Merge branch 'build' of https://github.com/Azure/azure-powershell-pr into crp2

Author: huangpf

src/ResourceManager/Batch/Commands.Batch.Test/Commands.Batch.Test.csproj

@@ -60,7 +60,8 @@
       <HintPath>..\..\..\packages\Microsoft.Azure.Gallery.2.6.2-preview\lib\net40\Microsoft.Azure.Gallery.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Azure.Management.Authorization">
-      <HintPath>..\..\..\packages\Microsoft.Azure.Management.Authorization.0.18.1-preview\lib\net40\Microsoft.Azure.Management.Authorization.dll</HintPath>
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\Microsoft.Azure.Management.Authorization.0.18.2-preview\lib\net40\Microsoft.Azure.Management.Authorization.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Azure.Management.Batch">
       <HintPath>..\..\..\packages\Microsoft.Azure.Management.Batch.1.3.0-preview\lib\net40\Microsoft.Azure.Management.Batch.dll</HintPath>

src/ResourceManager/Batch/Commands.Batch.Test/packages.config

@@ -6,7 +6,7 @@
   <package id="Microsoft.Azure.Common.Authentication" version="1.0.22-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.Common.Dependencies" version="1.0.0" targetFramework="net45" />
   <package id="Microsoft.Azure.Gallery" version="2.6.2-preview" targetFramework="net45" />
-  <package id="Microsoft.Azure.Management.Authorization" version="0.18.1-preview" targetFramework="net45" />
+  <package id="Microsoft.Azure.Management.Authorization" version="0.18.2-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.Management.Batch" version="1.3.0-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.Management.Resources" version="2.18.0-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.Test.Framework" version="1.0.5571.32271-prerelease" targetFramework="net45" />

src/ResourceManager/DataFactories/Commands.DataFactories.Test/Commands.DataFactories.Test.csproj

@@ -60,7 +60,7 @@
     </Reference>
     <Reference Include="Microsoft.Azure.Management.Authorization">
       <SpecificVersion>False</SpecificVersion>
-      <HintPath>..\..\..\packages\Microsoft.Azure.Management.Authorization.0.18.1-preview\lib\net40\Microsoft.Azure.Management.Authorization.dll</HintPath>
+      <HintPath>..\..\..\packages\Microsoft.Azure.Management.Authorization.0.18.2-preview\lib\net40\Microsoft.Azure.Management.Authorization.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Azure.Management.DataFactories">
       <HintPath>..\..\..\packages\Microsoft.Azure.Management.DataFactories.0.15.6-preview\lib\net40\Microsoft.Azure.Management.DataFactories.dll</HintPath>

src/ResourceManager/DataFactories/Commands.DataFactories.Test/packages.config

@@ -5,7 +5,7 @@
   <package id="Microsoft.Azure.Common.Authentication" version="1.0.22-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.Common.Dependencies" version="1.0.0" targetFramework="net45" />
   <package id="Microsoft.Azure.Gallery" version="2.6.2-preview" targetFramework="net45" />
-  <package id="Microsoft.Azure.Management.Authorization" version="0.18.1-preview" targetFramework="net45" />
+  <package id="Microsoft.Azure.Management.Authorization" version="0.18.2-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.Management.DataFactories" version="0.15.6-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.Management.Resources" version="2.18.0-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.Test.Framework" version="1.0.5571.32271-prerelease" targetFramework="net45" />

src/ResourceManager/Resources/Commands.Resources.Test/Commands.Resources.Test.csproj

