[MSGraph] Enable app roleassignment commands for Service Principal (#23732)

* add approle api in local yaml

* add approle api in local yaml

* customize New-AzAdServiceprincipalAppRoleAssignment

* app role

* Delete src/Resources/MSGraph.Autorest/test/Get-AzADServicePrincipalAppRoleAssignedTo.Tests.ps1

* Delete src/Resources/MSGraph.Autorest/test/Remove-AzADServicePrincipalAppRoleAssignedTo.Tests.ps1

* Delete src/Resources/MSGraph.Autorest/test/Update-AzADServicePrincipalAppRoleAssignedTo.Tests.ps1

* add examples

* remove useless parameters

* Update New-AzADServicePrincipalAppRoleAssignment.Tests.ps1

* update

* Update Get-AzADApplication.ps1

* Update Get-AzADApplication.ps1

* change output ux, resolve comments

Author: NoriZC

src/Resources/MSGraph.Autorest/Az.MSGraph.psd1

@@ -11,7 +11,7 @@
   DotNetFrameworkVersion = '4.7.2'
   RequiredAssemblies = './bin/Az.MSGraph.private.dll'
   FormatsToProcess = './Az.MSGraph.format.ps1xml'
-  FunctionsToExport = 'Add-AzADAppPermission', 'Add-AzADGroupMember', 'Get-AzADAppCredential', 'Get-AzADAppFederatedCredential', 'Get-AzADApplication', 'Get-AzADAppPermission', 'Get-AzADGroup', 'Get-AzADGroupMember', 'Get-AzADOrganization', 'Get-AzADServicePrincipal', 'Get-AzADSpCredential', 'Get-AzADUser', 'New-AzADAppCredential', 'New-AzADAppFederatedCredential', 'New-AzADApplication', 'New-AzADGroup', 'New-AzADServicePrincipal', 'New-AzADSpCredential', 'New-AzADUser', 'Remove-AzADAppCredential', 'Remove-AzADAppFederatedCredential', 'Remove-AzADApplication', 'Remove-AzADAppPermission', 'Remove-AzADGroup', 'Remove-AzADGroupMember', 'Remove-AzADServicePrincipal', 'Remove-AzADSpCredential', 'Remove-AzADUser', 'Update-AzADAppFederatedCredential', 'Update-AzADApplication', 'Update-AzADGroup', 'Update-AzADServicePrincipal', 'Update-AzADUser', '*'
+  FunctionsToExport = 'Add-AzADAppPermission', 'Add-AzADGroupMember', 'Get-AzADAppCredential', 'Get-AzADAppFederatedCredential', 'Get-AzADApplication', 'Get-AzADAppPermission', 'Get-AzADGroup', 'Get-AzADGroupMember', 'Get-AzADGroupOwner', 'Get-AzADOrganization', 'Get-AzADServicePrincipal', 'Get-AzADServicePrincipalAppRoleAssignment', 'Get-AzADSpCredential', 'Get-AzADUser', 'New-AzADAppCredential', 'New-AzADAppFederatedCredential', 'New-AzADApplication', 'New-AzADGroup', 'New-AzADGroupOwner', 'New-AzADServicePrincipal', 'New-AzADServicePrincipalAppRoleAssignment', 'New-AzADSpCredential', 'New-AzADUser', 'Remove-AzADAppCredential', 'Remove-AzADAppFederatedCredential', 'Remove-AzADApplication', 'Remove-AzADAppPermission', 'Remove-AzADGroup', 'Remove-AzADGroupMember', 'Remove-AzADGroupOwner', 'Remove-AzADServicePrincipal', 'Remove-AzADServicePrincipalAppRoleAssignment', 'Remove-AzADSpCredential', 'Remove-AzADUser', 'Update-AzADAppFederatedCredential', 'Update-AzADApplication', 'Update-AzADGroup', 'Update-AzADServicePrincipal', 'Update-AzADServicePrincipalAppRoleAssignment', 'Update-AzADUser', '*'
   AliasesToExport = 'Get-AzADServicePrincipalCredential', 'New-AzADServicePrincipalCredential', 'Remove-AzADServicePrincipalCredential', 'Set-AzADApplication', 'Set-AzADServicePrincipal', 'Set-AzADUser', '*'
   PrivateData = @{
     PSData = @{

src/Resources/MSGraph.Autorest/README.md

@@ -78,7 +78,6 @@ exclude-tableview-properties: []
 
 inlining-threshold: 200
 
-
 directive:
   - no-inline:
     - MicrosoftGraphUser
@@ -196,6 +195,33 @@ directive:
     set:
       property-name: Items
 
