From 36d57fe5eb66075d0e4c8028e255ef3f63c7b19b Mon Sep 17 00:00:00 2001 From: Karl Cardenas <29551334+karl-cardenas-coding@users.noreply.github.com> Date: Wed, 11 Sep 2024 14:54:06 -0700 Subject: [PATCH] docs: DOC-1375 (#3873) (cherry picked from commit 1ff398a9518450ce32a49a5b27f14257b3ceab89) --- .../azure/required-permissions.md | 599 +++++++++--------- 1 file changed, 307 insertions(+), 292 deletions(-) diff --git a/docs/docs-content/clusters/public-cloud/azure/required-permissions.md b/docs/docs-content/clusters/public-cloud/azure/required-permissions.md index 7849ba25a7..a48c5eca79 100644 --- a/docs/docs-content/clusters/public-cloud/azure/required-permissions.md +++ b/docs/docs-content/clusters/public-cloud/azure/required-permissions.md @@ -78,86 +78,89 @@ dynamically creates the network resources required for your cluster. dynamically in Palette. ```shell - echo "{ - \"Name\": \"Dynamic Placement Palette Deployer\", - \"IsCustom\": true, - \"Description\": \"Can deploy Azure IaaS clusters using dynamic placement with Palette.\", - \"Actions\": [ - \"Microsoft.Compute/disks/delete\", - \"Microsoft.Compute/disks/read\", - \"Microsoft.Compute/disks/write\", - \"Microsoft.Compute/galleries/images/read\", - \"Microsoft.Compute/galleries/images/versions/read\", - \"Microsoft.Compute/galleries/images/versions/write\", - \"Microsoft.Compute/galleries/images/write\", - \"Microsoft.Compute/galleries/read\", - \"Microsoft.Compute/galleries/write\", - \"Microsoft.Compute/images/read\", - \"Microsoft.Compute/images/write\", - \"Microsoft.Compute/virtualMachines/delete\", - \"Microsoft.Compute/virtualMachines/extensions/delete\", - \"Microsoft.Compute/virtualMachines/extensions/read\", - \"Microsoft.Compute/virtualMachines/extensions/write\", - \"Microsoft.Compute/virtualMachines/read\", - \"Microsoft.Compute/virtualMachines/write\", - \"Microsoft.Network/loadBalancers/backendAddressPools/join/action\", - \"Microsoft.Network/loadBalancers/delete\", - \"Microsoft.Network/loadBalancers/inboundNatRules/delete\", - \"Microsoft.Network/loadBalancers/inboundNatRules/join/action\", - \"Microsoft.Network/loadBalancers/inboundNatRules/read\", - \"Microsoft.Network/loadBalancers/inboundNatRules/write\", - \"Microsoft.Network/loadBalancers/read\", - \"Microsoft.Network/loadBalancers/write\", - \"Microsoft.Network/networkInterfaces/delete\", - \"Microsoft.Network/networkInterfaces/join/action\", - \"Microsoft.Network/networkInterfaces/read\", - \"Microsoft.Network/networkInterfaces/write\", - \"Microsoft.Network/networkSecurityGroups/read\", - \"Microsoft.Network/networkSecurityGroups/securityRules/delete\", - \"Microsoft.Network/networkSecurityGroups/securityRules/read\", - \"Microsoft.Network/networkSecurityGroups/securityRules/write\", - \"Microsoft.Network/privateDnsZones/A/delete\", - \"Microsoft.Network/privateDnsZones/A/read\", - \"Microsoft.Network/privateDnsZones/A/write\", - \"Microsoft.Network/privateDnsZones/delete\", - \"Microsoft.Network/privateDnsZones/read\", - \"Microsoft.Network/privateDnsZones/virtualNetworkLinks/delete\", - \"Microsoft.Network/privateDnsZones/virtualNetworkLinks/read\", - \"Microsoft.Network/privateDnsZones/virtualNetworkLinks/write\", - \"Microsoft.Network/privateDnsZones/write\", - \"Microsoft.Network/publicIPAddresses/delete\", - \"Microsoft.Network/publicIPAddresses/join/action\", - \"Microsoft.Network/publicIPAddresses/read\", - \"Microsoft.Network/publicIPAddresses/write\", - \"Microsoft.Network/routeTables/delete\", - \"Microsoft.Network/routeTables/read\", - \"Microsoft.Network/routeTables/write\", - \"Microsoft.Network/virtualNetworks/delete\", - \"Microsoft.Network/virtualNetworks/join/action\", - \"Microsoft.Network/virtualNetworks/join/action\", - \"Microsoft.Network/virtualNetworks/joinLoadBalancer/action\", - \"Microsoft.Network/virtualNetworks/peer/action\", - \"Microsoft.Network/virtualNetworks/read\", - \"Microsoft.Network/virtualNetworks/subnets/delete\", - \"Microsoft.Network/virtualNetworks/subnets/join/action\", - \"Microsoft.Network/virtualNetworks/subnets/joinLoadBalancer/action\", - \"Microsoft.Network/virtualNetworks/subnets/read\", - \"Microsoft.Network/virtualNetworks/subnets/virtualMachines/read\", - \"Microsoft.Network/virtualNetworks/subnets/write\", - \"Microsoft.Network/virtualNetworks/virtualMachines/read\", - \"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/delete\", - \"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read\", - \"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write\", - \"Microsoft.Network/virtualNetworks/write\", - \"Microsoft.Resources/subscriptions/resourceGroups/read\", - \"Microsoft.Storage/storageAccounts/blobServices/containers/read\", - \"Microsoft.Storage/storageAccounts/blobServices/containers/write\", - \"Microsoft.Storage/storageAccounts/read\", - \"Microsoft.Storage/storageAccounts/write\" + cat << EOF > dynamic-permissions.json + { + "Name": "Dynamic Placement Palette Deployer", + "IsCustom": true, + "Description": "Can deploy Azure IaaS clusters using dynamic placement with Palette.", + "Actions": [ + "Microsoft.Compute/disks/delete", + "Microsoft.Compute/disks/read", + "Microsoft.Compute/disks/write", + "Microsoft.Compute/galleries/images/read", + "Microsoft.Compute/galleries/images/versions/read", + "Microsoft.Compute/galleries/images/versions/write", + "Microsoft.Compute/galleries/images/write", + "Microsoft.Compute/galleries/read", + "Microsoft.Compute/galleries/write", + "Microsoft.Compute/images/read", + "Microsoft.Compute/images/write", + "Microsoft.Compute/virtualMachines/delete", + "Microsoft.Compute/virtualMachines/extensions/delete", + "Microsoft.Compute/virtualMachines/extensions/read", + "Microsoft.Compute/virtualMachines/extensions/write", + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/virtualMachines/write", + "Microsoft.Network/loadBalancers/backendAddressPools/join/action", + "Microsoft.Network/loadBalancers/delete", + "Microsoft.Network/loadBalancers/inboundNatRules/delete", + "Microsoft.Network/loadBalancers/inboundNatRules/join/action", + "Microsoft.Network/loadBalancers/inboundNatRules/read", + "Microsoft.Network/loadBalancers/inboundNatRules/write", + "Microsoft.Network/loadBalancers/read", + "Microsoft.Network/loadBalancers/write", + "Microsoft.Network/networkInterfaces/delete", + "Microsoft.Network/networkInterfaces/join/action", + "Microsoft.Network/networkInterfaces/read", + "Microsoft.Network/networkInterfaces/write", + "Microsoft.Network/networkSecurityGroups/read", + "Microsoft.Network/networkSecurityGroups/securityRules/delete", + "Microsoft.Network/networkSecurityGroups/securityRules/read", + "Microsoft.Network/networkSecurityGroups/securityRules/write", + "Microsoft.Network/privateDnsZones/A/delete", + "Microsoft.Network/privateDnsZones/A/read", + "Microsoft.Network/privateDnsZones/A/write", + "Microsoft.Network/privateDnsZones/delete", + "Microsoft.Network/privateDnsZones/read", + "Microsoft.Network/privateDnsZones/virtualNetworkLinks/delete", + "Microsoft.Network/privateDnsZones/virtualNetworkLinks/read", + "Microsoft.Network/privateDnsZones/virtualNetworkLinks/write", + "Microsoft.Network/privateDnsZones/write", + "Microsoft.Network/publicIPAddresses/delete", + "Microsoft.Network/publicIPAddresses/join/action", + "Microsoft.Network/publicIPAddresses/read", + "Microsoft.Network/publicIPAddresses/write", + "Microsoft.Network/routeTables/delete", + "Microsoft.Network/routeTables/read", + "Microsoft.Network/routeTables/write", + "Microsoft.Network/virtualNetworks/delete", + "Microsoft.Network/virtualNetworks/join/action", + "Microsoft.Network/virtualNetworks/join/action", + "Microsoft.Network/virtualNetworks/joinLoadBalancer/action", + "Microsoft.Network/virtualNetworks/peer/action", + "Microsoft.Network/virtualNetworks/read", + "Microsoft.Network/virtualNetworks/subnets/delete", + "Microsoft.Network/virtualNetworks/subnets/join/action", + "Microsoft.Network/virtualNetworks/subnets/joinLoadBalancer/action", + "Microsoft.Network/virtualNetworks/subnets/read", + "Microsoft.Network/virtualNetworks/subnets/virtualMachines/read", + "Microsoft.Network/virtualNetworks/subnets/write", + "Microsoft.Network/virtualNetworks/virtualMachines/read", + "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/delete", + "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read", + "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write", + "Microsoft.Network/virtualNetworks/write", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Storage/storageAccounts/blobServices/containers/read", + "Microsoft.Storage/storageAccounts/blobServices/containers/write", + "Microsoft.Storage/storageAccounts/read", + "Microsoft.Storage/storageAccounts/write" ], - \"NotActions\": [], - \"AssignableScopes\": [\"/subscriptions/$SUBSCRIPTION_ID\"] - }" > dynamic-permissions.json + "NotActions": [], + "AssignableScopes": ["/subscriptions/$SUBSCRIPTION_ID"] + } + EOF + ``` @@ -321,128 +324,136 @@ Select the tab below to view the required permissions and steps for the static p statically in Palette. ```shell - echo "{ - \"Name\": \"Static Placement Palette Deployer\", - \"IsCustom\": true, - \"Description\": \"Can deploy Azure IaaS clusters using static placement with Palette.\", - \"Actions\": [ - \"Microsoft.Compute/disks/delete\", - \"Microsoft.Compute/disks/read\", - \"Microsoft.Compute/disks/write\", - \"Microsoft.Compute/galleries/images/versions/write\", - \"Microsoft.Compute/galleries/images/write\", - \"Microsoft.Compute/galleries/read\", - \"Microsoft.Compute/galleries/write\", - \"Microsoft.Compute/images/read\", - \"Microsoft.Compute/images/write\", - \"Microsoft.Compute/virtualMachines/delete\", - \"Microsoft.Compute/virtualMachines/extensions/delete\", - \"Microsoft.Compute/virtualMachines/extensions/read\", - \"Microsoft.Compute/virtualMachines/extensions/write\", - \"Microsoft.Compute/virtualMachines/read\", - \"Microsoft.Compute/virtualMachines/write\", - \"Microsoft.Network/loadBalancers/backendAddressPools/join/action\", - \"Microsoft.Network/loadBalancers/delete\", - \"Microsoft.Network/loadBalancers/inboundNatRules/delete\", - \"Microsoft.Network/loadBalancers/inboundNatRules/join/action\", - \"Microsoft.Network/loadBalancers/inboundNatRules/read\", - \"Microsoft.Network/loadBalancers/inboundNatRules/write\", - \"Microsoft.Network/loadBalancers/read\", - \"Microsoft.Network/loadBalancers/write\", - \"Microsoft.Network/networkInterfaces/delete\", - \"Microsoft.Network/networkInterfaces/join/action\", - \"Microsoft.Network/networkInterfaces/read\", - \"Microsoft.Network/networkInterfaces/write\", - \"Microsoft.Network/networkSecurityGroups/read\", - \"Microsoft.Network/networkSecurityGroups/securityRules/delete\", - \"Microsoft.Network/networkSecurityGroups/securityRules/read\", - \"Microsoft.Network/networkSecurityGroups/securityRules/write\", - \"Microsoft.Network/privateDnsZones/A/delete\", - \"Microsoft.Network/privateDnsZones/A/read\", - \"Microsoft.Network/privateDnsZones/A/write\", - \"Microsoft.Network/privateDnsZones/delete\", - \"Microsoft.Network/privateDnsZones/read\", - \"Microsoft.Network/privateDnsZones/virtualNetworkLinks/delete\", - \"Microsoft.Network/privateDnsZones/virtualNetworkLinks/read\", - \"Microsoft.Network/privateDnsZones/virtualNetworkLinks/write\", - \"Microsoft.Network/privateDnsZones/write\", - \"Microsoft.Network/publicIPAddresses/delete\", - \"Microsoft.Network/publicIPAddresses/join/action\", - \"Microsoft.Network/publicIPAddresses/read\", - \"Microsoft.Network/publicIPAddresses/write\", - \"Microsoft.Network/routeTables/delete\", - \"Microsoft.Network/routeTables/read\", - \"Microsoft.Network/routeTables/write\", - \"Microsoft.Network/virtualNetworks/delete\", - \"Microsoft.Network/virtualNetworks/join/action\", - \"Microsoft.Network/virtualNetworks/join/action\", - \"Microsoft.Network/virtualNetworks/joinLoadBalancer/action\", - \"Microsoft.Network/virtualNetworks/peer/action\", - \"Microsoft.Network/virtualNetworks/subnets/delete\", - \"Microsoft.Network/virtualNetworks/subnets/joinLoadBalancer/action\", - \"Microsoft.Network/virtualNetworks/subnets/virtualMachines/read\", - \"Microsoft.Network/virtualNetworks/subnets/write\", - \"Microsoft.Network/virtualNetworks/virtualMachines/read\", - \"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/delete\", - \"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read\", - \"Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write\", - \"Microsoft.Network/virtualNetworks/write\", - \"Microsoft.Resources/subscriptions/resourceGroups/read\", - \"Microsoft.Storage/storageAccounts/blobServices/containers/read\", - \"Microsoft.Storage/storageAccounts/blobServices/containers/write\", - \"Microsoft.Storage/storageAccounts/read\", - \"Microsoft.Storage/storageAccounts/write\" + cat << EOF > static-permissions.json + { + "Name": "Static Placement Palette Deployer", + "IsCustom": true, + "Description": "Can deploy Azure IaaS clusters using static placement with Palette.", + "Actions": [ + "Microsoft.Compute/disks/delete", + "Microsoft.Compute/disks/read", + "Microsoft.Compute/disks/write", + "Microsoft.Compute/galleries/images/versions/write", + "Microsoft.Compute/galleries/images/write", + "Microsoft.Compute/galleries/read", + "Microsoft.Compute/galleries/write", + "Microsoft.Compute/images/read", + "Microsoft.Compute/images/write", + "Microsoft.Compute/virtualMachines/delete", + "Microsoft.Compute/virtualMachines/extensions/delete", + "Microsoft.Compute/virtualMachines/extensions/read", + "Microsoft.Compute/virtualMachines/extensions/write", + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/virtualMachines/write", + "Microsoft.Network/loadBalancers/backendAddressPools/join/action", + "Microsoft.Network/loadBalancers/delete", + "Microsoft.Network/loadBalancers/inboundNatRules/delete", + "Microsoft.Network/loadBalancers/inboundNatRules/join/action", + "Microsoft.Network/loadBalancers/inboundNatRules/read", + "Microsoft.Network/loadBalancers/inboundNatRules/write", + "Microsoft.Network/loadBalancers/read", + "Microsoft.Network/loadBalancers/write", + "Microsoft.Network/networkInterfaces/delete", + "Microsoft.Network/networkInterfaces/join/action", + "Microsoft.Network/networkInterfaces/read", + "Microsoft.Network/networkInterfaces/write", + "Microsoft.Network/networkSecurityGroups/read", + "Microsoft.Network/networkSecurityGroups/securityRules/delete", + "Microsoft.Network/networkSecurityGroups/securityRules/read", + "Microsoft.Network/networkSecurityGroups/securityRules/write", + "Microsoft.Network/privateDnsZones/A/delete", + "Microsoft.Network/privateDnsZones/A/read", + "Microsoft.Network/privateDnsZones/A/write", + "Microsoft.Network/privateDnsZones/delete", + "Microsoft.Network/privateDnsZones/read", + "Microsoft.Network/privateDnsZones/virtualNetworkLinks/delete", + "Microsoft.Network/privateDnsZones/virtualNetworkLinks/read", + "Microsoft.Network/privateDnsZones/virtualNetworkLinks/write", + "Microsoft.Network/privateDnsZones/write", + "Microsoft.Network/publicIPAddresses/delete", + "Microsoft.Network/publicIPAddresses/join/action", + "Microsoft.Network/publicIPAddresses/read", + "Microsoft.Network/publicIPAddresses/write", + "Microsoft.Network/routeTables/delete", + "Microsoft.Network/routeTables/read", + "Microsoft.Network/routeTables/write", + "Microsoft.Network/virtualNetworks/delete", + "Microsoft.Network/virtualNetworks/join/action", + "Microsoft.Network/virtualNetworks/join/action", + "Microsoft.Network/virtualNetworks/joinLoadBalancer/action