diff --git a/src/ResourceManager/Resources/Commands.Resources.Test/Commands.Resources.Test.csproj b/src/ResourceManager/Resources/Commands.Resources.Test/Commands.Resources.Test.csproj
index f392637537a5..3af98afdd308 100644
--- a/src/ResourceManager/Resources/Commands.Resources.Test/Commands.Resources.Test.csproj
+++ b/src/ResourceManager/Resources/Commands.Resources.Test/Commands.Resources.Test.csproj
@@ -62,7 +62,7 @@
False
- ..\..\..\packages\Microsoft.Azure.Graph.RBAC.1.7.0-preview\lib\net40\Microsoft.Azure.Graph.RBAC.dll
+ ..\..\..\packages\Microsoft.Azure.Graph.RBAC.1.7.1-preview\lib\net40\Microsoft.Azure.Graph.RBAC.dll
..\..\..\packages\Microsoft.Azure.Insights.0.7.7-preview\lib\net45\Microsoft.Azure.Insights.dll
diff --git a/src/ResourceManager/Resources/Commands.Resources/Commands.Resources.csproj b/src/ResourceManager/Resources/Commands.Resources/Commands.Resources.csproj
index c09615edb828..742ffa39c679 100644
--- a/src/ResourceManager/Resources/Commands.Resources/Commands.Resources.csproj
+++ b/src/ResourceManager/Resources/Commands.Resources/Commands.Resources.csproj
@@ -66,7 +66,7 @@
False
- ..\..\..\packages\Microsoft.Azure.Graph.RBAC.1.7.0-preview\lib\net40\Microsoft.Azure.Graph.RBAC.dll
+ ..\..\..\packages\Microsoft.Azure.Graph.RBAC.1.7.1-preview\lib\net40\Microsoft.Azure.Graph.RBAC.dll
..\..\..\packages\Microsoft.Azure.Management.Authorization.1.0.0\lib\net40\Microsoft.Azure.Management.Authorization.dll
@@ -165,9 +165,6 @@
-
-
-
diff --git a/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ADObjectFilterOptions.cs b/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ADObjectFilterOptions.cs
index f6ed5686b790..5eb8164569fc 100644
--- a/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ADObjectFilterOptions.cs
+++ b/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ADObjectFilterOptions.cs
@@ -19,6 +19,8 @@ public class ADObjectFilterOptions
{
public string SearchString { get; set; }
+ public string SignInName { get; set; }
+
public string Mail { get; set; }
public string UPN { get; set; }
@@ -48,6 +50,8 @@ public string ActiveFilter
return SPN;
else if (!string.IsNullOrEmpty(Mail))
return Mail;
+ else if (!string.IsNullOrEmpty(SignInName))
+ return SignInName;
else if (!string.IsNullOrEmpty(SearchString))
return SearchString;
else
diff --git a/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ActiveDirectoryClient.cs b/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ActiveDirectoryClient.cs
index 979c90f584c9..d401b9e1d7aa 100644
--- a/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ActiveDirectoryClient.cs
+++ b/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ActiveDirectoryClient.cs
@@ -47,7 +47,7 @@ public PSADObject GetADObject(ADObjectFilterOptions options)
Debug.Assert(options != null);
- if (IsSet(options.Mail, options.UPN, options.Id))
+ if (IsSet(options.SignInName, options.Mail, options.UPN, options.Id))
{
result = FilterUsers(options).FirstOrDefault();
}
@@ -163,11 +163,11 @@ public List FilterUsers(ADObjectFilterOptions options)
users.Add(user.ToPSADUser());
}
}
- else if (!string.IsNullOrEmpty(options.Mail))
+ else if (!string.IsNullOrEmpty(options.Mail) || !string.IsNullOrEmpty(options.SignInName))
{
try
{
- user = GraphClient.User.GetBySignInName(options.Mail).Users.FirstOrDefault();
+ user = GraphClient.User.GetBySignInName(Normalize(options.Mail) ?? Normalize(options.SignInName)).Users.FirstOrDefault();
}
catch { /* The user does not exist, ignore the exception. */ }
@@ -225,6 +225,14 @@ public List ListUserGroups(string principal)
return result;
}
+ public List GetObjectsByObjectId(List objectIds)
+ {
+ List result = new List();
+ var adObjects = GraphClient.Objects.GetObjectsByObjectIds(new GetObjectsParameters { Ids = objectIds }).AADObject;
+ result.AddRange(adObjects.Select(o => o.ToPSADObject()));
+ return result;
+ }
+
public List FilterGroups(ADObjectFilterOptions options)
{
List groups = new List();
diff --git a/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ActiveDirectoryClientExtensions.cs b/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ActiveDirectoryClientExtensions.cs
index 59f2b4f10cc4..cafbb1e26476 100644
--- a/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ActiveDirectoryClientExtensions.cs
+++ b/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ActiveDirectoryClientExtensions.cs
@@ -51,6 +51,7 @@ public static PSADObject ToPSADObject(this AADObject obj)
Id = new Guid(obj.ObjectId),
Type = obj.ObjectType,
UserPrincipalName = obj.UserPrincipalName,
+ SignInName = obj.SignInName,
Mail = obj.Mail
};
}
@@ -66,6 +67,16 @@ public static PSADObject ToPSADObject(this AADObject obj)
};
}
+ else if (obj.ObjectType == typeof(ServicePrincipal).Name)
+ {
+ return new PSADServicePrincipal()
+ {
+ DisplayName = obj.DisplayName,
+ Id = new Guid(obj.ObjectId),
+ Type = obj.ObjectType,
+ ServicePrincipalName = obj.ServicePrincipalNames.FirstOrDefault()
+ };
+ }
else
{
return new PSADObject()
@@ -93,7 +104,8 @@ public static PSADUser ToPSADUser(this User user)
DisplayName = user.DisplayName,
Id = new Guid(user.ObjectId),
UserPrincipalName = user.UserPrincipalName,
- Mail = user.SignInName
+ Mail = user.SignInName,
+ SignInName = user.SignInName
};
}
diff --git a/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/PSADUser.cs b/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/PSADUser.cs
index 9a932096a175..af4c6b903b1b 100644
--- a/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/PSADUser.cs
