From 4c3d89f8fc2a1620b10107c2bc95a4123b78d98f Mon Sep 17 00:00:00 2001 From: tlangs Date: Thu, 25 Apr 2024 12:07:55 -0400 Subject: [PATCH 1/3] ID-1242 Azure Private Container Registry Resource --- src/main/resources/reference.conf | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/src/main/resources/reference.conf b/src/main/resources/reference.conf index 02c033dfd..75ffd195c 100644 --- a/src/main/resources/reference.conf +++ b/src/main/resources/reference.conf @@ -1604,6 +1604,36 @@ resourceTypes = { reuseIds = true } + private_azure_container_registry = { + actionPatterns = { + delete = { + description = "Delete this private acr" + } + read_policies = { + description = "view all policies and policy details for this private acr" + } + use = { + description = "utilize this private acr" + } + "share_policy::admin" = { + description = "change the membership of the admin policy for this private acr" + } + "share_policy::user" = { + description = "change the membership of the user policy for this private acr" + } + } + ownerRoleName = "admin" + roles = { + admin = { + roleActions = ["delete", "read_policies", "use", "share_policy::admin", "share_policy::user"] + } + user = { + roleActions = ["use"] + } + } + allowLeaving = false + reuseIds = true + } } From 9d3aedaacb728353fa6a7249757e96b4a5c8bbed Mon Sep 17 00:00:00 2001 From: tlangs Date: Thu, 25 Apr 2024 14:00:44 -0400 Subject: [PATCH 2/3] a different action --- src/main/resources/reference.conf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/main/resources/reference.conf b/src/main/resources/reference.conf index 75ffd195c..b9f0a3e37 100644 --- a/src/main/resources/reference.conf +++ b/src/main/resources/reference.conf @@ -1612,8 +1612,8 @@ resourceTypes = { read_policies = { description = "view all policies and policy details for this private acr" } - use = { - description = "utilize this private acr" + identify = { + description = "use the identity that has access to this private acr" } "share_policy::admin" = { description = "change the membership of the admin policy for this private acr" @@ -1625,10 +1625,10 @@ resourceTypes = { ownerRoleName = "admin" roles = { admin = { - roleActions = ["delete", "read_policies", "use", "share_policy::admin", "share_policy::user"] + roleActions = ["delete", "read_policies", "use", "share_policy::admin", "share_policy::user", "identify"] } user = { - roleActions = ["use"] + roleActions = ["identify"] } } allowLeaving = false From b5c0077828ea4960a72402200147f72d64c3c83f Mon Sep 17 00:00:00 2001 From: tlangs Date: Wed, 1 May 2024 12:30:38 -0400 Subject: [PATCH 3/3] add azure private storage account --- src/main/resources/reference.conf | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/src/main/resources/reference.conf b/src/main/resources/reference.conf index b9f0a3e37..39f6233c8 100644 --- a/src/main/resources/reference.conf +++ b/src/main/resources/reference.conf @@ -1634,6 +1634,37 @@ resourceTypes = { allowLeaving = false reuseIds = true } + + private_azure_storage_account = { + actionPatterns = { + delete = { + description = "Delete this private azure storage account" + } + read_policies = { + description = "view all policies and policy details for this private azure storage account" + } + identify = { + description = "use the identity that has access to this private azure storage account" + } + "share_policy::admin" = { + description = "change the membership of the admin policy for this private azure storage account" + } + "share_policy::user" = { + description = "change the membership of the user policy for this private azure storage account" + } + } + ownerRoleName = "admin" + roles = { + admin = { + roleActions = ["delete", "read_policies", "use", "share_policy::admin", "share_policy::user", "identify"] + } + user = { + roleActions = ["identify"] + } + } + allowLeaving = false + reuseIds = true + } }