Skip to content

Add support for Azure Redis Cache AccessPolicy and AccessPolicyAssignment resources #4875

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

Add support for Azure Redis Cache AccessPolicy and AccessPolicyAssignment resources #4875

wants to merge 3 commits into from

Conversation

Copilot
Copy link
Contributor

@Copilot Copilot AI commented Aug 12, 2025
edited
Loading

This PR adds support for Azure Redis Cache AccessPolicy and AccessPolicyAssignment resources, enabling users to manage fine-grained access control for Redis instances through Azure Service Operator.

Changes Made

New Resources Added:

  • RedisAccessPolicy - Defines custom access policies with specific Redis command permissions
  • RedisAccessPolicyAssignment - Assigns access policies to users or service principals via Azure AD object IDs

Implementation Details:

  • Added Microsoft.Cache API version 2024-11-01 (stable) to azure-arm.yaml
  • Generated complete Kubernetes CRDs and Go type definitions for both resources
  • Updated Redis extension to use the new v1api20241101 hub version
  • Fixed kustomize compatibility issues for proper CRD generation

Testing & Samples:

  • Created comprehensive integration tests following existing Redis test patterns
  • Added sample YAML files demonstrating usage of both new resources
  • Included complete sample set for v1api20241101 Redis resources

Usage Example

# Create a custom access policy
apiVersion: cache.azure.com/v1api20241101
kind: RedisAccessPolicy
metadata:
  name: custom-policy
spec:
  owner:
    name: my-redis-cache
  type: custom
  permissions: "+get +set +del"

---
# Assign the policy to a user
apiVersion: cache.azure.com/v1api20241101
kind: RedisAccessPolicyAssignment
metadata:
  name: user-assignment
spec:
  owner:
    name: my-redis-cache
  accessPolicyName: custom-policy
  objectId: "12345678-1234-1234-1234-123456789012"
  objectIdAlias: "developer-user"

This enables users to implement Redis RBAC (Role-Based Access Control) patterns by creating policies with specific command permissions and assigning them to different users or applications based on their access requirements.

Fixes #4829.

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

Copilot AI and others added 2 commits August 12, 2025 23:58
@Copilot @matthchr
Add AccessPolicy and AccessPolicyAssignment support for Redis Cache
161aaeb 
Co-authored-by: matthchr <8798850+matthchr@users.noreply.github.com>
@Copilot @matthchr
Complete AccessPolicy and AccessPolicyAssignment implementation with …
6775622 
…tests and samples

Co-authored-by: matthchr <8798850+matthchr@users.noreply.github.com>
@Copilot Copilot AI changed the title [WIP] Feature: Support for AccessPolicyAssignment for Redis Cache Add support for Azure Redis Cache AccessPolicy and AccessPolicyAssignment resources Aug 13, 2025
@Copilot Copilot AI requested a review from matthchr August 13, 2025 00:21
Copilot finished work on behalf of matthchr August 13, 2025 00:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matthchr matthchr Awaiting requested review from matthchr matthchr is a code owner

@davefellows davefellows Awaiting requested review from davefellows davefellows will be requested when the pull request is marked ready for review davefellows is a code owner

@theunrepentantgeek theunrepentantgeek Awaiting requested review from theunrepentantgeek theunrepentantgeek will be requested when the pull request is marked ready for review theunrepentantgeek is a code owner

@jakjang jakjang Awaiting requested review from jakjang jakjang will be requested when the pull request is marked ready for review jakjang is a code owner

@juan-lee juan-lee Awaiting requested review from juan-lee juan-lee will be requested when the pull request is marked ready for review juan-lee is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@matthchr matthchr

Copilot code review Copilot

Labels
None yet
Projects
Azure Service Operator Roadmap
Status: In Progress
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Feature: Support for AccessPolicyAssignment for Redis Cache
2 participants
@Copilot @matthchr