azure-cli icon indicating copy to clipboard operation
azure-cli copied to clipboard
verified publisher icon Azure

[ARM] BREAKING CHANGE: Rewrite Azure Policy CRUD commands using auto-generation

Open mentat9 opened this issue 8 months ago • 18 comments

Related command

az policy assignment {create, delete, list, show, update} az policy assignment identity {assign, remove, show} az policy assignment non-compliance-message {create, delete, list, show, update} az policy definition {create, delete, list, show, update} az policy exemption {create, delete, list, show, update} az policy set-definition {create, delete, list, show, update}

Description

Reimplement all azure policy CRUD commands using the auto-generation toolset with customization. Remove existing custom implementations.

There are a few breaking changes. PR for breaking change announcement is here: https://github.com/Azure/azure-cli/pull/31458

Testing Guide

All tests are updated and passing in record and playback modes. Few new tests added.

History Notes

[ARM] BREAKING CHANGE: policy assignment identity remove: Removing a user assigned identity will require providing the --mi-user-assigned switch [ARM] BREAKING CHANGE: policy assignment identity assign: Replacing an existing identity will require first removing the existing identity [ARM] BREAKING CHANGE: policy assignment non-compliance-message create: The return value will be the single created message object rather than the full array of message objects [ARM] BREAKING CHANGE: policy assignment non-compliance-message delete: The return value will be empty rather than the full array of message objects [ARM] BREAKING CHANGE: policy definition/set-definition delete: Bypassing the confirmation prompt will require providing the -y switch [ARM] BREAKING CHANGE: policy exemption create/update: The date format of --expires-on will change slightly to ISO-8601, e.g. 2025-08-05T00:45:13Z instead of 2025-08-05T00:45:13+00:00

This checklist is used to make sure that common guidelines for a pull request are followed.

