[Identity] az identity create/update: Add new --resource-restriction parameter to support identity assignment restrictions#32214
Open
mohamedyilmaz123 wants to merge 49 commits into
Conversation
️✔️AzureCLI-FullTest
|
|
| rule | cmd_name | rule_message | suggest_message |
|---|---|---|---|
| identity create | cmd identity create added parameter assignment_restrictions |
||
| identity create | cmd identity create update parameter isolation_scope: added property aaz_type=string |
||
| identity create | cmd identity create update parameter isolation_scope: added property type=string |
||
| identity create | cmd identity create update parameter location: added property aaz_type=string |
||
| identity create | cmd identity create update parameter location: updated property type from custom_type to string |
||
| identity create | cmd identity create update parameter resource_group_name: added property aaz_type=string |
||
| identity create | cmd identity create update parameter resource_group_name: added property type=string |
||
| identity create | cmd identity create update parameter resource_group_name: updated property name from resource_group_name to resource_group |
||
| identity create | cmd identity create update parameter resource_name: added property aaz_type=string |
||
| identity create | cmd identity create update parameter resource_name: added property type=string |
||
| identity create | cmd identity create update parameter resource_name: removed property id_part=name |
||
| identity create | cmd identity create update parameter resource_name: updated property options from ['--name', '-n'] to ['--name', '--resource-name', '-n'] |
||
| identity create | cmd identity create update parameter tags: added property aaz_type=AAZDictArg |
||
| identity create | cmd identity create update parameter tags: added property type=Dict<String,String> |
||
| identity create | cmd identity create update parameter tags: updated property nargs from * to + |
||
| identity delete | cmd identity delete update parameter resource_group_name: added property aaz_type=string |
||
| identity delete | cmd identity delete update parameter resource_group_name: added property type=string |
||
| identity delete | cmd identity delete update parameter resource_group_name: updated property name from resource_group_name to resource_group |
||
| identity delete | cmd identity delete update parameter resource_name: added property aaz_type=string |
||
| identity delete | cmd identity delete update parameter resource_name: added property type=string |
||
| identity delete | cmd identity delete update parameter resource_name: updated property options from ['--name', '-n'] to ['--name', '--resource-name', '-n'] |
||
| identity list | cmd identity list added parameter pagination_limit |
||
| identity list | cmd identity list added parameter pagination_token |
||
| identity list | cmd identity list update parameter resource_group_name: added property aaz_type=string |
||
| identity list | cmd identity list update parameter resource_group_name: added property type=string |
||
| identity list | cmd identity list update parameter resource_group_name: updated property name from resource_group_name to resource_group |
||
| identity show | cmd identity show update parameter resource_group_name: added property aaz_type=string |
||
| identity show | cmd identity show update parameter resource_group_name: added property type=string |
||
| identity show | cmd identity show update parameter resource_group_name: updated property name from resource_group_name to resource_group |
||
| identity show | cmd identity show update parameter resource_name: added property aaz_type=string |
||
| identity show | cmd identity show update parameter resource_name: added property type=string |
||
| identity show | cmd identity show update parameter resource_name: updated property options from ['--name', '-n'] to ['--name', '--resource-name', '-n'] |
||
| identity update | cmd identity update added parameter assignment_restrictions |
||
| identity update | cmd identity update update parameter isolation_scope: added property aaz_type=string |
||
| identity update | cmd identity update update parameter isolation_scope: added property type=string |
||
| identity update | cmd identity update update parameter properties_to_add: added property aaz_type=AAZGenericUpdateAddArg |
||
| identity update | cmd identity update update parameter properties_to_remove: added property aaz_type=AAZGenericUpdateRemoveArg |
||
| identity update | cmd identity update update parameter properties_to_set: added property aaz_type=AAZGenericUpdateSetArg |
||
