[Role] Migrate azure-mgmt-authorization SDK to Track 2 and bump API version to 2022-04-01

scripts/ci/credscan/CredScanSuppressions.json

@@ -146,6 +146,13 @@
       ],
       "_justification": "[IoT] response body contains random value recognized as secret"
     },
+    {
+      "file": [
+        "src\\azure-cli\\azure\\cli\\command_modules\\iot\\tests\\latest\\recordings\\test_hub_file_upload.yaml",
+        "src\\azure-cli\\azure\\cli\\command_modules\\iot\\tests\\latest\\recordings\\test_identity_hub.yaml"
+      ],
+      "_justification": "[IoT] One-off access key"
+    },
     {
       "placeholder": "+XLy+MVZ+aTeOnVzN2kLeB16O+kSxmz6g3rS6fAf6rw=",
       "_justification": "[IoT] hard code access key"
@@ -567,4 +574,4 @@
       "_justification": "Dummy self-signed certificate + private key used for testing only."
     }
   ]
-}
+}

src/azure-cli-core/azure/cli/core/commands/arm.py

@@ -711,7 +711,7 @@ def _find_property(instance, path):
 
 def assign_identity(cli_ctx, getter, setter, identity_role=None, identity_scope=None):
     import time
-    from msrestazure.azure_exceptions import CloudError
+    from azure.core.exceptions import HttpResponseError
 
     # get
     resource = getter()
@@ -726,7 +726,8 @@ def assign_identity(cli_ctx, getter, setter, identity_role=None, identity_scope=
         RoleAssignmentCreateParameters = get_sdk(cli_ctx, ResourceType.MGMT_AUTHORIZATION,
                                                  'RoleAssignmentCreateParameters', mod='models',
                                                  operation_group='role_assignments')
-        parameters = RoleAssignmentCreateParameters(role_definition_id=identity_role_id, principal_id=principal_id)
+        parameters = RoleAssignmentCreateParameters(role_definition_id=identity_role_id, principal_id=principal_id,
+                                                    principal_type=None)
 
         logger.info("Creating an assignment with a role '%s' on the scope of '%s'", identity_role_id, identity_scope)
         retry_times = 36
@@ -736,7 +737,7 @@ def assign_identity(cli_ctx, getter, setter, identity_role=None, identity_scope=
                 assignments_client.create(scope=identity_scope, role_assignment_name=assignment_name,
                                           parameters=parameters)
                 break
-            except CloudError as ex:
+            except HttpResponseError as ex:
                 if 'role assignment already exists' in ex.message:
                     logger.info('Role assignment already exists')
                     break

src/azure-cli-core/azure/cli/core/profiles/_shared.py

@@ -179,9 +179,9 @@ def default_api_version(self):
         ResourceType.MGMT_RESOURCE_PRIVATELINKS: '2020-05-01',
         ResourceType.MGMT_NETWORK_DNS: '2018-05-01',
         ResourceType.MGMT_KEYVAULT: '2022-07-01',
-        ResourceType.MGMT_AUTHORIZATION: SDKProfile('2020-04-01-preview', {
+        ResourceType.MGMT_AUTHORIZATION: SDKProfile('2022-04-01', {
             'classic_administrators': '2015-06-01',
-            'role_definitions': '2018-01-01-preview',
+            'role_definitions': '2022-04-01',
             'provider_operations_metadata': '2018-01-01-preview'
         }),
         ResourceType.MGMT_CONTAINERREGISTRY: SDKProfile('2022-02-01-preview', {

src/azure-cli/azure/cli/command_modules/acs/_roleassignments.py

@@ -28,6 +28,8 @@
 
 logger = get_logger(__name__)
 
+# pylint: disable=protected-access
+
 
 def resolve_role_id(role, scope, definitions_client):
     role_id = None
@@ -68,10 +70,10 @@ def add_role_assignment_executor(cmd, role, assignee, resource_group_name=None,
     definitions_client = factory.role_definitions
 
     # FIXME: is this necessary?
-    if assignments_client.config is None:
+    if assignments_client._config is None:
         raise AzCLIError("Assignments client config is undefined.")
 
-    scope = build_role_scope(resource_group_name, scope, assignments_client.config.subscription_id)
+    scope = build_role_scope(resource_group_name, scope, assignments_client._config.subscription_id)
 
     # XXX: if role is uuid, this function's output cannot be used as role assignment defintion id
     # ref: https://github.com/Azure/azure-cli/issues/2458
@@ -92,8 +94,9 @@ def add_role_assignment_executor(cmd, role, assignee, resource_group_name=None,
         operation_group="role_assignments",
     )
     if cmd.supported_api_version(min_api="2018-01-01-preview", resource_type=ResourceType.MGMT_AUTHORIZATION):
-        parameters = RoleAssignmentCreateParameters(role_definition_id=role_id, principal_id=object_id)
-        return assignments_client.create(scope, assignment_name, parameters, custom_headers=custom_headers)
+        parameters = RoleAssignmentCreateParameters(role_definition_id=role_id, principal_id=object_id,
+                                                    principal_type=None)
+        return assignments_client.create(scope, assignment_name, parameters, headers=custom_headers)
 
     # for backward compatibility
     RoleAssignmentProperties = get_sdk(
@@ -104,7 +107,7 @@ def add_role_assignment_executor(cmd, role, assignee, resource_group_name=None,
         operation_group="role_assignments",
     )
     properties = RoleAssignmentProperties(role_definition_id=role_id, principal_id=object_id)
-    return assignments_client.create(scope, assignment_name, properties, custom_headers=custom_headers)
+    return assignments_client.create(scope, assignment_name, properties, headers=custom_headers)
 
 
 def add_role_assignment(cmd, role, service_principal_msi_id, is_service_principal=True, delay=2, scope=None):
@@ -164,9 +167,9 @@ def search_role_assignments(
             f = "assignedTo('{}')".format(assignee_object_id)
         else:
             f = "principalId eq '{}'".format(assignee_object_id)
-        assignments = list(assignments_client.list(filter=f))
+        assignments = list(assignments_client.list_for_subscription(filter=f))
     else:
-        assignments = list(assignments_client.list())
+        assignments = list(assignments_client.list_for_subscription())
 
     if assignments:
         assignments = [
@@ -245,7 +248,7 @@ def delete_role_assignments_executor(
         if not prompt_y_n(msg, default="n"):
             return
 
-    scope = build_role_scope(resource_group_name, scope, assignments_client.config.subscription_id)
+    scope = build_role_scope(resource_group_name, scope, assignments_client._config.subscription_id)
     assignments = search_role_assignments(
         cli_ctx,
         assignments_client,