style

Mai Nguyen (from Dev Box) · Mai Nguyen (from Dev Box) · commit 049fa4ef3fb1 · 2026-04-07T13:02:53.000-07:00
diff --git a/src/acrtransfer/azext_acrtransfer/exportpipeline.py b/src/acrtransfer/azext_acrtransfer/exportpipeline.py
@@ -18,52 +18,50 @@
 
 def _extract_storage_account_resource_id(subscription_id, resource_group_name, container_uri):
     """Extract storage account resource ID from container URI.
-    Used for permission guidance messages 
+    Used for permission guidance messages
     Expected format: https://<storage-account-name>.blob.core.windows.net/<container-name>
     """
     try:
         parsed = urlparse(container_uri)
         storage_account_name = parsed.hostname.split('.')[0]
         return f"/subscriptions/{subscription_id}/resourceGroups/{resource_group_name}/providers/Microsoft.Storage/storageAccounts/{storage_account_name}"
-    except Exception:
+    except Exception:  # pylint: disable=broad-exception-caught
         return "<storage-account-resource-id>"
 
 
 def _extract_keyvault_resource_id(subscription_id, resource_group_name, keyvault_secret_uri):
     """Extract key vault resource ID from secret URI.
-    Used for permission guidance messages 
+    Used for permission guidance messages
     Expected format: https://<keyvault-name>.vault.azure.net/secrets/<secret-name>
     """
     try:
         parsed = urlparse(keyvault_secret_uri)
         keyvault_name = parsed.hostname.split('.')[0]
         return f"/subscriptions/{subscription_id}/resourceGroups/{resource_group_name}/providers/Microsoft.KeyVault/vaults/{keyvault_name}"
-    except Exception:
+    except Exception:  # pylint: disable=broad-exception-caught
         return "<key-vault-resource-id>"
 
 
 def _display_permission_guidance(storage_access_mode, principal_id, subscription_id, resource_group_name, container_uri, keyvault_secret_uri=None):
     """Display permission guidance for the managed identity."""
-
-
     if storage_access_mode == 'ManagedIdentity':
         storage_resource_id = _extract_storage_account_resource_id(subscription_id, resource_group_name, container_uri)
         role = "Storage Blob Data Contributor"
 
         logger.warning("")
-        logger.warning(f"Please ensure that the Managed Identity of the pipeline (Object ID: {principal_id}) has the necessary permissions to access the Storage Account Blob Container.")
+        logger.warning("Please ensure that the Managed Identity of the pipeline (Object ID: %s) has the necessary permissions to access the Storage Account Blob Container.", principal_id)
         logger.warning("Please run:")
-        logger.warning(f"  az role assignment create --assignee \"{principal_id}\" --role \"{role}\" --scope \"{storage_resource_id}\"")
+        logger.warning("  az role assignment create --assignee \"%s\" --role \"%s\" --scope \"%s\"", principal_id, role, storage_resource_id)
         logger.warning("Note: If the Storage Account is in a different resource group, update the --scope parameter accordingly.")
         logger.warning("")
     elif storage_access_mode == 'SasToken' and keyvault_secret_uri:
         keyvault_resource_id = _extract_keyvault_resource_id(subscription_id, resource_group_name, keyvault_secret_uri)
         role = "Key Vault Secrets User"
 
         logger.warning("")
-        logger.warning(f"Please ensure that the Managed Identity of the pipeline (Object ID: {principal_id}) has the necessary permissions to access the Key Vault Secret containing the Storage Account SAS Key.")
+        logger.warning("Please ensure that the Managed Identity of the pipeline (Object ID: %s) has the necessary permissions to access the Key Vault Secret containing the Storage Account SAS Key.", principal_id)
         logger.warning("Please run:")
-        logger.warning(f"  az role assignment create --assignee \"{principal_id}\" --role \"{role}\" --scope \"{keyvault_resource_id}\"")
+        logger.warning("  az role assignment create --assignee \"%s\" --role \"%s\" --scope \"%s\"", principal_id, role, keyvault_resource_id)
         logger.warning("Note: If the Key Vault is in a different resource group, update the --scope parameter accordingly.")
         logger.warning("")
 
diff --git a/src/acrtransfer/azext_acrtransfer/importpipeline.py b/src/acrtransfer/azext_acrtransfer/importpipeline.py
@@ -17,28 +17,28 @@
 
