Skip to content

Commit 5b802a0

Browse files
jackfrancisjackfrancis
authored
use sufficient identity roles for conformance tests (#5060)
* use sufficient identity roles for conformance tests Signed-off-by: Jack Francis <[email protected]> * test original solution Signed-off-by: Jack Francis <[email protected]> * remove storage account contrib Signed-off-by: Jack Francis <[email protected]> * try Reader-only Signed-off-by: Jack Francis <[email protected]> * try Contributor instead of Owner Signed-off-by: Jack Francis <[email protected]> * add RBAC role Signed-off-by: Jack Francis <[email protected]> --------- Signed-off-by: Jack Francis <[email protected]>
1 parent dbbf684 commit 5b802a0

File tree

1 file changed

+3
-3
lines changed

1 file changed

+3
-3
lines changed

scripts/kind-with-registry.sh

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -159,13 +159,13 @@ EOF
159159
AZURE_IDENTITY_ID_PRINCIPAL_ID=$(az identity show -n "${USER_IDENTITY}" -g "${AZWI_RESOURCE_GROUP}" --query principalId -o tsv)
160160

161161
echo "${AZURE_IDENTITY_ID}" > "${AZURE_IDENTITY_ID_FILEPATH}"
162-
until az role assignment create --assignee-object-id "${AZURE_IDENTITY_ID_PRINCIPAL_ID}" --role "Owner" --scope "/subscriptions/${AZURE_SUBSCRIPTION_ID}" --assignee-principal-type ServicePrincipal; do
162+
until az role assignment create --assignee-object-id "${AZURE_IDENTITY_ID_PRINCIPAL_ID}" --role "Contributor" --scope "/subscriptions/${AZURE_SUBSCRIPTION_ID}" --assignee-principal-type ServicePrincipal; do
163163
sleep 5
164164
done
165-
until az role assignment create --assignee-object-id "${AZURE_IDENTITY_ID_PRINCIPAL_ID}" --role "Storage Account Contributor" --scope "/subscriptions/${AZURE_SUBSCRIPTION_ID}" --assignee-principal-type ServicePrincipal; do
165+
until az role assignment create --assignee-object-id "${AZURE_IDENTITY_ID_PRINCIPAL_ID}" --role "Role Based Access Control Administrator" --scope "/subscriptions/${AZURE_SUBSCRIPTION_ID}" --assignee-principal-type ServicePrincipal; do
166166
sleep 5
167167
done
168-
until az role assignment create --assignee-object-id "${AZURE_IDENTITY_ID_PRINCIPAL_ID}" --role "Storage Blob Data Owner" --scope "/subscriptions/${AZURE_SUBSCRIPTION_ID}" --assignee-principal-type ServicePrincipal; do
168+
until az role assignment create --assignee-object-id "${AZURE_IDENTITY_ID_PRINCIPAL_ID}" --role "Storage Blob Data Reader" --scope "/subscriptions/${AZURE_SUBSCRIPTION_ID}" --assignee-principal-type ServicePrincipal; do
169169
sleep 5
170170
done
171171

0 commit comments

Comments
 (0)