Skip to content

Commit edcfed5

Browse files
author
Mai Nguyen (from Dev Box)
committed
remove [system]
1 parent 049fa4e commit edcfed5

15 files changed

Lines changed: 531 additions & 549 deletions

src/acrtransfer/azext_acrtransfer/_breaking_change.py

Lines changed: 0 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -4,14 +4,3 @@
44
# --------------------------------------------------------------------------------------------
55

66
from azure.cli.core.breaking_change import register_logic_breaking_change
7-
8-
register_logic_breaking_change('acr export-pipeline create', 'Add required parameter --storage-access-mode',
9-
detail='A new required parameter `--storage-access-mode` will be added. '
10-
'Allowed values: `ManagedIdentity`, `SasToken`.',
11-
doc_link="https://aka.ms/acr/transfer")
12-
13-
14-
register_logic_breaking_change('acr import-pipeline create', 'Add required parameter --storage-access-mode',
15-
detail='A new required parameter `--storage-access-mode` will be added. '
16-
'Allowed values: `ManagedIdentity`, `SasToken`.',
17-
doc_link="https://aka.ms/acr/transfer")

src/acrtransfer/azext_acrtransfer/_help.py

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -30,8 +30,6 @@
3030
text: az acr import-pipeline create --resource-group $MyRG --registry $MyReg --name $MyPipeline --storage-access-mode SasToken --secret-uri https://$MyKV.vault.azure.net/secrets/$MySecret --storage-container-uri https://$MyStorage.blob.core.windows.net/$MyContainer
3131
- name: Create an import pipeline with system-assigned managed identity (automatic provisioning).
3232
text: az acr import-pipeline create --resource-group $MyRG --registry $MyReg --name $MyPipeline --storage-access-mode ManagedIdentity --storage-container-uri https://$MyStorage.blob.core.windows.net/$MyContainer
33-
- name: Create an import pipeline with explicit system-assigned managed identity.
34-
text: az acr import-pipeline create --resource-group $MyRG --registry $MyReg --name $MyPipeline --storage-access-mode ManagedIdentity --storage-container-uri https://$MyStorage.blob.core.windows.net/$MyContainer --assign-identity [system]
3533
- name: Create an import pipeline with user-assigned managed identity and all available options.
3634
text: az acr import-pipeline create --resource-group $MyRG --registry $MyReg --name $MyPipeline --storage-access-mode ManagedIdentity --storage-container-uri https://$MyStorage.blob.core.windows.net/$MyContainer --options DeleteSourceBlobOnSuccess OverwriteTags ContinueOnErrors --assign-identity /subscriptions/$MySubID/resourceGroups/$MyRG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$MyIdentity --source-trigger-enabled False
3735
"""
@@ -68,8 +66,6 @@
6866
text: az acr export-pipeline create --resource-group $MyRG --registry $MyReg --name $MyPipeline --storage-access-mode SasToken --secret-uri https://$MyKV.vault.azure.net/secrets/$MySecret --storage-container-uri https://$MyStorage.blob.core.windows.net/$MyContainer
6967
- name: Create an export pipeline with system-assigned managed identity (automatic provisioning).
7068
text: az acr export-pipeline create --resource-group $MyRG --registry $MyReg --name $MyPipeline --storage-access-mode ManagedIdentity --storage-container-uri https://$MyStorage.blob.core.windows.net/$MyContainer
71-
- name: Create an export pipeline with explicit system-assigned managed identity.
72-
text: az acr export-pipeline create --resource-group $MyRG --registry $MyReg --name $MyPipeline --storage-access-mode ManagedIdentity --storage-container-uri https://$MyStorage.blob.core.windows.net/$MyContainer --assign-identity [system]
7369
- name: Create an export pipeline with user-assigned managed identity and all available options.
7470
text: az acr export-pipeline create --resource-group $MyRG --registry $MyReg --name $MyPipeline --storage-access-mode ManagedIdentity --storage-container-uri https://$MyStorage.blob.core.windows.net/$MyContainer --options OverwriteBlobs ContinueOnErrors --assign-identity /subscriptions/$MySubID/resourceGroups/$MyRG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$MyIdentity
7571
"""

