update

Author: xmuhammad-xali

src/fleet/azext_fleet/_helpers.py

@@ -161,7 +161,8 @@ def assign_network_contributor_role_to_subnet(cmd, object_id, subnet_id):
         logger.warning("Failed to create Network Contributor role assignment on the subnet %s.\n"
                        "This role assignment is required for the managed identity to access the subnet.\n"
                        "Please ensure you have sufficient permissions, or ask an administrator to run:\n"
-                       "az role assignment create --assignee %s --role 'Network Contributor' --scope %s",
+                       "az role assignment create --assignee-principal-type ServicePrincipal --assignee-object-id %s "
+                       "--role 'Network Contributor' --scope %s",
                        subnet_id, object_id, subnet_id)
 
 

src/fleet/azext_fleet/_validators.py

@@ -61,9 +61,10 @@ def validate_assign_identity(namespace):
 
 
 def validate_enable_vnet_integration(namespace):
-    if namespace.enable_vnet_integration and not namespace.enable_managed_identity:
-        raise CLIError("--enable-vnet-integration requires managed identity to be enabled. "
-                       "Please add --enable-managed-identity to your command.")
+    if namespace.enable_vnet_integration:
+        if not namespace.enable_managed_identity or namespace.assign_identity is None:
+            raise CLIError("--enable-vnet-integration requires user assigned managed identity to be enabled. "
+                           "Please add --enable-managed-identity and --assign-identity <identity-id> to your command.")
 
 
 def validate_targets(namespace):