redkiteps

0.0.5729

Schemas/rbac.schema.json

                                {

    "$id": "#/properties/permissions/items/anyOf/0",

    "type": "object",

    "title": "Azure RBAC Permission",

    "description": "Apply an AAD Role to any scoped object",

    "default": {},

    "examples": [

        {

            "comment": "Security SP Needs to be able to manage lake permissions",

            "type": "rbac",

            "scope": "/subscriptions/312312-23123123-23131231/resourceGroups/RGNAME/providers/Microsoft.Storage/storageAccounts/strgAccountName",

            "principalType": "Application",

            "principalName": "my-application-name-from-aad",

            "role": "Storage Blob Data Reader"

        }

    ],

    "required": [

        "type",

        "scope",

        "principalType",

        "principalName",

        "role"

    ],

    "properties": {

        "comment": {

            "$id": "#/properties/permissions/items/anyOf/0/properties/comment",

            "type": "string",

            "title": "Comment",

            "description": "Description or explanation for the permission",

            "default": "",

            "examples": [

                "Application SP needs to read data in the lake"

            ]

        },

        "type": {

            "$id": "#/properties/permissions/items/anyOf/0/properties/type",

            "type": "string",

            "enum": [

                "rbac"

            ],

            "title": "The type of permissions",

            "description": "An explanation about the purpose of this instance.",

            "default": "rbac",

            "examples": [

                "rbac"

            ]

        },

        "scope": {

            "$id": "#/properties/permissions/items/anyOf/0/properties/scope",

            "type": "string",

            "title": "The scope schema",

            "description": "Scope to the Azure Resource (See the properties Blade in the portal)",

            "default": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}",

            "examples": [

                "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{storageAccountName}"

            ]

        },

        "principalType": {

            "$id": "#/properties/permissions/items/anyOf/0/properties/principalType",

            "type": "string",

            "title": "AAD Object Type",

            "description": "Application/Group/User/MSI",

            "default": "Group",

            "enum": ["Group", "Application", "User", "MSI"],

            "examples": [

                "Application"

            ]

        },

        "principalName": {

            "$id": "#/properties/permissions/items/anyOf/0/properties/principalName",

            "type": "string",

            "title": "Principal Name",

            "description": "AAD Display Name of the principal - must be exact match",

            "default": "",

            "examples": []

        },

        "role": {

            "$id": "#/properties/permissions/items/anyOf/0/properties/role",

            "type": "string",

            "title": "Azure Role",

            "description": "The name of the Azure Role - such as Contributor",

            "default": "Reader",

            "examples": [

                "Storage Blob Data Contributor",

                "Owner",

                "Contributor",

                "Reader"

            ]

        }

    },

    "additionalProperties": false

}