src/acrtransfer/azext_acrtransfer/_params.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,9 @@ def load_arguments(self, _):
1616
c.argument('location', validator=get_default_location_from_resource_group)
1717
c.argument('registry_name', options_list=['--registry', '-r'], help='Name of registry.')
1818
c.argument('storage_account_container_uri', options_list=['--storage-container-uri', '-c'], validator=validate_storage_account_container_uri, help='Storage account container URI of the source or target storage account container of the form https://$MyStorageAccount.blob.core.windows.net/$MyContainer. Note that the URI may be different outside of AzureCloud.')
19-
c.argument('storage_access_mode', options_list=['--storage-access-mode', '-m'], validator=validate_storage_access_mode_and_secret_uri, help='Storage account access mode. Allowed values: ManagedIdentity, SasToken. When using ManagedIdentity, a managed identity is required (use --assign-identity).')
19+
c.argument('storage_access_mode', options_list=['--storage-access-mode', '-m'], validator=validate_storage_access_mode_and_secret_uri, help='Storage account access mode. Allowed values: ManagedIdentity, SasToken.')
2020
c.argument('keyvault_secret_uri', options_list=['--secret-uri', '-s'], validator=validate_keyvault_secret_uri, help='Keyvault secret URI containing a valid SAS token to the associated storage account of the form https://$MyKeyvault.vault.azure.net/secrets/$MySecret. Note that the URI may be different outside of AzureCloud. Required when --storage-access-mode is SasToken.')
21-
c.argument('user_assigned_identity_resource_id', options_list=['--assign-identity', '-i'], validator=validate_user_assigned_identity_resource_id, help='Managed identity for the pipeline. Provide a user-assigned identity resource ID of the form /subscriptions/$MySubID/resourceGroups/$MyRG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$MyIdentity, or use [system] to provision a system-assigned identity. When using --storage-access-mode ManagedIdentity, if not specified or if [system] is used, a system-assigned managed identity will be automatically provisioned.')
21+
c.argument('user_assigned_identity_resource_id', options_list=['--assign-identity', '-i'], validator=validate_user_assigned_identity_resource_id, help='Managed identity for the pipeline. Provide a user-assigned identity resource ID of the form /subscriptions/$MySubID/resourceGroups/$MyRG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$MyIdentity. If not specified, a system-assigned managed identity will be automatically provisioned.')
2222

2323
with self.argument_context('acr import-pipeline') as c:
2424
c.argument('options', options_list=['--options', '-z'], nargs='+', validator=validate_import_options, help='Space-separated list of options. May only contain the following options: DeleteSourceBlobOnSuccess,OverwriteTags,ContinueOnErrors,DisableSourceTrigger.')

src/acrtransfer/azext_acrtransfer/_validators.py

Lines changed: 1 addition & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -61,16 +61,11 @@ def validate_user_assigned_identity_resource_id(namespace):
6161
if identity_id is None:
6262
return
6363

64-
# Handle [system] keyword for system-assigned identity
65-
if identity_id.lower() == "[system]":
66-
namespace.user_assigned_identity_resource_id = None
67-
return
68-
6964
if "/providers/Microsoft.ManagedIdentity/userAssignedIdentities/" not in identity_id:
7065
valid = False
7166

7267
if not valid:
73-
logger.warning("Invalid user assigned identity resource ID. Please provide a user assigned identity resource ID of the form /subscriptions/$MySubID/resourceGroups/$MyRG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$MyIdentity or use [system] for system-assigned identity.")
68+
logger.warning("Invalid user assigned identity resource ID. Please provide a user assigned identity resource ID of the form /subscriptions/$MySubID/resourceGroups/$MyRG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/$MyIdentity.")
7469

7570

7671
def validate_import_options(namespace):

src/acrtransfer/azext_acrtransfer/exportpipeline.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -96,6 +96,7 @@ def create_exportpipeline(client, resource_group_name, registry_name, export_pip
9696
# Display permission guidance
9797
pipeline_identity = result.identity
9898
if pipeline_identity:
99+
principal_id = None
99100
# For system-assigned identity, principal_id is at the top level
100101
if pipeline_identity.principal_id:
101102
principal_id = pipeline_identity.principal_id

src/acrtransfer/azext_acrtransfer/importpipeline.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -99,6 +99,7 @@ def create_importpipeline(client, resource_group_name, registry_name, import_pip
9999
# Display permission guidance
100100
pipeline_identity = result.identity
101101
if pipeline_identity:
102+
principal_id = None
102103
# For system-assigned identity, principal_id is at the top level
103104
if pipeline_identity.principal_id:
104105
principal_id = pipeline_identity.principal_id

src/acrtransfer/azext_acrtransfer/tests/latest/recordings/test_acr_export_pipeline_entra_mi_auth_no_identity.yaml

Lines changed: 55 additions & 55 deletions
Large diffs are not rendered by default.

src/acrtransfer/azext_acrtransfer/tests/latest/recordings/test_acr_export_pipeline_entra_mi_auth_user_assigned.yaml

Lines changed: 65 additions & 65 deletions
Large diffs are not rendered by default.

src/acrtransfer/azext_acrtransfer/tests/latest/recordings/test_acr_export_pipeline_entra_mi_auth_with_secret_uri_fails.yaml

Lines changed: 38 additions & 38 deletions
Large diffs are not rendered by default.

0 commit comments

Comments
 (0)