This is the issue I was speaking about with Brian yesterday.

The HostScopedRole* operations are clearly a copy&paste from ServerGroupScopedRole* operations. Sadly, there are few artifacts of this:

• HostScopedRoleAdd.performRuntime refers to attribute definitions from ServerGroupScopedRoleResourceDefinition, while it should use the ones from HostScopedRolesResourceDefinition
• all the HostScopedRoleAdd, HostScopedRoleRemove and HostScopedRoleWriteAttributeHandler operations expect that the hosts attribute will always contain a valid list, while it can easily be undefined (see HostScopedRolesResourceDefinition.HOSTS)