From 30226281a3248ad81999636ecf8c5a7d82de0477 Mon Sep 17 00:00:00 2001 From: vivsriaus Date: Mon, 2 Oct 2017 10:17:31 -0700 Subject: [PATCH] Add support for policy at ManagementGroup level (#1754) * Add support for policy at ManagementGroup level * Add "x-ms-parameter-location": "method" for ManagementGroupId parameter --- .../2016-12-01/policyDefinitions.json | 157 ++++++++++++++ ...ePolicySetDefinitionAtManagementGroup.json | 90 ++++++++ ...tPolicySetDefinitionAtManagementGroup.json | 59 ++++++ ...PolicySetDefinitionsByManagementGroup.json | 66 ++++++ .../policySetDefinitions.json | 194 ++++++++++++++++++ 5 files changed, 566 insertions(+) create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/2017-06-01-preview/examples/createOrUpdatePolicySetDefinitionAtManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/2017-06-01-preview/examples/getPolicySetDefinitionAtManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/2017-06-01-preview/examples/listPolicySetDefinitionsByManagementGroup.json diff --git a/specification/resources/resource-manager/Microsoft.Authorization/2016-12-01/policyDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/2016-12-01/policyDefinitions.json index be3a6a6593c0..ef71d13286d9 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/2016-12-01/policyDefinitions.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/2016-12-01/policyDefinitions.json @@ -137,6 +137,116 @@ } } }, + "/providers/Microsoft.Management/managementgroups/{managementGroupId}/providers/Microsoft.Authorization/policydefinitions/{policyDefinitionName}": { + "put": { + "tags": [ + "PolicyDefinitions" + ], + "operationId": "PolicyDefinitions_CreateOrUpdateAtManagementGroup", + "description": "Creates or updates a policy definition at management group level.", + "parameters": [ + { + "name": "policyDefinitionName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the policy definition to create." + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyDefinition" + }, + "description": "The policy definition properties." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ManagementGroupIdParameter" + } + ], + "responses": { + "201": { + "description": "Created - Returns information about the policy definition.", + "schema": { + "$ref": "#/definitions/PolicyDefinition" + } + } + } + }, + "delete": { + "tags": [ + "PolicyDefinitions" + ], + "operationId": "PolicyDefinitions_DeleteAtManagementGroup", + "description": "Deletes a policy definition at management group level.", + "parameters": [ + { + "name": "policyDefinitionName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the policy definition to delete." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ManagementGroupIdParameter" + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "200": { + "description": "OK" + } + } + }, + "get": { + "tags": [ + "PolicyDefinitions" + ], + "operationId": "PolicyDefinitions_GetAtManagementGroup", + "description": "Gets the policy definition at management group level.", + "parameters": [ + { + "name": "policyDefinitionName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the policy definition to get." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ManagementGroupIdParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy definition.", + "schema": { + "$ref": "#/definitions/PolicyDefinition" + } + } + } + } + }, "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policydefinitions": { "get": { "tags": [ @@ -172,6 +282,45 @@ }, "x-ms-odata": "#/definitions/PolicyDefinition" } + }, + "/providers/Microsoft.Management/managementgroups/{managementGroupId}/providers/Microsoft.Authorization/policydefinitions": { + "get": { + "tags": [ + "PolicyDefinitions" + ], + "operationId": "PolicyDefinitions_ListByManagementGroup", + "description": "Gets all the policy definitions for a subscription at management group level.", + "parameters": [ + { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "The filter to apply on the operation." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ManagementGroupIdParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns ana array of policy definitions.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionListResult" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "#/definitions/PolicyDefinition" + } } }, "definitions": { @@ -272,6 +421,14 @@ "type": "string", "description": "The ID of the target subscription." }, + "ManagementGroupIdParameter": { + "name": "managementGroupId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the management group.", + "x-ms-parameter-location": "method" + }, "ApiVersionParameter": { "name": "api-version", "in": "query", diff --git a/specification/resources/resource-manager/Microsoft.Authorization/2017-06-01-preview/examples/createOrUpdatePolicySetDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/2017-06-01-preview/examples/createOrUpdatePolicySetDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..53060cf81010 