Release of MSI version 2023-01-31

[isolenov]

Related command

az identity

Resource Provider

Microsoft.ManagedIdentity

Description of Feature or Work Requested

This is a GA release of the Federated Identity Credentials feature which was added to preview earlier #23152

There is no API changes for this feature. Just API version update.

However there is a breaking change:
UserAssignedIdentitiesOperations operation is not available API version since feature is not ready for GA and still in preview version. It was added by that chage:#22112. MSI is ok to remove it if there are no other options.

Minimum API Version Required

2023-01-31

Swagger PR link / SDK link

Azure/azure-rest-api-specs#22354

Python SDK: https://pypi.org/project/azure-mgmt-msi/7.0.0/

Request Example

same as #23152

Target Date

ASAP no later than March-07

Additional context

No response

[yonzhan]

@zhoxing-ms for awareness

[zhoxing-ms]

@isolenov I'd like to confirm with you that this feature request only needs to upgrade the api-version, right?
In addition, the release time of the next sprint is exactly 03-07, does this date meet your expectations?

[isolenov]

@zhoxing-ms

I'd like to confirm with you that this feature request only needs to upgrade the api-version, right?

I confirm there are no changes in API methods, interfaces or parameters. However here are 2 points which require attention in this context:

1. Minor: change of common types in swagger definition from v1 to v4 ../common-types/resource-management/v1/types.json -> ../common-types/resource-management/v4/types.json
2. Major: New API version 2023-01-31 and python SDK v7.0 does not support listAssociatedResources command since it is still in preview and we simply not allowed to enable it in GA version.
   2.1. Is it possible to use listAssociatedResources from the previous python package v6.1 which utilizes 2021-09-30-preview API version?
   2.2. If this is not possible MSI is ok to remove that command in favor of GA release.

In addition, the release time of the next sprint is exactly 03-07, does this date meet your expectations?

We are ready to have this release asap, Since CLI has a strict release cadence policy we have an agreement to GA no later than 03-07. However AKS team feature is waiting for this release to go to GA as well. They have 100’s of S500 customers which have sprint plans around the anticipated GA timeline to start the migration of all AKS workloads. If by any chance there would be an intermittent release of the CLI that would help a lot.

[yanzhudd]

Hi @isolenov,

1. Minor: change of common types in swagger definition from v1 to v4 ../common-types/resource-management/v1/types.json -> ../common-types/resource-management/v4/types.json
2. Major: New API version 2023-01-31 and python SDK v7.0 does not support listAssociatedResources command since it is still in preview and we simply not allowed to enable it in GA version.
   2.1. Is it possible to use listAssociatedResources from the previous python package v6.1 which utilizes 2021-09-30-preview API version?
   2.2. If this is not possible MSI is ok to remove that command in favor of GA release.

We currently cannot use two different versions of SDK. Thus, if we upgrade API version to 2023-01-31, listAssociatedResources would not be supported.

We are ready to have this release asap, Since CLI has a strict release cadence policy we have an agreement to GA no later than 03-07. However AKS team feature is waiting for this release to go to GA as well. They have 100’s of S500 customers which have sprint plans around the anticipated GA timeline to start the migration of all AKS workloads. If by any chance there would be an intermittent release of the CLI that would help a lot.

We generally would not release a new version during a sprint except fixing urgent bugs. Do you mind we provide a private package generated by edge build firstly?
In fact, since there would a breaking change (we generally recommend the breaking changes are better released in breaking change window) and our next breaking change window is around May, we suggest that the customers firstly use the private package and the official version will be released in the next breaking change window.

[isolenov]

@yanzhudd
Release in March milestone is crucial for MSI and AKS. Anyway SDK with a breaking change has been released already.
I'll provide the final confirmation by Feb-14

[yanzhudd]

@yanzhudd Release in March milestone is crucial for MSI and AKS. Anyway SDK with a breaking change has been released already. I'll provide the final confirmation by Feb-14

@isolenov
Since this feature request is raised just two days ago, this feature would be released on March 7 at the earliest, until then we could provide a private package generated by edge build.

