diff --git a/specification/msi/resource-manager/Microsoft.ManagedIdentity/preview/2015-08-31-preview/ManagedIdentity.json b/specification/msi/resource-manager/Microsoft.ManagedIdentity/preview/2015-08-31-preview/ManagedIdentity.json index 5e77b6691d3d..722c03ad7349 100644 --- a/specification/msi/resource-manager/Microsoft.ManagedIdentity/preview/2015-08-31-preview/ManagedIdentity.json +++ b/specification/msi/resource-manager/Microsoft.ManagedIdentity/preview/2015-08-31-preview/ManagedIdentity.json @@ -34,6 +34,39 @@ } }, "paths": { + "/{scope}/providers/Microsoft.ManagedIdentity/identities/default": { + "get": { + "operationId": "SystemAssignedIdentities_GetByScope", + "description": "Gets the systemAssignedIdentity available under the specified RP scope.", + "x-ms-examples": { + "MsiOperationsList": { + "$ref": "./examples/SystemAssignedIdentityGet.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/ScopeParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK. The systemAssignedIdentity was retrieved and returned successfully.", + "schema": { + "$ref": "#/definitions/SystemAssignedIdentity" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, "/providers/Microsoft.ManagedIdentity/operations": { "get": { "operationId": "Operations_List", @@ -318,22 +351,28 @@ } }, "definitions": { - "Identity": { + "Resource": { "properties": { "id": { "type": "string", "readOnly": true, - "description": "The id of the created identity." + "description": "The id of the resource." }, "name": { "type": "string", "readOnly": true, - "description": "The name of the created identity." + "description": "The name of the resource." }, "location": { "type": "string", - "description": "The Azure region where the identity lives." - }, + "description": "The Azure region where the resource lives." + } + }, + "x-ms-azure-resource": true, + "description": "Describes common properties of a resource." + }, + "Identity": { + "properties": { "tags": { "type": "object", "additionalProperties": { @@ -343,6 +382,7 @@ }, "properties": { "x-ms-client-flatten": true, + "readOnly": true, "description": "The properties associated with the identity.", "$ref": "#/definitions/IdentityProperties" }, @@ -359,9 +399,42 @@ "description": "The type of resource i.e. Microsoft.ManagedIdentity/userAssignedIdentities" } }, + "required": [ + "location" + ], + "allOf": [ + { + "$ref": "#/definitions/Resource" + } + ], "x-ms-azure-resource": true, "description": "Describes an identity resource." }, + "SystemAssignedIdentity": { + "properties": { + "properties": { + "x-ms-client-flatten": true, + "readOnly": true, + "description": "The properties associated with the identity.", + "$ref": "#/definitions/IdentityProperties" + }, + "type": { + "type": "string", + "readOnly": true, + "description": "The type of resource i.e. Microsoft.Compute/virtualMachineScaleSets" + } + }, + "required": [ + "location" + ], + "allOf": [ + { + "$ref": "#/definitions/Resource" + } + ], + "x-ms-azure-resource": true, + "description": "Describes a system assigned identity resource." + }, "IdentityProperties": { "description": "The properties associated with the identity.", "type": "object", @@ -507,6 +580,15 @@ } }, "parameters": { + "ScopeParameter": { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The resource provider scope of the resource. Parent resource being extended by Managed Identities.", + "x-ms-parameter-location": "method", + "x-ms-skip-url-encoding": true + }, "SubscriptionIdParameter": { "name": "subscriptionId", "in": "path", diff --git a/specification/msi/resource-manager/Microsoft.ManagedIdentity/preview/2015-08-31-preview/examples/SystemAssignedIdentityGet.json b/specification/msi/resource-manager/Microsoft.ManagedIdentity/preview/2015-08-31-preview/examples/SystemAssignedIdentityGet.json new file mode 100644 index 000000000000..839c51dba494 --- /dev/null +++ b/specification/msi/resource-manager/Microsoft.ManagedIdentity/preview/2015-08-31-preview/examples/SystemAssignedIdentityGet.