From 43534b1df107d2dd0c7e96f5b1fcaf2fff73b600 Mon Sep 17 00:00:00 2001 From: Amit Lichtenberg Date: Mon, 18 Mar 2024 20:21:10 +0200 Subject: [PATCH] Document Azure Key Vault permissions support --- docs/features/azure-iam/index.mdx | 13 +++++++++++++ docs/features/azure-iam/reference.mdx | 13 +++++++++++++ .../azure-iam-aks/clientintents.yaml | 16 ++++++++++++++++ 3 files changed, 42 insertions(+) diff --git a/docs/features/azure-iam/index.mdx b/docs/features/azure-iam/index.mdx index 57c38d971..21dfd20a3 100644 --- a/docs/features/azure-iam/index.mdx +++ b/docs/features/azure-iam/index.mdx @@ -52,6 +52,19 @@ spec: type: azure azureRoles: - "Storage Blob Data Contributor" + - name: "/providers/Microsoft.KeyVault/vaults/otterizetutorialazureiamkeyvault" + type: azure + # Optional - Grant Azure Key Vault data plane access by using Key Vault access policy + azureKeyVaultPolicy: + certificatePermissions: + - "all" + keyPermissions: + - "all" + secretPermissions: + - "all" + storagePermissions: + - "get" + - "list" ``` ### Automatically generating ClientIntents for Azure IAM diff --git a/docs/features/azure-iam/reference.mdx b/docs/features/azure-iam/reference.mdx index 99686d439..046b9da79 100644 --- a/docs/features/azure-iam/reference.mdx +++ b/docs/features/azure-iam/reference.mdx @@ -21,6 +21,19 @@ spec: # one or more Azure roles that will be provided to the specified resources azureRoles: - "Storage Blob Data Contributor" + - name: "/providers/Microsoft.KeyVault/vaults/otterizetutorialazureiamkeyvault" + type: azure + # Optional - Grant Azure Key Vault data plane access by using Key Vault access policy + azureKeyVaultPolicy: + certificatePermissions: + - "all" + keyPermissions: + - "all" + secretPermissions: + - "all" + storagePermissions: + - "get" + - "list" ``` ### Annotations diff --git a/static/code-examples/azure-iam-aks/clientintents.yaml b/static/code-examples/azure-iam-aks/clientintents.yaml index 5e2b1bcac..58fcd6a0f 100644 --- a/static/code-examples/azure-iam-aks/clientintents.yaml +++ b/static/code-examples/azure-iam-aks/clientintents.yaml @@ -11,3 +11,19 @@ spec: type: azure azureRoles: - "Storage Blob Data Contributor" + - name: "/providers/Microsoft.KeyVault/vaults/amitlichttestkeyvault" + type: azure + azureKeyVaultPolicy: + certificatePermissions: + - "all" + keyPermissions: + - "all" + secretPermissions: + - "all" + storagePermissions: + - "get" + - "delete" + + + +