{Docs} Increase visibility of doc/use_cli_effectively.md #13249
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,8 @@ | ||
| # Tips for using Azure CLI effectively | ||
|
|
||
| For clarity, Bash scripts are used inline. Windows batch or PowerScript examples are listed in the appendix, which you can use to build similar examples. | ||
|
|
||
| ## Output formatting (json, table, or tsv) | ||
|
|
||
| 1. `json` format is the CLI's default, and is intended to give you the most comprehensive information. If you prefer a different format, use the `--output` argument to override for an individual command invocation, or use `az configure` to update your global default. Note that JSON format preserves the double quotes, generally making in unsuitable for scripting purposes. | ||
|
|
||
|
|
@@ -22,7 +22,7 @@ For clarity, Bash scripts are used inline. Windows batch or PowerScript examples | |
| az vm stop --ids $vm_ids | ||
| ``` | ||
|
|
||
| ## Pass values from one command to another | ||
|
|
||
| 1. If the value will be used more than once, assign it to a variable. Note the use of `-o tsv` in the following example: | ||
|
|
||
|
|
@@ -58,7 +58,7 @@ For clarity, Bash scripts are used inline. Windows batch or PowerScript examples | |
| az vm list -d -g my_rg --query "[?powerState=='VM stopped'].id" -o tsv | az vm start --ids @- | ||
| ``` | ||
|
|
||
| ## Async operations | ||
|
|
||
| Many commands and group expose `--no-wait` flags on their long-running operations as well as a dedicated `wait` command. These become handy for certain scenarios: | ||
|
|
||
|
|
@@ -78,7 +78,8 @@ Many commands and group expose `--no-wait` flags on their long-running operation | |
| az vm wait --created --ids $vm1_id $vm2_id | ||
| ``` | ||
|
|
||
| ## Generic update arguments | ||
|
|
||
| Most update commands in the CLI feature the three generic arguments: `--add`, `--set` and `--remove`. These arguments are powerful but often less convenient than the strongly-typed arguments typically featured in update commands. The CLI provides strongly-typed arguments for most common scenarios for ease-of-use, but if the property you want to set isn't listed, the generic update arguments will often present a path forward to unblock you without having to wait for a new release. | ||
|
|
||
| 1. The generic update syntax isn't the most user friendly, so it will require some patience. | ||
|
|
@@ -94,44 +95,132 @@ Most update commands in the CLI feature the three generic arguments: `--add`, `- | |
| az vm update -g my_rg -n my_vm --add storageProfile.dataDisks @~/my_disk.json | ||
| ``` | ||
|
|
||
| ## Generic resource commands - `az resource` | ||
|
|
||
| There may be cases where a service you are interested in does not have CLI command coverage. You can use the `az resource create/show/list/delete/update/invoke-action` commands to work with these resources. Here are a few suggestions: | ||
| 1. If only `create/update` are involved, consider using `az group deployment create`. Leverage [Azure Quickstart Templates](https://github.com/Azure/azure-quickstart-templates) for working examples. | ||
| 2. Check out the Rest API reference for the request payload, URL and API version. As an example, check out the community's comments on [how to create AppInsights](https://github.com/Azure/azure-cli/issues/5543). | ||
|
|
||
| ## REST API command - `az rest` | ||
|
|
||
| If neither generic update arguments nor `az resource` meets your needs, you can use `az rest` command to call the REST API. It automatically authenticates using the logged-in credential and sets header `Content-Type: application/json`. | ||
|
|
||
| This is extremely useful for calling [Microsoft Graph API](https://docs.microsoft.com/en-us/graph/api/overview?toc=./ref/toc.json&view=graph-rest-1.0) which is not currently supported by CLI commands ([#12946](https://github.com/Azure/azure-cli/issues/12946)). | ||
|
|
||
| For example, to update `redirectUris` for an [Application](https://docs.microsoft.com/en-us/graph/api/resources/application?view=graph-rest-1.0), we call the [Update application](https://docs.microsoft.com/en-us/graph/api/application-update?view=graph-rest-1.0&tabs=http) REST API with: | ||
|
|
||
| ```sh | ||
| # Line breaks for legibility only | ||
|
|
||
| # Get the application | ||
| az rest --method GET | ||
| --url 'https://graph.microsoft.com/v1.0/applications/b4e4d2ab-e2cb-45d5-a31a-98eb3f364001' | ||
|
|
||
| # Update `redirectUris` for `web` property | ||
| az rest --method PATCH | ||
| --url 'https://graph.microsoft.com/v1.0/applications/b4e4d2ab-e2cb-45d5-a31a-98eb3f364001' | ||
| --body '{"web":{"redirectUris":["https://myapp.com"]}}' | ||
| ``` | ||
|
|
||
| ## Quoting issues | ||
|
|
||
| This becomes an issue because when the command shell (Bash, Zsh, Windows Command Prompt, PowerShell, etc) parses the CLI command, it will interpret the quotes and spaces. Always refer to the documents when you are uncertain about the usage of a shell: | ||
|
|
||
| - Bash: [Quoting](https://www.gnu.org/software/bash/manual/html_node/Quoting.html) | ||
| - PowerShell: [About Quoting Rules](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_quoting_rules) | ||
| - Windows Command Prompt: [How-to: Escape Characters, Delimiters and Quotes at the Windows command line](https://ss64.com/nt/syntax-esc.html) | ||
|
|
||
| To avoid unanticipated results, here are a few suggestions: | ||
|
|
||
| 1. If the value contains whitespace, you must wrap it in quotes. | ||
| 2. In bash or Windows PowerShell, both single and double quotes will be interpreted, while in Windows Command Prompt, only double quotes are handled which means single quotes will be interpreted as a part of the value. | ||
| 3. If your command only runs on Bash (or Zsh), using single quotes has the benefit of preserving the content inside. This can be very helpful when supplying inline JSON. For example this works in bash: `'{"foo": "bar"}'` | ||
| 4. If your command will run on Windows Command Prompt, you must use double quotes exclusively. If the value contains double quotes, you must escape it: `"i like to use \" a lot"`. The Command Prompt equivalent of the above would be: `"{\"foo\": \"bar\"}"` | ||
| 5. Exported variables in bash inside double quotes will be evaluated. If this is not what you want, again use `\ ` to escape it like `"\$var"` or use single quotes `'$var'`. | ||
| 6. A few CLI arguments, including the generic update arguments, take a list of space-separated values, like `<key1>=<value1> <key2>=<value2>`. Since the key name and value can take arbitrary string which might contain whitespace, using quotes will be necessary. Wrap the pair, not individual key or value. So `"my name"=john` is wrong. Instead, use `"my name=john"`. For example: | ||
| ```sh | ||
| az webapp config appsettings set -g my_rg -n my_web --settings "client id=id1" "my name=john" | ||
| ``` | ||
| 7. Use CLI's `@<file>` convention to load from a file so to bypass the shell's interpretation mechanisms: | ||
| ```sh | ||
| az ad app create --display-name my-native --native-app --required-resource-accesses @manifest.json | ||
| ``` | ||
| 8. When a CLI argument says it accepts a space-separated list, these are the formats accepted: | ||
| - `--arg foo bar`: OK. Unquoted, space-separated list | ||
| - `--arg "foo" "bar"`: OK: Quoted, space-separated list | ||
| - `--arg "foo bar"`: BAD. This is a string with a space in it, not a space-separated list. | ||
| 9. When running Azure CLI commands in PowerShell, parsing errors will occur when the arguments contain special characters of PowerShell, such as at `@`. You can solve this problem by adding `` ` `` before the special character to escape it, or by enclosing the argument with single or double quotes `'`/`"`. For example, `az group deployment create --parameters @parameters.json` doesn't work in PowerShell because `@` is parsed as a [splatting symbol](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_splatting). To fix this, you may change the argument to `` `@parameters.json`` or `'@parameters.json'`. | ||
| 10. When using `--query` with a command, some characters of [JMESPath](https://jmespath.org/specification.html) need to be escaped in the shell. For example, in Bash: | ||
| ```sh | ||
| # Wrong, as the dash needs to be quoted in a JMESPath query | ||
| $ az version --query azure-cli | ||
| az version: error: argument --query: invalid jmespath_type value: 'azure-cli' | ||
|
|
||
| # Wrong, as the dash needs to be quoted in a JMESPath query, but quotes are interpreted by Bash | ||
| $ az version --query "azure-cli" | ||
| az version: error: argument --query: invalid jmespath_type value: 'azure-cli' | ||
|
|
||
| # Correct | ||
| $ az version --query '"azure-cli"' | ||
|