+++ b/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/PSADUser.cs
@@ -19,5 +19,7 @@ public class PSADUser : PSADObject
public string UserPrincipalName { get; set; }
public string Mail { get; set; }
+
+ public string SignInName { get; set; }
}
}
diff --git a/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ParameterSet.cs b/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ParameterSet.cs
index ab606a7b9324..2b49683e42e2 100644
--- a/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ParameterSet.cs
+++ b/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ParameterSet.cs
@@ -22,38 +22,34 @@ internal static class ParameterSet
public const string SPN = "SPNParameterSet";
+ public const string SignInName = "SignInNameParameterSet";
+
public const string SearchString = "SearchStringParameterSet";
public const string ObjectId = "ObjectIdParameterSet";
public const string Scope = "ScopeParameterSet";
- public const string ScopeWithMail = "ScopeWithMailParameterSet";
-
- public const string ScopeWithUPN = "ScopeWithUPNParameterSet";
-
public const string ScopeWithSPN = "ScopeWithSPNParameterSet";
+ public const string ScopeWithSignInName = "ScopeWithSignInNameParameterSet";
+
public const string ScopeWithObjectId = "ScopeWithObjectIdParameterSet";
public const string ResourceGroup = "ResourceGroupParameterSet";
- public const string ResourceGroupWithMail = "ResourceGroupWithMailParameterSet";
-
- public const string ResourceGroupWithUPN = "ResourceGroupWithUPNParameterSet";
-
public const string ResourceGroupWithSPN = "ResourceGroupWithSPNParameterSet";
public const string ResourceGroupWithObjectId = "ResourceGroupWithObjectIdParameterSet";
- public const string Resource = "ResourceParameterSet";
-
- public const string ResourceWithMail = "ResourceWithMailParameterSet";
+ public const string ResourceGroupWithSignInName = "ResourceGroupWithSignInNameParameterSet";
- public const string ResourceWithUPN = "ResourceWithUPNParameterSet";
+ public const string Resource = "ResourceParameterSet";
public const string ResourceWithSPN = "ResourceWithSPNParameterSet";
+ public const string ResourceWithSignInName = "ResourceWithSignInNameParameterSet";
+
public const string ResourceWithObjectId = "ResourceWithObjectIdParameterSet";
public const string ApplicationWithoutCredential = "ApplicationWithoutCredentialParameterSet";
diff --git a/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClient.cs b/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClient.cs
index d54ba90c8a1b..4258bbd9c7f8 100644
--- a/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClient.cs
+++ b/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClient.cs
@@ -68,6 +68,7 @@ public PSRoleDefinition GetRoleDefinition(string roleId)
///
/// Filters the existing role Definitions.
+ /// If name is not provided, all role definitions are fetched.
///
/// The role name
/// The matched role Definitions
@@ -122,7 +123,11 @@ public PSRoleAssignment CreateRoleAssignment(FilterRoleAssignmentsOptions parame
};
AuthorizationManagementClient.RoleAssignments.Create(parameters.Scope, roleAssignmentId, createParameters);
- return AuthorizationManagementClient.RoleAssignments.Get(parameters.Scope, roleAssignmentId).RoleAssignment.ToPSRoleAssignment(this, ActiveDirectoryClient);
+
+ RoleAssignment assignment = AuthorizationManagementClient.RoleAssignments.Get(parameters.Scope, roleAssignmentId).RoleAssignment;
+ IEnumerable assignments = new List() { assignment };
+
+ return assignments.ToPSRoleAssignments(this, ActiveDirectoryClient).FirstOrDefault();
}
///
@@ -159,9 +164,10 @@ public List FilterRoleAssignments(FilterRoleAssignmentsOptions
{
parameters.PrincipalId = string.IsNullOrEmpty(options.ADObjectFilter.Id) ? adObject.Id : Guid.Parse(options.ADObjectFilter.Id);
}
-
+
result.AddRange(AuthorizationManagementClient.RoleAssignments.List(parameters)
- .RoleAssignments.Select(r => r.ToPSRoleAssignment(this, ActiveDirectoryClient, options.ExcludeAssignmentsForDeletedPrincipals)).Where(r => r != null));
+ .RoleAssignments.ToPSRoleAssignments(this, ActiveDirectoryClient, options.ExcludeAssignmentsForDeletedPrincipals));
+
// Filter out by scope
if (!string.IsNullOrEmpty(options.Scope))
@@ -173,13 +179,14 @@ public List FilterRoleAssignments(FilterRoleAssignmentsOptions
{
// Filter by scope and above directly
parameters.AtScope = true;
+
result.AddRange(AuthorizationManagementClient.RoleAssignments.ListForScope(options.Scope, parameters)
- .RoleAssignments.Select(r => r.ToPSRoleAssignment(this, ActiveDirectoryClient, options.ExcludeAssignmentsForDeletedPrincipals)).Where(r => r != null));
+ .RoleAssignments.ToPSRoleAssignments(this, ActiveDirectoryClient, options.ExcludeAssignmentsForDeletedPrincipals));
}
else
{
result.AddRange(AuthorizationManagementClient.RoleAssignments.List(parameters)
- .RoleAssignments.Select(r => r.ToPSRoleAssignment(this, ActiveDirectoryClient, options.ExcludeAssignmentsForDeletedPrincipals)).Where(r => r != null));
+ .RoleAssignments.ToPSRoleAssignments(this, ActiveDirectoryClient, options.ExcludeAssignmentsForDeletedPrincipals));
}
if (!string.IsNullOrEmpty(options.RoleDefinition))
@@ -204,7 +211,8 @@ public List FilterRoleAssignments(FilterRoleAssignmentsOptions
var userObject = adObject as PSADUser;
classicAdministratorsAssignments = classicAdministratorsAssignments.Where(c =>
c.DisplayName.Equals(userObject.UserPrincipalName, StringComparison.OrdinalIgnoreCase) ||
- c.DisplayName.Equals(userObject.Mail, StringComparison.OrdinalIgnoreCase)).ToList();
