authorization.azure.com/v1api20220401
APIVersion
| Value | Description |
|---|---|
| “2022-04-01” |
RoleAssignment
Generator information: - Generated from: /authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/authorization-RoleAssignmentsCalls.json - ARM URI: /{scope}/providers/Microsoft.Authorization/roleAssignments/{roleAssignmentName}
Used by: RoleAssignmentList.
| Property | Description | Type |
|---|---|---|
| metav1.TypeMeta | ||
| metav1.ObjectMeta | ||
| spec | RoleAssignment_Spec Optional |
|
| status | RoleAssignment_STATUS Optional |
RoleAssignment_Spec
| Property | Description | Type |
|---|---|---|
| azureName | The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be. | string Optional |
| condition | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase ‘foo_storage_container’ | string Optional |
| conditionVersion | Version of the condition. Currently the only accepted value is ‘2.0’ | string Optional |
| delegatedManagedIdentityResourceReference | Id of the delegated managed identity resource | genruntime.ResourceReference Optional |
| description | Description of role assignment | string Optional |
| operatorSpec | The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure | RoleAssignmentOperatorSpec Optional |
| owner | The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. This resource is an extension resource, which means that any other Azure resource can be its owner. | genruntime.ArbitraryOwnerReference Required |
| principalId | The principal ID. | string Optional |
| principalIdFromConfig | The principal ID. | genruntime.ConfigMapReference Optional |
| principalType | The principal type of the assigned principal ID. | RoleAssignmentProperties_PrincipalType Optional |
| roleDefinitionReference | The role definition ID. | genruntime.ResourceReference Required |
RoleAssignment_STATUS
| Property | Description | Type |
|---|---|---|
| condition | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase ‘foo_storage_container’ | string Optional |
| conditions | The observed state of the resource | conditions.Condition[] Optional |
| conditionVersion | Version of the condition. Currently the only accepted value is ‘2.0’ | string Optional |
| createdBy | Id of the user who created the assignment | string Optional |
| createdOn | Time it was created | string Optional |
| delegatedManagedIdentityResourceId | Id of the delegated managed identity resource | string Optional |
| description | Description of role assignment | string Optional |
| id | The role assignment ID. | string Optional |
| name | The role assignment name. | string Optional |
| principalId | The principal ID. | string Optional |
| principalType | The principal type of the assigned principal ID. | RoleAssignmentProperties_PrincipalType_STATUS Optional |
| roleDefinitionId | The role definition ID. | string Optional |
| scope | The role assignment scope. | string Optional |
| type | The role assignment type. | string Optional |
| updatedBy | Id of the user who updated the assignment | string Optional |
| updatedOn | Time it was updated | string Optional |
RoleAssignmentList
Generator information: - Generated from: /authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/authorization-RoleAssignmentsCalls.json - ARM URI: /{scope}/providers/Microsoft.Authorization/roleAssignments/{roleAssignmentName}
| Property | Description | Type |
|---|---|---|
| metav1.TypeMeta | ||
| metav1.ListMeta | ||
| items | RoleAssignment[] Optional |
RoleDefinition
Generator information: - Generated from: /authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/authorization-RoleDefinitionsCalls.json - ARM URI: /{scope}/providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionId}
Used by: RoleDefinitionList.
| Property | Description | Type |
|---|---|---|
| metav1.TypeMeta | ||
| metav1.ObjectMeta | ||
| spec | RoleDefinition_Spec Optional |
|
| status | RoleDefinition_STATUS Optional |
RoleDefinition_Spec
| Property | Description | Type |
|---|---|---|
| assignableScopesReferences | Role definition assignable scopes. | genruntime.ResourceReference[] Optional |
| azureName | The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be. | string Optional |
| description | The role definition description. | string Optional |
| operatorSpec | The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure | RoleDefinitionOperatorSpec Optional |
| owner | The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. This resource is an extension resource, which means that any other Azure resource can be its owner. | genruntime.ArbitraryOwnerReference Required |
| permissions | Role definition permissions. | Permission[] Optional |
| roleName | The role name. | string Optional |
| type | The role type. | string Optional |
RoleDefinition_STATUS
| Property | Description | Type |
|---|---|---|
| assignableScopes | Role definition assignable scopes. | string[] Optional |
| conditions | The observed state of the resource | conditions.Condition[] Optional |
| createdBy | Id of the user who created the assignment | string Optional |
| createdOn | Time it was created | string Optional |
| description | The role definition description. | string Optional |
| id | The role definition ID. | string Optional |
| name | The role definition name. | string Optional |
| permissions | Role definition permissions. | Permission_STATUS[] Optional |
| properties_type | The role type. | string Optional |
| roleName | The role name. | string Optional |
| type | The role definition type. | string Optional |
| updatedBy | Id of the user who updated the assignment | string Optional |
| updatedOn | Time it was updated | string Optional |
RoleDefinitionList
Generator information: - Generated from: /authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/authorization-RoleDefinitionsCalls.json - ARM URI: /{scope}/providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionId}
| Property | Description | Type |
|---|---|---|
| metav1.TypeMeta | ||
| metav1.ListMeta | ||
| items | RoleDefinition[] Optional |
RoleAssignment_Spec
Used by: RoleAssignment.