", + "Microsoft.Network/virtualNetworks/peer/action", + "Microsoft.Network/virtualNetworks/subnets/delete", + "Microsoft.Network/virtualNetworks/subnets/joinLoadBalancer/action", + "Microsoft.Network/virtualNetworks/subnets/virtualMachines/read", + "Microsoft.Network/virtualNetworks/subnets/write", + "Microsoft.Network/virtualNetworks/virtualMachines/read", + "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/delete", + "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read", + "Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write", + "Microsoft.Network/virtualNetworks/write", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Storage/storageAccounts/blobServices/containers/read", + "Microsoft.Storage/storageAccounts/blobServices/containers/write", + "Microsoft.Storage/storageAccounts/read", + "Microsoft.Storage/storageAccounts/write" ], - \"NotActions\": [], - \"AssignableScopes\": [\"/subscriptions/$SUBSCRIPTION_ID\"] - }" > static-permissions.json + "NotActions": [], + "AssignableScopes": ["/subscriptions/$SUBSCRIPTION_ID"] + } + EOF ``` 3. Next, create a JSON file for the compute gallery scope permissions. Issue the following command to create the JSON file. ```shell - echo "{ - \"Name\": \"Static Placement Palette Deployer - Compute Gallery Scope\", - \"IsCustom\": true, - \"Description\": \"Can deploy the compute gallery level components of Azure IaaS clusters using static placement with Palette.\", - \"Actions\": [ - \"Microsoft.Compute/galleries/images/read\", - \"Microsoft.Compute/galleries/images/versions/read\" - ], - \"NotActions\": [], - \"AssignableScopes\": [\"/subscriptions/$SUBSCRIPTION_ID\"] - }" > static-gallery-scope-permissions.json + cat << EOF > static-gallery-scope-permissions.json + { + "Name": "Static Placement Palette Deployer - Compute Gallery Scope", + "IsCustom": true, + "Description": "Can deploy the compute gallery level components of Azure IaaS clusters using static placement with Palette.", + "Actions": [ + "Microsoft.Compute/galleries/images/read", + "Microsoft.Compute/galleries/images/versions/read" + ], + "NotActions": [], + "AssignableScopes": ["/subscriptions/$SUBSCRIPTION_ID"] + } + EOF ``` 4. Create a JSON file for the subnet scope permissions. ```shell - echo "{ - \"Name\": \"Static Placement Palette Deployer - Subnet Scope\", - \"IsCustom\": true, - \"Description\": \"Can deploy the subnet level components of Azure IaaS clusters using static placement with Palette.\", - \"Actions\": [ - \"Microsoft.Network/virtualNetworks/subnets/join/action\", - \"Microsoft.Network/virtualNetworks/subnets/read\" + cat << EOF > static-subnet-scope-permissions.json + { + "Name": "Static Placement Palette Deployer - Subnet Scope", + "IsCustom": true, + "Description": "Can deploy the subnet level components of Azure IaaS clusters using static placement with Palette.", + "Actions": [ + "Microsoft.Network/virtualNetworks/subnets/join/action", + "Microsoft.Network/virtualNetworks/subnets/read" ], - \"NotActions\": [], - \"AssignableScopes\": [\"/subscriptions/$SUBSCRIPTION_ID\"] - }" > static-subnet-scope-permissions.json + "NotActions": [], + "AssignableScopes": ["/subscriptions/$SUBSCRIPTION_ID"] + } + EOF ``` 5. The last JSON file is for the virtual network scope permissions. Issue the following command to create the JSON file. ```shell - echo "{ - \"Name\": \"Static Placement Palette Deployer - Virtual Network Scope\", - \"IsCustom\": true, - \"Description\": \"Can deploy the virtual network level components of Azure IaaS clusters using static placement with Palette.