Since a breaking change has a big influence on customers, if this feature needs to be released in March, do you mind providing business justification? And we will statistics on the number of requests of the listAssociatedResources command and subscriptions last month, so as to decide whether to release breaking change earlier than the breaking change window.

[isolenov]

@yanzhudd here is statistics from ARM logs. Total 362 usages in 30days. Which is not really impressive.

By any chance does CLI provide any usage statistics to make it more accurate?

let start = ago(30d);
let end = now();
cluster("Armprod").database("ARMProd").HttpIncomingRequests
| where PreciseTimeStamp between (start .. end)
| where targetResourceProvider == "MICROSOFT.MANAGEDIDENTITY"
| where operationName =~ "POST/SUBSCRIPTIONS/RESOURCEGROUPS/PROVIDERS/MICROSOFT.MANAGEDIDENTITY/USERASSIGNEDIDENTITIES/LISTASSOCIATEDRESOURCES"
| where userAgent contains "cli"
| summarize count() by tenantId
| join cluster("Idsharedcus").database("idProductData").Tenants on $left.tenantId == $right.TenantId
| project count_, tenantId, TenantName, IsS400
| order by count_

count_	tenantId	TenantName	IsS400
111	2fb08174-a150-479d-8d15-2174da71a11a	Verotus	True
59	6e93a626-8aca-4dc1-9191-ce291b4b75a1	Raboweb	True
46	fa7b1b5a-7b34-4387-94ae-d2c178decee1	Adobe	True
13	72f988bf-86f1-41af-91ab-2d7cd011db47	Microsoft	False
11	6c637512-c417-4e78-9d62-b61258e4b619	Insight	False
9	3e20ecb2-9cb0-4df1-ad7b-914e31dcdda4	Corteva	True
8	975f013f-7f24-47e8-a7d3-abc4752bf346	mspmecloud	False
7	5b973f99-77df-4beb-b27d-aa0c70b8482c	EY	True
5	22e1f51c-78cf-47e6-9d7c-cd51a1582c14	Xait AS	False
4	5de110f8-2e0f-4d45-891d-bcf2218e253d	General Motors	True
4	54826b22-38d6-4fb2-bad9-b7b93a3e9c5a	AzureSDKTeam	False
4	489ba1d3-8ff5-4ba3-b331-3290f66b686b	Orca Security	False
4	deff24bb-2089-4400-8c8e-f71e680378b2	KPMG	True
3	6ff2d8f0-deab-4257-821f-211f1c406678	Anpintil Directory	False
3	bfd9d43e-c1c8-4e20-a84f-42a1b29ae5e6	ALuna Demo Org	False
3	f9cfd8cb-c4a5-4677-b65d-3150dda310c9	B3 S.A. – Brasil, Bolsa, Balcao	False
3	7f29cb38-dbfb-41b5-9d05-299520a91c52	Crayon Managed Cloud Services	False
3	2bb9405c-6142-4cf8-ae27-a9b2e88d2485	BM Europe BV	False
3	e61bf0cb-a921-4073-afe9-ba9cbbe61b42	Liverpool Victoria	True
2	916a33d1-5b42-4653-96c0-20ce3221a4c5	PriceSmart, Inc.	False
2	a886fe76-30f7-41f9-a4b6-685640ba6737	KfW Bankengruppe Non-Prod	False
2	66619ebd-2fbb-472c-98e7-6a890a2ab7f0	swalihpersonal	False
2	cb05132e-edfa-44d5-8af9-c0ed2fa42058	MyQ spol. s r.o. - DevTest	False
2	db05faca-c82a-4b9d-b9c5-0f64b6755421	UHG	True
2	9556436d-5674-4931-b66e-dd52d92f96d3	Default Directory	False
2	db8e2ba9-95c1-4fbb-b558-6bf8bb1d2981	Schneider Electric Azure Account AD	False
2	6de41ef1-817b-4de1-9923-bdb42bfa2099	Global Solutions Team	False
2	67e4db54-80ae-4739-b54d-5ee94bd6472e	Vaillant Group	False
2	c189c61a-6c27-41c3-9949-ca5c8cc4a624	Twistlock	False
