Skip to content

Commit 5a45957

Browse files
author
Sheyla Trudo
committed
fixup! Artifacts
1 parent c05f699 commit 5a45957

File tree

2 files changed

+12
-7
lines changed

2 files changed

+12
-7
lines changed

.pipelines/templates/artifact-storage.steps.yaml

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -227,9 +227,10 @@ steps:
227227
DEFS_FOUND=$(az role definition list --name "$ACNCI_BUILDUSER_ROLE_NAME" --custom-role-only -ojson | jq length)
228228
229229
DEF=$(cat ./azure-container-networking/.pipelines/templates/mi-build-role.json | \
230-
jq -rc \
231-
--arg RESOURCE_GROUP_ID "$ACNCI_BUILD_RESOURCEGROUP_ID" \
232-
'.assignableScopes[] = $RESOURCE_GROUP_ID')
230+
jq -rc '.')
231+
232+
#'.assignableScopes[] = $RESOURCE_GROUP_ID')
233+
#--arg RESOURCE_GROUP_ID "$ACNCI_BUILD_RESOURCEGROUP_ID"
233234
echo $DEF | jq .
234235
if (( $DEFS_FOUND < 1 )); then
235236
az role definition create \

.pipelines/templates/mi-build-role.json

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,9 @@
66
"isCustom": true,
77
"description": "A custom role given to managed identities created by the CI build process. This role should try to focus on owning the resources already in its scope; rather than creating new ones. Actions should be added as necessary - and not in anticipation.",
88
"actions": [
9-
"Microsoft.Storage/storageAccounts/blobServices/containers/*",
109
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action",
10+
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
11+
"Microsoft.Storage/storageAccounts/blobServices/containers/write",
1112
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*",
1213

1314
"Microsoft.Storage/storageAccounts/tableServices/tables/read",
@@ -31,8 +32,11 @@
3132
],
3233
"notActions": [],
3334
"dataActions": [
34-
"Microsoft.Storage/storageAccounts/blobServices/containers/*",
35-
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*",
35+
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
36+
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write",
37+
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
38+
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action",
39+
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action",
3640

3741
"Microsoft.Storage/storageAccounts/tableServices/tables/entities/read",
3842
"Microsoft.Storage/storageAccounts/tableServices/tables/entities/write",
@@ -56,6 +60,6 @@
5660
],
5761
"notDataActions": [],
5862
"assignableScopes": [
59-
"$RESOURCE_GROUP_ID"
63+
"/"
6064
]
6165
}

0 commit comments

Comments
 (0)