Azure · VeryEarly · Oct 8, 2024 · Aug 28, 2024 · Aug 28, 2024 · Aug 28, 2024
diff --git a/src/StorageSync/StorageSync.Test/Common/MockSyncServerRegistrationClientBase.cs b/src/StorageSync/StorageSync.Test/Common/MockSyncServerRegistrationClientBase.cs
@@ -36,7 +36,7 @@ namespace Commands.StorageSync.Interop.Clients
     /// <seealso cref="Commands.StorageSync.Interop.Interfaces.ISyncServerRegistration" />
     public abstract class MockSyncServerRegistrationClientBase : ISyncServerRegistration
     {
-        public bool EnableMIChecking { get; protected set; } = false; // enable it in v20 azure file sync agent
+        public bool EnableMIChecking { get; protected set; } = true;
 
         /// <summary>
         /// The m is disposed

diff --git a/src/StorageSync/StorageSync/ChangeLog.md b/src/StorageSync/StorageSync/ChangeLog.md
@@ -18,6 +18,8 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
+* Fixed the bug in server registration
+* Improved the error message for Set-AzStorageSyncServiceIdentity cmdlet
 
 ## Version 2.3.1
 * Fixed the bug in server registration

diff --git a/src/StorageSync/StorageSync/CloudEndpoint/NewCloudEndpointCommand.cs b/src/StorageSync/StorageSync/CloudEndpoint/NewCloudEndpointCommand.cs
@@ -256,17 +256,17 @@ public override void ExecuteCmdlet()
                 {
                     // Identity , RoleDef, Scope
                     var scope = StorageAccountResourceId;
-                    var identityRoleAssignmentForSAScope = StorageSyncClientWrapper.EnsureRoleAssignmentWithIdentity(storageAccountResourceIdentifier.Subscription,
+                    StorageSyncClientWrapper.EnsureRoleAssignmentWithIdentity(storageAccountResourceIdentifier.Subscription,
                         storageSyncService.Identity.PrincipalId.Value,
                         Common.StorageSyncClientWrapper.StorageAccountContributorRoleDefinitionId,
                         scope);
 
                     scope = $"{StorageAccountResourceId}/fileServices/default/fileshares/{AzureFileShareName}";
-                    var identityRoleAssignmentForFilsShareScope = StorageSyncClientWrapper.EnsureRoleAssignmentWithIdentity(storageAccountResourceIdentifier.Subscription,
+                    (var identityRoleAssignmentForFilsShareScope , bool alreadyExists) = StorageSyncClientWrapper.EnsureRoleAssignmentWithIdentity(storageAccountResourceIdentifier.Subscription,
                        storageSyncService.Identity.PrincipalId.Value,
                        Common.StorageSyncClientWrapper.StorageFileDataPrivilegedContributorRoleDefinitionId,
                        scope);
-                    shouldSleep = true;
+                    shouldSleep = !alreadyExists;
                 }
 
                     Target = string.Join("/", resourceGroupName, storageSyncServiceName, syncGroupName, Name);

diff --git a/src/StorageSync/StorageSync/CloudEndpoint/SetCloudEndpointPermissionCommand.cs b/src/StorageSync/StorageSync/CloudEndpoint/SetCloudEndpointPermissionCommand.cs
@@ -161,13 +161,13 @@ public override void ExecuteCmdlet()
                         var storageAccountResourceIdentifier = new ResourceIdentifier(cloudEndpoint.StorageAccountResourceId);
                         // Identity , RoleDef, Scope
                         var scope = cloudEndpoint.StorageAccountResourceId;
-                        var identityRoleAssignmentForSAScope = StorageSyncClientWrapper.EnsureRoleAssignmentWithIdentity(storageAccountResourceIdentifier.Subscription,
+                        StorageSyncClientWrapper.EnsureRoleAssignmentWithIdentity(storageAccountResourceIdentifier.Subscription,
                             storageSyncService.Identity.PrincipalId.Value,
                             Common.StorageSyncClientWrapper.StorageAccountContributorRoleDefinitionId,
                             scope);
 
