Skip to content

[CosmosDB] az cosmosdb update: Add support for Microsoft Fabric workspace resource IDs in --network-acl-bypass-resource-ids #32761

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dgao97 wants to merge 2 commits into
base: dev
Choose a base branch
from
Open

[CosmosDB] az cosmosdb update: Add support for Microsoft Fabric workspace resource IDs in --network-acl-bypass-resource-ids #32761

dgao97 wants to merge 2 commits into from
+1,355 −2

Conversation

@dgao97
Copy link

@dgao97 dgao97 commented Feb 9, 2026
edited by calvinhzy
Loading

Related command
az cosmosdb update -n {acc} -g {rg} --network-acl-bypass AzureServices --network-acl-bypass-resource-ids /tenants/{tenantId}/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/Fabric/providers/Microsoft.Fabric/workspaces/{workspaceGuid}

Description

This PR adds support for Microsoft Fabric workspace resource IDs in the --network-acl-bypass-resource-ids parameter for az cosmosdb update.

Previously, only standard Azure resource IDs (starting with /subscriptions/) were accepted. This change extends validation to also accept Fabric resource IDs in the format:
/tenants/{tenantId}/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/Fabric/providers/Microsoft.Fabric/workspaces/{workspaceGuid}

Changes:

  • Added is_valid_network_acl_bypass_resource_id() function in _validators.py that validates both standard Azure resource IDs and Fabric resource IDs
  • Updated cli_cosmosdb_update() in custom.py to use the new validation function

Testing Guide

# Update a CosmosDB account with a Fabric workspace resource ID for network ACL bypass
az cosmosdb update -n myaccount -g mygroup --capabilities EnableFabricNetworkAclBypass --network-acl-bypass AzureServices --network-acl-bypass-resource-ids /tenants/72f988bf-86f1-41af-91ab-2d7cd011db47/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/Fabric/providers/Microsoft.Fabric/workspaces/3e83f2c3-5a1e-45c3-95f3-53f3a1794e6f

# Standard Azure resource IDs continue to work
az cosmosdb update -n myaccount -g mygroup --network-acl-bypass AzureServices --network-acl-bypass-resource-ids /subscriptions/subId/resourceGroups/rgName/providers/Microsoft.Synapse/workspaces/wsName

History Notes

[CosmosDB] az cosmosdb update: Add support for Microsoft Fabric workspace resource IDs in --network-acl-bypass-resource-ids

This checklist is used to make sure that common guidelines for a pull request are followed.

@dgao97 dgao97 requested a review from calvinhzy as a code owner February 9, 2026 17:38
Copilot AI review requested due to automatic review settings February 9, 2026 17:38
@azure-client-tools-bot-prd
Copy link

