diff --git a/src/azure-cli/azure/cli/command_modules/role/_help.py b/src/azure-cli/azure/cli/command_modules/role/_help.py index 9d6cdc77a27..17580616705 100644 --- a/src/azure-cli/azure/cli/command_modules/role/_help.py +++ b/src/azure-cli/azure/cli/command_modules/role/_help.py @@ -536,6 +536,8 @@ text: az ad sp create-for-rbac -n MyApp - name: Create with a Contributor role assignments on specified scopes. To retrieve current subscription ID, run `az account show --query id --output tsv`. text: az ad sp create-for-rbac -n MyApp --role Contributor --scopes /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup1 /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resourceGroup2 +- name: Do not create password credential. + text: az ad sp create-for-rbac --create-password false - name: Create using a self-signed certificate. text: az ad sp create-for-rbac --create-cert - name: Create using an existing certificate string. diff --git a/src/azure-cli/azure/cli/command_modules/role/_params.py b/src/azure-cli/azure/cli/command_modules/role/_params.py index dde58c846aa..5868538004c 100644 --- a/src/azure-cli/azure/cli/command_modules/role/_params.py +++ b/src/azure-cli/azure/cli/command_modules/role/_params.py @@ -186,6 +186,9 @@ def load_arguments(self, _): c.argument('display_name', options_list=['--display-name', '--name', '-n'], help='Display name of the service principal. If not present, default to azure-cli-%Y-%m-%d-%H-%M-%S ' 'where the suffix is the time of creation.') + c.argument('create_password', arg_type=get_three_state_flag(), arg_group='Credential', + help='Create a password credential (secret) on the the application. This is the default behavior. ' + 'Set this argument to false to disable creating password credential.') c.argument('scopes', nargs='+', help="Space-separated list of scopes the service principal's role assignment applies to. e.g., " "subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, " diff --git a/src/azure-cli/azure/cli/command_modules/role/custom.py b/src/azure-cli/azure/cli/command_modules/role/custom.py index 68f45b2b8e8..d0283ba5fcd 100644 --- a/src/azure-cli/azure/cli/command_modules/role/custom.py +++ b/src/azure-cli/azure/cli/command_modules/role/custom.py @@ -1219,6 +1219,7 @@ def create_service_principal_for_rbac( # pylint:disable=too-many-statements,too-many-locals, too-many-branches, unused-argument cmd, display_name=None, service_management_reference=None, + create_password=True, years=None, create_cert=False, cert=None, scopes=None, role=None, show_auth_in_json=None, skip_assignment=False, keyvault=None): import time @@ -1278,7 +1279,7 @@ def create_service_principal_for_rbac( # Password credential is created *after* application creation. # https://learn.microsoft.com/en-us/graph/api/resources/passwordcredential - if not use_cert: + if create_password and not use_cert: result = _application_add_password(graph_client, aad_application, 'rbac', app_start_date, app_end_date) password = result['secretText'] @@ -1333,7 +1334,9 @@ def create_service_principal_for_rbac( ex.response.headers) # pylint: disable=no-member raise - logger.warning(CREDENTIAL_WARNING) + # No need to show warning if no credential is created + if password or cert_file: + logger.warning(CREDENTIAL_WARNING) if show_auth_in_json: from azure.cli.core._profile import Profile diff --git a/src/azure-cli/azure/cli/command_modules/role/tests/latest/recordings/test_create_for_rbac_no_password.yaml b/src/azure-cli/azure/cli/command_modules/role/tests/latest/recordings/test_create_for_rbac_no_password.yaml new file mode 100644 index 00000000000..dbfa2527233 --- /dev/null +++ b/src/azure-cli/azure/cli/command_modules/role/tests/latest/recordings/test_create_for_rbac_no_password.yaml @@ -0,0 +1,433 @@ +interactions: +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - ad sp create-for-rbac + Connection: + - keep-alive + ParameterSetName: + - --display-name --create-password + User-Agent: + - python/3.12.10 (Windows-11-10.0.26100-SP0) AZURECLI/2.71.0 + method: GET + uri: https://graph.microsoft.com/v1.0/servicePrincipals?