\", - \"Actions\": [\"Microsoft.Network/virtualNetworks/read\"], - \"NotActions\": [], - \"AssignableScopes\": [\"/subscriptions/$SUBSCRIPTION_ID\"] - }" > static-virtual-network-scope-permissions.json + cat << EOF > static-virtual-network-scope-permissions.json + { + "Name": "Static Placement Palette Deployer - Virtual Network Scope", + "IsCustom": true, + "Description": "Can deploy the virtual network level components of Azure IaaS clusters using static placement with Palette.", + "Actions": ["Microsoft.Network/virtualNetworks/read"], + "NotActions": [], + "AssignableScopes": ["/subscriptions/$SUBSCRIPTION_ID"] + } + EOF ``` @@ -633,62 +644,64 @@ Select the tab below to view the required permissions and steps for the static p statically in Palette. ```shell - echo "{ - \"Name\": \"Static Placement Palette Deployer\", - \"IsCustom\": true, - \"Description\": \"Can deploy Azure IaaS clusters using static placement with Palette.\", - \"Actions\": [ - \"Microsoft.Compute/disks/delete\", - \"Microsoft.Compute/disks/read\", - \"Microsoft.Compute/disks/write\", - \"Microsoft.Compute/virtualMachines/delete\", - \"Microsoft.Compute/virtualMachines/extensions/delete\", - \"Microsoft.Compute/virtualMachines/extensions/read\", - \"Microsoft.Compute/virtualMachines/extensions/write\", - \"Microsoft.Compute/virtualMachines/read\", - \"Microsoft.Compute/virtualMachines/write\", - \"Microsoft.Network/loadBalancers/backendAddressPools/join/action\", - \"Microsoft.Network/loadBalancers/delete\", - \"Microsoft.Network/loadBalancers/inboundNatRules/delete\", - \"Microsoft.Network/loadBalancers/inboundNatRules/join/action\", - \"Microsoft.Network/loadBalancers/inboundNatRules/read\", - \"Microsoft.Network/loadBalancers/inboundNatRules/write\", - \"Microsoft.Network/loadBalancers/read\", - \"Microsoft.Network/loadBalancers/write\", - \"Microsoft.Network/networkInterfaces/delete\", - \"Microsoft.Network/networkInterfaces/join/action\", - \"Microsoft.Network/networkInterfaces/read\", - \"Microsoft.Network/networkInterfaces/write\", - \"Microsoft.Network/networkSecurityGroups/read\", - \"Microsoft.Network/networkSecurityGroups/securityRules/delete\", - \"Microsoft.Network/networkSecurityGroups/securityRules/read\", - \"Microsoft.Network/networkSecurityGroups/securityRules/write\", - \"Microsoft.Network/privateDnsZones/A/delete\", - \"Microsoft.Network/privateDnsZones/A/read\", - \"Microsoft.Network/privateDnsZones/A/write\", - \"Microsoft.Network/privateDnsZones/delete\", - \"Microsoft.Network/privateDnsZones/read\", - \"Microsoft.Network/privateDnsZones/virtualNetworkLinks/delete\", - \"Microsoft.Network/privateDnsZones/virtualNetworkLinks/read\", - \"Microsoft.Network/privateDnsZones/virtualNetworkLinks/write\", - \"Microsoft.Network/privateDnsZones/write\", - \"Microsoft.Network/publicIPAddresses/delete\", - \"Microsoft.Network/publicIPAddresses/join/action\", - \"Microsoft.Network/publicIPAddresses/read\", - \"Microsoft.Network/publicIPAddresses/write\", - \"Microsoft.Network/routeTables/delete\", - \"Microsoft.Network/routeTables/read\", - \"Microsoft.Network/routeTables/write\", - \"Microsoft.Network/virtualNetworks/join/action\", - \"Microsoft.Resources/subscriptions/resourceGroups/read\", - \"Microsoft.Network/virtualNetworks/read\", - \"Microsoft.Network/virtualNetworks/subnets/join/action\", - \"Microsoft.Network/virtualNetworks/subnets/read\", - \"Microsoft.Compute/galleries/images/read\", - \"Microsoft.Compute/galleries/images/versions/read\" + cat << EOF > static-placement-permissions.json + { + "Name": "Static Placement Palette Deployer", + "IsCustom": true, + "Description": "Can deploy Azure IaaS clusters using static placement with Palette.", + "Actions": [ + "Microsoft.Compute/disks/delete", + "Microsoft.Compute/disks/read", + "Microsoft.Compute/disks/write", + "Microsoft.Compute/virtualMachines/delete", + "Microsoft.Compute/virtualMachines/extensions/delete", + "Microsoft.Compute/virtualMachines/extensions/read", + "Microsoft.Compute/virtualMachines/extensions/write", + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/virtualMachines/write", + "Microsoft.Network/loadBalancers/backendAddressPools/join/action", + "Microsoft.Network/loadBalancers/delete", + "Microsoft.Network/loadBalancers/inboundNatRules/delete", + "Microsoft.Network/loadBalancers/inboundNatRules/join/action", + "Microsoft.Network/loadBalancers/inboundNatRules/read", + "Microsoft.Network/loadBalancers/inboundNatRules/write", + "Microsoft.Network/loadBalancers/read", + "Microsoft.Network/loadBalancers/write", + "Microsoft.Network/networkInterfaces/delete", + "Microsoft.Network/networkInterfaces/join/action", + "Microsoft.Network/networkInterfaces/read", + "Microsoft.Network/networkInterfaces/write", + "Microsoft.Network/networkSecurityGroups/read", + "Microsoft.Network/networkSecurityGroups/securityRules/delete", + "Microsoft.Network/networkSecurityGroups/securityRules/read", + "Microsoft.Network/networkSecurityGroups/securityRules/write", + "Microsoft.Network/privateDnsZones/A/delete", + "Microsoft.Network/privateDnsZones/A/read", + "Microsoft.Network/privateDnsZones/A/write", + "Microsoft.Network/privateDnsZones/delete", + "Microsoft.Network/privateDnsZones/read", + "Microsoft.Network/privateDnsZones/virtualNetworkLinks/delete", + "Microsoft.Network/privateDnsZones/virtualNetworkLinks/read", + "Microsoft.Network/privateDnsZones/virtualNetworkLinks/write", + "Microsoft.Network/privateDnsZones/write", + "Microsoft.Network/publicIPAddresses/delete", + "Microsoft.Network/publicIPAddresses/join/action", + "Microsoft.Network/publicIPAddresses/read", + "Microsoft.Network/publicIPAddresses/write", + "Microsoft.Network/routeTables/delete", + "Microsoft.Network/routeTables/read", + "Microsoft.Network/routeTables/write", + "Microsoft.Network/virtualNetworks/join/action", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Network/virtualNetworks/read", + "Microsoft.Network/virtualNetworks/subnets/join/action", + "Microsoft.Network/virtualNetworks/subnets/read", + "Microsoft.Compute/galleries/images/read", + "Microsoft.Compute/galleries/images/versions/read" ], - \"AssignableScopes\": [\"/subscriptions/$SUBSCRIPTION_ID\"] - }" > static-placement-permissions.json + "AssignableScopes": ["/subscriptions/$SUBSCRIPTION_ID"] + } + EOF ``` @@ -791,62 +804,64 @@ Select the tab below to view the required permissions and steps for the static p statically in Palette. ```shell - echo "{ - \"Name\": \"Static Placement Palette Deployer\", - \"IsCustom\": true, - \"Description\": \"Can deploy Azure IaaS clusters using static placement with Palette.\", - \"Actions\": [ - \"Microsoft.Compute/disks/delete\", - \"Microsoft.Compute/disks/read\", - \"Microsoft.Compute/disks/write\", - \"Microsoft.Compute/virtualMachines/delete\", - \"Microsoft.Compute/virtualMachines/extensions/delete\", - \"Microsoft.Compute/virtualMachines/extensions/read\", - \"Microsoft.Compute/virtualMachines/extensions/write\", - \"Microsoft.Compute/virtualMachines/read\", - \"Microsoft.Compute/virtualMachines/write\", - \"Microsoft.Network/loadBalancers/backendAddressPools/join/action\", - \"Microsoft.Network/loadBalancers/delete\", - \"Microsoft.Network/loadBalancers/inboundNatRules/delete\", - \"Microsoft.Network/loadBalancers/inboundNatRules/join/action\", - \"Microsoft.Network/loadBalancers/inboundNatRules/read\", - \"Microsoft.Network/loadBalancers/inboundNatRules/write\", - \"Microsoft.Network/loadBalancers/read\", - \"Microsoft.Network/loadBalancers/write\", - \"Microsoft.Network/networkInterfaces/delete\", - \"Microsoft.Network/networkInterfaces/join/action\", - \"Microsoft.Network/networkInterfaces/read\", - \"Microsoft.Network/networkInterfaces/write\", - \"Microsoft.Network/networkSecurityGroups/read\", - \"Microsoft.Network/networkSecurityGroups/securityRules/delete\", - \"Microsoft.Network/networkSecurityGroups/securityRules/read\", - \"Microsoft.Network/networkSecurityGroups/securityRules/write\", - \"Microsoft.Network/privateDnsZones/A/delete\", - \"Microsoft.Network/privateDnsZones/A/read\", - \"Microsoft.Network/privateDnsZones/A/write\", - \"Microsoft.Network/privateDnsZones/delete\", - \"Microsoft.Network/privateDnsZones/read\", - \"Microsoft.Network/privateDnsZones/virtualNetworkLinks/delete\", - \"Microsoft.Network/privateDnsZones/virtualNetworkLinks/read\", - \"Microsoft.Network/privateDnsZones/virtualNetworkLinks/write\", - \"Microsoft.Network/privateDnsZones/write\", - \"Microsoft.Network/publicIPAddresses/delete\", - \"Microsoft.Network/publicIPAddresses/join/action\", - \"Microsoft.Network/publicIPAddresses/read\", - \"Microsoft.Network/publicIPAddresses/write\", - \"Microsoft.Network/routeTables/delete\", - \"Microsoft.Network/routeTables/read\", - \"Microsoft.Network/routeTables/write\", - \"Microsoft.Network/virtualNetworks/join/action\", - \"Microsoft.Resources/subscriptions/resourceGroups/read\", - \"Microsoft.Network/virtualNetworks/read\", - \"Microsoft.Network/virtualNetworks/subnets/join/action\", - \"Microsoft.Network/virtualNetworks/subnets/read\", - \"Microsoft.Compute/galleries/images/read\", - \"Microsoft.Compute/galleries/images/versions/read\" + cat << EOF > static-placement-permissions.json + { + "Name": "Static Placement Palette Deployer", + "IsCustom": true, + "Description": "Can deploy Azure IaaS clusters using static placement with Palette.", + "Actions": [ + "Microsoft.Compute/disks/delete", + "Microsoft.Compute/disks/read", + "Microsoft.Compute/disks/write", + "Microsoft.Compute/virtualMachines/delete", + "Microsoft.Compute/virtualMachines/extensions/delete", + "Microsoft.Compute/virtualMachines/extensions/read", + "Microsoft.Compute/virtualMachines/extensions/write", + "Microsoft.Compute/virtualMachines/read", + "Microsoft.Compute/virtualMachines/write", + "Microsoft.Network/loadBalancers/backendAddressPools/join/action", + "Microsoft.Network/loadBalancers/delete", + "Microsoft.Network/loadBalancers/inboundNatRules/delete", + "Microsoft.Network/loadBalancers/inboundNatRules/join/action", + "Microsoft.Network/loadBalancers/inboundNatRules/read", + "Microsoft.Network/loadBalancers/inboundNatRules/write", + "Microsoft.Network/loadBalancers/read", + "Microsoft.Network/loadBalancers/write", + "Microsoft.Network/networkInterfaces/delete", + "Microsoft.Network/networkInterfaces/join/action", + "Microsoft.Network/networkInterfaces/read", + "Microsoft.Network/networkInterfaces/write", + "Microsoft.Network/networkSecurityGroups/read", + "Microsoft.Network/networkSecurityGroups/securityRules/delete", + "Microsoft.Network/networkSecurityGroups/securityRules/read", + "Microsoft.Network/networkSecurityGroups/securityRules/write", + "Microsoft.Network/privateDnsZones/A/delete", + "Microsoft.Network/privateDnsZones/A/read", + "Microsoft.Network/privateDnsZones/A/write", + "Microsoft.Network/privateDnsZones/delete", + "Microsoft.Network/privateDnsZones/read", + "Microsoft.Network/privateDnsZones/virtualNetworkLinks/delete", + "Microsoft.Network/privateDnsZones/virtualNetworkLinks/read", + "Microsoft.Network/privateDnsZones/virtualNetworkLinks/write", + "Microsoft.Network/privateDnsZones/write", + "Microsoft.Network/publicIPAddresses/delete", + "Microsoft.Network/publicIPAddresses/join/action", + "Microsoft.Network/publicIPAddresses/read", + "Microsoft.Network/publicIPAddresses/write", + "Microsoft.Network/routeTables/delete", + "Microsoft.Network/routeTables/read", + "Microsoft.Network/routeTables/write", + "Microsoft.Network/virtualNetworks/join/action", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Network/virtualNetworks/read", + "Microsoft.Network/virtualNetworks/subnets/join/action", + "Microsoft.Network/virtualNetworks/subnets/read", + "Microsoft.Compute/galleries/images/read", + "Microsoft.Compute/galleries/images/versions/read" ], - \"AssignableScopes\": [\"/subscriptions/$SUBSCRIPTION_ID\"] - }" > static-placement-permissions.json + "AssignableScopes": ["/subscriptions/$SUBSCRIPTION_ID"] + } + EOF ```