+  - where:
+      subject: serviceprincipalapproleassignment$
+      verb: New
+    hide: true
+
+  - where:
+      subject: serviceprincipalapproleassignment$
+      parameter-name: ^DeletedDateTime$
+    hide: true
+
+  - where:
+      verb: Update
+      subject: serviceprincipalapproleassignment$
+      parameter-name: ^PrincipalId$|^DisplayName$|^ResourceDisplayName$|^ResourceId$
+    hide: true
+
+  - where:
+      model-name: MicrosoftGraphAppRoleAssignment
+    set:
+      format-table:
+        properties:
+          - Id
+          - AppRoleId
+          - PrincipalDisplayName
+          - PrincipalId
+          - CreatedDateTime
+
   - where:
       subject: application$|applicationpassword$|applicationkey$|serviceprincipal$|serviceprincipalpassword$|serviceprincipalkey$|groupmember$|user$|GroupGraphRefMember$|grouprefmember$
     hide: true

src/Resources/MSGraph.Autorest/custom/New-AzADServicePrincipalAppRoleAssignment.ps1

@@ -0,0 +1,185 @@
+
+# ----------------------------------------------------------------------------------
+# Copyright (c) Microsoft Corporation. All rights reserved.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# Code generated by Microsoft (R) AutoRest Code Generator.Changes may cause incorrect behavior and will be lost if the code
+# is regenerated.
+# ----------------------------------------------------------------------------------
+
+<#
+.Synopsis
+Create new navigation property to appRoleAssignments for servicePrincipals
+.Description
+Create new navigation property to appRoleAssignments for servicePrincipals
+.Example
+{{ Add code here }}
+.Example
+{{ Add code here }}
+
+.Inputs
+Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphAppRoleAssignment
+.Outputs
+Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphAppRoleAssignment
+.Notes
+COMPLEX PARAMETER PROPERTIES
+
+To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
+
+BODY <IMicrosoftGraphAppRoleAssignment>: Represents an Azure Active Directory object. The directoryObject type is the base type for many other directory entity types.
+  [(Any) <Object>]: This indicates any property can be added to this object.
+  [DeletedDateTime <DateTime?>]: 
+  [DisplayName <String>]: The name displayed in directory
+  [AppRoleId <String>]: The identifier (id) for the app role which is assigned to the principal. This app role must be exposed in the appRoles property on the resource application's service principal (resourceId). If the resource application has not declared any app roles, a default app role ID of 00000000-0000-0000-0000-000000000000 can be specified to signal that the principal is assigned to the resource app without any specific app roles. Required on create.
+  [PrincipalId <String>]: The unique identifier (id) for the user, group or service principal being granted the app role. Required on create.
+  [ResourceDisplayName <String>]: The display name of the resource app's service principal to which the assignment is made.
+  [ResourceId <String>]: The unique identifier (id) for the resource service principal for which the assignment is made. Required on create. Supports $filter (eq only).
+.Link
+https://learn.microsoft.com/powershell/module/az.resources/new-azadserviceprincipalapproleassignment
+#>
+function New-AzADServicePrincipalAppRoleAssignment {
+[OutputType([Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Models.ApiV10.IMicrosoftGraphAppRoleAssignment])]
+[CmdletBinding(DefaultParameterSetName='ObjectIdWithResourceIdParameterSet', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')]
+param(
+    [Parameter(ParameterSetName = 'ObjectIdWithResourceIdParameterSet', Mandatory)]
+    [Parameter(ParameterSetName = 'ObjectIdWithResourceDisplayNameParameterSet', Mandatory)]
+    [Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Category('Path')]
+    [System.String]
+    # The unique identifier (id) for the user, group or service principal being granted the app role.
+    # Required on create.
+    ${ServicePrincipalId},
+
+    [Parameter(ParameterSetName = 'SPNWithResourceIdParameterSet', Mandatory)]
+    [Parameter(ParameterSetName = 'SPNWithResourceDisplayNameParameterSet', Mandatory)]
+    [Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Category('Body')]
+    [System.String]
+    # The name displayed in directory
+    ${ServicePrincipalDisplayName},
+
+    [Parameter()] # ParameterSetName='CreateExpanded')]
+    [Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Category('Body')]
+    [System.Collections.Hashtable]
+    # Additional Parameters
+    ${AdditionalProperties},
+
+    [Parameter()]
+    [Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Category('Body')]
+    [System.String]
+    # The identifier (id) for the app role which is assigned to the principal.