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/2017-06-01-preview/examples/createOrUpdatePolicySetDefinitionAtManagementGroup.json @@ -0,0 +1,90 @@ +{ + "parameters": { + "subscriptionId": "subid", + "managementGroupId": "mgid", + "policySetDefinitionName": "costManagement", + "api-version": "2017-06-01-preview", + "parameters": { + "properties": { + "displayName": "VM and Storage Cost Management", + "description": "Policies required to minimize the risk of accidental cost overruns", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/subId/providers/Microsoft.Authorization/policyDefinitions/storageSkus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + } + ] + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "id": "/providers/Microsoft.Management/managementgroups/mgid/providers/Microsoft.Authorization/policySetDefinitions/costManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "costManagement", + "properties": { + "displayName": "VM and Storage Cost Management", + "description": "Policies required to minimize the risk of accidental cost overruns", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/subid/providers/Microsoft.Authorization/policyDefinitions/storageSkus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + } + ], + "policyType": "Custom" + } + } + }, + "200": { + "headers": {}, + "body": { + "id": "/providers/Microsoft.Management/managementgroups/mgid/providers/Microsoft.Authorization/policySetDefinitions/costManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "costManagement", + "properties": { + "displayName": "VM and Storage Cost Management", + "description": "Policies required to minimize the risk of accidental cost overruns", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/subid/providers/Microsoft.Authorization/policyDefinitions/storageSkus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + } + ], + "policyType": "Custom" + } + } + } + } +} \ No newline at end of file diff --git a/specification/resources/resource-manager/Microsoft.Authorization/2017-06-01-preview/examples/getPolicySetDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/2017-06-01-preview/examples/getPolicySetDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..e936d6d939ec --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/2017-06-01-preview/examples/getPolicySetDefinitionAtManagementGroup.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "subscriptionId": "subid", + "managementGroupId": "mgid", + "policySetDefinitionName": "costManagement", + "api-version": "2017-06-01-preview" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "id": "/providers/Microsoft.Management/managementgroups/mgid/providers/Microsoft.Authorization/policySetDefinitions/costManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "costManagement", + "properties": { + "displayName": "VM and Storage Cost Management", + "description": "Policies required to minimize the risk of accidental cost overruns", + "metadata": { + "category": "Cost Management" + }, + "parameters": { + "allowedLocations": { + "type": "array", + "metadata": { + "description": "Regions that resources can be deployed to", + "displayName": "Valid Regions" + } + } + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/subid/providers/Microsoft.Authorization/policyDefinitions/storageSkus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/subid/providers/Microsoft.Authorization/policyDefinitions/vmSkus" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/policyDefinitionId", + "parameters": { + "listOfAllowedLocations": { + "value": "[parameters('allowedLocations')]" + } + } + } + ], + "policyType": "Custom" + } + } + } + } +} \ No newline at end of file diff --git a/specification/resources/resource-manager/Microsoft.Authorization/2017-06-01-preview/examples/listPolicySetDefinitionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/2017-06-01-preview/examples/listPolicySetDefinitionsByManagementGroup.json new file mode 100644 index 000000000000..c6e4f76a37e7 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/2017-06-01-preview/examples/listPolicySetDefinitionsByManagementGroup.json @@ -0,0 +1,66 @@ +{ + "parameters": { + "subscriptionId": "subid", + "managementGroupId": "mgid", + "api-version": "2017-06-01-preview" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/providers/Microsoft.Management/managementgroups/mgid/providers/Microsoft.Authorization/policySetDefinitions/costManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "costManagement", + "properties": { + "displayName": "VM and Storage Cost Management", + "description": "Policies required to minimize the risk of accidental cost overruns", + "metadata": { + "category": "Cost Management" + }, + "parameters": { + "allowedLocations": { + "type": "array", + "metadata": { + "description": "Regions that resources can be deployed