'az webapp config access-restriction show' returns properties in snake case

[scdomian]

Describe the bug

the command sometimes returns properties in snake case and sometimes in camel case I didn't figure out the pattern

Related command

az webapp config access-restriction show

Errors

the error occurs in a client code which doesn't find the expected property in camel case

Issue script & Debug output

az webapp config access-restriction show --resource-group 'sensitive' --name 'sensitive' --debug cli.knack.cli: Command arguments: ['webapp', 'config', 'access-restriction', 'show', '--resource-group', 'sensitive', '--name', 'sensitive', '--debug'] cli.knack.cli: init debug log: Enable color in terminal. cli.knack.cli: Event: Cli.PreExecute [] cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x000001C21EFDB2E0>, <function OutputProducer.on_global_arguments at 0x000001C21F37C180>, <function CLIQuery.on_global_arguments at 0x000001C21F3A1580>] cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate [] cli.azure.cli.core: Modules found from index for 'webapp': ['azure.cli.command_modules.appservice', 'azure.cli.command_modules.serviceconnector'] cli.azure.cli.core: Loading command modules: cli.azure.cli.core: Name Load Time Groups Commands cli.azure.cli.core: appservice 0.358 80 278 cli.azure.cli.core: serviceconnector 0.022 20 331 cli.azure.cli.core: Total (2) 0.380 100 609 cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_ai_examples', 'azext_next'] cli.azure.cli.core: Loading extensions: cli.azure.cli.core: Name Load Time Groups Commands Directory cli.azure.cli.core: Total (0) 0.000 0 0 cli.azure.cli.core: Loaded 98 groups, 609 commands. cli.azure.cli.core: Found a match in the command table. cli.azure.cli.core: Raw command : webapp config access-restriction show cli.azure.cli.core: Command table: webapp config access-restriction show cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x000001C2216971A0>] cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to 'C:\Users\sensitive.azure\commands\2025-11-28.16-12-16.webapp_config_access-restriction_show.25768.log'. az_command_data_logger: command args: webapp config access-restriction show --resource-group {} --name {} --debug cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x000001C2216BBA60>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad [] cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x000001C22170E2A0>, <function register_cache_arguments..add_cache_arguments at 0x000001C22170E3E0>, <function register_upcoming_breaking_change_info..update_breaking_change_info at 0x000001C22170E480>] cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded [] cli.knack.cli: Event: CommandInvoker.OnPreParseArgs [] cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x000001C21F37C220>, <function CLIQuery.handle_query_parameter at 0x000001C21F3A1620>, <function register_ids_argument..parse_ids_arguments at 0x000001C22170E340>] cli.azure.cli.core.commands.client_factory: Getting management service client client_type=WebSiteManagementClient cli.azure.cli.core.auth.persistence: build_persistence: location='C:\Users\sensitive\.azure\msal_token_cache.bin', encrypt=True cli.azure.cli.core.auth.binary_cache: load: C:\Users\sensitive.azure\msal_http_cache.bin urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None) msal.authority: Initializing with Entra authority: https://login.microsoftonline.com/sensitive msal.authority: openid_config("https://login.microsoftonline.com/sensitive/v2.0/.well-known/openid-configuration") = {'token_endpoint': 'https://login.microsoftonline.com/sensitive/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic', 'self_signed_tls_client_auth'], 'jwks_uri': 'https://login.microsoftonline.com/sensitive/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/sensitive/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/sensitive/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/sensitive/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/sensitive/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/sensitive/kerberos', 'mtls_endpoint_aliases': {'token_endpoint': 'https://mtlsauth.microsoft.com/sensitive/oauth2/v2.0/token'}, 'tls_client_certificate_bound_access_tokens': True, 'tenant_region_scope': 'EU', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'} msal.application: Broker enabled? True cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token_info: scopes=('https://management.core.windows.net//.default',), options={} cli.azure.cli.core.auth.msal_credentials: UserCredential.acquire_token: scopes=['https://management.core.windows.net//.default'], claims_challenge=None, kwargs={}
