[main] Fix transitive Azure role assignments through WaitFor dependencies#14478
Merged
[main] Fix transitive Azure role assignments through WaitFor dependencies#14478
Conversation
Remove CollectAnnotationDependencies calls from CollectDependenciesFromValue to prevent WaitFor/parent/connection-string-redirect annotations from referenced resources being included as direct dependencies of the caller. Add tests verifying: - DirectOnly mode excludes WaitFor deps from referenced resources - WaitFor doesn't create transitive role assignments in Azure publish Co-authored-by: eerhardt <8291187+eerhardt@users.noreply.github.com>
dotnet-policy-service
bot
added
Re-opened Github-Action PR
and removed
Closed Github-Action PR
labels
Contributor
Author
|
🚀 Dogfood this PR with:
curl -fsSL https://raw.githubusercontent.com/dotnet/aspire/main/eng/scripts/get-aspire-cli-pr.sh | bash -s -- 14478Or
iex "& { $(irm https://raw.githubusercontent.com/dotnet/aspire/main/eng/scripts/get-aspire-cli-pr.ps1) } 14478" |
karolz-ms
approved these changes
Feb 12, 2026
Contributor
Author
🎬 CLI E2E Test RecordingsThe following terminal recordings are available for commit
📹 Recordings uploaded automatically from CI run #21964950654 |
danegsta
approved these changes
Feb 13, 2026
mitchdenny
added a commit
that referenced
this pull request
Feb 23, 2026
…er (#14590) * Add a script for startup performance measurement (#14345) * Add startup perf collection script * Analyze trace more efficiently * Increase pause between iterations * Fix TraceAnalyzer * Add startup-perf skill * Add backmerge release workflow to automate merging changes from release/13.2 to main (#14453) * Add backmerge release workflow to automate merging changes from release/13.2 to main * Apply suggestions from code review Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Apply more fixes and use dotnet's action --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Bump Aspire branding from 13.2 to 13.3 (#14456) * Initial plan * Bump Aspire branding from 13.2 to 13.3 Co-authored-by: joperezr <13854455+joperezr@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: joperezr <13854455+joperezr@users.noreply.github.com> * Update Azure.Core to latest version - lift all runtime dependencies to latest (#14361) * Update to Azure.Core 1.51.1 Use latest versions for all dotnet/runtime nuget packages. This simplifies our dependency management. Remove ForceLatestDotnetVersions property from multiple project files * Update AzureDeployerTests to use WaitForShutdown instead of StopAsync There is a timing issue when using Start/Stop since the background pipeline might still be running and it cancels the pipeline before it can complete. * Fix AuxiliaryBackchannelTests by adding a Task that completes when the AuxiliaryBackchannelService is listening and ready for connections. * Remove double registration of AuxiliaryBackchannelService as an IHostedService. * Fix ResourceLoggerForwarderServiceTests to ensure the ResourceLoggerForwarderService has started before signalling the stopping token. * Update Arcade to latest version from the .NET 10 Eng channel (#13556) Co-authored-by: Jose Perez Rodriguez <joperezr@microsoft.com> * Refactor backmerge PR creation to update existing PRs and streamline body formatting (#14476) * [main] Fix transitive Azure role assignments through WaitFor dependencies (#14478) * Initial plan * Fix transitive Azure role assignments through WaitFor dependencies Remove CollectAnnotationDependencies calls from CollectDependenciesFromValue to prevent WaitFor/parent/connection-string-redirect annotations from referenced resources being included as direct dependencies of the caller. Add tests verifying: - DirectOnly mode excludes WaitFor deps from referenced resources - WaitFor doesn't create transitive role assignments in Azure publish Co-authored-by: eerhardt <8291187+eerhardt@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: eerhardt <8291187+eerhardt@users.noreply.github.com> * Remove auto-merge step from backmerge workflow (#14481) * Remove auto-merge step from backmerge workflow * Update PR body to request merge commit instead of auto-merge * Add agentic workflow daily-repo-status (#14498) * [Automated] Backmerge release/13.2 to main (#14536) * Fix Windows pipeline image to use windows.vs2022.amd64.open (#14492) * Fix Windows pipeline image to use windows.vs2022.amd64.open * Use windows.vs2026preview.scout.amd64 for public pipeline Windows pool Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Add Azure portal link for Resource Group in deploy pipeline summary (#14434) * Add Azure portal link for Resource Group in pipeline summary When printing the Resource Group in the pipeline summary of `aspire deploy`, include a clickable link to the Azure portal resource group page. The link uses the format: https://portal.azure.com/#@{tenantId}/resource/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/overview Changes: - AzureEnvironmentResource.AddToPipelineSummary: construct markdown link for resource group - ConsoleActivityLogger.FormatPipelineSummaryKvp: convert markdown to Spectre markup for clickable links - Add ConsoleActivityLoggerTests for the new markdown rendering behavior Co-authored-by: eerhardt <8291187+eerhardt@users.noreply.github.com> * Clean up the code * Fix tests * More test fixups * Refactor code * Update src/Aspire.Cli/Utils/MarkdownToSpectreConverter.cs Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Add test for color-enabled non-interactive rendering path Co-authored-by: eerhardt <8291187+eerhardt@users.noreply.github.com> * fix test --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: eerhardt <8291187+eerhardt@users.noreply.github.com> Co-authored-by: Eric Erhardt <eric.erhardt@microsoft.