{Role} Clean up linter exclusion rules (#31323)

jiasli · web-flow · commit 58285f3a1277 · 2025-04-24T16:20:31.000+08:00
diff --git a/linter_exclusions.yml b/linter_exclusions.yml
@@ -196,78 +196,6 @@ acs kubernetes install-cli:
     kubelogin_install_location:
       rule_exclusions:
       - option_length_too_long
-ad app create:
-  parameters:
-    available_to_other_tenants:
-      rule_exclusions:
-      - option_length_too_long
-    credential_description:
-      rule_exclusions:
-      - option_length_too_long
-    oauth2_allow_implicit_flow:
-      rule_exclusions:
-      - option_length_too_long
-    required_resource_accesses:
-      rule_exclusions:
-      - option_length_too_long
-ad app credential reset:
-  parameters:
-    credential_description:
-      rule_exclusions:
-      - option_length_too_long
-ad app update:
-  parameters:
-    available_to_other_tenants:
-      rule_exclusions:
-      - option_length_too_long
-    credential_description:
-      rule_exclusions:
-      - option_length_too_long
-    key_type:
-      rule_exclusions:
-      - no_parameter_defaults_for_update_commands
-    key_usage:
-      rule_exclusions:
-      - no_parameter_defaults_for_update_commands
-    oauth2_allow_implicit_flow:
-      rule_exclusions:
-      - option_length_too_long
-    required_resource_accesses:
-      rule_exclusions:
-      - option_length_too_long
-ad group get-member-groups:
-  parameters:
-    additional_properties:
-      rule_exclusions:
-      - option_length_too_long
-    security_enabled_only:
-      rule_exclusions:
-      - option_length_too_long
-ad group member add:
-  parameters:
-    additional_properties:
-      rule_exclusions:
-      - option_length_too_long
-ad sp credential reset:
-  parameters:
-    credential_description:
-      rule_exclusions:
-      - option_length_too_long
-ad user create:
-  parameters:
-    force_change_password_next_login:
-      rule_exclusions:
-      - option_length_too_long
-ad user get-member-groups:
-  parameters:
-    security_enabled_only:
-      rule_exclusions:
-      - option_length_too_long
-ad user update:
-  parameters:
-    force_change_password_next_login:
-      rule_exclusions:
-      - option_length_too_long
 aks create:
   parameters:
     aad_admin_group_object_ids:
@@ -3108,11 +3036,6 @@ rest:
     skip_authorization_header:
       rule_exclusions:
       - option_length_too_long
-role assignment create:
-  parameters:
-    assignee_principal_type:
-      rule_exclusions:
-      - option_length_too_long
 security adaptive_network_hardenings show:
   parameters:
     adaptive_network_hardenings_resource_name:
diff --git a/src/azure-cli/azure/cli/command_modules/role/_params.py b/src/azure-cli/azure/cli/command_modules/role/_params.py
@@ -96,6 +96,7 @@ def load_arguments(self, _):
                         "'2017-12-31'). Default value is one year after current time")
         c.argument('key_value', arg_group='keyCredential',
                    help='the value for the key credentials associated with the application')
+        # Even in `az ad app update`, key_type and key_usage need to have default values if key_value is specified
         c.argument('key_type', arg_group='keyCredential',
                    help='the type of the key credentials associated with the application',
                    arg_type=get_enum_type(['AsymmetricX509Cert', 'Password', 'Symmetric'],
@@ -263,7 +264,6 @@ def load_arguments(self, _):
     with self.argument_context('ad user') as c:
         c.ignore('_subscription')
         c.argument('mail_nickname', help='mail alias. Defaults to user principal name')
-        c.argument('force_change_password_next_login', arg_type=get_three_state_flag(), help='Require the user to change their password the next time they log in. Only valid when --password is specified')
         c.argument('account_enabled', arg_type=get_three_state_flag(), help='enable the user account')
         c.argument('password', help='user password')
         c.argument('upn_or_object_id', options_list=['--id'],
diff --git a/src/azure-cli/azure/cli/command_modules/role/linter_exclusions.yml b/src/azure-cli/azure/cli/command_modules/role/linter_exclusions.yml
@@ -21,6 +21,9 @@ ad app create:
         requested_access_token_version:
             rule_exclusions:
             - option_length_too_long
+        required_resource_accesses:
+            rule_exclusions:
+            - option_length_too_long
 ad app update:
     parameters:
         enable_access_token_issuance:
@@ -41,6 +44,15 @@ ad app update:
         requested_access_token_version:
             rule_exclusions:
             - option_length_too_long
+        key_type:
+            rule_exclusions:
+            - no_parameter_defaults_for_update_commands
+        key_usage:
+            rule_exclusions:
+            - no_parameter_defaults_for_update_commands
+        required_resource_accesses:
+            rule_exclusions:
+            - option_length_too_long
 ad user create:
     parameters:
         force_change_password_next_sign_in:
@@ -76,4 +88,19 @@ role assignment list:
         fill_role_definition_name:
             rule_exclusions:
             - option_length_too_long
+role assignment create:
+    parameters:
+        assignee_principal_type:
+            rule_exclusions:
+            - option_length_too_long
+ad group get-member-groups:
+    parameters:
+        security_enabled_only:
+            rule_exclusions:
+            - option_length_too_long
+ad user get-member-groups:
+    parameters:
+        security_enabled_only:
+            rule_exclusions:
+            - option_length_too_long
 ...
