From 09c53a3074a0e9a19704cbda6eea900eeff1d157 Mon Sep 17 00:00:00 2001
From: Juan Jottar <juanjottar@microsoft.com>
Date: Wed, 1 Apr 2026 20:47:19 +0000
Subject: [PATCH] fix(infrastructure): add Storage File Data Privileged
 Contributor role for ML identity

---
 .../terraform/modules/platform/role-assignments.tf        | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/infrastructure/terraform/modules/platform/role-assignments.tf b/infrastructure/terraform/modules/platform/role-assignments.tf
index ee39b035..017c7910 100644
--- a/infrastructure/terraform/modules/platform/role-assignments.tf
+++ b/infrastructure/terraform/modules/platform/role-assignments.tf
@@ -70,6 +70,14 @@ resource "azurerm_role_assignment" "ml_storage_file" {
   principal_id         = azurerm_user_assigned_identity.ml.principal_id
 }
 
+// Grant ML identity Storage File Data Privileged Contributor role
+// Required for Azure ML compute instance storage mounting
+resource "azurerm_role_assignment" "ml_storage_file_privileged" {
+  scope                = azurerm_storage_account.main.id
+  role_definition_name = "Storage File Data Privileged Contributor"
+  principal_id         = azurerm_user_assigned_identity.ml.principal_id
+}
+
 // ============================================================
 // OSMO Identity Role Assignments
 // ============================================================