diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/authorization-DenyAssignmentCalls.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/authorization-DenyAssignmentCalls.json new file mode 100644 index 000000000000..ab4271f4a988 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/authorization-DenyAssignmentCalls.json @@ -0,0 +1,508 @@ +{ + "swagger": "2.0", + "info": { + "title": "AuthorizationManagementClient", + "version": "2022-04-01", + "description": "Role based access control provides you a way to apply granular level policy administration down to individual resources or resource groups. These operations enable you to get deny assignments. A deny assignment describes the set of actions on resources that are denied for Azure Active Directory users." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePath}/{resourceType}/{resourceName}/providers/Microsoft.Authorization/denyAssignments": { + "get": { + "tags": [ + "DenyAssignments" + ], + "operationId": "DenyAssignments_ListForResource", + "description": "Gets deny assignments for a resource.", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "#/parameters/ResourceProviderNamespaceParameter" + }, + { + "name": "parentResourcePath", + "in": "path", + "required": true, + "type": "string", + "description": "The parent resource identity.", + "x-ms-skip-url-encoding": true + }, + { + "name": "resourceType", + "in": "path", + "required": true, + "type": "string", + "description": "The resource type of the resource.", + "x-ms-skip-url-encoding": true + }, + { + "name": "resourceName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the resource to get deny assignments for." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/FilterParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of deny assignments.", + "schema": { + "$ref": "#/definitions/DenyAssignmentListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "#/definitions/DenyAssignmentFilter", + "x-ms-examples": { + "List deny assignments for resource": { + "$ref": "./examples/GetDenyAssignmentsForResource.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Authorization/denyAssignments": { + "get": { + "tags": [ + "DenyAssignments" + ], + "operationId": "DenyAssignments_ListForResourceGroup", + "description": "Gets deny assignments for a resource group.", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/FilterParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of deny assignments.", + "schema": { + "$ref": "#/definitions/DenyAssignmentListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "#/definitions/DenyAssignmentFilter", + "x-ms-examples": { + "List deny assignments for resource group": { + "$ref": "./examples/GetDenyAssignmentsForResourceGroup.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/denyAssignments": { + "get": { + "tags": [ + "DenyAssignments" + ], + "operationId": "DenyAssignments_List", + "description": "Gets all deny assignments for the subscription.", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/FilterParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of deny assignments.", + "schema": { + "$ref": "#/definitions/DenyAssignmentListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "#/definitions/DenyAssignmentFilter", + "x-ms-examples": { + "List deny assignments for subscription": { + "$ref": "./examples/GetAllDenyAssignments.json" + } + } + } + }, + "/{scope}/providers/Microsoft.Authorization/denyAssignments/{denyAssignmentId}": { + "get": { + "tags": [ + "DenyAssignments" + ], + "operationId": "DenyAssignments_Get", + "description": "Get the specified deny assignment.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the deny assignment.", + "x-ms-skip-url-encoding": true + }, + { + "name": "denyAssignmentId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the deny assignment to get." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the deny assignment.", + "schema": { + "$ref": "#/definitions/DenyAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Get deny assignment by name": { + "$ref": "./examples/GetDenyAssignmentByNameId.json" + } + } + } + }, + "/{denyAssignmentId}": { + "get": { + "tags": [ + "DenyAssignments" + ], + "operationId": "DenyAssignments_GetById", + "description": "Gets a deny assignment by ID.", + "parameters": [ + { + "name": "denyAssignmentId", + "in": "path", + "required": true, + "type": "string", + "description": "The fully qualified deny assignment ID. For example, use the format, /subscriptions/{guid}/providers/Microsoft.Authorization/denyAssignments/{denyAssignmentId} for subscription level deny assignments, or /providers/Microsoft.Authorization/denyAssignments/{denyAssignmentId} for tenant level deny assignments.", + "x-ms-skip-url-encoding": true + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns the deny assignment.", + "schema": { + "$ref": "#/definitions/DenyAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Get deny assignment by ID": { + "$ref": "./examples/GetDenyAssignmentById.json" + } + } + } + }, + "/{scope}/providers/Microsoft.Authorization/denyAssignments": { + "get": { + "tags": [ + "DenyAssignments" + ], + "operationId": "DenyAssignments_ListForScope", + "description": "Gets deny assignments for a scope.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the deny assignments.", + "x-ms-skip-url-encoding": true + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/FilterParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of deny assignments.", + "schema": { + "$ref": "#/definitions/DenyAssignmentListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "#/definitions/DenyAssignmentFilter", + "x-ms-examples": { + "List deny assignments for scope": { + "$ref": "./examples/GetDenyAssignmentByScope.json" + } + } + } + } + }, + "definitions": { + "DenyAssignmentFilter": { + "properties": { + "denyAssignmentName": { + "type": "string", + "description": "Return deny assignment with specified name." + }, + "principalId": { + "type": "string", + "description": "Return all deny assignments where the specified principal is listed in the principals list of deny assignments." + }, + "gdprExportPrincipalId": { + "type": "string", + "description": "Return all deny assignments where the specified principal is listed either in the principals list or exclude principals list of deny assignments." + } + }, + "type": "object", + "description": "Deny Assignments filter" + }, + "DenyAssignmentProperties": { + "properties": { + "denyAssignmentName": { + "type": "string", + "description": "The display name of the deny assignment." + }, + "description": { + "type": "string", + "description": "The description of the deny assignment." + }, + "permissions": { + "type": "array", + "items": { + "$ref": "#/definitions/DenyAssignmentPermission" + }, + "x-ms-identifiers": [], + "description": "An array of permissions that are denied by the deny assignment." + }, + "scope": { + "type": "string", + "description": "The deny assignment scope." + }, + "doNotApplyToChildScopes": { + "type": "boolean", + "description": "Determines if the deny assignment applies to child scopes. Default value is false." + }, + "principals": { + "type": "array", + "items": { + "$ref": "./common-types.json#/definitions/Principal" + }, + "description": "Array of principals to which the deny assignment applies." + }, + "excludePrincipals": { + "type": "array", + "items": { + "$ref": "./common-types.json#/definitions/Principal" + }, + "description": "Array of principals to which the deny assignment does not apply." + }, + "isSystemProtected": { + "type": "boolean", + "description": "Specifies whether this deny assignment was created by Azure and cannot be edited or deleted." + } + }, + "type": "object", + "description": "Deny assignment properties." + }, + "DenyAssignment": { + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "The deny assignment ID." + }, + "name": { + "type": "string", + "readOnly": true, + "description": "The deny assignment name." + }, + "type": { + "type": "string", + "readOnly": true, + "description": "The deny assignment type." + }, + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/DenyAssignmentProperties", + "description": "Deny assignment properties." + } + }, + "type": "object", + "description": "Deny Assignment" + }, + "DenyAssignmentListResult": { + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/DenyAssignment" + }, + "description": "Deny assignment list." + }, + "nextLink": { + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "type": "object", + "description": "Deny assignment list operation result." + }, + "DenyAssignmentPermission": { + "properties": { + "actions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Actions to which the deny assignment does not grant access." + }, + "notActions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Actions to exclude from that the deny assignment does not grant access." + }, + "dataActions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Data actions to which the deny assignment does not grant access." + }, + "notDataActions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Data actions to exclude from that the deny assignment does not grant access." + }, + "condition": { + "type": "string", + "description": "The conditions on the Deny assignment permission. This limits the resources it applies to." + }, + "conditionVersion": { + "type": "string", + "description": "Version of the condition." + } + }, + "type": "object", + "description": "Deny assignment permissions." + } + }, + "parameters": { + "ResourceProviderNamespaceParameter": { + "name": "resourceProviderNamespace", + "in": "path", + "required": true, + "type": "string", + "description": "The namespace of the resource provider.", + "x-ms-skip-url-encoding": true, + "x-ms-parameter-location": "method" + }, + "FilterParameter": { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "The filter to apply on the operation. Use $filter=atScope() to return all deny assignments at or above the scope. Use $filter=denyAssignmentName eq '{name}' to search deny assignments by name at specified scope. Use $filter=principalId eq '{id}' to return all deny assignments at, above and below the scope for the specified principal. Use $filter=gdprExportPrincipalId eq '{id}' to return all deny assignments at, above and below the scope for the specified principal. This filter is different from the principalId filter as it returns not only those deny assignments that contain the specified principal is the Principals list but also those deny assignments that contain the specified principal is the ExcludePrincipals list. Additionally, when gdprExportPrincipalId filter is used, only the deny assignment name and description properties are returned.", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/authorization-ProviderOperationsCalls.