Az.Compute: Add managed identity support to Gallery cmdlets

src/Compute/Compute.Test/ScenarioTests/GalleryTests.cs

@@ -93,5 +93,19 @@ public void TestInVMAccessControlProfileVersion()
             TestRunner.RunTestScript("Test-InVMAccessControlProfileVersion");
         }
 
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void TestGalleryWithSystemAssignedIdentity()
+        {
+            TestRunner.RunTestScript("Test-GalleryWithSystemAssignedIdentity");
+        }
+
+        [Fact]
+        [Trait(Category.AcceptanceType, Category.CheckIn)]
+        public void TestUpdateGalleryWithSystemAssignedIdentity()
+        {
+            TestRunner.RunTestScript("Test-UpdateGalleryWithSystemAssignedIdentity");
+        }
+
     }
 }

src/Compute/Compute.Test/ScenarioTests/GalleryTests.ps1

@@ -1224,4 +1224,78 @@ function Test-InVMAccessControlProfileVersion
         # Cleanup
         Clean-ResourceGroup $rgname;
     }
-}
+}
+<#
+.SYNOPSIS
+Tests New-AzGallery with system-assigned managed identity
+#>
+function Test-GalleryWithSystemAssignedIdentity
+{
+    # Setup
+    $rgname = Get-ComputeTestResourceName;
+    $galleryName = 'gallery' + $rgname;
+
+    try
+    {
+        # Common
+        [string]$loc = Get-ComputeVMLocation;
+        $loc = $loc.Replace(' ', '');
+        New-AzResourceGroup -Name $rgname -Location $loc -Force;
+
+        # Create gallery with system-assigned identity
+        $gallery = New-AzGallery -ResourceGroupName $rgname -Name $galleryName -Location $loc -EnableSystemAssignedIdentity;
+
+        Assert-NotNull $gallery;
+        Assert-NotNull $gallery.Identity;
+        Assert-AreEqual "SystemAssigned" $gallery.Identity.Type.ToString();
+
+        # Retrieve gallery and verify identity is preserved
+        $gallery = Get-AzGallery -ResourceGroupName $rgname -Name $galleryName;
+        Assert-NotNull $gallery.Identity;
+        Assert-AreEqual "SystemAssigned" $gallery.Identity.Type.ToString();
+    }
+    finally
+    {
+        # Cleanup
+        Remove-AzResourceGroup -Name $rgname -Force -ErrorAction SilentlyContinue;
+    }
+}
+
+<#
+.SYNOPSIS
+Tests Update-AzGallery with system-assigned managed identity
+#>
+function Test-UpdateGalleryWithSystemAssignedIdentity
+{
+    # Setup
+    $rgname = Get-ComputeTestResourceName;
+    $galleryName = 'gallery' + $rgname;
+
+    try
+    {
+        # Common
+        [string]$loc = Get-ComputeVMLocation;
+        $loc = $loc.Replace(' ', '');
+        New-AzResourceGroup -Name $rgname -Location $loc -Force;
+
+        # Create gallery without identity
+        New-AzGallery -ResourceGroupName $rgname -Name $galleryName -Location $loc;
+
+        # Update gallery to add system-assigned identity
+        $gallery = Update-AzGallery -ResourceGroupName $rgname -Name $galleryName -EnableSystemAssignedIdentity;
+
+        Assert-NotNull $gallery;
+        Assert-NotNull $gallery.Identity;
+        Assert-AreEqual "SystemAssigned" $gallery.Identity.Type.ToString();
+
+        # Verify identity via Get
+        $gallery = Get-AzGallery -ResourceGroupName $rgname -Name $galleryName;
+        Assert-NotNull $gallery.Identity;
+        Assert-AreEqual "SystemAssigned" $gallery.Identity.Type.ToString();
+    }
+    finally
+    {
+        # Cleanup
+        Remove-AzResourceGroup -Name $rgname -Force -ErrorAction SilentlyContinue;
+    }
+}

src/Compute/Compute/ChangeLog.md

@@ -20,6 +20,9 @@
 
 -->
 ## Upcoming Release
+* Added `-EnableSystemAssignedIdentity` and `-UserAssignedIdentity` parameters to `New-AzGallery` cmdlet to support managed identities when creating an Azure Compute Gallery
+* Added `-EnableSystemAssignedIdentity` and `-UserAssignedIdentity` parameters to `Update-AzGallery` cmdlet to support updating managed identities on an Azure Compute Gallery
+* Updated `Get-AzGallery` output object to include the `Identity` property of type `GalleryIdentity`
 
