Definitions for @turbot/azure-iam
- azureLevelDefinition
- azureLevelDefinitionList
- azureModifier
- azureModifierLevelReference
- azureModifierList
- azurePermissionLevelReference
- azurePermissionReference
- azurePermissionTypeReference
- azureRightDefinition
- azureRightDefinitionList
- iam
- iamAka
- id
- roleAka
- roleAssignment
- roleAssignmentAka
- roleAssignmentId
- roleAssignmentName
- roleAssignmentServiceNow
- roleDefinition
- roleDefinitionId
- roleDefinitionServiceNow
- roleName
- turbotAzureLevelDefinitionList
azureLevelDefinition
{ "description": "Internal format for Guardrails Levels.", "type": "object", "properties": { "level": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "user|metadata|readonly|admin|owner|operator|none|whitelist|superuser$" }, "type": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "^tmod:@turbot/azure" } }, "required": [ "level", "type" ], "additionalProperties": false, "tests": [ { "description": "Valid level definition", "input": { "level": "tmod:@turbot/azure-storage#/permission/levels/admin", "type": "tmod:@turbot/azure-storage#/permission/types/storage" } }, { "description": "invalid type definition", "input": { "level": "tmod:@turbot/azure-storage#/permission/levels/admin", "type": "tmod:@turbot/aws-storage#/permission/types/storage" }, "expected": false }, { "description": "Invalid - Levels includes a non #/permission/levels/* path", "expected": false, "input": { "level": "#/definitions/foo", "type": "#/permission/types/foo" } }, { "description": "Invalid - Types includes a non #/permission/types/* path", "expected": false, "input": { "level": "#/permission/levels/user", "type": "#/definitions/bar" } } ], ".turbot": { "uri": "tmod:@turbot/azure-iam#/definitions/azureLevelDefinition", "modUri": "tmod:@turbot/azure-iam" }}
azureLevelDefinitionList
{ "description": "Internal format for Guardrails Levels registrations.", "type": "array", "items": { "description": "Internal format for Guardrails Levels.", "type": "object", "properties": { "level": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "user|metadata|readonly|admin|owner|operator|none|whitelist|superuser$" }, "type": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "^tmod:@turbot/azure" } }, "required": [ "level", "type" ], "additionalProperties": false, "tests": [ { "description": "Valid level definition", "input": { "level": "tmod:@turbot/azure-storage#/permission/levels/admin", "type": "tmod:@turbot/azure-storage#/permission/types/storage" } }, { "description": "invalid type definition", "input": { "level": "tmod:@turbot/azure-storage#/permission/levels/admin", "type": "tmod:@turbot/aws-storage#/permission/types/storage" }, "expected": false }, { "description": "Invalid - Levels includes a non #/permission/levels/* path", "expected": false, "input": { "level": "#/definitions/foo", "type": "#/permission/types/foo" } }, { "description": "Invalid - Types includes a non #/permission/types/* path", "expected": false, "input": { "level": "#/permission/levels/user", "type": "#/definitions/bar" } } ], ".turbot": { "uri": "tmod:@turbot/azure-iam#/definitions/azureLevelDefinition", "modUri": "tmod:@turbot/azure-iam" } }, ".turbot": { "uri": "tmod:@turbot/azure-iam#/definitions/azureLevelDefinitionList", "modUri": "tmod:@turbot/azure-iam" }}
azureModifier