msal.application: Cache hit an AT msal.telemetry: Generate or reuse correlation_id: sensitive cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/sensitive/resourceGroups/sensitive/providers/Microsoft.Web/sites/sensitive/config/web?api-version=2024-11-01' cli.azure.cli.core.sdk.policies: Request method: 'GET' cli.azure.cli.core.sdk.policies: Request headers: cli.azure.cli.core.sdk.policies: 'Accept': 'application/json' cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': '9fba31b8-cc6c-11f0-b0cc-b3ce651aee6f' cli.azure.cli.core.sdk.policies: 'CommandName': 'webapp config access-restriction show' cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--resource-group --name --debug' cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.76.0 (MSI) azsdk-python-core/1.35.0 Python/3.12.10 (Windows-11-10.0.22631-SP0)' cli.azure.cli.core.sdk.policies: 'Authorization': '*****' cli.azure.cli.core.sdk.policies: Request body: cli.azure.cli.core.sdk.policies: This request has no body urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443 urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/sensitive/resourceGroups/sensitive/providers/Microsoft.Web/sites/sensitive/config/web?api-version=2024-11-01 HTTP/1.1" 200 4440 cli.azure.cli.core.sdk.policies: Response status: 200 cli.azure.cli.core.sdk.policies: Response headers: cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache' cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache' cli.azure.cli.core.sdk.policies: 'Content-Length': '4440' cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json' cli.azure.cli.core.sdk.policies: 'Expires': '-1' cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains' cli.azure.cli.core.sdk.policies: 'x-ms-request-id': 'guid' cli.azure.cli.core.sdk.policies: 'X-AspNet-Version': '4.0.30319' cli.azure.cli.core.sdk.policies: 'X-Powered-By': 'ASP.NET' cli.azure.cli.core.sdk.policies: 'x-ms-operation-identifier': 'tenantId=sensitive,objectId=guid/germanywestcentral/guid' cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-reads': '249' cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-global-reads': '3749' cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': 'guid' cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'GERMANYWESTCENTRAL:20251128T151216Z:guid' cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff' cli.azure.cli.core.sdk.policies: 'X-Cache': 'CONFIG_NOCACHE' cli.azure.cli.core.sdk.policies: 'X-MSEdge-Ref': 'Ref A: 76232903A59A42219B569D93193CA3A0 Ref B: FRA261071510060 Ref C: 2025-11-28T15:12:15Z' cli.azure.cli.core.sdk.policies: 'Date': 'Fri, 28 Nov 2025 15:12:15 GMT' cli.azure.cli.core.sdk.policies: Response content: cli.azure.cli.core.sdk.policies: {"id":"/subscriptions/sensitive/resourceGroups/sensitive/providers/Microsoft.Web/sites/sensitive/config/web","name":"sensitive","type":"Microsoft.Web/sites/config","location":"West Europe","properties":{"numberOfWorkers":1,"defaultDocuments":["Default.htm","Default.html","Default.asp","index.htm","index.html","iisstart.htm","default.aspx","index.php","hostingstart.html"],"netFrameworkVersion":"v4.0","phpVersion":"","pythonVersion":"","nodeVersion":"","powerShellVersion":"","linuxFxVersion":"DOTNETCORE|9.0","windowsFxVersion":null,"sandboxType":null,"windowsConfiguredStacks":[],"requestTracingEnabled":false,"remoteDebuggingEnabled":false,"remoteDebuggingVersion":null,"httpLoggingEnabled":false,"azureMonitorLogCategories":[""],"acrUseManagedIdentityCreds":false,"acrUserManagedIdentityID":null,"logsDirectorySizeLimit":35,"detailedErrorLoggingEnabled":false,"publishingUsername":"REDACTED","publishingPassword":null,"appSettings":null,"metadata":null,"connectionStrings":null,"machineKey":null,"handlerMappings":null,"documentRoot":null,"scmType":"None","use32BitWorkerProcess":true,"webSocketsEnabled":false,"alwaysOn":true,"javaVersion":null,"javaContainer":null,"javaContainerVersion":null,"appCommandLine":"","managedPipelineMode":"Integrated","virtualApplications":[{"virtualPath":"/","physicalPath":"site\wwwroot","preloadEnabled":true,"virtualDirectories":null}],"winAuthAdminState":null,"winAuthTenantState":null,"customAppPoolIdentityAdminState":false,"customAppPoolIdentityTenantState":false,"runtimeADUser":null,"runtimeADUserPassword":null,"loadBalancing":"LeastRequests","routingRules":[],"experiments":{"rampUpRules":[]},"limits":null,"autoHealEnabled":false,"autoHealRules":null,"tracingOptions":null,"vnetName":"sensitive_CustomSubnet","vnetRouteAllEnabled":false,"vnetPrivatePortsCount":0,"publicNetworkAccess":null,"siteAuthEnabled":false,"siteAuthSettings":{"enabled":null,"unauthenticatedClientAction":null,"tokenStoreEnabled":null,"allowedExternalRedirectUrls":null,"defaultProvider":null,"clientId":null,"clientSecret":null,"clientSecretSettingName":null,"clientSecretCertificateThumbprint":null,"issuer":null,"allowedAudiences":null,"additionalLoginParams":null,"isAadAutoProvisioned":false,"aadClaimsAuthorization":null,"googleClientId":null,"googleClientSecret":null,"googleClientSecretSettingName":null,"googleOAuthScopes":null,"facebookAppId":null,"facebookAppSecret":null,"facebookAppSecretSettingName":null,"facebookOAuthScopes":null,"gitHubClientId":null,"gitHubClientSecret":null,"gitHubClientSecretSettingName":null,"gitHubOAuthScopes":null,"twitterConsumerKey":null,"twitterConsumerSecret":null,"twitterConsumerSecretSettingName":null,"microsoftAccountClientId":null,"microsoftAccountClientSecret":null,"microsoftAccountClientSecretSettingName":null,"microsoftAccountOAuthScopes":null,"configVersion":null},"cors":null,"push":null,"apiDefinition":null,"apiManagementConfig":null,"autoSwapSlotName":null,"localMySqlEnabled":false,"managedServiceIdentityId":null,"xManagedServiceIdentityId":28440,"keyVaultReferenceIdentity":null,"ipSecurityRestrictions":[{"ipAddress":"sensitive","action":"Allow","tag":"Default","priority":100,"name":"sensitive","description":"sensitive"},{"ipAddress":"Any","action":"Deny","priority":2147483647,"name":"Deny all","description":"Deny all access"}],"ipSecurityRestrictionsDefaultAction":null,"scmIpSecurityRestrictions":[{"ipAddress":"Any","action":"Allow","priority":2147483647,"name":"Allow all","description":"Allow all access"}],"scmIpSecurityRestrictionsDefaultAction":null,"scmIpSecurityRestrictionsUseMain":false,"http20Enabled":false,"minTlsVersion":"1.2","minTlsCipherSuite":null,"scmMinTlsCipherSuite":null,"supportedTlsCipherSuites":null,"scmSupportedTlsCipherSuites":null,"scmMinTlsVersion":"1.2","ftpsState":"FtpsOnly","preWarmedInstanceCount":0,"functionAppScaleLimit":null,"elasticWebAppScaleLimit":0,"healthCheckPath":null,"fileChangeAuditEnabled":false,"functionsRuntimeScaleMonitoringEnabled":false,"websiteTimeZone":null,"minimumElasticInstanceCount":0,"azureStorageAccounts":{},"http20ProxyFlag":0,"sitePort":null,"antivirusScanEnabled":false,"storageType":"StorageVolume","sitePrivateLinkHostEnabled":false,"clusteringEnabled":false,"webJobsEnabled":false}} cli.knack.cli: Event: CommandInvoker.OnTransformResult [<function _resource_group_transform at 0x000001C2216BB7E0>, <function _x509_from_base64_to_hex_transform at 0x000001C2216BB880>] cli.knack.cli: Event: CommandInvoker.OnFilterResult [] { "ipSecurityRestrictions": [ { "action": "Allow", "additional_properties": {}, "description": "sensitive", "headers": null, "ip_address": "sensitive", "name": "sensitive", "priority": 100, "subnet_mask": null, "subnet_traffic_tag": null, "tag": "Default", "vnet_subnet_resource_id": null, "vnet_traffic_tag": null }, { "action": "Deny", "additional_properties": {}, "description": "Deny all access", "headers": null, "ip_address": "Any", "name": "Deny all", "priority": 2147483647, "subnet_mask": null, "subnet_traffic_tag": null, "tag": null, "vnet_subnet_resource_id": null, "vnet_traffic_tag": null } ], "ipSecurityRestrictionsDefaultAction": null, "scmIpSecurityRestrictions": [ { "action": "Allow", "additional_properties": {}, "description": "Allow all access", "headers": null, "ip_address": "Any", "name": "Allow all", "priority": 2147483647, "subnet_mask": null, "subnet_traffic_tag": null, "tag": null, "vnet_subnet_resource_id": null, "vnet_traffic_tag": null } ], "scmIpSecurityRestrictionsDefaultAction": null, "scmIpSecurityRestrictionsUseMain": false } cli.knack.cli: Event: Cli.SuccessfulExecute [] cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x000001C221697420>]