+ c.DisplayName.Equals(userObject.Mail, StringComparison.OrdinalIgnoreCase) ||
+ c.DisplayName.Equals(userObject.SignInName, StringComparison.OrdinalIgnoreCase)).ToList();
}
result.AddRange(classicAdministratorsAssignments);
diff --git a/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClientExtensions.cs b/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClientExtensions.cs
index 829d4b253bcb..b1e7821a542b 100644
--- a/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClientExtensions.cs
+++ b/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/AuthorizationClientExtensions.cs
@@ -44,69 +44,82 @@ public static PSRoleDefinition ToPSRoleDefinition(this RoleDefinition role)
return roleDefinition;
}
- public static PSRoleAssignment ToPSRoleAssignment(this RoleAssignment role, AuthorizationClient policyClient, ActiveDirectoryClient activeDirectoryClient, bool excludeAssignmentsForDeletedPrincipals = true)
+ public static IEnumerable ToPSRoleAssignments(this IEnumerable assignments, AuthorizationClient policyClient, ActiveDirectoryClient activeDirectoryClient, bool excludeAssignmentsForDeletedPrincipals = true)
{
- PSRoleDefinition roleDefinition = policyClient.GetRoleDefinition(role.Properties.RoleDefinitionId);
- PSADObject adObject = activeDirectoryClient.GetADObject(new ADObjectFilterOptions { Id = role.Properties.PrincipalId.ToString() }) ?? new PSADObject() { Id = role.Properties.PrincipalId };
-
- if (adObject is PSADUser)
+ List psAssignments = new List();
+ if(assignments ==null || !assignments.Any())
{
- return new PSUserRoleAssignment()
- {
- RoleAssignmentId = role.Id,
- DisplayName = adObject.DisplayName,
- Actions = roleDefinition.Actions,
- NotActions = roleDefinition.NotActions,
- RoleDefinitionName = roleDefinition.Name,
- Scope = role.Properties.Scope,
- UserPrincipalName = ((PSADUser)adObject).UserPrincipalName,
- Mail = ((PSADUser)adObject).Mail,
- ObjectId = adObject.Id
- };
+ return psAssignments;
}
- else if (adObject is PSADGroup)
+
+ List objectIds = new List();
+ objectIds.AddRange(assignments.Select(r => r.Properties.PrincipalId.ToString()));
+ List adObjects = activeDirectoryClient.GetObjectsByObjectId(objectIds);
+
+ List roleDefinitions = policyClient.FilterRoleDefinitions(name: null);
+
+ foreach (RoleAssignment assignment in assignments)
{
- return new PSGroupRoleAssignment()
+ PSADObject adObject = adObjects.SingleOrDefault(o => o.Id == assignment.Properties.PrincipalId) ?? new PSADObject() { Id = assignment.Properties.PrincipalId };
+ PSRoleDefinition roleDefinition = roleDefinitions.SingleOrDefault(r => r.Id == assignment.Properties.RoleDefinitionId) ?? new PSRoleDefinition() { Id = assignment.Properties.RoleDefinitionId };
+
+ if (adObject is PSADUser)
{
- RoleAssignmentId = role.Id,
- DisplayName = adObject.DisplayName,
- Actions = roleDefinition.Actions,
- NotActions = roleDefinition.NotActions,
- RoleDefinitionName = roleDefinition.Name,
- Scope = role.Properties.Scope,
- Mail = ((PSADGroup)adObject).Mail,
- ObjectId = adObject.Id
- };
- }
- else if (adObject is PSADServicePrincipal)
- {
- return new PSServiceRoleAssignment()
+ psAssignments.Add(new PSRoleAssignment()
+ {
+ RoleAssignmentId = assignment.Id,
+ DisplayName = adObject.DisplayName,
+ RoleDefinitionId = roleDefinition.Id.GuidFromFullyQualifiedId(),
+ RoleDefinitionName = roleDefinition.Name,
+ Scope = assignment.Properties.Scope,
+ SignInName = ((PSADUser)adObject).SignInName,
+ ObjectId = adObject.Id,
+ ObjectType = adObject.Type
+ });
+ }
+ else if (adObject is PSADGroup)
{
- RoleAssignmentId = role.Id,
- DisplayName = adObject.DisplayName,
- Actions = roleDefinition.Actions,
- NotActions = roleDefinition.NotActions,
- RoleDefinitionName = roleDefinition.Name,
- Scope = role.Properties.Scope,
- ServicePrincipalName = ((PSADServicePrincipal)adObject).ServicePrincipalName,
- ObjectId = adObject.Id
- };
- }
- else if (!excludeAssignmentsForDeletedPrincipals)
- {
- return new PSRoleAssignment()
+ psAssignments.Add(new PSRoleAssignment()
+ {
+ RoleAssignmentId = assignment.Id,
+ DisplayName = adObject.DisplayName,
+ RoleDefinitionId = roleDefinition.Id.GuidFromFullyQualifiedId(),
+ RoleDefinitionName = roleDefinition.Name,
+ Scope = assignment.Properties.Scope,
+ ObjectId = adObject.Id,
+ ObjectType = adObject.Type
+ });
+ }
+ else if (adObject is PSADServicePrincipal)
{
- RoleAssignmentId = role.Id,
- DisplayName = adObject.DisplayName,
- Actions = roleDefinition.Actions,
- NotActions = roleDefinition.NotActions,
- RoleDefinitionName = roleDefinition.Name,
- Scope = role.Properties.Scope,
- ObjectId = adObject.Id
- };
+ psAssignments.Add(new PSRoleAssignment()
+ {
+ RoleAssignmentId = assignment.Id,
+ DisplayName = adObject.DisplayName,
+ RoleDefinitionId = roleDefinition.Id.GuidFromFullyQualifiedId(),
+ RoleDefinitionName = roleDefinition.Name,
+ Scope = assignment.Properties.Scope,
+ ObjectId = adObject.Id,
+ ObjectType = adObject.Type
+ });
+ }
+ else if (!excludeAssignmentsForDeletedPrincipals)
+ {
+ psAssignments.Add(new PSRoleAssignment()
+ {
+ RoleAssignmentId = assignment.Id,
+ DisplayName = adObject.DisplayName,
+ RoleDefinitionId = roleDefinition.Id.GuidFromFullyQualifiedId(),
+ RoleDefinitionName = roleDefinition.Name,
+ Scope = assignment.Properties.Scope,
+ ObjectId = adObject.Id,
+ });
+ }
+
+ // Ignore the assignment if principal does not exists and excludeAssignmentsForDeletedPrincipals is set to true
}
- return null;
+ return psAssignments;
}
public static PSRoleAssignment ToPSRoleAssignment(this ClassicAdministrator classicAdministrator, string currentSubscriptionId)
