You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
I've generated sp by specifying the resource group.
Ex - az ad sp create-for-rbac --name "myApp" --role contributor \ --scopes /subscriptions/{subscription-id}/resourceGroups/{resource-group} \ --sdk-auth
Even though I mention resource-group-name in the azure/build-vm-image@v0 i noticed it automatically creates a separate resource group for build artifacts called IT_{group}_imagebuilderTempla_{id}. This becomes a slight issue when deleting the resources that are created by this workflow.
I've wrote this CLI command for cleaning these resources. az group delete --name $(az group list --tag imageTemplateName=imagebuilderTemplate_${{ steps.write.outputs.old-image-id }} -otable --query "[].name" -otsv) -y
However I noticed az group list doesn't show anything other than the resource group I gave permission when creating the sp. I could solve this problem by not restricting the sp to the resoruce group but is this would be solved if we didn't create a new resource group and instead create all resources under the resource group we given. wdyt?
The text was updated successfully, but these errors were encountered:
When the Image Template Resource is created you will see a staging resource group created in your subscription, in the format: IT_(GUID). The staging resource group contains files and scripts referenced in the File, Shell, PowerShell customization in the ScriptURI property.
When the build finishes all resources will be deleted, except for the staging resource group and the storage account, to remove these you will delete the Image Template resource, or you can leave them there to run the build again.
So direct deletion of image template resource which was created in your resource group will directly delete the staging Resource Group and storage account. Current SPN should suffice in this case. Visit this doc for reference.
Hi,
I've generated sp by specifying the resource group.
Ex -
az ad sp create-for-rbac --name "myApp" --role contributor \ --scopes /subscriptions/{subscription-id}/resourceGroups/{resource-group} \ --sdk-auth
Even though I mention
resource-group-name
in the azure/build-vm-image@v0 i noticed it automatically creates a separate resource group for build artifacts calledIT_{group}_imagebuilderTempla_{id}
. This becomes a slight issue when deleting the resources that are created by this workflow.I've wrote this CLI command for cleaning these resources.
az group delete --name $(az group list --tag imageTemplateName=imagebuilderTemplate_${{ steps.write.outputs.old-image-id }} -otable --query "[].name" -otsv) -y
However I noticed az group list doesn't show anything other than the resource group I gave permission when creating the sp. I could solve this problem by not restricting the sp to the resoruce group but is this would be solved if we didn't create a new resource group and instead create all resources under the resource group we given. wdyt?
The text was updated successfully, but these errors were encountered: