Translated ['.github/pull_request_template.md', 'src/pentesting-cloud/az

2026-02-05 19:32:24 -08:00 · 2024-12-31 18:53:55 +00:00
parent 7770a50092
commit 94f24df656
244 changed files with 8753 additions and 11589 deletions
--- a/src/pentesting-cloud/ibm-cloud-pentesting/ibm-basic-information.md
+++ b/src/pentesting-cloud/ibm-cloud-pentesting/ibm-basic-information.md
@@ -1,14 +1,14 @@
-# IBM - Basic Information
+# IBM - 基本信息

 {{#include ../../banners/hacktricks-training.md}}

-## Hierarchy
+## 层级结构

-IBM Cloud resource model ([from the docs](https://www.ibm.com/blog/announcement/introducing-ibm-cloud-enterprises/)):
+IBM Cloud 资源模型 ([来自文档](https://www.ibm.com/blog/announcement/introducing-ibm-cloud-enterprises/))：

 <figure><img src="../../images/image (225).png" alt=""><figcaption></figcaption></figure>

-Recommended way to divide projects:
+推荐的项目划分方式：

 <figure><img src="../../images/image (239).png" alt=""><figcaption></figcaption></figure>

@@ -16,61 +16,57 @@ Recommended way to divide projects:

 <figure><img src="../../images/image (266).png" alt=""><figcaption></figcaption></figure>

-### Users
+### 用户

-Users have an **email** assigned to them. They can access the **IBM console** and also **generate API keys** to use their permissions programatically.\
-**Permissions** can be granted **directly** to the user with an access policy or via an **access group**.
+用户有一个 **电子邮件** 分配给他们。他们可以访问 **IBM 控制台**，并且可以 **生成 API 密钥** 以编程方式使用他们的权限。\
+**权限** 可以通过访问策略 **直接** 授予用户或通过 **访问组**。

-### Trusted Profiles
+### 受信任的配置文件

-These are **like the Roles of AWS** or service accounts from GCP. It's possible to **assign them to VM** instances and access their **credentials via metadata**, or even **allow Identity Providers** to use them in order to authenticate users from external platforms.\
-**Permissions** can be granted **directly** to the trusted profile with an access policy or via an **access group**.
+这些 **类似于 AWS 的角色** 或 GCP 的服务账户。可以 **将它们分配给 VM** 实例，并通过元数据访问其 **凭据**，甚至可以 **允许身份提供者** 使用它们来验证来自外部平台的用户。\
+**权限** 可以通过访问策略 **直接** 授予受信任的配置文件或通过 **访问组**。

-### Service IDs
+### 服务 ID

-This is another option to allow applications to **interact with IBM cloud** and perform actions. In this case, instead of assign it to a VM or Identity Provider an **API Key can be used** to interact with IBM in a **programatic** way.\
-**Permissions** can be granted **directly** to the service id with an access policy or via an **access group**.
+这是另一个选项，允许应用程序 **与 IBM cloud 交互** 并执行操作。在这种情况下，除了将其分配给 VM 或身份提供者外，可以使用 **API 密钥** 以 **编程** 方式与 IBM 交互。\
+**权限** 可以通过访问策略 **直接** 授予服务 ID 或通过 **访问组**。

-### Identity Providers
+### 身份提供者

-External **Identity Providers** can be configured to **access IBM cloud** resources from external platforms by accessing **trusting Trusted Profiles**.
+可以配置外部 **身份提供者** 以 **访问 IBM cloud** 资源，通过访问 **信任的受信任配置文件**。

-### Access Groups
+### 访问组

-In the same access group **several users, trusted profiles & service ids** can be present. Each principal in the access group will **inherit the access group permissions**.\
-**Permissions** can be granted **directly** to the trusted profile with an access policy.\
-An **access group cannot be a member** of another access group.
+在同一个访问组中可以存在 **多个用户、受信任的配置文件和服务 ID**。访问组中的每个主体将 **继承访问组权限**。\
+**权限** 可以通过访问策略 **直接** 授予受信任的配置文件。\
+一个 **访问组不能是另一个访问组的成员**。

-### Roles
+### 角色

-A role is a **set of granular permissions**. **A role** is dedicated to **a service**, meaning that it will only contain permissions of that service.\
-**Each service** of IAM will already have some **possible roles** to choose from to **grant a principal access to that service**: **Viewer, Operator, Editor, Administrator** (although there could be more).
+角色是一组 **细粒度权限**。**一个角色** 专用于 **一个服务**，这意味着它只会包含该服务的权限。\
+**每个服务** 的 IAM 将已经有一些 **可选角色** 可供选择，以 **授予主体对该服务的访问**：**查看者、操作员、编辑者、管理员**（尽管可能还有更多）。

-Role permissions are given via access policies to principals, so if you need to give for example a **combination of permissions** of a service of **Viewer** and **Administrator**, instead of giving those 2 (and overprivilege a principal), you can **create a new role** for the service and give that new role the **granular permissions you need**.
+角色权限通过访问策略授予主体，因此如果您需要例如授予 **查看者** 和 **管理员** 的服务权限组合，而不是授予这两个（并过度授权一个主体），您可以 **为该服务创建一个新角色** 并授予该新角色所需的 **细粒度权限**。

-### Access Policies
+### 访问策略

-Access policies allows to **attach 1 or more roles of 1 service to 1 principal**.\
-When creating the policy you need to choose:
+访问策略允许 **将 1 个或多个角色的 1 个服务附加到 1 个主体**。\
+创建策略时，您需要选择：

- The **service** where permissions will be granted
- **Affected resources**
- Service & Platform **access** that will be granted
-  - These indicate the **permissions** that will be given to the principal to perform actions. If any **custom role** is created in the service you will also be able to choose it here.
- **Conditions** (if any) to grant the permissions
+- **服务**，将在其上授予权限
+- **受影响的资源**
+- 将授予的服务和平台 **访问**
+- 这些指示将授予主体执行操作的 **权限**。如果在服务中创建了任何 **自定义角色**，您也可以在此处选择它。
+- 授予权限的 **条件**（如果有）

 > [!NOTE]
-> To grant access to several services to a user, you can generate several access policies
+> 要授予用户对多个服务的访问，您可以生成多个访问策略

 <figure><img src="../../images/image (248).png" alt=""><figcaption></figcaption></figure>

-## References
+## 参考

 - [https://www.ibm.com/cloud/blog/announcements/introducing-ibm-cloud-enterprises](https://www.ibm.com/cloud/blog/announcements/introducing-ibm-cloud-enterprises)
 - [https://cloud.ibm.com/docs/account?topic=account-iamoverview](https://cloud.ibm.com/docs/account?topic=account-iamoverview)

 {{#include ../../banners/hacktricks-training.md}}
-
-
-
-