{Microsoft Entra ID} az ad sp create-for-rbac: Update examples and warnings
#30277
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
️✔️AzureCLI-FullTest
|
|
Hi @jiasli, |
️✔️AzureCLI-BreakingChangeTest
|
Collaborator
|
Update examples and warnings |
microsoft-github-policy-service
bot
requested review from
calvinhzy,
evelyn-ys and
yonzhan
jiasli
commented
Nov 7, 2024
Comment on lines
+539
to
+547
| - name: Create using an existing certificate string. | ||
| text: az ad sp create-for-rbac --cert "MIICoT..." | ||
| - name: Create using an existing certificate file. | ||
| text: |- | ||
| az ad sp create-for-rbac --cert "@~/cert.pem" | ||
| `cert.pem` contains the following content | ||
| -----BEGIN CERTIFICATE----- <<< this line is optional | ||
| MIICoT... | ||
| -----END CERTIFICATE----- <<< this line is optional |
Member
Author
There was a problem hiding this comment.
These examples are similar to
azure-cli/src/azure-cli/azure/cli/command_modules/role/_help.py
Lines 127 to 135 in 031de0d
azure-cli/src/azure-cli/azure/cli/command_modules/role/_help.py
Lines 594 to 602 in 031de0d
jiasli
commented
Nov 7, 2024
Comment on lines
+548
to
+551
| - name: Create using a self-signed certificate, and store it within Azure Key Vault. | ||
| text: az ad sp create-for-rbac --keyvault MyVault --cert CertName --create-cert | ||
| - name: Create using existing certificate in Azure Key Vault. | ||
| text: az ad sp create-for-rbac --keyvault MyVault --cert CertName |
Member
Author
There was a problem hiding this comment.
The official name should be "Azure Key Vault", not "KeyVault": https://learn.microsoft.com/en-us/azure/key-vault/secrets/quick-create-cli
jiasli
commented
Nov 11, 2024
| if cert_file: | ||
| logger.warning( | ||
| "Please copy %s to a safe place. When you run 'az login', provide the file path in the --password argument", | ||
| "Please copy %s to a safe place. When you run `az login`, provide the file path in the --certificate " |
jiasli
commented
Nov 11, 2024
Comment on lines
-1308
to
-1312
|
|
||
| login_hint = ('To log in with this service principal, run:\n' | ||
| f'az login --service-principal --username {app_id} --password {password or cert_file} ' | ||
| f'--tenant {graph_client.tenant}') | ||
| logger.info(login_hint) |
Member
Author
There was a problem hiding this comment.
This hint is removed to avoid users' potential incorrect handling of the log.
jiasli
changed the title
az ad sp create-for-rbac: Add examples for using --certaz ad sp create-for-rbac: Update examples and warnings
jiasli
modified the milestones:
December 2024 (2024-12-10),
November 2024 (2024-11-19)❗ Breaking change release ❗
evelyn-ys
approved these changes
Nov 12, 2024
bebound
reviewed
Nov 12, 2024
| text: az ad sp create-for-rbac --keyvault MyVault --cert CertName --create-cert | ||
| - name: Create using existing certificate in KeyVault. | ||
| text: az ad sp create-for-rbac --keyvault MyVault --cert CertName | ||
| - name: Create without role assignment. |
Contributor
There was a problem hiding this comment.
Although it does not affect the help message, the two-space indent is missing here.
Member
Author
There was a problem hiding this comment.
On the contrary, the two-space indent is unnecessary. See the YAML spec:
https://yaml.org/spec/1.2.2/#21-collections
american:
- Boston Red Sox
- Detroit Tigers
- New York Yankees
national:
- New York Mets
- Chicago Cubs
- Atlanta Braves
Contributor
There was a problem hiding this comment.
YAML does not have a strict indent rule; my formatter uses 2 spaces.
In YAML block styles, structure is determined by indentation. In general, indentation is defined as a zero or more space characters at the start of a line. -- https://yaml.org/spec/1.2-old/spec.html#id2777534
PS: The indentation at https://yaml.org/ is inconsistent.
bebound
approved these changes
Nov 12, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Related command
az ad sp create-for-rbacDescription
--certto clarify Article for service creation principal has misleading guidance for --cert MicrosoftDocs/azure-docs-cli#4734--create-certaccording to [Profile]az login: Add--certificatefor authenticating with service principal certificate #30091Testing Guide
az ad sp create-for-rbac -h