{ "type": "object", "patternProperties": { "^[a-zA-Z](?:[a-zA-Z0-9.]*[a-zA-Z0-9][/.a-zA-Z0-9]+)(?:write|read|delete|action)$": { "type": "string", "pattern": "^user|metadata|readonly|admin|owner|operator|superuser", "tests": [ { "input": "metadata" }, { "input": "operator" }, { "description": "invalid - includes $", "input": "something", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/azure-iam#/definitions/azureModifierLevelReference", "modUri": "tmod:@turbot/azure-iam" } } }, "additionalProperties": false, "tests": [ { "description": "valid - base case", "input": { "Microsoft.Storage/storageAccounts/delete": "operator" } }, { "description": "invalid - level", "input": { "Microsoft.Storage/storageAccounts/delete": "some" }, "expected": false }, { "description": "invalid - perms", "input": { "Microsoft.Storage/storageAccounts": "operator" }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/azure-iam#/definitions/azureModifier", "modUri": "tmod:@turbot/azure-iam" }}
azureModifierLevelReference
{ "type": "string", "pattern": "^user|metadata|readonly|admin|owner|operator|superuser", "tests": [ { "input": "metadata" }, { "input": "operator" }, { "description": "invalid - includes $", "input": "something", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/azure-iam#/definitions/azureModifierLevelReference", "modUri": "tmod:@turbot/azure-iam" }}
azureModifierList
{ "default": [], "type": "array", "items": { "type": "object", "patternProperties": { "^[a-zA-Z](?:[a-zA-Z0-9.]*[a-zA-Z0-9][/.a-zA-Z0-9]+)(?:write|read|delete|action)$": { "type": "string", "pattern": "^user|metadata|readonly|admin|owner|operator|superuser", "tests": [ { "input": "metadata" }, { "input": "operator" }, { "description": "invalid - includes $", "input": "something", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/azure-iam#/definitions/azureModifierLevelReference", "modUri": "tmod:@turbot/azure-iam" } } }, "additionalProperties": false, "tests": [ { "description": "valid - base case", "input": { "Microsoft.Storage/storageAccounts/delete": "operator" } }, { "description": "invalid - level", "input": { "Microsoft.Storage/storageAccounts/delete": "some" }, "expected": false }, { "description": "invalid - perms", "input": { "Microsoft.Storage/storageAccounts": "operator" }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/azure-iam#/definitions/azureModifier", "modUri": "tmod:@turbot/azure-iam" } }, ".turbot": { "uri": "tmod:@turbot/azure-iam#/definitions/azureModifierList", "modUri": "tmod:@turbot/azure-iam" }}
azurePermissionLevelReference
{ "allOf": [ { "$ref": "turbot#/definitions/permissionLevelReference" }, { "pattern": "user|metadata|readonly|admin|owner|operator|none|whitelist|superuser$" } ], "tests": [ { "description": "valid permission type", "input": "tmod:@turbot/azure-storage#/permission/levels/admin" }, { "description": "invalid - azure permission type", "input": "tmod:@turbot/aws-s3#/permission/types/s3", "expected": false }, { "description": "invalid - category", "input": "tmod:@turbot/azure-storage#/control/types/bucketApproved", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/azure-iam#/definitions/azurePermissionLevelReference", "modUri": "tmod:@turbot/azure-iam" }}
azurePermissionReference
{ "allOf": [ { "$ref": "turbot#/definitions/permissionReference" }, { "pattern": "^[a-zA-Z](?:[a-zA-Z0-9.]*[a-zA-Z0-9])?/(?:[*]|[A-Za-z0-9]+)/(?:[*]|[a-zA-Z]+)[*]{0,1}$" } ], "tests": [ { "description": "valid", "input": "Microsoft.Storage/storageAccounts/write" }, { "description": "valid", "input": "microsoft.storage/storageAccounts/write" }, { "description": "valid", "input": "Microsoft.Storage/storageAccounts/*" }, { "description": "valid", "input": "Microsoft.Storage/StorageAccounts/Write" }, { "description": "valid", "input": "microsoft.storage/storageaccounts/write" }, { "description": "invalid - azure permission", "input": "some-:t", "expected": false }, { "description": "invalid - no space", "input": "Microsoft.Storage /storageAccounts/write", "expected": false }, { "description": "invalid - should not start with -", "input": "-Microsoft.Storage/storageAccounts/write", "expected": false }, { "description": "invalid - should not end with multiple **", "input": "Microsoft.Storage/storageAccounts/d**", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/azure-iam#/definitions/azurePermissionReference", "modUri": "tmod:@turbot/azure-iam" }}