Expected behavior

the output must have properties consistently named in camel case { "ipSecurityRestrictions": [ { "action": "Allow", "additionalProperties": {}, "description": "sensitive", "headers": null, "ipAddress": "sensitive", "name": "sensitive", "priority": 100, "subnetMask": null, "subnetTrafficTag": null, "tag": "Default", "vnetSubnetResource_id": null, "

Environment Summary

Local

azure-cli 2.76.0 *

core 2.76.0 * telemetry 1.1.0

Extensions: azure-devops 1.0.2

Dependencies: msal 1.33.0b1 azure-mgmt-resource 23.3.0

Python location 'C:\Program Files\Microsoft SDKs\Azure\CLI2\python.exe' Config directory 'C:\Users\sensitive.azure' Extensions directory 'C:\Users\sensitive.azure\cliextensions'

Python (Windows) 3.12.10 (tags/v3.12.10:0cc8128, Apr 8 2025, 12:21:36) [MSC v.1943 64 bit (AMD64)]

Cloud

{ "azure-cli": "2.79.0", "azure-cli-core": "2.79.0", "azure-cli-telemetry": "1.1.0", "extensions": { "azure-devops": "1.0.2" } }

Image: ubuntu-latest Current image version: '20251112.124.1' Current agent version: '4.261.0'

Additional context

There are multiple Azure DevOps pipeline runs executed on the same day with the same version of build agent image and az cli. Some of them fail because 'ipAddreess' property is not on the target rule Some of them succeed when the 'ipAddress' property is found on the target rule

I didn't figure out the pattern.

The issue is reproduced locally as I consistently get snake cased properties in ipSecurityRestrictions and scmIpSecurityRestrictions objects

[azure-client-tools-bot-prd[bot]]

Hi @scdomian,

2.76.0 is not the latest Azure CLI(2.80.0).

If you haven't already attempted to do so, please upgrade to the latest Azure CLI version by following https://learn.microsoft.com/en-us/cli/azure/update-azure-cli.

[yonzhan]

Thank you for opening this issue, we will look into it.

[microsoft-github-policy-service[bot]]

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @AzureAppServiceCLI, @antcp, @yutanglin16.

[scdomian]

the issue was reproduced after upgrading Az CLI to the latest version: azure-cli 2.80.0

core 2.80.0 telemetry 1.1.0

Extensions: azure-devops 1.0.2

Dependencies: msal 1.34.0b1 azure-mgmt-resource 23.3.0

[seligj95]

Thanks @scdomian for raising this issue. I have implemented the fix in the attached PR. This fix should show up in the next CLI release 2.82.0.

[scdomian]

thank you !