Skip to content

Commit 63bec37

Browse files
tlangstlangs
authored
ID-1282 Finalize Azure Private Resource Types (#1440)
* ID-1282 Finalize Azure Private Resource Types
1 parent 6bbac37 commit 63bec37

File tree

1 file changed

+31
-53
lines changed

1 file changed

+31
-53
lines changed

src/main/resources/reference.conf

+31-53
Original file line numberDiff line numberDiff line change
@@ -1613,28 +1613,28 @@ resourceTypes = {
16131613
private_azure_container_registry = {
16141614
actionPatterns = {
16151615
delete = {
1616-
description = "Delete this private acr"
1616+
description = "Delete this private azure container registry"
16171617
}
16181618
read_policies = {
1619-
description = "view all policies and policy details for this private acr"
1619+
description = "view all policies and policy details for this private azure container registry"
16201620
}
1621-
identify = {
1622-
description = "use the identity that has access to this private acr"
1621+
pull_image = {
1622+
description = "pull an image from the private azure container registry"
16231623
}
1624-
"share_policy::admin" = {
1625-
description = "change the membership of the admin policy for this private acr"
1624+
"share_policy::owner" = {
1625+
description = "change the membership of the owner policy for this private azure container registry"
16261626
}
1627-
"share_policy::user" = {
1628-
description = "change the membership of the user policy for this private acr"
1627+
"share_policy::reader" = {
1628+
description = "change the membership of the reader policy for this private azure container registry"
16291629
}
16301630
}
1631-
ownerRoleName = "admin"
1631+
ownerRoleName = "owner"
16321632
roles = {
1633-
admin = {
1634-
roleActions = ["delete", "read_policies", "use", "share_policy::admin", "share_policy::user", "identify"]
1633+
owner = {
1634+
roleActions = ["delete", "read_policies", "use", "share_policy::owner", "share_policy::reader", "pull_image"]
16351635
}
1636-
user = {
1637-
roleActions = ["identify"]
1636+
reader = {
1637+
roleActions = ["pull_image"]
16381638
}
16391639
}
16401640
allowLeaving = false
@@ -1649,54 +1649,32 @@ resourceTypes = {
16491649
read_policies = {
16501650
description = "view all policies and policy details for this private azure storage account"
16511651
}
1652-
identify = {
1653-
description = "use the identity that has access to this private azure storage account"
1654-
}
1655-
"share_policy::admin" = {
1656-
description = "change the membership of the admin policy for this private azure storage account"
1657-
}
1658-
"share_policy::user" = {
1659-
description = "change the membership of the user policy for this private azure storage account"
1660-
}
1661-
}
1662-
ownerRoleName = "admin"
1663-
roles = {
1664-
admin = {
1665-
roleActions = ["delete", "read_policies", "use", "share_policy::admin", "share_policy::user", "identify"]
1666-
}
1667-
user = {
1668-
roleActions = ["identify"]
1669-
}
1670-
}
1671-
allowLeaving = false
1672-
reuseIds = true
1673-
}
1674-
1675-
azure_managed_identity = {
1676-
actionPatterns = {
1677-
delete = {
1678-
description = "Delete this azure managed identity"
1652+
read = {
1653+
description = "read from the private azure storage account"
16791654
}
1680-
read_policies = {
1681-
description = "view all policies and policy details for this azure managed identity"
1655+
write = {
1656+
description = "write to the private azure storage account"
16821657
}
1683-
identify = {
1684-
description = "use the identity that has access to this azure managed identity"
1658+
"share_policy::owner" = {
1659+
description = "change the membership of the owner policy for this private azure storage account"
16851660
}
1686-
"share_policy::admin" = {
1687-
description = "change the membership of the admin policy for this azure managed identity"
1661+
"share_policy::reader" = {
1662+
description = "change the membership of the reader policy for this private azure storage account"
16881663
}
1689-
"share_policy::user" = {
1690-
description = "change the membership of the user policy for this azure managed identity"
1664+
"share_policy::writer" = {
1665+
description = "change the membership of the writer policy for this private azure storage account"
16911666
}
16921667
}
1693-
ownerRoleName = "admin"
1668+
ownerRoleName = "owner"
16941669
roles = {
1695-
admin = {
1696-
roleActions = ["delete", "read_policies", "use", "share_policy::admin", "share_policy::user", "identify"]
1670+
owner = {
1671+
roleActions = ["delete", "read_policies", "share_policy::owner", "share_policy::reader", "share_policy::writer", "read", "write"]
16971672
}
1698-
user = {
1699-
roleActions = ["identify"]
1673+
reader = {
1674+
roleActions = ["read"]
1675+
}
1676+
writer = {
1677+
roleActions = ["write"]
17001678
}
17011679
}
17021680
allowLeaving = false

0 commit comments

Comments
 (0)