From 27cdc510e447c7eda773ad919461fee77472dc5b Mon Sep 17 00:00:00 2001 From: Robert Gao Date: Wed, 7 Sep 2022 13:56:35 -0700 Subject: [PATCH 1/8] Port previous version exemptions and assignments --- .../createOrUpdatePolicyExemption.json | 79 ++ .../examples/deletePolicyExemption.json | 15 + .../examples/getPolicyExemption.json | 37 + ...istPolicyExemptionsForManagementGroup.json | 63 ++ .../listPolicyExemptionsForResource.json | 67 ++ .../listPolicyExemptionsForResourceGroup.json | 64 ++ .../listPolicyExemptionsForSubscription.json | 63 ++ .../2022-07-01-preview/policyExemptions.json | 561 ++++++++++ .../examples/createPolicyAssignment.json | 64 ++ .../examples/createPolicyAssignmentById.json | 53 + ...PolicyAssignmentNonComplianceMessages.json | 59 ++ .../createPolicyAssignmentWithIdentity.json | 65 ++ ...reatePolicyAssignmentWithIdentityById.json | 63 ++ ...icyAssignmentWithUserAssignedIdentity.json | 72 ++ ...atePolicyAssignmentWithoutEnforcement.json | 55 + .../examples/deletePolicyAssignment.json | 38 + .../examples/deletePolicyAssignmentById.json | 36 + .../examples/getPolicyAssignment.json | 36 + .../examples/getPolicyAssignmentById.json | 34 + .../getPolicyAssignmentWithIdentity.json | 42 + .../getPolicyAssignmentWithIdentityById.json | 40 + ...icyAssignmentWithUserAssignedIdentity.json | 46 + .../examples/listPolicyAssignments.json | 54 + ...stPolicyAssignmentsForManagementGroup.json | 54 + .../listPolicyAssignmentsForResource.json | 58 ++ ...listPolicyAssignmentsForResourceGroup.json | 55 + .../updatePolicyAssignmentWithIdentity.json | 48 + ...pdatePolicyAssignmentWithIdentityById.json | 46 + ...icyAssignmentWithUserAssignedIdentity.json | 55 + .../stable/2022-06-01/policyAssignments.json | 984 ++++++++++++++++++ 30 files changed, 3006 insertions(+) create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/createOrUpdatePolicyExemption.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/deletePolicyExemption.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/getPolicyExemption.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/listPolicyExemptionsForManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/listPolicyExemptionsForResource.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/listPolicyExemptionsForResourceGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/listPolicyExemptionsForSubscription.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/policyExemptions.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignment.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentById.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentNonComplianceMessages.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithIdentity.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithIdentityById.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithUserAssignedIdentity.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithoutEnforcement.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/deletePolicyAssignment.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/deletePolicyAssignmentById.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignment.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentById.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithIdentity.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithIdentityById.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithUserAssignedIdentity.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/listPolicyAssignments.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/listPolicyAssignmentsForManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/listPolicyAssignmentsForResource.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/listPolicyAssignmentsForResourceGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithIdentity.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithIdentityById.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithUserAssignedIdentity.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/policyAssignments.json diff --git a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/createOrUpdatePolicyExemption.json b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/createOrUpdatePolicyExemption.json new file mode 100644 index 000000000000..5f300513bd45 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/createOrUpdatePolicyExemption.json @@ -0,0 +1,79 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster", + "policyExemptionName": "DemoExpensiveVM", + "api-version": "2020-07-01-preview", + "parameters": { + "properties": { + "policyAssignmentId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "policyDefinitionReferenceIds": [ + "Limit_Skus" + ], + "exemptionCategory": "Waiver", + "displayName": "Exempt demo cluster", + "description": "Exempt demo cluster from limit sku", + "metadata": { + "reason": "Temporary exemption for a expensive VM demo" + } + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "policyAssignmentId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "policyDefinitionReferenceIds": [ + "Limit_Skus" + ], + "exemptionCategory": "Waiver", + "displayName": "Exempt demo cluster", + "description": "Exempt demo cluster from limit sku", + "metadata": { + "reason": "Temporary exemption for a expensive VM demo" + } + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-07-01T01:01:01.1075056Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-07-01T01:01:01.1075056Z" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster/providers/Microsoft.Authorization/policyExemptions/DemoExpensiveVM", + "type": "Microsoft.Authorization/policyExemptions", + "name": "DemoExpensiveVM" + } + }, + "200": { + "headers": {}, + "body": { + "properties": { + "policyAssignmentId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "policyDefinitionReferenceIds": [ + "Limit_Skus" + ], + "exemptionCategory": "Waiver", + "displayName": "Exempt demo cluster", + "description": "Exempt demo cluster from limit sku", + "metadata": { + "reason": "Temporary exemption for a expensive VM demo" + } + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-07-01T01:01:01.1075056Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-07-01T02:01:01.1075056Z" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster/providers/Microsoft.Authorization/policyExemptions/DemoExpensiveVM", + "type": "Microsoft.Authorization/policyExemptions", + "name": "DemoExpensiveVM" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/deletePolicyExemption.json b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/deletePolicyExemption.json new file mode 100644 index 000000000000..7268b4d04093 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/deletePolicyExemption.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster", + "policyExemptionName": "DemoExpensiveVM", + "api-version": "2020-07-01-preview" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/getPolicyExemption.json b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/getPolicyExemption.json new file mode 100644 index 000000000000..38fc34650a1f --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/getPolicyExemption.json @@ -0,0 +1,37 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster", + "policyExemptionName": "DemoExpensiveVM", + "api-version": "2020-07-01-preview" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "policyAssignmentId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "policyDefinitionReferenceIds": [ + "Limit_Skus" + ], + "exemptionCategory": "Waiver", + "displayName": "Exempt demo cluster", + "description": "Exempt demo cluster from limit sku", + "metadata": { + "reason": "Temporary exemption for a expensive VM demo" + } + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-07-01T01:01:01.1075056Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-07-01T02:01:01.1075056Z" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster/providers/Microsoft.Authorization/policyExemptions/DemoExpensiveVM", + "type": "Microsoft.Authorization/policyExemptions", + "name": "DemoExpensiveVM" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/listPolicyExemptionsForManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/listPolicyExemptionsForManagementGroup.json new file mode 100644 index 000000000000..77598424b706 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/listPolicyExemptionsForManagementGroup.json @@ -0,0 +1,63 @@ +{ + "parameters": { + "managementGroupId": "DevOrg", + "api-version": "2020-07-01-preview", + "$filter": "atScope()" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "policyAssignmentId": "/providers/Microsoft.Management/managementGroups/HardwareDivision/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "policyDefinitionReferenceIds": [ + "Limit_Skus" + ], + "exemptionCategory": "Waiver", + "displayName": "Exempt demo cluster", + "description": "Exempt demo cluster from limit sku", + "metadata": { + "reason": "Temporary exemption for a expensive VM demo" + } + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-07-01T01:01:01.1075056Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-07-01T02:01:01.1075056Z" + }, + "id": "/providers/Microsoft.Management/managementGroups/DevOrg/providers/Microsoft.Authorization/policyExemptions/ResearchBudgetExemption", + "type": "Microsoft.Authorization/policyExemptions", + "name": "ResearchBudgetExemption" + }, + { + "properties": { + "policyAssignmentId": "/providers/Microsoft.Management/managementGroups/HardwareDivision/providers/Microsoft.Authorization/policyAssignments/LimitPorts", + "exemptionCategory": "Mitigated", + "displayName": "Exempt jump box open ports", + "description": "Exempt jump box open ports from limit ports policy", + "metadata": { + "reason": "Need to open RDP port to corp net" + } + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-07-01T01:01:01.1075056Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-07-01T02:01:01.1075056Z" + }, + "id": "/providers/Microsoft.Management/managementGroups/DevOrg/providers/Microsoft.Authorization/policyExemptions/VNetIsMonitored", + "type": "Microsoft.Authorization/policyExemptions", + "name": "VNetIsMonitored" + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/listPolicyExemptionsForResource.json b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/listPolicyExemptionsForResource.json new file mode 100644 index 000000000000..7efd27f5ad38 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/listPolicyExemptionsForResource.json @@ -0,0 +1,67 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "resourceGroupName": "TestResourceGroup", + "resourceProviderNamespace": "Microsoft.Compute", + "parentResourcePath": "virtualMachines/MyTestVm", + "resourceType": "domainNames", + "resourceName": "MyTestComputer.cloudapp.net", + "api-version": "2020-07-01-preview" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "policyAssignmentId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "policyDefinitionReferenceIds": [ + "Limit_Skus" + ], + "exemptionCategory": "Waiver", + "displayName": "Exempt demo cluster", + "description": "Exempt demo cluster from limit sku", + "metadata": { + "reason": "Temporary exemption for a expensive VM demo" + } + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-07-01T01:01:01.1075056Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-07-01T02:01:01.1075056Z" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyExemptions/DemoExpensiveVMGroup", + "type": "Microsoft.Authorization/policyExemptions", + "name": "DemoExpensiveVMGroup" + }, + { + "properties": { + "policyAssignmentId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/LimitPorts", + "exemptionCategory": "Mitigated", + "displayName": "Exempt jump box open ports", + "description": "Exempt jump box open ports from limit ports policy", + "metadata": { + "reason": "Need to open RDP port to corp net" + } + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-07-01T01:01:01.1075056Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-07-01T02:01:01.1075056Z" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Compute/virtualMachines/MyTestVm/providers/Microsoft.Authorization/policyExemptions/jumpBoxExemption", + "type": "Microsoft.Authorization/policyExemptions", + "name": "jumpBoxExemption" + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/listPolicyExemptionsForResourceGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/listPolicyExemptionsForResourceGroup.json new file mode 100644 index 000000000000..7cac005fa471 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/listPolicyExemptionsForResourceGroup.json @@ -0,0 +1,64 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "resourceGroupName": "TestResourceGroup", + "api-version": "2020-07-01-preview", + "$filter": "atScope()" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "policyAssignmentId": "/providers/Microsoft.Management/managementGroups/DevOrg/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "policyDefinitionReferenceIds": [ + "Limit_Skus" + ], + "exemptionCategory": "Waiver", + "displayName": "Exempt demo cluster", + "description": "Exempt demo cluster from limit sku", + "metadata": { + "reason": "Temporary exemption for a expensive VM demo" + } + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-07-01T01:01:01.1075056Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-07-01T02:01:01.1075056Z" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyExemptions/TestVMSub", + "type": "Microsoft.Authorization/policyExemptions", + "name": "TestVMSub" + }, + { + "properties": { + "policyAssignmentId": "/providers/Microsoft.Management/managementGroups/DevOrg/providers/Microsoft.Authorization/policyAssignments/LimitPorts", + "exemptionCategory": "Mitigated", + "displayName": "Exempt jump box open ports", + "description": "Exempt jump box open ports from limit ports policy", + "metadata": { + "reason": "Need to open RDP port to corp net" + } + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-07-01T01:01:01.1075056Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-07-01T02:01:01.1075056Z" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyExemptions/TestVNetRG", + "type": "Microsoft.Authorization/policyExemptions", + "name": "TestVNetRG" + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/listPolicyExemptionsForSubscription.json b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/listPolicyExemptionsForSubscription.json new file mode 100644 index 000000000000..aefef89332a2 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/listPolicyExemptionsForSubscription.json @@ -0,0 +1,63 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2020-07-01-preview", + "$filter": "atScope()" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "policyAssignmentId": "/providers/Microsoft.Management/managementGroups/DevOrg/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "policyDefinitionReferenceIds": [ + "Limit_Skus" + ], + "exemptionCategory": "Waiver", + "displayName": "Exempt demo cluster", + "description": "Exempt demo cluster from limit sku", + "metadata": { + "reason": "Temporary exemption for a expensive VM demo" + } + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-07-01T01:01:01.1075056Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-07-01T02:01:01.1075056Z" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyExemptions/TestVMSub", + "type": "Microsoft.Authorization/policyExemptions", + "name": "TestVMSub" + }, + { + "properties": { + "policyAssignmentId": "/providers/Microsoft.Management/managementGroups/DevOrg/providers/Microsoft.Authorization/policyAssignments/LimitPorts", + "exemptionCategory": "Mitigated", + "displayName": "Exempt jump box open ports", + "description": "Exempt jump box open ports from limit ports policy", + "metadata": { + "reason": "Need to open RDP port to corp net" + } + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-07-01T01:01:01.1075056Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-07-01T02:01:01.1075056Z" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyExemptions/TestVNetSub", + "type": "Microsoft.Authorization/policyExemptions", + "name": "TestVNetSub" + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/policyExemptions.json b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/policyExemptions.json new file mode 100644 index 000000000000..b555e5537eb6 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/policyExemptions.json @@ -0,0 +1,561 @@ +{ + "swagger": "2.0", + "info": { + "title": "PolicyClient", + "version": "2020-07-01-preview", + "description": "To exempt your resources from policy evaluation and non-compliance state, you can create an exemption at a scope." