Closed seanlok closed 3 years ago
Thanks for the suggestion. This applies well to the caf_platform_contributors who can work on improving the deployed platform and check their modifications without being able to apply their changes.
caf_platform_contributors has "Storage Blob Data Reader"
Implementing automatically non lock state for tfstate feature with
-lock=false
when the-a plan
, so that minimal permission to be granted at the containers / blob level to perform a plan.This should only be in plan action NOT apply.