Merge pull request Azure#1175 from shuagarw/DocumentationUpdatesAndFixes

Role commands documentation updates and some bug fixes

Author: stankovski

src/Common/Commands.Common/Commands.Common.csproj

@@ -173,6 +173,7 @@
     <Compile Include="TestMockSupport.cs" />
     <Compile Include="PSAzureAccount.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />
+    <Compile Include="ValidateGuidNotEmpty.cs" />
   </ItemGroup>
   <ItemGroup>
     <EmbeddedResource Include="Properties\Resources.resx">

src/Common/Commands.Common/ValidateGuidNotEmpty.cs

@@ -0,0 +1,27 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Management.Automation;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Microsoft.WindowsAzure.Commands.Common
+{
+    [AttributeUsage(AttributeTargets.Property | AttributeTargets.Field)]
+    public class ValidateGuidNotEmptyAttribute : ValidateArgumentsAttribute
+    {
+        protected override void Validate(object arguments, EngineIntrinsics engineIntrinsics)
+        {
+            if (arguments == null)
+            {
+                throw new ValidationMetadataException("Specify a parameter of type 'System.Guid' and try again.");
+            }
+
+            Guid param = (Guid)arguments;
+            if (param == Guid.Empty)
+            {
+                throw new ValidationMetadataException("Specify a non empty value of type 'System.Guid' and try again.");
+            }
+        }
+    }
+}

src/ResourceManager/Resources/Commands.Resources/Microsoft.Azure.Commands.Resources.dll-Help.xml

@@ -134,7 +134,7 @@ public PSRoleAssignment CreateRoleAssignment(FilterRoleAssignmentsOptions parame
             Guid roleAssignmentId = RoleAssignmentNames.Count == 0 ? Guid.NewGuid() : RoleAssignmentNames.Dequeue();
             string roleDefinitionId = !string.IsNullOrEmpty(parameters.RoleDefinitionName)
                 ? AuthorizationHelper.GetRoleDefinitionFullyQualifiedId(subscriptionId, GetRoleRoleDefinition(parameters.RoleDefinitionName).Id)
-                : parameters.RoleDefinitionId;
+                : AuthorizationHelper.GetRoleDefinitionFullyQualifiedId(subscriptionId, parameters.RoleDefinitionId);
 
             RoleAssignmentCreateParameters createParameters = new RoleAssignmentCreateParameters
             {
@@ -189,7 +189,7 @@ public List<PSRoleAssignment> FilterRoleAssignments(FilterRoleAssignmentsOptions
 
                 result.AddRange(AuthorizationManagementClient.RoleAssignments.List(parameters)
                     .RoleAssignments
-                    .FilterRoleAssignmentsOnRoleId(options.RoleDefinitionId)
+                    .FilterRoleAssignmentsOnRoleId(AuthorizationHelper.GetRoleDefinitionFullyQualifiedId(currentSubscription, options.RoleDefinitionId))
                     .ToPSRoleAssignments(this, ActiveDirectoryClient, options.ExcludeAssignmentsForDeletedPrincipals));
 
                 // Filter out by scope
@@ -205,13 +205,15 @@ public List<PSRoleAssignment> FilterRoleAssignments(FilterRoleAssignmentsOptions
 
                 result.AddRange(AuthorizationManagementClient.RoleAssignments.ListForScope(options.Scope, parameters)
                     .RoleAssignments
-                    .FilterRoleAssignmentsOnRoleId(options.RoleDefinitionId)
+                    .FilterRoleAssignmentsOnRoleId(AuthorizationHelper.GetRoleDefinitionFullyQualifiedId(currentSubscription, options.RoleDefinitionId))
                     .ToPSRoleAssignments(this, ActiveDirectoryClient, options.ExcludeAssignmentsForDeletedPrincipals));
             }
             else
             {
                 result.AddRange(AuthorizationManagementClient.RoleAssignments.List(parameters)
-                    .RoleAssignments.ToPSRoleAssignments(this, ActiveDirectoryClient, options.ExcludeAssignmentsForDeletedPrincipals));
+                    .RoleAssignments
+                    .FilterRoleAssignmentsOnRoleId(AuthorizationHelper.GetRoleDefinitionFullyQualifiedId(currentSubscription, options.RoleDefinitionId))
+                    .ToPSRoleAssignments(this, ActiveDirectoryClient, options.ExcludeAssignmentsForDeletedPrincipals));
             }
 