azurePermissionTypeReference
{ "allOf": [ { "$ref": "turbot#/definitions/permissionTypeReference" }, { "pattern": "^tmod:@turbot/azure" } ], "tests": [ { "description": "valid permission type", "input": "tmod:@turbot/azure-storage#/permission/types/storage" }, { "description": "invalid - azure permission type", "input": "tmod:@turbot/aws-s3#/permission/types/s3", "expected": false }, { "description": "invalid - category", "input": "tmod:@turbot/azure-storage#/control/types/bucketApproved", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/azure-iam#/definitions/azurePermissionTypeReference", "modUri": "tmod:@turbot/azure-iam" }}
azureRightDefinition
{ "description": "Internal format for Guardrails Rights registrations.", "type": "object", "properties": { "level": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "user|metadata|readonly|admin|owner|operator|none|whitelist|superuser$" }, "type": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "^tmod:@turbot/azure" }, "permission": { "type": "string", "pattern": "^[a-zA-Z](?:[a-zA-Z0-9.]*[a-zA-Z0-9])?/(?:[*]|[A-Za-z0-9]+)/(?:[*]|[a-zA-Z]+)[*]{0,1}$" } }, "required": [ "level", "type", "permission" ], "additionalProperties": false, "tests": [ { "description": "Valid right definition", "input": { "level": "tmod:@turbot/azure-storage#/permission/levels/admin", "type": "tmod:@turbot/azure-storage#/permission/types/storage", "permission": "Microsoft.Storage/storageAccounts/delete" } }, { "description": "invalid type definition", "input": { "level": "tmod:@turbot/azure-storage#/permission/levels/admin", "type": "tmod:@turbot/aws-storage#/permission/types/s3", "permission": "Microsoft.Storage/storageAccounts/delete" }, "expected": false }, { "description": "Invalid - Levels includes a non #/permission/levels/* path", "expected": false, "input": { "level": "#/definitions/foo", "type": "#/permission/types/foo", "permission": "Microsoft.Storage/storageAccounts/delete" } }, { "description": "Invalid - Types includes a non #/permission/types/* path", "expected": false, "input": { "level": "#/permission/levels/user", "type": "#/definitions/bar", "permission": "Microsoft.Storage/storageAccounts/delete" } } ], ".turbot": { "uri": "tmod:@turbot/azure-iam#/definitions/azureRightDefinition", "modUri": "tmod:@turbot/azure-iam" }}
azureRightDefinitionList
{ "description": "Internal format for Guardrails Rights registrations.", "type": "array", "items": { "description": "Internal format for Guardrails Rights registrations.", "type": "object", "properties": { "level": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "user|metadata|readonly|admin|owner|operator|none|whitelist|superuser$" }, "type": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "^tmod:@turbot/azure" }, "permission": { "type": "string", "pattern": "^[a-zA-Z](?:[a-zA-Z0-9.]*[a-zA-Z0-9])?/(?:[*]|[A-Za-z0-9]+)/(?:[*]|[a-zA-Z]+)[*]{0,1}$" } }, "required": [ "level", "type", "permission" ], "additionalProperties": false, "tests": [ { "description": "Valid right definition", "input": { "level": "tmod:@turbot/azure-storage#/permission/levels/admin", "type": "tmod:@turbot/azure-storage#/permission/types/storage", "permission": "Microsoft.Storage/storageAccounts/delete" } }, { "description": "invalid type definition", "input": { "level": "tmod:@turbot/azure-storage#/permission/levels/admin", "type": "tmod:@turbot/aws-storage#/permission/types/s3", "permission": "Microsoft.Storage/storageAccounts/delete" }, "expected": false }, { "description": "Invalid - Levels includes a non #/permission/levels/* path", "expected": false, "input": { "level": "#/definitions/foo", "type": "#/permission/types/foo", "permission": "Microsoft.Storage/storageAccounts/delete" } }, { "description": "Invalid - Types includes a non #/permission/types/* path", "expected": false, "input": { "level": "#/permission/levels/user", "type": "#/definitions/bar", "permission": "Microsoft.Storage/storageAccounts/delete" } } ], ".turbot": { "uri": "tmod:@turbot/azure-iam#/definitions/azureRightDefinition", "modUri": "tmod:@turbot/azure-iam" } }, ".turbot": { "uri": "tmod:@turbot/azure-iam#/definitions/azureRightDefinitionList", "modUri": "tmod:@turbot/azure-iam" }}
iam
{ "allOf": [ { "$ref": "turbot#/definitions/service" }, { "type": "object", "properties": { "name": { "const": "IAM" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/iamAka" } }, "title": { "const": "IAM" }, "custom": { "type": "object", "properties": { "azure": { "$ref": "azure#/definitions/azureMetadata" } } } } } }, "required": [ "name", "turbot" ], "additionalProperties": true, "tests": [ { "description": "Valid - base test", "input": { "name": "IAM", "turbot": { "akas": [ "azure:///subscriptions/9e3548cf-17e2-4751-b87e-b72bdd2c77f7/providers/Microsoft.Authorization/services/iam" ], "title": "IAM", "custom": { "azure": { "subscriptionId": "9e3548cf-17e2-4751-b87e-b72bdd2c77f7" } } } } }, { "description": "invalid - lowercase", "input": { "name": "iam", "turbot": { "akas": [ "azure:///subscriptions/9e3548cf-17e2-4751-b87e-b72bdd2c77f7/providers/Microsoft.Authorization" ], "title": "IAM", "custom": { "azure": { "subscriptionId": "9e3548cf-17e2-4751-b87e-b72bdd2c77f7" } } } }, "expected": false } ] } ], ".turbot": { "uri": "tmod:@turbot/azure-iam#/definitions/iam", "modUri": "tmod:@turbot/azure-iam" }}
iamAka
{ "type": "string", "pattern": "^azure:///subscriptions/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/providers/Microsoft.Authorization/services/iam$", "tests": [ { "description": "base", "input": "azure:///subscriptions/9e3548cf-17e2-4751-b87e-b72bdd2c77f7/providers/Microsoft.Authorization/services/iam" }, { "description": "invalid aka", "input": "gcp://serviceusage.googleapis.com/projects/cse-legolas-2/services/compute.googleapis.com", "expected": false }, { "description": "invalid aka", "input": "aws://serviceusage.googleapis.com/projects/cse-legolas-2/services/compute.googleapis.com", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/azure-iam#/definitions/iamAka", "modUri": "tmod:@turbot/azure-iam" }}
id
{ "type": "string", "pattern": "^/subscriptions/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/providers/Microsoft.Authorization/roleDefinitions/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$", "tests": [ { "description": "base", "input": "/subscriptions/9e3548cf-17e2-4751-b87e-b72bdd2c77f7/providers/Microsoft.Authorization/roleDefinitions/5cb5a48e-ee01-40ba-a5e6-8f7114930866" }, { "description": "invalid id", "input": "/9e3548cf-17e2-4751-b87e-b72bdd2c77f7/providers/Microsoft.Authorization/roleDefinitions/5cb5a48e-ee01-40ba-a5e6-8f7114930866", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/azure-iam#/definitions/id", "modUri": "tmod:@turbot/azure-iam" }}
roleAka
{ "type": "string", "pattern": "^azure:///subscriptions/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/providers/Microsoft.Authorization/roleDefinitions/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}", "tests": [ { "description": "base", "input": "azure:///subscriptions/9e3548cf-17e2-4751-b87e-b72bdd2c77f7/providers/Microsoft.Authorization/roleDefinitions/5cb5a48e-ee01-40ba-a5e6-8f7114930866" }, { "description": "invalid aka", "input": "gcp://serviceusage.googleapis.com/projects/cse-legolas-2/services/compute.googleapis.com", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/azure-iam#/definitions/roleAka", "modUri": "tmod:@turbot/azure-iam" }}