| Property | Description | Type |
|---|---|---|
| azureName | The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be. | string Optional |
| condition | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase ‘foo_storage_container’ | string Optional |
| conditionVersion | Version of the condition. Currently the only accepted value is ‘2.0’ | string Optional |
| delegatedManagedIdentityResourceReference | Id of the delegated managed identity resource | genruntime.ResourceReference Optional |
| description | Description of role assignment | string Optional |
| operatorSpec | The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure | RoleAssignmentOperatorSpec Optional |
| owner | The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. This resource is an extension resource, which means that any other Azure resource can be its owner. | genruntime.ArbitraryOwnerReference Required |
| principalId | The principal ID. | string Optional |
| principalIdFromConfig | The principal ID. | genruntime.ConfigMapReference Optional |
| principalType | The principal type of the assigned principal ID. | RoleAssignmentProperties_PrincipalType Optional |
| roleDefinitionReference | The role definition ID. | genruntime.ResourceReference Required |
RoleAssignment_STATUS
Role Assignments
Used by: RoleAssignment.
| Property | Description | Type |
|---|---|---|
| condition | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase ‘foo_storage_container’ | string Optional |
| conditions | The observed state of the resource | conditions.Condition[] Optional |
| conditionVersion | Version of the condition. Currently the only accepted value is ‘2.0’ | string Optional |
| createdBy | Id of the user who created the assignment | string Optional |
| createdOn | Time it was created | string Optional |
| delegatedManagedIdentityResourceId | Id of the delegated managed identity resource | string Optional |
| description | Description of role assignment | string Optional |
| id | The role assignment ID. | string Optional |
| name | The role assignment name. | string Optional |
| principalId | The principal ID. | string Optional |
| principalType | The principal type of the assigned principal ID. | RoleAssignmentProperties_PrincipalType_STATUS Optional |
| roleDefinitionId | The role definition ID. | string Optional |
| scope | The role assignment scope. | string Optional |
| type | The role assignment type. | string Optional |
| updatedBy | Id of the user who updated the assignment | string Optional |
| updatedOn | Time it was updated | string Optional |
RoleDefinition_Spec
Used by: RoleDefinition.
| Property | Description | Type |
|---|---|---|
| assignableScopesReferences | Role definition assignable scopes. | genruntime.ResourceReference[] Optional |
| azureName | The name of the resource in Azure. This is often the same as the name of the resource in Kubernetes but it doesn’t have to be. | string Optional |
| description | The role definition description. | string Optional |
| operatorSpec | The specification for configuring operator behavior. This field is interpreted by the operator and not passed directly to Azure | RoleDefinitionOperatorSpec Optional |
| owner | The owner of the resource. The owner controls where the resource goes when it is deployed. The owner also controls the resources lifecycle. When the owner is deleted the resource will also be deleted. This resource is an extension resource, which means that any other Azure resource can be its owner. | genruntime.ArbitraryOwnerReference Required |
| permissions | Role definition permissions. | Permission[] Optional |
| roleName | The role name. | string Optional |
| type | The role type. | string Optional |
RoleDefinition_STATUS
Role definition.
Used by: RoleDefinition.
| Property | Description | Type |
|---|---|---|
| assignableScopes | Role definition assignable scopes. | string[] Optional |
| conditions | The observed state of the resource | conditions.Condition[] Optional |
| createdBy | Id of the user who created the assignment | string Optional |
| createdOn | Time it was created | string Optional |
| description | The role definition description. | string Optional |
| id | The role definition ID. | string Optional |
| name | The role definition name. | string Optional |
| permissions | Role definition permissions. | Permission_STATUS[] Optional |
| properties_type | The role type. | string Optional |
| roleName | The role name. | string Optional |
| type | The role definition type. | string Optional |
| updatedBy | Id of the user who updated the assignment | string Optional |
| updatedOn | Time it was updated | string Optional |
Permission
Role definition permissions.
Used by: RoleDefinition_Spec.
| Property | Description | Type |
|---|---|---|
| actions | Allowed actions. | string[] Optional |
| dataActions | Allowed Data actions. | string[] Optional |
| notActions | Denied actions. | string[] Optional |
| notDataActions | Denied Data actions. | string[] Optional |
Permission_STATUS
Role definition permissions.
Used by: RoleDefinition_STATUS.
| Property | Description | Type |
|---|---|---|
| actions | Allowed actions. | string[] Optional |
| dataActions | Allowed Data actions. | string[] Optional |
| notActions | Denied actions. | string[] Optional |
| notDataActions | Denied Data actions. | string[] Optional |
RoleAssignmentOperatorSpec
Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure
Used by: RoleAssignment_Spec.
| Property | Description | Type |
|---|---|---|
| configMapExpressions | configures where to place operator written dynamic ConfigMaps (created with CEL expressions). | core.DestinationExpression[] Optional |
| namingConvention | The uuid generation technique to use for any role without an explicit AzureName. One of ‘stable’ or ‘random’. | string Optional |
| secretExpressions | configures where to place operator written dynamic secrets (created with CEL expressions). | core.DestinationExpression[] Optional |
RoleAssignmentProperties_PrincipalType
Used by: RoleAssignment_Spec.
| Value | Description |
|---|---|
| “Device” | |
| “ForeignGroup” | |
| “Group” | |
| “ServicePrincipal” | |
| “User” |
RoleAssignmentProperties_PrincipalType_STATUS
Used by: RoleAssignment_STATUS.
| Value | Description |
|---|---|
| “Device” | |
| “ForeignGroup” | |
| “Group” | |
| “ServicePrincipal” | |
| “User” |
RoleDefinitionOperatorSpec
Details for configuring operator behavior. Fields in this struct are interpreted by the operator directly rather than being passed to Azure
Used by: RoleDefinition_Spec.
| Property | Description | Type |
|---|---|---|
| configMapExpressions | configures where to place operator written dynamic ConfigMaps (created with CEL expressions). | core.DestinationExpression[] Optional |
| namingConvention | The uuid generation technique to use for any role without an explicit AzureName. One of ‘stable’ or ‘random’. | string Optional |
| secretExpressions | configures where to place operator written dynamic secrets (created with CEL expressions). | core.DestinationExpression[] Optional |