Update the Azure secret dialog (#1255)

with a hint to use fine-grained permissions instead of simply the Contributer role.
gardener · Jul 18, 2022 · 31edd75 · 31edd75
1 parent e621690
commit 31edd75
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/frontend/src/components/dialogs/SecretDialogAzure.vue b/frontend/src/components/dialogs/SecretDialogAzure.vue
@@ -64,11 +64,15 @@ SPDX-License-Identifier: Apache-2.0
     <template v-slot:help-slot>
       <div v-if="vendor==='azure'">
         <p>
-          Before you can provision and access a Kubernetes cluster on Azure, you need to add account credentials.
-          The Gardener needs the credentials to provision and operate the Azure infrastructure for your Kubernetes cluster.
+          Before you can provision and access a Kubernetes cluster on Azure, you need to add account/subscription credentials.
+          The Gardener needs the credentials of a service principal assigned to an account/subscription to provision
+          and operate the Azure infrastructure for your Kubernetes cluster.
         </p>
         <p>
-          Ensure that the account has the <strong>contributor</strong> role.
+          Ensure that the service principal has the permissions defined
+          <external-link url="https://github.com/gardener/gardener-extension-provider-azure/blob/master/docs/azure-permissions.md">
+          here</external-link> within your subscription assigned.
+          If no fine-grained permissions are required then assign the <strong>Contributor</strong> role.
         </p>
         <p>
           Read the