TABLE OF CONTENTS


Introduction 

In the context of RBAC, resources are grouped into categories: Artifacts (of applications), Workloads (containers), and Infrastructure (elements). Each category is subdivided into specific types of resources. Each resource type can be specified by the use of attributes.


Aqua Enterprise defines these resources, grouped by category.


The brand name VMware Tanzu has replaced Pivotal. The latter term may still be used in application scope definitions, e.g., PAS (Pivotal Application Service) instead of TAS (Tanzu Application Service).



Artifacts

An artifact is an application. It can be an image (for a container, not a CF application); a serverless function; or a Tanzu Application Service (TAS) droplet.


Resource typeAttributeUsage
ImageRegistryName of a registry as defined in Aqua
Repository

Image repository name


Example: 

In registry.aquasec.com/server:6.2, the repository name is server.

FunctionName
Function name
Serverless AppName of a serverless application defined in Aqua
Tag

Serverless function tag


Note: 

A tag name and value must be specified.

TAS (PAS) droplet
Blobstore
Name of the Cloud Controller blobstore in which the TAS droplet resides

Workloads

A workload is a running container. It can run in a Kubernetes cluster, on a VM (no orchestrator), or under Tanzu Application Service (TAS).


Resource type
Attribute
Usage
KubernetesCluster NameName of a Kubernetes cluster on which a container is running
Namespace

Kubernetes namespace in which a container is running


No Orchestrator
Container Name
Name of a container running on a VM
Enforcer Group
Name of an Aqua Enforcer group associated with the VM on which the container is running
Host Name
Host name of the VM on which the container is running
TAS (PAS)Organization
Name of a Tanzu organization (org) associated with the container
Space
Name of a Cloud Foundry space associated with the container



Infrastructure

An infrastructure resource is an element of a computing environment on which a workload is orchestrated and run. It can be a host (VM) or a Kubernetes cluster.


Resource type
Attribute
Usage
Host
Enforcer Group
Name of an Aqua Enforcer group associated with the host (VM)
Kubernetes
Cluster Name
Name of a Kubernetes cluster in which the host (VM) is running