TABLE OF CONTENTS


Introduction 

In the context of RBAC, resources are grouped into categories: Artifacts (of applications), Workloads (containers), and Infrastructure (elements). Each category is subdivided into specific types of resources. Each resource type can be specified by the use of attributes.


Aqua Enterprise defines these resources, grouped by category.


The brand name VMware Tanzu has replaced Pivotal. The latter term may still be used in application scope definitions, e.g., PAS (Pivotal Application Service) instead of TAS (Tanzu Application Service).



Artifacts

An artifact is an application. It can be an image (for a container, not a CF application); a serverless function; a Tanzu Application Service (TAS) droplet; or a source code repository in an SCM (Source Code Management) tool for the Supply Chain Security module.


Resource typeAttributeUsage
ImageRegistryName of a registry as defined in Aqua
Repository

Image repository name


Example: 

In registry.aquasec.com/server:6.2, the repository name is server.

FunctionServerless AppName of a serverless application defined in Aqua
NameFunction name
Tag

Serverless function tag


Note: 

A tag name and value must be specified.

TAS (PAS) dropletBlobstoreName of the Cloud Controller blobstore in which the TAS droplet resides
Code BuildSource Code Management Name of the Source Code Management tool such as GitHub or GitLab
OrganizationName of the organization in the Source Code Management tool
TopicThis field is used to select a topic which is a group of repositories with a common attribute in your Source Code Management tool for a specific requirement
RepositoryName of the repository in the Source Code Management tool

Workloads

A workload is a running container. It can run in a Kubernetes cluster, on a VM (no orchestrator), or under Tanzu Application Service (TAS).


Resource typeAttributeUsage
KubernetesCluster NameName of a Kubernetes cluster on which a container is running
Namespace

Kubernetes namespace in which a container is running


No OrchestratorContainer NameName of a container running on a VM
Enforcer GroupName of an Aqua Enforcer group associated with the VM on which the container is running
Host NameHost name of the VM on which the container is running
TAS (PAS)OrganizationName of a Tanzu organization (org) associated with the container
SpaceName of a Cloud Foundry space associated with the container



Infrastructure

An infrastructure resource is an element of a computing environment on which a workload is orchestrated and run. It can be a host (VM) or a Kubernetes cluster.


Resource typeAttributeUsage
HostEnforcer GroupName of an Aqua Enforcer group associated with the host (VM)
KubernetesCluster NameName of a Kubernetes cluster in which the host (VM) is running