roleAssignment
{ "type": "object", "properties": { "name": { "$ref": "#/definitions/roleAssignmentName" }, "id": { "$ref": "#/definitions/roleAssignmentId" }, "scope": { "type": "string" }, "roleDefinitionId": { "type": "string" }, "principalId": { "type": "string" }, "principalType": { "type": "string" }, "turbot": { "type": "object", "properties": { "title": { "$ref": "#/definitions/roleAssignmentName" }, "akas": { "type": "array", "items": { "$ref": "#/definitions/roleAssignmentAka" } }, "custom": { "type": "object", "properties": { "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" }, "azure": { "$ref": "azure#/definitions/azureMetadata" } } } } } }, "additionalProperties": true, "tests": [ { "description": "Valid - All properties given", "input": { "name": "b3ce4fa8-c8d0-4adc-85f9-a2aa7b1a7387", "id": "/subscriptions/3510ae4d-530b-497d-8f30-53b9616fc6c1/providers/Microsoft.Authorization/roleAssignments/b3ce4fa8-c8d0-4adc-85f9-a2aa7b1a7387", "turbot": { "title": "b3ce4fa8-c8d0-4adc-85f9-a2aa7b1a7387", "akas": [ "azure:///subscriptions/3510ae4d-530b-497d-8f30-53b9616fc6c1/providers/Microsoft.Authorization/roleAssignments/b3ce4fa8-c8d0-4adc-85f9-a2aa7b1a7387" ], "custom": { "azure": { "subscriptionId": "3510ae4d-530b-497d-8f30-53b9616fc6c1", "resourceGroupName": "test" } } } } }, { "description": "invalid - required field name missing", "input": { "id": "/subscriptions/3510ae4d-530b-497d-8f30-53b9616fc6c1/providers/Microsoft.Authorization/roleAssignments/b3ce4fa8-c8d0-4adc-85f9-a2aa7b1a7387", "turbot": { "title": "b3ce4fa8-c8d0-4adc-85f9-a2aa7b1a7387", "azure": { "subscriptionId": "3510ae4d-530b-497d-8f30-53b9616fc6c1", "resourceGroupName": "test" } } } } ], ".turbot": { "uri": "tmod:@turbot/azure-iam#/definitions/roleAssignment", "modUri": "tmod:@turbot/azure-iam" }}
roleAssignmentAka
{ "type": "string", "pattern": "^azure:///subscriptions/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(.*?)/providers/Microsoft.Authorization/roleAssignments/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$", "tests": [ { "input": "azure:///subscriptions/3510ae4d-530b-497d-8f30-53b9616fc6c1/providers/Microsoft.Authorization/roleAssignments/cd8d1bc1-0e12-4539-81bd-6ce5ac34a298" }, { "input": "azure:///subscriptions/3510ae4d-530b-497d-8f30-53b9616fc6c1/resourceGroups/test/providers/Microsoft.Storage/storageAccounts/routertest1/providers/Microsoft.Authorization/roleAssignments/9f231564-be95-4966-b132-fa65f714e2ae" }, { "input": "azure:///subscriptions/3510ae4d-530b-497d-8f30-53b9616fc6c1/resourceGroups/test/providers/Microsoft.Authorization/roleAssignments/b2892d02-2e74-4757-8493-f8189e3f8747" }, { "description": "invalid - subscription id should not contain special character", "input": "/subscriptions/35@0ae4d-530b-497d-8f30-53b9616fc6c1/providers/Microsoft.Authorization/roleAssignments/a2870dcd-521e-42fd-8cab-d5d8a9fc1d61", "expected": false }, { "description": "invalid - subscription id should not contain underscore", "input": "/subscriptions/3510ae4d_530b-497d-8f30-53b9616fc6c1/providers/Microsoft.Authorization/roleAssignments/a2870dcd-521e-42fd-8cab-d5d8a9fc1d61", "expected": false }, { "description": "invalid - empty string", "input": "", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/azure-iam#/definitions/roleAssignmentAka", "modUri": "tmod:@turbot/azure-iam" }}
roleAssignmentId
