diff --git a/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ParameterSet.cs b/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ParameterSet.cs
index ad2082f88557..2077da7b9734 100644
--- a/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ParameterSet.cs
+++ b/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ParameterSet.cs
@@ -70,6 +70,8 @@ internal static class ParameterSet
public const string RoleDefinitionName = "RoleDefinitionNameParameterSet";
+ public const string RoleDefinitionId = "RoleDefinitionIdParameterSet";
+
public const string RoleIdWithScopeAndObjectId = "RoleIdWithScopeAndObjectIdParameterSet";
public const string RoleDefinitionCustom = "RoleDefinitionCustomParameterSet";
diff --git a/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClient.cs b/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClient.cs
index ce7a450e4422..26d315439817 100644
--- a/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClient.cs
+++ b/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClient.cs
@@ -133,7 +133,7 @@ public PSRoleAssignment CreateRoleAssignment(FilterRoleAssignmentsOptions parame
Guid principalId = ActiveDirectoryClient.GetObjectId(parameters.ADObjectFilter);
Guid roleAssignmentId = RoleAssignmentNames.Count == 0 ? Guid.NewGuid() : RoleAssignmentNames.Dequeue();
string roleDefinitionId = !string.IsNullOrEmpty(parameters.RoleDefinitionName)
- ? GetRoleRoleDefinition(parameters.RoleDefinitionName).Id
+ ? AuthorizationHelper.GetRoleDefinitionFullyQualifiedId(subscriptionId, GetRoleRoleDefinition(parameters.RoleDefinitionName).Id)
: parameters.RoleDefinitionId;
RoleAssignmentCreateParameters createParameters = new RoleAssignmentCreateParameters
@@ -141,7 +141,7 @@ public PSRoleAssignment CreateRoleAssignment(FilterRoleAssignmentsOptions parame
Properties = new RoleAssignmentProperties
{
PrincipalId = principalId,
- RoleDefinitionId = AuthorizationHelper.GetRoleDefinitionFullyQualifiedId(subscriptionId, roleDefinitionId)
+ RoleDefinitionId = roleDefinitionId
}
};
@@ -315,14 +315,24 @@ public PSRoleDefinition RemoveRoleDefinition(Guid roleDefinitionId, string subsc
PSRoleDefinition roleDefinition = this.GetRoleDefinition(roleDefinitionId);
if (roleDefinition != null)
{
- AuthorizationManagementClient.RoleDefinitions.Delete(roleDefinitionFullyQualifiedId);
+ return AuthorizationManagementClient.RoleDefinitions.Delete(roleDefinitionFullyQualifiedId).RoleDefinition.ToPSRoleDefinition();
}
else
{
throw new KeyNotFoundException(string.Format(ProjectResources.RoleDefinitionWithIdNotFound, id));
}
+ }
- return roleDefinition;
+ ///
+ /// Deletes a role definition based on the name.
+ ///
+ /// The role definition name.
+ /// The deleted role definition.
+ public PSRoleDefinition RemoveRoleDefinition(string roleDefinitionName, string subscriptionId)
+ {
+ PSRoleDefinition roleDefinition = this.GetRoleRoleDefinition(roleDefinitionName);
+ string roleDefinitionFullyQualifiedId = AuthorizationHelper.GetRoleDefinitionFullyQualifiedId(subscriptionId, roleDefinition.Id);
+ return AuthorizationManagementClient.RoleDefinitions.Delete(roleDefinitionFullyQualifiedId).RoleDefinition.ToPSRoleDefinition();
}
///
diff --git a/src/ResourceManager/Resources/Commands.Resources/RoleDefinitions/GetAzureRoleDefinitionCommand.cs b/src/ResourceManager/Resources/Commands.Resources/RoleDefinitions/GetAzureRoleDefinitionCommand.cs
index 53c2f8c2522e..06138b1fc3ab 100644
--- a/src/ResourceManager/Resources/Commands.Resources/RoleDefinitions/GetAzureRoleDefinitionCommand.cs
+++ b/src/ResourceManager/Resources/Commands.Resources/RoleDefinitions/GetAzureRoleDefinitionCommand.cs
@@ -15,6 +15,7 @@
using Microsoft.Azure.Commands.Resources.Models;
using Microsoft.Azure.Commands.Resources.Models.ActiveDirectory;
using Microsoft.Azure.Commands.Resources.Models.Authorization;
+using System;
using System.Collections.Generic;
using System.Management.Automation;
@@ -31,6 +32,11 @@ public class GetAzureRoleDefinitionCommand : ResourcesBaseCmdlet
[ValidateNotNullOrEmpty]
public string Name { get; set; }
+ [Parameter(Position = 0, Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.RoleDefinitionId,
+ HelpMessage = "Role definition id.")]
