search

Azure / azure-cli

Azure Command-Line Interface
MIT License
3.97k stars 2.95k forks source link

`az lock delete` param `--ids` does not delete lock #24519

Open smokedlinq opened 1 year ago

smokedlinq commented 1 year ago

Describe the bug

When running the az lock delete command with the --ids parameter, it completes successfully but does not delete the lock. Workaround is to use the az resource delete command.

Command Name az lock delete

To Reproduce:

Steps to reproduce the behavior. Note that argument values have been redacted, as they may contain sensitive information.

Expected Behavior

The lock resource is deleted

Environment Summary

Windows-10-10.0.22621-SP0
Python 3.10.8
Installer: MSI

azure-cli 2.42.0

Extensions:
application-insights 0.1.16
azure-devops 0.25.0
log-analytics-solution 0.1.1
resource-graph 2.1.0

Dependencies:
msal 1.20.0
azure-mgmt-resource 21.1.0b1

Additional Context

yonzhan commented 1 year ago

@zhoxing-ms for awareness

zhoxing-ms commented 1 year ago

@smokedlinq Could you please send the debug log (add --debug parameter`) to me by email? My email address is Zhou.Xing@microsoft.com, thanks~

smokedlinq commented 1 year ago

@zhoxing-ms sent, let me know if you need anything else.

zhoxing-ms commented 1 year ago

Sorry, I can't reproduce your problem. And I see that the REST service has returned the status code 204 after the deletion. This issue needs to be investigated by ARM service team, so I transfer this issue to them. 'x-ms-correlation-request-id': 'fd38435c-e8b6-4680-9be5-5c2633f15c7b'

smokedlinq commented 1 year ago

@zhoxing-ms Thanks for looking, if it'd help if I opened a support ticket let me know. For now, I have a viable workaround but it definitely seems like an issue that should be looked into so I'll leave this issue open.

cveld commented 11 months ago

I am using version 2.52.0 and this one does require that you set the subscription context yourself first.

E.g. when subscription context is set to Subscription A and you submit the following cli command:

az lock delete --ids /subscriptions/subscription-b/resourcegroups/rg-storageaccounts/providers/microsoft.storage/storageAccounts/mystorageaccount/providers/Microsoft.Authorization/locks/AzureBackupProtectionLock --debug

It results in the following error: Unexpected --resource-group for lock AzureBackupProtectionLock, expected rg-resourcegroup

Apparently the cli also has some awareness of the last resource group it was targeting, not sure.

As soon as I switch the context to the target subscription, the command is able to remove the lock.

E.g. az account set --subscription subscription-a az lock delete --ids /subscriptions/subscription-b/resourcegroups/rg-storageaccounts/providers/microsoft.storage/storageAccounts/mystorageaccount/providers/Microsoft.Authorization/locks/AzureBackupProtectionLock --debug

Runs successful.

Ideally the az lock delete command with the --ids switch is not dependant on the current subscription context.

Do you recommend me to open up a separate issue for my experience?