@@ -64,7 +64,8 @@
       <HintPath>..\..\..\packages\Microsoft.Azure.Graph.RBAC.1.7.0-preview\lib\net40\Microsoft.Azure.Graph.RBAC.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Azure.Management.Authorization">
-      <HintPath>..\..\..\packages\Microsoft.Azure.Management.Authorization.0.18.1-preview\lib\net40\Microsoft.Azure.Management.Authorization.dll</HintPath>
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\Microsoft.Azure.Management.Authorization.0.18.2-preview\lib\net40\Microsoft.Azure.Management.Authorization.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Azure.ResourceManager">
       <HintPath>..\..\..\packages\Microsoft.Azure.Management.Resources.2.18.0-preview\lib\net40\Microsoft.Azure.ResourceManager.dll</HintPath>
@@ -246,6 +247,7 @@
     <Content Include="ScenarioTests\AuthorizationTests.ps1">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </Content>
+    <None Include="Resources\NewRoleDefinition.json" />
     <None Include="Resources\RoleDefinition.json" />
     <None Include="ScenarioTests\ActiveDirectoryTests.ps1">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>

src/ResourceManager/Resources/Commands.Resources.Test/Resources/NewRoleDefinition.json

@@ -0,0 +1,10 @@
+{
+    "Name": "CustomRole Test Role",
+    "Description": "Test role",
+    "Actions": [
+        "Microsoft.Authorization/*/read",
+        "Microsoft.Support/*"
+    ],
+    "NotActions": [],
+    "AssignableScopes": ["Scope1" , "Scope2"]
+}

src/ResourceManager/Resources/Commands.Resources.Test/ScenarioTests/RoleDefinitionTests.cs

@@ -20,15 +20,21 @@ namespace Microsoft.Azure.Commands.Resources.Test.ScenarioTests
 {
     public class RoleDefinitionTests
     {
+        // TODO: Add  [Trait(Category.AcceptanceType, Category.CheckIn)] attribute for each test once it gets implemented fully
+
+        [Fact(Skip = "Not implemented")]
+        public void RoleDefinitionCreateTests()
+        {
+            ResourcesController.NewInstance.RunPsTest("Test-RoleDefinitionCreateTests");
+        }
+
         [Fact(Skip="Not implemented")]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
         public void RdNegativeScenarios()
         {
             ResourcesController.NewInstance.RunPsTest("Test-RdNegativeScenarios");
         }
 
         [Fact(Skip = "Not implemented")]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
         public void RdPositiveScenarios()
         {
             ResourcesController.NewInstance.RunPsTest("Test-RDPositiveScenarios");

src/ResourceManager/Resources/Commands.Resources.Test/ScenarioTests/RoleDefinitionTests.ps1

@@ -12,6 +12,43 @@
 # limitations under the License.
 # ----------------------------------------------------------------------------------
 
+<#
+.SYNOPSIS
+Tests verify scenarios for RoleDefinitions creation.
+#>
+function Test-RoleDefinitionCreateTests
+{
+    # Basic positive case - read from file
+    $rdName = 'CustomRole Test Role'
+    New-AzureRoleDefinition -InputFile .\Resources\NewRoleDefinition.json
+    $rd = Get-AzureRoleDefinition -Name $rdName
+	Assert-NotNull $rd
+	Assert-AreEqual "Test role" $rd.Description 
+	Assert-AreEqual $true $rd.IsCustom
+	Assert-NotNull $rd.Actions
+	Assert-AreEqual "Microsoft.Authorization/*/read" $rd.Actions[0]
+	Assert-AreEqual "Microsoft.Support/*" $rd.Actions[1]
+	Assert-NotNull $rd.AssignableScopes
+	# The below scopes may need to be changed to actual scope values like /subscriptions/.... to satisfy the ARM access checks for PUT requests
+	Assert-AreEqual "Scope1" $rd.AssignableScopes[0]
+	Assert-AreEqual "Scope2" $rd.AssignableScopes[1]
+
+	# Basic positive case - read from object
+	$roleDef = Get-AzureRoleDefinition -Name "Virtual Machine Contributor"
+	$roleDef.Id = $null
+	$roleDef.Name = "Virtual machine restarter"
+	$roleDef.Actions.Add("Microsoft.ClassicCompute/virtualMachines/restart/action")
+	$roleDef.Description = "Can monitor and restart virtual machines"
+	
+	New-AzureRoleDefinition -Role $roleDef
+	$addedRoleDef = Get-AzureRoleDefinition -Name "Virtual machine restarter"
+
+	Assert-AreEqual $roleDef.Actions $addedRoleDef.Actions
+	Assert-AreEqual $roleDef.Description $addedRoleDef.Description
+	Assert-AreEqual $roleDef.AssignableScopes $addedRoleDef.AssignableScopes
+	Assert-AreEqual $true $roleDef.IsCustom
+}
+
 <#
 .SYNOPSIS
 Tests verify negative scenarios for RoleDefinitions
@@ -34,7 +71,7 @@ function Test-RdNegativeScenarios
     $rdNull = Get-AzureRoleDefinition -Name $rdName
 
