Fix Issue New-AzStorageSyncCloudEndpoint across subscriptions failing Azure#11213 (Azure#12601)

Author: ankushbindlish2

src/StorageSync/StorageSync/CloudEndpoint/NewCloudEndpointCommand.cs

@@ -212,7 +212,7 @@ public override void ExecuteCmdlet()
                 }
 
                 PSADServicePrincipal servicePrincipal = StorageSyncClientWrapper.EnsureServicePrincipal();
-                RoleAssignment roleAssignment = StorageSyncClientWrapper.EnsureRoleAssignment(servicePrincipal, StorageAccountResourceId);
+                RoleAssignment roleAssignment = StorageSyncClientWrapper.EnsureRoleAssignment(servicePrincipal, storageAccountResourceIdentifier.Subscription, StorageAccountResourceId);
 
                 var parentResourceIdentifier = default(ResourceIdentifier);
 

src/StorageSync/StorageSync/Common/StorageSyncClientWrapper.cs

@@ -270,46 +270,64 @@ public PSADServicePrincipal EnsureServicePrincipal()
         /// Ensures the role assignment.
         /// </summary>
         /// <param name="serverPrincipal">The server principal.</param>
+        /// <param name="storageAccountSubscriptionId">The storage account subscription identifier.</param>
         /// <param name="storageAccountResourceId">The storage account resource identifier.</param>
         /// <returns>RoleAssignment.</returns>
-        /// <exception cref="PSArgumentException">roleDefinition</exception>
-        public RoleAssignment EnsureRoleAssignment(PSADServicePrincipal serverPrincipal, string storageAccountResourceId)
+        public RoleAssignment EnsureRoleAssignment(PSADServicePrincipal serverPrincipal, string storageAccountSubscriptionId, string storageAccountResourceId)
         {
-            var resourceIdentifier = new ResourceIdentifier(storageAccountResourceId);
-            string roleDefinitionScope = "/";
-            RoleDefinition roleDefinition = AuthorizationManagementClient.RoleDefinitions.Get(roleDefinitionScope, BuiltInRoleDefinitionId);
-
-            var serverPrincipalId = serverPrincipal.Id.ToString();
-            var roleAssignments = AuthorizationManagementClient.RoleAssignments
-                .ListForResource(
-                resourceIdentifier.ResourceGroupName,
-                ResourceIdentifier.GetProviderFromResourceType(resourceIdentifier.ResourceType),
-                resourceIdentifier.ParentResource ?? "/",
-                ResourceIdentifier.GetTypeFromResourceType(resourceIdentifier.ResourceType),
-                resourceIdentifier.ResourceName,
-                odataQuery: new ODataQuery<RoleAssignmentFilter>(f => f.AssignedTo(serverPrincipalId)));
-            var roleAssignmentScope = storageAccountResourceId;
-            Guid roleAssignmentId = StorageSyncResourceManager.GetGuid();
-
-            RoleAssignment roleAssignment = roleAssignments.FirstOrDefault();
-            if (roleAssignment == null)
+            string currentSubscriptionId = AuthorizationManagementClient.SubscriptionId;
+            bool hasMismatchSubscription = currentSubscriptionId != storageAccountSubscriptionId;
+
+            try
             {
-                VerboseLogger.Invoke(StorageSyncResources.CreateRoleAssignmentMessage);
-                var createParameters = new RoleAssignmentCreateParameters
+                if(hasMismatchSubscription)
+                {
+                    AuthorizationManagementClient.SubscriptionId = storageAccountSubscriptionId;
+                }
+
+                var resourceIdentifier = new ResourceIdentifier(storageAccountResourceId);
+                string roleDefinitionScope = "/";
+                RoleDefinition roleDefinition = AuthorizationManagementClient.RoleDefinitions.Get(roleDefinitionScope, BuiltInRoleDefinitionId);
+
+                var serverPrincipalId = serverPrincipal.Id.ToString();
+                var roleAssignments = AuthorizationManagementClient.RoleAssignments
+                    .ListForResource(
+                    resourceIdentifier.ResourceGroupName,
+                    ResourceIdentifier.GetProviderFromResourceType(resourceIdentifier.ResourceType),
+                    resourceIdentifier.ParentResource ?? "/",
+                    ResourceIdentifier.GetTypeFromResourceType(resourceIdentifier.ResourceType),
+                    resourceIdentifier.ResourceName,
+                    odataQuery: new ODataQuery<RoleAssignmentFilter>(f => f.AssignedTo(serverPrincipalId)));
+                var roleAssignmentScope = storageAccountResourceId;
+                Guid roleAssignmentId = StorageSyncResourceManager.GetGuid();
+
+                RoleAssignment roleAssignment = roleAssignments.FirstOrDefault();
+                if (roleAssignment == null)
                 {
-                    Properties = new RoleAssignmentProperties
+                    VerboseLogger.Invoke(StorageSyncResources.CreateRoleAssignmentMessage);
+                    var createParameters = new RoleAssignmentCreateParameters
                     {
-                        PrincipalId = serverPrincipalId,
-                        RoleDefinitionId = AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromSubscriptionAndIdAsGuid(resourceIdentifier.Subscription, BuiltInRoleDefinitionId)
-                    }
-                };
+                        Properties = new RoleAssignmentProperties
+                        {
+                            PrincipalId = serverPrincipalId,
+                            RoleDefinitionId = AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromSubscriptionAndIdAsGuid(resourceIdentifier.Subscription, BuiltInRoleDefinitionId)
+                        }
+                    };
 
-                roleAssignment = AuthorizationManagementClient.RoleAssignments.Create(roleAssignmentScope, roleAssignmentId.ToString(), createParameters);
-                StorageSyncResourceManager.Wait();
+                    roleAssignment = AuthorizationManagementClient.RoleAssignments.Create(roleAssignmentScope, roleAssignmentId.ToString(), createParameters);
+                    StorageSyncResourceManager.Wait();
 
-            }
+                }
 
-            return roleAssignment;
+                return roleAssignment;
+            }
+            finally
+            {
+                if (hasMismatchSubscription)
+                {
+                    AuthorizationManagementClient.SubscriptionId = currentSubscriptionId;
+                }
+            }
         }
 
         /// <summary>

src/StorageSync/StorageSync/Interfaces/IStorageSyncClientWrapper.cs

@@ -81,9 +81,10 @@ public interface IStorageSyncClientWrapper
         /// Ensures the role assignment.
         /// </summary>
         /// <param name="serverPrincipal">The server principal.</param>
-        /// <param name="resourceId">The resource identifier.</param>
+        /// <param name="storageAccountSubscriptionId">The storage account subscription identifier.</param>
+        /// <param name="storageAccountResourceId">The storage account resource identifier.</param>
         /// <returns>RoleAssignment.</returns>
-        RoleAssignment EnsureRoleAssignment(PSADServicePrincipal serverPrincipal,string resourceId);
+        RoleAssignment EnsureRoleAssignment(PSADServicePrincipal serverPrincipal, string storageAccountSubscriptionId, string storageAccountResourceId);
 
         /// <summary>
         /// This function will invoke the registration and continue operation with a success function call.