Skip to content

{Doc} Add managed identity command guideline #17473

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
fengzhou-msft merged 5 commits into from
May 24, 2021
Merged

{Doc} Add managed identity command guideline #17473

Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
b8659f2
add managed identity doc
fengzhou-msft Mar 9, 2021
b3a8fea
fix typos
fengzhou-msft Mar 26, 2021
e6b366a
Apply suggestions from code review
fengzhou-msft Apr 28, 2021
b79fde1
Update managed_identity_command_guideline.md
fengzhou-msft May 20, 2021
4d10825
make identity remove support removing all user assigned identities
fengzhou-msft May 20, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
fix typos
  • Loading branch information
@fengzhou-msft
fengzhou-msft committed Mar 26, 2021
commit b3a8fea7f125253d285d15ef5b58602398d5d7e3
22 changes: 11 additions & 11 deletions doc/managed_identity_command_guideline.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,40 +1,40 @@
## Overview
This document provides a common design of the CLI command interface for supporting Managed Identity in Azure CLI. New commands must follow it while existing commands can stay the same before a deprecation plan.
This document provides a common design of the CLI command interface for supporting Managed Identity in Azure CLI. New commands should follow it while existing commands can stay the same before a deprecation plan.

## Command interface

### Enable managed identity during resource creation
Use `--mi-system-assigned` to enable system assigned identity and `--mi-user-assigned` with space separated recource ids to add user assigned identities.
Use `--mi-system-assigned` to enable system assigned identity and `--mi-user-assigned` with space separated resource ids to add user assigned identities.

```
# <resource> can be acr, webapp, vm or any other resources that support managed identity
az <resource> create ... --mi-system-assigned --mi-user-assigned <AzureResourcId1> <AzureResourceId2>
az <resource> create ... --mi-system-assigned --mi-user-assigned <AzureResourceId1> <AzureResourceId2>
```

### Operate managed identity on existing resource
Create the `identity` subgroup under the main resource command group. Support the below operations:

1. Assign identities
1. Assign identities with `identity assign` command

Use `--system-assigned` to enable system assigned identity and `--user-assigned` with space separated recource ids to add user assigned identities.
```
az <resource> identity assign ... --system-assigned --user-assigned <AzureResourcId1> <AzureResourceId2>
az <resource> identity assign ... --system-assigned --user-assigned <AzureResourceId1> <AzureResourceId2>
```
2. Remove identities
2. Remove identities with `identity remove` command

Use `--system-assigned` to remove system assigned identity and `--user-assigned` with space separated recource ids to remove user assigned identities.
Use `--system-assigned` to remove system assigned identity and `--user-assigned` with space separated resource ids to remove user assigned identities.
```
az <resource> identity remove ... --system-assigned --user-assigned <AzureResourcId1> <AzureResourceId2>
az <resource> identity remove ... --system-assigned --user-assigned <AzureResourceId1> <AzureResourceId2>
```
3. Show identities
3. Show identities with `identity show` command

Use this command to show the managed identity type, tenant ids and principal ids of the system assigned identities and all user assigned identities.
Copy link
Member

@evelyn-ys evelyn-ys May 10, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With system assigned identities and all user assigned identities, Why it's named identity show instead of identity list?

Copy link
Member Author

@fengzhou-msft fengzhou-msft May 13, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good question. The result is not a list. It contains the principal id, tenant id for the system assigned identity, identity type and a dict of user assigned identities. Naming it to identity list may lead to the impression that the command will return a list.

```
az <resource> identity show ...
```
4. Update identities
4. Update identities with `identity update` command

Use different types to do the following:
Use different identity types to do the following:
- Remove all assigned identities
```
az <resource> identity update ... --type none
Expand Down