Remove ACA Environment Contributor role assignment#9405
Merged
eerhardt merged 2 commits intomicrosoft:mainfrom May 22, 2025
Merged
Remove ACA Environment Contributor role assignment#9405eerhardt merged 2 commits intomicrosoft:mainfrom
eerhardt merged 2 commits intomicrosoft:mainfrom
Conversation
github-actions
Bot
added
the
area-integrations
Contributor
|
Why draft? |
Member
Author
Was waiting for confirmation that we can do this. I plan on taking it out of draft today. |
This role assignment was necessary as an early workaround for getting access to the Aspire Dashboard hosted in ACA. The explicitly role assignment is no longer necessary because the user doing the deployment will automatically inherit the permission because they are the user who created the ACA environment.
eerhardt
force-pushed
the
RemoveContributorRole
branch
from
f4bb1cf to
4c651c4
Compare
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR removes the explicit ACA Environment Contributor role assignment, as it is no longer required given the updated permissions model for ACA environments.
- Removed the role assignment resource from multiple Bicep snapshot files.
- Removed the corresponding role assignment creation from the Azure Container App extension code.
Reviewed Changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| tests/Aspire.Hosting.Azure.Tests/Snapshots/AzureEnvironmentResourceTests.WhenUsedWithAzureContainerAppsEnvironment_GeneratesProperBicep#01.verified.bicep | Removed the env_Contributor resource definition. |
| tests/Aspire.Hosting.Azure.Tests/Snapshots/AzureContainerAppsTests.ContainerAppEnvironmentWithCustomRegistry#00.verified.bicep | Removed the env_Contributor resource definition. |
| tests/Aspire.Hosting.Azure.Tests/Snapshots/AzureContainerAppsTests.AddContainerAppEnvironmentAddsEnvironmentResource_useAzdNaming=True.verified.bicep | Removed the env_Contributor resource definition. |
| tests/Aspire.Hosting.Azure.Tests/Snapshots/AzureContainerAppsTests.AddContainerAppEnvironmentAddsEnvironmentResource_useAzdNaming=False.verified.bicep | Removed the env_Contributor resource definition. |
| src/Aspire.Hosting.Azure.AppContainers/AzureContainerAppExtensions.cs | Removed the role assignment creation and related using directive for Authorization. |
davidfowl
approved these changes
May 22, 2025
Member
Author
|
Merging for now to get this in. But we can make more changes if necessary. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This role assignment was necessary as an early workaround for getting access to the Aspire Dashboard hosted in ACA.
The explicitly role assignment is no longer necessary because the user doing the deployment will automatically inherit the permission because they are the user who created the ACA environment.
Checklist