[Compute] az vm/vmss create: Add warning log and modify help to inform that the default value Contributor of --role will be removed
#20924
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zhoxing-ms
changed the title
az vm/vmss create: Add warning log and modify help to inform that the default value "Contributor" of "--role" will be removedaz vm/vmss create: Add warning log and modify help to inform that the default value Contributor of --role will be removed
Collaborator
|
Compute |
Contributor
|
@zhoxing-ms / @yonzhan , can this PR also include updates to _help.py with corrected code samples? |
zhoxing-ms
force-pushed
the
prompt_delete_default_role_when_creating_vm
branch
from
015a513 to
51aa2b7
Compare
Contributor
Author
|
@dbradish-microsoft Thank you for your reminder. It has been updated |
jiasli
reviewed
Jan 10, 2022
|
|
||
| for scope in ['vm create', 'vmss create']: | ||
| with self.argument_context(scope) as c: | ||
| arg_group = 'Managed Service Identity' if scope.split()[-1] == 'create' else None |
Member
There was a problem hiding this comment.
scope.split()[-1] == 'create' will always be True, right? 😉
Contributor
Author
There was a problem hiding this comment.
Good catch! updated
jiasli
reviewed
Jan 10, 2022
|
|
||
| for scope in ['vm identity assign', 'vmss identity assign']: | ||
| with self.argument_context(scope) as c: | ||
| arg_group = 'Managed Service Identity' if scope.split()[-1] == 'create' else None |
Member
There was a problem hiding this comment.
Similar here, scope.split()[-1] == 'create' will never be True.
jiasli
reviewed
Jan 10, 2022
Co-authored-by: Jiashuo Li <[email protected]>
wangzelin007
approved these changes
Jan 12, 2022
jiasli
reviewed
Jan 13, 2022
Co-authored-by: Jiashuo Li <[email protected]>
zhoxing-ms
commented
Jan 14, 2022
jiasli
approved these changes
Jan 14, 2022
yonzhan
approved these changes
Jan 14, 2022
3 tasks
3 tasks
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
As the security team raised the security concern: the permission of
Contributoris too high to be used as the default role for the creation of VM and VMSS, so the default valueContributorof--rolewill be removed in the future.Therefore, the first step is to prompt users that parameters
--roleand--scopeshould be passed in at the same time when assigning role to the managed identity to reduce the impact of breaking change.The specific effects are as follows:
Testing Guide
History Notes
[Component Name 1] BREAKING CHANGE: az command a: Make some customer-facing breaking change.
[Component Name 2] az command b: Add some customer-facing feature.
This checklist is used to make sure that common guidelines for a pull request are followed.
The PR title and description has followed the guideline in Submitting Pull Requests.
I adhere to the Command Guidelines.
I adhere to the Error Handling Guidelines.