-
Notifications
You must be signed in to change notification settings - Fork 3.4k
az keyvault role assignment create documentation mismatch #27526
Copy link
Copy link
Open
Labels
Auto-AssignAuto assign by botAuto assign by botAzure CLI TeamThe command of the issue is owned by Azure CLI teamThe command of the issue is owned by Azure CLI teamKeyVaultaz keyvaultaz keyvaultManaged IdentityFor `az identity` onlyFor `az identity` onlyRBACaz roleaz roleact-identity-squadcustomer-reportedIssues that are reported by GitHub users external to the Azure organization.Issues that are reported by GitHub users external to the Azure organization.questionThe issue doesn't require a change to the product in order to be resolved. Most issues start as thatThe issue doesn't require a change to the product in order to be resolved. Most issues start as that
Milestone
Metadata
Metadata
Assignees
Labels
Auto-AssignAuto assign by botAuto assign by botAzure CLI TeamThe command of the issue is owned by Azure CLI teamThe command of the issue is owned by Azure CLI teamKeyVaultaz keyvaultaz keyvaultManaged IdentityFor `az identity` onlyFor `az identity` onlyRBACaz roleaz roleact-identity-squadcustomer-reportedIssues that are reported by GitHub users external to the Azure organization.Issues that are reported by GitHub users external to the Azure organization.questionThe issue doesn't require a change to the product in order to be resolved. Most issues start as thatThe issue doesn't require a change to the product in order to be resolved. Most issues start as that
Describe the bug
The documentation for param
--assignee-principal-typestates that:However, running with
--assignee-principal-type MSIyields:ERROR: az role assignment create: 'MSI' is not a valid value for '--assignee-principal-type'. Allowed values: User, Group, ServicePrincipal, ForeignGroup.during pipeline run.Running with:
Where the
$CLUSTER_MSI_PRINCIPAL_IDis fetched through:as suggested in #11594 (comment) worked.
Related command
az role assignment create
Errors
ERROR: az role assignment create: 'MSI' is not a valid value for '--assignee-principal-type'. Allowed values: User, Group, ServicePrincipal, ForeignGroup.
Issue script & Debug output
CLUSTER_MSI_PRINCIPAL_ID=$(az identity show --name $CLUSTER_MSI
--resource-group $CLUSTER_RG
--query 'principalId'
--output tsv)
az role assignment create --assignee-object-id $CLUSTER_MSI_PRINCIPAL_ID
--role "Key Vault Crypto Service Encryption User"
--assignee-principal-type MSI
--scope $CLUSTER_KV_ID
Expected behavior
Consistency between CLI and documentation
Environment Summary
/usr/bin/az --version
azure-cli 2.53.0
core 2.53.0
telemetry 1.1.0
Extensions:
azure-devops 0.26.0
Dependencies:
msal 1.24.0b2
azure-mgmt-resource 23.1.0b2
Additional context
No response