Scenario 4: Create Infra Missing DNS Zone RG (`--assign-identity-roles`)

Objective: Verify that create infra azure --assign-identity-roles without --dns-zone-rg-name now returns a clear error instead of silently producing invalid role assignment scopes.

Result: PASS — Command exits non-zero with clear error requiring --dns-zone-rg-name.

Command

$ hypershift create infra azure \
    --name test-s4 \
    --infra-id test-s4 \
    --azure-creds creds.yaml \
    --base-domain example.com \
    --workload-identities-file wi.json \
    --assign-identity-roles

Full Output

Error: --dns-zone-rg-name is required when --assign-identity-roles or --assign-custom-hcp-roles is set
--dns-zone-rg-name is required when --assign-identity-roles or --assign-custom-hcp-roles is set

Exit code: 1

Verification

Check	Result
Command exits with non-zero code	PASS — Exit code: 1
Error message requires `--dns-zone-rg-name`	PASS — `--dns-zone-rg-name is required when ...`
Error message covers both flags	PASS — Mentions both `--assign-identity-roles` and `--assign-custom-hcp-roles`

← Scenario 3 Scenario 5 →

Scenario 4: Create Infra Missing DNS Zone RG (--assign-identity-roles)

Command

Full Output

Verification

Scenario 4: Create Infra Missing DNS Zone RG (`--assign-identity-roles`)