to", + "displayName": "Valid Regions" + } + } + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/subid/providers/Microsoft.Authorization/policyDefinitions/storageSkus", + "parameters": { + "locations": { + "value": "[parameters('allowedLocations')]" + } + } + } + ], + "policyType": "Custom" + } + }, + { + "id": "/providers/Microsoft.Management/managementgroups/mgid/providers/Microsoft.Authorization/policySetDefinitions/skuManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "skuManagement", + "properties": { + "displayName": "VM Sku Management", + "description": "Policies required to minimize the risk of accidental cost overruns", + "metadata": { + "category": "Sku Management" + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/subid/providers/Microsoft.Authorization/policyDefinitions/vmSkus" + } + ], + "policyType": "Custom" + } + } + ] + } + } + } +} \ No newline at end of file diff --git a/specification/resources/resource-manager/Microsoft.Authorization/2017-06-01-preview/policySetDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/2017-06-01-preview/policySetDefinitions.json index 51904e6d0077..e7e67ed90c45 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/2017-06-01-preview/policySetDefinitions.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/2017-06-01-preview/policySetDefinitions.json @@ -212,6 +212,192 @@ "nextLinkName": "nextLink" } } + }, + "/providers/Microsoft.Management/managementgroups/{managementGroupId}/providers/Microsoft.Authorization/policysetdefinitions/{policySetDefinitionName}": { + "put": { + "tags": [ + "PolicySetDefinitions" + ], + "operationId": "PolicySetDefinitions_CreateOrUpdateAtManagementGroup", + "description": "Creates or updates a policy set definition at management group level.", + "x-ms-examples": { + "Put a policy set definition": { + "$ref": "./examples/createOrUpdatePolicySetDefinitionAtManagementGroup.json" + } + }, + "parameters": [ + { + "name": "policySetDefinitionName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the policy set definition to create." + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + }, + "description": "The policy set definition properties." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ManagementGroupIdParameter" + } + ], + "responses": { + "201": { + "description": "Created - Returns information about the policy set definition.", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "200": { + "description": "OK - Returns information about the policy set definition.", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "tags": [ + "PolicySetDefinitions" + ], + "operationId": "PolicySetDefinitions_DeleteAtManagementGroup", + "description": "Deletes a policy set definition at management group level.", + "parameters": [ + { + "name": "policySetDefinitionName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the policy set definition to delete." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ManagementGroupIdParameter" + } + ], + "responses": { + "204": { + "description": "No Content - the policy set definition doesn't exist in the subscription." + }, + "200": { + "description": "OK" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorResponse" + } + } + } + }, + "get": { + "tags": [ + "PolicySetDefinitions" + ], + "operationId": "PolicySetDefinitions_GetAtManagementGroup", + "description": "Gets the policy set definition at management group level.", + "x-ms-examples": { + "Get a policy set definition": { + "$ref": "./examples/getPolicySetDefinitionAtManagementGroup.json" + } + }, + "parameters": [ + { + "name": "policySetDefinitionName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the policy set definition to get." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ManagementGroupIdParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy set definition.", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorResponse" + } + } + } + } + }, + "/providers/Microsoft.Management/managementgroups/{managementGroupId}/providers/Microsoft.Authorization/policysetdefinitions": { + "get": { + "tags": [ + "PolicySetDefinitions" + ], + "operationId": "PolicySetDefinitions_ListByManagementGroup", + "description": "Gets all the policy set definitions for a subscription at management group.", + "x-ms-examples": { + "List policy set definitions": { + "$ref": "./examples/listPolicySetDefinitionsByManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ManagementGroupIdParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy set definitions.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } } }, "definitions": { @@ -341,6 +527,14 @@ "type": "string", "description": "The ID of the target subscription." }, + "ManagementGroupIdParameter": { + "name": "managementGroupId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the management group.", + "x-ms-parameter-location": "method" + }, "ApiVersionParameter": { "name": "api-version", "in": "query",