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/authorization-ProviderOperationsCalls.json new file mode 100644 index 000000000000..233a36b80ed0 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/authorization-ProviderOperationsCalls.json @@ -0,0 +1,249 @@ +{ + "swagger": "2.0", + "info": { + "title": "AuthorizationManagementClient", + "version": "2022-04-01", + "description": "Role based access control provides you a way to apply granular level policy administration down to individual resources or resource groups. These calls handle provider operations." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/providers/Microsoft.Authorization/providerOperations/{resourceProviderNamespace}": { + "get": { + "tags": [ + "ProviderOperationsMetadata" + ], + "operationId": "ProviderOperationsMetadata_Get", + "description": "Gets provider operations metadata for the specified resource provider.", + "parameters": [ + { + "$ref": "#/parameters/ResourceProviderNamespaceParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "$expand", + "in": "query", + "required": false, + "type": "string", + "default": "resourceTypes", + "description": "Specifies whether to expand the values." + } + ], + "responses": { + "200": { + "description": "OK - Returns the operations metadata.", + "schema": { + "$ref": "#/definitions/ProviderOperationsMetadata" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List provider operations metadata for resource provider": { + "$ref": "./examples/GetProviderOperationsRP.json" + } + } + } + }, + "/providers/Microsoft.Authorization/providerOperations": { + "get": { + "tags": [ + "ProviderOperationsMetadata" + ], + "operationId": "ProviderOperationsMetadata_List", + "description": "Gets provider operations metadata for all resource providers.", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "$expand", + "in": "query", + "required": false, + "type": "string", + "default": "resourceTypes", + "description": "Specifies whether to expand the values." + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of the operations metadata.", + "schema": { + "$ref": "#/definitions/ProviderOperationsMetadataListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "List provider operations metadata for all resource providers": { + "$ref": "./examples/GetAllProviderOperations.json" + } + } + } + } + }, + "definitions": { + "ResourceType": { + "properties": { + "name": { + "type": "string", + "description": "The resource type name." + }, + "displayName": { + "type": "string", + "description": "The resource type display name." + }, + "operations": { + "type": "array", + "items": { + "$ref": "#/definitions/ProviderOperation" + }, + "x-ms-identifiers": [], + "description": "The resource type operations." + } + }, + "type": "object", + "description": "Resource Type" + }, + "ProviderOperation": { + "properties": { + "name": { + "type": "string", + "description": "The operation name." + }, + "displayName": { + "type": "string", + "description": "The operation display name." + }, + "description": { + "type": "string", + "description": "The operation description." + }, + "origin": { + "type": "string", + "description": "The operation origin." + }, + "properties": { + "type": "object", + "x-ms-client-flatten": true, + "description": "The operation properties." + }, + "isDataAction": { + "type": "boolean", + "description": "The dataAction flag to specify the operation type." + } + }, + "type": "object", + "description": "Operation" + }, + "ProviderOperationsMetadata": { + "properties": { + "id": { + "type": "string", + "description": "The provider id." + }, + "name": { + "type": "string", + "description": "The provider name." + }, + "type": { + "type": "string", + "description": "The provider type." + }, + "displayName": { + "type": "string", + "description": "The provider display name." + }, + "resourceTypes": { + "type": "array", + "items": { + "$ref": "#/definitions/ResourceType" + }, + "x-ms-identifiers": [ + "name" + ], + "description": "The provider resource types" + }, + "operations": { + "type": "array", + "items": { + "$ref": "#/definitions/ProviderOperation" + }, + "x-ms-identifiers": [], + "description": "The provider operations." + } + }, + "type": "object", + "description": "Provider Operations metadata" + }, + "ProviderOperationsMetadataListResult": { + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/ProviderOperationsMetadata" + }, + "description": "The list of providers." + }, + "nextLink": { + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "type": "object", + "description": "Provider operations metadata list" + } + }, + "parameters": { + "ResourceProviderNamespaceParameter": { + "name": "resourceProviderNamespace", + "in": "path", + "required": true, + "type": "string", + "description": "The namespace of the resource provider.", + "x-ms-skip-url-encoding": true, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/authorization-RoleAssignmentsCalls.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/authorization-RoleAssignmentsCalls.json new file mode 100644 index 000000000000..872d7bf2be81 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/authorization-RoleAssignmentsCalls.json @@ -0,0 +1,734 @@ +{ + "swagger": "2.0", + "info": { + "title": "AuthorizationManagementClient", + "version": "2022-04-01", + "description": "Role based access control provides you a way to apply granular level policy administration down to individual resources or resource groups. These operations enable you to manage role assignments. A role assignment grants access to Azure Active Directory users." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleAssignments": { + "get": { + "tags": [ + "RoleAssignments" + ], + "operationId": "RoleAssignments_ListForSubscription", + "description": "List all role assignments that apply to a subscription.", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/RoleAssignmentFilterParameter" + }, + { + "$ref": "#/parameters/TenantIdQueryParameter" + } + ], + "responses": { + "200": { + "description": "Returns an array of role assignments.", + "schema": { + "$ref": "#/definitions/RoleAssignmentListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-odata": "#/definitions/RoleAssignmentFilter", + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "List role assignments for subscription": { + "$ref": "./examples/RoleAssignments_ListForSubscription.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Authorization/roleAssignments": { + "get": { + "tags": [ + "RoleAssignments" + ], + "operationId": "RoleAssignments_ListForResourceGroup", + "description": "List all role assignments that apply to a resource group.", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/RoleAssignmentFilterParameter" + }, + { + "$ref": "#/parameters/TenantIdQueryParameter" + } + ], + "responses": { + "200": { + "description": "Returns an array of role assignments.", + "schema": { + "$ref": "#/definitions/RoleAssignmentListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-odata": "#/definitions/RoleAssignmentFilter", + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "List role assignments for resource group": { + "$ref": "./examples/RoleAssignments_ListForResourceGroup.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}/providers/Microsoft.Authorization/roleAssignments": { + "get": { + "tags": [ + "RoleAssignments" + ], + "operationId": "RoleAssignments_ListForResource", + "description": "List all role assignments that apply to a resource.", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./common-types.json#/parameters/ResourceProviderNamespaceParameter" + }, + { + "$ref": "./common-types.json#/parameters/ResourceTypeParameter" + }, + { + "$ref": "./common-types.json#/parameters/ResourceNameParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/RoleAssignmentFilterParameter" + }, + { + "$ref": "#/parameters/TenantIdQueryParameter" + } + ], + "responses": { + "200": { + "description": "Returns an array of role assignments.", + "schema": { + "$ref": "#/definitions/RoleAssignmentListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-odata": "#/definitions/RoleAssignmentFilter", + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "List role assignments for a resource": { + "$ref": "./examples/RoleAssignments_ListForResource.json" + } + } + } + }, + "/{scope}/providers/Microsoft.Authorization/roleAssignments/{roleAssignmentName}": { + "get": { + "tags": [ + "RoleAssignments" + ], + "operationId": "RoleAssignments_Get", + "description": "Get a role assignment by scope and name.", + "parameters": [ + { + "$ref": "./common-types.json#/parameters/ScopeParameter" + }, + { + "$ref": "#/parameters/RoleAssignmentNameParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/TenantIdQueryParameter" + } + ], + "responses": { + "200": { + "description": "Returns the role assignment.", + "schema": { + "$ref": "#/definitions/RoleAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Get role assignment by scope and name": { + "$ref": "./examples/RoleAssignments_Get.json" + } + } + }, + "put": { + "tags": [ + "RoleAssignments" + ], + "operationId": "RoleAssignments_Create", + "description": "Create or update a role assignment by scope and name.", + "parameters": [ + { + "$ref": "./common-types.json#/parameters/ScopeParameter" + }, + { + "$ref": "#/parameters/RoleAssignmentNameParameter" + }, + { + "$ref": "#/parameters/RoleAssignmentCreateParameters" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "201": { + "description": "Returns the role assignment.", + "schema": { + "$ref": "#/definitions/RoleAssignment" + } + }, + "200": { + "description": "Returns the role assignment.", + "schema": { + "$ref": "#/definitions/RoleAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Create role assignment for subscription": { + "$ref": "./examples/RoleAssignments_CreateForSubscription.json" + }, + "Create role assignment for resource group": { + "$ref": "./examples/RoleAssignments_CreateForResourceGroup.json" + }, + "Create role assignment for resource": { + "$ref": "./examples/RoleAssignments_CreateForResource.json" + } + } + }, + "delete": { + "tags": [ + "RoleAssignments" + ], + "operationId": "RoleAssignments_Delete", + "description": "Delete a role assignment by scope and name.", + "parameters": [ + { + "$ref": "./common-types.json#/parameters/ScopeParameter" + }, + { + "$ref": "#/parameters/RoleAssignmentNameParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/TenantIdQueryParameter" + } + ], + "responses": { + "200": { + "description": "Returns the deleted role assignment.", + "schema": { + "$ref": "#/definitions/RoleAssignment" + } + }, + "204": { + "description": "Role assignment was already deleted or does not exist." + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Delete role