{Role} az ad sp create-for-rbac: Add usage link to --sdk-auth's help message
#17362
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jiasli
requested review from
evelyn-ys,
fengzhou-msft and
jsntcy
as code owners
jiasli
commented
Mar 19, 2021
| @@ -1469,6 +1469,8 @@ def create_service_principal_for_rbac( | |||
| raise | |||
| sp_oid = aad_sp.object_id | |||
|
|
|||
| logger.warning(CREDENTIAL_WARNING_MESSAGE) | |||
There was a problem hiding this comment.
Adjust the order of warnings. Show credential warning first.
Before:
> az ad sp create-for-rbac --sdk-auth
In a future release, this command will NOT create a 'Contributor' role assignment by default. If needed, use the --role argument to explicitly create a role assignment.
Creating 'Contributor' role assignment under scope '/subscriptions/0b1f6471-1bf0-4dda-aec3-cb9272f09590'
Retrying role assignment creation: 1/36
The output includes credentials that you must protect. Be sure that you do not include these credentials in your code or check the credentials into your source control. For more information, see https://aka.ms/azadsp-cli
{
...
}
After:
> az ad sp create-for-rbac --sdk-auth
The output includes credentials that you must protect. Be sure that you do not include these credentials in your code or check the credentials into your source control. For more information, see https://aka.ms/azadsp-cli
In a future release, this command will NOT create a 'Contributor' role assignment by default. If needed, use the --role argument to explicitly create a role assignment.
Creating 'Contributor' role assignment under scope '/subscriptions/0b1f6471-1bf0-4dda-aec3-cb9272f09590'
Retrying role assignment creation: 1/36
{
...
}
|
Role |
lmazuel
reviewed
Mar 19, 2021
| @@ -90,7 +90,9 @@ def load_arguments(self, _): | |||
| help='Skip creating the default assignment, which allows the service principal to access resources under the current subscription. ' | |||
| 'When specified, --scopes will be ignored. You may use `az role assignment create` to create ' | |||
| 'role assignments for this service principal later.') | |||
| c.argument('show_auth_for_sdk', options_list='--sdk-auth', help='output result in compatible with Azure SDK auth file', arg_type=get_three_state_flag()) | |||
| c.argument('show_auth_for_sdk', options_list='--sdk-auth', arg_type=get_three_state_flag(), | |||
| help='Generate a JSON dictionary compatible with Azure SDK. For how to use it with Azure SDK, ' | |||
There was a problem hiding this comment.
Still misleading to me, since it's not compatible with SDK as a whole. I would be more explicit.
"SDK has deprecated usage of authentication file. More details here: aka"
evelyn-ys
approved these changes
May 19, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
az ad sp create-for-rbac: Add usage link to--sdk-auth's help messageReference email: Deprecate generating JSON auth file in Azure CLI
Testing Guide