Skip to content

Commit

Permalink
Drop Read Condition from Azure Role Assignment (#1109)
Browse files Browse the repository at this point in the history
Signed-off-by: Ian Stanton <[email protected]>
  • Loading branch information
ianstanton authored Dec 23, 2024
1 parent 0ed1858 commit c866208
Showing 1 changed file with 0 additions and 12 deletions.
12 changes: 0 additions & 12 deletions conductor/src/azure/uami_builder.rs
Original file line number Diff line number Diff line change
Expand Up @@ -171,18 +171,6 @@ pub async fn create_role_assignment(
// to the instance's directory in the blob
let blob_conditions = Some(format!(
"\
(
(
!(ActionMatches{{'Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read'}})
)
OR
(
@Resource[Microsoft.Storage/storageAccounts/blobServices/containers:name] StringEquals '{azure_backup_container}'
AND
@Resource[Microsoft.Storage/storageAccounts/blobServices/containers/blobs:path] StringLike '{namespace}/*'
)
)
AND
(
(
!(ActionMatches{{'Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write'}})
Expand Down

0 comments on commit c866208

Please sign in to comment.