assignment": { + "$ref": "./examples/RoleAssignments_Delete.json" + } + } + } + }, + "/{scope}/providers/Microsoft.Authorization/roleAssignments": { + "get": { + "tags": [ + "RoleAssignments" + ], + "operationId": "RoleAssignments_ListForScope", + "description": "List all role assignments that apply to a scope.", + "parameters": [ + { + "$ref": "./common-types.json#/parameters/ScopeParameter" + }, + { + "$ref": "#/parameters/RoleAssignmentFilterParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/TenantIdQueryParameter" + }, + { + "$ref": "#/parameters/PaginationSkipToken" + } + ], + "responses": { + "200": { + "description": "Returns an array of role assignments.", + "schema": { + "$ref": "#/definitions/RoleAssignmentListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "#/definitions/RoleAssignmentFilter", + "x-ms-examples": { + "List role assignments for scope": { + "$ref": "./examples/RoleAssignments_ListForScope.json" + } + } + } + }, + "/{roleAssignmentId}": { + "get": { + "tags": [ + "RoleAssignments" + ], + "operationId": "RoleAssignments_GetById", + "description": "Get a role assignment by ID.", + "parameters": [ + { + "$ref": "#/parameters/RoleAssignmentIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/TenantIdQueryParameter" + } + ], + "responses": { + "200": { + "description": "Returns the role assignment.", + "schema": { + "$ref": "#/definitions/RoleAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Get role assignment by ID": { + "$ref": "./examples/RoleAssignments_GetById.json" + } + } + }, + "put": { + "tags": [ + "RoleAssignments" + ], + "operationId": "RoleAssignments_CreateById", + "description": "Create or update a role assignment by ID.", + "parameters": [ + { + "$ref": "#/parameters/RoleAssignmentIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/RoleAssignmentCreateParameters" + } + ], + "responses": { + "201": { + "description": "Returns the role assignment.", + "schema": { + "$ref": "#/definitions/RoleAssignment" + } + }, + "200": { + "description": "Returns the role assignment.", + "schema": { + "$ref": "#/definitions/RoleAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Create or update role assignment by ID": { + "$ref": "./examples/RoleAssignments_CreateById.json" + } + } + }, + "delete": { + "tags": [ + "RoleAssignments" + ], + "operationId": "RoleAssignments_DeleteById", + "description": "Delete a role assignment by ID.", + "parameters": [ + { + "$ref": "#/parameters/RoleAssignmentIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/TenantIdQueryParameter" + } + ], + "responses": { + "200": { + "description": "Returns the deleted role assignment.", + "schema": { + "$ref": "#/definitions/RoleAssignment" + } + }, + "204": { + "description": "Role assignment already deleted or does not exist." + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Delete role assignment by ID": { + "$ref": "./examples/RoleAssignments_DeleteById.json" + } + } + } + } + }, + "definitions": { + "ValidationResponseErrorInfo": { + "type": "object", + "description": "Failed validation result details", + "properties": { + "code": { + "readOnly": true, + "type": "string", + "description": "Error code indicating why validation failed" + }, + "message": { + "readOnly": true, + "type": "string", + "description": "Message indicating why validation failed" + } + } + }, + "ValidationResponse": { + "type": "object", + "description": "Validation response", + "properties": { + "isValid": { + "readOnly": true, + "type": "boolean", + "description": "Whether or not validation succeeded" + }, + "errorInfo": { + "description": "Failed validation result details", + "$ref": "#/definitions/ValidationResponseErrorInfo" + } + } + }, + "RoleAssignmentFilter": { + "properties": { + "principalId": { + "type": "string", + "description": "Returns role assignment of the specific principal." + } + }, + "type": "object", + "description": "Role Assignments filter" + }, + "RoleAssignmentListResult": { + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/RoleAssignment" + }, + "description": "Role assignment list." + }, + "nextLink": { + "readOnly": true, + "type": "string", + "description": "The skipToken to use for getting the next set of results." + } + }, + "type": "object", + "description": "Role assignment list operation result." + }, + "RoleAssignmentProperties": { + "properties": { + "scope": { + "readOnly": true, + "type": "string", + "description": "The role assignment scope." + }, + "roleDefinitionId": { + "type": "string", + "description": "The role definition ID." + }, + "principalId": { + "type": "string", + "description": "The principal ID." + }, + "principalType": { + "type": "string", + "description": "The principal type of the assigned principal ID.", + "enum": [ + "User", + "Group", + "ServicePrincipal", + "ForeignGroup", + "Device" + ], + "default": "User", + "x-ms-enum": { + "name": "PrincipalType", + "modelAsString": true + } + }, + "description": { + "type": "string", + "description": "Description of role assignment" + }, + "condition": { + "type": "string", + "description": "The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'" + }, + "conditionVersion": { + "type": "string", + "description": "Version of the condition. Currently the only accepted value is '2.0'" + }, + "createdOn": { + "readOnly": true, + "type": "string", + "description": "Time it was created", + "format": "date-time" + }, + "updatedOn": { + "readOnly": true, + "type": "string", + "description": "Time it was updated", + "format": "date-time" + }, + "createdBy": { + "readOnly": true, + "type": "string", + "description": "Id of the user who created the assignment" + }, + "updatedBy": { + "readOnly": true, + "type": "string", + "description": "Id of the user who updated the assignment" + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "description": "Id of the delegated managed identity resource" + } + }, + "required": [ + "roleDefinitionId", + "principalId" + ], + "type": "object", + "description": "Role assignment properties." + }, + "RoleAssignment": { + "x-ms-azure-resource": true, + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "The role assignment ID." + }, + "name": { + "type": "string", + "readOnly": true, + "description": "The role assignment name." + }, + "type": { + "type": "string", + "readOnly": true, + "description": "The role assignment type." + }, + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/RoleAssignmentProperties", + "description": "Role assignment properties." + } + }, + "type": "object", + "description": "Role Assignments" + }, + "RoleAssignmentCreateParameters": { + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/RoleAssignmentProperties", + "description": "Role assignment properties." + } + }, + "required": [ + "properties" + ], + "type": "object", + "description": "Role assignment create parameters." + } + }, + "parameters": { + "RoleAssignmentFilterParameter": { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "The filter to apply on the operation. Use $filter=atScope() to return all role assignments at or above the scope. Use $filter=principalId eq {id} to return all role assignments at, above or below the scope for the specified principal.", + "x-ms-skip-url-encoding": true, + "x-ms-parameter-location": "method" + }, + "RoleAssignmentNameParameter": { + "name": "roleAssignmentName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the role assignment. It can be any valid GUID.", + "x-ms-skip-url-encoding": true, + "x-ms-parameter-location": "method" + }, + "RoleAssignmentIdParameter": { + "name": "roleAssignmentId", + "in": "path", + "required": true, + "type": "string", + "description": "The fully qualified ID of the role assignment including scope, resource name, and resource type. Format: /{scope}/providers/Microsoft.Authorization/roleAssignments/{roleAssignmentName}. Example: /subscriptions//resourcegroups//providers/Microsoft.Authorization/roleAssignments/", + "x-ms-skip-url-encoding": true, + "x-ms-parameter-location": "method" + }, + "RoleAssignmentCreateParameters": { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/RoleAssignmentCreateParameters" + }, + "description": "Parameters for the role assignment.", + "x-ms-parameter-location": "method" + }, + "TenantIdQueryParameter": { + "name": "tenantId", + "in": "query", + "required": false, + "type": "string", + "description": "Tenant ID for cross-tenant request", + "x-ms-parameter-location": "method" + }, + "PaginationSkipToken": { + "name": "$skipToken", + "in": "query", + "required": false, + "type": "string", + "description": "The skipToken to apply on the operation. Use $skipToken={skiptoken} to return paged role assignments following the skipToken passed. Only supported on provider level calls.", + "x-ms-skip-url-encoding": true, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/authorization-RoleDefinitionsCalls.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/authorization-RoleDefinitionsCalls.json new file mode 100644 index 000000000000..6ab9858f7a32 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/authorization-RoleDefinitionsCalls.json @@ -0,0 +1,550 @@ +{ + "swagger": "2.0", + "info": { + "title": "AuthorizationManagementClient", + "version": "2022-04-01", + "description": "Role based access control provides you a way to apply granular level policy administration down to individual resources or resource groups. These operations allow you to manage role definitions. A role definition describes the set of actions that can be performed on resources." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/Microsoft.Authorization/permissions": { + "get": { + "tags": [ + "Permissions" + ], + "operationId": "Permissions_ListForResourceGroup", + "description": "Gets all permissions the caller has for a resource group.", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of permissions.", + "schema": { + "$ref": "#/definitions/PermissionGetResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "List permissions for resource group": { + "$ref": "./examples/GetPermissions.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePath}/{resourceType}/{resourceName}/providers/Microsoft.Authorization/permissions": { + "get": { + "tags": [ + "Permissions" + ], + "operationId": "Permissions_ListForResource", + "description": "Gets all permissions the caller has for a resource.", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "./common-types.json#/parameters/ResourceProviderNamespaceParameter" + }, + { + "name": "parentResourcePath", + "in": "path", + "required": true, + "type": "string", + "description": "The parent resource identity.", + "x-ms-skip-url-encoding": true + }, + { + "name": "resourceType", + "in": "path", + "required": true, + "type": "string", + "description": "The resource type of the resource.", + "x-ms-skip-url-encoding": true + }, + { + "name": "resourceName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the resource to get the permissions for." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of permissions.", + "schema": { + "$ref": "#/definitions/PermissionGetResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "List permissions for resource": { + "$ref": "./examples/GetResourcePermissions.json" + } + } + } + }, + "/{scope}/providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionId}": { + "delete": { + "tags": [ + "RoleDefinitions" + ], + "operationId": "RoleDefinitions_Delete", + "description": "Deletes a role definition.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the role definition.", + "x-ms-skip-url-encoding": true + }, + { + "name": "roleDefinitionId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the role definition to delete." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the role definition.", + "schema": { + "$ref": "#/definitions/RoleDefinition" + } + }, + "204": { + "description": "Role definition already deleted or does not exist." + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Delete role definition": { + "$ref": "./examples/DeleteRoleDefinition.json" + } + } + }, + "get": { + "tags": [ + "RoleDefinitions" + ], + "operationId": "RoleDefinitions_Get", + "description": "Get role definition by name (GUID).", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the role definition.", + "x-ms-skip-url-encoding": true + }, + { + "name": "roleDefinitionId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the role definition." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the role definition.", + "schema": { + "$ref": "#/definitions/RoleDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Get role definition by name": { + "$ref": "./examples/GetRoleDefinitionByName.json" + } + } + }, + "put": { + "tags": [ + "RoleDefinitions" + ], + "operationId": "RoleDefinitions_CreateOrUpdate", + "description": "Creates or updates a role definition.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the role definition.", + "x-ms-skip-url-encoding": true + }, + { + "name": "roleDefinitionId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the role definition." + }, + { + "name": "roleDefinition", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/RoleDefinition" + }, + "description": "The values for the role definition." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "201": { + "description": "OK - Returns information about the role definition.", + "schema": { + "$ref": "#/definitions/RoleDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Create role definition": { + "$ref": "./examples/PutRoleDefinition.json" + } + } + } + }, + "/{scope}/providers/Microsoft.Authorization/roleDefinitions": { + "get": { + "tags": [ + "RoleDefinitions" + ], + "operationId": "RoleDefinitions_List", + "description": "Get all role definitions that are applicable at scope and above.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the role definition.", + "x-ms-skip-url-encoding": true + }, + { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "The filter to apply on the operation. Use atScopeAndBelow filter to search below the given scope as well." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of role definitions.", + "schema": { + "$ref": "#/definitions/RoleDefinitionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "#/definitions/RoleDefinitionFilter", + "x-ms-examples": { + "List role definitions for scope": { + "$ref": "./examples/GetRoleDefinitionAtScope.json" + } + } + } + } + }, + "x-ms-paths": { + "/{roleId}?disambiguation_dummy": { + "get": { + "tags": [ + "RoleDefinitions" + ], + "operationId": "RoleDefinitions_GetById", + "description": "Gets a role definition by ID.", + "parameters": [ + { + "name": "roleId", + "in": "path", + "required": true, + "type": "string", + "description": "The fully qualified role definition ID. Use the format, /subscriptions/{guid}/providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionId} for subscription level role definitions, or /providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionId} for tenant level role definitions.", + "x-ms-skip-url-encoding": true + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the role definition.", + "schema": { + "$ref": "#/definitions/RoleDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Get role definition by ID": { + "$ref": "./examples/GetRoleDefinitionById.json" + } + } + } + } + }, + "definitions": { + "RoleDefinitionFilter": { + "properties": { + "roleName": { + "type": "string", + "description": "Returns role definition with the specific name." + }, + "type": { + "type": "string", + "description": "Returns role definition with the specific type." + } + }, + "type": "object", + "description": "Role Definitions filter" + }, + "RoleDefinitionProperties": { + "properties": { + "roleName": { + "type": "string", + "description": "The role name." + }, + "description": { + "type": "string", + "description": "The role definition description." + }, + "type": { + "type": "string", + "description": "The role type.", + "x-ms-client-name": "roleType" + }, + "permissions": { + "type": "array", + "items": { + "$ref": "#/definitions/Permission" + }, + "x-ms-identifiers": [], + "description": "Role definition permissions." + }, + "assignableScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Role definition assignable scopes." + } + }, + "type": "object", + "description": "Role definition properties." + }, + "RoleDefinition": { + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "The role definition ID." + }, + "name": { + "type": "string", + "readOnly": true, + "description": "The role definition name." + }, + "type": { + "type": "string", + "readOnly": true, + "description": "The role definition type." + }, + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/RoleDefinitionProperties", + "description": "Role definition properties." + } + }, + "type": "object", + "description": "Role definition." + }, + "RoleDefinitionListResult": { + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/RoleDefinition" + }, + "description": "Role definition list." + }, + "nextLink": { + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "type": "object", + "description": "Role definition list operation result." + }, + "PermissionGetResult": { + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/Permission" + }, + "x-ms-identifiers": [], + "description": "An array of permissions." + }, + "nextLink": { + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "type": "object", + "description": "Permissions information." + }, + "Permission": { + "properties": { + "actions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Allowed actions." + }, + "notActions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Denied actions." + }, + "dataActions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Allowed Data actions." + }, + "notDataActions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Denied Data actions." + } + }, + "type": "object", + "description": "Role definition permissions." + } + }, + "parameters": { + "FilterParameter": { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "The filter to apply on the operation. Use $filter=atScope() to return all deny assignments at or above the scope. Use $filter=denyAssignmentName eq '{name}' to search deny assignments by name at specified scope. Use $filter=principalId eq '{id}' to return all deny assignments at, above and below the scope for the specified principal. Use $filter=gdprExportPrincipalId eq '{id}' to return all deny assignments at, above and below the scope for the specified principal. This filter is different from the principalId filter as it returns not only those deny assignments that contain the specified principal is the Principals list but also those deny assignments that contain the specified principal is the ExcludePrincipals list. Additionally, when gdprExportPrincipalId filter is used, only the deny assignment name and description properties are returned.", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/common-types.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/common-types.json new file mode 100644 index 000000000000..1e4cc930b2e1 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/common-types.json @@ -0,0 +1,443 @@ +{ + "swagger": "2.0", + "info": { + "version": "2022-04-01", + "title": "AuthorizationManagementClient" + }, + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": {}, + "definitions": { + "Permission": { + "properties": { + "actions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Allowed actions." + }, + "notActions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Denied actions." + }, + "dataActions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Allowed Data actions." + }, + "notDataActions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Denied Data actions." + } + }, + "type": "object", + "description": "Role definition permissions." + }, + "Principal": { + "readOnly": true, + "type": "object", + "description": "The name of the entity last modified it", + "properties": { + "id": { + "type": "string", + "description": "The id of the principal made changes" + }, + "displayName": { + "type": "string", + "description": "The name of the principal made changes" + }, + "type": { + "type": "string", + "description": "Type of principal such as user , group etc" + }, + "email": { + "type": "string", + "description": "Email of principal" + } + } + }, + "RoleManagementPolicyRule": { + "description": "The role management policy rule.", + "type": "object", + "required": [ + "ruleType" + ], + "discriminator": "ruleType", + "properties": { + "id": { + "type": "string", + "description": "The id of the rule." + }, + "ruleType": { + "description": "The type of rule", + "$ref": "#/definitions/RoleManagementPolicyRuleType" + }, + "target": { + "$ref": "#/definitions/RoleManagementPolicyRuleTarget", + "description": "The target of the current rule." + } + } + }, + "RoleManagementPolicyApprovalRule": { + "description": "The role management policy approval rule.", + "allOf": [ + { + "$ref": "#/definitions/RoleManagementPolicyRule" + } + ], + "type": "object", + "properties": { + "setting": { + "$ref": "#/definitions/ApprovalSettings", + "description": "The approval setting" + } + } + }, + "ApprovalSettings": { + "description": "The approval settings.", + "type": "object", + "properties": { + "isApprovalRequired": { + "type": "boolean", + "description": "Determines whether approval is required or not." + }, + "isApprovalRequiredForExtension": { + "type": "boolean", + "description": "Determines whether approval is required for assignment extension." + }, + "isRequestorJustificationRequired": { + "type": "boolean", + "description": "Determine whether requestor justification is required." + }, + "approvalMode": { + "type": "string", + "description": "The