Clean up implementation

kamperiadis · kamperiadis · commit f1dfff0749ac · 2025-07-31T17:37:13.000-05:00
diff --git a/src/azure-cli/azure/cli/command_modules/appservice/custom.py b/src/azure-cli/azure/cli/command_modules/appservice/custom.py
@@ -1248,7 +1248,9 @@ def _migrate_site_properties(cmd, source, resource_group, name):
         functionapp.client_cert_mode = source.client_cert_mode
         functionapp.client_cert_exclusion_paths = source.client_cert_exclusion_paths
 
-        set_functionapp(cmd, resource_group, name, parameters=functionapp)
+        poller = set_functionapp(cmd, resource_group, name, parameters=functionapp)
+        LongRunningOperation(cmd.cli_ctx)(poller)
+
         logger.warning("Successfully updated the following properties for function app '%s': "
                        "https_only, client_cert_enabled, client_cert_mode, client_cert_exclusion_paths", name)
     except Exception as e:  # pylint: disable=broad-except
@@ -1286,10 +1288,10 @@ def _migrate_cors_settings(cmd, source_site_configs, source_name, resource_group
                    source_name, name)
     try:
         source_cors_settings = source_site_configs.cors
-        if source_cors_settings and source_cors_settings.allowed_origins:
-            add_cors(cmd, resource_group, name, source_cors_settings.allowed_origins)
-            logger.warning("Successfully migrated CORS allowed origins")
-        if source_cors_settings and source_cors_settings.support_credentials:
+        add_cors(cmd, resource_group, name, source_cors_settings.allowed_origins)
+        cors_allowed_origins = ', '.join(source_cors_settings.allowed_origins)
+        logger.warning("Successfully migrated CORS allowed origins: %s", cors_allowed_origins)
+        if source_cors_settings.support_credentials:
             enable_credentials(cmd, resource_group, name, enable=True)
             logger.warning("Enabled Access-Control-Allow-Credentials")
     except Exception as e:  # pylint: disable=broad-except
@@ -1385,8 +1387,7 @@ def _migrate_access_restrictions(cmd, source_resource_group, source_name, resour
         default_action = source_restrictions.get('ipSecurityRestrictionsDefaultAction')
         scm_default_action = source_restrictions.get('scmIpSecurityRestrictionsDefaultAction')
 
-        # validated
-        if scm_use_main is not None or default_action or scm_default_action:
+        if scm_use_main or default_action or scm_default_action:
             try:
                 access_restrictions.set_webapp_access_restriction(
                     cmd, resource_group, name,
@@ -1445,7 +1446,7 @@ def _add_single_access_restriction(cmd, resource_group, name, restriction, scm_s
                 description=description,
                 scm_site=scm_site,
                 ignore_missing_vnet_service_endpoint=True,
-                http_headers=_format_headers_for_add(headers) if headers else None
+                http_headers=_format_headers(headers) if headers else None
             )
             logger.warning("Migrated %s subnet restriction: %s (Priority: %d)",
                            "SCM" if scm_site else "main", rule_name or subnet_id, priority)
@@ -1462,7 +1463,7 @@ def _add_single_access_restriction(cmd, resource_group, name, restriction, scm_s
                     service_tag=ip_address,
                     description=description,
                     scm_site=scm_site,
-                    http_headers=_format_headers_for_add(headers) if headers else None
+                    http_headers=_format_headers(headers) if headers else None
                 )
                 logger.warning("Migrated %s service tag restriction: %s (Priority: %d)",
                                "SCM" if scm_site else "main", rule_name or ip_address, priority)
@@ -1477,7 +1478,7 @@ def _add_single_access_restriction(cmd, resource_group, name, restriction, scm_s
                     ip_address=ip_address,
                     description=description,
                     scm_site=scm_site,
-                    http_headers=_format_headers_for_add(headers) if headers else None
+                    http_headers=_format_headers(headers) if headers else None
                 )
                 logger.warning("Migrated %s IP restriction: %s (Priority: %d)",
                                "SCM" if scm_site else "main", rule_name or ip_address, priority)
@@ -1487,7 +1488,7 @@ def _add_single_access_restriction(cmd, resource_group, name, restriction, scm_s
                      "SCM" if scm_site else "main", rule_name or 'unnamed', str(e))
 
 
-def _format_headers_for_add(headers_dict):
+def _format_headers(headers_dict):
     if not headers_dict:
         return None
 
@@ -1508,24 +1509,29 @@ def _migrate_managed_identities_and_roles(cmd, source, resource_group, name):
 
         source_identity = source.identity
 
-        if source_identity and 'SystemAssigned' in source_identity.type:
-            system_role_assignments = list_role_assignments(cmd,
-                                                            assignee_object_id=source_identity.principal_id,
-                                                            show_all=True)
+        if source_identity:
+            if 'SystemAssigned' in source_identity.type:
+                system_role_assignments = list_role_assignments(cmd,
+                                                                assignee_object_id=source_identity.principal_id,
+                                                                show_all=True)
+
+                assign_identity(cmd, resource_group, name, assign_identities=['[system]'])
+                target_identity = show_identity(cmd, resource_group, name)
+                logger.warning("Assigned system-assigned identity to target function app '%s' with principal ID '%s'",
+                            name, target_identity.principal_id)
+                _migrate_role_assignments(cmd, system_role_assignments, target_identity.principal_id)
 
-            assign_identity(cmd, resource_group, name, assign_identities=['[system]'])
-            target_identity = show_identity(cmd, resource_group, name)
-            logger.warning("Assigned system-assigned identity to target function app '%s' with principal ID '%s'",
-                           name, target_identity.principal_id)
-            _migrate_role_assignments(cmd, system_role_assignments, target_identity.principal_id)
+            if source_identity.user_assigned_identities:
+                user_identity_ids = list(source_identity.user_assigned_identities.keys())
+                assign_identity(cmd, resource_group, name, assign_identities=user_identity_ids)
+                logger.warning("Assigned user-assigned identities to target function app '%s': %s",
+                            name, ', '.join(user_identity_ids))
 
-        if source_identity and source_identity.user_assigned_identities:
-            user_identity_ids = list(source_identity.user_assigned_identities.keys())
-            assign_identity(cmd, resource_group, name, assign_identities=user_identity_ids)
-            logger.warning("Assigned user-assigned identities to target function app '%s': %s",
-                           name, ', '.join(user_identity_ids))
+            logger.warning("Successfully migrated managed identities and role assignments")
 
-        logger.warning("Successfully migrated managed identities and role assignments")
+        else:
+            logger.warning("No managed identities found in source function app '%s'. No action needed.",
+                           source.name)
 
     except Exception as e:  # pylint: disable=broad-except
         logger.warning("Failed to migrate managed identities and role assignments with error %s. Run "