$filter=displayName%20eq%20%27azure-cli-test-000001%27 + response: + body: + string: '{"@odata.context":"https://graph.microsoft.com/v1.0/$metadata#servicePrincipals","value":[]}' + headers: + cache-control: + - no-cache + content-length: + - '92' + content-type: + - application/json;odata.metadata=minimal;odata.streaming=true;IEEE754Compatible=false;charset=utf-8 + date: + - Wed, 09 Apr 2025 09:58:26 GMT + odata-version: + - '4.0' + request-id: + - 23fcfb42-67a6-430e-b9d6-49c6d88ef8b1 + strict-transport-security: + - max-age=31536000 + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-ms-ags-diagnostic: + - '{"ServerInfo":{"DataCenter":"Southeast Asia","Slice":"E","Ring":"5","ScaleUnit":"001","RoleInstance":"SI2PEPF00008471"}}' + x-ms-resource-unit: + - '1' + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - ad sp create-for-rbac + Connection: + - keep-alive + ParameterSetName: + - --display-name --create-password + User-Agent: + - python/3.12.10 (Windows-11-10.0.26100-SP0) AZURECLI/2.71.0 + method: GET + uri: https://graph.microsoft.com/v1.0/applications?$filter=startswith%28displayName%2C%27azure-cli-test-000001%27%29 + response: + body: + string: '{"@odata.context":"https://graph.microsoft.com/v1.0/$metadata#applications","value":[]}' + headers: + cache-control: + - no-cache + content-length: + - '87' + content-type: + - application/json;odata.metadata=minimal;odata.streaming=true;IEEE754Compatible=false;charset=utf-8 + date: + - Wed, 09 Apr 2025 09:58:27 GMT + odata-version: + - '4.0' + request-id: + - 96d258fb-a463-41f9-ac55-1c3ba60e7028 + strict-transport-security: + - max-age=31536000 + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-ms-ags-diagnostic: + - '{"ServerInfo":{"DataCenter":"Southeast Asia","Slice":"E","Ring":"5","ScaleUnit":"001","RoleInstance":"SI2PEPF00000BCF"}}' + x-ms-resource-unit: + - '2' + status: + code: 200 + message: OK +- request: + body: '{"displayName": "azure-cli-test-000001", "keyCredentials": []}' + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - ad sp create-for-rbac + Connection: + - keep-alive + Content-Length: + - '62' + Content-Type: + - application/json + ParameterSetName: + - --display-name --create-password + User-Agent: + - python/3.12.10 (Windows-11-10.0.26100-SP0) AZURECLI/2.71.0 + method: POST + uri: https://graph.microsoft.com/v1.0/applications + response: + body: + string: '{"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#applications/$entity", + "id": "42040a6b-ff98-4e6e-a4dc-fa45f7f3f6cd", "deletedDateTime": null, "appId": + "175bcaf1-6850-4192-a3ea-8852192eb783", "applicationTemplateId": null, "disabledByMicrosoftStatus": + null, "createdDateTime": "2025-04-09T09:58:28.8914089Z", "displayName": "azure-cli-test-000001", + "description": null, "groupMembershipClaims": null, "identifierUris": [], + "isDeviceOnlyAuthSupported": null, "isFallbackPublicClient": null, "nativeAuthenticationApisEnabled": + null, "notes": null, "publisherDomain": "AzureSDKTeam.onmicrosoft.com", "serviceManagementReference": + null, "signInAudience": "AzureADMyOrg", "tags": [], "tokenEncryptionKeyId": + null, "uniqueName": null, "samlMetadataUrl": null, "defaultRedirectUri": null, + "certification": null, "optionalClaims": null, "servicePrincipalLockConfiguration": + null, "requestSignatureVerification