                         scope = $"{cloudEndpoint.StorageAccountResourceId}/fileServices/default/fileshares/{cloudEndpoint.AzureFileShareName}";
-                        var identityRoleAssignmentForFilsShareScope = StorageSyncClientWrapper.EnsureRoleAssignmentWithIdentity(storageAccountResourceIdentifier.Subscription,
+                        StorageSyncClientWrapper.EnsureRoleAssignmentWithIdentity(storageAccountResourceIdentifier.Subscription,
                            storageSyncService.Identity.PrincipalId.Value,
                            Common.StorageSyncClientWrapper.StorageFileDataPrivilegedContributorRoleDefinitionId,
                            scope);

diff --git a/src/StorageSync/StorageSync/Common/StorageSyncClientWrapper.cs b/src/StorageSync/StorageSync/Common/StorageSyncClientWrapper.cs
@@ -393,7 +393,7 @@ public bool DeleteRoleAssignmentWithIdentity(string storageAccountSubscriptionId
         /// <param name="roleDefinitionId">Role definition id</param>
         /// <param name="scope">Scope</param>
         /// <returns>Role Assignment</returns>
-        public RoleAssignment EnsureRoleAssignmentWithIdentity(string storageAccountSubscriptionId, Guid principalId, string roleDefinitionId, string scope)
+        public (RoleAssignment,bool) EnsureRoleAssignmentWithIdentity(string storageAccountSubscriptionId, Guid principalId, string roleDefinitionId, string scope)
         {
             if(principalId == Guid.Empty)
             { 
@@ -413,13 +413,13 @@ public RoleAssignment EnsureRoleAssignmentWithIdentity(string storageAccountSubs
                 var resourceIdentifier = new ResourceIdentifier(scope);
                 string roleDefinitionScope = $"/subscriptions/{storageAccountSubscriptionId}";
                 RoleDefinition roleDefinition = AuthorizationManagementClient.RoleDefinitions.Get(roleDefinitionScope, roleDefinitionId);
-                VerboseLogger.Invoke($"Creating role assignment for Identity {principalId} RoleDef:{roleDefinition.Name} ({roleDefinition.RoleName}) and Scope: {scope}"); 
+                VerboseLogger.Invoke($"Creating role assignment for Identity {principalId} RoleDef:{roleDefinition.Name} ({roleDefinition.RoleName}) and Scope: {scope}");
 
                 var serverPrincipalId = principalId.ToString();
-                
+
 
                 var resourceType = string.Empty;
-                if(!string.IsNullOrEmpty(resourceIdentifier.ParentResource))
+                if (!string.IsNullOrEmpty(resourceIdentifier.ParentResource))
                 {
                     resourceType = $"{resourceIdentifier.ParentResource}/";
                 }
@@ -438,7 +438,7 @@ public RoleAssignment EnsureRoleAssignmentWithIdentity(string storageAccountSubs
                 Guid roleAssignmentId = StorageSyncResourceManager.GetGuid();
                 RoleAssignment roleAssignment = roleAssignments.FirstOrDefault(r => r.PrincipalId == serverPrincipalId &&
                     string.Equals(r.RoleDefinitionId, roleDefinition.Id, StringComparison.OrdinalIgnoreCase));
-
+                bool alreadyExists;
                 if (roleAssignment == null)
                 {
                     VerboseLogger.Invoke(StorageSyncResources.CreateRoleAssignmentMessage);
@@ -450,15 +450,17 @@ public RoleAssignment EnsureRoleAssignmentWithIdentity(string storageAccountSubs
                     roleAssignment = AuthorizationManagementClient.RoleAssignments.Create(roleAssignmentScope, roleAssignmentId.ToString(), createParameters);
                     StorageSyncResourceManager.Wait();
                     VerboseLogger.Invoke($"Successfully created role assignment {roleAssignment.Id}");
+                    alreadyExists = false;
                 }
                 else
                 {
                     VerboseLogger.Invoke($"Role assignment already exists {roleAssignment.Id}");
+                    alreadyExists = true;
                 }
 
-                return roleAssignment;
+                return (roleAssignment, alreadyExists);
             }
-            catch(Exception ex)
+            catch (Exception ex)
             {
                 VerboseLogger.Invoke($"Failed to create role assignment with exception {ex.Message}. Please create role assignment using troubleshooting documents.");
                 throw;

diff --git a/src/StorageSync/StorageSync/Interfaces/IStorageSyncClientWrapper.cs b/src/StorageSync/StorageSync/Interfaces/IStorageSyncClientWrapper.cs
@@ -103,7 +103,7 @@ public interface IStorageSyncClientWrapper
         /// <param name="roleDefinitionId">Role definition id</param>
         /// <param name="scope">Scope</param>
         /// <returns>Role Assignment</returns>
-        RoleAssignment EnsureRoleAssignmentWithIdentity(string storageAccountSubscriptionId, Guid principalId, string roleDefinitionId, string scope);
+        (RoleAssignment, bool) EnsureRoleAssignmentWithIdentity(string storageAccountSubscriptionId, Guid principalId, string roleDefinitionId, string scope);
 