azure-client-tools-bot-prd bot commented Feb 9, 2026
edited
Loading

️✔️AzureCLI-FullTest
️✔️acr
️✔️latest
️✔️3.12
️✔️3.13
️✔️acs
️✔️latest
️✔️3.12
️✔️3.13
️✔️advisor
️✔️latest
️✔️3.12
️✔️3.13
️✔️ams
️✔️latest
️✔️3.12
️✔️3.13
️✔️apim
️✔️latest
️✔️3.12
️✔️3.13
️✔️appconfig
️✔️latest
️✔️3.12
️✔️3.13
️✔️appservice
️✔️latest
️✔️3.12
️✔️3.13
️✔️aro
️✔️latest
️✔️3.12
️✔️3.13
️✔️backup
️✔️latest
️✔️3.12
️✔️3.13
️✔️batch
️✔️latest
️✔️3.12
️✔️3.13
️✔️batchai
️✔️latest
️✔️3.12
️✔️3.13
️✔️billing
️✔️latest
️✔️3.12
️✔️3.13
️✔️botservice
️✔️latest
️✔️3.12
️✔️3.13
️✔️cdn
️✔️latest
️✔️3.12
️✔️3.13
️✔️cloud
️✔️latest
️✔️3.12
️✔️3.13
️✔️cognitiveservices
️✔️latest
️✔️3.12
️✔️3.13
️✔️compute_recommender
️✔️latest
️✔️3.12
️✔️3.13
️✔️computefleet
️✔️latest
️✔️3.12
️✔️3.13
️✔️config
️✔️latest
️✔️3.12
️✔️3.13
️✔️configure
️✔️latest
️✔️3.12
️✔️3.13
️✔️consumption
️✔️latest
️✔️3.12
️✔️3.13
️✔️container
️✔️latest
️✔️3.12
️✔️3.13
️✔️containerapp
️✔️latest
️✔️3.12
️✔️3.13
️✔️core
️✔️latest
️✔️3.12
️✔️3.13
️✔️cosmosdb
️✔️latest
️✔️3.12
️✔️3.13
️✔️databoxedge
️✔️latest
️✔️3.12
️✔️3.13
️✔️dls
️✔️latest
️✔️3.12
️✔️3.13
️✔️dms
️✔️latest
️✔️3.12
️✔️3.13
️✔️eventgrid
️✔️latest
️✔️3.12
️✔️3.13
️✔️eventhubs
️✔️latest
️✔️3.12
️✔️3.13
️✔️feedback
️✔️latest
️✔️3.12
️✔️3.13
️✔️find
️✔️latest
️✔️3.12
️✔️3.13
️✔️hdinsight
️✔️latest
️✔️3.12
️✔️3.13
️✔️identity
️✔️latest
️✔️3.12
️✔️3.13
️✔️iot
️✔️latest
️✔️3.12
️✔️3.13
️✔️keyvault
️✔️latest
️✔️3.12
️✔️3.13
️✔️lab
️✔️latest
️✔️3.12
️✔️3.13
️✔️managedservices
️✔️latest
️✔️3.12
️✔️3.13
️✔️maps
️✔️latest
️✔️3.12
️✔️3.13
️✔️marketplaceordering
️✔️latest
️✔️3.12
️✔️3.13
️✔️monitor
️✔️latest
️✔️3.12
️✔️3.13
️✔️mysql
️✔️latest
️✔️3.12
️✔️3.13
️✔️netappfiles
️✔️latest
️✔️3.12
️✔️3.13
️✔️network
️✔️latest
️✔️3.12
️✔️3.13
️✔️policyinsights
️✔️latest
️✔️3.12
️✔️3.13
️✔️postgresql
️✔️latest
️✔️3.12
️✔️3.13
️✔️privatedns
️✔️latest
️✔️3.12
️✔️3.13
️✔️profile
️✔️latest
️✔️3.12
️✔️3.13
️✔️rdbms
️✔️latest
️✔️3.12
️✔️3.13
️✔️redis
️✔️latest
️✔️3.12
️✔️3.13
️✔️relay
️✔️latest
️✔️3.12
️✔️3.13
️✔️resource
️✔️latest
️✔️3.12
️✔️3.13
️✔️role
️✔️latest
️✔️3.12
️✔️3.13
️✔️search
️✔️latest
️✔️3.12
️✔️3.13
️✔️security
️✔️latest
️✔️3.12
️✔️3.13
️✔️servicebus
️✔️latest
️✔️3.12
️✔️3.13
️✔️serviceconnector
️✔️latest
️✔️3.12
️✔️3.13
️✔️servicefabric
️✔️latest
️✔️3.12
️✔️3.13
️✔️signalr
️✔️latest
️✔️3.12
️✔️3.13
️✔️sql
️✔️latest
️✔️3.12
️✔️3.13
️✔️sqlvm
️✔️latest
️✔️3.12
️✔️3.13
️✔️storage
️✔️latest
️✔️3.12
️✔️3.13
️✔️synapse
️✔️latest
️✔️3.12
️✔️3.13
️✔️telemetry
️✔️latest
️✔️3.12
️✔️3.13
️✔️util
️✔️latest
️✔️3.12
️✔️3.13
️✔️vm
️✔️latest
️✔️3.12
️✔️3.13

@azure-client-tools-bot-prd
Copy link

azure-client-tools-bot-prd bot commented Feb 9, 2026
edited
Loading

️✔️AzureCLI-BreakingChangeTest
️✔️Non Breaking Changes

@yonzhan
Copy link
Collaborator

yonzhan commented Feb 9, 2026

Thank you for your contribution! We will review the pull request and get back to you soon.

@github-actions
Copy link

github-actions bot commented Feb 9, 2026

The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR.

Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions).
After that please run the following commands to enable git hooks:

pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>

@microsoft-github-policy-service microsoft-github-policy-service bot added the customer-reported Issues that are reported by GitHub users external to the Azure organization. label Feb 9, 2026
@microsoft-github-policy-service
Copy link
Contributor

microsoft-github-policy-service bot commented Feb 9, 2026

Thank you for your contribution @dgao97! We will review the pull request and get back to you soon.