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Jose Perez Rodriguez <joperezr@microsoft.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: eerhardt <8291187+eerhardt@users.noreply.github.com> Co-authored-by: Eric Erhardt <eric.erhardt@microsoft.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * [Automated] Update AI Foundry Models (#14541) Co-authored-by: sebastienros <sebastienros@users.noreply.github.com> * Detect CLI at default install paths when not on PATH (#14545) Check default installation directories (~/.aspire/bin, ~/.dotnet/tools) when the Aspire CLI is not found on the system PATH. If found at a default location, the VS Code setting is auto-updated. If later found on PATH, the setting is cleared. Resolution order: configured custom path > system PATH > default install paths. Fixes #14235 * [automated] Unquarantine stable tests with 25+ days zero failures (#14531) * Initial plan * [automated] Unquarantine stable tests - Unquarantined: DeployCommandIncludesDeployFlagInArguments - Unquarantined: GetAppHostsCommand_WithMultipleProjects_ReturnsSuccessWithAllCandidates - Unquarantined: GetAppHostsCommand_WithSingleProject_ReturnsSuccessWithValidJson - Unquarantined: PushImageToRegistry_WithRemoteRegistry_PushesImage - Unquarantined: ProcessParametersStep_ValidatesBehavior - Unquarantined: WithHttpCommand_EnablesCommandOnceResourceIsRunning These tests are being unquarantined as they have had 25+ days of quarantined run data with zero failures. Co-authored-by: radical <1472+radical@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: radical <1472+radical@users.noreply.github.com> * Partially fix quarantined test: Update stale snapshot for DeployAsync_WithMultipleComputeEnvironments_Works (#14551) * Initial plan * Update snapshot for DeployAsync_WithMultipleComputeEnvironments_Works test Co-authored-by: radical <1472+radical@users.noreply.github.com> * Remove quarantine attribute from DeployAsync_WithMultipleComputeEnvironments_Works test Co-authored-by: radical <1472+radical@users.noreply.github.com> * Restore quarantine attribute - step="deploy" case still fails Co-authored-by: radical <1472+radical@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: radical <1472+radical@users.noreply.github.com> * Update daily report to 13.2 milestone burndown (#14563) * Update daily report to 13.2 milestone burndown Refocus the daily-repo-status agentic workflow to serve as a 13.2 release burndown report: - Track 13.2 milestone issues closed/opened in the last 24 hours - Highlight new bugs added to the milestone - Summarize PRs merged to release/13.2 branch - List PRs targeting release/13.2 awaiting review - Surface relevant 13.2 discussions - Generate a Mermaid xychart burndown using cache-memory snapshots - Keep general triage queue as a brief secondary section - Schedule daily around 9am, auto-close older report issues Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Address review feedback: clarify cache schema and queries - Exclude PRs from milestone counts (issues-only filter) - Specify exact JSON schema for cache-memory burndown snapshots - Add dedup, sort, and trim-to-7 logic for cache entries - Simplify 'new issues' query to opened-in-last-24h with milestone Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Update Aspire.Hosting.Kubernetes.csproj * Initialize _kubernetesComponents with ResourceNameComparer * Update KubernetesPublisherTests.cs * Update Aspire.Hosting.Kubernetes.csproj * Adds snapshots * Adds Chart.yaml to snapshot --------- Co-authored-by: Karol Zadora-Przylecki <karolz@microsoft.com> Co-authored-by: Jose Perez Rodriguez <joperezr@microsoft.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: joperezr <13854455+joperezr@users.noreply.github.com> Co-authored-by: Eric Erhardt <eric.erhardt@microsoft.com> Co-authored-by: dotnet-maestro[bot] <42748379+dotnet-maestro[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: eerhardt <8291187+eerhardt@users.noreply.github.com> Co-authored-by: David Negstad <50252651+danegsta@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Co-authored-by: Mitch Denny <midenn@microsoft.com> Co-authored-by: sebastienros <sebastienros@users.noreply.github.com> Co-authored-by: Adam Ratzman <adam@adamratzman.com> Co-authored-by: radical <1472+radical@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport of #14473 to main
/cc @karolz-ms @copilot
Customer Impact
Testing
Risk
Regression?