     # Create a role definition
-    # $rd = New-AzureRoleDefinition -InputFile .Resources\RoleDefinition.json
+    $rd = New-AzureRoleDefinition -InputFile .Resources\RoleDefinition.json
 
     # Role Defintion not provided.
     $roleDefNotProvided = "Role definition not provided."
@@ -59,7 +96,7 @@ function Test-RDPositiveScenarios
 {
     # Create a role definition with Name rdNamme.
     $rdName = 'aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa'
-    # $rd = New-AzureRoleDefinition -InputFile .\Resources\RoleDefinition.json
+    $rd = New-AzureRoleDefinition -InputFile .\Resources\RoleDefinition.json
     $rd = Get-AzureRoleDefinition -Name $rdName
 
     # Update the role definition with name $rdName that was created in the step above.
@@ -78,6 +115,6 @@ function Test-RDPositiveScenarios
     $readRd = Get-AzureRoleDefinition -Name $rd.Name
     Assert-Null $readRd
 
-    # $rdReCreated = New-AzureRoleDefinition -Role $rd
+    $rdReCreated = New-AzureRoleDefinition -Role $rd
     $rdReDeleted = Get-AzureRoleDefinition -Name $rd.Name | Remove-AzureRoleDefinition -Force
-}
+}

src/ResourceManager/Resources/Commands.Resources.Test/packages.config

@@ -6,7 +6,7 @@
   <package id="Microsoft.Azure.Common.Dependencies" version="1.0.0" targetFramework="net45" />
   <package id="Microsoft.Azure.Gallery" version="2.6.2-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.Graph.RBAC" version="1.7.0-preview" targetFramework="net45" />
-  <package id="Microsoft.Azure.Management.Authorization" version="0.18.1-preview" targetFramework="net45" />
+  <package id="Microsoft.Azure.Management.Authorization" version="0.18.2-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.Management.Resources" version="2.18.0-preview" targetFramework="net45" />
   <package id="Microsoft.Azure.Test.Framework" version="1.0.5571.32271-prerelease" targetFramework="net45" />
   <package id="Microsoft.Azure.Test.HttpRecorder" version="1.0.5571.32271-prerelease" targetFramework="net45" />

