RBAC Resources
TABLE OF CONTENTS
Introduction
In the context of RBAC, resources are grouped into categories: Artifacts (of applications), Workloads (containers), and Infrastructure (elements). Each category is subdivided into specific types of resources. Each resource type can be specified by the use of attributes.
Aqua Enterprise defines these resources, grouped by category.
The brand name VMware Tanzu has replaced Pivotal. The latter term may still be used in application scope definitions, e.g., PAS (Pivotal Application Service) instead of TAS (Tanzu Application Service).
Artifacts
An artifact is an application. It can be an image (for a container, not a CF application); a serverless function; a Tanzu Application Service (TAS) droplet; or a source code repository in an SCM (Source Code Management) tool for the Supply Chain Security module.
| Resource type | Attribute | Usage |
|---|---|---|
| Image | Registry | Name of a registry as defined in Aqua |
| Repository | Image repository name Example: In registry.aquasec.com/server:6.2, the repository name is server. | |
| Function | Serverless App | Name of a serverless application defined in Aqua |
| Name | Function name | |
| Tag | Serverless function tag Note: A tag name and value must be specified. | |
| TAS (PAS) droplet | Blobstore | Name of the Cloud Controller blobstore in which the TAS droplet resides |
| Code Build | Source Code Management | Name of the Source Code Management tool such as GitHub or GitLab |
| Organization | Name of the organization in the Source Code Management tool | |
| Topic | This field is used to select a topic which is a group of repositories with a common attribute in your Source Code Management tool for a specific requirement | |
| Repository | Name of the repository in the Source Code Management tool |
Workloads
A workload is a running container. It can run in a Kubernetes cluster, on a VM (no orchestrator), or under Tanzu Application Service (TAS).
| Resource type | Attribute | Usage |
|---|---|---|
| Kubernetes | Cluster Name | Name of a Kubernetes cluster on which a container is running |
| Namespace | Kubernetes namespace in which a container is running | |
| No Orchestrator | Container Name | Name of a container running on a VM |
| Enforcer Group | Name of an Aqua Enforcer group associated with the VM on which the container is running | |
| Host Name | Host name of the VM on which the container is running | |
| TAS (PAS) | Organization | Name of a Tanzu organization (org) associated with the container |
| Space | Name of a Cloud Foundry space associated with the container |
Infrastructure
An infrastructure resource is an element of a computing environment on which a workload is orchestrated and run. It can be a host (VM) or a Kubernetes cluster.
| Resource type | Attribute | Usage |
|---|---|---|
| Host | Enforcer Group | Name of an Aqua Enforcer group associated with the host (VM) |
| Kubernetes | Cluster Name | Name of a Kubernetes cluster in which the host (VM) is running |
Did you find it helpful? Yes No
Send feedback