Az.StorageSync : Hot fixes for Aug Release (#25625)

* Az.StorageSync : Hot fixes for Aug Release

* Optimize 120 seconds wait for MI propogation in msft entra

* Add Identity to PSStorageSyncService

* Do not fail fast but iterate through all and return first exception

* Update SetStorageSyncServiceIdentityCommand.cs

* Update ChangeLog.md

* Update ChangeLog.md

---------

Co-authored-by: Yabo Hu <[email protected]>

Author: ankushbindlish2

src/StorageSync/StorageSync/ChangeLog.md

@@ -18,7 +18,8 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
-
+* Fixed the Register-AzStorageSyncServer with Azure FileSync Agent v17
+* Improved performance for Managed Identity migration cmdlet
 ## Version 2.2.0
 * Onboarded Service Api version 2022-09-01
 * Enabled ManagedIdentity Feature (Preview)

src/StorageSync/StorageSync/Common/Converters/StorageSyncServiceConverter.cs

@@ -49,7 +49,7 @@ public StorageSyncServiceConverter()
             StorageSyncConstants.StorageSyncServiceType,
             new SystemDataConverter().Convert(source.SystemData),
             source.Tags,
-            null,
+            source.Identity,
             source.IncomingTrafficPolicy);
 
         /// <summary>
@@ -82,7 +82,8 @@ protected override PSStorageSyncService Transform(StorageSyncModels.StorageSyncS
                 Type = resourceIdentifier.ResourceType ?? StorageSyncConstants.StorageSyncServiceType,
                 PrivateEndpointConnections = psPrivateEndpointConnections.Count > 0 ? psPrivateEndpointConnections : null,
                 SystemData = new SystemDataConverter().Convert(source.SystemData),
-                UseIdentity = source.UseIdentity
+                UseIdentity = source.UseIdentity,
+                Identity = source.Identity
             };
         }
     }

src/StorageSync/StorageSync/Models/PSStorageSyncService.cs

@@ -78,5 +78,10 @@ public class PSStorageSyncService : PSResourceBase
         /// <value>The SystemData.</value>
         public PSSystemData SystemData { get; set; }
 
+        /// <summary>
+        /// Managed Identity for Storage Sync Service
+        /// </summary>
+        public ManagedServiceIdentity Identity { get; set; }
+
     }
 }

src/StorageSync/StorageSync/RegisteredServer/RegisterServerCommand.cs

@@ -228,7 +228,7 @@ private RegisteredServer CreateRegisteredResourceInCloud(string resourceGroupNam
                 ClusterName = serverRegistrationData.ClusterName,
                 AgentVersion = serverRegistrationData.AgentVersion,
                 //ApplicationId = serverRegistrationData.ApplicationId.HasValue ? serverRegistrationData.ApplicationId.Value.ToString() : null,
-                ApplicationId = null,
+                ApplicationId = Guid.Empty.ToString(),
                 ServerCertificate = serverRegistrationData.ServerCertificate != null ? Convert.ToBase64String(serverRegistrationData.ServerCertificate) : null,
                 ServerOSVersion = serverRegistrationData.ServerOSVersion,
                 ServerRole = serverRegistrationData.ServerRole.ToString(),

src/StorageSync/StorageSync/StorageSyncService/SetStorageSyncServiceIdentityCommand.cs

@@ -152,6 +152,8 @@ public override void ExecuteCmdlet()
                 if (ShouldProcess(Target, ActionMessage))
                 {
                     StorageSyncModels.StorageSyncService storageSyncService = StorageSyncClientWrapper.StorageSyncManagementClient.StorageSyncServices.Get(resourceGroupName, resourceName);
+                    bool needPropogationDelay = storageSyncService?.Identity?.Type != ManagedServiceIdentityType.SystemAssigned.ToString();
+
                     // 1. Check if any server available for migration
                     IEnumerable<StorageSyncModels.RegisteredServer> registeredServers = StorageSyncClientWrapper.StorageSyncManagementClient.RegisteredServers.ListByStorageSyncService(resourceGroupName, resourceName);
                     var candidateServersLookup = new Dictionary<string, StorageSyncModels.RegisteredServer>(StringComparer.InvariantCultureIgnoreCase);
@@ -211,71 +213,99 @@ public override void ExecuteCmdlet()
                         StorageSyncClientWrapper.VerboseLogger.Invoke($"Storage Sync Service is capable with identity {storageSyncService.Identity.PrincipalId}");
                     }
 
-                    StorageSyncClientWrapper.VerboseLogger.Invoke($"If you are creating this principal and then immediately assigning a role, you will get error PrincipalNotFound which is related to a replication delay. In this case, set the role assignment principalType property to a value, such as ServicePrincipal, User, or Group. See\r\nhttps://aka.ms/docs-principaltype");
-                    StorageSyncClientWrapper.VerboseLogger.Invoke($"Sleeping for 120 seconds...");
-                    Thread.Sleep(TimeSpan.FromSeconds(120));
+                    if (needPropogationDelay)
+                    {
+                        StorageSyncClientWrapper.VerboseLogger.Invoke($"If you are creating this principal and then immediately assigning a role, you will get error PrincipalNotFound which is related to a replication delay. In this case, set the role assignment principalType property to a value, such as ServicePrincipal, User, or Group. See\r\nhttps://aka.ms/docs-principaltype");
+                        StorageSyncClientWrapper.VerboseLogger.Invoke($"Sleeping for 120 seconds...");
+                        Thread.Sleep(TimeSpan.FromSeconds(120));
+                    }
 
                     // 3. RBAC permission set for Cloud Endpoints and Server Endpoints
                     IEnumerable<StorageSyncModels.SyncGroup> syncGroups = StorageSyncClientWrapper.StorageSyncManagementClient.SyncGroups.ListByStorageSyncService(resourceGroupName, resourceName);
+                    Exception syncGroupFirstException = null;
                     foreach (var syncGroup in syncGroups)
                     {
-                        IEnumerable<StorageSyncModels.CloudEndpoint> cloudEndpoints = StorageSyncClientWrapper.StorageSyncManagementClient.CloudEndpoints.ListBySyncGroup(resourceGroupName, resourceName, syncGroup.Name);
-                        StorageSyncModels.CloudEndpoint cloudEndpoint = cloudEndpoints.FirstOrDefault();
-
-                        if (cloudEndpoint == null)
+                        try
                         {
-                            StorageSyncClientWrapper.VerboseLogger.Invoke($"Skipping SyncGroup. No cloud Endpoint found for sync group {syncGroup.Name}");
-                            continue;
-                        }
-                        var storageAccountResourceIdentifier = new ResourceIdentifier(cloudEndpoint.StorageAccountResourceId);
+                            IEnumerable<StorageSyncModels.CloudEndpoint> cloudEndpoints = StorageSyncClientWrapper.StorageSyncManagementClient.CloudEndpoints.ListBySyncGroup(resourceGroupName, resourceName, syncGroup.Name);
+                            StorageSyncModels.CloudEndpoint cloudEndpoint = cloudEndpoints.FirstOrDefault();
 
-                        // Identity , RoleDef, Scope
-                        var scope = cloudEndpoint.StorageAccountResourceId;
-                        var identityRoleAssignmentForSAScope = StorageSyncClientWrapper.EnsureRoleAssignmentWithIdentity(storageAccountResourceIdentifier.Subscription,
-                            storageSyncService.Identity.PrincipalId.Value,
-                            Common.StorageSyncClientWrapper.StorageAccountContributorRoleDefinitionId,
-                            scope);
+                            if (cloudEndpoint == null)
+                            {
+                                StorageSyncClientWrapper.VerboseLogger.Invoke($"Skipping SyncGroup. No cloud Endpoint found for sync group {syncGroup.Name}");
+                                continue;
+                            }
+                            var storageAccountResourceIdentifier = new ResourceIdentifier(cloudEndpoint.StorageAccountResourceId);
 
-                        scope = $"{cloudEndpoint.StorageAccountResourceId}/fileServices/default/fileshares/{cloudEndpoint.AzureFileShareName}";
-                        var identityRoleAssignmentForFilsShareScope = StorageSyncClientWrapper.EnsureRoleAssignmentWithIdentity(storageAccountResourceIdentifier.Subscription,
-                           storageSyncService.Identity.PrincipalId.Value,
-                           Common.StorageSyncClientWrapper.StorageFileDataPrivilegedContributorRoleDefinitionId,
-                           scope);
+                            // Identity , RoleDef, Scope
+                            var scope = cloudEndpoint.StorageAccountResourceId;
+                            var identityRoleAssignmentForSAScope = StorageSyncClientWrapper.EnsureRoleAssignmentWithIdentity(storageAccountResourceIdentifier.Subscription,
+                                storageSyncService.Identity.PrincipalId.Value,
+                                Common.StorageSyncClientWrapper.StorageAccountContributorRoleDefinitionId,
+                                scope);
 
-                        IEnumerable<StorageSyncModels.ServerEndpoint> serverEndpoints = StorageSyncClientWrapper.StorageSyncManagementClient.ServerEndpoints.ListBySyncGroup(resourceGroupName, resourceName, syncGroup.Name);
-                        foreach (var serverEndpoint in serverEndpoints)
-                        {
-                            var associatedServers = new List<RegisteredServer>();
+                            scope = $"{cloudEndpoint.StorageAccountResourceId}/fileServices/default/fileshares/{cloudEndpoint.AzureFileShareName}";
+                            var identityRoleAssignmentForFilsShareScope = StorageSyncClientWrapper.EnsureRoleAssignmentWithIdentity(storageAccountResourceIdentifier.Subscription,
+                               storageSyncService.Identity.PrincipalId.Value,
+                               Common.StorageSyncClientWrapper.StorageFileDataPrivilegedContributorRoleDefinitionId,
+                               scope);
 
-                            // It is expected that multiple migration script might have caused to have role assignment already in the system. We are fault tolerant to existing role assignment.
-                            if (candidateServersLookup.ContainsKey(serverEndpoint.ServerResourceId))
-                            {
-                                // Standalone Server scenario
-                                associatedServers.Add(candidateServersLookup[serverEndpoint.ServerResourceId]);
-                            }
-                            else if (clusterNameServersLookup.ContainsKey(serverEndpoint.ServerResourceId))
+                            IEnumerable<StorageSyncModels.ServerEndpoint> serverEndpoints = StorageSyncClientWrapper.StorageSyncManagementClient.ServerEndpoints.ListBySyncGroup(resourceGroupName, resourceName, syncGroup.Name);
+                            Exception serverEndpointFirstException = null;
+                            foreach (var serverEndpoint in serverEndpoints)
                             {
-                                // ClusterNode Server scenario
-                                associatedServers.AddRange(clusterNameServersLookup[serverEndpoint.ServerResourceId]);
-                            }
+                                try
+                                {
+                                    var associatedServers = new List<RegisteredServer>();
 
-                            StorageSyncClientWrapper.VerboseLogger.Invoke($"ServerEndpoint {serverEndpoint.Name} has {associatedServers.Count} associated registered servers.");
-                            foreach (var associatedServer in associatedServers)
-                            {
-                                if (!Guid.TryParse(associatedServer.LatestApplicationId, out Guid applicationGuid))
+                                    // It is expected that multiple migration script might have caused to have role assignment already in the system. We are fault tolerant to existing role assignment.
+                                    if (candidateServersLookup.ContainsKey(serverEndpoint.ServerResourceId))
+                                    {
+                                        // Standalone Server scenario
+                                        associatedServers.Add(candidateServersLookup[serverEndpoint.ServerResourceId]);
+                                    }
+                                    else if (clusterNameServersLookup.ContainsKey(serverEndpoint.ServerResourceId))
+                                    {
+                                        // ClusterNode Server scenario
+                                        associatedServers.AddRange(clusterNameServersLookup[serverEndpoint.ServerResourceId]);
+                                    }
+
+                                    StorageSyncClientWrapper.VerboseLogger.Invoke($"ServerEndpoint {serverEndpoint.Name} has {associatedServers.Count} associated registered servers.");
+                                    foreach (var associatedServer in associatedServers)
+                                    {
+                                        if (!Guid.TryParse(associatedServer.LatestApplicationId, out Guid applicationGuid))
+                                        {
+                                            applicationGuid = Guid.Parse(associatedServer.ApplicationId);
+                                        }
+                                        // Identity , RoleDef, Scope
+                                        scope = $"{cloudEndpoint.StorageAccountResourceId}/fileServices/default/fileshares/{cloudEndpoint.AzureFileShareName}";
+                                        identityRoleAssignmentForFilsShareScope = StorageSyncClientWrapper.EnsureRoleAssignmentWithIdentity(storageAccountResourceIdentifier.Subscription,
+                                           applicationGuid,
+                                           Common.StorageSyncClientWrapper.StorageFileDataPrivilegedContributorRoleDefinitionId,
+                                           scope);
+                                    }
+                                }
+                                catch (Exception ex)
                                 {
-                                    applicationGuid = Guid.Parse(associatedServer.ApplicationId);
+                                    StorageSyncClientWrapper.ErrorLogger.Invoke($"ServerEndpoint {serverEndpoint.Name} has failed with an exception {ex.Message}.");
+                                    serverEndpointFirstException = serverEndpointFirstException ?? ex;
                                 }
-                                // Identity , RoleDef, Scope
-                                scope = $"{cloudEndpoint.StorageAccountResourceId}/fileServices/default/fileshares/{cloudEndpoint.AzureFileShareName}";
-                                identityRoleAssignmentForFilsShareScope = StorageSyncClientWrapper.EnsureRoleAssignmentWithIdentity(storageAccountResourceIdentifier.Subscription,
-                                   applicationGuid,
-                                   Common.StorageSyncClientWrapper.StorageFileDataPrivilegedContributorRoleDefinitionId,
-                                   scope);
+                            } // Iterating server endpoints
+                            if (serverEndpointFirstException != null)
+                            {
+                                throw serverEndpointFirstException;
                             }
                         }
+                        catch (Exception ex)
+                        {
+                            StorageSyncClientWrapper.ErrorLogger.Invoke($"SyncGroup {syncGroup.Name} has failed with an exception {ex.Message}.");
+                            syncGroupFirstException = syncGroupFirstException ?? ex;
+                        }
+                    } // Iterating sync groups
+                    if (syncGroupFirstException != null)
+                    {
+                        throw syncGroupFirstException;
                     }
-
                     // 4 Set UseIdentity for given Storage Sync Service
                     updateParameters = new StorageSyncServiceUpdateParameters()
                     {