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/{scope}/providers/Microsoft.Authorization/policyExemptions/{policyExemptionName}": { + "delete": { + "tags": [ + "PolicyExemptions" + ], + "operationId": "PolicyExemptions_Delete", + "summary": "Deletes a policy exemption.", + "description": "This operation deletes a policy exemption, given its name and the scope it was created in. The scope of a policy exemption is the part of its ID preceding '/providers/Microsoft.Authorization/policyExemptions/{policyExemptionName}'.", + "x-ms-examples": { + "Delete a policy exemption": { + "$ref": "./examples/deletePolicyExemption.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/ScopeParameter" + }, + { + "$ref": "#/parameters/PolicyExemptionNameParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "No Content - the policy exemption doesn't exist." + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "put": { + "tags": [ + "PolicyExemptions" + ], + "operationId": "PolicyExemptions_CreateOrUpdate", + "summary": "Creates or updates a policy exemption.", + "description": " This operation creates or updates a policy exemption with the given scope and name. Policy exemptions apply to all resources contained within their scope. For example, when you create a policy exemption at resource group scope for a policy assignment at the same or above level, the exemption exempts to all applicable resources in the resource group.", + "x-ms-examples": { + "Create or update a policy exemption": { + "$ref": "./examples/createOrUpdatePolicyExemption.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/ScopeParameter" + }, + { + "$ref": "#/parameters/PolicyExemptionNameParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyExemption" + }, + "description": "Parameters for the policy exemption." + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the updated policy exemption.", + "schema": { + "$ref": "#/definitions/PolicyExemption" + } + }, + "201": { + "description": "Created - Returns information about the new policy exemption.", + "schema": { + "$ref": "#/definitions/PolicyExemption" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "get": { + "tags": [ + "PolicyExemptions" + ], + "operationId": "PolicyExemptions_Get", + "summary": "Retrieves a policy exemption.", + "description": "This operation retrieves a single policy exemption, given its name and the scope it was created at.", + "x-ms-examples": { + "Retrieve a policy exemption": { + "$ref": "./examples/getPolicyExemption.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/ScopeParameter" + }, + { + "$ref": "#/parameters/PolicyExemptionNameParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy exemption.", + "schema": { + "$ref": "#/definitions/PolicyExemption" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyExemptions": { + "get": { + "tags": [ + "PolicyExemptions" + ], + "operationId": "PolicyExemptions_List", + "summary": "Retrieves all policy exemptions that apply to a subscription.", + "description": "This operation retrieves the list of all policy exemptions associated with the given subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()', 'excludeExpired()' or 'policyAssignmentId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy exemptions associated with the subscription, including those that apply directly or from management groups that contain the given subscription, as well as any applied to objects contained within the subscription.", + "x-ms-examples": { + "List policy exemptions that apply to a subscription": { + "$ref": "./examples/listPolicyExemptionsForSubscription.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/PolicyExemptionFilterParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy exemptions.", + "schema": { + "$ref": "#/definitions/PolicyExemptionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Authorization/policyExemptions": { + "get": { + "tags": [ + "PolicyExemptions" + ], + "operationId": "PolicyExemptions_ListForResourceGroup", + "summary": "Retrieves all policy exemptions that apply to a resource group.", + "description": "This operation retrieves the list of all policy exemptions associated with the given resource group in the given subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()', 'excludeExpired()' or 'policyAssignmentId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy exemptions associated with the resource group, including those that apply directly or apply from containing scopes, as well as any applied to resources contained within the resource group.", + "x-ms-examples": { + "List policy exemptions that apply to a resource group": { + "$ref": "./examples/listPolicyExemptionsForResourceGroup.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "#/parameters/PolicyExemptionFilterParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy exemptions.", + "schema": { + "$ref": "#/definitions/PolicyExemptionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePath}/{resourceType}/{resourceName}/providers/Microsoft.Authorization/policyExemptions": { + "get": { + "tags": [ + "PolicyExemptions" + ], + "operationId": "PolicyExemptions_ListForResource", + "summary": "Retrieves all policy exemptions that apply to a resource.", + "description": "This operation retrieves the list of all policy exemptions associated with the specified resource in the given resource group and subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()', 'excludeExpired()' or 'policyAssignmentId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy exemptions associated with the resource, including those that apply directly or from all containing scopes, as well as any applied to resources contained within the resource. Three parameters plus the resource name are used to identify a specific resource. If the resource is not part of a parent resource (the more common case), the parent resource path should not be provided (or provided as ''). For example a web app could be specified as ({resourceProviderNamespace} == 'Microsoft.Web', {parentResourcePath} == '', {resourceType} == 'sites', {resourceName} == 'MyWebApp'). If the resource is part of a parent resource, then all parameters should be provided. For example a virtual machine DNS name could be specified as ({resourceProviderNamespace} == 'Microsoft.Compute', {parentResourcePath} == 'virtualMachines/MyVirtualMachine', {resourceType} == 'domainNames', {resourceName} == 'MyComputerName'). A convenient alternative to providing the namespace and type name separately is to provide both in the {resourceType} parameter, format: ({resourceProviderNamespace} == '', {parentResourcePath} == '', {resourceType} == 'Microsoft.Web/sites', {resourceName} == 'MyWebApp').", + "x-ms-examples": { + "List all policy exemptions that apply to a resource": { + "$ref": "./examples/listPolicyExemptionsForResource.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/ResourceGroupNameParameter" + }, + { + "name": "resourceProviderNamespace", + "in": "path", + "required": true, + "type": "string", + "description": "The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines)" + }, + { + "name": "parentResourcePath", + "in": "path", + "required": true, + "type": "string", + "description": "The parent resource path. Use empty string if there is none.", + "x-ms-skip-url-encoding": true + }, + { + "name": "resourceType", + "in": "path", + "required": true, + "type": "string", + "description": "The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites).", + "x-ms-skip-url-encoding": true + }, + { + "name": "resourceName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the resource." + }, + { + "$ref": "#/parameters/PolicyExemptionFilterParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy exemptions.", + "schema": { + "$ref": "#/definitions/PolicyExemptionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policyExemptions": { + "get": { + "tags": [ + "PolicyExemptions" + ], + "operationId": "PolicyExemptions_ListForManagementGroup", + "summary": "Retrieves all policy exemptions that apply to a management group.", + "description": "This operation retrieves the list of all policy exemptions applicable to the management group that match the given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()', 'excludeExpired()' or 'policyAssignmentId eq '{value}''. If $filter=atScope() is provided, the returned list includes all policy exemptions that are assigned to the management group or the management group's ancestors.", + "x-ms-examples": { + "List policy exemptions that apply to a management group": { + "$ref": "./examples/listPolicyExemptionsForManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/ManagementGroupIdParameter" + }, + { + "$ref": "#/parameters/PolicyExemptionFilterParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy exemptions.", + "schema": { + "$ref": "#/definitions/PolicyExemptionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + } + }, + "definitions": { + "CloudError": { + "x-ms-external": true, + "properties": { + "error": { + "$ref": "../../../../../common-types/resource-management/v1/types.json#/definitions/ErrorResponse" + } + }, + "description": "An error response from a policy operation." + }, + "PolicyExemptionProperties": { + "required": [ + "policyAssignmentId", + "exemptionCategory" + ], + "properties": { + "policyAssignmentId": { + "type": "string", + "description": "The ID of the policy assignment that is being exempted." + }, + "policyDefinitionReferenceIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition." + }, + "exemptionCategory": { + "type": "string", + "description": "The policy exemption category. Possible values are Waiver and Mitigated.", + "enum": [ + "Waiver", + "Mitigated" + ], + "x-ms-enum": { + "name": "exemptionCategory", + "modelAsString": true, + "values": [ + { + "value": "Waiver", + "description": "This category of exemptions usually means the scope is not applicable for the policy." + }, + { + "value": "Mitigated", + "description": "This category of exemptions usually means the mitigation actions have been applied to the scope." + } + ] + } + }, + "expiresOn": { + "type": "string", + "format": "date-time", + "description": "The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption." + }, + "displayName": { + "type": "string", + "description": "The display name of the policy exemption." + }, + "description": { + "type": "string", + "description": "The description of the policy exemption." + }, + "metadata": { + "type": "object", + "description": "The policy exemption metadata. Metadata is an open ended object and is typically a collection of key value pairs." + } + }, + "description": "The policy exemption properties." + }, + "PolicyExemption": { + "required": [ + "properties" + ], + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/PolicyExemptionProperties", + "description": "Properties for the policy exemption." + }, + "systemData": { + "readOnly": true, + "type": "object", + "description": "Azure Resource Manager metadata containing createdBy and modifiedBy information.", + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/systemData" + }, + "id": { + "readOnly": true, + "type": "string", + "description": "The ID of the policy exemption." + }, + "name": { + "readOnly": true, + "type": "string", + "description": "The name of the policy exemption." + }, + "type": { + "readOnly": true, + "type": "string", + "description": "The type of the resource (Microsoft.Authorization/policyExemptions)." + } + }, + "description": "The policy exemption.", + "x-ms-azure-resource": true + }, + "PolicyExemptionListResult": { + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/PolicyExemption" + }, + "description": "An array of policy exemptions." + }, + "nextLink": { + "readOnly": true, + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "description": "List of policy exemptions." + } + }, + "parameters": { + "PolicyExemptionNameParameter": { + "name": "policyExemptionName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the policy exemption to delete.", + "x-ms-parameter-location": "method" + }, + "ScopeParameter": { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the policy exemption. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'", + "x-ms-parameter-location": "method", + "x-ms-skip-url-encoding": true + }, + "SubscriptionIdParameter": { + "name": "subscriptionId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the target subscription." + }, + "ResourceGroupNameParameter": { + "name": "resourceGroupName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the resource group containing the resource.", + "pattern": "^[-\\w\\._\\(\\)]+$", + "minLength": 1, + "maxLength": 90, + "x-ms-parameter-location": "method" + }, + "ManagementGroupIdParameter": { + "name": "managementGroupId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the management group.", + "x-ms-parameter-location": "method" + }, + "ApiVersionParameter": { + "name": "api-version", + "in": "query", + "required": true, + "type": "string", + "description": "The API version to use for the operation.", + "x-ms-parameter-location": "client" + }, + "PolicyExemptionFilterParameter": { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atScope()', 'atExactScope()', 'excludeExpired()' or 'policyAssignmentId eq '{value}''. If $filter is not provided, no filtering is performed. If $filter is not provided, the unfiltered list includes all policy exemptions associated with the scope, including those that apply directly or apply from containing scopes. If $filter=atScope() is provided, the returned list only includes all policy exemptions that apply to the scope, which is everything in the unfiltered list except those applied to sub scopes contained within the given scope. If $filter=atExactScope() is provided, the returned list only includes all policy exemptions that at the given scope. If $filter=excludeExpired() is provided, the returned list only includes all policy exemptions that either haven't expired or didn't set expiration date. If $filter=policyAssignmentId eq '{value}' is provided. the returned list only includes all policy exemptions that are associated with the give policyAssignmentId.", + "x-ms-skip-url-encoding": true, + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignment.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignment.json new file mode 100644 index 000000000000..36e9c79044fd --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignment.json @@ -0,0 +1,64 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2021-06-01", + "parameters": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "nonComplianceMessages": [ + { + "message": "Resource names must start with 'DeptA' and end with '-LC'." + } + ] + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "nonComplianceMessages": [ + { + "message": "Resource names must start with 'DeptA' and end with '-LC'." + } + ] + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentById.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentById.json new file mode 100644 index 000000000000..120d28bf5e83 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentById.json @@ -0,0 +1,53 @@ +{ + "parameters": { + "policyAssignmentId": "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "api-version": "2021-06-01", + "parameters": { + "properties": { + "displayName": "Enforce storage account SKU", + "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", + "metadata": { + "assignedBy": "Cheapskate Boss" + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "enforcementMode": "Default" + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce storage account SKU", + "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", + "metadata": { + "assignedBy": "Cheapskate Boss" + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "notScopes": [], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "enforcementMode": "Default" + }, + "id": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "type": "Microsoft.Authorization/policyAssignments", + "name": "LowCostStorage" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentNonComplianceMessages.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentNonComplianceMessages.json new file mode 100644 index 000000000000..02ba33cf328d --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentNonComplianceMessages.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "securityInitAssignment", + "api-version": "2021-06-01", + "parameters": { + "properties": { + "displayName": "Enforce security policies", + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative", + "nonComplianceMessages": [ + { + "message": "Resources must comply with all internal security policies. See for more info." + }, + { + "message": "Resource names must start with 'DeptA' and end with '-LC'.", + "policyDefinitionReferenceId": "10420126870854049575" + }, + { + "message": "Storage accounts must have firewall rules configured.", + "policyDefinitionReferenceId": "8572513655450389710" + } + ] + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce security policies", + "metadata": { + "assignedBy": "User 1" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative", + "notScopes": [], + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "nonComplianceMessages": [ + { + "message": "Resources must comply with all internal security policies. See for more info." + }, + { + "message": "Resource names must start with 'DeptA' and end with '-LC'.", + "policyDefinitionReferenceId": "10420126870854049575" + }, + { + "message": "Storage accounts must have firewall rules configured.", + "policyDefinitionReferenceId": "8572513655450389710" + } + ] + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/securityInitAssignment", + "type": "Microsoft.Authorization/policyAssignments", + "name": "securityInitAssignment" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithIdentity.json new file mode 100644 index 000000000000..4339fa8dff3f --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithIdentity.json @@ -0,0 +1,65 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2021-06-01", + "parameters": { + "location": "eastus", + "identity": { + "type": "SystemAssigned" + }, + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Foo Bar" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default" + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "eastus", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithIdentityById.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithIdentityById.json new file mode 100644 index 000000000000..c71134471afe --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithIdentityById.json @@ -0,0 +1,63 @@ +{ + "parameters": { + "policyAssignmentId": "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "api-version": "2021-06-01", + "parameters": { + "identity": { + "type": "SystemAssigned" + }, + "location": "eastus", + "properties": { + "displayName": "Enforce storage account SKU", + "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", + "metadata": { + "assignedBy": "Cheapskate Boss" + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "enforcementMode": "Default" + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce storage account SKU", + "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", + "metadata": { + "assignedBy": "Cheapskate Boss" + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "notScopes": [], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "enforcementMode": "Default" + }, + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "eastus", + "id": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "type": "Microsoft.Authorization/policyAssignments", + "name": "LowCostStorage" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithUserAssignedIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithUserAssignedIdentity.json new file mode 100644 index 000000000000..e1c18b5b3af6 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithUserAssignedIdentity.json @@ -0,0 +1,72 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2021-06-01", + "parameters": { + "location": "eastus", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": {} + } + }, + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Foo Bar" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default" + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": { + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "clientId": "4bee2b8a-1bee-47c2-90e9-404241551135" + } + } + }, + "location": "eastus", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithoutEnforcement.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithoutEnforcement.json new file mode 100644 index 000000000000..1d820cbdc632 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithoutEnforcement.json @@ -0,0 +1,55 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2021-06-01", + "parameters": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "DoNotEnforce" + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "DoNotEnforce", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/deletePolicyAssignment.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/deletePolicyAssignment.json new file mode 100644 index 000000000000..1c1e28c991b9 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/deletePolicyAssignment.json @@ -0,0 +1,38 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2021-06-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + }, + "204": { + "headers": {} + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/deletePolicyAssignmentById.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/deletePolicyAssignmentById.json new file mode 100644 index 000000000000..0f0730c5daf7 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/deletePolicyAssignmentById.json @@ -0,0 +1,36 @@ +{ + "parameters": { + "policyAssignmentId": "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "api-version": "2021-06-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce storage account SKU", + "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", + "metadata": { + "assignedBy": "Cheapskate Boss" + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "notScopes": [], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + "id": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "type": "Microsoft.Authorization/policyAssignments", + "name": "LowCostStorage" + } + }, + "204": { + "headers": {} + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignment.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignment.json new file mode 100644 index 000000000000..849a328e7285 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignment.json @@ -0,0 +1,36 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2021-06-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentById.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentById.json new file mode 100644 index 000000000000..a7fa47acf4b0 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentById.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "policyAssignmentId": "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "api-version": "2021-06-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce storage account SKU", + "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", + "metadata": { + "assignedBy": "Cheapskate Boss" + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "notScopes": [], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "enforcementMode": "Default" + }, + "id": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "type": "Microsoft.Authorization/policyAssignments", + "name": "LowCostStorage" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithIdentity.json new file mode 100644 index 000000000000..12c54bbbd3d8 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithIdentity.json @@ -0,0 +1,42 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2021-06-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "westus", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithIdentityById.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithIdentityById.json new file mode 100644 index 000000000000..e5169e563716 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithIdentityById.json @@ -0,0 +1,40 @@ +{ + "parameters": { + "policyAssignmentId": "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "api-version": "2021-06-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce storage account SKU", + "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", + "metadata": { + "assignedBy": "Cheapskate Boss" + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "notScopes": [], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "enforcementMode": "Default" + }, + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "westus", + "id": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "type": "Microsoft.Authorization/policyAssignments", + "name": "LowCostStorage" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithUserAssignedIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithUserAssignedIdentity.json new file mode 100644 index 000000000000..828890b6a36a --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithUserAssignedIdentity.json @@ -0,0 +1,46 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2021-06-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": { + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "clientId": "4bee2b8a-1bee-47c2-90e9-404241551135" + } + } + }, + "location": "westus", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/listPolicyAssignments.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/listPolicyAssignments.json new file mode 100644 index 000000000000..ced0d65640da --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/listPolicyAssignments.json @@ -0,0 +1,54 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2021-06-01", + "$filter": "atScope()" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "CostManagement", + "location": "eastus", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "properties": { + "displayName": "Storage Cost Management", + "description": "Minimize the risk of accidental cost overruns", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/storageSkus", + "parameters": { + "allowedSkus": { + "value": "Standard_A1" + } + }, + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "notScopes": [] + } + }, + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/TagEnforcement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TagEnforcement", + "properties": { + "displayName": "Enforces a tag key and value", + "description": "Ensure a given tag key and value are present on all resources", + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "notScopes": [] + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/listPolicyAssignmentsForManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/listPolicyAssignmentsForManagementGroup.json new file mode 100644 index 000000000000..5ea56e66b29a --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/listPolicyAssignmentsForManagementGroup.json @@ -0,0 +1,54 @@ +{ + "parameters": { + "managementGroupId": "TestManagementGroup", + "api-version": "2021-06-01", + "$filter": "atScope()" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/providers/Microsoft.Management/managementGroups/TestManagementGroup/providers/Microsoft.Authorization/policyAssignments/TestCostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TestCostManagement", + "location": "eastus", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "properties": { + "displayName": "Storage Cost Management", + "description": "Minimize the risk of accidental cost overruns", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/TestManagementGroup/providers/Microsoft.Authorization/policyDefinitions/storageSkus", + "parameters": { + "allowedSkus": { + "value": "Standard_A1" + } + }, + "scope": "/providers/Microsoft.Management/managementGroups/TestManagementGroup", + "notScopes": [] + } + }, + { + "id": "/providers/Microsoft.Management/managementGroups/TestManagementGroup/providers/Microsoft.Authorization/policyAssignments/TestTagEnforcement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TestTagEnforcement", + "properties": { + "displayName": "Enforces a tag key and value", + "description": "Ensure a given tag key and value are present on all resources", + "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/TestManagementGroup/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue", + "scope": "/providers/Microsoft.Management/managementGroups/TestManagementGroup", + "notScopes": [] + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/listPolicyAssignmentsForResource.