Modify warnings about credential loss due to non-unique display names in az ad app create and az ad sp create-for-rbac commands

ReaNAiveD · ReaNAiveD · commit 1f74b7299b4b · 2025-11-24T13:38:26.000+11:00
diff --git a/src/azure-cli/azure/cli/command_modules/role/_help.py b/src/azure-cli/azure/cli/command_modules/role/_help.py
@@ -22,7 +22,14 @@
 helps['ad app create'] = """
 type: command
 short-summary: Create an application.
-long-summary: For more detailed documentation, see https://learn.microsoft.com/graph/api/resources/application
+long-summary: >-
+    **IMPORTANT**: The `az ad app create` command can modify an existing application or service principal if
+    another object shares the same **display name**. Display names aren't unique and can change, which
+    could result in credential loss or incorrect RBAC assignments. Use a **unique object ID or app ID** instead. 
+    For more details, see https://go.microsoft.com/fwlink/?linkid=2342455.
+
+
+    For more detailed documentation, see https://learn.microsoft.com/graph/api/resources/application
 examples:
   - name: Create an application.
     text: |
@@ -508,10 +515,7 @@
 helps['ad sp create'] = """
 type: command
 short-summary: Create a service principal.
-long-summary: >-
-    **IMPORTANT**: The `az ad sp create` command can modify an existing application or service principal if
-    another object shares the same **display name**. Display names aren't unique and can change, which
-    could result in credential loss or incorrect RBAC assignments. Use a **unique object ID or app ID** instead.
+long-summary:
 examples:
   - name: Create a service principal. (autogenerated)
     text: az ad sp create --id 00000000-0000-0000-0000-000000000000
@@ -527,6 +531,7 @@
     **IMPORTANT**: The `az ad sp create-for-rbac` command can modify an existing application or service principal if
     another object shares the same **display name**. Display names aren't unique and can change, which
     could result in credential loss or incorrect RBAC assignments. Use a **unique object ID or app ID** instead.
+    For more details, see https://go.microsoft.com/fwlink/?linkid=2342455.
 
 
     The output includes credentials that you must protect. Be sure that you do not include these credentials
diff --git a/src/azure-cli/azure/cli/command_modules/role/custom.py b/src/azure-cli/azure/cli/command_modules/role/custom.py
@@ -604,6 +604,13 @@ def create_application(cmd, client, display_name, identifier_uris=None,
                        # JSON properties
                        app_roles=None, optional_claims=None, required_resource_accesses=None):
     # pylint:disable=too-many-locals
+
+    logger.warning(f"The `az {cmd.name}` command can modify an existing application or service principal "
+                   "if another object shares the same display name. Display names aren't unique and can change, "
+                   "which could result in credential loss or incorrect RBAC assignments. "
+                   "Use a unique object ID or app ID instead. For more details, "
+                   "see https://go.microsoft.com/fwlink/?linkid=2342455.")
+
     graph_client = _graph_client_factory(cmd.cli_ctx)
 
     existing_apps = list_applications(cmd, client, display_name=display_name)
@@ -1017,10 +1024,6 @@ def app_federated_credential_delete(client, app_identifier, federated_identity_c
 
 
 def create_service_principal(cmd, identifier):
-    logger.warning("The `az ad sp create` command can modify an existing application or service principal "
-                   "if another object shares the same display name. Display names aren't unique and can change, "
-                   "which could result in credential loss or incorrect RBAC assignments. "
-                   "Use a unique object ID or app ID instead.")
     return _create_service_principal(cmd.cli_ctx, identifier)
 
 
@@ -1149,11 +1152,6 @@ def create_service_principal_for_rbac(
         show_auth_in_json=None, skip_assignment=False, keyvault=None):
     import time
 
-    logger.warning("The `az ad sp create-for-rbac` command can modify an existing application or service principal "
-                   "if another object shares the same display name. Display names aren't unique and can change, "
-                   "which could result in credential loss or incorrect RBAC assignments. "
-                   "Use a unique object ID or app ID instead.")
-
     if role and not scopes or not role and scopes:
         raise ArgumentUsageError("Usage error: To create role assignments, specify both --role and --scopes.")
 