{ "type": "string", "pattern": "^/subscriptions/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(.*?)/providers/Microsoft.Authorization/roleAssignments/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$", "tests": [ { "input": "/subscriptions/3510ae4d-530b-497d-8f30-53b9616fc6c1/providers/Microsoft.Authorization/roleAssignments/b3ce4fa8-c8d0-4adc-85f9-a2aa7b1a7387" }, { "input": "/subscriptions/3510ae4d-530b-497d-8f30-53b9616fc6c1/resourceGroups/test/providers/Microsoft.Authorization/roleAssignments/b2892d02-2e74-4757-8493-f8189e3f8747" }, { "input": "/subscriptions/3510ae4d-530b-497d-8f30-53b9616fc6c1/resourceGroups/test/providers/Microsoft.Storage/storageAccounts/routertest1/providers/Microsoft.Authorization/roleAssignments/9f231564-be95-4966-b132-fa65f714e2ae" }, { "description": "invalid - subscription id should not contain special character", "input": "/subscriptions/35@0ae4d-530b-497d-8f30-53b9616fc6c1/providers/Microsoft.Authorization/roleAssignments/a2870dcd-521e-42fd-8cab-d5d8a9fc1d61", "expected": false }, { "description": "invalid - subscription id should not contain underscore", "input": "/subscriptions/3510ae4d_530b-497d-8f30-53b9616fc6c1/providers/Microsoft.Authorization/roleAssignments/a2870dcd-521e-42fd-8cab-d5d8a9fc1d61", "expected": false }, { "description": "invalid - empty string", "input": "", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/azure-iam#/definitions/roleAssignmentId", "modUri": "tmod:@turbot/azure-iam" }}
roleAssignmentName
{ "type": "string", "pattern": "[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}", "tests": [ { "input": "12345678-a12b-c34d-e56f-abcdefab1234" }, { "input": "00000000-0000-0000-0000-000000000000" }, { "description": "invalid - pattern should not contain special character", "input": "12345678-a12b-c34d-e56f+bcdefab1234", "expected": false }, { "description": "invalid - should not contain underscore", "input": "12345678-a12b-c34d-e56f_abcdefab1234", "expected": false }, { "description": "invalid - should not start with uppercase", "input": "A61498f8-9caa-42de-9f6e-532bd0fe9f9b", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/azure-iam#/definitions/roleAssignmentName", "modUri": "tmod:@turbot/azure-iam" }}
roleAssignmentServiceNow
{ "defaultColumns": { "id": { "column": "enabled", "label": "ID" }, "role_assignment_name": { "column": "enabled", "label": "Name", "path": "data.name" }, "principal_id": { "column": "enabled", "label": "Principal ID" }, "principalType": { "column": "enabled", "label": "Principal Type" }, "roleDefinitionId": { "column": "enabled", "label": "Role Definition ID" }, "scope": { "column": "enabled", "label": "Scope" }, "subscription_id": { "column": "enabled", "label": "Subscription ID", "path": "metadata.azure.subscriptionId" }, "type": { "column": "enabled", "label": "Type" } }, ".turbot": { "uri": "tmod:@turbot/azure-iam#/definitions/roleAssignmentServiceNow", "modUri": "tmod:@turbot/azure-iam" }}
roleDefinition
{ "type": "object", "properties": { "id": { "$ref": "#/definitions/id" }, "roleName": { "$ref": "#/definitions/roleName" }, "name": { "$ref": "#/definitions/roleDefinitionId" }, "description": { "type": "string" }, "roleType": { "type": "string" }, "permissions": { "type": "array" }, "assignableScopes": { "type": "array" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/roleAka" } }, "custom": { "type": "object", "properties": { "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" }, "azure": { "$ref": "azure#/definitions/azureMetadata" } } } } } }, "additionalProperties": true, "tests": [ { "description": "all properties provided", "input": { "name": "516239f1-63e1-4d78-a4de-a74fb236a071", "roleName": "Custom role 1", "turbot": { "akas": [ "azure:///subscriptions/9e3548cf-17e2-4751-b87e-b72bdd2c77f7/providers/Microsoft.Authorization/roleDefinitions/5cb5a48e-ee01-40ba-a5e6-8f7114930866" ], "custom": { "azure": { "subscriptionId": "9e3548cf-17e2-4751-b87e-b72bdd2c77f7" } } } } }, { "description": "invalid - missing required property