@microsoft-github-policy-service microsoft-github-policy-service bot added Auto-Assign Auto assign by bot CosmosDB az cosmosdb labels Feb 9, 2026
@dgao97
Copy link
Author

dgao97 commented Feb 9, 2026

@microsoft-github-policy-service agree company="Microsoft"

Copilot AI reviewed Feb 9, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds support in az cosmosdb update for validating Microsoft Fabric workspace resource IDs passed via --network-acl-bypass-resource-ids, alongside existing standard ARM /subscriptions/... resource IDs.

Changes:

  • Introduces is_valid_network_acl_bypass_resource_id() to validate both standard ARM resource IDs and Fabric /tenants/... resource IDs.
  • Updates cli_cosmosdb_update() to use the new validator for --network-acl-bypass-resource-ids.
  • Adds a scenario test + recording covering both standard and Fabric resource ID update flows.

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 1 comment.

File Description
src/azure-cli/azure/cli/command_modules/cosmosdb/custom.py Switches --network-acl-bypass-resource-ids validation to the new validator supporting Fabric IDs.
src/azure-cli/azure/cli/command_modules/cosmosdb/_validators.py Adds Fabric-aware resource ID validation helper used by cosmosdb update.
src/azure-cli/azure/cli/command_modules/cosmosdb/tests/latest/test_cosmosdb_commands.py Adds live scenario test verifying standard + Fabric resource ID behavior.
src/azure-cli/azure/cli/command_modules/cosmosdb/tests/latest/recordings/test_cosmosdb_network_acl_bypass.yaml Recording for the new scenario test.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

src/azure-cli/azure/cli/command_modules/cosmosdb/_validators.py
Comment on lines +610 to +617
def _is_valid_guid(value):
"""Check if a string is a valid GUID."""
import uuid
try:
uuid.UUID(value)
return True
except ValueError:
return False
Copy link

Copilot AI Feb 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

_is_valid_guid currently uses uuid.UUID(value) which accepts non-canonical GUID representations (e.g. urn:uuid:<guid>, {<guid>}, or 32-hex-without-dashes). Because the Fabric resource ID regex captures (.+), these non-ARM forms would be treated as valid IDs even though they are not valid path segments in an ARM resource ID. Consider tightening validation to require the canonical 36-char hex-with-dashes form (e.g. validate with a GUID regex, or compare str(uuid.UUID(value)) == value.lower()), and/or tighten the capture groups in the Fabric regex to a GUID pattern.

Copilot uses AI. Check for mistakes.
@yonzhan yonzhan assigned calvinhzy and unassigned evelyn-ys Feb 9, 2026
@yonzhan yonzhan removed the request for review from evelyn-ys February 9, 2026 23:28
@calvinhzy
Copy link
Member

calvinhzy commented Feb 10, 2026

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented Feb 10, 2026

Azure Pipelines successfully started running 3 pipeline(s).

@calvinhzy calvinhzy changed the title [Cosmos DB] az cosmosdb update: Add support for Microsoft Fabric workspace resource IDs in --network-acl-bypass-resource-ids [Cosmos DB] az cosmosdb update: Add support for Microsoft Fabric workspace resource IDs in --network-acl-bypass-resource-ids Feb 10, 2026
@calvinhzy calvinhzy changed the title [Cosmos DB] az cosmosdb update: Add support for Microsoft Fabric workspace resource IDs in --network-acl-bypass-resource-ids [CosmosDB] az cosmosdb update: Add support for Microsoft Fabric workspace resource IDs in --network-acl-bypass-resource-ids Feb 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@calvinhzy calvinhzy Awaiting requested review from calvinhzy calvinhzy is a code owner

@yonzhan yonzhan Awaiting requested review from yonzhan

@jsntcy jsntcy Awaiting requested review from jsntcy

@kairu-ms kairu-ms Awaiting requested review from kairu-ms

At least 1 approving review is required to merge this pull request.

Assignees

@calvinhzy calvinhzy

Labels

Auto-Assign Auto assign by bot CosmosDB az cosmosdb customer-reported Issues that are reported by GitHub users external to the Azure organization. Synapse

Projects

None yet

Milestone

March 2026 (2026-03-03)

Development

Successfully merging this pull request may close these issues.

4 participants

@dgao97 @yonzhan @calvinhzy @evelyn-ys