Adding note about change in behaviour for az cli #23413
Conversation
As per discussion with sureshja@microsoft.com, since the change of az cli from version 2.37, the az ad sp commands no longer operate on the App Registration, they operate on the Enterprise Application/Service Principal: https://docs.microsoft.com/en-us/cli/azure/microsoft-graph-migration#az-ad-sp-credential This change in behaviour has prompted a request to change the docs to clarify the behaviour
FrankBoylan92
requested review from
jiasli,
evelyn-ys and
calvinhzy
as code owners
ghost
added
the
customer-reported
|
Thank you for your contribution FrankBoylan92! We will review the pull request and get back to you soon. |
ghost
requested a review
from 
|
role |
| @@ -115,6 +115,11 @@ | |||
| The output includes credentials that you must protect. Be sure that you do not include these credentials | |||
| in your code or check the credentials into your source control. As an alternative, consider using | |||
| [managed identities](https://aka.ms/azadsp-managed-identities) if available to avoid the need to use credentials. | |||
|
|
|||
| **Note:** This command resets the credentials of the Service Principal, not the App Registration. | |||
There was a problem hiding this comment.
This is a good catch! But I guess you put this statement at the wrong place? ad app credential reset does reset the credential of the application, not service principal.
The help message for az ad sp credential reset is here:
azure-cli/src/azure-cli/azure/cli/command_modules/role/_help.py
Lines 527 to 531 in 33cbd01
As for the behavior change, we called out in https://docs.microsoft.com/en-us/cli/azure/microsoft-graph-migration#az-ad-sp-credential
| As such, the credential shown in the output will be different from the credential shown in the portal under the App Registration pane. | ||
| Credentials of a Service Principal are not visable in the portal, only via the az cli or Microsoft Graph API. |
There was a problem hiding this comment.
We don't want to describe the behavior of Azure Portal since Azure Portal are subject to change, which is hard to maintain. Once Azure Portal changes its behavior, CLI's document will be outdated.
|
As per comments, closing pull request. Same note is already in below doc: |
As per discussion with sureshja@microsoft.com, since the change of az cli from version 2.37, the az ad sp commands no longer operate on the App Registration, they operate on the Enterprise Application/Service Principal:
https://docs.microsoft.com/en-us/cli/azure/microsoft-graph-migration#az-ad-sp-credential
This change in behaviour has prompted a request to change the docs to clarify the behaviour
Related command
Description
Testing Guide
History Notes
[Component Name 1] BREAKING CHANGE:
az command a: Make some customer-facing breaking change[Component Name 2]
az command b: Add some customer-facing featureThis checklist is used to make sure that common guidelines for a pull request are followed.
The PR title and description has followed the guideline in Submitting Pull Requests.
I adhere to the Command Guidelines.
I adhere to the Error Handling Guidelines.