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2015-08-31-preview", + "scope": "scope" + }, + "responses": { + "200": { + "body": { + "id": "/scope", + "location": "cus", + "name": "resourceName", + "properties": { + "clientId": "clientGUID", + "clientSecretUrl": "https://serviceRoot/scope/credentials?tid=tenantId&oid=principalId&aid=clientId", + "principalId": "identityObjectID", + "tenantId": "tenantGUID" + }, + "type": "ResourceProvider" + } + } + } +} diff --git a/specification/msi/resource-manager/Microsoft.ManagedIdentity/stable/2018-11-30/ManagedIdentity.json b/specification/msi/resource-manager/Microsoft.ManagedIdentity/stable/2018-11-30/ManagedIdentity.json index ac6419aeafd6..1b7501907af1 100644 --- a/specification/msi/resource-manager/Microsoft.ManagedIdentity/stable/2018-11-30/ManagedIdentity.json +++ b/specification/msi/resource-manager/Microsoft.ManagedIdentity/stable/2018-11-30/ManagedIdentity.json @@ -34,6 +34,39 @@ } }, "paths": { + "/{scope}/providers/Microsoft.ManagedIdentity/identities/default": { + "get": { + "operationId": "SystemAssignedIdentities_GetByScope", + "description": "Gets the systemAssignedIdentity available under the specified RP scope.", + "x-ms-examples": { + "MsiOperationsList": { + "$ref": "./examples/SystemAssignedIdentityGet.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/ScopeParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK. The systemAssignedIdentity was retrieved and returned successfully.", + "schema": { + "$ref": "#/definitions/SystemAssignedIdentity" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, "/providers/Microsoft.ManagedIdentity/operations": { "get": { "operationId": "Operations_List", @@ -221,7 +254,7 @@ "in": "body", "required": true, "schema": { - "$ref": "#/definitions/Identity" + "$ref": "#/definitions/IdentityPatch" }, "description": "Parameters to update the identity" } @@ -318,22 +351,67 @@ } }, "definitions": { - "Identity": { + "Resource": { "properties": { "id": { "type": "string", "readOnly": true, - "description": "The id of the created identity." + "description": "The id of the resource." }, "name": { "type": "string", "readOnly": true, - "description": "The name of the created identity." + "description": "The name of the resource." }, "location": { "type": "string", - "description": "The Azure region where the identity lives." + "description": "The Azure region where the resource lives." + } + }, + "x-ms-azure-resource": true, + "description": "Describes common properties of a resource." + }, + "Identity": { + "properties": { + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Resource tags" }, + "properties": { + "x-ms-client-flatten": true, + "readOnly": true, + "description": "The properties associated with the identity.", + "$ref": "#/definitions/UserAssignedIdentityProperties" + }, + "type": { + "type": "string", + "readOnly": true, + "enum": [ + "Microsoft.ManagedIdentity/userAssignedIdentities" + ], + "x-ms-enum": { + "name": "UserAssignedIdentities", + "modelAsString": true + }, + "description": "The type of resource i.e. Microsoft.ManagedIdentity/userAssignedIdentities" + } + }, + "required": [ + "location" + ], + "allOf": [ + { + "$ref": "#/definitions/Resource" + } + ], + "x-ms-azure-resource": true, + "description": "Describes an identity resource." + }, + "IdentityPatch": { + "properties": { "tags": { "type": "object", "additionalProperties": { @@ -343,8 +421,9 @@ }, "properties": { "x-ms-client-flatten": true, + "readOnly": true, "description": "The properties associated with the identity.", - "$ref": "#/definitions/IdentityProperties" + "$ref": "#/definitions/UserAssignedIdentityProperties" }, "type": { "type": "string", @@ -359,13 +438,43 @@ "description": "The type of resource i.e. Microsoft.ManagedIdentity/userAssignedIdentities" } }, + "allOf": [ + { + "$ref": "#/definitions/Resource" + } + ], "x-ms-azure-resource": true, "description": "Describes an identity resource." }, - "IdentityProperties": { - "description": "The