Merge pull request Azure#3292 from adarce/feature/object-id-string

Change the data type of ObjectId to string from Guid.

Author: cormacpayne

src/ResourceManager/KeyVault/Commands.KeyVault/Commands.KeyVault.csproj

@@ -168,7 +168,7 @@
       <HintPath>..\..\..\packages\Microsoft.Azure.Management.Authorization.2.0.0\lib\net40\Microsoft.Azure.Management.Authorization.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Azure.Management.KeyVault, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\..\packages\Microsoft.Azure.Management.KeyVault.2.0.0-preview\lib\net45\Microsoft.Azure.Management.KeyVault.dll</HintPath>
+      <HintPath>..\..\..\packages\Microsoft.Azure.Management.KeyVault.2.0.1-preview\lib\net45\Microsoft.Azure.Management.KeyVault.dll</HintPath>
       <Private>True</Private>
     </Reference>
     <Reference Include="Microsoft.Azure.ResourceManager, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">

src/ResourceManager/KeyVault/Commands.KeyVault/Commands/NewAzureKeyVault.cs

@@ -22,7 +22,7 @@
 namespace Microsoft.Azure.Commands.KeyVault
 {
     /// <summary>
-    /// Create a new key vault. 
+    /// Create a new key vault.
     /// </summary>
     [Cmdlet(VerbsCommon.New, "AzureRmKeyVault",
         SupportsShouldProcess = true,
@@ -81,9 +81,9 @@ public class NewAzureKeyVault : KeyVaultManagementCmdletBase
 
         [Parameter(Mandatory = false,
             ValueFromPipelineByPropertyName = true,
-            HelpMessage = "Specifies the SKU of the key vault instance. For information about which features are available for each SKU, see the Azure Key Vault Pricing website (http://go.microsoft.com/fwlink/?linkid=512521).")]        
+            HelpMessage = "Specifies the SKU of the key vault instance. For information about which features are available for each SKU, see the Azure Key Vault Pricing website (http://go.microsoft.com/fwlink/?linkid=512521).")]
         public SkuName Sku { get; set; }
-        
+
         [Parameter(Mandatory = false,
             ValueFromPipelineByPropertyName = true,
             HelpMessage = "A hash table which represents resource tags.")]
@@ -101,7 +101,7 @@ public override void ExecuteCmdlet()
                     throw new ArgumentException(PSKeyVaultProperties.Resources.VaultAlreadyExists);
                 }
 
-                var userObjectId = Guid.Empty;
+                var userObjectId = string.Empty;
                 AccessPolicyEntry accessPolicy = null;
 
                 try
@@ -114,7 +114,7 @@ public override void ExecuteCmdlet()
                     // This is to unblock Key Vault in Fairfax as Graph has issues in this environment.
                     WriteWarning(ex.Message);
                 }
-                if (userObjectId != Guid.Empty)
+                if (!string.IsNullOrWhiteSpace(userObjectId))
                 {
                     accessPolicy = new AccessPolicyEntry()
                     {

src/ResourceManager/KeyVault/Commands.KeyVault/Commands/RemoveAzureKeyVaultAccessPolicy.cs

@@ -87,7 +87,7 @@ public class RemoveAzureKeyVaultAccessPolicy : KeyVaultManagementCmdletBase
             ValueFromPipelineByPropertyName = true,
             HelpMessage = "Specifies the object ID of the user or service principal in Azure Active Directory for which to remove permissions.")]
         [ValidateNotNullOrEmpty()]
-        public Guid ObjectId { get; set; }
+        public string ObjectId { get; set; }
 
         /// <summary>
         /// Id of the application to which a user delegate to
@@ -117,7 +117,7 @@ public class RemoveAzureKeyVaultAccessPolicy : KeyVaultManagementCmdletBase
         public SwitchParameter EnabledForDiskEncryption { get; set; }
 
         /// <summary>
-        /// 
+        ///
         /// </summary>
         [Parameter(Mandatory = false,
            HelpMessage = "This Cmdlet does not return an object by default. If this switch is specified, it returns the updated key vault object.")]
@@ -153,11 +153,16 @@ public override void ExecuteCmdlet()
                 if (ApplicationId.HasValue && ApplicationId.Value == Guid.Empty)
                     throw new ArgumentException(PSKeyVaultProperties.Resources.InvalidApplicationId);
 