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/listPolicyAssignmentsForResource.json new file mode 100644 index 000000000000..25ba40d814e0 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/listPolicyAssignmentsForResource.json @@ -0,0 +1,58 @@ +{ + "parameters": { + "resourceGroupName": "TestResourceGroup", + "resourceProviderNamespace": "Microsoft.Compute", + "parentResourcePath": "virtualMachines/MyTestVm", + "resourceType": "domainNames", + "resourceName": "MyTestComputer.cloudapp.net", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2021-06-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestCostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TestCostManagement", + "location": "eastus", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "properties": { + "displayName": "VM Cost Management", + "description": "Minimize the risk of accidental cost overruns", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/vmSkus", + "parameters": { + "allowedSkus": { + "value": "Standard_A1" + } + }, + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup", + "notScopes": [] + } + }, + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestTagEnforcement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TestTagEnforcement", + "properties": { + "displayName": "Enforces a tag key and value", + "description": "Ensure a given tag key and value are present on all resources", + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup", + "notScopes": [] + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/listPolicyAssignmentsForResourceGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/listPolicyAssignmentsForResourceGroup.json new file mode 100644 index 000000000000..3f4ec2bb8fa4 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/listPolicyAssignmentsForResourceGroup.json @@ -0,0 +1,55 @@ +{ + "parameters": { + "resourceGroupName": "TestResourceGroup", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2021-06-01", + "$filter": "atScope()" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestCostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TestCostManagement", + "location": "eastus", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "properties": { + "displayName": "Storage Cost Management", + "description": "Minimize the risk of accidental cost overruns", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/storageSkus", + "parameters": { + "allowedSkus": { + "value": "Standard_A1" + } + }, + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup", + "notScopes": [] + } + }, + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestTagEnforcement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TestTagEnforcement", + "properties": { + "displayName": "Enforces a tag key and value", + "description": "Ensure a given tag key and value are present on all resources", + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup", + "notScopes": [] + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithIdentity.json new file mode 100644 index 000000000000..a3c1208e8541 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithIdentity.json @@ -0,0 +1,48 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2021-06-01", + "parameters": { + "location": "eastus", + "identity": { + "type": "SystemAssigned" + } + } + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "eastus", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithIdentityById.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithIdentityById.json new file mode 100644 index 000000000000..1272273109f1 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithIdentityById.json @@ -0,0 +1,46 @@ +{ + "parameters": { + "policyAssignmentId": "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "api-version": "2021-06-01", + "parameters": { + "identity": { + "type": "SystemAssigned" + }, + "location": "eastus" + } + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce storage account SKU", + "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", + "metadata": { + "assignedBy": "Cheapskate Boss" + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "notScopes": [], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "enforcementMode": "Default" + }, + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "eastus", + "id": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "type": "Microsoft.Authorization/policyAssignments", + "name": "LowCostStorage" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithUserAssignedIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithUserAssignedIdentity.json new file mode 100644 index 000000000000..5e510aec2244 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithUserAssignedIdentity.json @@ -0,0 +1,55 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2021-06-01", + "parameters": { + "location": "eastus", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": {} + } + } + } + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": { + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "clientId": "4bee2b8a-1bee-47c2-90e9-404241551135" + } + } + }, + "location": "eastus", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/policyAssignments.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/policyAssignments.json new file mode 100644 index 000000000000..52286009c752 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/policyAssignments.json @@ -0,0 +1,984 @@ +{ + "swagger": "2.0", + "info": { + "title": "PolicyClient", + "version": "2021-06-01", + "description": "To manage and control access to your resources, you can define customized policies and assign them at a scope." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}": { + "delete": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_Delete", + "summary": "Deletes a policy assignment.", + "description": "This operation deletes a policy assignment, given its name and the scope it was created in. The scope of a policy assignment is the part of its ID preceding '/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.", + "x-ms-examples": { + "Delete a policy assignment": { + "$ref": "./examples/deletePolicyAssignment.json" + } + }, + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'", + "x-ms-skip-url-encoding": true + }, + { + "name": "policyAssignmentName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the policy assignment to delete." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the deleted assignment.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "204": { + "description": "No Content - the policy assignment doesn't exist." + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "put": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_Create", + "summary": "Creates or updates a policy assignment.", + "description": " This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.", + "x-ms-examples": { + "Create or update a policy assignment": { + "$ref": "./examples/createPolicyAssignment.json" + }, + "Create or update a policy assignment with multiple non-compliance messages": { + "$ref": "./examples/createPolicyAssignmentNonComplianceMessages.json" + }, + "Create or update a policy assignment with a system assigned identity": { + "$ref": "./examples/createPolicyAssignmentWithIdentity.json" + }, + "Create or update a policy assignment with a user assigned identity": { + "$ref": "./examples/createPolicyAssignmentWithUserAssignedIdentity.json" + }, + "Create or update a policy assignment without enforcing policy effect during resource creation or update.": { + "$ref": "./examples/createPolicyAssignmentWithoutEnforcement.json" + } + }, + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'", + "x-ms-skip-url-encoding": true + }, + { + "name": "policyAssignmentName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the policy assignment." + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyAssignment" + }, + "description": "Parameters for the policy assignment." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "201": { + "description": "Created - Returns information about the new policy assignment.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "get": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_Get", + "summary": "Retrieves a policy assignment.", + "description": "This operation retrieves a single policy assignment, given its name and the scope it was created at.", + "x-ms-examples": { + "Retrieve a policy assignment": { + "$ref": "./examples/getPolicyAssignment.json" + }, + "Retrieve a policy assignment with a system assigned identity": { + "$ref": "./examples/getPolicyAssignmentWithIdentity.json" + }, + "Retrieve a policy assignment with a user assigned identity": { + "$ref": "./examples/getPolicyAssignmentWithUserAssignedIdentity.json" + } + }, + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'", + "x-ms-skip-url-encoding": true + }, + { + "name": "policyAssignmentName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the policy assignment to get." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy assignment.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "patch": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_Update", + "summary": "Updates a policy assignment.", + "description": " This operation updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.", + "x-ms-examples": { + "Update a policy assignment with a system assigned identity": { + "$ref": "./examples/updatePolicyAssignmentWithIdentity.json" + }, + "Update a policy assignment with a user assigned identity": { + "$ref": "./examples/updatePolicyAssignmentWithUserAssignedIdentity.json" + } + }, + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'", + "x-ms-skip-url-encoding": true + }, + { + "name": "policyAssignmentName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the policy assignment." + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyAssignmentUpdate" + }, + "description": "Parameters for policy assignment patch request." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy assignment.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Authorization/policyAssignments": { + "get": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_ListForResourceGroup", + "summary": "Retrieves all policy assignments that apply to a resource group.", + "description": "This operation retrieves the list of all policy assignments associated with the given resource group in the given subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy assignments associated with the resource group, including those that apply directly or apply from containing scopes, as well as any applied to resources contained within the resource group. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the resource group, which is everything in the unfiltered list except those applied to resources contained within the resource group. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the resource group. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value} that apply to the resource group.", + "x-ms-examples": { + "List policy assignments that apply to a resource group": { + "$ref": "./examples/listPolicyAssignmentsForResourceGroup.json" + } + }, + "parameters": [ + { + "name": "resourceGroupName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the resource group that contains policy assignments.", + "pattern": "^[-\\w\\._\\(\\)]+$", + "minLength": 1, + "maxLength": 90 + }, + { + "$ref": "#/parameters/PolicyAssignmentsFilterParameter" + }, + { + "$ref": "#/parameters/TopParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy assignments.", + "schema": { + "$ref": "#/definitions/PolicyAssignmentListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePath}/{resourceType}/{resourceName}/providers/Microsoft.Authorization/policyAssignments": { + "get": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_ListForResource", + "summary": "Retrieves all policy assignments that apply to a resource.", + "description": "This operation retrieves the list of all policy assignments associated with the specified resource in the given resource group and subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy assignments associated with the resource, including those that apply directly or from all containing scopes, as well as any applied to resources contained within the resource. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the resource, which is everything in the unfiltered list except those applied to resources contained within the resource. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the resource level. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value} that apply to the resource. Three parameters plus the resource name are used to identify a specific resource. If the resource is not part of a parent resource (the more common case), the parent resource path should not be provided (or provided as ''). For example a web app could be specified as ({resourceProviderNamespace} == 'Microsoft.Web', {parentResourcePath} == '', {resourceType} == 'sites', {resourceName} == 'MyWebApp'). If the resource is part of a parent resource, then all parameters should be provided. For example a virtual machine DNS name could be specified as ({resourceProviderNamespace} == 'Microsoft.Compute', {parentResourcePath} == 'virtualMachines/MyVirtualMachine', {resourceType} == 'domainNames', {resourceName} == 'MyComputerName'). A convenient alternative to providing the namespace and type name separately is to provide both in the {resourceType} parameter, format: ({resourceProviderNamespace} == '', {parentResourcePath} == '', {resourceType} == 'Microsoft.Web/sites', {resourceName} == 'MyWebApp').", + "deprecated": false, + "x-ms-examples": { + "List all policy assignments that apply to a resource": { + "$ref": "./examples/listPolicyAssignmentsForResource.json" + } + }, + "parameters": [ + { + "name": "resourceGroupName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the resource group containing the resource.", + "pattern": "^[-\\w\\._\\(\\)]+$", + "minLength": 1, + "maxLength": 90 + }, + { + "name": "resourceProviderNamespace", + "in": "path", + "required": true, + "type": "string", + "description": "The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines)" + }, + { + "name": "parentResourcePath", + "in": "path", + "required": true, + "type": "string", + "description": "The parent resource path. Use empty string if there is none.", + "x-ms-skip-url-encoding": true + }, + { + "name": "resourceType", + "in": "path", + "required": true, + "type": "string", + "description": "The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites).", + "x-ms-skip-url-encoding": true + }, + { + "name": "resourceName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the resource." + }, + { + "$ref": "#/parameters/PolicyAssignmentsFilterParameter" + }, + { + "$ref": "#/parameters/TopParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy assignments.", + "schema": { + "$ref": "#/definitions/PolicyAssignmentListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "#/definitions/PolicyAssignment" + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policyAssignments": { + "get": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_ListForManagementGroup", + "summary": "Retrieves all policy assignments that apply to a management group.", + "description": "This operation retrieves the list of all policy assignments applicable to the management group that match the given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter=atScope() is provided, the returned list includes all policy assignments that are assigned to the management group or the management group's ancestors. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the management group. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value} that apply to the management group.", + "x-ms-examples": { + "List policy assignments that apply to a management group": { + "$ref": "./examples/listPolicyAssignmentsForManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/ManagementGroupIdParameter" + }, + { + "$ref": "#/parameters/PolicyAssignmentsFilterParameter" + }, + { + "$ref": "#/parameters/TopParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy assignments.", + "schema": { + "$ref": "#/definitions/PolicyAssignmentListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyAssignments": { + "get": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_List", + "summary": "Retrieves all policy assignments that apply to a subscription.", + "description": "This operation retrieves the list of all policy assignments associated with the given subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy assignments associated with the subscription, including those that apply directly or from management groups that contain the given subscription, as well as any applied to objects contained within the subscription. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the subscription, which is everything in the unfiltered list except those applied to objects contained within the subscription. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the subscription. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value}.", + "x-ms-examples": { + "List policy assignments that apply to a subscription": { + "$ref": "./examples/listPolicyAssignments.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/PolicyAssignmentsFilterParameter" + }, + { + "$ref": "#/parameters/TopParameter" + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy assignments.", + "schema": { + "$ref": "#/definitions/PolicyAssignmentListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "#/definitions/PolicyAssignment" + } + }, + "/{policyAssignmentId}": { + "delete": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_DeleteById", + "summary": "Deletes a policy assignment.", + "description": "This operation deletes the policy with the given ID. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid formats for {scope} are: '/providers/Microsoft.Management/managementGroups/{managementGroup}' (management group), '/subscriptions/{subscriptionId}' (subscription), '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}' (resource group), or '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' (resource).", + "x-ms-examples": { + "Delete a policy assignment by ID": { + "$ref": "./examples/deletePolicyAssignmentById.json" + } + }, + "parameters": [ + { + "name": "policyAssignmentId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.", + "x-ms-skip-url-encoding": true + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy assignment.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "204": { + "description": "No Content - the policy assignment doesn't exist." + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "put": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_CreateById", + "summary": "Creates or updates a policy assignment.", + "description": "This operation creates or updates the policy assignment with the given ID. Policy assignments made on a scope apply to all resources contained in that scope. For example, when you assign a policy to a resource group that policy applies to all resources in the group. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'.", + "x-ms-examples": { + "Create or update policy assignment by ID": { + "$ref": "./examples/createPolicyAssignmentById.json" + }, + "Create or update policy assignment with a managed identity by ID": { + "$ref": "./examples/createPolicyAssignmentWithIdentityById.json" + } + }, + "parameters": [ + { + "name": "policyAssignmentId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the policy assignment to create. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.", + "x-ms-skip-url-encoding": true + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyAssignment" + }, + "description": "Parameters for policy assignment." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "201": { + "description": "Created - Returns information about the policy assignment.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "get": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_GetById", + "summary": "Retrieves the policy assignment with the given ID.", + "description": "The operation retrieves the policy assignment with the given ID. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'.", + "x-ms-examples": { + "Retrieve a policy assignment by ID": { + "$ref": "./examples/getPolicyAssignmentById.json" + }, + "Retrieve a policy assignment with a managed identity by ID": { + "$ref": "./examples/getPolicyAssignmentWithIdentityById.json" + } + }, + "parameters": [ + { + "name": "policyAssignmentId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the policy assignment to get. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.", + "x-ms-skip-url-encoding": true + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy assignment.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "patch": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_UpdateById", + "summary": "Updates a policy assignment.", + "description": "This operation updates the policy assignment with the given ID. Policy assignments made on a scope apply to all resources contained in that scope. For example, when you assign a policy to a resource group that policy applies to all resources in the group. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'.", + "x-ms-examples": { + "Update policy assignment with a managed identity by ID": { + "$ref": "./examples/updatePolicyAssignmentWithIdentityById.json" + } + }, + "parameters": [ + { + "name": "policyAssignmentId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the policy assignment to update. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.", + "x-ms-skip-url-encoding": true + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyAssignmentUpdate" + }, + "description": "Parameters for policy assignment patch request." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy assignment.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "CloudError": { + "x-ms-external": true, + "properties": { + "error": { + "$ref": "../../../../../common-types/resource-management/v1/types.json#/definitions/ErrorResponse" + } + }, + "description": "An error response from a policy operation." + }, + "PolicyAssignmentProperties": { + "properties": { + "displayName": { + "type": "string", + "description": "The display name of the policy assignment." + }, + "policyDefinitionId": { + "type": "string", + "description": "The ID of the policy definition or policy set definition being assigned." + }, + "scope": { + "type": "string", + "description": "The scope for the policy assignment.", + "readOnly": true + }, + "notScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The policy's excluded scopes." + }, + "parameters": { + "description": "The parameter values for the assigned policy rule. The keys are the parameter names.", + "$ref": "#/definitions/ParameterValues" + }, + "description": { + "type": "string", + "description": "This message will be part of response in case of policy violation." + }, + "metadata": { + "type": "object", + "description": "The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs." + }, + "enforcementMode": { + "type": "string", + "description": "The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.", + "enum": [ + "Default", + "DoNotEnforce" + ], + "x-ms-enum": { + "name": "enforcementMode", + "modelAsString": true, + "values": [ + { + "value": "Default", + "description": "The policy effect is enforced during resource creation or update." + }, + { + "value": "DoNotEnforce", + "description": "The policy effect is not enforced during resource creation or update." + } + ] + }, + "default": "Default" + }, + "nonComplianceMessages": { + "type": "array", + "items": { + "$ref": "#/definitions/NonComplianceMessage" + }, + "x-ms-identifiers": [ + "message", + "policyDefinitionReferenceId" + ], + "description": "The messages that describe why a resource is non-compliant with the policy." + } + }, + "description": "The policy assignment properties." + }, + "NonComplianceMessage": { + "properties": { + "message": { + "type": "string", + "description": "A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results." + }, + "policyDefinitionReferenceId": { + "type": "string", + "description": "The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment." + } + }, + "required": [ + "message" + ], + "description": "A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results." + }, + "ParameterValues": { + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/ParameterValuesValue" + }, + "description": "The parameter values for the policy rule. The keys are the parameter names." + }, + "ParameterValuesValue": { + "properties": { + "value": { + "description": "The value of the parameter.", + "type": "object" + } + }, + "description": "The value of a parameter." + }, + "PolicyAssignment": { + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/PolicyAssignmentProperties", + "description": "Properties for the policy assignment." + }, + "id": { + "type": "string", + "description": "The ID of the policy assignment.", + "readOnly": true + }, + "type": { + "type": "string", + "description": "The type of the policy assignment.", + "readOnly": true + }, + "name": { + "type": "string", + "description": "The name of the policy assignment.", + "readOnly": true + }, + "location": { + "type": "string", + "description": "The location of the policy assignment. Only required when utilizing managed identity." + }, + "identity": { + "$ref": "#/definitions/Identity", + "description": "The managed identity associated with the policy assignment." + }, + "systemData": { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/systemData", + "readOnly": true, + "description": "The system metadata relating to this resource." + } + }, + "description": "The policy assignment.", + "x-ms-azure-resource": true + }, + "PolicyAssignmentListResult": { + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/PolicyAssignment" + }, + "description": "An array of policy assignments." + }, + "nextLink": { + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "description": "List of policy assignments." + }, + "Identity": { + "properties": { + "principalId": { + "readOnly": true, + "type": "string", + "description": "The principal ID of the resource identity. This property will only be provided for a system assigned identity" + }, + "tenantId": { + "readOnly": true, + "type": "string", + "description": "The tenant ID of the resource identity. This property will only be provided for a system assigned identity" + }, + "type": { + "type": "string", + "description": "The identity type. This is the only required field when adding a system or user assigned identity to a resource.", + "enum": [ + "SystemAssigned", + "UserAssigned", + "None" + ], + "x-ms-enum": { + "name": "ResourceIdentityType", + "modelAsString": false, + "values": [ + { + "value": "SystemAssigned", + "description": "Indicates that a system assigned identity is associated with the resource." + }, + { + "value": "UserAssigned", + "description": "Indicates that a system assigned identity is associated with the resource." + }, + { + "value": "None", + "description": "Indicates that no identity is associated with the resource or that the existing identity should be removed." + } + ] + } + }, + "userAssignedIdentities": { + "type": "object", + "additionalProperties": { + "type": "object", + "x-ms-client-name": "userAssignedIdentitiesValue", + "properties": { + "principalId": { + "readOnly": true, + "type": "string", + "description": "The principal id of user assigned identity." + }, + "clientId": { + "readOnly": true, + "type": "string", + "description": "The client id of user assigned identity." + } + } + }, + "description": "The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'." + } + }, + "description": "Identity for the resource. Policy assignments support a maximum of one identity. That is either a system assigned identity or a single user assigned identity." + }, + "PolicyAssignmentUpdate": { + "type": "object", + "properties": { + "location": { + "type": "string", + "description": "The location of the policy assignment. Only required when utilizing managed identity." + }, + "identity": { + "$ref": "#/definitions/Identity", + "description": "The managed identity associated with the policy assignment." + } + } + } + }, + "parameters": { + "SubscriptionIdParameter": { + "name": "subscriptionId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the target subscription." + }, + "ApiVersionParameter": { + "name": "api-version", + "in": "query", + "required": true, + "type": "string", + "description": "The API version to use for the operation." + }, + "ManagementGroupIdParameter": { + "name": "managementGroupId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the management group.", + "x-ms-parameter-location": "method" + }, + "PolicyAssignmentsFilterParameter": { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atScope() is provided, the returned list only includes all policy assignments that apply to the scope, which is everything in the unfiltered list except those applied to sub scopes contained within the given scope. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the given scope. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value}.", + "x-ms-skip-url-encoding": true, + "x-ms-parameter-location": "method" + }, + "TopParameter": { + "name": "$top", + "in": "query", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000, + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "x-ms-parameter-location": "method" + } + } +} From 8402f3850f87a29362539df6cf5277da8d2ca9af Mon Sep 17 00:00:00 2001 From: Robert Gao Date: Sat, 10 Sep 2022 00:03:53 -0700 Subject: [PATCH 2/8] Update assignments and exemptions api-version --- .../common/v1/types.json | 113 ++++++++++++++ ...ePolicyExemptionWithResourceSelectors.json | 65 +++++++++ .../createOrUpdatePolicyExemption.json | 2 +- ...ePolicyExemptionWithResourceSelectors.json | 115 +++++++++++++++ .../examples/deletePolicyExemption.json | 2 +- .../examples/getPolicyExemption.json | 2 +- ...tPolicyExemptionWithResourceSelectors.json | 49 +++++++ ...istPolicyExemptionsForManagementGroup.json | 2 +- .../listPolicyExemptionsForResource.json | 2 +- .../listPolicyExemptionsForResourceGroup.json | 2 +- .../listPolicyExemptionsForSubscription.json | 2 +- .../2022-07-01-preview/policyExemptions.json | 138 +++++++++++++++++- .../examples/createPolicyAssignment.json | 2 +- .../examples/createPolicyAssignmentById.json | 2 +- ...PolicyAssignmentNonComplianceMessages.json | 2 +- .../createPolicyAssignmentWithIdentity.json | 2 +- ...reatePolicyAssignmentWithIdentityById.json | 2 +- .../createPolicyAssignmentWithOverrides.json | 62 ++++++++ ...PolicyAssignmentWithResourceSelectors.json | 60 ++++++++ ...icyAssignmentWithUserAssignedIdentity.json | 2 +- ...atePolicyAssignmentWithoutEnforcement.json | 2 +- .../examples/deletePolicyAssignment.json | 2 +- .../examples/deletePolicyAssignmentById.json | 2 +- .../examples/getPolicyAssignment.json | 2 +- .../examples/getPolicyAssignmentById.json | 2 +- .../getPolicyAssignmentWithIdentity.json | 2 +- .../getPolicyAssignmentWithIdentityById.json | 2 +- .../getPolicyAssignmentWithOverrides.json | 40 +++++ ...PolicyAssignmentWithResourceSelectors.json | 39 +++++ ...icyAssignmentWithUserAssignedIdentity.json | 2 +- .../examples/listPolicyAssignments.json | 2 +- ...stPolicyAssignmentsForManagementGroup.json | 2 +- .../listPolicyAssignmentsForResource.json | 2 +- ...listPolicyAssignmentsForResourceGroup.json | 2 +- .../updatePolicyAssignmentWithIdentity.json | 2 +- ...pdatePolicyAssignmentWithIdentityById.json | 2 +- .../updatePolicyAssignmentWithOverrides.json | 56 +++++++ ...PolicyAssignmentWithResourceSelectors.json | 54 +++++++ ...icyAssignmentWithUserAssignedIdentity.json | 2 +- .../stable/2022-06-01/policyAssignments.json | 68 ++++++++- .../resources/resource-manager/readme.go.md | 11 ++ .../resources/resource-manager/readme.md | 26 +++- 42 files changed, 920 insertions(+), 32 deletions(-) create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/common/v1/types.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/UpdatePolicyExemptionWithResourceSelectors.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/createOrUpdatePolicyExemptionWithResourceSelectors.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/getPolicyExemptionWithResourceSelectors.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithOverrides.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithResourceSelectors.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithOverrides.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithResourceSelectors.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithOverrides.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithResourceSelectors.json diff --git a/specification/resources/resource-manager/Microsoft.Authorization/common/v1/types.json b/specification/resources/resource-manager/Microsoft.Authorization/common/v1/types.json new file mode 100644 index 000000000000..91e753906f4b --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/common/v1/types.json @@ -0,0 +1,113 @@ +{ + "swagger": "2.0", + "info": { + "title": "PolicyClient", + "version": "v1" + }, + "paths": {}, + "definitions": { + "Selector": { + "description": "The selector expression.", + "type": "object", + "properties": { + "kind": { + "type": "string", + "description": "The selector kind.", + "enum": [ + "resourceLocation", + "resourceType", + "resourceWithoutLocation", + "policyDefinitionReferenceId" + ], + "x-ms-enum": { + "name": "kind", + "modelAsString": true, + "values": [ + { + "value": "resourceLocation", + "description": "The selector kind to filter policies by the resource location." + }, + { + "value": "resourceType", + "description": "The selector kind to filter policies by the resource type." + }, + { + "value": "resourceWithoutLocation", + "description": "The selector kind to filter policies by the resource without location." + }, + { + "value": "policyDefinitionReferenceId", + "description": "The selector kind to filter policies by the policy definition reference ID." + } + ] + } + }, + "in": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of values to filter in." + }, + "notIn": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of values to filter out." + } + } + }, + "ResourceSelector": { + "description": "The resource selector to filter policies by resource properties.", + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the resource selector." + }, + "selectors": { + "type": "array", + "items": { + "$ref": "#/definitions/Selector" + }, + "description": "The list of the selector expressions." + } + } + }, + "Override": { + "description": "The policy property value override.", + "type": "object", + "properties": { + "kind": { + "type": "string", + "description": "The override kind.", + "enum": [ + "policyEffect" + ], + "x-ms-enum": { + "name": "kind", + "modelAsString": true, + "values": [ + { + "value": "policyEffect", + "description": "It will override the policy effect type." + } + ] + } + }, + "value": { + "type": "string", + "description": "The value to override the policy property." + }, + "selectors": { + "type": "array", + "items": { + "$ref": "#/definitions/Selector" + }, + "description": "The list of the selector expressions." + } + } + } + } +} \ No newline at end of file diff --git a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/UpdatePolicyExemptionWithResourceSelectors.json b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/UpdatePolicyExemptionWithResourceSelectors.json new file mode 100644 index 000000000000..4a6be623297d --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/UpdatePolicyExemptionWithResourceSelectors.json @@ -0,0 +1,65 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster", + "policyExemptionName": "DemoExpensiveVM", + "api-version": "2022-07-01-preview", + "parameters": { + "properties": { + "assignmentScopeValidation": "Default", + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "kind": "resourceLocation", + "in": [ "eastus2euap", "centraluseuap" ] + } + ] + } + ] + } + } + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "policyAssignmentId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "policyDefinitionReferenceIds": [ + "Limit_Skus" + ], + "exemptionCategory": "Waiver", + "displayName": "Exempt demo cluster", + "description": "Exempt demo cluster from limit sku", + "metadata": { + "reason": "Temporary exemption for a expensive VM demo" + }, + "assignmentScopeValidation": "Default", + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "kind": "resourceLocation", + "in": [ "eastus2euap", "centraluseuap" ] + } + ] + } + ] + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-07-01T01:01:01.1075056Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-07-01T02:01:01.1075056Z" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster/providers/Microsoft.Authorization/policyExemptions/DemoExpensiveVM", + "type": "Microsoft.Authorization/policyExemptions", + "name": "DemoExpensiveVM" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/createOrUpdatePolicyExemption.json b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/createOrUpdatePolicyExemption.json index 5f300513bd45..ea6d00b8d03f 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/createOrUpdatePolicyExemption.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/createOrUpdatePolicyExemption.json @@ -2,7 +2,7 @@ "parameters": { "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster", "policyExemptionName": "DemoExpensiveVM", - "api-version": "2020-07-01-preview", + "api-version": "2022-07-01-preview", "parameters": { "properties": { "policyAssignmentId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", diff --git a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/createOrUpdatePolicyExemptionWithResourceSelectors.json b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/createOrUpdatePolicyExemptionWithResourceSelectors.json new file mode 100644 index 000000000000..2755b8eb231c --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/createOrUpdatePolicyExemptionWithResourceSelectors.json @@ -0,0 +1,115 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster", + "policyExemptionName": "DemoExpensiveVM", + "api-version": "2022-07-01-preview", + "parameters": { + "properties": { + "policyAssignmentId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "policyDefinitionReferenceIds": [ + "Limit_Skus" + ], + "exemptionCategory": "Waiver", + "displayName": "Exempt demo cluster", + "description": "Exempt demo cluster from limit sku", + "metadata": { + "reason": "Temporary exemption for a expensive VM demo" + }, + "assignmentScopeValidation": "Default", + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "kind": "resourceLocation", + "in": [ "eastus2euap", "centraluseuap" ] + } + ] + } + ] + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "policyAssignmentId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "policyDefinitionReferenceIds": [ + "Limit_Skus" + ], + "exemptionCategory": "Waiver", + "displayName": "Exempt demo cluster", + "description": "Exempt demo cluster from limit sku", + "metadata": { + "reason": "Temporary exemption for a expensive VM demo" + }, + "assignmentScopeValidation": "Default", + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "kind": "resourceLocation", + "in": [ "eastus2euap", "centraluseuap" ] + } + ] + } + ] + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-07-01T01:01:01.1075056Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-07-01T01:01:01.1075056Z" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster/providers/Microsoft.Authorization/policyExemptions/DemoExpensiveVM", + "type": "Microsoft.Authorization/policyExemptions", + "name": "DemoExpensiveVM" + } + }, + "200": { + "headers": {}, + "body": { + "properties": { + "policyAssignmentId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "policyDefinitionReferenceIds": [ + "Limit_Skus" + ], + "exemptionCategory": "Waiver", + "displayName": "Exempt demo cluster", + "description": "Exempt demo cluster from limit sku", + "metadata": { + "reason": "Temporary exemption for a expensive VM demo" + }, + "assignmentScopeValidation": "Default", + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "kind": "resourceLocation", + "in": [ "eastus2euap", "centraluseuap" ] + } + ] + } + ] + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-07-01T01:01:01.1075056Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-07-01T02:01:01.1075056Z" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster/providers/Microsoft.Authorization/policyExemptions/DemoExpensiveVM", + "type": "Microsoft.Authorization/policyExemptions", + "name": "DemoExpensiveVM" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/deletePolicyExemption.json b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/deletePolicyExemption.json index 7268b4d04093..d5e02c3c09e2 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/deletePolicyExemption.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/deletePolicyExemption.json @@ -2,7 +2,7 @@ "parameters": { "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster", "policyExemptionName": "DemoExpensiveVM", - "api-version": "2020-07-01-preview" + "api-version": "2022-07-01-preview" }, "responses": { "200": { diff --git a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/getPolicyExemption.json b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/getPolicyExemption.json index 38fc34650a1f..3e035870787d 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/getPolicyExemption.