Skip to content

Commit

Permalink
⭐️ Azure IAM role assignment and managed identities (#4583)
Browse files Browse the repository at this point in the history 
* ⭐️ Azure IAM role assignment

* ⭐️ azure managed identities
  • Loading branch information
@chris-rock
chris-rock authored Aug 20, 2024
1 parent 077e2cc commit 6fd635c
Show file tree
Hide file tree
Showing 6 changed files with 584 additions and 27 deletions.
2 changes: 1 addition & 1 deletion providers/azure/go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ require (
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/keyvault/armkeyvault v1.4.0
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/mariadb/armmariadb v1.2.0
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor v0.11.0
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi v1.2.0
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/mysql/armmysql v1.2.0
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/mysql/armmysqlflexibleservers v1.2.0
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork v1.1.0
Expand Down Expand Up @@ -65,7 +66,6 @@ require (
github.com/Microsoft/go-winio v0.6.2 // indirect
github.com/ProtonMail/go-crypto v1.0.0 // indirect
github.com/StackExchange/wmi v1.2.1 // indirect
github.com/aws/aws-sdk-go v1.55.5 // indirect
github.com/aws/aws-sdk-go-v2 v1.30.4 // indirect
github.com/aws/aws-sdk-go-v2/config v1.27.28 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.17.28 // indirect
Expand Down
4 changes: 2 additions & 2 deletions providers/azure/go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,8 @@ github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/mariadb/armmariadb v1.2.0
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/mariadb/armmariadb v1.2.0/go.mod h1:DjMBNXv1qSHIv81Mj/MeAru4hk5WhOW4YZ40c+zo+Us=
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor v0.11.0 h1:Ds0KRF8ggpEGg4Vo42oX1cIt/IfOhHWJBikksZbVxeg=
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/monitor/armmonitor v0.11.0/go.mod h1:jj6P8ybImR+5topJ+eH6fgcemSFBmU6/6bFF8KkwuDI=
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi v1.2.0 h1:z4YeiSXxnUI+PqB46Yj6MZA3nwb1CcJIkEMDrzUd8Cs=
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi v1.2.0/go.mod h1:rko9SzMxcMk0NJsNAxALEGaTYyy79bNRwxgJfrH0Spw=
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/mysql/armmysql v1.2.0 h1:dhywcZH9yPDIje9aTqwy6psZSPzI6CJLYEprDahIBSQ=
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/mysql/armmysql v1.2.0/go.mod h1:6z3b+JdBLH0eMzfBex/cvEIoEFVEwXuB0wbgdfN11iM=
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/mysql/armmysqlflexibleservers v1.2.0 h1:3jDMffAwnvs6qmOqhjNVHB29AKxs6brnzJeo65E1YwM=
Expand Down Expand Up @@ -109,8 +111,6 @@ github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFI
github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU=
github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
github.com/aws/aws-sdk-go-v2 v1.30.4 h1:frhcagrVNrzmT95RJImMHgabt99vkXGslubDaDagTk8=
github.com/aws/aws-sdk-go-v2 v1.30.4/go.mod h1:CT+ZPWXbYrci8chcARI3OmI/qgd+f6WtuLOoaIA8PR0=
github.com/aws/aws-sdk-go-v2/config v1.27.28 h1:OTxWGW/91C61QlneCtnD62NLb4W616/NM1jA8LhJqbg=
Expand Down
26 changes: 26 additions & 0 deletions providers/azure/resources/azure.lr
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1746,6 +1746,10 @@ private azure.subscription.authorizationService {
roles() []azure.subscription.authorizationService.roleDefinition
// Deprecated: use `roles` instead
roleDefinitions() []azure.subscription.authorizationService.roleDefinition
// Role assignments
roleAssignments() []azure.subscription.authorizationService.roleAssignment
// Managed identities
managedIdentities() []azure.subscription.managedIdentity
}

// Azure role definition
Expand Down Expand Up @@ -1780,6 +1784,28 @@ private azure.subscription.authorizationService.roleDefinition.permission @defau
deniedDataActions []string
}

// Azure role assignment
private azure.subscription.authorizationService.roleAssignment @defaults("principalId type role.name") {
id string
description string
type string
scope string
principalId string
condition string
createdAt time
updatedAt time
role() azure.subscription.authorizationService.roleDefinition
}

// Azure managed identity
private azure.subscription.managedIdentity @defaults("name") {
name string
clientId string
principalId string
tenantId string
roleAssignments() []azure.subscription.authorizationService.roleAssignment
}

// Azure Kubernetes Service
private azure.subscription.aksService {
// Subscription identifier
Expand Down
Loading

0 comments on commit 6fd635c

Please sign in to comment.