Skip to content

Commit

Permalink
Fix GitHub Pipeline secret token usage
Browse files Browse the repository at this point in the history 
**Why?**

No access was provided to pipelines that rely on GitHub repositories as their
source, using the GitHub Oauth token stored in the `/adf/github_token`
secret in Secrets Manager.

This issue was introduced with the refactoring to the separate pipeline
management stack in ADF v3.2.0.

**What?**

Added access rights for the pipeline creation stack to fetch the GitHub Oauth
secret.
  • Loading branch information
@sbkok @StewartW
sbkok authored and StewartW committed Jul 24, 2023
1 parent 8d0f650 commit 146291d
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions ...base/initial_commit/bootstrap_repository/adf-bootstrap/deployment/pipeline_management.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -891,6 +891,11 @@ Resources:
- "iam:TagPolicy"
- "iam:TagRole"
Resource: "*"
- Effect: Allow
Action:
- "secretsmanager:GetSecretValue"
Resource:
- !Sub "arn:${AWS::Partition}:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:/adf/github_token-*"

DeploymentMapProcessingFunction:
Type: 'AWS::Serverless::Function'
Expand Down

0 comments on commit 146291d

Please sign in to comment.