fix: add roles for legacy telemetry provider (#56)

Azure · Oct 31, 2024 · 1d069c1 · 1d069c1
1 parent 612930a
commit 1d069c1
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 12 deletions.
diff --git a/alz/azuredevops/variables.hidden.tf b/alz/azuredevops/variables.hidden.tf
@@ -197,7 +197,8 @@ variable "custom_role_definitions_terraform" {
           "Microsoft.Management/managementGroups/write",
           "Microsoft.Management/managementGroups/subscriptions/read",
           "Microsoft.Authorization/*/read",
-          "Microsoft.Resources/deployments/write"
+          "Microsoft.Resources/deployments/write",
+          "Microsoft.Resources/deployments/exportTemplate/action"
         ]
         not_actions = []
       }
@@ -210,7 +211,8 @@ variable "custom_role_definitions_terraform" {
           "Microsoft.Management/managementGroups/read",
           "Microsoft.Management/managementGroups/subscriptions/read",
           "Microsoft.Authorization/*/read",
-          "Microsoft.Resources/deployments/write"
+          "Microsoft.Resources/deployments/write",
+          "Microsoft.Resources/deployments/exportTemplate/action"
         ]
         not_actions = []
       }
@@ -221,7 +223,8 @@ variable "custom_role_definitions_terraform" {
       permissions = {
         actions = [
           "*",
-          "Microsoft.Resources/deployments/write"
+          "Microsoft.Resources/deployments/write",
+          "Microsoft.Resources/deployments/exportTemplate/action"
         ]
         not_actions = []
       }
@@ -232,7 +235,8 @@ variable "custom_role_definitions_terraform" {
       permissions = {
         actions = [
           "*/read",
-          "Microsoft.Resources/deployments/write"
+          "Microsoft.Resources/deployments/write",
+          "Microsoft.Resources/deployments/exportTemplate/action"
         ]
         not_actions = []
       }

diff --git a/alz/github/variables.hidden.tf b/alz/github/variables.hidden.tf
@@ -197,7 +197,8 @@ variable "custom_role_definitions_terraform" {
           "Microsoft.Management/managementGroups/write",
           "Microsoft.Management/managementGroups/subscriptions/read",
           "Microsoft.Authorization/*/read",
-          "Microsoft.Resources/deployments/write"
+          "Microsoft.Resources/deployments/write",
+          "Microsoft.Resources/deployments/exportTemplate/action"
         ]
         not_actions = []
       }
@@ -210,7 +211,8 @@ variable "custom_role_definitions_terraform" {
           "Microsoft.Management/managementGroups/read",
           "Microsoft.Management/managementGroups/subscriptions/read",
           "Microsoft.Authorization/*/read",
-          "Microsoft.Resources/deployments/write"
+          "Microsoft.Resources/deployments/write",
+          "Microsoft.Resources/deployments/exportTemplate/action"
         ]
         not_actions = []
       }
@@ -221,7 +223,8 @@ variable "custom_role_definitions_terraform" {
       permissions = {
         actions = [
           "*",
-          "Microsoft.Resources/deployments/write"
+          "Microsoft.Resources/deployments/write",
+          "Microsoft.Resources/deployments/exportTemplate/action"
         ]
         not_actions = []
       }
@@ -232,7 +235,8 @@ variable "custom_role_definitions_terraform" {
       permissions = {
         actions = [
           "*/read",
-          "Microsoft.Resources/deployments/write"
+          "Microsoft.Resources/deployments/write",
+          "Microsoft.Resources/deployments/exportTemplate/action"
         ]
         not_actions = []
       }

diff --git a/alz/local/variables.hidden.tf b/alz/local/variables.hidden.tf
@@ -86,7 +86,8 @@ variable "custom_role_definitions_terraform" {
           "Microsoft.Management/managementGroups/write",
           "Microsoft.Management/managementGroups/subscriptions/read",
           "Microsoft.Authorization/*/read",
-          "Microsoft.Resources/deployments/write"
+          "Microsoft.Resources/deployments/write",
+          "Microsoft.Resources/deployments/exportTemplate/action"
         ]
         not_actions = []
       }
@@ -99,7 +100,8 @@ variable "custom_role_definitions_terraform" {
           "Microsoft.Management/managementGroups/read",
           "Microsoft.Management/managementGroups/subscriptions/read",
           "Microsoft.Authorization/*/read",
-          "Microsoft.Resources/deployments/write"
+          "Microsoft.Resources/deployments/write",
+          "Microsoft.Resources/deployments/exportTemplate/action"
         ]
         not_actions = []
       }
@@ -110,7 +112,8 @@ variable "custom_role_definitions_terraform" {
       permissions = {
         actions = [
           "*",
-          "Microsoft.Resources/deployments/write"
+          "Microsoft.Resources/deployments/write",
+          "Microsoft.Resources/deployments/exportTemplate/action"
         ]
         not_actions = []
       }
@@ -121,7 +124,8 @@ variable "custom_role_definitions_terraform" {
       permissions = {
         actions = [
           "*/read",
-          "Microsoft.Resources/deployments/write"
+          "Microsoft.Resources/deployments/write",
+          "Microsoft.Resources/deployments/exportTemplate/action"
         ]
         not_actions = []
       }