properties associated with the identity.", + "SystemAssignedIdentity": { + "properties": { + "properties": { + "x-ms-client-flatten": true, + "readOnly": true, + "description": "The properties associated with the identity.", + "$ref": "#/definitions/SystemAssignedIdentityProperties" + }, + "type": { + "type": "string", + "readOnly": true, + "description": "The type of resource i.e. Microsoft.Compute/virtualMachineScaleSets" + } + }, + "required": [ + "location" + ], + "allOf": [ + { + "$ref": "#/definitions/Resource" + } + ], + "x-ms-azure-resource": true, + "description": "Describes a system assigned identity resource." + }, + "SystemAssignedIdentityProperties": { + "description": "The properties associated with the system assigned identity.", "type": "object", - "title": "Identity properties.", + "title": "System Assigned Identity properties.", "properties": { "tenantId": { "type": "string", @@ -388,7 +497,32 @@ "clientSecretUrl": { "type": "string", "readOnly": true, - "description": " The ManagedServiceIdentity DataPlane URL that can be queried to obtain the identity credentials. If identity is user assigned, then the clientSecretUrl will not be present in the response, otherwise it will be present." + "description": " The ManagedServiceIdentity DataPlane URL that can be queried to obtain the identity credentials." + } + } + }, + "UserAssignedIdentityProperties": { + "description": "The properties associated with the user assigned identity.", + "type": "object", + "title": "User Assigned Identity properties.", + "properties": { + "tenantId": { + "type": "string", + "readOnly": true, + "format": "uuid", + "description": "The id of the tenant which the identity belongs to." + }, + "principalId": { + "type": "string", + "readOnly": true, + "format": "uuid", + "description": "The id of the service principal object associated with the created identity." + }, + "clientId": { + "type": "string", + "readOnly": true, + "format": "uuid", + "description": "The id of the app associated with the identity. This is a random generated UUID by MSI." } } }, @@ -507,6 +641,15 @@ } }, "parameters": { + "ScopeParameter": { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The resource provider scope of the resource. Parent resource being extended by Managed Identities.", + "x-ms-parameter-location": "method", + "x-ms-skip-url-encoding": true + }, "SubscriptionIdParameter": { "name": "subscriptionId", "in": "path", diff --git a/specification/msi/resource-manager/Microsoft.ManagedIdentity/stable/2018-11-30/examples/SystemAssignedIdentityGet.json b/specification/msi/resource-manager/Microsoft.ManagedIdentity/stable/2018-11-30/examples/SystemAssignedIdentityGet.json new file mode 100644 index 000000000000..f3e08728885f --- /dev/null +++ b/specification/msi/resource-manager/Microsoft.ManagedIdentity/stable/2018-11-30/examples/SystemAssignedIdentityGet.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "api-version": "2018-11-30", + "scope": "scope" + }, + "responses": { + "200": { + "body": { + "id": "/scope", + "location": "cus", + "name": "resourceName", + "properties": { + "clientId": "clientGUID", + "clientSecretUrl": "https://serviceRoot/scope/credentials?tid=tenantId&oid=principalId&aid=clientId", + "principalId": "identityObjectID", + "tenantId": "tenantGUID" + }, + "type": "ResourceProvider" + } + } + } +} diff --git a/specification/msi/resource-manager/readme.md b/specification/msi/resource-manager/readme.md index f1543b3dc76a..6540b93517b2 100644 --- a/specification/msi/resource-manager/readme.md +++ b/specification/msi/resource-manager/readme.md @@ -43,6 +43,15 @@ input-file: - Microsoft.ManagedIdentity/preview/2015-08-31-preview/ManagedIdentity.json ``` +## Suppression +``` yaml +directive: + - suppress: TrackedResourcePatchOperation + from: ManagedIdentity.json + where: $.definitions.SystemAssignedIdentity + reason: The identity type exposed under any scope is not a tracked resource since it is an extension. +``` + --- # Code Generation