+                if (!string.IsNullOrWhiteSpace(this.ObjectId) && !this.IsValidObjectIdSyntax(this.ObjectId))
+                {
+                    throw new ArgumentException(PSKeyVaultProperties.Resources.InvalidObjectIdSyntax);
+                }
+
                 // Update vault policies
                 var updatedPolicies = existingVault.AccessPolicies;
-                if (!string.IsNullOrEmpty(UserPrincipalName) || !string.IsNullOrEmpty(ServicePrincipalName) || (ObjectId != Guid.Empty))
+                if (!string.IsNullOrEmpty(UserPrincipalName) || !string.IsNullOrEmpty(ServicePrincipalName) || !string.IsNullOrWhiteSpace(this.ObjectId))
                 {
-                    if (ObjectId == Guid.Empty)
+                    if (string.IsNullOrWhiteSpace(this.ObjectId))
                     {
                         ObjectId = GetObjectId(this.ObjectId, this.UserPrincipalName, this.ServicePrincipalName);
                     }
@@ -175,12 +180,12 @@ public override void ExecuteCmdlet()
                     WriteObject(updatedVault);
             }
         }
-        private bool ShallBeRemoved(PSKeyVaultModels.PSVaultAccessPolicy ap, Guid objectId, Guid? applicationId)
+        private bool ShallBeRemoved(PSKeyVaultModels.PSVaultAccessPolicy ap, string objectId, Guid? applicationId)
         {
-            // If both object id and application id are specified, remove the compound identity policy only.                    
-            // If only object id is specified, remove all policies refer to the object id including the compound identity policies.                                
-            return applicationId.HasValue ? (ap.ApplicationId == applicationId && ap.ObjectId == objectId) :
-                (ap.ObjectId == objectId);
+            // If both object id and application id are specified, remove the compound identity policy only.
+            // If only object id is specified, remove all policies refer to the object id including the compound identity policies.
+            var sameObjectId = string.Equals(ap.ObjectId, objectId, StringComparison.OrdinalIgnoreCase);
+            return applicationId.HasValue ? (ap.ApplicationId == applicationId && sameObjectId) : sameObjectId;
         }
     }
 }

src/ResourceManager/KeyVault/Commands.KeyVault/Commands/SetAzureKeyVaultAccessPolicy.cs

@@ -87,7 +87,7 @@ public class SetAzureKeyVaultAccessPolicy : KeyVaultManagementCmdletBase
             ValueFromPipelineByPropertyName = true,
             HelpMessage = "Specifies the object ID of the user or service principal in Azure Active Directory for which to grant permissions.")]
         [ValidateNotNullOrEmpty()]
-        public Guid ObjectId { get; set; }
+        public string ObjectId { get; set; }
 
         /// <summary>
         /// Id of the application to which a user delegate to
@@ -208,11 +208,16 @@ public override void ExecuteCmdlet()
                     throw new ArgumentException(string.Format(PSKeyVaultProperties.Resources.VaultNotFound, VaultName, ResourceGroupName));
                 }
 
+                if (!string.IsNullOrWhiteSpace(this.ObjectId) && !this.IsValidObjectIdSyntax(this.ObjectId))
+                {
+                    throw new ArgumentException(PSKeyVaultProperties.Resources.InvalidObjectIdSyntax);
+                }
+
                 // Update vault policies
                 PSKeyVaultModels.PSVaultAccessPolicy[] updatedListOfAccessPolicies = vault.AccessPolicies;
-                if (!string.IsNullOrEmpty(UserPrincipalName) || !string.IsNullOrEmpty(ServicePrincipalName) || (ObjectId != Guid.Empty))
+                if (!string.IsNullOrEmpty(UserPrincipalName) || !string.IsNullOrEmpty(ServicePrincipalName) || !string.IsNullOrWhiteSpace(this.ObjectId))
                 {
-                    Guid objId = this.ObjectId;
+                    var objId = this.ObjectId;
                     if (!this.BypassObjectIdValidation.IsPresent)
                     {
                         objId = GetObjectId(this.ObjectId, this.UserPrincipalName, this.ServicePrincipalName);
@@ -226,7 +231,7 @@ public override void ExecuteCmdlet()
                         throw new ArgumentException(PSKeyVaultProperties.Resources.PermissionsNotSpecified);
                     else
                     {
-                        //Validate 
+                        //Validate
                         if (!IsMeaningfulPermissionSet(PermissionsToKeys))
                             throw new ArgumentException(string.Format(PSKeyVaultProperties.Resources.PermissionSetIncludesAllPlusOthers, "keys"));
                         if (!IsMeaningfulPermissionSet(PermissionsToSecrets))
@@ -237,7 +242,7 @@ public override void ExecuteCmdlet()
                         //Is there an existing policy for this policy identity?
                         var existingPolicy = vault.AccessPolicies.FirstOrDefault(ap => MatchVaultAccessPolicyIdentity(ap, objId, ApplicationId));
 
-                        //New policy will have permission arrays that are either from cmdlet input 
+                        //New policy will have permission arrays that are either from cmdlet input
                         //or if that's null, then from the old policy for this object ID if one existed
                         var keys = PermissionsToKeys ?? (existingPolicy != null && existingPolicy.PermissionsToKeys != null ?
                             existingPolicy.PermissionsToKeys.ToArray() : null);
@@ -271,9 +276,9 @@ public override void ExecuteCmdlet()
             }
         }
 
-        private bool MatchVaultAccessPolicyIdentity(PSKeyVaultModels.PSVaultAccessPolicy ap, Guid objectId, Guid? applicationId)
+        private bool MatchVaultAccessPolicyIdentity(PSKeyVaultModels.PSVaultAccessPolicy ap, string objectId, Guid? applicationId)
         {
-            return ap.ApplicationId == applicationId && ap.ObjectId == objectId;
+            return ap.ApplicationId == applicationId && string.Equals(ap.ObjectId, objectId, StringComparison.OrdinalIgnoreCase);
         }
 
         private bool IsMeaningfulPermissionSet(string[] perms)