Add-permissions-storage-account #127684
Add-permissions-storage-account #127684
Conversation
The container app env need also permissions on the azure file
|
@Ily83 : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change. |
|
Learn Build status updates of commit 8d5148d: ❌ Validation status: errorsPlease follow instructions here which may help to resolve issue. For more details, please refer to the build report. Note: Your PR may contain errors or warnings or suggestions unrelated to the files you changed. This happens when external dependencies like GitHub alias, Microsoft alias, cross repo links are updated. Please use these instructions to resolve them. |
|
refreshing the build |
|
Can you review the proposed changes? Important: When the changes are ready for publication, adding a #label:"aq-pr-triaged" |
prmerger-automator
bot
added
the
aq-pr-triaged
There was a problem hiding this comment.
Pull Request Overview
This PR adds an important security requirement for Container Apps storage mounts by documenting the necessary permissions for Azure File Share access. The change clarifies that the Container App Environment's managed identity needs specific role assignments to access Azure File Share storage.
- Adds documentation for required RBAC permissions on Azure File Share
- Specifies the exact role needed: "Storage File Data SMB Share Contributor"
- Provides clear guidance for proper security configuration
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| | Azure account | If you don't have one, [create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). | | ||
| | Azure Container Apps environment | [Create a container apps environment](environment.md). | | ||
|
|
||
| **Important**: Ensure that the managed identity associated with your Container App Environment is assigned the `Storage File Data SMB Share Contributor` role on the Azure Fileshare, to allow your container app to access the Azure Fileshare. |
There was a problem hiding this comment.
Inconsistent capitalization: 'Fileshare' should be 'File Share' to match Azure terminology used elsewhere in the sentence.
| **Important**: Ensure that the managed identity associated with your Container App Environment is assigned the `Storage File Data SMB Share Contributor` role on the Azure Fileshare, to allow your container app to access the Azure Fileshare. | |
| **Important**: Ensure that the managed identity associated with your Container App Environment is assigned the `Storage File Data SMB Share Contributor` role on the Azure File Share, to allow your container app to access the Azure File Share. |
Copilot uses AI. Check for mistakes.
|
Learn Build status updates of commit 8d5148d: ✅ Validation status: passed
For more details, please refer to the build report. |
Co-authored-by: Diana Richards <[email protected]>
|
Learn Build status updates of commit 12551fc: ✅ Validation status: passed
For more details, please refer to the build report. |
The container app env need also permissions on the azure file share