Merge pull request #12463 from Azure/revert-12425-master

Revert "Add new attributes to role assignment objects and related cmdlets"

Author: wyunchi-ms

src/Resources/Resources.Test/Resources.Test.csproj

@@ -12,7 +12,7 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.Azure.Graph.RBAC" Version="3.5.0-preview" />
-    <PackageReference Include="Microsoft.Azure.Management.Authorization" Version="2.12.0-preview" />
+    <PackageReference Include="Microsoft.Azure.Management.Authorization" Version="2.11.0-preview" />
     <PackageReference Include="Microsoft.Azure.Management.ManagementGroups" Version="1.1.1-preview" />
   </ItemGroup>
 

src/Resources/Resources.Test/ScenarioTests/Common.ps1

@@ -116,9 +116,6 @@ function New-AzRoleAssignmentWithId
         [string] [Parameter()] $RoleDefinitionName,
         [Guid]   [Parameter()] $RoleDefinitionId,
         [switch] [Parameter()] $AllowDelegation,
-        [string] [Parameter()] $Description,
-        [string] [Parameter()] $Condition,
-        [string] [Parameter()] $ConditionVersion,
         [Guid]   [Parameter()] $RoleAssignmentId
     )
 
@@ -187,21 +184,6 @@ function New-AzRoleAssignmentWithId
         $cmdlet.RoleAssignmentId = $RoleAssignmentId
     }
 
-    if (-not ([string]::IsNullOrEmpty($Description)))
-    {
-        $cmdlet.Description = $Description
-    }
-
-    if (-not ([string]::IsNullOrEmpty($Condition)))
-    {
-        $cmdlet.Condition = $Condition
-    }
-
-    if (-not ([string]::IsNullOrEmpty($ConditionVersion)))
-    {
-        $cmdlet.ConditionVersion = $ConditionVersion
-    }
-
     $cmdlet.ExecuteCmdlet()
 }
 

src/Resources/Resources.Test/ScenarioTests/RoleAssignmentTests.cs

@@ -181,34 +181,6 @@ public void RaCreatedBySP()
             TestRunner.RunTestScript("Test-RaCreatedBySP");
         }
 
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void RaWithV1Conditions()
-        {
-            TestRunner.RunTestScript("Test-RaWithV1Conditions");
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void RaWithV2Conditions()
-        {
-            TestRunner.RunTestScript("Test-RaWithV2Conditions");
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void RaWithV2ConditionsOnly()
-        {
-            TestRunner.RunTestScript("Test-RaWithV2ConditionsOnly");
-        }
-
-        [Fact]
-        [Trait(Category.AcceptanceType, Category.CheckIn)]
-        public void RaWithV2ConditionVersionOnly()
-        {
-            TestRunner.RunTestScript("Test-RaWithV2ConditionVersionOnly");
-        }
-
         [Fact(Skip = "Fix the flaky test and token error and then re-record the test. Token from admin user is being used even when trying to use newly created user.")]
         [Trait(Category.AcceptanceType, Category.CheckIn)]
         public void RaUserPermissions()

src/Resources/Resources.Test/ScenarioTests/RoleAssignmentTests.ps1

@@ -721,137 +721,4 @@ function Test-RaCreatedBySP
     -RoleAssignmentId f0f113bd-7ff9-4eb6-b949-5de18d1b38ca
 