mentat9 avatar May 16 '25 22:05 mentat9

️✔️AzureCLI-FullTest
️✔️acr
️✔️latest
️✔️3.12
️✔️3.13
️✔️acs
️✔️latest
️✔️3.12
️✔️3.13
️✔️advisor
️✔️latest
️✔️3.12
️✔️3.13
️✔️ams
️✔️latest
️✔️3.12
️✔️3.13
️✔️apim
️✔️latest
️✔️3.12
️✔️3.13
️✔️appconfig
️✔️latest
️✔️3.12
️✔️3.13
️✔️appservice
️✔️latest
️✔️3.12
️✔️3.13
️✔️aro
️✔️latest
️✔️3.12
️✔️3.13
️✔️backup
️✔️latest
️✔️3.12
️✔️3.13
️✔️batch
️✔️latest
️✔️3.12
️✔️3.13
️✔️batchai
️✔️latest
️✔️3.12
️✔️3.13
️✔️billing
️✔️latest
️✔️3.12
️✔️3.13
️✔️botservice
️✔️latest
️✔️3.12
️✔️3.13
️✔️cdn
️✔️latest
️✔️3.12
️✔️3.13
️✔️cloud
️✔️latest
️✔️3.12
️✔️3.13
️✔️cognitiveservices
️✔️latest
️✔️3.12
️✔️3.13
️✔️compute_recommender
️✔️latest
️✔️3.12
️✔️3.13
️✔️computefleet
️✔️latest
️✔️3.12
️✔️3.13
️✔️config
️✔️latest
️✔️3.12
️✔️3.13
️✔️configure
️✔️latest
️✔️3.12
️✔️3.13
️✔️consumption
️✔️latest
️✔️3.12
️✔️3.13
️✔️container
️✔️latest
️✔️3.12
️✔️3.13
️✔️containerapp
️✔️latest
️✔️3.12
️✔️3.13
️✔️core
️✔️latest
️✔️3.12
️✔️3.13
️✔️cosmosdb
️✔️latest
️✔️3.12
️✔️3.13
️✔️databoxedge
️✔️latest
️✔️3.12
️✔️3.13
️✔️dls
️✔️latest
️✔️3.12
️✔️3.13
️✔️dms
️✔️latest
️✔️3.12
️✔️3.13
️✔️eventgrid
️✔️latest
️✔️3.12
️✔️3.13
️✔️eventhubs
️✔️latest
️✔️3.12
️✔️3.13
️✔️feedback
️✔️latest
️✔️3.12
️✔️3.13
️✔️find
️✔️latest
️✔️3.12
️✔️3.13
️✔️hdinsight
️✔️latest
️✔️3.12
️✔️3.13
️✔️identity
️✔️latest
️✔️3.12
️✔️3.13
️✔️iot
️✔️latest
️✔️3.12
️✔️3.13
️✔️keyvault
️✔️latest
️✔️3.12
️✔️3.13
️✔️lab
️✔️latest
️✔️3.12
️✔️3.13
️✔️managedservices
️✔️latest
️✔️3.12
️✔️3.13
️✔️maps
️✔️latest
️✔️3.12
️✔️3.13
️✔️marketplaceordering
️✔️latest
️✔️3.12
️✔️3.13
️✔️monitor
️✔️latest
️✔️3.12
️✔️3.13
️✔️mysql
️✔️latest
️✔️3.12
️✔️3.13
️✔️netappfiles
️✔️latest
️✔️3.12
️✔️3.13
️✔️network
️✔️latest
️✔️3.12
️✔️3.13
️✔️policyinsights
️✔️latest
️✔️3.12
️✔️3.13
️✔️privatedns
️✔️latest
️✔️3.12
️✔️3.13
️✔️profile
️✔️latest
️✔️3.12
️✔️3.13
️✔️rdbms
️✔️latest
️✔️3.12
️✔️3.13
️✔️redis
️✔️latest
️✔️3.12
️✔️3.13
️✔️relay
️✔️latest
️✔️3.12
️✔️3.13
️✔️resource
️✔️latest
️✔️3.12
️✔️3.13
️✔️role
️✔️latest
️✔️3.12
️✔️3.13
️✔️search
️✔️latest
️✔️3.12
️✔️3.13
️✔️security
️✔️latest
️✔️3.12
️✔️3.13
️✔️servicebus
️✔️latest
️✔️3.12
️✔️3.13
️✔️serviceconnector
️✔️latest
️✔️3.12
️✔️3.13
️✔️servicefabric
️✔️latest
️✔️3.12
️✔️3.13
️✔️signalr
️✔️latest
️✔️3.12
️✔️3.13
️✔️sql
️✔️latest
️✔️3.12
️✔️3.13
️✔️sqlvm
️✔️latest
️✔️3.12
️✔️3.13
️✔️storage
️✔️latest
️✔️3.12
️✔️3.13
️✔️synapse
️✔️latest
️✔️3.12
️✔️3.13
️✔️telemetry
️✔️latest
️✔️3.12
️✔️3.13
️✔️util
️✔️latest
️✔️3.12
️✔️3.13
️✔️vm
️✔️latest
️✔️3.12
️✔️3.13

azure-client-tools-bot-prd[bot] avatar May 16 '25 22:05 azure-client-tools-bot-prd[bot]