type of rule", + "enum": [ + "SingleStage", + "Serial", + "Parallel", + "NoApproval" + ], + "x-ms-enum": { + "name": "ApprovalMode", + "modelAsString": true + } + }, + "approvalStages": { + "type": "array", + "items": { + "$ref": "#/definitions/ApprovalStage" + }, + "x-ms-identifiers": [], + "description": "The approval stages of the request." + } + } + }, + "ApprovalStage": { + "description": "The approval stage.", + "type": "object", + "properties": { + "approvalStageTimeOutInDays": { + "type": "integer", + "format": "int32", + "description": "The time in days when approval request would be timed out" + }, + "isApproverJustificationRequired": { + "type": "boolean", + "description": "Determines whether approver need to provide justification for his decision." + }, + "escalationTimeInMinutes": { + "type": "integer", + "format": "int32", + "description": "The time in minutes when the approval request would be escalated if the primary approver does not approve" + }, + "primaryApprovers": { + "type": "array", + "description": "The primary approver of the request.", + "items": { + "$ref": "#/definitions/UserSet" + } + }, + "isEscalationEnabled": { + "type": "boolean", + "description": "The value determine whether escalation feature is enabled." + }, + "escalationApprovers": { + "type": "array", + "description": "The escalation approver of the request.", + "items": { + "$ref": "#/definitions/UserSet" + } + } + } + }, + "UserSet": { + "description": "The detail of a user.", + "type": "object", + "properties": { + "userType": { + "type": "string", + "description": "The type of user.", + "enum": [ + "User", + "Group" + ], + "x-ms-enum": { + "name": "UserType", + "modelAsString": true + } + }, + "isBackup": { + "type": "boolean", + "description": "The value indicating whether the user is a backup fallback approver" + }, + "id": { + "type": "string", + "description": "The object id of the user." + }, + "description": { + "type": "string", + "description": "The description of the user." + } + } + }, + "RoleManagementPolicyAuthenticationContextRule": { + "description": "The role management policy authentication context rule.", + "allOf": [ + { + "$ref": "#/definitions/RoleManagementPolicyRule" + } + ], + "type": "object", + "properties": { + "isEnabled": { + "type": "boolean", + "description": "The value indicating if rule is enabled." + }, + "claimValue": { + "type": "string", + "description": "The claim value." + } + } + }, + "RoleManagementPolicyEnablementRule": { + "description": "The role management policy enablement rule.", + "allOf": [ + { + "$ref": "#/definitions/RoleManagementPolicyRule" + } + ], + "type": "object", + "properties": { + "enabledRules": { + "type": "array", + "items": { + "type": "string", + "description": "The type of enablement rule", + "enum": [ + "MultiFactorAuthentication", + "Justification", + "Ticketing" + ], + "x-ms-enum": { + "name": "EnablementRules", + "modelAsString": true + } + }, + "description": "The list of enabled rules." + } + } + }, + "RoleManagementPolicyExpirationRule": { + "description": "The role management policy expiration rule.", + "allOf": [ + { + "$ref": "#/definitions/RoleManagementPolicyRule" + } + ], + "type": "object", + "properties": { + "isExpirationRequired": { + "type": "boolean", + "description": "The value indicating whether expiration is required." + }, + "maximumDuration": { + "type": "string", + "description": "The maximum duration of expiration in timespan." + } + } + }, + "RoleManagementPolicyNotificationRule": { + "description": "The role management policy notification rule.", + "allOf": [ + { + "$ref": "#/definitions/RoleManagementPolicyRule" + } + ], + "type": "object", + "properties": { + "notificationType": { + "type": "string", + "description": "The type of notification.", + "enum": [ + "Email" + ], + "x-ms-enum": { + "name": "NotificationDeliveryMechanism", + "modelAsString": true + } + }, + "notificationLevel": { + "type": "string", + "description": "The notification level.", + "enum": [ + "None", + "Critical", + "All" + ], + "x-ms-enum": { + "name": "NotificationLevel", + "modelAsString": true + } + }, + "recipientType": { + "type": "string", + "description": "The recipient type.", + "enum": [ + "Requestor", + "Approver", + "Admin" + ], + "x-ms-enum": { + "name": "RecipientType", + "modelAsString": true + } + }, + "notificationRecipients": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of notification recipients." + }, + "isDefaultRecipientsEnabled": { + "type": "boolean", + "description": "Determines if the notification will be sent to the recipient type specified in the policy rule." + } + } + }, + "RoleManagementPolicyRuleTarget": { + "description": "The role management policy rule target.", + "type": "object", + "properties": { + "caller": { + "type": "string", + "description": "The caller of the setting." + }, + "operations": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The type of operation." + }, + "level": { + "type": "string", + "description": "The assignment level to which rule is applied." + }, + "targetObjects": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of target objects." + }, + "inheritableSettings": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of inheritable settings." + }, + "enforcedSettings": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of enforced settings." + } + } + }, + "RoleManagementPolicyRuleType": { + "type": "string", + "description": "The type of rule", + "enum": [ + "RoleManagementPolicyApprovalRule", + "RoleManagementPolicyAuthenticationContextRule", + "RoleManagementPolicyEnablementRule", + "RoleManagementPolicyExpirationRule", + "RoleManagementPolicyNotificationRule" + ], + "x-ms-enum": { + "name": "RoleManagementPolicyRuleType", + "modelAsString": true + } + } + }, + "parameters": { + "ResourceProviderNamespaceParameter": { + "name": "resourceProviderNamespace", + "in": "path", + "required": true, + "type": "string", + "description": "The namespace of the resource provider.", + "x-ms-skip-url-encoding": true, + "x-ms-parameter-location": "method" + }, + "ResourceTypeParameter": { + "name": "resourceType", + "in": "path", + "required": true, + "type": "string", + "description": "The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites).", + "x-ms-skip-url-encoding": true, + "x-ms-parameter-location": "method" + }, + "ResourceNameParameter": { + "name": "resourceName", + "in": "path", + "required": true, + "type": "string", + "description": "The resource name.", + "x-ms-skip-url-encoding": true, + "x-ms-parameter-location": "method" + }, + "ScopeParameter": { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the operation or resource. Valid scopes are: subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'", + "x-ms-skip-url-encoding": true, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/DeleteRoleDefinition.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/DeleteRoleDefinition.json new file mode 100644 index 000000000000..a0de0e85d339 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/DeleteRoleDefinition.json @@ -0,0 +1,37 @@ +{ + "parameters": { + "scope": "scope", + "roleDefinitionId": "roleDefinitionId", + "api-version": "2022-04-01" + }, + "responses": { + "200": { + "body": { + "properties": { + "roleName": "Role name", + "type": "roletype", + "description": "Role description", + "assignableScopes": [ + "/subscriptions/subId" + ], + "permissions": [ + { + "actions": [ + "action" + ], + "notActions": [], + "dataActions": [ + "dataAction" + ], + "notDataActions": [] + } + ] + }, + "id": "/subscriptions/subID/providers/Microsoft.Authorization/roleDefinitions/roleDefinitionId", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "roleDefinitionId" + } + }, + "204": {} + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetAllDenyAssignments.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetAllDenyAssignments.json new file mode 100644 index 000000000000..f97708a40ed0 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetAllDenyAssignments.json @@ -0,0 +1,50 @@ +{ + "parameters": { + "subscriptionId": "subId", + "api-version": "2022-04-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "properties": { + "denyAssignmentName": "Deny assignment name", + "description": "Deny assignment description", + "permissions": [ + { + "actions": [ + "action" + ], + "notActions": [], + "dataActions": [ + "action" + ], + "notDataActions": [] + } + ], + "scope": "/subscriptions/subId", + "doNotApplyToChildScopes": false, + "principals": [ + { + "id": "principalId1", + "type": "principalType1" + } + ], + "excludePrincipals": [ + { + "id": "principalId2", + "type": "principalType2" + } + ], + "isSystemProtected": true + }, + "id": "/subscriptions/subId/providers/Microsoft.Authorization/denyAssignments/denyAssignmentId", + "type": "Microsoft.Authorization/denyAssignments", + "name": "denyAssignmentId" + } + ] + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetAllProviderOperations.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetAllProviderOperations.json new file mode 100644 index 000000000000..deeb1f8701af --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetAllProviderOperations.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "api-version": "2022-04-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "id", + "name": "name", + "type": "type", + "displayName": "displayName", + "resourceTypes": [ + { + "name": "name", + "displayName": "name", + "operations": [] + } + ], + "operations": [] + } + ] + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetDenyAssignmentById.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetDenyAssignmentById.json new file mode 100644 index 000000000000..5d2c240c1aba --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetDenyAssignmentById.json @@ -0,0 +1,44 @@ +{ + "parameters": { + "denyAssignmentId": "subscriptions/subId/resourcegroups/rgname/providers/Microsoft.Authorization/denyAssignments/daId", + "api-version": "2022-04-01" + }, + "responses": { + "200": { + "body": { + "properties": { + "denyAssignmentName": "Deny assignment name", + "description": "Deny assignment description", + "permissions": [ + { + "actions": [ + "action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "scope": "/subscriptions/subId/resourcegroups/rgname", + "doNotApplyToChildScopes": false, + "principals": [ + { + "id": "principalId1", + "type": "principalType1" + } + ], + "excludePrincipals": [ + { + "id": "principalId2", + "type": "principalType2" + } + ], + "isSystemProtected": true + }, + "id": "/subscriptions/subId/resourcegroups/rgname/providers/Microsoft.Authorization/denyAssignments/daId", + "type": "Microsoft.Authorization/denyAssignments", + "name": "daId" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetDenyAssignmentByNameId.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetDenyAssignmentByNameId.json new file mode 100644 index 000000000000..429ea8cdb7a2 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetDenyAssignmentByNameId.json @@ -0,0 +1,45 @@ +{ + "parameters": { + "scope": "subscriptions/subId/resourcegroups/rgname", + "denyAssignmentId": "denyAssignmentId", + "api-version": "2022-04-01" + }, + "responses": { + "200": { + "body": { + "properties": { + "denyAssignmentName": "Deny assignment name", + "description": "Deny assignment description", + "permissions": [ + { + "actions": [ + "action" + ], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "scope": "/subscriptions/subId/resourcegroups/rgname", + "doNotApplyToChildScopes": false, + "principals": [ + { + "id": "principalId1", + "type": "principalType1" + } + ], + "excludePrincipals": [ + { + "id": "principalId2", + "type": "principalType2" + } + ], + "isSystemProtected": true + }, + "id": "/subscriptions/subId/resourcegroups/rgname/providers/Microsoft.Authorization/denyAssignments/denyAssignmentId", + "type": "Microsoft.Authorization/denyAssignments", + "name": "denyAssignmentId" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetDenyAssignmentByScope.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetDenyAssignmentByScope.json new file mode 100644 index 000000000000..370b2cf24ad4 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetDenyAssignmentByScope.json @@ -0,0 +1,50 @@ +{ + "parameters": { + "scope": "subscriptions/subId", + "api-version": "2022-04-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "properties": { + "denyAssignmentName": "Deny assignment name", + "description": "Deny assignment description", + "permissions": [ + { + "actions": [ + "action" + ], + "notActions": [], + "dataActions": [ + "action" + ], + "notDataActions": [] + } + ], + "scope": "/subscriptions/subId", + "doNotApplyToChildScopes": false, + "principals": [ + { + "id": "principalId1", + "type": "principalType1" + } + ], + "excludePrincipals": [ + { + "id": "principalId2", + "type": "principalType2" + } + ], + "isSystemProtected": true + }, + "id": "/subscriptions/subId/providers/Microsoft.Authorization/denyAssignments/denyAssignmentId", + "type": "Microsoft.Authorization/denyAssignments", + "name": "denyAssignmentId" + } + ] + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetDenyAssignmentsForResource.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetDenyAssignmentsForResource.json new file mode 100644 index 000000000000..5494cb622b5d --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetDenyAssignmentsForResource.json @@ -0,0 +1,55 @@ +{ + "parameters": { + "subscriptionId": "subId", + "resourceGroupName": "rgname", + "resourceProviderNamespace": "resourceProviderNamespace", + "parentResourcePath": "parentResourcePath", + "resourceType": "resourceType", + "resourceName": "resourceName", + "api-version": "2022-04-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "properties": { + "denyAssignmentName": "Deny assignment name", + "description": "Deny assignment description", + "permissions": [ + { + "actions": [ + "action" + ], + "notActions": [], + "dataActions": [ + "action" + ], + "notDataActions": [] + } + ], + "scope": "/subscriptions/subId/resourcegroups/rgname/providers/resourceProviderNamespace/parentResourcePath/resourceType/resourceName", + "doNotApplyToChildScopes": false, + "principals": [ + { + "id": "principalId1", + "type": "principalType1" + } + ], + "excludePrincipals": [ + { + "id": "principalId2", + "type": "principalType2" + } + ], + "isSystemProtected": true + }, + "id": "/subscriptions/subId/resourcegroups/rgname/providers/resourceProviderNamespace/parentResourcePath/resourceType/resourceName/providers/Microsoft.Authorization/denyAssignments/denyAssignmentId", + "type": "Microsoft.Authorization/denyAssignments", + "name": "denyAssignmentId" + } + ] + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetDenyAssignmentsForResourceGroup.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetDenyAssignmentsForResourceGroup.json new file mode 100644 index 000000000000..fe570ce9efaf --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetDenyAssignmentsForResourceGroup.json @@ -0,0 +1,51 @@ +{ + "parameters": { + "subscriptionId": "subId", + "resourceGroupName": "rgname", + "api-version": "2022-04-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "properties": { + "denyAssignmentName": "Deny assignment name", + "description": "Deny assignment description", + "permissions": [ + { + "actions": [ + "action" + ], + "notActions": [], + "dataActions": [ + "action" + ], + "notDataActions": [] + } + ], + "scope": "/subscriptions/subId/resourcegroups/rgname", + "doNotApplyToChildScopes": false, + "principals": [ + { + "id": "principalId1", + "type": "principalType1" + } + ], + "excludePrincipals": [ + { + "id": "principalId2", + "type": "principalType2" + } + ], + "isSystemProtected": true + }, + "id": "/subscriptions/subId/resourcegroups/rgname/providers/Microsoft.Authorization/denyAssignments/denyAssignmentId", + "type": "Microsoft.Authorization/denyAssignments", + "name": "denyAssignmentId" + } + ] + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetPermissions.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetPermissions.json new file mode 100644 index 000000000000..cca798f2f4c7 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetPermissions.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "resourceGroupName": "rgname", + "subscriptionId": "subID", + "api-version": "2022-04-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "actions": [], + "notActions": [], + "dataActions": [], + "notDataActions": [] + } + ], + "nextLink": "nextlink" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetProviderOperationsRP.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetProviderOperationsRP.json new file mode 100644 index 000000000000..527519a3ce68 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetProviderOperationsRP.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "resourceProviderNamespace": "resourceProviderNamespace", + "api-version": "2022-04-01" + }, + "responses": { + "200": { + "body": { + "id": "id", + "name": "name", + "type": "type", + "displayName": "displayName", + "resourceTypes": [ + { + "name": "name", + "displayName": "name", + "operations": [] + } + ], + "operations": [] + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetResourcePermissions.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetResourcePermissions.json new file mode 100644 index 000000000000..e8236c21e9b3 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetResourcePermissions.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "subscriptionId": "subId", + "resourceGroupName": "rgname", + "resourceProviderNamespace": "rpnamespace", + "parentResourcePath": "parentResourcePath", + "resourceType": "resourceType", + "resourceName": "resourceName", + "api-version": "2022-04-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "actions": [], + "notActions": [] + } + ] + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetRoleDefinitionAtScope.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetRoleDefinitionAtScope.json new file mode 100644 index 000000000000..d8a2d799c716 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetRoleDefinitionAtScope.json @@ -0,0 +1,39 @@ +{ + "parameters": { + "scope": "scope", + "api-version": "2022-04-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "properties": { + "roleName": "Role name", + "type": "roletype", + "description": "Role description", + "assignableScopes": [ + "/subscriptions/subId" + ], + "permissions": [ + { + "actions": [ + "action" + ], + "notActions": [], + "dataActions": [ + "dataAction" + ], + "notDataActions": [] + } + ] + }, + "id": "/subscriptions/subID/providers/Microsoft.Authorization/roleDefinitions/roleDefinitionId", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "roleDefinitionId" + } + ] + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetRoleDefinitionById.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetRoleDefinitionById.json new file mode 100644 index 000000000000..6bac7e410f4b --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetRoleDefinitionById.json @@ -0,0 +1,35 @@ +{ + "parameters": { + "roleId": "roleDefinitionId", + "api-version": "2022-04-01" + }, + "responses": { + "200": { + "body": { + "properties": { + "roleName": "Role name", + "type": "roletype", + "description": "Role description", + "assignableScopes": [ + "/subscriptions/subId" + ], + "permissions": [ + { + "actions": [ + "action" + ], + "notActions": [], + "dataActions": [ + "dataAction" + ], + "notDataActions": [] + } + ] + }, + "id": "/subscriptions/subID/providers/Microsoft.Authorization/roleDefinitions/roleDefinitionId", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "roleDefinitionId" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetRoleDefinitionByName.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetRoleDefinitionByName.json new file mode 100644 index 000000000000..5dbec233d731 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/GetRoleDefinitionByName.json @@ -0,0 +1,36 @@ +{ + "parameters": { + "scope": "scope", + "roleDefinitionId": "roleDefinitionId", + "api-version": "2022-04-01" + }, + "responses": { + "200": { + "body": { + "properties": { + "roleName": "Role name", + "type": "roletype", + "description": "Role description", + "assignableScopes": [ + "/subscriptions/subId" + ], + "permissions": [ + { + "actions": [ + "action" + ], + "notActions": [], + "dataActions": [ + "dataAction" + ], + "notDataActions": [] + } + ] + }, + "id": "/subscriptions/subID/providers/Microsoft.Authorization/roleDefinitions/roleDefinitionId", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "roleDefinitionId" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/PutRoleDefinition.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/PutRoleDefinition.json new file mode 100644 index 000000000000..104d71a2d1f3 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/PutRoleDefinition.json @@ -0,0 +1,61 @@ +{ + "parameters": { + "scope": "scope", + "roleDefinitionId": "roleDefinitionId", + "roleDefinition": {}, + "body": { + "roleDefinition": { + "roleName": "Role name", + "description": "Role description", + "assignableScopes": [ + "/subscriptions/subId" + ], + "permissions": [ + { + "actions": [ + "action" + ], + "notActions": [], + "dataActions": [ + "dataAction" + ], + "notDataActions": [] + } + ], + "id": "/subscriptions/subID/providers/Microsoft.Authorization/roleDefinitions/roleDefinitionId", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "roleDefinitionId" + } + }, + "api-version": "2022-04-01" + }, + "responses": { + "201": { + "body": { + "properties": { + "roleName": "Role name", + "type": "roletype", + "description": "Role description", + "assignableScopes": [ + "/subscriptions/subId" + ], + "permissions": [ + { + "actions": [ + "action" + ], + "notActions": [], + "dataActions": [ + "dataAction" + ], + "notDataActions": [] + } + ] + }, + "id": "/subscriptions/subID/providers/Microsoft.Authorization/roleDefinitions/roleDefinitionId", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "roleDefinitionId" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_CreateById.