@@ -115,9 +128,15 @@ public static PSRoleAssignment ToPSRoleAssignment(this ClassicAdministrator clas
{
RoleDefinitionName = classicAdministrator.Properties.Role,
DisplayName = classicAdministrator.Properties.EmailAddress,
+ SignInName = classicAdministrator.Properties.EmailAddress,
Scope = "/subscriptions/" + currentSubscriptionId,
- Actions = new List() {"*"}
+ ObjectType = "User"
};
}
+
+ private static string GuidFromFullyQualifiedId(this string Id)
+ {
+ return Id.TrimEnd('/').Substring(Id.LastIndexOf('/') + 1);
+ }
}
}
diff --git a/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/PSGroupRoleAssignment.cs b/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/PSGroupRoleAssignment.cs
deleted file mode 100644
index 1cb6bf0d4ee7..000000000000
--- a/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/PSGroupRoleAssignment.cs
+++ /dev/null
@@ -1,23 +0,0 @@
-// ----------------------------------------------------------------------------------
-//
-// Copyright Microsoft Corporation
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-// http://www.apache.org/licenses/LICENSE-2.0
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-// ----------------------------------------------------------------------------------
-
-using System.Collections.Generic;
-
-namespace Microsoft.Azure.Commands.Resources.Models.Authorization
-{
- public class PSGroupRoleAssignment : PSRoleAssignment
- {
- public string Mail { get; set; }
- }
-}
diff --git a/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/PSRoleAssignment.cs b/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/PSRoleAssignment.cs
index f6964f43d899..826cc2d4acfc 100644
--- a/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/PSRoleAssignment.cs
+++ b/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/PSRoleAssignment.cs
@@ -21,16 +21,18 @@ public class PSRoleAssignment
{
public string RoleAssignmentId { get; set; }
- public string DisplayName { get; set; }
+ public string Scope { get; set; }
- public string RoleDefinitionName { get; set; }
+ public string DisplayName { get; set; }
- public List Actions { get; set; }
+ public string SignInName { get; set; }
- public List NotActions { get; set; }
+ public string RoleDefinitionName { get; set; }
- public string Scope { get; set; }
+ public string RoleDefinitionId { get; set; }
public Guid ObjectId { get; set; }
+
+ public string ObjectType { get; set; }
}
}
diff --git a/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/PSServiceRoleAssignment.cs b/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/PSServiceRoleAssignment.cs
deleted file mode 100644
index 935977a74f97..000000000000
--- a/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/PSServiceRoleAssignment.cs
+++ /dev/null
@@ -1,23 +0,0 @@
-// ----------------------------------------------------------------------------------
-//
-// Copyright Microsoft Corporation
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-// http://www.apache.org/licenses/LICENSE-2.0
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-// ----------------------------------------------------------------------------------
-
-using System.Collections.Generic;
-
-namespace Microsoft.Azure.Commands.Resources.Models.Authorization
-{
- public class PSServiceRoleAssignment : PSRoleAssignment
- {
- public string ServicePrincipalName { get; set; }
- }
-}
diff --git a/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/PSUserRoleAssignment.cs b/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/PSUserRoleAssignment.cs
deleted file mode 100644
index 61e6c72bfd81..000000000000
--- a/src/ResourceManager/Resources/Commands.Resources/Models.Authorization/PSUserRoleAssignment.cs
+++ /dev/null
@@ -1,25 +0,0 @@
-// ----------------------------------------------------------------------------------
-//
-// Copyright Microsoft Corporation
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-// http://www.apache.org/licenses/LICENSE-2.0
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-// ----------------------------------------------------------------------------------
-
-using System.Collections.Generic;
-
-namespace Microsoft.Azure.Commands.Resources.Models.Authorization
-{
- public class PSUserRoleAssignment : PSRoleAssignment
- {
- public string UserPrincipalName { get; set; }
-
- public string Mail { get; set; }
- }
-}
diff --git a/src/ResourceManager/Resources/Commands.Resources/RoleAssignments/GetAzureRoleAssignmentCommand.cs b/src/ResourceManager/Resources/Commands.Resources/RoleAssignments/GetAzureRoleAssignmentCommand.cs
index dea9daf50188..dd8164ca3032 100644
--- a/src/ResourceManager/Resources/Commands.Resources/RoleAssignments/GetAzureRoleAssignmentCommand.cs
+++ b/src/ResourceManager/Resources/Commands.Resources/RoleAssignments/GetAzureRoleAssignmentCommand.cs
@@ -39,28 +39,17 @@ public class GetAzureRoleAssignmentCommand : ResourcesBaseCmdlet
[Alias("Id", "PrincipalId")]
public Guid ObjectId { get; set; }
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Mail,
- HelpMessage = "The user email address.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithMail,
- HelpMessage = "The user email address.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithMail,
- HelpMessage = "The user email address.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithMail,
- HelpMessage = "The user email address.")]
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithSignInName,
+ HelpMessage = "The user SignInName.")]
