This document provides a common design of the CLI command interface for supporting Managed Identity in Azure CLI. New commands should follow it while existing commands can stay the same before a deprecation plan.
Use --mi-system-assigned to enable system-assigned identity and --mi-user-assigned with space separated resource IDs to add user-assigned identities.
# <resource> can be acr, webapp, vm or any other resources that support managed identity
az <resource> create ... --mi-system-assigned --mi-user-assigned <AzureResourceId1> <AzureResourceId2>
Create the identity subgroup under the main resource command group. Support the below operations:
-
Assign identities with
identity assigncommandUse
--system-assignedto enable system assigned identity and--user-assignedwith space separated resource IDs to add user assigned identities.az <resource> identity assign ... --system-assigned --user-assigned <AzureResourceId1> <AzureResourceId2> -
Remove identities with
identity removecommandUse
--system-assignedto remove system assigned identity and--user-assignedwith space separated resource IDs to remove specified user assigned identities.az <resource> identity remove ... --system-assigned --user-assigned <AzureResourceId1> <AzureResourceId2>For the convenience scenario to remove all user assigned identities,
--user-assignedwith no values should remove all user assigned identities with proper warnings.az <resource> identity remove ... --user-assigned -
Show identities with
identity showcommandUse this command to show the managed identity type, tenant IDs and principal IDs of the system assigned identities and all user assigned identities.
az <resource> identity show ...