Validate ServerId against local machine in Set-AzStorageSyncServer

[stefong99]

When ServerId is explicitly provided, call GetSyncServerId() via IEcsManagement to retrieve the local machine's server ID and verify it matches. This prevents accidental cross-machine misuse with a clear error message.

Also fix MockEcsManagementInteropClient.GetSyncServerId to use HttpMockServer.GetVariable for deterministic behavior in test playback mode.

Description

Mandatory Checklist

• Please choose the target release of Azure PowerShell. (⚠️Target release is a different concept from API readiness. Please click below links for details.)

  • General release
  • Public preview
  • Private preview
  • Engineering build
  • No need for a release

• Check this box to confirm: I have read the Submitting Changes section of CONTRIBUTING.md and reviewed the following information:

• SHOULD update ChangeLog.md file(s) appropriately
  • Update src/{{SERVICE}}/{{SERVICE}}/ChangeLog.md.
    • A snippet outlining the change(s) made in the PR should be written under the ## Upcoming Release header in the past tense.
  • Should not change ChangeLog.md if no new release is required, such as fixing test case only.
• SHOULD regenerate markdown help files if there is cmdlet API change. Instruction
• SHOULD have proper test coverage for changes in pull request.
• SHOULD NOT adjust version of module manually in pull request

[azure-client-tools-bot-prd]

Thanks for your contribution! The pull request validation has started. Please revisit this comment for updated status.

[Copilot]

Pull request overview

This PR hardens Set-AzStorageSyncServer by validating that an explicitly targeted ServerId matches the local machine’s Azure File Sync agent server ID, preventing accidental cross-machine operations. It also updates the test mock for GetSyncServerId() to be deterministic in playback mode.

Changes:

• Added local-machine ServerId retrieval via IEcsManagement.GetSyncServerId() and enforced match with the cmdlet target server ID.
• Updated RegisteredServers.Get(...) and “not found” messaging to use the resolved/validated server ID.
• Made MockEcsManagementInteropClient.GetSyncServerId() deterministic by using HttpMockServer.GetVariable(...) during playback/record.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File	Description
src/StorageSync/StorageSync/RegisteredServer/SetRegisteredServerCommand.cs	Retrieves local server ID via ECS interop and validates it matches the cmdlet’s target ServerId before proceeding.
src/StorageSync/StorageSync.Test/Common/MockEcsManagementInteropClient.cs	Ensures repeatable GetSyncServerId() values across test recording/playback.

[Copilot]

IEcsManagement implements IDisposable (and the real implementation wraps a COM object). Wrap the instance returned from CreateEcsManagement() in a using/try/finally to ensure COM handles are released promptly.

Suggested change

	IEcsManagement ecsManagement = StorageSyncClientWrapper.StorageSyncResourceManager.CreateEcsManagement();
	int hr = ecsManagement.GetSyncServerId(out string localServerId);
	if (hr != 0 || !Guid.TryParse(localServerId, out Guid localServerGuid))
	{
	throw new PSArgumentException("Unable to retrieve the local server ID. Ensure the Azure File Sync agent is installed and running.");
	string localServerId;
	Guid localServerGuid;
	using (IEcsManagement ecsManagement = StorageSyncClientWrapper.StorageSyncResourceManager.CreateEcsManagement())
	{
	int hr = ecsManagement.GetSyncServerId(out localServerId);
	if (hr != 0 || !Guid.TryParse(localServerId, out localServerGuid))
	{
	throw new PSArgumentException("Unable to retrieve the local server ID. Ensure the Azure File Sync agent is installed and running.");
	}

[Copilot]

The cmdlet calls into the local agent (GetSyncServerId) before verifying that -Identity was supplied. This can change the error users get when they omit -Identity (and can fail on machines without the agent even though the invocation is already invalid). Consider checking/enforcing -Identity first, then retrieving/validating the local server ID.

[Copilot]

The error message conflates two different cases: (1) ServerId is not a valid GUID and (2) it is a valid GUID but doesn’t match the local machine. Consider splitting these conditions so an invalid GUID gets a clear format/validation error, and consider wording that also makes sense when InputObject is used (not just when -ServerId is explicitly provided).

Suggested change

	if (!Guid.TryParse(resourceName, out Guid resourceServerGuid) || resourceServerGuid != localServerGuid)
	{
	throw new PSArgumentException($"The provided ServerId '{resourceName}' does not match the local machine's server ID '{localServerGuid}'. Run this command on the correct server.");
	}
	if (!Guid.TryParse(resourceName, out Guid resourceServerGuid))
	{
	throw new PSArgumentException($"The server ID '{resourceName}' is not a valid GUID.");
	}
	if (resourceServerGuid != localServerGuid)
	{
	throw new PSArgumentException($"The server ID '{resourceName}' does not match the local machine's server ID '{localServerGuid}'. Run this command on the correct server.");
	}

[Copilot]

New behavior (rejecting a non-local ServerId) doesn’t appear to have a negative test. Since StorageSync.Test/ScenarioTests/RegisteredServerTests.ps1 already covers Set-AzStorageSyncServer success paths, add a scenario test that passes a different GUID and asserts the cmdlet throws the expected PSArgumentException so playback/recording covers this validation.

[VeryEarly]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 3 pipeline(s).