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSignInName,
+ HelpMessage = "The user SignInName.")]
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithSignInName,
+ HelpMessage = "The user SignInName.")]
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.SignInName,
+ HelpMessage = "The user SignInName.")]
[ValidateNotNullOrEmpty]
- public string Mail { get; set; }
-
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithUPN,
- HelpMessage = "The user UPN.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithUPN,
- HelpMessage = "The user UPN.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithUPN,
- HelpMessage = "The user UPN.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.UPN,
- HelpMessage = "The user UPN.")]
- [ValidateNotNullOrEmpty]
- [Alias("UPN")]
- public string UserPrincipalName { get; set; }
+ [Alias("Email", "UserPrincipalName")]
+ public string SignInName { get; set; }
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithSPN,
HelpMessage = "The app SPN.")]
@@ -82,13 +71,9 @@ public class GetAzureRoleAssignmentCommand : ResourcesBaseCmdlet
HelpMessage = "Resource group to assign the role to.")]
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithObjectId,
HelpMessage = "Resource group to assign the role to.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithMail,
- HelpMessage = "Resource group to assign the role to.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithMail,
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithSignInName,
HelpMessage = "Resource group to assign the role to.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithUPN,
- HelpMessage = "Resource group to assign the role to.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithUPN,
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSignInName,
HelpMessage = "Resource group to assign the role to.")]
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithSPN,
HelpMessage = "Resource group to assign the role to.")]
@@ -101,9 +86,7 @@ public class GetAzureRoleAssignmentCommand : ResourcesBaseCmdlet
HelpMessage = "Resource to assign the role to.")]
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithObjectId,
HelpMessage = "Resource to assign the role to.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithMail,
- HelpMessage = "Resource to assign the role to.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithUPN,
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSignInName,
HelpMessage = "Resource to assign the role to.")]
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSPN,
HelpMessage = "Resource to assign the role to.")]
@@ -114,9 +97,7 @@ public class GetAzureRoleAssignmentCommand : ResourcesBaseCmdlet
HelpMessage = "Type of the resource to assign the role to.")]
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithObjectId,
HelpMessage = "Type of the resource to assign the role to.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithMail,
- HelpMessage = "Type of the resource to assign the role to.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithUPN,
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSignInName,
HelpMessage = "Type of the resource to assign the role to.")]
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSPN,
HelpMessage = "Type of the resource to assign the role to.")]
@@ -127,9 +108,7 @@ public class GetAzureRoleAssignmentCommand : ResourcesBaseCmdlet
HelpMessage = "Parent resource of the resource to assign the role to, if there is any.")]
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithObjectId,
HelpMessage = "Parent resource of the resource to assign the role to, if there is any.")]
- [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithMail,
- HelpMessage = "Parent resource of the resource to assign the role to, if there is any.")]
- [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithUPN,
+ [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSignInName,
HelpMessage = "Parent resource of the resource to assign the role to, if there is any.")]
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSPN,
HelpMessage = "Parent resource of the resource to assign the role to, if there is any.")]
@@ -138,41 +117,33 @@ public class GetAzureRoleAssignmentCommand : ResourcesBaseCmdlet
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Empty,
HelpMessage = "Role to assign the principals with.")]
- [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Mail,
- HelpMessage = "Role to assign the principals with.")]
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ObjectId,
HelpMessage = "Role to assign the principals with.")]
- [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.UPN,
+ [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.SignInName,
HelpMessage = "Role to assign the principals with.")]
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.SPN,
HelpMessage = "Role to assign the principals with.")]
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Scope,
HelpMessage = "Role to assign the principals with.")]
- [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithMail,
- HelpMessage = "Role to assign the principals with.")]
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithObjectId,
HelpMessage = "Role to assign the principals with.")]
- [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithUPN,
+ [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithSignInName,
HelpMessage = "Role to assign the principals with.")]
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithSPN,
HelpMessage = "Role to assign the principals with.")]
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroup,
HelpMessage = "Role to assign the principals with.")]
- [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithMail,
- HelpMessage = "Role to assign the principals with.")]
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithObjectId,
HelpMessage = "Role to assign the principals with.")]
- [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithUPN,
+ [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithSignInName,
HelpMessage = "Role to assign the principals with.")]
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithSPN,
HelpMessage = "Role to assign the principals with.")]
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Resource,
HelpMessage = "Role to assign the principals with.")]
- [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithMail,
- HelpMessage = "Role to assign the principals with.")]
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithObjectId,
HelpMessage = "Role to assign the principals with.")]
- [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithUPN,
+ [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSignInName,
HelpMessage = "Role to assign the principals with.")]
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSPN,
HelpMessage = "Role to assign the principals with.")]
@@ -183,60 +154,48 @@ public class GetAzureRoleAssignmentCommand : ResourcesBaseCmdlet
HelpMessage = "Scope of the role assignment. In the format of relative URI.")]
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithObjectId,
HelpMessage = "Scope of the role assignment. In the format of relative URI.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithMail,
- HelpMessage = "Scope of the role assignment. In the format of relative URI.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithUPN,
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithSignInName,
HelpMessage = "Scope of the role assignment. In the format of relative URI.")]
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithSPN,
HelpMessage = "Scope of the role assignment. In the format of relative URI.")]
[ValidateNotNullOrEmpty]
public string Scope { get; set; }
- [Parameter(Mandatory = false, ParameterSetName = ParameterSet.Mail,
- HelpMessage = "If specified, returns role assignments directly assigned to the principal as well as assignments to the principal's groups (transitive). Supported only for User Principals.")]
[Parameter(Mandatory = false, ParameterSetName = ParameterSet.ObjectId,
HelpMessage = "If specified, returns role assignments directly assigned to the principal as well as assignments to the principal's groups (transitive). Supported only for User Principals.")]
