
 
 ### -ObjectId
@@ -299,6 +312,21 @@ Accept pipeline input: True (ByPropertyName)
 Accept wildcard characters: False
 ```
 
+### -InputObject
+Role Assignment object.
+
+```yaml
+Type: PSRoleAssignment
+Parameter Sets: RoleAssignmentParameterSet
+Aliases: 
+
+Required: True
+Position: 0
+Default value: None
+Accept pipeline input: True
+Accept wildcard characters: False
+```
+
 ### -Confirm
 Prompts you for confirmation before running the cmdlet.