[AppService]: fix Azure#13109 - Assigning user assigned managed identity to app service slot (Azure#20961)

* [AppService]: fix Azure#13109 - Assigning user assigned managed identity to app service slot

* Addressed review comments

* Update NewAzureWebAppSlot.cs

* Update NewAzureWebAppSlot.cs

---------

Co-authored-by: Beisi Zhou <[email protected]>

Author: Kotasudhakarreddy

src/Websites/Websites.Test/ScenarioTests/WebAppSlotTests.ps1

@@ -439,7 +439,7 @@ function Test-SetWebAppSlot
 		Assert-AreEqual $serverFarm1.Id $webApp.ServerFarmId
 
 		# Create deployment slot
-		$slot = New-AzWebAppSlot -ResourceGroupName $rgname -Name $appname -Slot $slotname -AppServicePlan $planName1
+		$slot = New-AzWebAppSlot -ResourceGroupName $rgname -Name $appname -Slot $slotname -AppServicePlan $planName1 -CopyIdentity
 		$appWithSlotName = "$appname/$slotname"
 
 		# Assert

src/Websites/Websites.Test/SessionRecords/Microsoft.Azure.Commands.Websites.Test.ScenarioTests.WebAppSlotTests/TestCreateNewWebAppSlot.json

@@ -18,6 +18,7 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
+* Added a new parameter `-CopyIdentity` for `New-AzWebAppSlot` to copy the identity from the parent app to the slot.
 * Updated `New-AzWebAppSSLBinding` to support -WhatIf parameter
 
 ## Version 2.12.1

src/Websites/Websites/ChangeLog.md

@@ -35,7 +35,7 @@ namespace Microsoft.Azure.Commands.WebApps.Cmdlets.DeploymentSlots
     public class NewAzureWebAppSlotCmdlet : WebAppBaseClientCmdLet
     {
 
-		[Parameter(Position = 0, Mandatory = true, HelpMessage = "The name of the resource group.")]
+        [Parameter(Position = 0, Mandatory = true, HelpMessage = "The name of the resource group.")]
         [ResourceGroupCompleter]
         [ValidateNotNullOrEmpty]
         public string ResourceGroupName { get; set; }
@@ -77,98 +77,102 @@ public class NewAzureWebAppSlotCmdlet : WebAppBaseClientCmdLet
         [ValidateNotNullOrEmpty]
         public string AseResourceGroupName { get; set; }
 