             if (!string.IsNullOrEmpty(options.RoleDefinitionName))
@@ -251,11 +253,11 @@ public List<PSRoleAssignment> FilterRoleAssignments(FilterRoleAssignmentsOptions
         /// </summary>
         /// <param name="options">The role assignment filtering options</param>
         /// <returns>The deleted role assignments</returns>
-        public IEnumerable<PSRoleAssignment> RemoveRoleAssignment(FilterRoleAssignmentsOptions options)
+        public IEnumerable<PSRoleAssignment> RemoveRoleAssignment(FilterRoleAssignmentsOptions options, string subscriptionId)
         {
             // Match role assignments at exact scope. Ideally, atmost 1 roleAssignment should match the criteria 
             // but an edge case can have multiple role assignments to the same role or multiple role assignments to different roles, with same name.
-            IEnumerable<PSRoleAssignment> roleAssignments = FilterRoleAssignments(options, currentSubscription: string.Empty)
+            IEnumerable<PSRoleAssignment> roleAssignments = FilterRoleAssignments(options, subscriptionId)
                                                 .Where(ra => ra.Scope == options.Scope.TrimEnd('/'));
 
             if (roleAssignments == null || !roleAssignments.Any())
@@ -362,6 +364,8 @@ public PSRoleDefinition UpdateRoleDefinition(PSRoleDefinition role, string subsc
             roleDefinition.AssignableScopes = role.AssignableScopes ?? roleDefinition.AssignableScopes;
             roleDefinition.Description = role.Description ?? roleDefinition.Description;
 
+            ValidateRoleDefinition(roleDefinition);
+
             return
                 AuthorizationManagementClient.RoleDefinitions.CreateOrUpdate(
                     roleDefinitionId,
@@ -444,6 +448,11 @@ private static void ValidateRoleDefinition(PSRoleDefinition roleDefinition)
                 throw new ArgumentException(ProjectResources.InvalidRoleDefinitionName);
             }
 
+            if (string.IsNullOrWhiteSpace(roleDefinition.Description))
+            {
+                throw new ArgumentException(ProjectResources.InvalidRoleDefinitionDescription);
+            }
+
             if (roleDefinition.AssignableScopes == null || !roleDefinition.AssignableScopes.Any())
             {
                 throw new ArgumentException(ProjectResources.InvalidAssignableScopes);

src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClient.cs

@@ -12,6 +12,11 @@ public class AuthorizationHelper
 
         public static string GetRoleDefinitionFullyQualifiedId(string subscriptionId, string roleDefinitionGuid)
         {
+            if(string.IsNullOrEmpty(roleDefinitionGuid))
+            {
+                return null;
+            }
+
             return string.Concat(string.Format(AuthorizationHelper.roleDefinitionIdPrefixFormat, subscriptionId), roleDefinitionGuid);
         }
     }

src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationHelper.cs

@@ -18,26 +18,12 @@ namespace Microsoft.Azure.Commands.Resources.Models.Authorization
 {
     public class FilterRoleAssignmentsOptions
     {
-        private string roleDefinitionGuid;
-
         public string RoleDefinitionName { get; set; }
 
-        public string RoleDefinitionId
-        {
-            get
-            {
-                if (string.IsNullOrEmpty(roleDefinitionGuid))
-                {
-                    return null;
-                }
-
-                return AuthorizationHelper.GetRoleDefinitionFullyQualifiedId(this.ResourceIdentifier.Subscription, roleDefinitionGuid);
-            }
-            set
-            {
-                roleDefinitionGuid = value;
-            }
-        }
+        /// <summary>
+        /// RoleDefinitionId Guid
+        /// </summary>
+        public string RoleDefinitionId { get; set; }
 
         private string scope;
 

src/ResourceManager/Resources/Commands.Resources/Models.Authorization/FilterRoleAssignmentsOptions.cs

@@ -333,4 +333,10 @@
   <data name="ProviderOperationUnsupportedWildcard" xml:space="preserve">
     <value>Wildcard character ? is not supported.</value>
   </data>
+  <data name="InvalidRoleDefinitionDescription" xml:space="preserve">
+    <value>RoleDefinition Description is invalid.</value>
+  </data>
+  <data name="RemoveRoleDefinitionWithName" xml:space="preserve">
+    <value>Are you sure you want to remove role definition with name '{0}'.</value>
+  </data>
 </root>

src/ResourceManager/Resources/Commands.Resources/Properties/Resources.Designer.cs

