From c9a98c52ba679b691799c04c4ad170730f24c404 Mon Sep 17 00:00:00 2001 From: jiasli <4003950+jiasli@users.noreply.github.com> Date: Thu, 5 Dec 2024 18:45:30 +0800 Subject: [PATCH] role-assignment-delete --- .../azure/cli/command_modules/role/_params.py | 2 +- .../azure/cli/command_modules/role/custom.py | 17 +++++++++-------- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/src/azure-cli/azure/cli/command_modules/role/_params.py b/src/azure-cli/azure/cli/command_modules/role/_params.py index 8f64a6e65d5..e773abb7832 100644 --- a/src/azure-cli/azure/cli/command_modules/role/_params.py +++ b/src/azure-cli/azure/cli/command_modules/role/_params.py @@ -355,7 +355,7 @@ class PrincipalType(str, Enum): 'JSON description.') with self.argument_context('role assignment delete') as c: - c.argument('yes', options_list=['--yes', '-y'], action='store_true', help='Continue to delete all assignments under the subscription') + c.argument('yes', options_list=['--yes', '-y'], action='store_true', help='Currently no-op.') with self.argument_context('role definition') as c: c.argument('role_definition_id', options_list=['--name', '-n'], help='the role definition name') diff --git a/src/azure-cli/azure/cli/command_modules/role/custom.py b/src/azure-cli/azure/cli/command_modules/role/custom.py index 640e230b2ed..00790c05e04 100644 --- a/src/azure-cli/azure/cli/command_modules/role/custom.py +++ b/src/azure-cli/azure/cli/command_modules/role/custom.py @@ -27,6 +27,8 @@ from azure.cli.core.profiles import ResourceType from azure.cli.core.util import get_file_json, shell_safe_json_parse, is_guid +from azure.cli.core.azclierror import ArgumentUsageError + from ._client_factory import _auth_client_factory, _graph_client_factory from ._multi_api_adaptor import MultiAPIAdaptor from ._msgrpah import GraphError, set_object_properties @@ -501,7 +503,13 @@ def _get_displayable_name(graph_object): def delete_role_assignments(cmd, ids=None, assignee=None, role=None, resource_group_name=None, - scope=None, include_inherited=False, yes=None): + scope=None, include_inherited=False, + yes=None): # pylint: disable=unused-argument + # yes is currently a no-op + if not any((ids, assignee, role, resource_group_name, scope)): + raise ArgumentUsageError('Please provide at least one of these arguments: ' + '--ids, --assignee, --role, --resource-group, --scope') + factory = _auth_client_factory(cmd.cli_ctx, scope) assignments_client = factory.role_assignments definitions_client = factory.role_definitions @@ -528,11 +536,6 @@ def delete_role_assignments(cmd, ids=None, assignee=None, role=None, resource_gr for i in ids: assignments_client.delete_by_id(i) return - if not any([ids, assignee, role, resource_group_name, scope, assignee, yes]): - from knack.prompting import prompt_y_n - msg = 'This will delete all role assignments under the subscription. Are you sure?' - if not prompt_y_n(msg, default="n"): - return scope = _build_role_scope(resource_group_name, scope, assignments_client._config.subscription_id) @@ -895,7 +898,6 @@ def add_permission(client, identifier, api, api_permissions): try: access_id, access_type = e.split('=') except ValueError as ex: - from azure.cli.core.azclierror import ArgumentUsageError raise ArgumentUsageError('Usage error: Please provide both permission id and type, such as ' '`--api-permissions e1fe6dd8-ba31-4d61-89e7-88639da4683d=Scope`') from ex resource_access = { @@ -1174,7 +1176,6 @@ def create_service_principal_for_rbac( import time if role and not scopes or not role and scopes: - from azure.cli.core.azclierror import ArgumentUsageError raise ArgumentUsageError("Usage error: To create role assignments, specify both --role and --scopes.") graph_client = _graph_client_factory(cmd.cli_ctx)