Add: Support for adding and removing Managed Identity records associated with a plugin assembly

[mkholt]

This pull request introduces support for managing "Managed Identity" records for plugin assemblies in Dataverse, including the ability to create, link, and remove managed identities via new sync commands. It adds new data models, service interfaces, and implementations to facilitate these operations, and updates the configuration and dependency injection to support the new identity sync functionality.

Managed Identity feature implementation:

• Added new entity model ManagedIdentity and related option sets (managedidentity_credentialsource, managedidentity_subjectscope) to represent managed identities in Dataverse. [1] [2] [3]
• Introduced IManagedIdentityReader and IManagedIdentityWriter interfaces, with corresponding implementations (ManagedIdentityReader, ManagedIdentityWriter) to handle reading, creating, linking, and removing managed identities for plugin assemblies. [1] [2] [3] [4]
• Registered new managed identity services in dependency injection (AddDataverseServices, AddIdentityService) for use in the application. [1] [2]

Sync command and configuration enhancements:

• Added new sync item and command options for identity operations (IdentitySyncItem, IdentityCommandOptions, IdentityOperation enum), and updated SyncItem type discrimination to support the new identity type. [1] [2] [3]
• Implemented IdentitySyncService to handle "Ensure" and "Remove" operations for managed identities, integrating with the new managed identity services and providing detailed logging and error handling.

Dataverse writer interface and implementation updates:

• Extended IDataverseWriter and its implementations to support entity deletion via a new Delete(Entity entity) method, enabling removal of managed identities. [1] [2] [3]

[Copilot]

Pull request overview

Adds first-class support in XrmSync for creating/linking and removing Dataverse Managed Identity records for plugin assemblies, including a new CLI command and the necessary Dataverse models/read-write services.

Changes:

• Introduces identity sync/CLI command and configuration model (IdentitySyncItem, IdentityCommandOptions, IdentityOperation) plus validation and config parsing.
• Adds Dataverse managed identity entity + option sets, and reader/writer services to create/link/remove identities.
• Extends IDataverseWriter with Delete(Entity) and wires new services into DI; adds unit tests for identity sync and config/validation.

Reviewed changes

Copilot reviewed 30 out of 31 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
appsettings.json	Adds managedidentity to generated context + integration metadata entity lists.
XrmSync/Program.cs	Registers the new IdentityCommand with the CLI.
XrmSync/Options/XrmSyncConfigurationValidator.cs	Adds Identity sync-item validation + GUID validation helper; refactors assembly path validation.
XrmSync/Options/XrmSyncConfigurationBuilder.cs	Parses Identity sync items from config using new TypeName constants.
XrmSync/Options/IConfigurationBuilder.cs	Adds ConfigurationScope.Identity and includes it in All.
XrmSync/Constants/CliOptions.cs	Defines CLI option constants for managed identity operation/client/tenant IDs.
XrmSync/Commands/XrmSyncRootCommand.cs	Adds execution path to invoke identity subcommand from profile sync items.
XrmSync/Commands/XrmSyncCommandBase.cs	Adds shared helper GetRequiredProfile for consistent profile resolution errors.
XrmSync/Commands/WebresourceSyncCommand.cs	Uses new GetRequiredProfile helper.
XrmSync/Commands/PluginSyncCommand.cs	Uses new GetRequiredProfile helper.
XrmSync/Commands/PluginAnalyzeCommand.cs	Uses new GetRequiredProfile helper.
XrmSync/Commands/IdentityCommand.cs	New CLI command to run Ensure/Remove managed identity operations.
SyncService/IdentitySyncService.cs	New sync service implementing Ensure/Remove workflows for managed identities.
SyncService/Extensions/ServiceCollectionExtensions.cs	Adds AddIdentityService() DI registration.
Model/XrmSyncOptions.cs	Adds identity sync models/enums and standardizes sync-item type names.
Dataverse/ManagedIdentityWriter.cs	Implements create/link/remove operations via IDataverseWriter.
Dataverse/ManagedIdentityReader.cs	Queries plugin assembly managed identity within a solution.
Dataverse/Interfaces/IManagedIdentityWriter.cs	New writer interface for managed identity operations.
Dataverse/Interfaces/IManagedIdentityReader.cs	New reader interface for managed identity lookup.
Dataverse/Interfaces/IDataverseWriter.cs	Adds Delete(Entity) to enable single-entity deletion.
Dataverse/Extensions/ServiceCollectionExtensions.cs	Registers managed identity reader/writer in AddDataverseServices().
Dataverse/DryRunDataverseWriter.cs	Implements Delete(Entity) for dry-run logging.
Dataverse/DataverseWriter.cs	Implements Delete(Entity) against Dataverse service.
Dataverse/Context/tables/ManagedIdentity.cs	Adds generated Dataverse entity model for managedidentity.
Dataverse/Context/OptionSets/managedidentity_subjectscope.cs	Adds generated option set for subject scope.
Dataverse/Context/OptionSets/managedidentity_credentialsource.cs	Adds generated option set for credential source.
Tests/ManagedIdentity/IdentitySyncServiceTests.cs	Adds unit tests for Ensure/Remove behavior.
Tests/Config/OptionsValidationTests.cs	Adds identity validation test coverage (paths + GUID validation).
Tests/Config/NamedConfigurationTests.cs	Adds config parsing tests for identity sync items and operation parsing.
.gitignore	Ignores local Claude settings file.
.claude/settings.json	Updates Claude tool allowlist.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 46 out of 47 changed files in this pull request and generated 4 comments.

Comments suppressed due to low confidence (1)

SyncService/Difference/PrintService.cs:28

• PrintService.PrintHeader no longer logs the tool header/version or the DRY RUN banner. XrmSyncRootCommand prints these, but when users run sub-commands directly (e.g., xrmsync plugins ..., xrmsync webresources ..., xrmsync identity ...) there’s no longer any place that outputs this information. Consider moving the tool header + dry-run banner logging to a shared execution path for all sync subcommands (e.g., XrmSyncSyncCommandBase.CommandAction) or reintroducing it in PrintService so output remains consistent across invocation modes.

	public void PrintHeader(PrintHeaderOptions options)
	{
		if (!string.IsNullOrWhiteSpace(options.Message))
		{
			log.LogInformation("{message}", options.Message);
		}

		if (options.PrintConnection)
		{
			log.LogInformation("Connected to Dataverse at {dataverseUrl}", dataverseReader.ConnectedHost);
		}

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 46 out of 47 changed files in this pull request and generated 1 comment.

Comments suppressed due to low confidence (1)

SyncService/Difference/PrintService.cs:24

• PrintHeader no longer logs the tool header and DryRun banner (these were removed when IDescription was dropped). This means running subcommands directly (e.g., xrmsync plugins, xrmsync webresources, xrmsync identity) won’t show the tool/version header or dry-run warning anymore—only the root-profile runner prints them. Consider moving the header/dry-run logging to a shared place that runs for all commands (e.g., XrmSyncSyncCommandBase.CommandAction) or reinstating it in PrintService with a way to avoid duplication when executing multiple sync items from the root handler.

	public void PrintHeader(PrintHeaderOptions options)
	{
		if (!string.IsNullOrWhiteSpace(options.Message))
		{
			log.LogInformation("{message}", options.Message);
		}

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.