src/ResourceManager/Resources/Commands.Resources/Commands.Resources.csproj

@@ -68,8 +68,9 @@
       <SpecificVersion>False</SpecificVersion>
       <HintPath>..\..\..\packages\Microsoft.Azure.Graph.RBAC.1.7.0-preview\lib\net40\Microsoft.Azure.Graph.RBAC.dll</HintPath>
     </Reference>
-    <Reference Include="Microsoft.Azure.Management.Authorization">
-      <HintPath>..\..\..\packages\Microsoft.Azure.Management.Authorization.0.18.1-preview\lib\net40\Microsoft.Azure.Management.Authorization.dll</HintPath>
+    <Reference Include="Microsoft.Azure.Management.Authorization, Version=0.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\packages\Microsoft.Azure.Management.Authorization.0.18.2-preview\lib\net40\Microsoft.Azure.Management.Authorization.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.Azure.ResourceManager">
       <HintPath>..\..\..\packages\Microsoft.Azure.Management.Resources.2.18.0-preview\lib\net40\Microsoft.Azure.ResourceManager.dll</HintPath>
@@ -132,6 +133,11 @@
     <Compile Include="ActiveDirectory\RemoveAzureADServicePrincipalCommand.cs" />
     <Compile Include="ActiveDirectory\NewAzureADServicePrincipalCommand.cs" />
     <Compile Include="Models.ResourceGroups\PSResourceProviderOperation.cs" />
+    <Compile Include="Properties\Resources.Designer.cs">
+      <AutoGen>True</AutoGen>
+      <DesignTime>True</DesignTime>
+      <DependentUpon>Resources.resx</DependentUpon>
+    </Compile>
     <Compile Include="ProviderFeatures\AzureProviderFeatureCmdletsBase.cs" />
     <Compile Include="ProviderFeatures\GetAzureProviderFeatureCmdlet.cs" />
     <Compile Include="Models.ActiveDirectory\ActiveDirectoryBaseCmdlet.cs" />
@@ -198,6 +204,7 @@
     <Compile Include="RoleAssignments\GetAzureRoleAssignmentCommand.cs" />
     <Compile Include="RoleAssignments\NewAzureRoleAssignmentCommand.cs" />
     <Compile Include="RoleDefinitions\GetAzureRoleDefinitionCommand.cs" />
+    <Compile Include="RoleDefinitions\NewAzureRoleDefinitionCommand.cs" />
     <Compile Include="RoleDefinitions\RemoveAzureRoleDefinitionCommand.cs" />
     <Compile Include="RoleDefinitions\SetAzureRoleDefinitionCommand.cs" />
     <Compile Include="Templates\TestAzureResourceGroupTemplateCommand.cs" />
@@ -215,11 +222,6 @@
     <Compile Include="Models.ResourceGroups\SetResourceMode.cs" />
     <Compile Include="Models.ResourceGroups\TemplateFile.cs" />
     <Compile Include="Models.ResourceGroups\TemplateFileParameterV1.cs" />
-    <Compile Include="Properties\Resources.Designer.cs">
-      <AutoGen>True</AutoGen>
-      <DesignTime>True</DesignTime>
-      <DependentUpon>Resources.resx</DependentUpon>
-    </Compile>
     <Compile Include="Models.ResourceGroups\ResourceClient.ResourceManager.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />
     <Compile Include="ResourceGroupDeployments\StopAzureResourceGroupDeploymentCommand.cs" />
@@ -268,8 +270,8 @@
   <ItemGroup>
     <EmbeddedResource Include="Properties\Resources.resx">
       <Generator>ResXFileCodeGenerator</Generator>
-      <LastGenOutput>Resources.Designer.cs</LastGenOutput>
       <SubType>Designer</SubType>
+      <LastGenOutput>Resources.Designer.cs</LastGenOutput>
     </EmbeddedResource>
   </ItemGroup>
   <ItemGroup />

src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClient.cs

@@ -198,6 +198,55 @@ public PSRoleDefinition GetRoleRoleDefinition(string name)
             return role;
         }
 
