Delete role assignment by ID does not use the correct URI and fails with MissingSubscription #31109
Description
Describe the bug
az role assignment delete fails with "MissingSubscription" when --ids parameter is provided with GUIDs rather than fully-qualified resource ids.
Related command
az role assignment delete
Errors
MissingSubscription
Issue script & Debug output
az role assignment delete --ids ae44cb62-f719-4c45-9bb4-878311fcf9e2 --verbose
[...]
msrestazure.azure_active_directory: MSI: Token retrieved
cli.azure.cli.command_modules.role.custom: option '--scope' will be ignored due to use of '--ids'.
cli.azure.cli.core.auth.adal_authentication: MSIAuthenticationWrapper.get_token: scopes=('https://management.core.windows.net//.default',)), kwargs={}
msrestazure.azure_active_directory: MSI: token is found in cache.
cli.azure.cli.core.auth.adal_authentication: Normalize expires_on: '1742599775' -> 1742599775
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/ae44cb62-f719-4c45-9bb4-878311fcf9e2?api-version=2022-04-01'
cli.azure.cli.core.sdk.policies: Request method: 'DELETE'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': 'cc5e6ed8-068b-11f0-905b-00155dffb2e6'
...
Expected behavior
I would expect it to fill in the subscription from my az account if not provided.
If I run `az role assignment delete --ids /subscription/xxx/providers/Microsoft.Authorizaton/roleAssignments/ae44cb62-f719-4c45-9bb4-878311fcf9e2 it works.
Environment Summary
root [ / ]# az --version
azure-cli 2.70.0
core 2.70.0
telemetry 1.1.0
Dependencies:
msal 1.31.2b1
azure-mgmt-resource 23.1.1
Python location '/usr/bin/python3.12'
Config directory '/root/.azure'
Extensions directory '/root/.azure/cliextensions'
Python (Linux) 3.12.9 (main, Mar 11 2025, 15:30:57) [GCC 13.2.0]
Legal docs and information: aka.ms/AzureCliLegal
Your CLI is up-to-date.
Additional context
No response