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/getPolicyExemption.json @@ -2,7 +2,7 @@ "parameters": { "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster", "policyExemptionName": "DemoExpensiveVM", - "api-version": "2020-07-01-preview" + "api-version": "2022-07-01-preview" }, "responses": { "200": { diff --git a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/getPolicyExemptionWithResourceSelectors.json b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/getPolicyExemptionWithResourceSelectors.json new file mode 100644 index 000000000000..86bfe3b92d1f --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/getPolicyExemptionWithResourceSelectors.json @@ -0,0 +1,49 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster", + "policyExemptionName": "DemoExpensiveVM", + "api-version": "2022-07-01-preview" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "policyAssignmentId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "policyDefinitionReferenceIds": [ + "Limit_Skus" + ], + "exemptionCategory": "Waiver", + "displayName": "Exempt demo cluster", + "description": "Exempt demo cluster from limit sku", + "metadata": { + "reason": "Temporary exemption for a expensive VM demo" + }, + "assignmentScopeValidation": "Default", + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "kind": "resourceLocation", + "in": [ "eastus2euap", "centraluseuap" ] + } + ] + } + ] + }, + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-07-01T01:01:01.1075056Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-07-01T02:01:01.1075056Z" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/demoCluster/providers/Microsoft.Authorization/policyExemptions/DemoExpensiveVM", + "type": "Microsoft.Authorization/policyExemptions", + "name": "DemoExpensiveVM" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/listPolicyExemptionsForManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/listPolicyExemptionsForManagementGroup.json index 77598424b706..fdcf5d4bf801 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/listPolicyExemptionsForManagementGroup.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/listPolicyExemptionsForManagementGroup.json @@ -1,7 +1,7 @@ { "parameters": { "managementGroupId": "DevOrg", - "api-version": "2020-07-01-preview", + "api-version": "2022-07-01-preview", "$filter": "atScope()" }, "responses": { diff --git a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/listPolicyExemptionsForResource.json b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/listPolicyExemptionsForResource.json index 7efd27f5ad38..7e0a66bfb3db 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/listPolicyExemptionsForResource.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/listPolicyExemptionsForResource.json @@ -6,7 +6,7 @@ "parentResourcePath": "virtualMachines/MyTestVm", "resourceType": "domainNames", "resourceName": "MyTestComputer.cloudapp.net", - "api-version": "2020-07-01-preview" + "api-version": "2022-07-01-preview" }, "responses": { "200": { diff --git a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/listPolicyExemptionsForResourceGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/listPolicyExemptionsForResourceGroup.json index 7cac005fa471..05a4359e877f 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/listPolicyExemptionsForResourceGroup.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/listPolicyExemptionsForResourceGroup.json @@ -2,7 +2,7 @@ "parameters": { "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "resourceGroupName": "TestResourceGroup", - "api-version": "2020-07-01-preview", + "api-version": "2022-07-01-preview", "$filter": "atScope()" }, "responses": { diff --git a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/listPolicyExemptionsForSubscription.json b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/listPolicyExemptionsForSubscription.json index aefef89332a2..ee7b1c2dd8b6 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/listPolicyExemptionsForSubscription.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/listPolicyExemptionsForSubscription.json @@ -1,7 +1,7 @@ { "parameters": { "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "api-version": "2020-07-01-preview", + "api-version": "2022-07-01-preview", "$filter": "atScope()" }, "responses": { diff --git a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/policyExemptions.json b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/policyExemptions.json index b555e5537eb6..c8a49ca4cb54 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/policyExemptions.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/policyExemptions.json @@ -2,7 +2,7 @@ "swagger": "2.0", "info": { "title": "PolicyClient", - "version": "2020-07-01-preview", + "version": "2022-07-01-preview", "description": "To exempt your resources from policy evaluation and non-compliance state, you can create an exemption at a scope." }, "host": "management.azure.com", @@ -83,6 +83,9 @@ "x-ms-examples": { "Create or update a policy exemption": { "$ref": "./examples/createOrUpdatePolicyExemption.json" + }, + "Create or update a policy exemption with resource selectors": { + "$ref": "./examples/createOrUpdatePolicyExemptionWithResourceSelectors.json" } }, "parameters": [ @@ -136,6 +139,9 @@ "x-ms-examples": { "Retrieve a policy exemption": { "$ref": "./examples/getPolicyExemption.json" + }, + "Retrieve a policy exemption with resource selectors": { + "$ref": "./examples/getPolicyExemptionWithResourceSelectors.json" } }, "parameters": [ @@ -163,6 +169,53 @@ } } } + }, + "patch": { + "tags": [ + "PolicyExemptions" + ], + "operationId": "PolicyExemptions_Update", + "summary": "Updates a policy exemption.", + "description": " This operation updates a policy exemption with the given scope and name.", + "x-ms-examples": { + "Update a policy exemption with resource selectors": { + "$ref": "./examples/updatePolicyExemptionWithResourceSelectors.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/ScopeParameter" + }, + { + "$ref": "#/parameters/PolicyExemptionNameParameter" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyExemptionUpdate" + }, + "description": "Parameters for policy exemption patch request." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy exemption.", + "schema": { + "$ref": "#/definitions/PolicyExemption" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } } }, "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyExemptions": { @@ -439,6 +492,39 @@ "metadata": { "type": "object", "description": "The policy exemption metadata. Metadata is an open ended object and is typically a collection of key value pairs." + }, + "resourceSelectors": { + "type": "array", + "items": { + "$ref": "../../common/v1/types.json#/definitions/ResourceSelector" + }, + "x-ms-identifiers": [ + "name" + ], + "description": "The resource selector list to filter policies by resource properties." + }, + "assignmentScopeValidation": { + "type": "string", + "enum": [ + "Default", + "DoNotValidate" + ], + "x-ms-enum": { + "name": "assignmentScopeValidation", + "modelAsString": true, + "values": [ + { + "value": "Default", + "description": "This option will validate the exemption is at or under the assignment scope." + }, + { + "value": "DoNotValidate", + "description": "This option will bypass the validation the exemption scope is at or under the policy assignment scope." + } + ] + }, + "default": "Default", + "description": "The option whether validate the exemption is at or under the assignment scope." } }, "description": "The policy exemption properties." @@ -494,6 +580,56 @@ } }, "description": "List of policy exemptions." + }, + "PolicyExemptionUpdateProperties": { + "type": "object", + "properties": { + "resourceSelectors": { + "type": "array", + "items": { + "$ref": "../../common/v1/types.json#/definitions/ResourceSelector" + }, + "x-ms-identifiers": [ + "name" + ], + "description": "The resource selector list to filter policies by resource properties." + }, + "assignmentScopeValidation": { + "type": "string", + "enum": [ + "Default", + "DoNotValidate" + ], + "x-ms-enum": { + "name": "assignmentScopeValidation", + "modelAsString": true, + "values": [ + { + "value": "Default", + "description": "This option will validate the exemption is at or under the assignment scope." + }, + { + "value": "DoNotValidate", + "description": "This option will bypass the validation the exemption scope is at or under the policy assignment scope." + } + ] + }, + "default": "Default", + "description": "The option whether validate the exemption is at or under the assignment scope." + } + }, + "description": "The policy exemption properties for Patch request." + }, + "PolicyExemptionUpdate": { + "type": "object", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/PolicyExemptionUpdateProperties", + "description": "The policy exemption properties for Patch request." + } + }, + "description": "The policy exemption for Patch request." } }, "parameters": { diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignment.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignment.json index 36e9c79044fd..8edf0ee2c07f 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignment.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignment.json @@ -2,7 +2,7 @@ "parameters": { "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "policyAssignmentName": "EnforceNaming", - "api-version": "2021-06-01", + "api-version": "2022-06-01", "parameters": { "properties": { "displayName": "Enforce resource naming rules", diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentById.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentById.json index 120d28bf5e83..8653517ef0e4 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentById.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentById.json @@ -1,7 +1,7 @@ { "parameters": { "policyAssignmentId": "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", - "api-version": "2021-06-01", + "api-version": "2022-06-01", "parameters": { "properties": { "displayName": "Enforce storage account SKU", diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentNonComplianceMessages.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentNonComplianceMessages.json index 02ba33cf328d..57dda2b866e5 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentNonComplianceMessages.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentNonComplianceMessages.json @@ -2,7 +2,7 @@ "parameters": { "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "policyAssignmentName": "securityInitAssignment", - "api-version": "2021-06-01", + "api-version": "2022-06-01", "parameters": { "properties": { "displayName": "Enforce security policies", diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithIdentity.json index 4339fa8dff3f..a022f4feb490 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithIdentity.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithIdentity.json @@ -2,7 +2,7 @@ "parameters": { "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "policyAssignmentName": "EnforceNaming", - "api-version": "2021-06-01", + "api-version": "2022-06-01", "parameters": { "location": "eastus", "identity": { diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithIdentityById.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithIdentityById.json index c71134471afe..aa5d90075cad 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithIdentityById.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithIdentityById.json @@ -1,7 +1,7 @@ { "parameters": { "policyAssignmentId": "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", - "api-version": "2021-06-01", + "api-version": "2022-06-01", "parameters": { "identity": { "type": "SystemAssigned" diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithOverrides.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithOverrides.json new file mode 100644 index 000000000000..d27e18935a8d --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithOverrides.json @@ -0,0 +1,62 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "CostManagement", + "api-version": "2022-06-01", + "parameters": { + "properties": { + "displayName": "Limit the resource location and resource SKU", + "description": "Limit the resource location and resource SKU", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "overrides": [ + { + "kind": "policyEffect", + "value": "Audit", + "selectors": [ + { + "kind": "policyDefinitionReferenceId", + "in": [ "Limit_Skus", "Limit_Locations" ] + } + ] + } + ] + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "displayName": "Limit the resource location and resource SKU", + "description": "Limit the resource location and resource SKU", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "notScopes": [], + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "overrides": [ + { + "kind": "policyEffect", + "value": "Audit", + "selectors": [ + { + "kind": "policyDefinitionReferenceId", + "in": [ "Limit_Skus", "Limit_Locations" ] + } + ] + } + ] + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "CostManagement" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithResourceSelectors.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithResourceSelectors.json new file mode 100644 index 000000000000..efadb7893250 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithResourceSelectors.json @@ -0,0 +1,60 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "CostManagement", + "api-version": "2022-06-01", + "parameters": { + "properties": { + "displayName": "Limit the resource location and resource SKU", + "description": "Limit the resource location and resource SKU", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "kind": "resourceLocation", + "in": [ "eastus2euap", "centraluseuap" ] + } + ] + } + ] + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "displayName": "Limit the resource location and resource SKU", + "description": "Limit the resource location and resource SKU", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "notScopes": [], + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "kind": "resourceLocation", + "in": [ "eastus2euap", "centraluseuap" ] + } + ] + } + ] + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "CostManagement" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithUserAssignedIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithUserAssignedIdentity.json index e1c18b5b3af6..10ade6481035 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithUserAssignedIdentity.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithUserAssignedIdentity.json @@ -2,7 +2,7 @@ "parameters": { "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "policyAssignmentName": "EnforceNaming", - "api-version": "2021-06-01", + "api-version": "2022-06-01", "parameters": { "location": "eastus", "identity": { diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithoutEnforcement.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithoutEnforcement.json index 1d820cbdc632..542152051aec 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithoutEnforcement.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithoutEnforcement.json @@ -2,7 +2,7 @@ "parameters": { "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "policyAssignmentName": "EnforceNaming", - "api-version": "2021-06-01", + "api-version": "2022-06-01", "parameters": { "properties": { "displayName": "Enforce resource naming rules", diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/deletePolicyAssignment.