Support auto nonlock feature during plan with rover

aztfmod / rover

The rover is a docker container in charge of the deployment of the Terraform platform engineering for Azure

MIT License

176 stars 146 forks source link

Support auto nonlock feature during plan with rover #201

Closed seanlok closed 3 years ago

seanlok commented 3 years ago

Implementing automatically non lock state for tfstate feature with -lock=false when the -a plan, so that minimal permission to be granted at the containers / blob level to perform a plan.

This should only be in plan action NOT apply.

LaurentLesle commented 3 years ago

Thanks for the suggestion. This applies well to the caf_platform_contributors who can work on improving the deployed platform and check their modifications without being able to apply their changes.

caf_platform_contributors has "Storage Blob Data Reader"