@@ -15,6 +15,7 @@
 using Microsoft.Azure.Commands.Resources.Models;
 using Microsoft.Azure.Commands.Resources.Models.ActiveDirectory;
 using Microsoft.Azure.Commands.Resources.Models.Authorization;
+using Microsoft.WindowsAzure.Commands.Common;
 using System;
 using System.Collections.Generic;
 using System.Management.Automation;
@@ -35,7 +36,9 @@ public class GetAzureRoleAssignmentCommand : ResourcesBaseCmdlet
             HelpMessage = "The user or group object id.")]
         [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithObjectId,
             HelpMessage = "The user or group object id.")]
-        [ValidateNotNullOrEmpty]
+        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.RoleIdWithScopeAndObjectId,
+            HelpMessage = "The user or group object id.")]
+        [ValidateGuidNotEmpty]
         [Alias("Id", "PrincipalId")]
         public Guid ObjectId { get; set; }
 
@@ -150,6 +153,11 @@ public class GetAzureRoleAssignmentCommand : ResourcesBaseCmdlet
         [ValidateNotNullOrEmpty]
         public string RoleDefinitionName { get; set; }
 
+        [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.RoleIdWithScopeAndObjectId,
+            HelpMessage = "Role Id the principal is assigned to.")]
+        [ValidateGuidNotEmpty]
+        public Guid RoleDefinitionId { get; set; }
+
         [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Scope,
             HelpMessage = "Scope of the role assignment. In the format of relative URI.")]
         [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithObjectId,
@@ -158,6 +166,8 @@ public class GetAzureRoleAssignmentCommand : ResourcesBaseCmdlet
             HelpMessage = "Scope of the role assignment. In the format of relative URI.")]
         [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithSPN,
             HelpMessage = "Scope of the role assignment. In the format of relative URI.")]
+        [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.RoleIdWithScopeAndObjectId,
+            HelpMessage = "Scope of the role assignment. In the format of relative URI.")]
         [ValidateNotNullOrEmpty]
         public string Scope { get; set; }
 
@@ -207,6 +217,7 @@ protected override void ProcessRecord()
             {
                 Scope = Scope,
                 RoleDefinitionName = RoleDefinitionName,
+                RoleDefinitionId = RoleDefinitionId == Guid.Empty ? null : RoleDefinitionId.ToString(),
                 ADObjectFilter = new ADObjectFilterOptions
                 {
                     SignInName = SignInName,

src/ResourceManager/Resources/Commands.Resources/Properties/Resources.resx

@@ -15,6 +15,7 @@
 using Microsoft.Azure.Commands.Resources.Models;
 using Microsoft.Azure.Commands.Resources.Models.ActiveDirectory;
 using Microsoft.Azure.Commands.Resources.Models.Authorization;
+using Microsoft.WindowsAzure.Commands.Common;
 using System;
 using System.Management.Automation;
 
@@ -36,7 +37,7 @@ public class NewAzureRoleAssignmentCommand : ResourcesBaseCmdlet
             HelpMessage = "The user or group object id.")]
         [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.RoleIdWithScopeAndObjectId,
             HelpMessage = "The user or group object id.")]
-        [ValidateNotNullOrEmpty]
+        [ValidateGuidNotEmpty]
         [Alias("Id", "PrincipalId")]
         public Guid ObjectId { get; set; }
 
@@ -140,7 +141,7 @@ public class NewAzureRoleAssignmentCommand : ResourcesBaseCmdlet
 
         [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.RoleIdWithScopeAndObjectId,
             HelpMessage = "Role Id the principal is assigned to.")]
-        [ValidateNotNullOrEmpty]
+        [ValidateGuidNotEmpty]
         public Guid RoleDefinitionId { get; set; }
 
         protected override void ProcessRecord()

src/ResourceManager/Resources/Commands.Resources/RoleAssignments/GetAzureRoleAssignmentCommand.cs