 def _extract_storage_account_resource_id(subscription_id, resource_group_name, container_uri):
     """Extract storage account resource ID from container URI.
-    Used for permission guidance messages 
+    Used for permission guidance messages
     Expected format: https://<storage-account-name>.blob.core.windows.net/<container-name>
     """
     try:
         # Parse the URI to get storage account name
         parsed = urlparse(container_uri)
         storage_account_name = parsed.hostname.split('.')[0]
         return f"/subscriptions/{subscription_id}/resourceGroups/{resource_group_name}/providers/Microsoft.Storage/storageAccounts/{storage_account_name}"
-    except Exception:
+    except Exception:  # pylint: disable=broad-exception-caught
         return "<storage-account-resource-id>"
 
 
 def _extract_keyvault_resource_id(subscription_id, resource_group_name, keyvault_secret_uri):
     """Extract key vault resource ID from secret URI.
-    Used for permission guidance messages 
+    Used for permission guidance messages
     Expected format: https://<keyvault-name>.vault.azure.net/secrets/<secret-name>
     """
     try:
         parsed = urlparse(keyvault_secret_uri)
         keyvault_name = parsed.hostname.split('.')[0]
         return f"/subscriptions/{subscription_id}/resourceGroups/{resource_group_name}/providers/Microsoft.KeyVault/vaults/{keyvault_name}"
-    except Exception:
+    except Exception:  # pylint: disable=broad-exception-caught
         return "<key-vault-resource-id>"
 
 
@@ -50,19 +50,19 @@ def _display_permission_guidance(storage_access_mode, principal_id, subscription
         role = "Storage Blob Data Reader"
 
         logger.warning("")
-        logger.warning(f"Please ensure that the Managed Identity of the pipeline (Object ID: {principal_id}) has the necessary permissions to access the Storage Account Blob Container.")
+        logger.warning("Please ensure that the Managed Identity of the pipeline (Object ID: %s) has the necessary permissions to access the Storage Account Blob Container.", principal_id)
         logger.warning("Please run:")
-        logger.warning(f"  az role assignment create --assignee \"{principal_id}\" --role \"{role}\" --scope \"{storage_resource_id}\"")
+        logger.warning("  az role assignment create --assignee \"%s\" --role \"%s\" --scope \"%s\"", principal_id, role, storage_resource_id)
         logger.warning("Note: If the Storage Account is in a different resource group, update the --scope parameter accordingly.")
         logger.warning("")
     elif storage_access_mode == 'SasToken':
         keyvault_resource_id = _extract_keyvault_resource_id(subscription_id, resource_group_name, keyvault_secret_uri)
         role = "Key Vault Secrets User"
 
         logger.warning("")
-        logger.warning(f"Please ensure that the Managed Identity of the pipeline (Object ID: {principal_id}) has the necessary permissions to access the Key Vault Secret containing the Storage Account SAS Key.")
+        logger.warning("Please ensure that the Managed Identity of the pipeline (Object ID: %s) has the necessary permissions to access the Key Vault Secret containing the Storage Account SAS Key.", principal_id)
         logger.warning("Please run:")
-        logger.warning(f"  az role assignment create --assignee \"{principal_id}\" --role \"{role}\" --scope \"{keyvault_resource_id}\"")
+        logger.warning("  az role assignment create --assignee \"%s\" --role \"%s\" --scope \"%s\"", principal_id, role, keyvault_resource_id)
         logger.warning("Note: If the Key Vault is in a different resource group, update the --scope parameter accordingly.")
         logger.warning("")
 
diff --git a/src/acrtransfer/azext_acrtransfer/pipelinerun.py b/src/acrtransfer/azext_acrtransfer/pipelinerun.py
@@ -93,7 +93,7 @@ def get_pipelinerun(client, resource_group_name, registry_name, pipeline_run_nam
                 logger.warning("Authenticating to Storage Account using Entra Managed Identity.")
             elif storage_access_mode == 'SasToken':
                 logger.warning("Authenticating to Storage Account using Storage SAS Token.")
-        except Exception:
+        except Exception:  # pylint: disable=broad-exception-caught
             logger.warning("Unable to determine authentication method used for this pipeline run.")
 
     return result
