From 5baca89e33b38bddd5cdaeee1ca18327537eea1b Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 12 Mar 2026 21:26:41 +0000 Subject: [PATCH 1/2] Initial plan From 90fef0c8c56ce152c1f996be3797366c15115ca1 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 12 Mar 2026 21:39:18 +0000 Subject: [PATCH 2/2] Add managed identity support to New-AzGallery and Update-AzGallery cmdlets Co-authored-by: audreyttt <225061541+audreyttt@users.noreply.github.com> --- .../ScenarioTests/GalleryTests.cs | 14 +++ .../ScenarioTests/GalleryTests.ps1 | 76 +++++++++++++++- src/Compute/Compute/ChangeLog.md | 3 + .../Gallery/GalleryCreateOrUpdateMethod.cs | 86 ++++++++++++++++++- .../Compute/Generated/Models/PSGallery.cs | 1 + src/Compute/Compute/help/New-AzGallery.md | 48 +++++++++++ src/Compute/Compute/help/Update-AzGallery.md | 50 +++++++++++ 7 files changed, 276 insertions(+), 2 deletions(-) diff --git a/src/Compute/Compute.Test/ScenarioTests/GalleryTests.cs b/src/Compute/Compute.Test/ScenarioTests/GalleryTests.cs index 93b0cbd18936..3aadc6cab803 100644 --- a/src/Compute/Compute.Test/ScenarioTests/GalleryTests.cs +++ b/src/Compute/Compute.Test/ScenarioTests/GalleryTests.cs @@ -93,5 +93,19 @@ public void TestInVMAccessControlProfileVersion() TestRunner.RunTestScript("Test-InVMAccessControlProfileVersion"); } + [Fact] + [Trait(Category.AcceptanceType, Category.CheckIn)] + public void TestGalleryWithSystemAssignedIdentity() + { + TestRunner.RunTestScript("Test-GalleryWithSystemAssignedIdentity"); + } + + [Fact] + [Trait(Category.AcceptanceType, Category.CheckIn)] + public void TestUpdateGalleryWithSystemAssignedIdentity() + { + TestRunner.RunTestScript("Test-UpdateGalleryWithSystemAssignedIdentity"); + } + } } \ No newline at end of file diff --git a/src/Compute/Compute.Test/ScenarioTests/GalleryTests.ps1 b/src/Compute/Compute.Test/ScenarioTests/GalleryTests.ps1 index ace80dd54f6b..2e4d6137ac36 100644 --- a/src/Compute/Compute.Test/ScenarioTests/GalleryTests.ps1 +++ b/src/Compute/Compute.Test/ScenarioTests/GalleryTests.ps1 @@ -1224,4 +1224,78 @@ function Test-InVMAccessControlProfileVersion # Cleanup Clean-ResourceGroup $rgname; } -} \ No newline at end of file +} +<# +.SYNOPSIS +Tests New-AzGallery with system-assigned managed identity +#> +function Test-GalleryWithSystemAssignedIdentity +{ + # Setup + $rgname = Get-ComputeTestResourceName; + $galleryName = 'gallery' + $rgname; + + try + { + # Common + [string]$loc = Get-ComputeVMLocation; + $loc = $loc.Replace(' ', ''); + New-AzResourceGroup -Name $rgname -Location $loc -Force; + + # Create gallery with system-assigned identity + $gallery = New-AzGallery -ResourceGroupName $rgname -Name $galleryName -Location $loc -EnableSystemAssignedIdentity; + + Assert-NotNull $gallery; + Assert-NotNull $gallery.Identity; + Assert-AreEqual "SystemAssigned" $gallery.Identity.Type.ToString(); + + # Retrieve gallery and verify identity is preserved + $gallery = Get-AzGallery -ResourceGroupName $rgname -Name $galleryName; + Assert-NotNull $gallery.Identity; + Assert-AreEqual "SystemAssigned" $gallery.Identity.Type.ToString(); + } + finally + { + # Cleanup + Remove-AzResourceGroup -Name $rgname -Force -ErrorAction SilentlyContinue; + } +} + +<# +.SYNOPSIS +Tests Update-AzGallery with system-assigned managed identity +#> +function Test-UpdateGalleryWithSystemAssignedIdentity +{ + # Setup + $rgname = Get-ComputeTestResourceName; + $galleryName = 'gallery' + $rgname; + + try + { + # Common + [string]$loc = Get-ComputeVMLocation; + $loc = $loc.Replace(' ', ''); + New-AzResourceGroup -Name $rgname -Location $loc -Force; + + # Create gallery without identity + New-AzGallery -ResourceGroupName $rgname -Name $galleryName -Location $loc; + + # Update gallery to add system-assigned identity + $gallery = Update-AzGallery -ResourceGroupName $rgname -Name $galleryName -EnableSystemAssignedIdentity; + + Assert-NotNull $gallery; + Assert-NotNull $gallery.Identity; + Assert-AreEqual "SystemAssigned" $gallery.Identity.Type.ToString(); + + # Verify identity via Get + $gallery = Get-AzGallery -ResourceGroupName $rgname -Name $galleryName; + Assert-NotNull $gallery.Identity; + Assert-AreEqual "SystemAssigned" $gallery.Identity.Type.ToString(); + } + finally + { + # Cleanup + Remove-AzResourceGroup -Name $rgname -Force -ErrorAction SilentlyContinue; + } +} diff --git a/src/Compute/Compute/ChangeLog.md b/src/Compute/Compute/ChangeLog.md index 14e253d71429..fb9793ab12c4 100644 --- a/src/Compute/Compute/ChangeLog.md +++ b/src/Compute/Compute/ChangeLog.md @@ -20,6 +20,9 @@ --> ## Upcoming Release +* Added `-EnableSystemAssignedIdentity` and `-UserAssignedIdentity` parameters to `New-AzGallery` cmdlet to support managed identities when creating an Azure Compute Gallery +* Added `-EnableSystemAssignedIdentity` and `-UserAssignedIdentity` parameters to `Update-AzGallery` cmdlet to support updating managed identities on an Azure Compute Gallery +* Updated `Get-AzGallery` output object to include the `Identity` property of type `GalleryIdentity` ## Version 11.4.0 * Added `-DiskIOPSReadWrite` and `-DiskMBpsReadWrite` parameters to `Add-AzVMDataDisk` cmdlet diff --git a/src/Compute/Compute/Generated/Gallery/GalleryCreateOrUpdateMethod.cs b/src/Compute/Compute/Generated/Gallery/GalleryCreateOrUpdateMethod.cs index 058131604842..95c8b8b4c81f 100644 --- a/src/Compute/Compute/Generated/Gallery/GalleryCreateOrUpdateMethod.cs +++ b/src/Compute/Compute/Generated/Gallery/GalleryCreateOrUpdateMethod.cs @@ -92,6 +92,35 @@ public override void ExecuteCmdlet() gallery.Tags = this.Tag.Cast().ToDictionary(ht => (string)ht.Key, ht => (string)ht.Value); } + bool hasSystemAssigned = this.IsParameterBound(c => c.EnableSystemAssignedIdentity) && this.EnableSystemAssignedIdentity.IsPresent; + bool hasUserAssigned = this.IsParameterBound(c => c.UserAssignedIdentity) && this.UserAssignedIdentity.Length > 0; + + if (hasSystemAssigned || hasUserAssigned) + { + gallery.Identity = new GalleryIdentity(); + + if (hasSystemAssigned && hasUserAssigned) + { + gallery.Identity.Type = ResourceIdentityType.SystemAssignedUserAssigned; + } + else if (hasSystemAssigned) + { + gallery.Identity.Type = ResourceIdentityType.SystemAssigned; + } + else + { + gallery.Identity.Type = ResourceIdentityType.UserAssigned; + } + + if (hasUserAssigned) + { + gallery.Identity.UserAssignedIdentities = new Dictionary(); + foreach (var id in this.UserAssignedIdentity) + { + gallery.Identity.UserAssignedIdentities[id] = new UserAssignedIdentitiesValue(); + } + } + } var result = GalleriesClient.CreateOrUpdate(resourceGroupName, galleryName, gallery); var psObject = new PSGallery(); @@ -169,6 +198,17 @@ public override void ExecuteCmdlet() HelpMessage = "Gets or sets the prefix of the gallery name that will be displayed publicly. Visible to all users.")] public string PublicNamePrefix { get; set; } + [Parameter( + Mandatory = false, + HelpMessage = "Enables system-assigned managed identity on the gallery.")] + public SwitchParameter EnableSystemAssignedIdentity { get; set; } + + [Parameter( + Mandatory = false, + ValueFromPipelineByPropertyName = true, + HelpMessage = "The list of user-assigned managed identity resource IDs to associate with the gallery. The resource IDs are in the form '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.")] + public string[] UserAssignedIdentity { get; set; } + } [Cmdlet(VerbsData.Update, ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "Gallery", DefaultParameterSetName = "DefaultParameter", SupportsShouldProcess = true)] @@ -242,6 +282,39 @@ public override void ExecuteCmdlet() gallery.Tags = this.Tag.Cast().ToDictionary(ht => (string)ht.Key, ht => (string)ht.Value); } + bool hasSystemAssigned = this.IsParameterBound(c => c.EnableSystemAssignedIdentity) && this.EnableSystemAssignedIdentity.IsPresent; + bool hasUserAssigned = this.IsParameterBound(c => c.UserAssignedIdentity) && this.UserAssignedIdentity.Length > 0; + + if (hasSystemAssigned || hasUserAssigned) + { + if (gallery.Identity == null) + { + gallery.Identity = new GalleryIdentity(); + } + + if (hasSystemAssigned && hasUserAssigned) + { + gallery.Identity.Type = ResourceIdentityType.SystemAssignedUserAssigned; + } + else if (hasSystemAssigned) + { + gallery.Identity.Type = ResourceIdentityType.SystemAssigned; + } + else + { + gallery.Identity.Type = ResourceIdentityType.UserAssigned; + } + + if (hasUserAssigned) + { + gallery.Identity.UserAssignedIdentities = new Dictionary(); + foreach (var id in this.UserAssignedIdentity) + { + gallery.Identity.UserAssignedIdentities[id] = new UserAssignedIdentitiesValue(); + } + } + } + if (this.IsParameterBound(c => c.Permission)) { if (gallery.SharingProfile == null) @@ -371,7 +444,7 @@ public override void ExecuteCmdlet() } else { - GalleriesClient.CreateOrUpdate(resourceGroupName, galleryName, gallery); + result = GalleriesClient.CreateOrUpdate(resourceGroupName, galleryName, gallery); } var psObject = new PSGallery(); ComputeAutomationAutoMapperProfile.Mapper.Map(result, psObject); @@ -496,5 +569,16 @@ public override void ExecuteCmdlet() ValueFromPipelineByPropertyName = true, HelpMessage = "Gets or sets the prefix of the gallery name that will be displayed publicly. Visible to all users.")] public string PublicNamePrefix { get; set; } + + [Parameter( + Mandatory = false, + HelpMessage = "Enables system-assigned managed identity on the gallery.")] + public SwitchParameter EnableSystemAssignedIdentity { get; set; } + + [Parameter( + Mandatory = false, + ValueFromPipelineByPropertyName = true, + HelpMessage = "The list of user-assigned managed identity resource IDs to associate with the gallery. The resource IDs are in the form '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.")] + public string[] UserAssignedIdentity { get; set; } } } diff --git a/src/Compute/Compute/Generated/Models/PSGallery.cs b/src/Compute/Compute/Generated/Models/PSGallery.cs index 1401d7a76314..0c5a75ff0786 100644 --- a/src/Compute/Compute/Generated/Models/PSGallery.cs +++ b/src/Compute/Compute/Generated/Models/PSGallery.cs @@ -49,6 +49,7 @@ public string ResourceGroupName public string Location { get; set; } public IDictionary Tags { get; set; } public SharingProfile SharingProfile { get; set; } + public GalleryIdentity Identity { get; set; } } } diff --git a/src/Compute/Compute/help/New-AzGallery.md b/src/Compute/Compute/help/New-AzGallery.md index 319c49148537..4743b98b4d3f 100644 --- a/src/Compute/Compute/help/New-AzGallery.md +++ b/src/Compute/Compute/help/New-AzGallery.md @@ -16,6 +16,7 @@ Create a gallery. New-AzGallery [-ResourceGroupName] [-Name] [-AsJob] [-Location] [-Description ] [-Tag ] [-Permission ] [-PublisherUri ] [-PublisherContact ] [-Eula ] [-PublicNamePrefix ] + [-EnableSystemAssignedIdentity] [-UserAssignedIdentity ] [-DefaultProfile ] [-WhatIf] [-Confirm] [] ``` @@ -39,6 +40,21 @@ New-AzGallery -ResourceGroupName $rgname -Name $galleryName -Location $location Create a gallery with Direct Sharing enabled. +### Example 3 +```powershell +New-AzGallery -ResourceGroupName $rgname -Name $galleryName -Location $location -EnableSystemAssignedIdentity +``` + +Create a gallery with a system-assigned managed identity. + +### Example 4 +```powershell +$uid = Get-AzUserAssignedIdentity -ResourceGroupName $rgname -Name $identityName +New-AzGallery -ResourceGroupName $rgname -Name $galleryName -Location $location -UserAssignedIdentity $uid.Id +``` + +Create a gallery with a user-assigned managed identity. + ## PARAMETERS ### -AsJob @@ -86,6 +102,21 @@ Accept pipeline input: True (ByPropertyName) Accept wildcard characters: False ``` +### -EnableSystemAssignedIdentity +Enables system-assigned managed identity on the gallery. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -Eula Gets or sets end-user license agreement for community gallery image. @@ -221,6 +252,21 @@ Accept pipeline input: True (ByPropertyName) Accept wildcard characters: False ``` +### -UserAssignedIdentity +The list of user-assigned managed identity resource IDs to associate with the gallery. The resource IDs are in the form '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + +```yaml +Type: System.String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + ### -Confirm Prompts you for confirmation before running the cmdlet. @@ -261,6 +307,8 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ### System.Collections.Hashtable +### System.String[] + ## OUTPUTS ### Microsoft.Azure.Commands.Compute.Automation.Models.PSGallery diff --git a/src/Compute/Compute/help/Update-AzGallery.md b/src/Compute/Compute/help/Update-AzGallery.md index eb91b401a538..45a00a07b5ad 100644 --- a/src/Compute/Compute/help/Update-AzGallery.md +++ b/src/Compute/Compute/help/Update-AzGallery.md @@ -18,6 +18,7 @@ Update-AzGallery [-ResourceGroupName] [-Name] [-AsJob] [-Descr [-Tag ] [-Permission ] [-Subscription ] [-Tenant ] [-RemoveSubscription ] [-RemoveTenant ] [-Share] [-Community] [-Reset] [-PublisherUri ] [-PublisherContact ] [-Eula ] [-PublicNamePrefix ] + [-EnableSystemAssignedIdentity] [-UserAssignedIdentity ] [-DefaultProfile ] [-WhatIf] [-Confirm] [] ``` @@ -28,6 +29,7 @@ Update-AzGallery [-ResourceId] [-AsJob] [-Description ] [-Tag < [-Permission ] [-Subscription ] [-Tenant ] [-RemoveSubscription ] [-RemoveTenant ] [-Share] [-Community] [-Reset] [-PublisherUri ] [-PublisherContact ] [-Eula ] [-PublicNamePrefix ] + [-EnableSystemAssignedIdentity] [-UserAssignedIdentity ] [-DefaultProfile ] [-WhatIf] [-Confirm] [] ``` @@ -38,6 +40,7 @@ Update-AzGallery [-InputObject] [-AsJob] [-Description ] [-T [-Permission ] [-Subscription ] [-Tenant ] [-RemoveSubscription ] [-RemoveTenant ] [-Share] [-Community] [-Reset] [-PublisherUri ] [-PublisherContact ] [-Eula ] [-PublicNamePrefix ] + [-EnableSystemAssignedIdentity] [-UserAssignedIdentity ] [-DefaultProfile ] [-WhatIf] [-Confirm] [] ``` @@ -61,6 +64,21 @@ Update-AzGallery -ResourceGroupName $rgname -Name $galleryName -Permission Group Update a gallery to be shared and add two subscriptions it is to be shared with. +### Example 3 +```powershell +Update-AzGallery -ResourceGroupName $rgname -Name $galleryName -EnableSystemAssignedIdentity +``` + +Update a gallery to enable a system-assigned managed identity. + +### Example 4 +```powershell +$uid = Get-AzUserAssignedIdentity -ResourceGroupName $rgname -Name $identityName +Get-AzGallery -ResourceGroupName $rgname -Name $galleryName | Update-AzGallery -UserAssignedIdentity $uid.Id +``` + +Update a gallery to add a user-assigned managed identity using pipeline input. + ## PARAMETERS ### -AsJob @@ -123,6 +141,21 @@ Accept pipeline input: True (ByPropertyName) Accept wildcard characters: False ``` +### -EnableSystemAssignedIdentity +Enables system-assigned managed identity on the gallery. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -Eula Gets or sets end-user license agreement for community gallery image. @@ -363,6 +396,21 @@ Accept pipeline input: True (ByPropertyName) Accept wildcard characters: False ``` +### -UserAssignedIdentity +The list of user-assigned managed identity resource IDs to associate with the gallery. The resource IDs are in the form '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + +```yaml +Type: System.String[] +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + ### -Confirm Prompts you for confirmation before running the cmdlet. @@ -405,6 +453,8 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ### System.Collections.Hashtable +### System.String[] + ## OUTPUTS ### Microsoft.Azure.Commands.Compute.Automation.Models.PSGallery