": null, "addIns": [], "api": {"acceptMappedClaims": + null, "knownClientApplications": [], "requestedAccessTokenVersion": null, + "oauth2PermissionScopes": [], "preAuthorizedApplications": []}, "appRoles": + [], "info": {"logoUrl": null, "marketingUrl": null, "privacyStatementUrl": + null, "supportUrl": null, "termsOfServiceUrl": null}, "keyCredentials": [], + "parentalControlSettings": {"countriesBlockedForMinors": [], "legalAgeGroupRule": + "Allow"}, "passwordCredentials": [], "publicClient": {"redirectUris": []}, + "requiredResourceAccess": [], "verifiedPublisher": {"displayName": null, "verifiedPublisherId": + null, "addedDateTime": null}, "web": {"homePageUrl": null, "logoutUrl": null, + "redirectUris": [], "implicitGrantSettings": {"enableAccessTokenIssuance": + false, "enableIdTokenIssuance": false}, "redirectUriSettings": []}, "spa": + {"redirectUris": []}}' + headers: + cache-control: + - no-cache + content-length: + - '1771' + content-type: + - application/json;odata.metadata=minimal;odata.streaming=true;IEEE754Compatible=false;charset=utf-8 + date: + - Wed, 09 Apr 2025 09:58:28 GMT + location: + - https://graph.microsoft.com/v2/54826b22-38d6-4fb2-bad9-b7b93a3e9c5a/directoryObjects/42040a6b-ff98-4e6e-a4dc-fa45f7f3f6cd/Microsoft.DirectoryServices.Application + odata-version: + - '4.0' + request-id: + - cc47a87b-693a-480e-84ba-7b51c93547fe + strict-transport-security: + - max-age=31536000 + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-ms-ags-diagnostic: + - '{"ServerInfo":{"DataCenter":"Southeast Asia","Slice":"E","Ring":"5","ScaleUnit":"001","RoleInstance":"SI2PEPF00008476"}}' + x-ms-resource-unit: + - '1' + status: + code: 201 + message: Created +- request: + body: '{"appId": "175bcaf1-6850-4192-a3ea-8852192eb783", "accountEnabled": true}' + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - ad sp create-for-rbac + Connection: + - keep-alive + Content-Length: + - '73' + Content-Type: + - application/json + ParameterSetName: + - --display-name --create-password + User-Agent: + - python/3.12.10 (Windows-11-10.0.26100-SP0) AZURECLI/2.71.0 + method: POST + uri: https://graph.microsoft.com/v1.0/servicePrincipals + response: + body: + string: '{"@odata.context":"https://graph.microsoft.com/v1.0/$metadata#servicePrincipals/$entity","id":"93521fa5-e235-4be9-abcf-2f1d6e791728","deletedDateTime":null,"accountEnabled":true,"alternativeNames":[],"appDisplayName":"azure-cli-test-000001","appDescription":null,"appId":"175bcaf1-6850-4192-a3ea-8852192eb783","applicationTemplateId":null,"appOwnerOrganizationId":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","appRoleAssignmentRequired":false,"createdDateTime":"2025-04-09T09:58:29Z","description":null,"disabledByMicrosoftStatus":null,"displayName":"azure-cli-test-000001","homepage":null,"loginUrl":null,"logoutUrl":null,"notes":null,"notificationEmailAddresses":[],"preferredSingleSignOnMode":null,"preferredTokenSigningKeyThumbprint":null,"replyUrls":[],"servicePrincipalNames":["175bcaf1-6850-4192-a3ea-8852192eb783"],"servicePrincipalType":"Application","signInAudience":"AzureADMyOrg","tags":[],"tokenEncryptionKeyId":null,"samlSingleSignOnSettings":null,"addIns":[],"appRoles":[],"info":{"logoUrl":null,"marketingUrl":null,"privacyStatementUrl":null,"supportUrl":null,"termsOfServiceUrl":null},"keyCredentials":[],"oauth2PermissionScopes":[],"passwordCredentials":[],"resourceSpecificApplicationPermissions":[],"verifiedPublisher":{"displayName":null,"verifiedPublisherId":null,"addedDateTime":null}}' + headers: + cache-control: + - no-cache + content-length: + - '1302' + content-type: + - application/json;odata.metadata=minimal;odata.streaming=true;IEEE754Compatible=false;charset=utf-8 + date: + - Wed, 09 Apr 2025 09:58:29 GMT + location: + - https://graph.microsoft.com/v2/54826b22-38d6-4fb2-bad9-b7b93a3e9c5a/directoryObjects/93521fa5-e235-4be9-abcf-2f1d6e791728/Microsoft.DirectoryServices.ServicePrincipal + odata-version: + - '4.0' + request-id: + - 4c0b5cde-9165-4a10-88b7-c02013b363eb + strict-transport-security: + - max-age=31536000 + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-ms-ags-diagnostic: + - '{"ServerInfo":{"DataCenter":"Southeast Asia","Slice":"E","Ring":"5","ScaleUnit":"001","RoleInstance":"SI2PEPF0000846D"}}' + x-ms-resource-unit: + - '1' + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - ad app show + Connection: + - keep-alive + ParameterSetName: + - --id + User-Agent: + - python/3.12.10 (Windows-11-10.0.26100-SP0) AZURECLI/2.71.0 + method: GET + uri: https://graph.microsoft.com/v1.0/applications?$filter=appId%20eq%20%27175bcaf1-6850-4192-a3ea-8852192eb783%27 + response: + body: + string: '{"@odata.context":"https://graph.microsoft.com/v1.0/$metadata#applications","value":[{"id":"42040a6b-ff98-4e6e-a4dc-fa45f7f3f6cd","deletedDateTime":null,"appId":"175bcaf1-6850-4192-a3ea-8852192eb783","applicationTemplateId":null,"disabledByMicrosoftStatus":null,"createdDateTime":"2025-04-09T09:58:28Z","displayName":"azure-cli-test-000001","description":null,"groupMembershipClaims":null,"identifierUris":[],"isDeviceOnlyAuthSupported":null,"isFallbackPublicClient":null,"nativeAuthenticationApisEnabled":null,"notes":null,"publisherDomain":"AzureSDKTeam.onmicrosoft.com","serviceManagementReference":null,"signInAudience":"AzureADMyOrg","tags":[],"tokenEncryptionKeyId":null,"uniqueName":null,"samlMetadataUrl":null,"defaultRedirectUri":null,"certification":null,"optionalClaims":null,"servicePrincipalLockConfiguration":null,"requestSignatureVerification":null,"addIns":[],"api":{"acceptMappedClaims":null,"knownClientApplications":[],"requestedAccessTokenVersion":null,"oauth2PermissionScopes":[],"preAuthorizedApplications":[]},"appRoles":[],"info":{"logoUrl":null,"marketingUrl":null,"privacyStatementUrl":null,"supportUrl":null,"termsOfServiceUrl":null},"keyCredentials":[],"parentalControlSettings":{"countriesBlockedForMinors":[],"legalAgeGroupRule":"Allow"},"passwordCredentials":[],"publicClient":{"redirectUris":[]},"requiredResourceAccess":[],"verifiedPublisher":{"displayName":null,"verifiedPublisherId":null,"addedDateTime":null},"web":{"homePageUrl":null,"logoutUrl":null,"redirectUris":[],"implicitGrantSettings":{"enableAccessTokenIssuance":false,"enableIdTokenIssuance":false},"redirectUriSettings":[]},"spa":{"redirectUris":[]}}]}' + headers: + cache-control: + - no-cache + content-length: + - '1650' + content-type: + - application/json;odata.metadata=minimal;odata.streaming=true;IEEE754Compatible=false;charset=utf-8 + date: + - Wed, 09 Apr 2025 09:58:30 GMT + odata-version: + - '4.0' + request-id: + - d26ac1ed-444a-4896-9c79-f96c70bbe4c9 + strict-transport-security: + - max-age=31536000 + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-ms-ags-diagnostic: + - '{"ServerInfo":{"DataCenter":"Southeast Asia","Slice":"E","Ring":"5","ScaleUnit":"001","RoleInstance":"SI2PEPF00007E31"}}' + x-ms-resource-unit: + - '2' + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - ad app show + Connection: + - keep-alive + ParameterSetName: + - --id + User-Agent: + - python/3.12.10 (Windows-11-10.0.26100-SP0) AZURECLI/2.71.0 + method: GET + uri: https://graph.microsoft.com/v1.0/applications/42040a6b-ff98-4e6e-a4dc-fa45f7f3f6cd + response: + body: + string: '{"@odata.context":"https://graph.microsoft.com/v1.0/$metadata#applications/$entity","id":"42040a6b-ff98-4e6e-a4dc-fa45f7f3f6cd","deletedDateTime":null,"appId":"175bcaf1-6850-4192-a3ea-8852192eb783","applicationTemplateId":null,"disabledByMicrosoftStatus":null,"createdDateTime":"2025-04-09T09:58:28Z","displayName":"azure-cli-test-000001","description":null,"groupMembershipClaims":null,"identifierUris":[],"isDeviceOnlyAuthSupported":null,"isFallbackPublicClient":null,"nativeAuthenticationApisEnabled":null,"notes":null,"publisherDomain":"AzureSDKTeam.onmicrosoft.com","serviceManagementReference":null,"signInAudience":"AzureADMyOrg","tags":[],"tokenEncryptionKeyId":null,"uniqueName":null,"samlMetadataUrl":null,"defaultRedirectUri":null,"certification":null,"optionalClaims":null,"servicePrincipalLockConfiguration":null,"requestSignatureVerification":null,"addIns":[],"api":{"acceptMappedClaims":null,"knownClientApplications":[],"requestedAccessTokenVersion":null,"oauth2PermissionScopes":[],"preAuthorizedApplications":[]},"appRoles":[],"info":{"logoUrl":null,"marketingUrl":null,"privacyStatementUrl":null,"supportUrl":null,"termsOfServiceUrl":null},"keyCredentials":[],"parentalControlSettings":{"countriesBlockedForMinors":[],"legalAgeGroupRule":"Allow"},"passwordCredentials":[],"publicClient":{"redirectUris":[]},"requiredResourceAccess":[],"verifiedPublisher":{"displayName":null,"verifiedPublisherId":null,"addedDateTime":null},"web":{"homePageUrl":null,"logoutUrl":null,"redirectUris":[],"implicitGrantSettings":{"enableAccessTokenIssuance":false,"enableIdTokenIssuance":false},"redirectUriSettings":[]},"spa":{"redirectUris":[]}}' + headers: + cache-control: + - no-cache + content-length: + - '1646' + content-type: + - application/json;odata.metadata=minimal;odata.streaming=true;IEEE754Compatible=false;charset=utf-8 + date: + - Wed, 09 Apr 2025 09:58:31 GMT + odata-version: + - '4.0' + request-id: + - 955f04a1-3d13-490a-8c02-bcc43d3628eb + strict-transport-security: + - max-age=31536000 + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-ms-ags-diagnostic: + - '{"ServerInfo":{"DataCenter":"Southeast Asia","Slice":"E","Ring":"5","ScaleUnit":"001","RoleInstance":"SI2PEPF000054C4"}}' + x-ms-resource-unit: + - '1' + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - ad app delete + Connection: + - keep-alive + ParameterSetName: + - --id + User-Agent: + - python/3.12.10 (Windows-11-10.0.26100-SP0) AZURECLI/2.71.0 + method: GET + uri: https://graph.microsoft.com/v1.0/applications?$filter=appId%20eq%20%27175bcaf1-6850-4192-a3ea-8852192eb783%27 + response: + body: + string: '{"@odata.context":"https://graph.microsoft.com/v1.0/$metadata#applications","value":[{"id":"42040a6b-ff98-4e6e-a4dc-fa45f7f3f6cd","deletedDateTime":null,"appId":"175bcaf1-6850-4192-a3ea-8852192eb783","applicationTemplateId":null,"disabledByMicrosoftStatus":null,"createdDateTime":"2025-04-09T09:58:28Z","displayName":"azure-cli-test-000001","description":null,"groupMembershipClaims":null,"identifierUris":[],"isDeviceOnlyAuthSupported":null,"isFallbackPublicClient":null,"nativeAuthenticationApisEnabled":null,"notes":null,"publisherDomain":"AzureSDKTeam.onmicrosoft.com","serviceManagementReference":null,"signInAudience":"AzureADMyOrg","tags":[],"tokenEncryptionKeyId":null,"uniqueName":null,"samlMetadataUrl":null,"defaultRedirectUri":null,"certification":null,"optionalClaims":null,"servicePrincipalLockConfiguration":null,"requestSignatureVerification":null,"addIns":[],"api":{"acceptMappedClaims":null,"knownClientApplications":[],"requestedAccessTokenVersion":null,"oauth2PermissionScopes":[],"preAuthorizedApplications":[]},"appRoles":[],"info":{"logoUrl":null,"marketingUrl":null,"privacyStatementUrl":null,"supportUrl":null,"termsOfServiceUrl":null},"keyCredentials":[],"parentalControlSettings":{"countriesBlockedForMinors":[],"legalAgeGroupRule":"Allow"},"passwordCredentials":[],"publicClient":{"redirectUris":[]},"requiredResourceAccess":[],"verifiedPublisher":{"displayName":null,"verifiedPublisherId":null,"addedDateTime":null},"web":{"homePageUrl":null,"logoutUrl":null,"redirectUris":[],"implicitGrantSettings":{"enableAccessTokenIssuance":false,"enableIdTokenIssuance":false},"redirectUriSettings":[]},"spa":{"redirectUris":[]}}]}' + headers: + cache-control: + - no-cache + content-length: + - '1650' + content-type: + - application/json;odata.metadata=minimal;odata.streaming=true;IEEE754Compatible=false;charset=utf-8 + date: + - Wed, 09 Apr 2025 09:58:32 GMT + odata-version: + - '4.0' + request-id: + - fdb8a7bd-26d7-4c5c-9335-252a18605cec + strict-transport-security: + - max-age=31536000 + transfer-encoding: + - chunked + vary: + - Accept-Encoding + x-ms-ags-diagnostic: + - '{"ServerInfo":{"DataCenter":"Southeast Asia","Slice":"E","Ring":"5","ScaleUnit":"001","RoleInstance":"SI2PEPF00000BC1"}}' + x-ms-resource-unit: + - '2' + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - ad app delete + Connection: + - keep-alive + Content-Length: + - '0' + ParameterSetName: + - --id + User-Agent: + - python/3.12.10 (Windows-11-10.0.26100-SP0) AZURECLI/2.71.0 + method: DELETE + uri: https://graph.microsoft.com/v1.0/applications/42040a6b-ff98-4e6e-a4dc-fa45f7f3f6cd + response: + body: + string: '' + headers: + cache-control: + - no-cache + date: + - Wed, 09 Apr 2025 09:58:33 GMT + request-id: + - 4ea066e7-47d8-40b0-b2fc-f14b4a5a550a + strict-transport-security: + - max-age=31536000 + x-ms-ags-diagnostic: + - '{"ServerInfo":{"DataCenter":"Southeast Asia","Slice":"E","Ring":"5","ScaleUnit":"001","RoleInstance":"SI2PEPF00008478"}}' + x-ms-resource-unit: + - '1' + status: + code: 204 + message: No Content +- request: + body: null + headers: + Accept: + - '*/*' + Accept-Encoding: + - gzip, deflate + CommandName: + - rest + Connection: + - keep-alive + Content-Length: + - '0' + ParameterSetName: + - --method --url + User-Agent: + - python/3.12.10 (Windows-11-10.0.26100-SP0) AZURECLI/2.71.0 + method: DELETE + uri: https://graph.microsoft.com/v1.0/directory/deletedItems/42040a6b-ff98-4e6e-a4dc-fa45f7f3f6cd + response: + body: + string: '' + headers: + cache-control: + - no-cache + date: + - Wed, 09 Apr 2025 09:58:34 GMT + request-id: + - 8972eb97-b024-47fa-923d-b0ed14dac6f4 + strict-transport-security: + - max-age=31536000 + x-ms-ags-diagnostic: + - '{"ServerInfo":{"DataCenter":"Southeast Asia","Slice":"E","Ring":"5","ScaleUnit":"001","RoleInstance":"SI2PEPF00003BA6"}}' + x-ms-resource-unit: + - '1' + status: + code: 204 + message: No Content +version: 1 diff --git a/src/azure-cli/azure/cli/command_modules/role/tests/latest/test_role.py b/src/azure-cli/azure/cli/command_modules/role/tests/latest/test_role.py index 02af12a80c1..4a0ed8c3999 100644 --- a/src/azure-cli/azure/cli/command_modules/role/tests/latest/test_role.py +++ b/src/azure-cli/azure/cli/command_modules/role/tests/latest/test_role.py @@ -41,6 +41,15 @@ def test_create_for_rbac_password(self): # Make sure no role assignment is created by default self.cmd('role assignment list --assignee {app_id} --all', checks=self.check('length(@)', 0)) + def test_create_for_rbac_no_password(self): + self.kwargs['display_name'] = self.create_random_name('azure-cli-test-', 30) + result = self.cmd('ad sp create-for-rbac --display-name {display_name} --create-password false', + checks=[ + self.check('displayName', '{display_name}'), + self.check('password', None) + ]).get_output_in_json() + self.kwargs['app_id'] = result['appId'] + def test_create_for_rbac_create_cert(self): self.kwargs['display_name'] = self.create_random_name('azure-cli-test-', 30)