Skip to main content

Plan and apply mode

Plan and Apply mode is used to apply any changes made in the code to Azure.

During the Plan stage it reads in all the code from the git repository and the current state from azure and compares them for differences before showing what changes need to be made.

After reviewing and approving the planned changes, the apply stage can be run to apply the changes.

Example workflow

Initial state

Here are the initial role assignments for resource group "OSX-ARG-KEYVAULT-DEV":

RBAC initial state

A change is made in the code

In this example the "Information Technology" group is added as a Contributor to OSX-ARG-KEYVAULT-DEV.

To achieve this the following code has been added to the file osx-arg-keyvault-dev.json under "assignments":

{
"role": "Contributor",
"objectName": "Information Technology",
"objectType": "Group"
},

A Pull request is then submitted with these changes.

RBAC Pull Request

The pull request is peer reviewed and then merged to main.

The plan and apply pipeline is run

The Plan and Apply pipeline is run. This can be configured to be initiated manually or when the main branch is updated.

The plan stage executes. Apply however waits for approval.

Pipeline Approval for RBAC

Before approving review the "Plan" stage summary to ensure the changes to be made are as expected.

Pipeline Plan Stage for RBAC

It can be seen that the "Information Technology" group will be added as a Contributor to OSX-ARG-KEYVAULT-DEV as expected.

Approval shows planned RBAC changes

Approve the Apply stage to allow it to run.

Change applied in Azure

In this example we can confirm that the change has been applied via the Portal.

Confirm RBAC change in Azure Portal