[Compute] BREAKING CHANGE: az vm/vmss identity assign: Remove the default value Contributor of parameter --role

src/azure-cli/azure/cli/command_modules/vm/_params.py

@@ -1104,10 +1104,7 @@ def load_arguments(self, _):
     for scope in ['vm identity assign', 'vmss identity assign']:
         with self.argument_context(scope) as c:
             c.argument('identity_role', options_list=['--role'],
-                       help='Role name or id the system assigned identity will have. '
-                            'Please note that the default value "Contributor" will be removed in the breaking change '
-                            'release of the fall, so please specify "--role" and "--scope" at the same time '
-                            'when assigning a role to the managed identity')
+                       help='Role name or id the system assigned identity will have.')
 
     with self.argument_context('vm auto-shutdown') as c:
         c.argument('off', action='store_true', help='Turn off auto-shutdown for VM. Configuration will be cleared.')

src/azure-cli/azure/cli/command_modules/vm/_validators.py

@@ -1265,16 +1265,9 @@ def _validate_vm_vmss_msi(cmd, namespace, is_identity_assign=False):
 
     # For "az vm identity assign", "--scope" must be passed in when assigning a role to the managed identity
     if is_identity_assign:
-        role_is_explicitly_specified = getattr(namespace.identity_role, 'is_default', None) is None
-        if not namespace.identity_scope and role_is_explicitly_specified:
+        if not namespace.identity_scope and namespace.identity_role or not namespace.identity_role and namespace.identity_scope:
             raise ArgumentUsageError(
-                "usage error: please specify --scope when assigning a role to the managed identity")
-        if not role_is_explicitly_specified and namespace.identity_scope:
-            logger.warning(
-                "Please note that the default value of '--role' will be removed in the breaking change release of the "
-                "fall. So specify '--role' and '--scope' at the same time when assigning a role to the managed "
-                "identity to avoid breaking your automation script when the default value of '--role' is removed."
-            )
+                "usage error: please specify both --role and --scope when assigning a role to the managed identity")
 
     # Assign managed identity
     if is_identity_assign or namespace.assign_identity is not None:

src/azure-cli/azure/cli/command_modules/vm/custom.py

@@ -837,7 +837,7 @@ def show_vmss_identity(cmd, resource_group_name, vm_name):
     return client.virtual_machine_scale_sets.get(resource_group_name, vm_name).identity
 
 
-def assign_vm_identity(cmd, resource_group_name, vm_name, assign_identity=None, identity_role='Contributor',
+def assign_vm_identity(cmd, resource_group_name, vm_name, assign_identity=None, identity_role=None,
                        identity_role_id=None, identity_scope=None):
     VirtualMachineIdentity, ResourceIdentityType, VirtualMachineUpdate = cmd.get_models('VirtualMachineIdentity',
                                                                                         'ResourceIdentityType',
@@ -3096,7 +3096,7 @@ def reset_linux_ssh(cmd, resource_group_name, vm_name, no_wait=False):
 
 
 # region VirtualMachineScaleSets
-def assign_vmss_identity(cmd, resource_group_name, vmss_name, assign_identity=None, identity_role='Contributor',
+def assign_vmss_identity(cmd, resource_group_name, vmss_name, assign_identity=None, identity_role=None,
                          identity_role_id=None, identity_scope=None):
     VirtualMachineScaleSetIdentity, UpgradeMode, ResourceIdentityType, VirtualMachineScaleSetUpdate = cmd.get_models(
         'VirtualMachineScaleSetIdentity', 'UpgradeMode', 'ResourceIdentityType', 'VirtualMachineScaleSetUpdate')

src/azure-cli/azure/cli/command_modules/vm/tests/hybrid_2018_03_01/test_vm_actions.py

@@ -361,7 +361,8 @@ def test_validate_msi_on_assign_identity_command(self, mock_resolve_role_id):
         from azure.cli.core.azclierror import ArgumentUsageError
         with self.assertRaises(ArgumentUsageError) as err:
             _validate_vm_vmss_msi(cmd, np_mock, is_identity_assign=True)
-        self.assertTrue("usage error: please specify --scope when assigning a role to the managed identity"
+        self.assertTrue("usage error: please specify both --role and --scope "
+                        "when assigning a role to the managed identity"
                         in str(err.exception))
 
         # check we set right role id

src/azure-cli/azure/cli/command_modules/vm/tests/hybrid_2019_03_01/test_vm_actions.py

@@ -360,7 +360,8 @@ def test_validate_msi_on_assign_identity_command(self, mock_resolve_role_id):
         from azure.cli.core.azclierror import ArgumentUsageError
         with self.assertRaises(ArgumentUsageError) as err:
             _validate_vm_vmss_msi(cmd, np_mock, is_identity_assign=True)
-        self.assertTrue("usage error: please specify --scope when assigning a role to the managed identity"
+        self.assertTrue("usage error: please specify both --role and --scope "
+                        "when assigning a role to the managed identity"
                         in str(err.exception))
 
         # check we set right role id

src/azure-cli/azure/cli/command_modules/vm/tests/hybrid_2020_09_01/test_vm_actions.py

@@ -360,7 +360,8 @@ def test_validate_msi_on_assign_identity_command(self, mock_resolve_role_id):
         from azure.cli.core.azclierror import ArgumentUsageError
         with self.assertRaises(ArgumentUsageError) as err:
             _validate_vm_vmss_msi(cmd, np_mock, is_identity_assign=True)
-        self.assertTrue("usage error: please specify --scope when assigning a role to the managed identity"
+        self.assertTrue("usage error: please specify both --role and --scope "
+                        "when assigning a role to the managed identity"
                         in str(err.exception))
 
         # check we set right role id