+ [ValidateNotNullOrEmpty]
+ public Guid Id { get; set; }
+
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.RoleDefinitionCustom,
HelpMessage = "If specified, only displays the custom created roles in the directory.")]
public SwitchParameter Custom { get; set; }
@@ -41,6 +47,10 @@ protected override void ProcessRecord()
{
WriteObject(PoliciesClient.FilterRoleDefinitionsByCustom(), enumerateCollection: true);
}
+ else if (Id != Guid.Empty)
+ {
+ WriteObject(PoliciesClient.GetRoleDefinition(Id));
+ }
else
{
WriteObject(PoliciesClient.FilterRoleDefinitions(Name), enumerateCollection: true);
diff --git a/src/ResourceManager/Resources/Commands.Resources/RoleDefinitions/RemoveAzureRoleDefinitionCommand.cs b/src/ResourceManager/Resources/Commands.Resources/RoleDefinitions/RemoveAzureRoleDefinitionCommand.cs
index 42a2454d6d67..5bd9f46966b8 100644
--- a/src/ResourceManager/Resources/Commands.Resources/RoleDefinitions/RemoveAzureRoleDefinitionCommand.cs
+++ b/src/ResourceManager/Resources/Commands.Resources/RoleDefinitions/RemoveAzureRoleDefinitionCommand.cs
@@ -14,6 +14,7 @@
using System.Management.Automation;
using Microsoft.Azure.Commands.Resources.Models;
+using Microsoft.Azure.Commands.Resources.Models.ActiveDirectory;
using Microsoft.Azure.Commands.Resources.Models.Authorization;
using ProjectResources = Microsoft.Azure.Commands.Resources.Properties.Resources;
using System;
@@ -26,10 +27,16 @@ namespace Microsoft.Azure.Commands.Resources
[Cmdlet(VerbsCommon.Remove, "AzureRmRoleDefinition"), OutputType(typeof(bool))]
public class RemoveAzureRoleDefinitionCommand : ResourcesBaseCmdlet
{
+ [Parameter(Position = 0, Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.RoleDefinitionId,
+ HelpMessage = "Role definition id")]
[ValidateNotNullOrEmpty]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, HelpMessage = "Role definition id.")]
public Guid Id { get; set; }
+ [Parameter(Position = 0, Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.RoleDefinitionName,
+ HelpMessage = "Role definition name. For e.g. Reader, Contributor, Virtual Machine Contributor.")]
+ [ValidateNotNullOrEmpty]
+ public string Name { get; set; }
+
[Parameter(Mandatory = false)]
public SwitchParameter Force { get; set; }
@@ -39,13 +46,23 @@ public class RemoveAzureRoleDefinitionCommand : ResourcesBaseCmdlet
protected override void ProcessRecord()
{
PSRoleDefinition roleDefinition = null;
+ Action action = null;
+
+ if(Id != Guid.Empty)
+ {
+ action = (() => roleDefinition = PoliciesClient.RemoveRoleDefinition(Id, DefaultProfile.Context.Subscription.Id.ToString()));
+ }
+ else
+ {
+ action = (() => roleDefinition = PoliciesClient.RemoveRoleDefinition(Name, DefaultProfile.Context.Subscription.Id.ToString()));
+ }
ConfirmAction(
Force.IsPresent,
string.Format(ProjectResources.RemoveRoleDefinition, Id),
ProjectResources.RemoveRoleDefinition,
Id.ToString(),
- () => roleDefinition = PoliciesClient.RemoveRoleDefinition(Id, DefaultProfile.Context.Subscription.Id.ToString()));
+ action);
if (PassThru)
{