Describe the bug
Whether the "--scope" argument in a command is placed at the beginning, middle, or end of a command shouldn't matter, but the "az role assignment create" command seems to fail if the "--scope" argument is placed at the end of the command.
Does NOT work: az role assignment create --role Contributor --assignee-principal-type ServicePrincipal --assignee-object-id $spObjId --scope /subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RES_GROUP
Works: az role assignment create --scope /subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RES_GROUP --role Contributor --assignee-principal-type ServicePrincipal --assignee-object-id $spObjId
Related command
az login
# Example values, to test replace these with an actual resource group and subscription id in your environment
$RES_GROUP="example-resource-group"
$SUBSCRIPTION_ID="abcdefgh-abcd-1234-abcd-abcdef1234"
# Set the subscription ID
az account set --subscription "$SUBSCRIPTION_ID"
# replace EXAMPLE_SERVICE_PRINCIPAL with an actual service principal in your environment
$spObjId = az ad sp list --display-name 'EXAMPLE_SERVICE_PRINCIPAL' --query '[0].id || [0].objectId' -o tsv | Out-String
# Fails
az role assignment create --role Contributor --assignee-principal-type ServicePrincipal --assignee-object-id $spObjId --scope /subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RES_GROUP
# Succeeds
az role assignment create --scope /subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RES_GROUP --role Contributor --assignee-principal-type ServicePrincipal --assignee-object-id $spObjId
Errors
the following arguments are required: --scope
Examples from AI knowledge base:
az role assignment create --assignee sp_name --role a_role
Create role assignment for an assignee.
az role assignment create --assignee 00000000-0000-0000-0000-000000000000 --role "Storage Account Key Operator Service Role" --scope $id
Create a new role assignment for a user, group, or service principal. (autogenerated)
https://docs.microsoft.com/en-US/cli/azure/role/assignment#az_role_assignment_create
Read more about the command in reference docs
Issue script & Debug output
the following arguments are required: --scope
Examples from AI knowledge base:
az role assignment create --assignee sp_name --role a_role
Create role assignment for an assignee.
az role assignment create --assignee 00000000-0000-0000-0000-000000000000 --role "Storage Account Key Operator Service Role" --scope $id
Create a new role assignment for a user, group, or service principal. (autogenerated)
https://docs.microsoft.com/en-US/cli/azure/role/assignment#az_role_assignment_create
Read more about the command in reference docs
Expected behavior
Both commands I provided in the "Related command" section should run successfully, the order of the command arguments should not matter as long as all required parameters are provided. The az cli seems to erroneously think that the "--scope" parameter was not specified, even though I did specify it at the end of the command.
Note that this issue seems to affect the latest version of the Windows 64-bit MSI version of az-cli (2.73.0), I'm not sure about the cloud shell or other versions. To replicate the issue, please install the latest MSI of Azure CLI (64-bit) using this link: https://aka.ms/installazurecliwindowsx64
Environment Summary
{
"azure-cli": "2.73.0",
"azure-cli-core": "2.73.0",
"azure-cli-telemetry": "1.1.0",
"extensions": {}
}
Additional context
No response
Describe the bug
Whether the "--scope" argument in a command is placed at the beginning, middle, or end of a command shouldn't matter, but the "az role assignment create" command seems to fail if the "--scope" argument is placed at the end of the command.
Does NOT work:
az role assignment create --role Contributor --assignee-principal-type ServicePrincipal --assignee-object-id $spObjId --scope /subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RES_GROUPWorks:
az role assignment create --scope /subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RES_GROUP --role Contributor --assignee-principal-type ServicePrincipal --assignee-object-id $spObjIdRelated command
Errors
the following arguments are required: --scope
Examples from AI knowledge base:
az role assignment create --assignee sp_name --role a_role
Create role assignment for an assignee.
az role assignment create --assignee 00000000-0000-0000-0000-000000000000 --role "Storage Account Key Operator Service Role" --scope $id
Create a new role assignment for a user, group, or service principal. (autogenerated)
https://docs.microsoft.com/en-US/cli/azure/role/assignment#az_role_assignment_create
Read more about the command in reference docs
Issue script & Debug output
the following arguments are required: --scope
Examples from AI knowledge base:
az role assignment create --assignee sp_name --role a_role
Create role assignment for an assignee.
az role assignment create --assignee 00000000-0000-0000-0000-000000000000 --role "Storage Account Key Operator Service Role" --scope $id
Create a new role assignment for a user, group, or service principal. (autogenerated)
https://docs.microsoft.com/en-US/cli/azure/role/assignment#az_role_assignment_create
Read more about the command in reference docs
Expected behavior
Both commands I provided in the "Related command" section should run successfully, the order of the command arguments should not matter as long as all required parameters are provided. The az cli seems to erroneously think that the "--scope" parameter was not specified, even though I did specify it at the end of the command.
Note that this issue seems to affect the latest version of the Windows 64-bit MSI version of az-cli (2.73.0), I'm not sure about the cloud shell or other versions. To replicate the issue, please install the latest MSI of Azure CLI (64-bit) using this link: https://aka.ms/installazurecliwindowsx64
Environment Summary
{
"azure-cli": "2.73.0",
"azure-cli-core": "2.73.0",
"azure-cli-telemetry": "1.1.0",
"extensions": {}
}
Additional context
No response