| identity update | cmd identity update update parameter resource_group_name: added property aaz_type=string |
||
| identity update | cmd identity update update parameter resource_group_name: added property type=string |
||
| identity update | cmd identity update update parameter resource_group_name: updated property name from resource_group_name to resource_group |
||
| identity update | cmd identity update update parameter resource_name: added property aaz_type=string |
||
| identity update | cmd identity update update parameter resource_name: added property type=string |
||
| identity update | cmd identity update update parameter resource_name: updated property options from ['--name', '-n'] to ['--name', '--resource-name', '-n'] |
||
| identity update | cmd identity update update parameter tags: added property aaz_type=AAZDictArg |
||
| identity update | cmd identity update update parameter tags: added property type=Dict<String,String> |
||
| identity update | cmd identity update update parameter tags: updated property nargs from * to + |
Collaborator
|
Thank you for your contribution! We will review the pull request and get back to you soon. |
|
The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR. Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions). pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>
|
microsoft-github-policy-service
Bot
requested review from
wangzelin007,
yonzhan and
zhoxing-ms
microsoft-github-policy-service
Bot
added
the
Managed Identity
mohamedyilmaz123
changed the title
Author
|
@microsoft-github-policy-service agree company="Microsoft" |
mohamedyilmaz123
requested review from
isra-fel,
teresaritorto and
xuming-ms
as code owners
mohamedyilmaz123
requested review from
FumingZhang,
Greedygre,
Juliehzl,
NoriZC,
Pan-Qi,
VeryEarly and
howang-ms
as code owners
isaacbanner
approved these changes
Apr 22, 2026
added 2 commits
May 7, 2026 14:52
…entRestrictions # Conflicts: # src/azure-cli/azure/cli/command_modules/appservice/tests/latest/recordings/test_webapp_linux_acr_use_identity.yaml
Collaborator
|
/azp run |
|
Azure Pipelines successfully started running 3 pipeline(s). |
added 2 commits
May 7, 2026 17:34
Member
|
/azp run |
|
Azure Pipelines successfully started running 3 pipeline(s). |
Member
|
/azp run |
|
Azure Pipelines successfully started running 3 pipeline(s). |
isra-fel
reviewed
May 13, 2026
Member
isra-fel
left a comment
isra-fel
left a comment
There was a problem hiding this comment.
Looks good with one question: since the implmentation of the az identity commands has been switched to aaz, shouldn't the old impl be removed? For example. or are they still in use somewhere?
Author
Yes, the list resources action still uses the SDK implementation. |
# Conflicts: # src/azure-cli/azure/cli/command_modules/appconfig/tests/latest/recordings/test_azconfig_identity.yaml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Related command
Includes the resource restriction property.
az identity create
az identity update
No changes with respect to the resource-restriction property.
az identity show
az identity delete
az identity list
I have changed the identity commands to use the AAZ implementation by: -
This enables identity commands support through the AAZ implementation using API version 2025-05-31-preview
Description
Make updates to the identity module to invoke AAZ generated operations (create, update, list, show) for UserAssigned identities with 2025-05-31-Preview version
Enables support for identity resource restrictions property on create, update
Adds support for identity update, including changes to the resource restrictions property
Testing Guide
We need to test all the commands under identity subgroup to make sure az identity (create, update) commands now support creation with the resource restriction property and no regression is observed in az identity (delete, list, show) commands.
Test Commands
1] az identity create -g $RG -n $NAME --subscription $SUB --resource-restriction "providers=[Microsoft.Compute]"
2] az identity update -g $RG -n $NAME --subscription $SUB
--resource-restriction "providers=[Microsoft.Storage]"
3] az identity show -g $RG -n $NAME --subscription $SUB
4] az identity list -g $RG --subscription $SUB
5] az identity delete -g $RG -n $NAME --subscription $SUB
History Notes
[Identity]
az identity create: Add new--resource-restrictionparameter to support identity assignment restrictions[Identity]
az identity update: Add new command to support updating an identityThis checklist is used to make sure that common guidelines for a pull request are followed.
The PR title and description has followed the guideline in Submitting Pull Requests.
I adhere to the Command Guidelines.
I adhere to the Error Handling Guidelines.