- [Parameter(Mandatory = false, ParameterSetName = ParameterSet.UPN,
+ [Parameter(Mandatory = false, ParameterSetName = ParameterSet.SignInName,
HelpMessage = "If specified, returns role assignments directly assigned to the principal as well as assignments to the principal's groups (transitive). Supported only for User Principals.")]
public SwitchParameter ExpandPrincipalGroups { get; set; }
[Parameter(Mandatory = false, ParameterSetName = ParameterSet.Empty,
HelpMessage = "If specified, also returns the subscription classic administrators as role assignments.")]
- [Parameter(Mandatory = false, ParameterSetName = ParameterSet.Mail,
- HelpMessage = "If specified, also returns the subscription classic administrators as role assignments.")]
[Parameter(Mandatory = false, ParameterSetName = ParameterSet.ObjectId,
HelpMessage = "If specified, also returns the subscription classic administrators as role assignments.")]
- [Parameter(Mandatory = false, ParameterSetName = ParameterSet.UPN,
+ [Parameter(Mandatory = false, ParameterSetName = ParameterSet.SignInName,
HelpMessage = "If specified, also returns the subscription classic administrators as role assignments.")]
[Parameter(Mandatory = false, ParameterSetName = ParameterSet.SPN,
HelpMessage = "If specified, also returns the subscription classic administrators as role assignments.")]
[Parameter(Mandatory = false, ParameterSetName = ParameterSet.Scope,
HelpMessage = "If specified, also returns the subscription classic administrators as role assignments.")]
- [Parameter(Mandatory = false, ParameterSetName = ParameterSet.ScopeWithMail,
- HelpMessage = "If specified, also returns the subscription classic administrators as role assignments.")]
[Parameter(Mandatory = false, ParameterSetName = ParameterSet.ScopeWithObjectId,
HelpMessage = "If specified, also returns the subscription classic administrators as role assignments.")]
- [Parameter(Mandatory = false, ParameterSetName = ParameterSet.ScopeWithUPN,
+ [Parameter(Mandatory = false, ParameterSetName = ParameterSet.ScopeWithSignInName,
HelpMessage = "If specified, also returns the subscription classic administrators as role assignments.")]
[Parameter(Mandatory = false, ParameterSetName = ParameterSet.ScopeWithSPN,
HelpMessage = "If specified, also returns the subscription classic administrators as role assignments.")]
[Parameter(Mandatory = false, ParameterSetName = ParameterSet.ResourceGroup,
HelpMessage = "If specified, also returns the subscription classic administrators as role assignments.")]
- [Parameter(Mandatory = false, ParameterSetName = ParameterSet.ResourceGroupWithMail,
- HelpMessage = "If specified, also returns the subscription classic administrators as role assignments.")]
[Parameter(Mandatory = false, ParameterSetName = ParameterSet.ResourceGroupWithObjectId,
HelpMessage = "If specified, also returns the subscription classic administrators as role assignments.")]
- [Parameter(Mandatory = false, ParameterSetName = ParameterSet.ResourceGroupWithUPN,
+ [Parameter(Mandatory = false, ParameterSetName = ParameterSet.ResourceGroupWithSignInName,
HelpMessage = "If specified, also returns the subscription classic administrators as role assignments.")]
[Parameter(Mandatory = false, ParameterSetName = ParameterSet.ResourceGroupWithSPN,
HelpMessage = "If specified, also returns the subscription classic administrators as role assignments.")]
[Parameter(Mandatory = false, ParameterSetName = ParameterSet.Resource,
HelpMessage = "If specified, also returns the subscription classic administrators as role assignments.")]
- [Parameter(Mandatory = false, ParameterSetName = ParameterSet.ResourceWithMail,
- HelpMessage = "If specified, also returns the subscription classic administrators as role assignments.")]
[Parameter(Mandatory = false, ParameterSetName = ParameterSet.ResourceWithObjectId,
HelpMessage = "If specified, also returns the subscription classic administrators as role assignments.")]
- [Parameter(Mandatory = false, ParameterSetName = ParameterSet.ResourceWithUPN,
+ [Parameter(Mandatory = false, ParameterSetName = ParameterSet.ResourceWithSignInName,
HelpMessage = "If specified, also returns the subscription classic administrators as role assignments.")]
[Parameter(Mandatory = false, ParameterSetName = ParameterSet.ResourceWithSPN,
HelpMessage = "If specified, also returns the subscription classic administrators as role assignments.")]
@@ -250,8 +209,7 @@ protected override void ProcessRecord()
RoleDefinition = RoleDefinitionName,
ADObjectFilter = new ADObjectFilterOptions
{
- Mail = Mail,
- UPN = UserPrincipalName,
+ SignInName = SignInName,
SPN = ServicePrincipalName,
Id = ObjectId == Guid.Empty ? null : ObjectId.ToString(),
},
diff --git a/src/ResourceManager/Resources/Commands.Resources/RoleAssignments/NewAzureRoleAssignmentCommand.cs b/src/ResourceManager/Resources/Commands.Resources/RoleAssignments/NewAzureRoleAssignmentCommand.cs
index 4b15520c9616..76459623096a 100644
--- a/src/ResourceManager/Resources/Commands.Resources/RoleAssignments/NewAzureRoleAssignmentCommand.cs
+++ b/src/ResourceManager/Resources/Commands.Resources/RoleAssignments/NewAzureRoleAssignmentCommand.cs
@@ -23,7 +23,7 @@ namespace Microsoft.Azure.Commands.Resources
///
/// Creates new role assignment.
///
- [Cmdlet(VerbsCommon.New, "AzureRmRoleAssignment"), OutputType(typeof(PSRoleAssignment))]
+ [Cmdlet(VerbsCommon.New, "AzureRmRoleAssignment", DefaultParameterSetName = ParameterSet.Empty), OutputType(typeof(PSRoleAssignment))]
public class NewAzureRoleAssignmentCommand : ResourcesBaseCmdlet
{
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithObjectId,
@@ -32,34 +32,21 @@ public class NewAzureRoleAssignmentCommand : ResourcesBaseCmdlet
HelpMessage = "The user or group object id.")]
