Skip to content

[App Service] Fix #30336, #29761: Improve --scope and --linux-fx-version help text and examples #33065

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
seligj95 wants to merge 1 commit into from
+13 −1
Closed

[App Service] Fix #30336, #29761: Improve --scope and --linux-fx-version help text and examples #33065

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions src/azure-cli/azure/cli/command_modules/appservice/_help.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1665,6 +1665,15 @@
- name: set configuration through a JSON file called params.json
text: >
az webapp config set -g MyResourceGroup -n MyUniqueApp --generic-configurations "@.\\params.json"
- name: Set the linux runtime stack to Python 3.11 (format is RUNTIME|VERSION).
text: >
az webapp config set -g MyResourceGroup -n MyUniqueApp --linux-fx-version "PYTHON|3.11"
- name: Set the linux runtime stack to Node.js 18 LTS.
text: >
az webapp config set -g MyResourceGroup -n MyUniqueApp --linux-fx-version "NODE|18-lts"
- name: Set the linux runtime stack to .NET 8.0.
text: >
az webapp config set -g MyResourceGroup -n MyUniqueApp --linux-fx-version "DOTNETCORE|8.0"

"""

Expand Down Expand Up @@ -1910,6 +1919,9 @@
- name: Create a web app with end-to-end encryption enabled and minimum TLS version 1.2
text: >
az webapp create -g MyResourceGroup -p MyPlan -n MyUniqueAppName --end-to-end-encryption-enabled true --min-tls-version 1.2
- name: Create a web app with a system-assigned managed identity and grant it access to a storage account.
text: >
az webapp create -g MyResourceGroup -p MyPlan -n MyUniqueAppName --assign-identity [system] --scope /subscriptions/{subscription}/resourceGroups/{resourceGroup}/providers/Microsoft.Storage/storageAccounts/{storageAccount} --role Contributor
Comment on lines +1922 to +1924
Copy link

Copilot AI Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The example uses --role Contributor at the storage account scope while the description says “grant it access to a storage account”. "Contributor" is broad (management-plane) and may be misleading for customers who expect data access; consider using a least-privilege role (e.g., Reader for management access, or a storage data role if you intend data access) and/or adjust the example description to clarify what access is being granted.

Suggested change
- name: Create a web app with a system-assigned managed identity and grant it access to a storage account.
text: >
az webapp create -g MyResourceGroup -p MyPlan -n MyUniqueAppName --assign-identity [system] --scope /subscriptions/{subscription}/resourceGroups/{resourceGroup}/providers/Microsoft.Storage/storageAccounts/{storageAccount} --role Contributor
- name: Create a web app with a system-assigned managed identity and grant it access to blob data in a storage account.
text: >
az webapp create -g MyResourceGroup -p MyPlan -n MyUniqueAppName --assign-identity [system] --scope /subscriptions/{subscription}/resourceGroups/{resourceGroup}/providers/Microsoft.Storage/storageAccounts/{storageAccount} --role "Storage Blob Data Contributor"

Copilot uses AI. Check for mistakes.
Copy link

Copilot AI Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In shells like zsh, unquoted [system] can be treated as a glob character class and cause the command to fail before reaching Azure CLI. To make the example copy/paste-friendly across shells, consider quoting or escaping it (e.g., "[system]").

Suggested change
az webapp create -g MyResourceGroup -p MyPlan -n MyUniqueAppName --assign-identity [system] --scope /subscriptions/{subscription}/resourceGroups/{resourceGroup}/providers/Microsoft.Storage/storageAccounts/{storageAccount} --role Contributor
az webapp create -g MyResourceGroup -p MyPlan -n MyUniqueAppName --assign-identity "[system]" --scope /subscriptions/{subscription}/resourceGroups/{resourceGroup}/providers/Microsoft.Storage/storageAccounts/{storageAccount} --role Contributor

Copilot uses AI. Check for mistakes.
"""

helps['webapp create-remote-connection'] = """
Expand Down
2 changes: 1 addition & 1 deletion src/azure-cli/azure/cli/command_modules/appservice/_params.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -581,7 +581,7 @@ def load_arguments(self, _):
c.argument('power_shell_version', help='The version used to run your function app if using PowerShell, e.g., 7.2', options_list=['--powershell-version'])
c.argument('python_version', help='The version used to run your web app if using Python, e.g., 2.7, 3.4')
c.argument('net_framework_version', help="The version used to run your web app if using .NET Framework, e.g., 'v4.0' for .NET 4.6 and 'v3.0' for .NET 3.5")
c.argument('linux_fx_version', help="The runtime stack used for your linux-based webapp, e.g., \"RUBY|2.5.5\", \"NODE|12LTS\", \"PHP|7.2\", \"DOTNETCORE|2.1\". See https://aka.ms/linux-stacks for more info.")
c.argument('linux_fx_version', help="The runtime stack used for your linux-based webapp, in the format 'RUNTIME|VERSION'. Common examples: \"PYTHON|3.11\", \"NODE|18-lts\", \"DOTNETCORE|8.0\", \"JAVA|17-java17\", \"PHP|8.2\". Use `az webapp list-runtimes --os linux` to see all supported values. See https://aka.ms/linux-stacks for more info.")
c.argument('windows_fx_version', help="A docker image name used for your windows container web app, e.g., microsoft/nanoserver:ltsc2016")
if scope == 'functionapp':
c.ignore('windows_fx_version')
Expand Down
Loading