❌AzureCLI-BreakingChangeTest
❌resource
rule cmd_name rule_message suggest_message
1007 - ParaRemove policy assignment create cmd policy assignment create removed parameter sku please add back parameter sku for cmd policy assignment create
1007 - ParaRemove policy assignment update cmd policy assignment update removed parameter sku please add back parameter sku for cmd policy assignment update
1008 - ParaPropAdd policy assignment update cmd policy assignment update update parameter name: added property required=True please remove property required=True for parameter name of cmd policy assignment update
1007 - ParaRemove policy definition create cmd policy definition create removed parameter subscription please add back parameter subscription for cmd policy definition create
1007 - ParaRemove policy definition delete cmd policy definition delete removed parameter subscription please add back parameter subscription for cmd policy definition delete
1007 - ParaRemove policy definition list cmd policy definition list removed parameter subscription please add back parameter subscription for cmd policy definition list
1007 - ParaRemove policy definition show cmd policy definition show removed parameter subscription please add back parameter subscription for cmd policy definition show
1007 - ParaRemove policy definition update cmd policy definition update removed parameter subscription please add back parameter subscription for cmd policy definition update
1008 - ParaPropAdd policy exemption create cmd policy exemption create update parameter exemption_category: added property required=True please remove property required=True for parameter exemption_category of cmd policy exemption create
1008 - ParaPropAdd policy exemption create cmd policy exemption create update parameter policy_assignment: added property required=True please remove property required=True for parameter policy_assignment of cmd policy exemption create
1010 - ParaPropUpdate policy exemption list cmd policy exemption list update parameter disable_scope_strict_match: updated property options from ['--disable-scope-strict-match', '-i'] to ['--disable-scope-strict-match', '-d'] please change property options from ['--disable-scope-strict-match', '-d'] to ['--disable-scope-strict-match', '-i'] for parameter disable_scope_strict_match of cmd policy exemption list
1007 - ParaRemove policy set-definition create cmd policy set-definition create removed parameter subscription please add back parameter subscription for cmd policy set-definition create
1007 - ParaRemove policy set-definition delete cmd policy set-definition delete removed parameter subscription please add back parameter subscription for cmd policy set-definition delete
1007 - ParaRemove policy set-definition list cmd policy set-definition list removed parameter subscription please add back parameter subscription for cmd policy set-definition list
1007 - ParaRemove policy set-definition show cmd policy set-definition show removed parameter subscription please add back parameter subscription for cmd policy set-definition show
1007 - ParaRemove policy set-definition update cmd policy set-definition update removed parameter subscription please add back parameter subscription for cmd policy set-definition update

Please submit your Breaking Change Pre-announcement ASAP if you haven't already. Please note:

  • Breaking changes can only be merged during the designated breaking change window
  • A pre-announcement must be released at least one month in advance

For more details on how to introduce breaking changes, refer to the documentation: azure-cli/doc/how_to_introduce_breaking_changes.md

azure-client-tools-bot-prd[bot] avatar May 16 '25 22:05 azure-client-tools-bot-prd[bot]

Thank you for your contribution! We will review the pull request and get back to you soon.

yonzhan avatar May 16 '25 22:05 yonzhan

The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR.

Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions). After that please run the following commands to enable git hooks:

pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>

github-actions[bot] avatar May 16 '25 22:05 github-actions[bot]

/azp run

necusjz avatar May 22 '25 00:05 necusjz

Azure Pipelines successfully started running 3 pipeline(s).

azure-pipelines[bot] avatar May 22 '25 00:05 azure-pipelines[bot]

Please refer to this guideline https://github.com/Azure/azure-cli/tree/dev/doc/authoring_command_modules#format-pr-title and specify the breaking changes included in this PR in the History Notes section. image

zhoxing-ms avatar May 22 '25 04:05 zhoxing-ms

Additionally, since you missed the Build Breaking Change Window, we can only postpone it to the Ignite Breaking Change Window to release it

zhoxing-ms avatar May 22 '25 04:05 zhoxing-ms

Please refer to this guideline https://github.com/Azure/azure-cli/tree/dev/doc/authoring_command_modules#format-pr-title and specify the breaking changes included in this PR in the History Notes section. image

Updated

mentat9 avatar May 22 '25 17:05 mentat9

Additionally, since you missed the Build Breaking Change Window, we can only postpone it to the Ignite Breaking Change Window to release it

OK. What's the process for that?

mentat9 avatar May 22 '25 17:05 mentat9

@mentat9 Actually, what I want to ask is, could you specify which breaking changes are there? Because customers need to know the details of these breaking changes to help them better migrate usage

zhoxing-ms avatar May 23 '25 02:05 zhoxing-ms

OK. What's the process for that?

This is the process https://github.com/Azure/azure-cli/blob/dev/doc/how_to_introduce_breaking_changes.md about how to introduce Breaking Changes

zhoxing-ms avatar May 23 '25 02:05 zhoxing-ms

OK. What's the process for that?

This is the process https://github.com/Azure/azure-cli/blob/dev/doc/how_to_introduce_breaking_changes.md about how to introduce Breaking Changes

@zhoxing-ms - I believe we've done everything documented there. My question is what is the process for "postpone it to the Ignite Breaking Change Window to release it".

mentat9 avatar May 23 '25 02:05 mentat9

@mentat9 Actually, what I want to ask is, could you specify which breaking changes are there? Because customers need to know the details of these breaking changes to help them better migrate usage

OK, made the change.

mentat9 avatar May 23 '25 16:05 mentat9

@mentat9 Actually, we don't need to do anything more at the moment, but please remember to remind us to merge this PR before the Ignite Sprint, and you also need to clean up the previous pre-announcement at that time.

zhoxing-ms avatar May 26 '25 07:05 zhoxing-ms

image

Update the history notes to be more in line with the specifications of CLI release notes

zhoxing-ms avatar Jun 20 '25 04:06 zhoxing-ms

Could you please resolve these conflicts?

zhoxing-ms avatar Jun 20 '25 04:06 zhoxing-ms

Additionally, as I mentioned earlier, due to the large number of breaking changes included in this PR, we can only wait for Ignite Sprint to merge and release it Before that, we may need to consider pre-announce these breaking changes: https://github.com/Azure/azure-cli/blob/dev/doc/how_to_introduce_breaking_changes.md#pre-announce-breaking-changes

zhoxing-ms avatar Jun 20 '25 04:06 zhoxing-ms

/azp run

kairu-ms avatar Jul 03 '25 23:07 kairu-ms

Azure Pipelines successfully started running 3 pipeline(s).

azure-pipelines[bot] avatar Jul 03 '25 23:07 azure-pipelines[bot]

/azp run

mentat9 avatar Jul 09 '25 06:07 mentat9

Commenter does not have sufficient privileges for PR 31496 in repo Azure/azure-cli

azure-pipelines[bot] avatar Jul 09 '25 06:07 azure-pipelines[bot]

@kairu-ms - Can you run the automation again? I don't understand why it's waiting and why I can't run it myself.

mentat9 avatar Jul 09 '25 06:07 mentat9

/azp run

yonzhan avatar Jul 09 '25 09:07 yonzhan

Azure Pipelines successfully started running 3 pipeline(s).

azure-pipelines[bot] avatar Jul 09 '25 09:07 azure-pipelines[bot]

/azp run

zhoxing-ms avatar Jul 17 '25 07:07 zhoxing-ms

Azure Pipelines successfully started running 3 pipeline(s).

azure-pipelines[bot] avatar Jul 17 '25 07:07 azure-pipelines[bot]

May I ask if this PR is just a migration of CodeGen? Or are there any changes that customers can perceive (such as the release of new features or bug fixes)? If there are some changes in customer perception, please clearly state them in the history notes section of the PR description. such as: image

zhoxing-ms avatar Jul 25 '25 06:07 zhoxing-ms

May I ask if this PR is just a migration of CodeGen? Or are there any changes that customers can perceive (such as the release of new features or bug fixes)? If there are some changes in customer perception, please clearly state them in the history notes section of the PR description. such as: image

No changes/features/fixes as far as users are concerned. The point of this PR is to modernize our toolset and move to auto generation of our CLI commands. We have a lot of new work planned: establishing this new baseline is the first stage.

Note: I just noticed my earlier push failed. I just pushed again to get my updates in. Sorry for any confusion.

mentat9 avatar Jul 25 '25 16:07 mentat9

/azp run

zhoxing-ms avatar Jul 28 '25 09:07 zhoxing-ms