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithObjectId,
HelpMessage = "The user or group object id.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ObjectId,
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Empty,
HelpMessage = "The user or group object id.")]
[ValidateNotNullOrEmpty]
[Alias("Id", "PrincipalId")]
public Guid ObjectId { get; set; }
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithMail,
- HelpMessage = "The user or group email address.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithMail,
- HelpMessage = "The user or group email address.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithMail,
- HelpMessage = "The user or group email address.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Mail,
- HelpMessage = "The user or group email address.")]
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithSignInName,
+ HelpMessage = "The user SignInName.")]
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSignInName,
+ HelpMessage = "The user SignInName.")]
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithSignInName,
+ HelpMessage = "The user SignInName.")]
[ValidateNotNullOrEmpty]
- public string Mail { get; set; }
-
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithUPN,
- HelpMessage = "The user UPN.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithUPN,
- HelpMessage = "The user UPN.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithUPN,
- HelpMessage = "The user UPN.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.UPN,
- HelpMessage = "The user UPN.")]
- [ValidateNotNullOrEmpty]
- [Alias("UPN")]
- public string UserPrincipalName { get; set; }
+ [Alias("Email", "UserPrincipalName")]
+ public string SignInName { get; set; }
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithSPN,
HelpMessage = "The app SPN.")]
@@ -67,8 +54,6 @@ public class NewAzureRoleAssignmentCommand : ResourcesBaseCmdlet
HelpMessage = "The app SPN.")]
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithSPN,
HelpMessage = "The app SPN.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.SPN,
- HelpMessage = "The app SPN.")]
[ValidateNotNullOrEmpty]
[Alias("SPN")]
public string ServicePrincipalName { get; set; }
@@ -77,13 +62,9 @@ public class NewAzureRoleAssignmentCommand : ResourcesBaseCmdlet
HelpMessage = "Resource group to assign the role to.")]
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithObjectId,
HelpMessage = "Resource group to assign the role to.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithMail,
- HelpMessage = "Resource group to assign the role to.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithMail,
- HelpMessage = "Resource group to assign the role to.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithUPN,
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithSignInName,
HelpMessage = "Resource group to assign the role to.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithUPN,
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSignInName,
HelpMessage = "Resource group to assign the role to.")]
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithSPN,
HelpMessage = "Resource group to assign the role to.")]
@@ -94,9 +75,7 @@ public class NewAzureRoleAssignmentCommand : ResourcesBaseCmdlet
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithObjectId,
HelpMessage = "Resource to assign the role to.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithMail,
- HelpMessage = "Resource to assign the role to.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithUPN,
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSignInName,
HelpMessage = "Resource to assign the role to.")]
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSPN,
HelpMessage = "Resource to assign the role to.")]
@@ -105,9 +84,7 @@ public class NewAzureRoleAssignmentCommand : ResourcesBaseCmdlet
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithObjectId,
HelpMessage = "Type of the resource to assign the role to.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithMail,
- HelpMessage = "Type of the resource to assign the role to.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithUPN,
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSignInName,
HelpMessage = "Type of the resource to assign the role to.")]
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSPN,
HelpMessage = "Type of the resource to assign the role to.")]
@@ -116,22 +93,20 @@ public class NewAzureRoleAssignmentCommand : ResourcesBaseCmdlet
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithObjectId,
HelpMessage = "Parent resource of the resource to assign the role to, if there is any.")]
- [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithMail,
- HelpMessage = "Parent resource of the resource to assign the role to, if there is any.")]
- [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithUPN,
+ [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSignInName,
HelpMessage = "Parent resource of the resource to assign the role to, if there is any.")]
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSPN,
HelpMessage = "Parent resource of the resource to assign the role to, if there is any.")]
[ValidateNotNullOrEmpty]
public string ParentResource { get; set; }
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithObjectId,
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Empty,
HelpMessage = "Scope of the role assignment. In the format of relative URI. If not specified, will assign the role at subscription level. If specified, it can either start with \"/subscriptions/\" or the part after that. If it's latter, the current subscription id will be used.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithMail,
+ [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithObjectId,
HelpMessage = "Scope of the role assignment. In the format of relative URI. If not specified, will assign the role at subscription level. If specified, it can either start with \"/subscriptions/\" or the part after that. If it's latter, the current subscription id will be used.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithUPN,
+ [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithSignInName,
HelpMessage = "Scope of the role assignment. In the format of relative URI. If not specified, will assign the role at subscription level. If specified, it can either start with \"/subscriptions/\" or the part after that. If it's latter, the current subscription id will be used.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithSPN,
+ [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithSPN,
HelpMessage = "Scope of the role assignment. In the format of relative URI. If not specified, will assign the role at subscription level. If specified, it can either start with \"/subscriptions/\" or the part after that. If it's latter, the current subscription id will be used.")]
[ValidateNotNullOrEmpty]
public string Scope { get; set; }
@@ -148,8 +123,7 @@ protected override void ProcessRecord()
RoleDefinition = RoleDefinitionName,
ADObjectFilter = new ADObjectFilterOptions
{
- Mail = Mail,
- UPN = UserPrincipalName,
+ SignInName = SignInName,
SPN = ServicePrincipalName,
Id = ObjectId == Guid.Empty ? null : ObjectId.ToString(),
},
diff --git a/src/ResourceManager/Resources/Commands.Resources/RoleAssignments/RemoveAzureRoleAssignmentCommand.cs b/src/ResourceManager/Resources/Commands.Resources/RoleAssignments/RemoveAzureRoleAssignmentCommand.cs
index 964bf0710cf2..193751b34c7b 100644
--- a/src/ResourceManager/Resources/Commands.Resources/RoleAssignments/RemoveAzureRoleAssignmentCommand.cs
+++ b/src/ResourceManager/Resources/Commands.Resources/RoleAssignments/RemoveAzureRoleAssignmentCommand.cs
@@ -32,73 +32,70 @@ public class RemoveAzureRoleAssignmentCommand : ResourcesBaseCmdlet
HelpMessage = "The user or group object id")]
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithObjectId,
HelpMessage = "The user or group object id.")]