 ## Version 11.4.0
 * Added `-DiskIOPSReadWrite` and `-DiskMBpsReadWrite` parameters to `Add-AzVMDataDisk` cmdlet

src/Compute/Compute/Generated/Gallery/GalleryCreateOrUpdateMethod.cs

@@ -92,6 +92,35 @@ public override void ExecuteCmdlet()
                         gallery.Tags = this.Tag.Cast<DictionaryEntry>().ToDictionary(ht => (string)ht.Key, ht => (string)ht.Value);
                     }
 
+                    bool hasSystemAssigned = this.IsParameterBound(c => c.EnableSystemAssignedIdentity) && this.EnableSystemAssignedIdentity.IsPresent;
+                    bool hasUserAssigned = this.IsParameterBound(c => c.UserAssignedIdentity) && this.UserAssignedIdentity.Length > 0;
+
+                    if (hasSystemAssigned || hasUserAssigned)
+                    {
+                        gallery.Identity = new GalleryIdentity();
+
+                        if (hasSystemAssigned && hasUserAssigned)
+                        {
+                            gallery.Identity.Type = ResourceIdentityType.SystemAssignedUserAssigned;
+                        }
+                        else if (hasSystemAssigned)
+                        {
+                            gallery.Identity.Type = ResourceIdentityType.SystemAssigned;
+                        }
+                        else
+                        {
+                            gallery.Identity.Type = ResourceIdentityType.UserAssigned;
+                        }
+
+                        if (hasUserAssigned)
+                        {
+                            gallery.Identity.UserAssignedIdentities = new Dictionary<string, UserAssignedIdentitiesValue>();
+                            foreach (var id in this.UserAssignedIdentity)
+                            {
+                                gallery.Identity.UserAssignedIdentities[id] = new UserAssignedIdentitiesValue();
+                            }
+                        }
+                    }
 
                     var result = GalleriesClient.CreateOrUpdate(resourceGroupName, galleryName, gallery);
                     var psObject = new PSGallery();
@@ -169,6 +198,17 @@ public override void ExecuteCmdlet()
             HelpMessage = "Gets or sets the prefix of the gallery name that will be displayed publicly. Visible to all users.")]
         public string PublicNamePrefix { get; set; }
 
+        [Parameter(
+            Mandatory = false,
+            HelpMessage = "Enables system-assigned managed identity on the gallery.")]
+        public SwitchParameter EnableSystemAssignedIdentity { get; set; }
+
+        [Parameter(
+            Mandatory = false,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = "The list of user-assigned managed identity resource IDs to associate with the gallery. The resource IDs are in the form '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.")]
+        public string[] UserAssignedIdentity { get; set; }
+
     }
 
     [Cmdlet(VerbsData.Update, ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "Gallery", DefaultParameterSetName = "DefaultParameter", SupportsShouldProcess = true)]
@@ -242,6 +282,39 @@ public override void ExecuteCmdlet()
                         gallery.Tags = this.Tag.Cast<DictionaryEntry>().ToDictionary(ht => (string)ht.Key, ht => (string)ht.Value);
                     }
 