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_CreateById.json new file mode 100644 index 000000000000..9c6028ae5772 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_CreateById.json @@ -0,0 +1,41 @@ +{ + "parameters": { + "roleAssignmentId": "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/b0f43c54-e787-4862-89b1-a653fa9cf747", + "api-version": "2022-04-01", + "parameters": { + "properties": { + "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d", + "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987", + "principalType": "User" + } + } + }, + "responses": { + "201": { + "body": { + "properties": { + "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d", + "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987", + "principalType": "User", + "scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2" + }, + "id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/b0f43c54-e787-4862-89b1-a653fa9cf747", + "type": "Microsoft.Authorization/roleAssignments", + "name": "b0f43c54-e787-4862-89b1-a653fa9cf747" + } + }, + "200": { + "body": { + "properties": { + "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d", + "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987", + "principalType": "User", + "scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2" + }, + "id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/b0f43c54-e787-4862-89b1-a653fa9cf747", + "type": "Microsoft.Authorization/roleAssignments", + "name": "b0f43c54-e787-4862-89b1-a653fa9cf747" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_CreateForResource.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_CreateForResource.json new file mode 100644 index 000000000000..6fcca0cd292d --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_CreateForResource.json @@ -0,0 +1,42 @@ +{ + "parameters": { + "scope": "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account", + "roleAssignmentName": "05c5a614-a7d6-4502-b150-c2fb455033ff", + "api-version": "2022-04-01", + "parameters": { + "properties": { + "roleDefinitionId": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d", + "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987", + "principalType": "User" + } + } + }, + "responses": { + "201": { + "body": { + "properties": { + "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d", + "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987", + "principalType": "User", + "scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account" + }, + "id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff", + "type": "Microsoft.Authorization/roleAssignments", + "name": "05c5a614-a7d6-4502-b150-c2fb455033ff" + } + }, + "200": { + "body": { + "properties": { + "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d", + "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987", + "principalType": "User", + "scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account" + }, + "id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff", + "type": "Microsoft.Authorization/roleAssignments", + "name": "05c5a614-a7d6-4502-b150-c2fb455033ff" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_CreateForResourceGroup.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_CreateForResourceGroup.json new file mode 100644 index 000000000000..ca738cbc9ed4 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_CreateForResourceGroup.json @@ -0,0 +1,42 @@ +{ + "parameters": { + "scope": "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg", + "roleAssignmentName": "05c5a614-a7d6-4502-b150-c2fb455033ff", + "api-version": "2022-04-01", + "parameters": { + "properties": { + "roleDefinitionId": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d", + "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987", + "principalType": "User" + } + } + }, + "responses": { + "201": { + "body": { + "properties": { + "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d", + "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987", + "principalType": "User", + "scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg" + }, + "id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff", + "type": "Microsoft.Authorization/roleAssignments", + "name": "05c5a614-a7d6-4502-b150-c2fb455033ff" + } + }, + "200": { + "body": { + "properties": { + "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d", + "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987", + "principalType": "User", + "scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg" + }, + "id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff", + "type": "Microsoft.Authorization/roleAssignments", + "name": "05c5a614-a7d6-4502-b150-c2fb455033ff" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_CreateForSubscription.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_CreateForSubscription.json new file mode 100644 index 000000000000..a13fefb962bb --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_CreateForSubscription.json @@ -0,0 +1,42 @@ +{ + "parameters": { + "scope": "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2", + "roleAssignmentName": "05c5a614-a7d6-4502-b150-c2fb455033ff", + "api-version": "2022-04-01", + "parameters": { + "properties": { + "roleDefinitionId": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d", + "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987", + "principalType": "User" + } + } + }, + "responses": { + "201": { + "body": { + "properties": { + "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d", + "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987", + "principalType": "User", + "scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2" + }, + "id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff", + "type": "Microsoft.Authorization/roleAssignments", + "name": "05c5a614-a7d6-4502-b150-c2fb455033ff" + } + }, + "200": { + "body": { + "properties": { + "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d", + "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987", + "principalType": "User", + "scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2" + }, + "id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff", + "type": "Microsoft.Authorization/roleAssignments", + "name": "05c5a614-a7d6-4502-b150-c2fb455033ff" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_Delete.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_Delete.json new file mode 100644 index 000000000000..ffbf366543b3 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_Delete.json @@ -0,0 +1,23 @@ +{ + "parameters": { + "scope": "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2", + "roleAssignmentName": "b0f43c54-e787-4862-89b1-a653fa9cf747", + "api-version": "2022-04-01" + }, + "responses": { + "200": { + "body": { + "properties": { + "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d", + "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987", + "principalType": "User", + "scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2" + }, + "id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/b0f43c54-e787-4862-89b1-a653fa9cf747", + "type": "Microsoft.Authorization/roleAssignments", + "name": "b0f43c54-e787-4862-89b1-a653fa9cf747" + } + }, + "204": {} + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_DeleteById.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_DeleteById.json new file mode 100644 index 000000000000..66790d37b8e6 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_DeleteById.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "roleAssignmentId": "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/b0f43c54-e787-4862-89b1-a653fa9cf747", + "api-version": "2022-04-01" + }, + "responses": { + "200": { + "body": { + "properties": { + "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d", + "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987", + "principalType": "User", + "scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2" + }, + "id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/b0f43c54-e787-4862-89b1-a653fa9cf747", + "type": "Microsoft.Authorization/roleAssignments", + "name": "b0f43c54-e787-4862-89b1-a653fa9cf747" + } + }, + "204": {} + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_Get.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_Get.json new file mode 100644 index 000000000000..c8866df2f200 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_Get.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "scope": "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2", + "roleAssignmentName": "b0f43c54-e787-4862-89b1-a653fa9cf747", + "api-version": "2022-04-01" + }, + "responses": { + "200": { + "body": { + "properties": { + "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d", + "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987", + "principalType": "User", + "scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2" + }, + "id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/b0f43c54-e787-4862-89b1-a653fa9cf747", + "type": "Microsoft.Authorization/roleAssignments", + "name": "b0f43c54-e787-4862-89b1-a653fa9cf747" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_GetById.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_GetById.json new file mode 100644 index 000000000000..e1dd75f88376 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_GetById.json @@ -0,0 +1,21 @@ +{ + "parameters": { + "roleAssignmentId": "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/b0f43c54-e787-4862-89b1-a653fa9cf747", + "api-version": "2022-04-01" + }, + "responses": { + "200": { + "body": { + "properties": { + "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d", + "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987", + "principalType": "User", + "scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2" + }, + "id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/b0f43c54-e787-4862-89b1-a653fa9cf747", + "type": "Microsoft.Authorization/roleAssignments", + "name": "b0f43c54-e787-4862-89b1-a653fa9cf747" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_ListForResource.