Overview
The Osservante RBAC Extension enables configuration of access to Azure resources in code.
It is available in the Visual Studio Marketplace
Manage resource groups, tags, and RBAC
It enables centralised management of Azure resource groups and role based access assignments (RBAC) in code.
- Create resource groups
- Set tags on resource groups
- Set RBAC on resource groups
- Set RBAC on resources
- Set RBAC on subscriptions, management groups and tenants
Modes
The extension compares existing configuration in the Azure tenant with the configuration in the code. This enables the following modes:
Mode | Description |
---|---|
Export | Capture all existing resource groups and RBAC assignments for your entire Azure tenant (or tenants) to code. |
Plan | Compare the code with the current state of Azure and show a summary of what actions are required. |
Apply | Apply the changes that were detected during the plan stage. |
The Export mode can be used both for the initial export and on-going to capture and changes made in the portal.
Approvals
Approvals can be configured between the plan and apply modes using the built in capabilities of Azure DevOps.
Example code
Example definition of a resource group in code
- YAML
- JSON
---
resourceGroupName: OSX-ARG-KEYVAULT-DEV
location: eastus
assignments:
- role: Contributor
objectName: Jennifer.Davies@osservantex.onmicrosoft.com
objectType: User
- role: Owner
objectName: Information Technology
objectType: Group
- role: Reader
objectName: Oliver.Walker@osservantex.onmicrosoft.com
objectType: User
- role: Key Vault Reader
objectName: Susan.Fisher@osservantex.onmicrosoft.com
objectType: User
scope: "/providers/Microsoft.KeyVault/vaults/osxkvappx"
tags:
Created: '2022-02-04'
Description: Dev keyvault resource group
Environment: Development
{
"resourceGroupName": "OSX-ARG-KEYVAULT-DEV",
"location": "eastus",
"assignments": [
{
"role": "Contributor",
"objectName": "Jennifer.Davies@osservantex.onmicrosoft.com",
"objectType": "User"
},
{
"role": "Owner",
"objectName": "Information Technology",
"objectType": "Group"
},
{
"role": "Reader",
"objectName": "Oliver.Walker@osservantex.onmicrosoft.com",
"objectType": "User"
},
{
"role": "Key Vault Reader",
"objectName": "Susan.Fisher@osservantex.onmicrosoft.com",
"objectType": "User",
"scope": "/providers/Microsoft.KeyVault/vaults/osxkvappx"
}
],
"tags": {
"Created": "2022-02-04",
"Description": "Dev keyvault resource group",
"Environment": "Development"
}
}