search

Azure / azure-cli

Azure Command-Line Interface
MIT License
3.97k stars 2.95k forks source link

Role assignment list includes classic administrators from the wrong scope #16016

Open dzsibi opened 3 years ago

dzsibi commented 3 years ago

Describe the bug

When using az role assignment list with both --scope and --include-classic-administrators, classic administrators are shown for the current subscription, not taking the subscription specified in the scope into account.

To Reproduce:

Output will look something like this (some properties were truncated):

[
  {
    "id": "/subscriptions/<second-subscription-id>/providers/Microsoft.Authorization/roleAssignments/<assignment-id>",
    "name": "<assignment id>",
    "scope": "/subscriptions/<second-subscription-id>",
    ...
  },
  {
    "id": "NA(classic admins)",
    "name": "NA(classic admins)",
    "scope": "/subscriptions/<first-subscription-id>",
    ...
  }
]

Expected Behavior

Roles and custom administrators from the second subscription are shown.

Environment Summary

Windows-10-10.0.19041-SP0
Python 3.6.8
Installer: MSI

azure-cli 2.15.1
yonzhan commented 3 years ago

RBAC