maskati
commented
1 year ago Related #866
Open trylvis opened 1 year ago
maskati
commented
1 year ago Related #866
trylvis
commented
9 months ago Any news on this?
sbouss4
commented
6 months ago any update on this ?
Laudenlaruto
commented
5 months ago Do you have any workaround to have this working? Or do we have to assign contributor to the container app ? or container env ?
Laudenlaruto
commented
5 months ago You can create a custom role with the following actions to achieve this
"microsoft.app/builds/listauthtoken/action",
"microsoft.app/containerapps/authtoken/action",
"microsoft.app/containerapps/getauthtoken/action",
"microsoft.app/managedenvironments/getauthtoken/action"
sticl
commented
4 months ago Giving someone contributor rights just to watch the log stream is very cumbersome, hopefully it's still on the radar to get this fixed.
vRune4
commented
4 months ago Giving someone contributor rights just to watch the log stream is very cumbersome, hopefully it's still on the radar to get this fixed.
I concur.
Sure... I could define yet another custom role in my IaC project and assign this to my users, but my productivity is suffering.
rchauvetclara
commented
2 months ago You can create a custom role with the following actions to achieve this
"microsoft.app/builds/listauthtoken/action", "microsoft.app/containerapps/authtoken/action", "microsoft.app/containerapps/getauthtoken/action", "microsoft.app/managedenvironments/getauthtoken/action"
"microsoft.app/builds/listauthtoken/action" no longer available...
unkinected
commented
2 months ago You can create a custom role with the following actions to achieve this
"microsoft.app/builds/listauthtoken/action", "microsoft.app/containerapps/authtoken/action", "microsoft.app/containerapps/getauthtoken/action", "microsoft.app/managedenvironments/getauthtoken/action""microsoft.app/builds/listauthtoken/action" no longer available...
It's still there for me:
Is your feature request related to a problem? Please describe.
Users assigned the RBAC role "ContainerApp Reader" can not view "Log Stream" .
If a user have "Reader" and "ContainerApp Reader", Log Stream shows "Unauthorized".
Describe the solution you'd like.
Using Principle of Least Privilege, containers and new revisions are deployed through pipeline, and environment is managed with IaC. We want developers be able to debug and view logs of Container Apps, without needing to assign Contributor permissions on the Container App resource.
Describe alternatives you've considered.
Granting developers Monitoring Reader on the Log Analytics Workspace used for the Container App Environment perhaps could work, but it would be far easier allowing developers to view logs in the Log Stream.
Additional context.
If it is possible to achieve this creating a Custom Role, that would work as well - as long as the users do not get administrative permissions.