Skip to content

Commit 00fe3e5

Browse files
authored
{Role} az role assignment create: Show warning if --scope argument is not specified (#24755)
1 parent 2ecac33 commit 00fe3e5

File tree

2 files changed

+16
-8
lines changed

2 files changed

+16
-8
lines changed

src/azure-cli/azure/cli/command_modules/role/_help.py

Lines changed: 9 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -685,22 +685,23 @@
685685
helps['role assignment create'] = """
686686
type: command
687687
short-summary: Create a new role assignment for a user, group, or service principal.
688+
long-summary: >-
689+
--scope argument will become required for creating a role assignment in the breaking change release of the fall
690+
of 2023. Please explicitly specify --scope.
688691
examples:
689-
- name: Create role assignment for an assignee.
690-
text: az role assignment create --assignee sp_name --role a_role
692+
- name: Create role assignment to grant the specified assignee the Reader role on an Azure virtual machine.
693+
text: az role assignment create --assignee sp_name --role Reader --scope /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup/providers/Microsoft.Compute/virtualMachines/MyVm
691694
- name: Create role assignment for an assignee with description and condition.
692695
text: >-
693-
az role assignment create --role "Owner" --assignee "John.Doe@Contoso.com"
696+
az role assignment create --role Owner
697+
--scope /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup/providers/Microsoft.Storage/storageAccounts/MyStorageAccount
698+
--assignee "John.Doe@Contoso.com"
694699
--description "Role assignment foo to check on bar"
695700
--condition "@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:Name] stringEquals 'foo'"
696701
--condition-version "2.0"
697702
supported-profiles: latest
698-
- name: Create a new role assignment for a user, group, or service principal. (autogenerated)
699-
text: |
700-
az role assignment create --assignee 00000000-0000-0000-0000-000000000000 --role "Storage Account Key Operator Service Role" --scope $id
701-
crafted: true
702703
- name: Create role assignment with your own assignment name.
703-
text: az role assignment create --assignee-object-id 00000000-0000-0000-0000-000000000000 --assignee-principal-type ServicePrincipal --role Reader --scope /subscriptions/00000000-0000-0000-0000-000000000000 --name 00000000-0000-0000-0000-000000000000
704+
text: az role assignment create --assignee-object-id 00000000-0000-0000-0000-000000000000 --assignee-principal-type ServicePrincipal --role Reader --scope /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup --name 00000000-0000-0000-0000-000000000000
704705
"""
705706

706707

src/azure-cli/azure/cli/command_modules/role/custom.py

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,10 @@
5050
"The output includes credentials that you must protect. Be sure that you do not include these credentials in "
5151
"your code or check the credentials into your source control. For more information, see https://aka.ms/azadsp-cli")
5252

53+
SCOPE_WARNING = (
54+
"--scope argument will become required for creating a role assignment in the breaking change release of the fall "
55+
"of 2023. Please explicitly specify --scope.")
56+
5357
logger = get_logger(__name__)
5458

5559
# pylint: disable=too-many-lines, protected-access
@@ -148,6 +152,9 @@ def create_role_assignment(cmd, role, assignee=None, assignee_object_id=None, re
148152
scope=None, assignee_principal_type=None, description=None,
149153
condition=None, condition_version=None, assignment_name=None):
150154
"""Check parameters are provided correctly, then call _create_role_assignment."""
155+
if not scope:
156+
logger.warning(SCOPE_WARNING)
157+
151158
if bool(assignee) == bool(assignee_object_id):
152159
raise CLIError('usage error: --assignee STRING | --assignee-object-id GUID')
153160

0 commit comments

Comments
 (0)