     Assert-NotNull $data
-}
-
-<#
-.SYNOPSIS
-Create role assignment with v1 conditions
-#>
-function Test-RaWithV1Conditions{
-
-    #Given
-    $RoleDefinitionId = "acdd72a7-3385-48ef-bd42-f606fba81ae7"
-    $PrincipalId = "01072e9b-c4a1-4246-a756-031b529bbf66"
-    $Scope = '/subscriptions/4e5329a6-39ce-4e13-b12e-11b30f015986/resourceGroups/contoso_rg'
-    $Description = "This test should not fail"
-    $Condition = "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'"
-    $ConditionVersion = "1.0"
-    
-    #When
-    $data = {New-AzRoleAssignmentWithId `
-    -ObjectId $PrincipalId `
-    -Scope $Scope `
-    -RoleDefinitionId $RoleDefinitionId `
-    -Description $Description `
-    -Condition $Condition `
-    -ConditionVersion $ConditionVersion `
-    -RoleAssignmentId 734de5f5-c680-41c0-8beb-67b98c3539d1}
-    
-    #Then
-    Assert-Throws $data "Argument -ConditionVersion must be greater or equal than 2.0"
-}
-
-<#
-.SYNOPSIS
-Create role assignment with v2 conditions
-#>
-function Test-RaWithV2Conditions{
-    #Given
-    $RoleDefinitionId = "acdd72a7-3385-48ef-bd42-f606fba81ae7"
-    $PrincipalId = "01072e9b-c4a1-4246-a756-031b529bbf66"
-    $Scope = '/subscriptions/4e5329a6-39ce-4e13-b12e-11b30f015986/resourceGroups/contoso_rg'
-    $Description = "This test should not fail"
-    $Condition = "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:Name] StringEqualsIgnoreCase 'foo_storage_container'"
-    $ConditionVersion = "2.0"
-
-    #When
-    $data = New-AzRoleAssignmentWithId `
-    -ObjectId $PrincipalId `
-    -Scope $Scope `
-    -RoleDefinitionId $RoleDefinitionId `
-    -Description $Description `
-    -Condition $Condition `
-    -ConditionVersion $ConditionVersion `
-    -RoleAssignmentId 734de5f5-c680-41c0-8beb-67b98c3539d2
-
-    #Then
-    Assert-NotNull $data "The role assignment was not created succesfully"
-    Assert-AreEqual $RoleDefinitionId $data.RoleDefinitionId "Assertion failed because expected RoleDefinitionId '$RoleDefinitionId' does not match actual '$data.RoleDefinitionId'"
-    Assert-AreEqual $PrincipalId $data.ObjectId "Assertion failed because expected PrincipalId '$PrincipalId' does not match actual '$data.ObjectId'"
-    Assert-AreEqual $Scope $data.Scope "Assertion failed because expected Scope '$Scope' does not match actual '$data.Scope'"
-    Assert-AreEqual $Description $data.Description "Assertion failed because expected Description '$Description' does not match actual '$data.Description'"
-    Assert-AreEqual $Condition $data.Condition "Assertion failed because expected Condition '$Condition' does not match actual '$data.Condition'"
-    Assert-AreEqual $ConditionVersion $data.ConditionVersion "Assertion failed because expected ConditionVersion '$ConditionVersion' does not match actual '$data.ConditionVersion'"
-
-    #Cleanup
-    $data = Remove-AzRoleAssignment -InputObject $data
-    Assert-Null $data "Role assignment was not deleted properly"
-}
-
-<#
-.SYNOPSIS
-Create role assignment with v2 conditions
-#>
-function Test-RaWithV2ConditionsOnly{
-    #Given
-    $RoleDefinitionId = "acdd72a7-3385-48ef-bd42-f606fba81ae7"
-    $PrincipalId = "01072e9b-c4a1-4246-a756-031b529bbf66"
-    $Scope = '/subscriptions/4e5329a6-39ce-4e13-b12e-11b30f015986/resourceGroups/contoso_rg'
-    #$RoleDefinitionId = "0353ee0a-19ae-4380-ba3d-d54767c75d5b"
-    #$PrincipalId = "e95fa608-3d49-4438-9f60-35d85d84ca16"
-    #$Scope = '/subscriptions/4004a9fd-d58e-48dc-aeb2-4a4aec58606f/resourceGroups/daorozco_bug_repro'
-    $Description = "This test should not fail"
-    $Condition = "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:Name] StringEqualsIgnoreCase 'foo_storage_container'"
-    $ConditionVersion = "2.0"
-
-    #When
-    $data = New-AzRoleAssignmentWithId `
-    -ObjectId $PrincipalId `
-    -Scope $Scope `
-    -RoleDefinitionId $RoleDefinitionId `
-    -Description $Description `
-    -Condition $Condition `
-    -RoleAssignmentId 734de5f5-c680-41c0-8beb-67b98c3539d2
-
-    #Then
-    Assert-NotNull $data "The role assignment was not created succesfully"
-    Assert-AreEqual $RoleDefinitionId $data.RoleDefinitionId "Assertion failed because expected RoleDefinitionId '$RoleDefinitionId' does not match actual '$data.RoleDefinitionId'"
-    Assert-AreEqual $PrincipalId $data.ObjectId "Assertion failed because expected PrincipalId '$PrincipalId' does not match actual '$data.ObjectId'"
-    Assert-AreEqual $Scope $data.Scope "Assertion failed because expected Scope '$Scope' does not match actual '$data.Scope'"
-    Assert-AreEqual $Description $data.Description "Assertion failed because expected Description '$Description' does not match actual '$data.Description'"
-    Assert-AreEqual $Condition $data.Condition "Assertion failed because expected Condition '$Condition' does not match actual '$data.Condition'"
-    Assert-AreEqual $ConditionVersion $data.ConditionVersion "Assertion failed because expected ConditionVersion '$ConditionVersion' does not match actual '$data.ConditionVersion'"
-
-    #Cleanup
-    $data = Remove-AzRoleAssignment -InputObject $data
-    Assert-Null $data "Role assignment was not deleted properly"
-}
-
-<#
-.SYNOPSIS
-Create role assignment with v2 conditions
-#>
-function Test-RaWithV2ConditionVersionOnly{
-    # IMPORTANT this cmdlet gets interrupted before any network call in this scenario, no session record is needed
-    #Given
-    #$RoleDefinitionId = "acdd72a7-3385-48ef-bd42-f606fba81ae7"
-    #$PrincipalId = "01072e9b-c4a1-4246-a756-031b529bbf66"
-    #$Scope = '/subscriptions/4e5329a6-39ce-4e13-b12e-11b30f015986/resourceGroups/contoso_rg'
-    $RoleDefinitionId = "0353ee0a-19ae-4380-ba3d-d54767c75d5b"
-    $PrincipalId = "e95fa608-3d49-4438-9f60-35d85d84ca16"
-    $Scope = '/subscriptions/4004a9fd-d58e-48dc-aeb2-4a4aec58606f/resourceGroups/daorozco_bug_repro'
-    $Description = "This test should not fail"
-    $ConditionVersion = "2.0"
-
-    #When
-    $data = {New-AzRoleAssignmentWithId `
-    -ObjectId $PrincipalId `
-    -Scope $Scope `
-    -RoleDefinitionId $RoleDefinitionId `
-    -Description $Description `
-    -ConditionVersion $ConditionVersion `
-    -RoleAssignmentId 734de5f5-c680-41c0-8beb-67b98c3539d2}
-
-    #Then
-    Assert-Throws $data "If -ConditionVersion is set -Condition can not be empty."
 }