+        public PSRoleDefinition CreateRoleDefinition(PSRoleDefinition roleDefinition)
+        {
+            AuthorizationClient.ValidateRoleDefinition(roleDefinition);
+            
+            Guid newRoleDefinitionId = Guid.NewGuid();
+            RoleDefinitionCreateOrUpdateParameters parameters = new RoleDefinitionCreateOrUpdateParameters()
+            {
+                RoleDefinition = new RoleDefinition()
+                {
+                    Name = newRoleDefinitionId,
+                    Properties = new RoleDefinitionProperties()
+                    {
+                        AssignableScopes = roleDefinition.AssignableScopes,
+                        Description = roleDefinition.Description,
+                        Permissions = new List<Permission>()
+                        {
+                            new Permission()
+                            {
+                                Actions = roleDefinition.Actions,
+                                NotActions = roleDefinition.NotActions
+                            }
+                        },
+                        RoleName = roleDefinition.Name,
+                        Type = "CustomRole"
+                    }
+                }
+            };
+
+            return AuthorizationManagementClient.RoleDefinitions.CreateOrUpdate(newRoleDefinitionId, parameters).RoleDefinition.ToPSRoleDefinition();
+        }
+
+        private static void ValidateRoleDefinition(PSRoleDefinition roleDefinition)
+        {
+            if (string.IsNullOrWhiteSpace(roleDefinition.Name))
+            {
+                throw new ArgumentException(ProjectResources.InvalidRoleDefinitionName);
+            }
+
+            if (roleDefinition.AssignableScopes == null || !roleDefinition.AssignableScopes.Any())
+            {
+                throw new ArgumentException(ProjectResources.InvalidAssignableScopes);
+            }
+
+            if (roleDefinition.Actions == null || !roleDefinition.Actions.Any())
+            {
+                throw new ArgumentException(ProjectResources.InvalidActions);
+            }
+        }
+
         /// <summary>
         /// Updates a role definiton.
         /// </summary>
@@ -214,6 +263,8 @@ public PSRoleDefinition UpdateRoleDefinition(PSRoleDefinition role)
             roleDefinition.Name = role.Name ?? roleDefinition.Name;
             roleDefinition.Actions = role.Actions ?? roleDefinition.Actions;
             roleDefinition.NotActions = role.NotActions ?? roleDefinition.NotActions;
+            roleDefinition.AssignableScopes = role.AssignableScopes ?? roleDefinition.AssignableScopes;
+            roleDefinition.Description = role.Description ?? roleDefinition.Description;
 
             // TODO: confirm with ARM on what exception will be thrown when the last segment of the roleDefinition's ID is not a GUID.
             // This will be done after their API is designed.
@@ -242,7 +293,9 @@ public PSRoleDefinition UpdateRoleDefinition(PSRoleDefinition role)
                                                 Actions = roleDefinition.Actions,
                                                 NotActions = roleDefinition.NotActions
                                             }
-                                        }
+                                        },
+                                    AssignableScopes = roleDefinition.AssignableScopes,
+                                    Description = roleDefinition.Description
                                 }
                         }
                     }).RoleDefinition.ToPSRoleDefinition();

src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClientExtensions.cs

@@ -32,7 +32,10 @@ public static PSRoleDefinition ToPSRoleDefinition(this RoleDefinition role)
                     Name = role.Properties.RoleName,
                     Actions = new List<string>(role.Properties.Permissions.SelectMany(r => r.Actions)),
                     NotActions = new List<string>(role.Properties.Permissions.SelectMany(r => r.NotActions)),
-                    Id = role.Id
+                    Id = role.Id,
+                    AssignableScopes = role.Properties.AssignableScopes.ToList(),
+                    Description = role.Properties.Description,
+                    IsCustom = role.Properties.Type == "CustomRole" ? true : false
                 };
             }
 

src/ResourceManager/Resources/Commands.Resources/Models.Authorization/PSRoleDefinition.cs

@@ -22,8 +22,14 @@ public class PSRoleDefinition
 
         public string Id { get; set; }
 
+        public bool IsCustom { get; set; }
+
+        public string Description { get; set; }
+
         public List<string> Actions { get; set; }
 
         public List<string> NotActions { get; set; }
+
+        public List<string> AssignableScopes { get; set; }
     }
 }

src/ResourceManager/Resources/Commands.Resources/Properties/Resources.Designer.cs

@@ -282,10 +282,19 @@
   <data name="RegisterProviderFeatureMessage" xml:space="preserve">
     <value>Registering provider feature ...</value>
   </data>
+  <data name="InvalidRoleDefinitionName" xml:space="preserve">
+    <value>RoleDefinition Name is invalid</value>
+  </data>
   <data name="RoleDefinitionWithIdNotFound" xml:space="preserve">
     <value>Cannot find role definition with id '{0}'.</value>
   </data>
   <data name="RemoveRoleDefinition" xml:space="preserve">
     <value>Are you sure you want to remove role definition with id '{0}'.</value>
   </data>
+  <data name="InvalidActions" xml:space="preserve">
+    <value>Invalid value for Actions</value>
+  </data>
+  <data name="InvalidAssignableScopes" xml:space="preserve">
+    <value>Invalid value for AssignableScopes</value>
+  </data>
 </root>