-		[Parameter(Mandatory = false, HelpMessage = "Container Image Name and optional tag, for example (image:tag)")]
-		[ValidateNotNullOrEmpty]
-		public string ContainerImageName { get; set; }
-
-		[Parameter(Mandatory = false, HelpMessage = "Private Container Registry Server Url")]
-		[ValidateNotNullOrEmpty]
-		public string ContainerRegistryUrl { get; set; }
-
-		[Parameter(Mandatory = false, HelpMessage = "Private Container Registry Username")]
-		[ValidateNotNullOrEmpty]
-		public string ContainerRegistryUser { get; set; }
-
-		[Parameter(Mandatory = false, HelpMessage = "Private Container Registry Password")]
-		[ValidateNotNullOrEmpty]
-		public SecureString ContainerRegistryPassword { get; set; }
-
-		[Parameter(Mandatory = false, HelpMessage = "Enables/Disables container continuous deployment webhook")]
-		public SwitchParameter EnableContainerContinuousDeployment { get; set; }
-
-
-		[Parameter(Mandatory = false, HelpMessage = "Run cmdlet in the background")]
-        	public SwitchParameter AsJob { get; set; }
-
-		[Parameter(Mandatory = false, HelpMessage = "Tags are name/value pairs that enable you to categorize resources")]
-		public Hashtable Tag { get; set; }
-
-		private Hashtable GetAppSettingsToUpdate()
-		{
-			Hashtable appSettings = new Hashtable();
-			if (ContainerRegistryUrl != null)
-			{
-				appSettings[CmdletHelpers.DockerRegistryServerUrl] = ContainerRegistryUrl;
-			}
-			if (ContainerRegistryUser != null)
-			{
-				appSettings[CmdletHelpers.DockerRegistryServerUserName] = ContainerRegistryUser;
-			}
-			if (ContainerRegistryPassword != null)
-			{
-				appSettings[CmdletHelpers.DockerRegistryServerPassword] = ContainerRegistryPassword.ConvertToString();
-			}
-			if (EnableContainerContinuousDeployment.IsPresent)
-			{
-				appSettings[CmdletHelpers.DockerEnableCI] = "true";
-			}
-			return appSettings;
-		}
-
-		private void UpdateConfigIfNeeded(Site site)
-		{
-			SiteConfig siteConfig = site.SiteConfig;
-
-			bool configUpdateRequired = false;
+        [Parameter(Mandatory = false, HelpMessage = "Container Image Name and optional tag, for example (image:tag)")]
+        [ValidateNotNullOrEmpty]
+        public string ContainerImageName { get; set; }
+
+        [Parameter(Mandatory = false, HelpMessage = "Private Container Registry Server Url")]
+        [ValidateNotNullOrEmpty]
+        public string ContainerRegistryUrl { get; set; }
+
+        [Parameter(Mandatory = false, HelpMessage = "Private Container Registry Username")]
+        [ValidateNotNullOrEmpty]
+        public string ContainerRegistryUser { get; set; }
+
+        [Parameter(Mandatory = false, HelpMessage = "Private Container Registry Password")]
+        [ValidateNotNullOrEmpty]
+        public SecureString ContainerRegistryPassword { get; set; }
+
+        [Parameter(Mandatory = false, HelpMessage = "Enables/Disables container continuous deployment webhook")]
+        public SwitchParameter EnableContainerContinuousDeployment { get; set; }
+
+        [Parameter( Mandatory = false, HelpMessage = "Copies the managed identity from the parent or source WebApp")]
+        [ValidateNotNullOrEmpty]
+        public SwitchParameter CopyIdentity { get; set; }
+
+        [Parameter(Mandatory = false, HelpMessage = "Run cmdlet in the background")]
+        public SwitchParameter AsJob { get; set; }
+
+        [Parameter(Mandatory = false, HelpMessage = "Tags are name/value pairs that enable you to categorize resources")]
+        public Hashtable Tag { get; set; }
+
+        private Hashtable GetAppSettingsToUpdate()
+        {
+            Hashtable appSettings = new Hashtable();
+            if (ContainerRegistryUrl != null)
+            {
+                appSettings[CmdletHelpers.DockerRegistryServerUrl] = ContainerRegistryUrl;
+            }
+            if (ContainerRegistryUser != null)
+            {
+                appSettings[CmdletHelpers.DockerRegistryServerUserName] = ContainerRegistryUser;
+            }
+            if (ContainerRegistryPassword != null)
+            {
+                appSettings[CmdletHelpers.DockerRegistryServerPassword] = ContainerRegistryPassword.ConvertToString();
+            }
+            if (EnableContainerContinuousDeployment.IsPresent)
+            {
+                appSettings[CmdletHelpers.DockerEnableCI] = "true";
+            }
+            return appSettings;
+        }
+
+        private void UpdateConfigIfNeeded(Site site)
+        {
+            SiteConfig siteConfig = site.SiteConfig;
+
+            bool configUpdateRequired = false;
 