         /// <summary>
         /// This function will try to delete role assignment if it exists.

diff --git a/src/StorageSync/StorageSync/Interop/ManagedIdentity/ServerManagedIdentityProvider.cs b/src/StorageSync/StorageSync/Interop/ManagedIdentity/ServerManagedIdentityProvider.cs
@@ -23,7 +23,7 @@ public class ServerManagedIdentityProvider : IServerManagedIdentityProvider , ID
 
         public ServerManagedIdentityProvider(Action<string, EventLevel> traceLog = null)
         {
-            EnableMIChecking = false;
+            EnableMIChecking = true;
             this.TraceLog = new Action<string, EventLevel>((message, e) => {
                 if (traceLog != null)
                 {
@@ -42,12 +42,6 @@ public ServerManagedIdentityProvider(Action<string, EventLevel> traceLog = null)
         public LocalServerType GetServerType(IEcsManagement ecsManagement)
         {
             TraceLog($"{nameof(EnableMIChecking)} is {EnableMIChecking}.", EventLevel.Informational);
-
-            // TODO: this should be removed once MI is fully functional
-            if (!EnableMIChecking)
-            {
-                return LocalServerType.HybridServer;
-            }
             ManagedIdentityConfigurationInfo serverInfo = GetManagedIdentityConfigurationStatus(ecsManagement);
             return serverInfo.ServerType;
         }
@@ -135,7 +129,8 @@ private ManagedIdentityConfigurationInfo GetManagedIdentityConfigurationStatus(I
             catch (Exception ex)
             {
                 TraceLog(ex.ToString(), EventLevel.Error);
-                throw;
+                //throw;
+                serverInfo = new ManagedIdentityConfigurationInfo(LocalServerType.HybridServer, RegisteredServerAuthType.Certificate);
             }
 
             return serverInfo;

diff --git a/src/StorageSync/StorageSync/RegisteredServer/RegisterServerCommand.cs b/src/StorageSync/StorageSync/RegisteredServer/RegisterServerCommand.cs
@@ -227,8 +227,7 @@ private RegisteredServer CreateRegisteredResourceInCloud(string resourceGroupNam
                 ClusterId = serverRegistrationData.ClusterId.ToString(),
                 ClusterName = serverRegistrationData.ClusterName,
                 AgentVersion = serverRegistrationData.AgentVersion,
-                //ApplicationId = serverRegistrationData.ApplicationId.HasValue ? serverRegistrationData.ApplicationId.Value.ToString() : null,
-                ApplicationId = Guid.Empty.ToString(),
+                ApplicationId = serverRegistrationData.ApplicationId.HasValue ? serverRegistrationData.ApplicationId.Value.ToString() : Guid.Empty.ToString(),
                 ServerCertificate = serverRegistrationData.ServerCertificate != null ? Convert.ToBase64String(serverRegistrationData.ServerCertificate) : null,
                 ServerOSVersion = serverRegistrationData.ServerOSVersion,
                 ServerRole = serverRegistrationData.ServerRole.ToString(),

diff --git a/src/StorageSync/StorageSync/ServerEndpoint/NewServerEndpointCommand.cs b/src/StorageSync/StorageSync/ServerEndpoint/NewServerEndpointCommand.cs
@@ -319,7 +319,7 @@ public override void ExecuteCmdlet()
                         }
                         var storageAccountResourceIdentifier = new ResourceIdentifier(cloudEndpoint.StorageAccountResourceId);
                         var scope = $"{cloudEndpoint.StorageAccountResourceId}/fileServices/default/fileshares/{cloudEndpoint.AzureFileShareName}";
-                        var identityRoleAssignmentForFilsShareScope = StorageSyncClientWrapper.EnsureRoleAssignmentWithIdentity(storageAccountResourceIdentifier.Subscription,
+                        StorageSyncClientWrapper.EnsureRoleAssignmentWithIdentity(storageAccountResourceIdentifier.Subscription,
                            serverIdentityGuid,
                            Common.StorageSyncClientWrapper.StorageFileDataPrivilegedContributorRoleDefinitionId,
                            scope);

