From 7e9e1c6bbe31149eab642bd19960267fab9c8e3d Mon Sep 17 00:00:00 2001 From: Xiaojian Xu Date: Wed, 29 Jan 2020 23:42:50 +0800 Subject: [PATCH 1/3] [RBAC] BREAKING CHANGE: Fix #11883: `az role assignment create`: empty scope will prompt error --- src/azure-cli/HISTORY.rst | 4 ++++ src/azure-cli/azure/cli/command_modules/role/custom.py | 2 ++ 2 files changed, 6 insertions(+) diff --git a/src/azure-cli/HISTORY.rst b/src/azure-cli/HISTORY.rst index 6012ba28239..a80c974b510 100644 --- a/src/azure-cli/HISTORY.rst +++ b/src/azure-cli/HISTORY.rst @@ -3,6 +3,10 @@ Release History =============== +**RBAC** + +* [BREAKING CHANGE] Fix #11883: `az role assignment create`: empty scope will prompt error + **ACR** * [BREAKING CHANGE] `az acr delete` will prompt diff --git a/src/azure-cli/azure/cli/command_modules/role/custom.py b/src/azure-cli/azure/cli/command_modules/role/custom.py index 4b17917d3e2..92560c4888e 100644 --- a/src/azure-cli/azure/cli/command_modules/role/custom.py +++ b/src/azure-cli/azure/cli/command_modules/role/custom.py @@ -494,6 +494,8 @@ def _build_role_scope(resource_group_name, scope, subscription_id): if resource_group_name: err = 'Resource group "{}" is redundant because scope is supplied' raise CLIError(err.format(resource_group_name)) + elif scope == '': + raise CLIError('Invalid scope. Please use --help to view the valid format.') elif resource_group_name: scope = subscription_scope + '/resourceGroups/' + resource_group_name else: From 456acefa115f6bc31c62d656e14102cfdb05e6c4 Mon Sep 17 00:00:00 2001 From: Xiaojian Xu Date: Thu, 30 Jan 2020 00:51:30 +0800 Subject: [PATCH 2/3] add test for role assignment with empty scope case --- .../cli/command_modules/role/tests/latest/test_role.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/azure-cli/azure/cli/command_modules/role/tests/latest/test_role.py b/src/azure-cli/azure/cli/command_modules/role/tests/latest/test_role.py index 79c3db53bc7..1a60367c3d0 100644 --- a/src/azure-cli/azure/cli/command_modules/role/tests/latest/test_role.py +++ b/src/azure-cli/azure/cli/command_modules/role/tests/latest/test_role.py @@ -12,6 +12,7 @@ import mock import unittest +from knack.util import CLIError from azure_devtools.scenario_tests import AllowLargeResponse, record_only from azure.cli.core.profiles import ResourceType, get_sdk from azure.cli.testsdk import ScenarioTest, LiveScenarioTest, ResourceGroupPreparer, KeyVaultPreparer @@ -295,6 +296,11 @@ def test_role_assignment_e2e(self, resource_group): self.cmd('role assignment list --assignee {upn}', checks=self.check("length([])", 1)) self.cmd('role assignment delete --assignee {upn} --role reader') + + # test role assignment on empty scope + with self.assertRaisesRegexp(CLIError, 'Invalid scope. Please use --help to view the valid format.'): + self.cmd('role assignment create --assignee {upn} --scope "" --role reader') + self.cmd('role assignment delete --assignee {upn} --scope "" --role reader') finally: self.cmd('ad user delete --upn-or-object-id {upn}') From b1ad4592deb5185ded0a97a61e681d9d17cfeb2a Mon Sep 17 00:00:00 2001 From: Xiaojian Xu Date: Thu, 30 Jan 2020 13:46:12 +0800 Subject: [PATCH 3/3] udpate HISTORY.rst according to alphabetic order --- src/azure-cli/HISTORY.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/azure-cli/HISTORY.rst b/src/azure-cli/HISTORY.rst index a80c974b510..6a81179c91f 100644 --- a/src/azure-cli/HISTORY.rst +++ b/src/azure-cli/HISTORY.rst @@ -3,10 +3,6 @@ Release History =============== -**RBAC** - -* [BREAKING CHANGE] Fix #11883: `az role assignment create`: empty scope will prompt error - **ACR** * [BREAKING CHANGE] `az acr delete` will prompt @@ -50,6 +46,10 @@ Release History * Fix #2092: az network dns record-set add/remove: add warning when record-set is not found. In the future, an extra argument will be supported to confirm this auto creation. +**RBAC** + +* [BREAKING CHANGE] Fix #11883: `az role assignment create`: empty scope will prompt error + **Storage** * Add a new command group `az storage share-rm` to use the Microsoft.Storage resource provider for Azure file share management operations.