Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add permissions for Azure CIS 9.1 rule #2031

Merged
merged 1 commit into from
Mar 13, 2024
Merged

Add permissions for Azure CIS 9.1 rule #2031

merged 1 commit into from
Mar 13, 2024

Conversation

kubasobon
Copy link
Member

Summary of your changes

Add Microsoft.Web/sites/config/Read and Microsoft.Web/sites/config/list/Action permissions. The permissions needed were indicated by the error message in cloudbeat logs:

ESPONSE 403: 403 Forbidden
ERROR CODE: AuthorizationFailed
--------------------------------------------------------------------------------
{
  "error": {
    "code": "AuthorizationFailed",
    "message": "The client '[REDACTED]' with object id '[REDACTED]' does not have authorization to perform action 'Microsoft.Web/sites/config/list/action' over scope '/subscriptions/[REDACTED]/resourceGroups/azurecloudbeatcitests/providers/Microsoft.Web/sites/test-app-service-pass/config/authsettings' or the scope is invalid. If access was recently granted, please refresh your credentials."
  }
}
--------------------------------------------------------------------------------

Related to #1758 (comment)

@kubasobon kubasobon self-assigned this Mar 13, 2024
@kubasobon kubasobon marked this pull request as ready for review March 13, 2024 15:13
@kubasobon kubasobon requested a review from a team as a code owner March 13, 2024 15:13
@kubasobon kubasobon enabled auto-merge (squash) March 13, 2024 15:13
@kubasobon kubasobon disabled auto-merge March 13, 2024 15:16
@github-actions GitHub Actions
Copy link

📊 Allure Report - 💚 No failures were reported.

Result Count
🟥 Failed 0
🟩 Passed 162
⬜ Skipped 0

@kubasobon kubasobon merged commit 724a151 into main Mar 13, 2024
27 checks passed
@kubasobon kubasobon deleted the fix-azure-arm-missing-permissions branch March 13, 2024 15:23
mergify bot pushed a commit that referenced this pull request Mar 13, 2024
@kubasobon @mergify
Add permissions for Azure CIS 9.1 rule (#2031)
f18ec05 
add permissions for Azure CIS 9.1 rule

(cherry picked from commit 724a151)
@mergify mergify bot mentioned this pull request Mar 13, 2024
Merged
kubasobon added a commit that referenced this pull request Mar 13, 2024
@mergify @kubasobon
[8.13](backport #2031) Add permissions for Azure CIS 9.1 rule (#2032)
bf1df4f 
Add permissions for Azure CIS 9.1 rule (#2031)

add permissions for Azure CIS 9.1 rule

(cherry picked from commit 724a151)

Co-authored-by: Kuba Soboń <wtty.fool@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@romulets romulets romulets approved these changes

@Omolola-Akinleye Omolola-Akinleye Awaiting requested review from Omolola-Akinleye

Assignees

@kubasobon kubasobon

Labels
backport-v8.13.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kubasobon @romulets