diff --git a/src/StorageSync/StorageSync/ServerEndpoint/SetServerEndpointCommandPermission.cs b/src/StorageSync/StorageSync/ServerEndpoint/SetServerEndpointCommandPermission.cs
@@ -232,7 +232,7 @@ public override void ExecuteCmdlet()
                                 }
                                 var storageAccountResourceIdentifier = new ResourceIdentifier(cloudEndpoint.StorageAccountResourceId);
                                 var scope = $"{cloudEndpoint.StorageAccountResourceId}/fileServices/default/fileshares/{cloudEndpoint.AzureFileShareName}";
-                                var identityRoleAssignmentForFilsShareScope = StorageSyncClientWrapper.EnsureRoleAssignmentWithIdentity(storageAccountResourceIdentifier.Subscription,
+                                StorageSyncClientWrapper.EnsureRoleAssignmentWithIdentity(storageAccountResourceIdentifier.Subscription,
                                    serverIdentityGuid,
                                    Common.StorageSyncClientWrapper.StorageFileDataPrivilegedContributorRoleDefinitionId,
                                    scope);

diff --git a/src/StorageSync/StorageSync/StorageSyncService/SetStorageSyncServiceIdentityCommand.cs b/src/StorageSync/StorageSync/StorageSyncService/SetStorageSyncServiceIdentityCommand.cs
@@ -187,11 +187,6 @@ public override void ExecuteCmdlet()
                         }
                     }
 
-                    if(candidateServersLookup.Count == 0)
-                    {
-                        throw new PSArgumentException("No server found which can be configured to use a managed identity.");
-                    }
-
                     StorageSyncClientWrapper.VerboseLogger.Invoke($"Found {candidateServersLookup.Count} servers out of {registeredServers.Count(s => s.ServerRole != ServerRoleType.ClusterName.ToString())} total servers to migrate");
 
                     // 2. Set System Assigned managed identity to Storage Sync service
@@ -239,13 +234,13 @@ public override void ExecuteCmdlet()
 
                             // Identity , RoleDef, Scope
                             var scope = cloudEndpoint.StorageAccountResourceId;
-                            var identityRoleAssignmentForSAScope = StorageSyncClientWrapper.EnsureRoleAssignmentWithIdentity(storageAccountResourceIdentifier.Subscription,
+                            StorageSyncClientWrapper.EnsureRoleAssignmentWithIdentity(storageAccountResourceIdentifier.Subscription,
                                 storageSyncService.Identity.PrincipalId.Value,
                                 Common.StorageSyncClientWrapper.StorageAccountContributorRoleDefinitionId,
                                 scope);
 
                             scope = $"{cloudEndpoint.StorageAccountResourceId}/fileServices/default/fileshares/{cloudEndpoint.AzureFileShareName}";
-                            var identityRoleAssignmentForFilsShareScope = StorageSyncClientWrapper.EnsureRoleAssignmentWithIdentity(storageAccountResourceIdentifier.Subscription,
+                            StorageSyncClientWrapper.EnsureRoleAssignmentWithIdentity(storageAccountResourceIdentifier.Subscription,
                                storageSyncService.Identity.PrincipalId.Value,
                                Common.StorageSyncClientWrapper.StorageFileDataPrivilegedContributorRoleDefinitionId,
                                scope);
@@ -279,7 +274,7 @@ public override void ExecuteCmdlet()
                                         }
                                         // Identity , RoleDef, Scope
                                         scope = $"{cloudEndpoint.StorageAccountResourceId}/fileServices/default/fileshares/{cloudEndpoint.AzureFileShareName}";
-                                        identityRoleAssignmentForFilsShareScope = StorageSyncClientWrapper.EnsureRoleAssignmentWithIdentity(storageAccountResourceIdentifier.Subscription,
+                                        StorageSyncClientWrapper.EnsureRoleAssignmentWithIdentity(storageAccountResourceIdentifier.Subscription,
                                            applicationGuid,
                                            Common.StorageSyncClientWrapper.StorageFileDataPrivilegedContributorRoleDefinitionId,
                                            scope);