-			if (ContainerImageName != null)
-			{
-				if (site.IsXenon.GetValueOrDefault())
-				{
-					siteConfig.WindowsFxVersion = CmdletHelpers.DockerImagePrefix + ContainerImageName;
-					configUpdateRequired = true;
-				}
-			}
-
-			Hashtable appSettings = GetAppSettingsToUpdate();
-			if (appSettings.Count > 0)
-			{
-				configUpdateRequired = true;
-			}
-
-			if (configUpdateRequired && siteConfig.AppSettings != null)
-			{
-				foreach (NameValuePair nameValuePair in siteConfig.AppSettings)
-				{
-					if (!appSettings.ContainsKey(nameValuePair.Name))
-					{
-						appSettings[nameValuePair.Name] = nameValuePair.Value;
-					}
-				}
-			}
-
-			if (configUpdateRequired)
-			{
-				WebsitesClient.UpdateWebAppConfiguration(ResourceGroupName, site.Location, Name, Slot, siteConfig, appSettings.ConvertToStringDictionary());
-				site = WebsitesClient.GetWebApp(ResourceGroupName, Name, Slot);
-			}
-			WriteObject(site);
-		}
-		public override void ExecuteCmdlet()
+            if (ContainerImageName != null)
+            {
+                if (site.IsXenon.GetValueOrDefault())
+                {
+                    siteConfig.WindowsFxVersion = CmdletHelpers.DockerImagePrefix + ContainerImageName;
+                    configUpdateRequired = true;
+                }
+            }
+
+            Hashtable appSettings = GetAppSettingsToUpdate();
+            if (appSettings.Count > 0)
+            {
+                configUpdateRequired = true;
+            }
+
+            if (configUpdateRequired && siteConfig.AppSettings != null)
+            {
+                foreach (NameValuePair nameValuePair in siteConfig.AppSettings)
+                {
+                    if (!appSettings.ContainsKey(nameValuePair.Name))
+                    {
+                        appSettings[nameValuePair.Name] = nameValuePair.Value;
+                    }
+                }
+            }
+
+            if (configUpdateRequired)
+            {
+                WebsitesClient.UpdateWebAppConfiguration(ResourceGroupName, site.Location, Name, Slot, siteConfig, appSettings.ConvertToStringDictionary());
+                site = WebsitesClient.GetWebApp(ResourceGroupName, Name, Slot);
+            }
+            WriteObject(site);
+        }
+	
+        public override void ExecuteCmdlet()
         {
             base.ExecuteCmdlet();
-            
-            CloningInfo cloningInfo = null;
+	    ManagedServiceIdentity sourceIdentity = null;
+	    CloningInfo cloningInfo = null;
             if (SourceWebApp != null)
             {
                 cloningInfo = new CloningInfo
@@ -181,11 +185,13 @@ public override void ExecuteCmdlet()
                     AppSettingsOverrides = AppSettingsOverrides == null ? null : AppSettingsOverrides.Cast<DictionaryEntry>().ToDictionary(kvp => kvp.Key.ToString(), kvp => kvp.Value.ToString(), StringComparer.Ordinal)
                 };
                 cloningInfo = new PSCloningInfo(cloningInfo);
-            }
+                if(CopyIdentity.IsPresent) sourceIdentity = SourceWebApp.Identity;
+	    }
 
             var webApp = new PSSite(WebsitesClient.GetWebApp(ResourceGroupName, Name, null));
-	    var site = new PSSite(WebsitesClient.CreateWebApp(ResourceGroupName, Name, Slot, webApp.Location, AppServicePlan==null?webApp.ServerFarmId : AppServicePlan, cloningInfo, AseName, AseResourceGroupName, (IDictionary<string, string>)CmdletHelpers.ConvertToStringDictionary(Tag)));
-			UpdateConfigIfNeeded(site);
+	    if (CopyIdentity.IsPresent && sourceIdentity == null) sourceIdentity = webApp.Identity;
+	    var site = new PSSite(WebsitesClient.CreateWebApp(ResourceGroupName, Name, Slot, webApp.Location, AppServicePlan==null?webApp.ServerFarmId : AppServicePlan, cloningInfo, AseName, AseResourceGroupName, (IDictionary<string, string>)CmdletHelpers.ConvertToStringDictionary(Tag),sourceIdentity));
+	    UpdateConfigIfNeeded(site);
         }
     }
 }

src/Websites/Websites/Cmdlets/DeploymentSlots/NewAzureWebAppSlot.cs

@@ -53,7 +53,7 @@ public WebSiteManagementClient WrappedWebsitesClient
             private set;
         }
 
-        public Site CreateWebApp(string resourceGroupName, string webAppName, string slotName, string location, string serverFarmId, CloningInfo cloningInfo, string aseName, string aseResourceGroupName, IDictionary<string, string> tags = null)
+        public Site CreateWebApp(string resourceGroupName, string webAppName, string slotName, string location, string serverFarmId, CloningInfo cloningInfo, string aseName, string aseResourceGroupName, IDictionary<string, string> tags = null, ManagedServiceIdentity sourceIdentity=null)
         {
             Site createdWebSite = null;
             string qualifiedSiteName;
@@ -69,7 +69,8 @@ public Site CreateWebApp(string resourceGroupName, string webAppName, string slo
                             ServerFarmId = serverFarmId,
                             CloningInfo = cloningInfo,
                             HostingEnvironmentProfile = profile,
-                            Tags = tags
+                            Tags = tags,
+                            Identity = sourceIdentity
                         });
             }
             else

src/Websites/Websites/Utilities/WebsitesClient.cs

@@ -175,6 +175,21 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -CopyIdentity
+Copies the managed identity from the parent or source WebApp.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -DefaultProfile
 The credentials, account, tenant, and subscription used for communication with azure.