name", "input": { "turbot": { "akas": [ "azure:///subscriptions/9e3548cf-17e2-4751-b87e-b72bdd2c77f7/providers/Microsoft.Authorization/roleDefinitions/" ], "custom": { "azure": { "subscriptionId": "9e3548cf-17e2-4751-b87e-b72bdd2c77f7" } } } }, "expected": false }, { "description": "invalid - missing required property roleName", "input": { "name": "516239f1-63e1-4d78-a4de-a74fb236a071", "turbot": { "akas": [ "azure:///subscriptions/9e3548cf-17e2-4751-b87e-b72bdd2c77f7/providers/Microsoft.Authorization/roleDefinitions/516239f1-63e1-4d78-a4de-a74fb236a071" ], "custom": { "azure": { "subscriptionId": "9e3548cf-17e2-4751-b87e-b72bdd2c77f7" } } } } } ], ".turbot": { "uri": "tmod:@turbot/azure-iam#/definitions/roleDefinition", "modUri": "tmod:@turbot/azure-iam" }}
roleDefinitionId
{ "type": "string", "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$", "tests": [], ".turbot": { "uri": "tmod:@turbot/azure-iam#/definitions/roleDefinitionId", "modUri": "tmod:@turbot/azure-iam" }}
roleDefinitionServiceNow
{ "defaultColumns": { "assignable_scopes": { "column": "enabled", "label": "Assignable Scopes", "type": "string", "size": 1000 }, "description": { "column": "enabled", "label": "Description" }, "id": { "column": "enabled", "label": "ID" }, "permissions": { "column": "enabled", "type": "string", "size": 1000 }, "role_definition_name": { "column": "enabled", "label": "Name", "path": "data.name" }, "role_name": { "column": "enabled", "label": "Role Name" }, "role_type": { "column": "enabled", "label": "Role Type" }, "subscription_id": { "column": "enabled", "label": "Subscription ID", "path": "metadata.azure.subscriptionId" } }, ".turbot": { "uri": "tmod:@turbot/azure-iam#/definitions/roleDefinitionServiceNow", "modUri": "tmod:@turbot/azure-iam" }}
roleName
{ "type": "string", "pattern": "^[^\\\\]*$", "tests": [ { "description": "base", "input": "Some ®@nNdom name @#$#@%$% with anything" }, { "description": "Invalid role name if \"\\\" in it", "input": "Some ®@nN\\dom name @#$#@%$% with anything", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/azure-iam#/definitions/roleName", "modUri": "tmod:@turbot/azure-iam" }}
turbotAzureLevelDefinitionList
{ "description": "Internal format for Guardrails Azure Levels registrations.", "type": "array", "items": { "description": "Internal format for Guardrails Levels.", "type": "object", "properties": { "level": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "user|metadata|readonly|admin|owner|operator|none|whitelist|superuser$" }, "type": { "type": "string", "format": "uri-reference", ".turbot": { "uri": "tmod:@turbot/turbot#/definitions/$ref", "modUri": "tmod:@turbot/turbot" }, "pattern": "^tmod:@turbot/azure" } }, "required": [ "level", "type" ], "additionalProperties": false, "tests": [ { "description": "Valid level definition", "input": { "level": "tmod:@turbot/azure-storage#/permission/levels/admin", "type": "tmod:@turbot/azure-storage#/permission/types/storage" } }, { "description": "invalid type definition", "input": { "level": "tmod:@turbot/azure-storage#/permission/levels/admin", "type": "tmod:@turbot/aws-storage#/permission/types/storage" }, "expected": false }, { "description": "Invalid - Levels includes a non #/permission/levels/* path", "expected": false, "input": { "level": "#/definitions/foo", "type": "#/permission/types/foo" } }, { "description": "Invalid - Types includes a non #/permission/types/* path", "expected": false, "input": { "level": "#/permission/levels/user", "type": "#/definitions/bar" } } ], ".turbot": { "uri": "tmod:@turbot/azure-iam#/definitions/azureLevelDefinition", "modUri": "tmod:@turbot/azure-iam" } }, ".turbot": { "uri": "tmod:@turbot/azure-iam#/definitions/turbotAzureLevelDefinitionList", "modUri": "tmod:@turbot/azure-iam" }}