+                    bool hasSystemAssigned = this.IsParameterBound(c => c.EnableSystemAssignedIdentity) && this.EnableSystemAssignedIdentity.IsPresent;
+                    bool hasUserAssigned = this.IsParameterBound(c => c.UserAssignedIdentity) && this.UserAssignedIdentity.Length > 0;
+
+                    if (hasSystemAssigned || hasUserAssigned)
+                    {
+                        if (gallery.Identity == null)
+                        {
+                            gallery.Identity = new GalleryIdentity();
+                        }
+
+                        if (hasSystemAssigned && hasUserAssigned)
+                        {
+                            gallery.Identity.Type = ResourceIdentityType.SystemAssignedUserAssigned;
+                        }
+                        else if (hasSystemAssigned)
+                        {
+                            gallery.Identity.Type = ResourceIdentityType.SystemAssigned;
+                        }
+                        else
+                        {
+                            gallery.Identity.Type = ResourceIdentityType.UserAssigned;
+                        }
+
+                        if (hasUserAssigned)
+                        {
+                            gallery.Identity.UserAssignedIdentities = new Dictionary<string, UserAssignedIdentitiesValue>();
+                            foreach (var id in this.UserAssignedIdentity)
+                            {
+                                gallery.Identity.UserAssignedIdentities[id] = new UserAssignedIdentitiesValue();
+                            }
+                        }
+                    }
+
                     if (this.IsParameterBound(c => c.Permission))
                     {
                         if (gallery.SharingProfile == null)
@@ -371,7 +444,7 @@ public override void ExecuteCmdlet()
                     }
                     else
                     {
-                        GalleriesClient.CreateOrUpdate(resourceGroupName, galleryName, gallery);
+                        result = GalleriesClient.CreateOrUpdate(resourceGroupName, galleryName, gallery);
                     }
                     var psObject = new PSGallery();
                     ComputeAutomationAutoMapperProfile.Mapper.Map<Gallery, PSGallery>(result, psObject);
@@ -496,5 +569,16 @@ public override void ExecuteCmdlet()
             ValueFromPipelineByPropertyName = true,
             HelpMessage = "Gets or sets the prefix of the gallery name that will be displayed publicly. Visible to all users.")]
         public string PublicNamePrefix { get; set; }
+
+        [Parameter(
+            Mandatory = false,
+            HelpMessage = "Enables system-assigned managed identity on the gallery.")]
+        public SwitchParameter EnableSystemAssignedIdentity { get; set; }
+
+        [Parameter(
+            Mandatory = false,
+            ValueFromPipelineByPropertyName = true,
+            HelpMessage = "The list of user-assigned managed identity resource IDs to associate with the gallery. The resource IDs are in the form '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.")]
+        public string[] UserAssignedIdentity { get; set; }
     }
 }

src/Compute/Compute/Generated/Models/PSGallery.cs

@@ -49,6 +49,7 @@ public string ResourceGroupName
         public string Location { get; set; }
         public IDictionary<string, string> Tags { get; set; }
         public SharingProfile SharingProfile { get; set; }
+        public GalleryIdentity Identity { get; set; }
 
     }
 }

src/Compute/Compute/help/New-AzGallery.md

@@ -16,6 +16,7 @@ Create a gallery.
 New-AzGallery [-ResourceGroupName] <String> [-Name] <String> [-AsJob] [-Location] <String>
  [-Description <String>] [-Tag <Hashtable>] [-Permission <String>] [-PublisherUri <String>]
  [-PublisherContact <String>] [-Eula <String>] [-PublicNamePrefix <String>]
+ [-EnableSystemAssignedIdentity] [-UserAssignedIdentity <String[]>]
  [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm]
  [<CommonParameters>]
 ```
@@ -39,6 +40,21 @@ New-AzGallery -ResourceGroupName $rgname -Name $galleryName -Location $location
 
 Create a gallery with Direct Sharing enabled.
 
+### Example 3
+```powershell
+New-AzGallery -ResourceGroupName $rgname -Name $galleryName -Location $location -EnableSystemAssignedIdentity
+```
+
+Create a gallery with a system-assigned managed identity.
+
+### Example 4
+```powershell
+$uid = Get-AzUserAssignedIdentity -ResourceGroupName $rgname -Name $identityName
+New-AzGallery -ResourceGroupName $rgname -Name $galleryName -Location $location -UserAssignedIdentity $uid.Id
+```
+
+Create a gallery with a user-assigned managed identity.
+
 ## PARAMETERS
 
 ### -AsJob
@@ -86,6 +102,21 @@ Accept pipeline input: True (ByPropertyName)
 Accept wildcard characters: False
 ```
 
+### -EnableSystemAssignedIdentity
+Enables system-assigned managed identity on the gallery.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -Eula
 Gets or sets end-user license agreement for community gallery image.
 
@@ -221,6 +252,21 @@ Accept pipeline input: True (ByPropertyName)
 Accept wildcard characters: False
 ```
 
+### -UserAssignedIdentity
+The list of user-assigned managed identity resource IDs to associate with the gallery. The resource IDs are in the form '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
+
+```yaml
+Type: System.String[]
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: True (ByPropertyName)
+Accept wildcard characters: False
+```
+
 ### -Confirm
 Prompts you for confirmation before running the cmdlet.
 
@@ -261,6 +307,8 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable
 
 ### System.Collections.Hashtable
 
+### System.String[]
+
 ## OUTPUTS
 
 ### Microsoft.Azure.Commands.Compute.Automation.Models.PSGallery