There was a problem hiding this comment. I suggest either call out that this is corerct on Linux/Mac only or put the correct commands on windows command prompt and powershell as well. There was a problem hiding this comment. Nice one, added as requested. The quoting rules for Command Prompt are also mentioned in item 4. As for PowerShell, the format is weird due to a known bug which I further described in #13419. |
||
| "2.5.1" | ||
|
|
||
| $ az version --query \"azure-cli\" | ||
| "2.5.1" | ||
|
|
||
| $ az version --query "\"azure-cli\"" | ||
| "2.5.1" | ||
| ``` | ||
|
|
||
| In Command Prompt: | ||
| ```cmd | ||
| > az version --query "\"azure-cli\"" | ||
| "2.5.1" | ||
|
|
||
| > az version --query \"azure-cli\" | ||
| "2.5.1" | ||
| ``` | ||
|
|
||
| In PowerShell (see item 12 for why extra escaping is needed): | ||
| ```powershell | ||
| > az version --query '\"azure-cli\"' | ||
| "2.5.1" | ||
|
|
||
| > az version --query "\`"azure-cli\`"" | ||
| "2.5.1" | ||
|
|
||
| > az version --query "\""azure-cli\""" | ||
| "2.5.1" | ||
|
|
||
| > az --% version --query "\"azure-cli\"" | ||
| "2.5.1" | ||
|
|
||
| > az --% version --query \"azure-cli\" | ||
| "2.5.1" | ||
| ``` | ||
|
|
||
| 11. The best way to troubleshoot a quoting issue is to run the command with `--debug` flag. It reveals the actual arguments received by CLI in [Python's syntax](https://docs.python.org/3/tutorial/introduction.html#strings). For example, in Bash: | ||
|
|
||
| ```sh | ||
| # Wrong, as quotes and spaces are interpreted by Bash | ||
| $ az {"key": "value"} --debug | ||
| Command arguments: ['{key:', 'value}', '--debug'] | ||
|
|
||
| # Wrong, as quotes are interpreted by Bash | ||
| $ az {"key":"value"} --debug | ||
| Command arguments: ['{key:value}', '--debug'] | ||
|
|
||
| # Correct | ||
| $ az '{"key":"value"}' --debug | ||
| Command arguments: ['{"key":"value"}', '--debug'] | ||
|
|
||
| # Correct | ||
| $ az "{\"key\":\"value\"}" --debug | ||
| Command arguments: ['{"key":"value"}', '--debug'] | ||
| ``` | ||
| 12. Due to a known issue of PowerShell, some extra escaping rules apply, see [Quoting issues with PowerShell](quoting-issues-with-powershell.md) for more information | ||
|
|
||
| ## Work behind a proxy | ||
|
|
||
| Proxy is common behind corporate network or introduced by tracing tools like Fiddler, mitmproxy, etc. If the proxy uses self-signed certificates, the Python [Requests](https://github.com/kennethreitz/requests) library which CLI uses will throw `SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",)`. There are 2 ways to handle this error: | ||
|
|
||
| 1. Set environment variable `REQUESTS_CA_BUNDLE` to the path of CA bundle certificate file in PEM format. This is recommended if you use CLI frequently behind a corporate proxy. The default CA bundle which CLI uses is located at `C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\Lib\site-packages\certifi\cacert.pem` on Windows and ` /opt/az/lib/python3.6/site-packages/certifi/cacert.pem` on Linux. You may append the proxy server's certificate to this file or copy the contents to another certificate file, then set `REQUESTS_CA_BUNDLE` to it. For example: | ||
|
|
@@ -155,7 +244,9 @@ Proxy is common behind corporate network or introduced by tracing tools like Fid | |
| If you are using az on a build machine, and multiple jobs can be run in parallel, then there is a risk that the login tokens are shared between two build jobs is the jobs run as the same OS user. To avoid mix ups like this, set AZURE_CONFIG_DIR to a directory where the login tokens should be stored. It could be a randomly created folder, or just the name of the jenkins workspace, like this ```AZURE_CONFIG_DIR=.``` | ||
|
|
||
| ## Appendix | ||
|
|
||
| ### Windows batch scripts for saving to variables and using it later | ||
|
|
||
| ```batch | ||
| ECHO OFF | ||
| SETLOCAL | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The "and" makes this sentence a little confusing. Are "common scenarios" and using "Azure CLI effectively two different things? Consider "that".
###Common scenarios that use Azure CLI effectively
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the contents of this section focuses on both aspects: common scenarios AND instructions for users to use CLI effectively. Not all scenarios are using CLI effectively. Some are for issue workarounds or troubleshooting.