{Doc} Add managed identity command guideline #17473
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| ## Overview | ||
| This document provides a common design of the CLI command interface for supporting Managed Identity in Azure CLI. New commands should follow it while existing commands can stay the same before a deprecation plan. | ||
|
|
||
| ## Command interface | ||
|
|
||
| ### Enable managed identity during resource creation | ||
| Use `--mi-system-assigned` to enable system-assigned identity and `--mi-user-assigned` with space separated resource IDs to add user-assigned identities. | ||
|
|
||
| ``` | ||
| # <resource> can be acr, webapp, vm or any other resources that support managed identity | ||
| az <resource> create ... --mi-system-assigned --mi-user-assigned <AzureResourceId1> <AzureResourceId2> | ||
| ``` | ||
|
|
||
| ### Operate managed identity on existing resource | ||
| Create the `identity` subgroup under the main resource command group. Support the below operations: | ||
|
|
||
| 1. Assign identities with `identity assign` command | ||
|
|
||
| Use `--system-assigned` to enable system assigned identity and `--user-assigned` with space separated resource IDs to add user assigned identities. | ||
| ``` | ||
| az <resource> identity assign ... --system-assigned --user-assigned <AzureResourceId1> <AzureResourceId2> | ||
| ``` | ||
| 2. Remove identities with `identity remove` command | ||
|
|
||
| Use `--system-assigned` to remove system assigned identity and `--user-assigned` with space separated resource IDs to remove specified user assigned identities. | ||
| ``` | ||
| az <resource> identity remove ... --system-assigned --user-assigned <AzureResourceId1> <AzureResourceId2> | ||
| ``` | ||
| For the convenience scenario to remove all user assigned identities, `--user-assigned` with no values should remove all user assigned identities with proper warnings. | ||
| ``` | ||
| az <resource> identity remove ... --user-assigned | ||
| ``` | ||
|
Comment on lines
+29
to
+32
Member
Author
There was a problem hiding this comment. Use |
||
| 3. Show identities with `identity show` command | ||
|
|
||
| Use this command to show the managed identity type, tenant IDs and principal IDs of the system assigned identities and all user assigned identities. | ||
| ``` | ||
| az <resource> identity show ... | ||
| ``` | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.