+    # This app role must be exposed in the appRoles property on the resource application's service principal (resourceId).
+    # If the resource application has not declared any app roles, a default app role ID of 00000000-0000-0000-0000-000000000000 can be specified to signal that the principal is assigned to the resource app without any specific app roles.
+    # Required on create.
+    ${AppRoleId},
+
+    [Parameter(DontShow)]
+    [Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Category('Body')]
+    [System.DateTime]
+    # .
+    ${DeletedDateTime}, 
+
+    [Parameter(ParameterSetName = 'ObjectIdWithResourceIdParameterSet', Mandatory)]
+    [Parameter(ParameterSetName = 'SPNWithResourceIdParameterSet', Mandatory)]
+    [Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Category('Body')]
+    [System.String]
+    # The unique identifier (id) for the resource service principal for which the assignment is made.
+    # Required on create.
+    # Supports $filter (eq only).
+    ${ResourceId},
+
+    [Parameter(ParameterSetName = 'ObjectIdWithResourceDisplayNameParameterSet', Mandatory)]
+    [Parameter(ParameterSetName = 'SPNWithResourceDisplayNameParameterSet', Mandatory)]
+    [Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Category('Body')]
+    [System.String]
+    # The display name of the resource app's service principal to which the assignment is made.
+    ${ResourceDisplayName},
+
+    [Parameter()]
+    [Alias('AzureRMContext', 'AzureCredential')]
+    [ValidateNotNull()]
+    [Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Category('Azure')]
+    [System.Management.Automation.PSObject]
+    # The credentials, account, tenant, and subscription used for communication with Azure.
+    ${DefaultProfile},
+
+    [Parameter(DontShow)]
+    [Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Category('Runtime')]
+    [System.Management.Automation.SwitchParameter]
+    # Wait for .NET debugger to attach
+    ${Break},
+
+    [Parameter(DontShow)]
+    [ValidateNotNull()]
+    [Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Category('Runtime')]
+    [Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Runtime.SendAsyncStep[]]
+    # SendAsync Pipeline Steps to be appended to the front of the pipeline
+    ${HttpPipelineAppend},
+
+    [Parameter(DontShow)]
+    [ValidateNotNull()]
+    [Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Category('Runtime')]
+    [Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Runtime.SendAsyncStep[]]
+    # SendAsync Pipeline Steps to be prepended to the front of the pipeline
+    ${HttpPipelinePrepend},
+
+    [Parameter(DontShow)]
+    [Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Category('Runtime')]
+    [System.Uri]
+    # The URI for the proxy server to use
+    ${Proxy},
+
+    [Parameter(DontShow)]
+    [ValidateNotNull()]
+    [Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Category('Runtime')]
+    [System.Management.Automation.PSCredential]
+    # Credentials for a proxy server to use for the remote call
+    ${ProxyCredential},
+
+    [Parameter(DontShow)]
+    [Microsoft.Azure.PowerShell.Cmdlets.Resources.MSGraph.Category('Runtime')]
+    [System.Management.Automation.SwitchParameter]
+    # Use the default credentials for the proxy
+    ${ProxyUseDefaultCredentials}
+)
+
+process {
+    switch ($PSCmdlet.ParameterSetName) {
+        {($_ -eq 'SPNWithResourceIdParameterSet') -or ($_ -eq 'SPNWithResourceDisplayNameParameterSet')}{
+            if ($PSBoundParameters['ServicePrincipalDisplayName']) {
+                $PSBoundParameters['DisplayName'] = $PSBoundParameters['ServicePrincipalDisplayName']
+                $null = $PSBoundParameters.Remove('ServicePrincipalDisplayName')
+                
+                $sp = Get-AzADServicePrincipal -DisplayName $PSBoundParameters['DisplayName']
+                if($null -eq $sp) {
+                    Write-Error "Cannot find service principal by DisplayName $($PSBoundParameters['DisplayName'])"
+                }
+
+                $PSBoundParameters['ServicePrincipalId'] = $sp.Id
+            }
+        }
+
+        {($_ -eq 'SPNWithResourceDisplayNameParameterSet') -or ($_ -eq 'ObjectIdWithResourceDisplayNameParameterSet')} {
+            if ($PSBoundParameters['ResourceDisplayName']) {
+                $sp = Get-AzADServicePrincipal -DisplayName $PSBoundParameters['ResourceDisplayName']
+                if($null -eq $sp) {
+                    Write-Error "Cannot find resource service principal by ResourceDisplayName $($PSBoundParameters['ResourceDisplayName'])"
+                }
+
+                $PSBoundParameters['ResourceId'] = $sp.Id 
+            }
+        }    
+    }
+
+    $PSBoundParameters['PrincipalId'] = $PSBoundParameters['ServicePrincipalId']
+
+    . Az.MSGraph.internal\New-AzADServicePrincipalAppRoleAssignment @PSBoundParameters
+    }
+
+}
+

