Merge pull request Azure#7228 from bganapa/role-fix

Maddie Clayton · web-flow · commit 07fc6c249b7f · 2018-09-13T18:44:47.000-05:00
Fix for New-AzureRmRoleAssignment and Remove-AzureRmRoleAssignment fo…
diff --git a/Resources/Commands.Resources/Models.Authorization/AuthorizationClient.cs b/Resources/Commands.Resources/Models.Authorization/AuthorizationClient.cs
@@ -165,14 +165,25 @@ public List<PSRoleDefinition> FilterRoleDefinitionsByCustom(string scope, bool s
         public PSRoleAssignment CreateRoleAssignment(FilterRoleAssignmentsOptions parameters)
         {
             Guid principalId = ActiveDirectoryClient.GetObjectId(parameters.ADObjectFilter);
+            string principalIdStr = null;
+
+            if (principalId == Guid.Empty)
+            {
+                principalIdStr = ActiveDirectoryClient.GetAdfsObjectId(parameters.ADObjectFilter);
+            }
+            else
+            {
+                principalIdStr = principalId.ToString();
+            }
+
             Guid roleAssignmentId = RoleAssignmentNames.Count == 0 ? Guid.NewGuid() : RoleAssignmentNames.Dequeue();
             string scope = parameters.Scope;
             string roleDefinitionId = !string.IsNullOrEmpty(parameters.RoleDefinitionName)
                 ? AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, GetSingleRoleDefinitionByName(parameters.RoleDefinitionName, scope).Id)
                 : AuthorizationHelper.ConstructFullyQualifiedRoleDefinitionIdFromScopeAndIdAsGuid(scope, parameters.RoleDefinitionId);
             var createProperties = new RoleAssignmentProperties
             {
-                PrincipalId = principalId.ToString(),
+                PrincipalId = principalIdStr,
                 RoleDefinitionId = roleDefinitionId
             };
             var createParameters = new RoleAssignmentCreateParameters(createProperties);
diff --git a/Resources/Commands.Resources/RoleAssignments/RemoveAzureRoleAssignmentCommand.cs b/Resources/Commands.Resources/RoleAssignments/RemoveAzureRoleAssignmentCommand.cs
@@ -175,7 +175,7 @@ public override void ExecuteCmdlet()
                 ADObjectFilter = new ADObjectFilterOptions
                 {
                     UPN = SignInName,
-                    Id =  ObjectId.ToString(),
+                    Id =  ObjectId,
                     SPN = ServicePrincipalName
                 },
                 ResourceIdentifier = new ResourceIdentifier()

Original file line number	Diff line number	Diff line change
`@@ -175,7 +175,7 @@ public override void ExecuteCmdlet()`
`175`	`175`	`ADObjectFilter = new ADObjectFilterOptions`
`176`	`176`	`{`
`177`	`177`	`UPN = SignInName,`
`178`		`- Id = ObjectId.ToString(),`
	`178`	`+ Id = ObjectId,`
`179`	`179`	`SPN = ServicePrincipalName`
`180`	`180`	`},`
`181`	`181`	`ResourceIdentifier = new ResourceIdentifier()`