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithObjectId,
+ HelpMessage = "The user or group object id.")]
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithObjectId,
HelpMessage = "The user or group object id.")]
[ValidateNotNullOrEmpty]
[Alias("Id", "PrincipalId")]
public Guid ObjectId { get; set; }
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithMail,
- HelpMessage = "The user or group email address.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithMail,
- HelpMessage = "The user or group email address.")]
- [ValidateNotNullOrEmpty]
- public string Mail { get; set; }
-
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithUPN,
- HelpMessage = "The user UPN.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithUPN,
- HelpMessage = "The user UPN.")]
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSignInName,
+ HelpMessage = "The user SignInName.")]
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithSignInName,
+ HelpMessage = "The user SignInName.")]
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithSignInName,
+ HelpMessage = "The user SignInName.")]
[ValidateNotNullOrEmpty]
- [Alias("UPN")]
- public string UserPrincipalName { get; set; }
+ [Alias("Email", "UserPrincipalName")]
+ public string SignInName { get; set; }
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSPN,
HelpMessage = "The app SPN.")]
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithSPN,
+ HelpMessage = "The app SPN.")]
[Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithSPN,
HelpMessage = "The app SPN.")]
[ValidateNotNullOrEmpty]
[Alias("SPN")]
public string ServicePrincipalName { get; set; }
- [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithObjectId,
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithObjectId,
+ HelpMessage = "Resource group to assign the role to.")]
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithObjectId,
HelpMessage = "Resource group to assign the role to.")]
- [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithMail,
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithSignInName,
HelpMessage = "Resource group to assign the role to.")]
- [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithUPN,
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSignInName,
HelpMessage = "Resource group to assign the role to.")]
- [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSPN,
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceGroupWithSPN,
+ HelpMessage = "Resource group to assign the role to.")]
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSPN,
HelpMessage = "Resource group to assign the role to.")]
[ValidateNotNullOrEmpty]
public string ResourceGroupName { get; set; }
- [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithObjectId,
- HelpMessage = "Resource to assign the role to.")]
- [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithMail,
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithObjectId,
HelpMessage = "Resource to assign the role to.")]
- [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithUPN,
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSignInName,
HelpMessage = "Resource to assign the role to.")]
- [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSPN,
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSPN,
HelpMessage = "Resource to assign the role to.")]
[ValidateNotNullOrEmpty]
public string ResourceName { get; set; }
- [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithObjectId,
- HelpMessage = "Type of the resource to assign the role to.")]
- [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithMail,
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithObjectId,
HelpMessage = "Type of the resource to assign the role to.")]
- [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithUPN,
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSignInName,
HelpMessage = "Type of the resource to assign the role to.")]
- [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSPN,
+ [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSPN,
HelpMessage = "Type of the resource to assign the role to.")]
[ValidateNotNullOrEmpty]
public string ResourceType { get; set; }
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithObjectId,
HelpMessage = "Parent resource of the resource to assign the role to, if there is any.")]
- [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithMail,
- HelpMessage = "Parent resource of the resource to assign the role to, if there is any.")]
- [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithUPN,
+ [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSignInName,
HelpMessage = "Parent resource of the resource to assign the role to, if there is any.")]
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ResourceWithSPN,
HelpMessage = "Parent resource of the resource to assign the role to, if there is any.")]
@@ -107,13 +104,11 @@ public class RemoveAzureRoleAssignmentCommand : ResourcesBaseCmdlet
[Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.Empty,
HelpMessage = "Role to assign the principals with.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithObjectId,
- HelpMessage = "Scope of the role assignment. In the format of relative URI. If not specified, will assign the role at subscription level. If specified, it can either start with \"/subscriptions/\" or the part after that. If it's latter, the current subscription id will be used.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithMail,
+ [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithObjectId,
HelpMessage = "Scope of the role assignment. In the format of relative URI. If not specified, will assign the role at subscription level. If specified, it can either start with \"/subscriptions/\" or the part after that. If it's latter, the current subscription id will be used.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithUPN,
+ [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithSignInName,
HelpMessage = "Scope of the role assignment. In the format of relative URI. If not specified, will assign the role at subscription level. If specified, it can either start with \"/subscriptions/\" or the part after that. If it's latter, the current subscription id will be used.")]
- [Parameter(Mandatory = true, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithSPN,
+ [Parameter(Mandatory = false, ValueFromPipelineByPropertyName = true, ParameterSetName = ParameterSet.ScopeWithSPN,
HelpMessage = "Scope of the role assignment. In the format of relative URI. If not specified, will assign the role at subscription level. If specified, it can either start with \"/subscriptions/\" or the part after that. If it's latter, the current subscription id will be used.")]
[ValidateNotNullOrEmpty]
public string Scope { get; set; }
@@ -137,9 +132,8 @@ protected override void ProcessRecord()
RoleDefinition = RoleDefinitionName,
ADObjectFilter = new ADObjectFilterOptions
{
- Mail = Mail,
+ SignInName = SignInName,
Id = ObjectId == Guid.Empty ? null : ObjectId.ToString(),
- UPN = UserPrincipalName,
SPN = ServicePrincipalName
},
ResourceIdentifier = new ResourceIdentifier()
diff --git a/src/ResourceManager/Resources/Commands.Resources/packages.config b/src/ResourceManager/Resources/Commands.Resources/packages.config
index a0d9d64c4ef7..e0420e43bf50 100644
--- a/src/ResourceManager/Resources/Commands.Resources/packages.config
+++ b/src/ResourceManager/Resources/Commands.Resources/packages.config
@@ -5,7 +5,7 @@
-
+