src/Resources/MSGraph.Autorest/docs/Az.MSGraph.md

@@ -50,6 +50,9 @@ Retrieve a list of organization objects.
 ### [Get-AzADServicePrincipal](Get-AzADServicePrincipal.md)
 Lists entities from service principals or get entity from service principals by key
 
+### [Get-AzADServicePrincipalAppRoleAssignment](Get-AzADServicePrincipalAppRoleAssignment.md)
+Get appRoleAssignments from servicePrincipals
+
 ### [Get-AzADSpCredential](Get-AzADSpCredential.md)
 Lists key credentials and password credentials for an service principal.
 
@@ -74,6 +77,9 @@ Create new navigation property ref to owners for groups
 ### [New-AzADServicePrincipal](New-AzADServicePrincipal.md)
 Adds new entity to servicePrincipals
 
+### [New-AzADServicePrincipalAppRoleAssignment](New-AzADServicePrincipalAppRoleAssignment.md)
+Create new navigation property to appRoleAssignments for servicePrincipals
+
 ### [New-AzADSpCredential](New-AzADSpCredential.md)
 Creates key credentials or password credentials for an service principal.
 
@@ -108,6 +114,9 @@ Delete ref of navigation property owners for groups
 ### [Remove-AzADServicePrincipal](Remove-AzADServicePrincipal.md)
 Deletes entity from service principal.
 
+### [Remove-AzADServicePrincipalAppRoleAssignment](Remove-AzADServicePrincipalAppRoleAssignment.md)
+Delete navigation property appRoleAssignments for servicePrincipals
+
 ### [Remove-AzADSpCredential](Remove-AzADSpCredential.md)
 Removes key credentials or password credentials for an service principal.
 
@@ -126,6 +135,9 @@ Update entity in groups
 ### [Update-AzADServicePrincipal](Update-AzADServicePrincipal.md)
 Updates entity in service principal
 
+### [Update-AzADServicePrincipalAppRoleAssignment](Update-AzADServicePrincipalAppRoleAssignment.md)
+Update the navigation property appRoleAssignments in servicePrincipals
+
 ### [Update-AzADUser](Update-AzADUser.md)
 Updates entity in users