@@ -15,6 +15,7 @@
 using Microsoft.Azure.Commands.Resources.Models;
 using Microsoft.Azure.Commands.Resources.Models.ActiveDirectory;
 using Microsoft.Azure.Commands.Resources.Models.Authorization;
+using Microsoft.WindowsAzure.Commands.Common;
 using System;
 using System.Collections.Generic;
 using System.Management.Automation;
@@ -38,7 +39,7 @@ public class RemoveAzureRoleAssignmentCommand : ResourcesBaseCmdlet
             HelpMessage = "The user or group object id.")]
         [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.RoleIdWithScopeAndObjectId,
             HelpMessage = "The user or group object id.")]
-        [ValidateNotNullOrEmpty]
+        [ValidateGuidNotEmpty]
         [Alias("Id", "PrincipalId")]
         public Guid ObjectId { get; set; }
 
@@ -142,7 +143,7 @@ public class RemoveAzureRoleAssignmentCommand : ResourcesBaseCmdlet
 
         [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.RoleIdWithScopeAndObjectId,
             HelpMessage = "Role Id the principal is assigned to.")]
-        [ValidateNotNullOrEmpty]
+        [ValidateGuidNotEmpty]
         public Guid RoleDefinitionId { get; set; }
 
         [Parameter(Mandatory = false)]
@@ -184,7 +185,7 @@ protected override void ProcessRecord()
                 options.RoleDefinitionName ?? RoleDefinitionId.ToString()),
                 ProjectResources.RemovingRoleAssignment,
                 null,
-                () => roleAssignments = PoliciesClient.RemoveRoleAssignment(options));
+                () => roleAssignments = PoliciesClient.RemoveRoleAssignment(options, DefaultProfile.Context.Subscription.Id.ToString()));
 
             if (PassThru)
             {

src/ResourceManager/Resources/Commands.Resources/RoleAssignments/NewAzureRoleAssignmentCommand.cs

@@ -15,6 +15,7 @@
 using Microsoft.Azure.Commands.Resources.Models;
 using Microsoft.Azure.Commands.Resources.Models.ActiveDirectory;
 using Microsoft.Azure.Commands.Resources.Models.Authorization;
+using Microsoft.WindowsAzure.Commands.Common;
 using System;
 using System.Collections.Generic;
 using System.Management.Automation;
@@ -34,7 +35,7 @@ public class GetAzureRoleDefinitionCommand : ResourcesBaseCmdlet
 
         [Parameter(Position = 0, Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.RoleDefinitionId,
             HelpMessage = "Role definition id.")]
-        [ValidateNotNullOrEmpty]
+        [ValidateGuidNotEmpty]
         public Guid Id { get; set; }
 
         [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.RoleDefinitionCustom,

src/ResourceManager/Resources/Commands.Resources/RoleAssignments/RemoveAzureRoleAssignmentCommand.cs

@@ -18,6 +18,7 @@
 using Microsoft.Azure.Commands.Resources.Models.Authorization;
 using ProjectResources = Microsoft.Azure.Commands.Resources.Properties.Resources;
 using System;
+using Microsoft.WindowsAzure.Commands.Common;
 
 namespace Microsoft.Azure.Commands.Resources
 {
@@ -29,7 +30,7 @@ public class RemoveAzureRoleDefinitionCommand : ResourcesBaseCmdlet
     {
         [Parameter(Position = 0, Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.RoleDefinitionId,
             HelpMessage = "Role definition id")]
-        [ValidateNotNullOrEmpty]
+        [ValidateGuidNotEmpty]
         public Guid Id { get; set; }
 
         [Parameter(Position = 0, Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.RoleDefinitionName,
@@ -47,19 +48,22 @@ protected override void ProcessRecord()
         {
             PSRoleDefinition roleDefinition = null;
             Action action = null;
+            string confirmMessage = null;
 
             if(Id != Guid.Empty)
             {
                 action = (() => roleDefinition = PoliciesClient.RemoveRoleDefinition(Id, DefaultProfile.Context.Subscription.Id.ToString()));
+                confirmMessage = string.Format(ProjectResources.RemoveRoleDefinition, Id);
             }
             else
             {
                 action = (() => roleDefinition = PoliciesClient.RemoveRoleDefinition(Name, DefaultProfile.Context.Subscription.Id.ToString()));
+                confirmMessage = string.Format(ProjectResources.RemoveRoleDefinitionWithName, Name);
             }
 
             ConfirmAction(
                 Force.IsPresent,
-                string.Format(ProjectResources.RemoveRoleDefinition, Id),
+                confirmMessage,
                 ProjectResources.RemoveRoleDefinition,
                 Id.ToString(),
                 action);