setuc
commented
1 year ago Yes, you are correct in your assessment @WiktorMadejski. We did notice this issue and we are reviewing the steps again to reframe to explain as to how one can properly deploy secure workspaces with hosted runners. This would also include the service principal that you have mentioned. We are pending an internal security review and planning to address this in the next release. That release is planned for November - December timeframe.
Hey,
After infra deploy "tf-ado-deploy-infra.yml" with "enable_aml_secure_workspace: true" did you test "deploy-model-training-pipeline" in Azure DevOps?
Stack:
1) My conclusion is that the stack is as expected because public agent is used pool: vmImage: $(ap_vm_image) where ap_vm_image: ubuntu-20.04. to perform actions in Azure Machine Learning Workspace (ex. pipeline.publish(config['training_pipeline_name'])). In case you are able to perform this action on your side isn't it a security issue? Do you expect to add self hosted agent deployment and configuration to tf ?
2) Additionally, don't you need "Machine Learning Workspace" scoped service principal to perform AML Workspace actions? Should instructed Azure-ARM-Prod (subscription level type) be able to preform any actions?