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_ListForResource.json new file mode 100644 index 000000000000..0b91338b0139 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_ListForResource.json @@ -0,0 +1,51 @@ +{ + "parameters": { + "subscriptionId": "a925f2f7-5c63-4b7b-8799-25a5f97bc3b2", + "resourceGroupName": "testrg", + "resourceProviderNamespace": "Microsoft.DocumentDb", + "resourceType": "databaseAccounts", + "resourceName": "test-db-account", + "api-version": "2022-04-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "properties": { + "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d", + "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987", + "principalType": "User", + "scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2" + }, + "id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/b0f43c54-e787-4862-89b1-a653fa9cf747", + "type": "Microsoft.Authorization/roleAssignments", + "name": "b0f43c54-e787-4862-89b1-a653fa9cf747" + }, + { + "properties": { + "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d", + "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987", + "principalType": "User", + "scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg" + }, + "id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.Authorization/roleAssignments/96786e4b-dede-4c2e-8736-8ab911987f08", + "type": "Microsoft.Authorization/roleAssignments", + "name": "96786e4b-dede-4c2e-8736-8ab911987f08" + }, + { + "properties": { + "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d", + "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987", + "principalType": "User", + "scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account" + }, + "id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.DocumentDb/databaseAccounts/test-db-account/providers/Microsoft.Authorization/roleAssignments/05c5a614-a7d6-4502-b150-c2fb455033ff", + "type": "Microsoft.Authorization/roleAssignments", + "name": "05c5a614-a7d6-4502-b150-c2fb455033ff" + } + ] + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_ListForResourceGroup.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_ListForResourceGroup.json new file mode 100644 index 000000000000..428b665a0e73 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_ListForResourceGroup.json @@ -0,0 +1,37 @@ +{ + "parameters": { + "subscriptionId": "a925f2f7-5c63-4b7b-8799-25a5f97bc3b2", + "resourceGroupName": "testrg", + "api-version": "2022-04-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "properties": { + "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d", + "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987", + "principalType": "User", + "scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2" + }, + "id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/b0f43c54-e787-4862-89b1-a653fa9cf747", + "type": "Microsoft.Authorization/roleAssignments", + "name": "b0f43c54-e787-4862-89b1-a653fa9cf747" + }, + { + "properties": { + "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d", + "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987", + "principalType": "User", + "scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg" + }, + "id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/resourceGroups/testrg/providers/Microsoft.Authorization/roleAssignments/96786e4b-dede-4c2e-8736-8ab911987f08", + "type": "Microsoft.Authorization/roleAssignments", + "name": "96786e4b-dede-4c2e-8736-8ab911987f08" + } + ] + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_ListForScope.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_ListForScope.json new file mode 100644 index 000000000000..39ce0be373f4 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_ListForScope.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "scope": "subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2", + "api-version": "2022-04-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "properties": { + "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d", + "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987", + "principalType": "User", + "scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2" + }, + "id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/b0f43c54-e787-4862-89b1-a653fa9cf747", + "type": "Microsoft.Authorization/roleAssignments", + "name": "b0f43c54-e787-4862-89b1-a653fa9cf747" + } + ] + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_ListForSubscription.json b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_ListForSubscription.json new file mode 100644 index 000000000000..f715b08b3d3c --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/stable/2022-04-01/examples/RoleAssignments_ListForSubscription.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "subscriptionId": "a925f2f7-5c63-4b7b-8799-25a5f97bc3b2", + "api-version": "2022-04-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "properties": { + "roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/0b5fe924-9a61-425c-96af-cfe6e287ca2d", + "principalId": "ce2ce14e-85d7-4629-bdbc-454d0519d987", + "principalType": "User", + "scope": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2" + }, + "id": "/subscriptions/a925f2f7-5c63-4b7b-8799-25a5f97bc3b2/providers/Microsoft.Authorization/roleAssignments/b0f43c54-e787-4862-89b1-a653fa9cf747", + "type": "Microsoft.Authorization/roleAssignments", + "name": "b0f43c54-e787-4862-89b1-a653fa9cf747" + } + ] + } + } + } +} diff --git a/specification/authorization/resource-manager/readme.csharp.md b/specification/authorization/resource-manager/readme.csharp.md index b2467c1c74d4..86a3f65c0ac3 100644 --- a/specification/authorization/resource-manager/readme.csharp.md +++ b/specification/authorization/resource-manager/readme.csharp.md @@ -132,4 +132,16 @@ output-folder: $(csharp-sdks-folder)/Authorization/Management.Authorization/$(cs batch: - tag: package-2020-10-01-preview + ``` + +### Profile: profile_2022_04_01 + +These settings apply only when `--csharp-profile=profile_2022_04_01` is specified on the command line. + + ``` yaml $(csharp-profile)=='profile_2022_04_01' +namespace: Microsoft.Azure.Management.Profiles.$(csharp-profile).Authorization +output-folder: $(csharp-sdks-folder)/Authorization/Management.Authorization/$(csharp-profile)/Generated + +batch: + - tag: package-2022-04-01 ``` \ No newline at end of file diff --git a/specification/authorization/resource-manager/readme.md b/specification/authorization/resource-manager/readme.md old mode 100644 new mode 100755 index f12b6af3d433..2f51ec816898 --- a/specification/authorization/resource-manager/readme.md +++ b/specification/authorization/resource-manager/readme.md @@ -132,6 +132,30 @@ input-file: - Microsoft.Authorization/stable/2020-10-01/RoleManagementPolicyAssignment.json ``` +### Tag: package-2022-04-01 + +These settings apply only when `--tag=package-2022-04-01` is specified on the command line. + +``` yaml $(tag) == 'package-2022-04-01' +input-file: +- Microsoft.Authorization/stable/2015-07-01/authorization-ClassicAdminCalls.json +- Microsoft.Authorization/stable/2015-07-01/authorization-ElevateAccessCalls.json +- Microsoft.Authorization/stable/2022-04-01/authorization-DenyAssignmentCalls.json +- Microsoft.Authorization/stable/2022-04-01/authorization-ProviderOperationsCalls.json +- Microsoft.Authorization/stable/2022-04-01/authorization-RoleAssignmentsCalls.json +- Microsoft.Authorization/stable/2022-04-01/authorization-RoleDefinitionsCalls.json +- Microsoft.Authorization/stable/2022-04-01/common-types.json +- Microsoft.Authorization/stable/2020-10-01/EligibleChildResources.json +- Microsoft.Authorization/stable/2020-10-01/RoleAssignmentSchedule.json +- Microsoft.Authorization/stable/2020-10-01/RoleAssignmentScheduleInstance.json +- Microsoft.Authorization/stable/2020-10-01/RoleAssignmentScheduleRequest.json +- Microsoft.Authorization/stable/2020-10-01/RoleEligibilitySchedule.json +- Microsoft.Authorization/stable/2020-10-01/RoleEligibilityScheduleInstance.json +- Microsoft.Authorization/stable/2020-10-01/RoleEligibilityScheduleRequest.json +- Microsoft.Authorization/stable/2020-10-01/RoleManagementPolicy.json +- Microsoft.Authorization/stable/2020-10-01/RoleManagementPolicyAssignment.json +``` + ### Tag: package-2022-04-01-preview-only These settings apply only when `--tag=package-2022-04-01-preview-only` is specified on the command line. @@ -142,6 +166,7 @@ input-file: - Microsoft.Authorization/preview/2022-04-01-preview/RoleEligibilityScheduleRequest.json ``` + ### Tag: package-preview-2021-11 These settings apply only when `--tag=package-preview-2021-11` is specified on the command line. @@ -177,6 +202,47 @@ input-file: - Microsoft.Authorization/preview/2021-01-01-preview/authorization-RoleAssignmentApprovalCalls.json ``` +### Tag: package-2020-10-01 + +These settings apply only when `--tag=package-2020-10-01` is specified on the command line. + +``` yaml $(tag) == 'package-2020-10-01' +input-file: +- Microsoft.Authorization/stable/2015-07-01/authorization-RoleDefinitionsCalls.json +- Microsoft.Authorization/stable/2015-07-01/authorization-ProviderOperationsCalls.json +- Microsoft.Authorization/stable/2015-07-01/authorization-ElevateAccessCalls.json +- Microsoft.Authorization/stable/2015-07-01/authorization-RoleAssignmentsCalls.json +- Microsoft.Authorization/stable/2015-07-01/authorization-ClassicAdminCalls.json +- Microsoft.Authorization/stable/2020-10-01/common-types.json +- Microsoft.Authorization/stable/2020-10-01/EligibleChildResources.json +- Microsoft.Authorization/stable/2020-10-01/RoleAssignmentSchedule.json +- Microsoft.Authorization/stable/2020-10-01/RoleAssignmentScheduleInstance.json +- Microsoft.Authorization/stable/2020-10-01/RoleAssignmentScheduleRequest.json +- Microsoft.Authorization/stable/2020-10-01/RoleEligibilitySchedule.json +- Microsoft.Authorization/stable/2020-10-01/RoleEligibilityScheduleInstance.json +- Microsoft.Authorization/stable/2020-10-01/RoleEligibilityScheduleRequest.json +- Microsoft.Authorization/stable/2020-10-01/RoleManagementPolicy.json +- Microsoft.Authorization/stable/2020-10-01/RoleManagementPolicyAssignment.json +``` + +### Tag: package-2020-10-01-only + +These settings apply only when `--tag=package-2020-10-01-only` is specified on the command line. + +``` yaml $(tag) == 'package-2020-10-01-only' +input-file: +- Microsoft.Authorization/stable/2020-10-01/common-types.json +- Microsoft.Authorization/stable/2020-10-01/EligibleChildResources.json +- Microsoft.Authorization/stable/2020-10-01/RoleAssignmentSchedule.json +- Microsoft.Authorization/stable/2020-10-01/RoleAssignmentScheduleInstance.json +- Microsoft.Authorization/stable/2020-10-01/RoleAssignmentScheduleRequest.json +- Microsoft.Authorization/stable/2020-10-01/RoleEligibilitySchedule.json +- Microsoft.Authorization/stable/2020-10-01/RoleEligibilityScheduleInstance.json +- Microsoft.Authorization/stable/2020-10-01/RoleEligibilityScheduleRequest.json +- Microsoft.Authorization/stable/2020-10-01/RoleManagementPolicy.json +- Microsoft.Authorization/stable/2020-10-01/RoleManagementPolicyAssignment.json +``` + ### Tag: package-2020-10-01-preview These settings apply only when `--tag=package-2020-10-01-preview` is specified on the command line.