2	7c655226-07e4-45d4-b191-659ab60a3114	lincrea.co.jp	False
2	0fd357c3-58cd-4a6f-a223-97baf2a94acd	Bennetts Motorcycling Services Limited	False
2	e46bc88e-1a4b-44ff-a158-1b9f7eb4561e	Oriflame Cosmetics	False
2	9cfd66f8-a605-490e-9d3a-fb95b57610ad	TRR	False
2	6a5f91fe-6a84-4d5b-a7f1-dbab8a01b1e4	Orca Security Dev	False
2	cd4f8167-8b9f-4e6b-bfa4-6b963f005074	Default Directory	False
2	3aa4a235-b6e2-48d5-9195-7fcf05b459b0	Equinor	True
1	7e652abe-8af5-464f-a272-9c4c5d6a9170	Athena Health Cloud Dev	True
1	23cec724-6d20-4bd1-9fe9-dc4447edd1fa	The Ministry of Health	True
1	031a09bc-a2bf-44df-888e-4e09355b7a24	IBERDROLA S.A.	False
1	e50f2ec7-cfc1-43f2-9aef-956fdbd5b860	Dustin Sverige AB	False
1	9520cb3b-040b-458e-8468-6b8dce6d0eb6	Default Directory	False
1	2e05f471-5822-4046-ae52-93cfbf1fca00	A4OPacketCore	False
1	770a2450-0227-4c62-90c7-4e38537f1102	Defra	True
1	88db9347-e2a6-4714-a58b-fb6c4b3a2961	Default Directory	False
1	40ce6286-0e4a-4500-8bb1-bf46447c5f7f	Stedin Groep	False
1	47838846-1308-4316-b59a-89813b98b8bf	Kj	False
1	a44b6f32-e7d0-41d3-bdde-be42dbb3b60f	Yael Software	False
1	626dd851-ee06-463e-98dd-2e6b278e661a	Répertoire par défaut	False
1	0d993ad3-fa73-421a-b129-1fe5590103f3	Alstom	True
1	d73bc7fd-6888-4de9-b407-3b8d09b1f08a	KEHA	True
1	8f47ad71-44ca-48bf-afe3-56b9360a4495	Crayon Group	False
1	f8ebd009-b54c-4ac8-a689-70dbd7ed5e00	Comercia AAD	True
1	baf00b3a-3dce-4b83-a82c-e4ffaee51f84	Ayuda Media Systems	False
1	a66b4d27-b1b3-4b60-8b06-7fb4fd05bc3c	Каталог по умолчанию	False
1	956934ca-5215-4b17-8a76-b90825e1e2db	Cognito Forms	False
1	1342944a-2d93-4b7d-ace6-d28424470f48	AMC Theatres	False
1	d9326bf6-39cc-4bd5-b3ab-8a49ea959a76	Standardverzeichnis	False
1	09c6db31-0344-42b1-96fe-118f63f85950	interwell health	False
1	0af189f7-f265-4414-bbd5-35402c9d67c1	Mastery Logistics Systems, LLC	False
1	00d8d370-e20b-4c74-92a2-0d1add7fb9bb	Default Directory	False
1	2dfb2f0b-4d21-4268-9559-72926144c918	The Boston Consulting Group, Inc.	False

[isolenov]

@yanzhudd btw MSI python SDK is multiple-api package which permits users to pass in different api version in client. Can it be utilized in CLI to provide listAssociatedResources support with API version 2022-01-31-preview ?

upd: api version is updated to eliminate confusion

[isolenov]

current decision is to avoid the breaking change. appreciate any advice. there are 2 options so far:

1. Utilize multiple-api package - question above
2. Publish an extension with 'listAssociatedResources' command

[yanzhudd]

Hi @isolenov,
thanks for providing the approaches for avoid breaking change. It seems that the first option work for CLI. We would support listAssociatedResources with API version 2021-09-30-preview when other commands are using a stable version 2023-01-31.

[isolenov]

@yanzhudd awesome, thank you. please please use latest preview version 2022-01-31-preview for `listAssociatedResources'