[App Service] Fix #30336, #29761: Improve --scope and --linux-fx-version help text and examples#33065
Closed
[App Service] Fix #30336, #29761: Improve --scope and --linux-fx-version help text and examples#33065
--scope and --linux-fx-version help text and examples#33065Conversation
…ux-fx-version help text and examples - Add --scope example to webapp create help showing managed identity assignment - Update --linux-fx-version help with RUNTIME|VERSION format and current runtime examples - Add --linux-fx-version examples to webapp config set help for Python, Node, .NET Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
seligj95
requested review from
NoriZC,
teresaritorto and
yanzhudd
as code owners
️✔️AzureCLI-FullTest
|
|
Hi @seligj95, |
️✔️AzureCLI-BreakingChangeTest
|
Collaborator
|
Thank you for your contribution! We will review the pull request and get back to you soon. |
|
The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR. Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions). pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>
|
microsoft-github-policy-service
bot
requested review from
jsntcy,
wangzelin007,
yonzhan and
zhoxing-ms
microsoft-github-policy-service
bot
added
Web Apps
Contributor
There was a problem hiding this comment.
Pull request overview
Updates Azure CLI App Service help/parameter text to better explain managed identity --scope usage and the --linux-fx-version runtime format for Linux web apps, addressing customer documentation feedback.
Changes:
- Clarified
--linux-fx-versionparameter help text with theRUNTIME|VERSIONformat plus modern runtime examples. - Added
az webapp config setexamples demonstrating--linux-fx-versionusage. - Added an
az webapp createexample showing--assign-identitywith--scopeand--role.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
src/azure-cli/azure/cli/command_modules/appservice/_params.py |
Improves --linux-fx-version parameter help text and points users to az webapp list-runtimes --os linux. |
src/azure-cli/azure/cli/command_modules/appservice/_help.py |
Adds new help examples for --linux-fx-version and a new --scope example for az webapp create. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+1922
to
+1924
| - name: Create a web app with a system-assigned managed identity and grant it access to a storage account. | ||
| text: > | ||
| az webapp create -g MyResourceGroup -p MyPlan -n MyUniqueAppName --assign-identity [system] --scope /subscriptions/{subscription}/resourceGroups/{resourceGroup}/providers/Microsoft.Storage/storageAccounts/{storageAccount} --role Contributor |
There was a problem hiding this comment.
The example uses --role Contributor at the storage account scope while the description says “grant it access to a storage account”. "Contributor" is broad (management-plane) and may be misleading for customers who expect data access; consider using a least-privilege role (e.g., Reader for management access, or a storage data role if you intend data access) and/or adjust the example description to clarify what access is being granted.
Suggested change
| - name: Create a web app with a system-assigned managed identity and grant it access to a storage account. | |
| text: > | |
| az webapp create -g MyResourceGroup -p MyPlan -n MyUniqueAppName --assign-identity [system] --scope /subscriptions/{subscription}/resourceGroups/{resourceGroup}/providers/Microsoft.Storage/storageAccounts/{storageAccount} --role Contributor | |
| - name: Create a web app with a system-assigned managed identity and grant it access to blob data in a storage account. | |
| text: > | |
| az webapp create -g MyResourceGroup -p MyPlan -n MyUniqueAppName --assign-identity [system] --scope /subscriptions/{subscription}/resourceGroups/{resourceGroup}/providers/Microsoft.Storage/storageAccounts/{storageAccount} --role "Storage Blob Data Contributor" |
| az webapp create -g MyResourceGroup -p MyPlan -n MyUniqueAppName --end-to-end-encryption-enabled true --min-tls-version 1.2 | ||
| - name: Create a web app with a system-assigned managed identity and grant it access to a storage account. | ||
| text: > | ||
| az webapp create -g MyResourceGroup -p MyPlan -n MyUniqueAppName --assign-identity [system] --scope /subscriptions/{subscription}/resourceGroups/{resourceGroup}/providers/Microsoft.Storage/storageAccounts/{storageAccount} --role Contributor |
There was a problem hiding this comment.
In shells like zsh, unquoted [system] can be treated as a glob character class and cause the command to fail before reaching Azure CLI. To make the example copy/paste-friendly across shells, consider quoting or escaping it (e.g., "[system]").
Suggested change
| az webapp create -g MyResourceGroup -p MyPlan -n MyUniqueAppName --assign-identity [system] --scope /subscriptions/{subscription}/resourceGroups/{resourceGroup}/providers/Microsoft.Storage/storageAccounts/{storageAccount} --role Contributor | |
| az webapp create -g MyResourceGroup -p MyPlan -n MyUniqueAppName --assign-identity "[system]" --scope /subscriptions/{subscription}/resourceGroups/{resourceGroup}/providers/Microsoft.Storage/storageAccounts/{storageAccount} --role Contributor |
Contributor
Author
|
Consolidated into #33051 — cherry-picked commit into the primary branch. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Fixes #30336 and #29761.
Changes:
--scopeparameter #30336: Added--scopeexample toaz webapp createhelp showing how to create a web app with a system-assigned managed identity and grant it access to a resource.--linux-fx-versionparameter needs more explanation #29761: Updated--linux-fx-versionparameter help text with theRUNTIME|VERSIONformat and current runtime examples (PYTHON|3.11, NODE|18-lts, DOTNETCORE|8.0, JAVA|17-java17, PHP|8.2). Added--linux-fx-versionexamples toaz webapp config sethelp.Testing:
Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com