🌱 Add support for wildcards by using az to fetch a list of all permissions
#274
Assignees
Labels
enhancement
Enhancement to an existing feature
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
When we originally created the RBAC rule, we believed we could not support wildcards in the actions specified because in order to come up with an algorithm that would work, we'd need to have the full list of possible actions. We did not know where to find this data.
Since then, we've realized that you can get a full list of actions using the
azCLI by running:This outputs a list of all permissions (permission == action == operation).
We have so far not found an API equivalent to this. The APIs we have found so far appear to return only partial data. That command, in contrast, appears to return complete data, omitting only operations no longer supported by resource providers (present in older API versions but now removed).
We may be able to embed
azin the plugin program and invoke it using the subscription used to authenticate the plugin. We could then parse the output and store it temporarily (perhaps in memory until the pod shuts down). Then, we could change the implementation of the RBAC rule service to use a new algorithm and to support wildcards.The text was updated successfully, but these errors were encountered: