Returning error if insufficient user permissions are there for GetAgentRegistrationInfo (#16965)

* added permission check

* targetting only the required cmdlet

* updating changelog.md

* Update ChangeLog.md

Co-authored-by: Yunchi Wang <[email protected]>

Author: akshansh-MSFT

src/Automation/Automation/ChangeLog.md

@@ -19,6 +19,9 @@
 -->
 ## Upcoming Release
 
+## Version *
+* Added logic of returning error if insufficient user permissions are there for `GetAgentRegistrationInfo`
+
 ## Version 1.7.3
 * `New-AzAutomationSchedule` allows defnining StartTime with offsets.
 *  Fixed bug: updated 'Set-AzAutomationModule' to use PUT call while updating modules with specific versions   [#12552]

src/Automation/Automation/Cmdlet/GetAzureAutomationAgentRegistrationInformation.cs

@@ -16,6 +16,8 @@
 using System.Collections.Generic;
 using System.Management.Automation;
 using System.Security.Permissions;
+using Microsoft.Azure.Commands.Automation.Common;
+using Microsoft.Azure.Commands.Automation.Properties;
 
 namespace Microsoft.Azure.Commands.Automation.Cmdlet
 {
@@ -34,11 +36,18 @@ public override void ExecuteCmdlet()
         {
             IEnumerable<AgentRegistration> ret = null;
 
+            var agentRegInfo = this.AutomationClient.GetAgentRegistration(
+                                  this.ResourceGroupName,
+                                  this.AutomationAccountName);
+
+            if (agentRegInfo.PrimaryKey == null && agentRegInfo.SecondaryKey == null)
+            {
+                throw new AzureAutomationOperationException(Resources.InsufficientUserPermissions);
+            }
+
             ret = new List<AgentRegistration>
                           {
-                              this.AutomationClient.GetAgentRegistration(
-                                  this.ResourceGroupName,
-                                  this.AutomationAccountName)
+                              agentRegInfo
                           };
 
             this.GenerateCmdletOutput(ret);

src/Automation/Automation/Model/AgentRegistration.cs

@@ -41,6 +41,7 @@ public AgentRegistration(string resourceGroupName, string automationAccountName,
 
             this.ResourceGroupName = resourceGroupName;
             this.AutomationAccountName = automationAccountName;
+    
             if (agentRegistration.Keys != null)
             {
                 this.PrimaryKey = agentRegistration.Keys.Primary;

src/Automation/Automation/Properties/Resources.Designer.cs

@@ -497,4 +497,8 @@
   <data name="SoftwareUpdateConfigurationInvalidTagFormat" xml:space="preserve">
     <value>The Tag format is invalid. Valid Tag format is hashtable with string key and value of String or array of string.</value>
   </data>
+  <data name="InsufficientUserPermissions" xml:space="preserve">
+    <value>Insufficient user permissions. Please refer https://docs.microsoft.com/azure/role-based-access-control/built-in-roles for more details.</value>
+    <comment>Automation</comment>
+  </data>
 </root>