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/deletePolicyAssignment.json index 1c1e28c991b9..29c3bcdc5d6f 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/deletePolicyAssignment.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/deletePolicyAssignment.json @@ -2,7 +2,7 @@ "parameters": { "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "policyAssignmentName": "EnforceNaming", - "api-version": "2021-06-01" + "api-version": "2022-06-01" }, "responses": { "200": { diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/deletePolicyAssignmentById.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/deletePolicyAssignmentById.json index 0f0730c5daf7..2bc4448bc371 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/deletePolicyAssignmentById.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/deletePolicyAssignmentById.json @@ -1,7 +1,7 @@ { "parameters": { "policyAssignmentId": "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", - "api-version": "2021-06-01" + "api-version": "2022-06-01" }, "responses": { "200": { diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignment.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignment.json index 849a328e7285..b4c3a1ae3a45 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignment.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignment.json @@ -2,7 +2,7 @@ "parameters": { "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "policyAssignmentName": "EnforceNaming", - "api-version": "2021-06-01" + "api-version": "2022-06-01" }, "responses": { "200": { diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentById.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentById.json index a7fa47acf4b0..20cbfea5380c 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentById.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentById.json @@ -1,7 +1,7 @@ { "parameters": { "policyAssignmentId": "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", - "api-version": "2021-06-01" + "api-version": "2022-06-01" }, "responses": { "200": { diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithIdentity.json index 12c54bbbd3d8..77c75fbd38b5 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithIdentity.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithIdentity.json @@ -2,7 +2,7 @@ "parameters": { "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "policyAssignmentName": "EnforceNaming", - "api-version": "2021-06-01" + "api-version": "2022-06-01" }, "responses": { "200": { diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithIdentityById.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithIdentityById.json index e5169e563716..b4274a042678 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithIdentityById.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithIdentityById.json @@ -1,7 +1,7 @@ { "parameters": { "policyAssignmentId": "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", - "api-version": "2021-06-01" + "api-version": "2022-06-01" }, "responses": { "200": { diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithOverrides.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithOverrides.json new file mode 100644 index 000000000000..74c887912a8a --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithOverrides.json @@ -0,0 +1,40 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "CostManagement", + "api-version": "2022-06-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Limit the resource location and resource SKU", + "description": "Limit the resource location and resource SKU", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "notScopes": [], + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "overrides": [ + { + "kind": "policyEffect", + "value": "Audit", + "selectors": [ + { + "kind": "policyDefinitionReferenceId", + "in": [ "Limit_Skus", "Limit_Locations" ] + } + ] + } + ] + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "CostManagement" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithResourceSelectors.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithResourceSelectors.json new file mode 100644 index 000000000000..c1229184697e --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithResourceSelectors.json @@ -0,0 +1,39 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "CostManagement", + "api-version": "2022-06-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Limit the resource location and resource SKU", + "description": "Limit the resource location and resource SKU", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "notScopes": [], + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "kind": "resourceLocation", + "in": [ "eastus2euap", "centraluseuap" ] + } + ] + } + ] + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "CostManagement" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithUserAssignedIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithUserAssignedIdentity.json index 828890b6a36a..bd3509c8579e 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithUserAssignedIdentity.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithUserAssignedIdentity.json @@ -2,7 +2,7 @@ "parameters": { "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "policyAssignmentName": "EnforceNaming", - "api-version": "2021-06-01" + "api-version": "2022-06-01" }, "responses": { "200": { diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/listPolicyAssignments.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/listPolicyAssignments.json index ced0d65640da..4b4f0a62f28d 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/listPolicyAssignments.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/listPolicyAssignments.json @@ -1,7 +1,7 @@ { "parameters": { "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "api-version": "2021-06-01", + "api-version": "2022-06-01", "$filter": "atScope()" }, "responses": { diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/listPolicyAssignmentsForManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/listPolicyAssignmentsForManagementGroup.json index 5ea56e66b29a..493f2efcd90a 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/listPolicyAssignmentsForManagementGroup.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/listPolicyAssignmentsForManagementGroup.json @@ -1,7 +1,7 @@ { "parameters": { "managementGroupId": "TestManagementGroup", - "api-version": "2021-06-01", + "api-version": "2022-06-01", "$filter": "atScope()" }, "responses": { diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/listPolicyAssignmentsForResource.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/listPolicyAssignmentsForResource.json index 25ba40d814e0..00a16b983b44 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/listPolicyAssignmentsForResource.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/listPolicyAssignmentsForResource.json @@ -6,7 +6,7 @@ "resourceType": "domainNames", "resourceName": "MyTestComputer.cloudapp.net", "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "api-version": "2021-06-01" + "api-version": "2022-06-01" }, "responses": { "200": { diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/listPolicyAssignmentsForResourceGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/listPolicyAssignmentsForResourceGroup.json index 3f4ec2bb8fa4..96fbc1c54328 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/listPolicyAssignmentsForResourceGroup.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/listPolicyAssignmentsForResourceGroup.json @@ -2,7 +2,7 @@ "parameters": { "resourceGroupName": "TestResourceGroup", "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "api-version": "2021-06-01", + "api-version": "2022-06-01", "$filter": "atScope()" }, "responses": { diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithIdentity.json index a3c1208e8541..167eca2644e9 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithIdentity.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithIdentity.json @@ -2,7 +2,7 @@ "parameters": { "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "policyAssignmentName": "EnforceNaming", - "api-version": "2021-06-01", + "api-version": "2022-06-01", "parameters": { "location": "eastus", "identity": { diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithIdentityById.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithIdentityById.json index 1272273109f1..00b43c23f99d 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithIdentityById.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithIdentityById.json @@ -1,7 +1,7 @@ { "parameters": { "policyAssignmentId": "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", - "api-version": "2021-06-01", + "api-version": "2022-06-01", "parameters": { "identity": { "type": "SystemAssigned" diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithOverrides.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithOverrides.json new file mode 100644 index 000000000000..c8973eecc863 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithOverrides.json @@ -0,0 +1,56 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "CostManagement", + "api-version": "2022-06-01", + "parameters": { + "properties": { + "overrides": [ + { + "kind": "policyEffect", + "value": "Audit", + "selectors": [ + { + "kind": "policyDefinitionReferenceId", + "in": [ "Limit_Skus", "Limit_Locations" ] + } + ] + } + ] + } + } + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Limit the resource location and resource SKU", + "description": "Limit the resource location and resource SKU", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "notScopes": [], + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "overrides": [ + { + "kind": "policyEffect", + "value": "Audit", + "selectors": [ + { + "kind": "policyDefinitionReferenceId", + "in": [ "Limit_Skus", "Limit_Locations" ] + } + ] + } + ] + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "CostManagement" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithResourceSelectors.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithResourceSelectors.json new file mode 100644 index 000000000000..40e4d516f8e4 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithResourceSelectors.json @@ -0,0 +1,54 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "CostManagement", + "api-version": "2022-06-01", + "parameters": { + "properties": { + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "kind": "resourceLocation", + "in": [ "eastus2euap", "centraluseuap" ] + } + ] + } + ] + } + } + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Limit the resource location and resource SKU", + "description": "Limit the resource location and resource SKU", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "notScopes": [], + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "kind": "resourceLocation", + "in": [ "eastus2euap", "centraluseuap" ] + } + ] + } + ] + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "CostManagement" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithUserAssignedIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithUserAssignedIdentity.json index 5e510aec2244..e2ce22b3bbe5 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithUserAssignedIdentity.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithUserAssignedIdentity.json @@ -2,7 +2,7 @@ "parameters": { "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "policyAssignmentName": "EnforceNaming", - "api-version": "2021-06-01", + "api-version": "2022-06-01", "parameters": { "location": "eastus", "identity": { diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/policyAssignments.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/policyAssignments.json index 52286009c752..6a519cbd2dda 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/policyAssignments.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/policyAssignments.json @@ -2,7 +2,7 @@ "swagger": "2.0", "info": { "title": "PolicyClient", - "version": "2021-06-01", + "version": "2022-06-01", "description": "To manage and control access to your resources, you can define customized policies and assign them at a scope." }, "host": "management.azure.com", @@ -107,6 +107,12 @@ }, "Create or update a policy assignment without enforcing policy effect during resource creation or update.": { "$ref": "./examples/createPolicyAssignmentWithoutEnforcement.json" + }, + "Create or update a policy assignment with resource selectors": { + "$ref": "./examples/createPolicyAssignmentWithResourceSelectors.json" + }, + "Create or update a policy assignment with overrides": { + "$ref": "./examples/createPolicyAssignmentWithOverrides.json" } }, "parameters": [ @@ -169,6 +175,12 @@ }, "Retrieve a policy assignment with a user assigned identity": { "$ref": "./examples/getPolicyAssignmentWithUserAssignedIdentity.json" + }, + "Retrieve a policy assignment with resource selectors": { + "$ref": "./examples/getPolicyAssignmentWithResourceSelectors.json" + }, + "Retrieve a policy assignment with overrides": { + "$ref": "./examples/getPolicyAssignmentWithOverrides.json" } }, "parameters": [ @@ -219,6 +231,12 @@ }, "Update a policy assignment with a user assigned identity": { "$ref": "./examples/updatePolicyAssignmentWithUserAssignedIdentity.json" + }, + "Update a policy assignment with resource selectors": { + "$ref": "./examples/updatePolicyAssignmentWithResourceSelectors.json" + }, + "Update a policy assignment with overrides": { + "$ref": "./examples/updatePolicyAssignmentWithOverrides.json" } }, "parameters": [ @@ -770,6 +788,23 @@ "policyDefinitionReferenceId" ], "description": "The messages that describe why a resource is non-compliant with the policy." + }, + "resourceSelectors": { + "type": "array", + "items": { + "$ref": "../../common/v1/types.json#/definitions/ResourceSelector" + }, + "x-ms-identifiers": [ + "name" + ], + "description": "The resource selector list to filter policies by resource properties." + }, + "overrides": { + "type": "array", + "items": { + "$ref": "../../common/v1/types.json#/definitions/Override" + }, + "description": "The policy property value override." } }, "description": "The policy assignment properties." @@ -923,9 +958,37 @@ }, "description": "Identity for the resource. Policy assignments support a maximum of one identity. That is either a system assigned identity or a single user assigned identity." }, + "PolicyAssignmentUpdateProperties": { + "type": "object", + "properties": { + "resourceSelectors": { + "type": "array", + "items": { + "$ref": "../../common/v1/types.json#/definitions/ResourceSelector" + }, + "x-ms-identifiers": [ + "name" + ], + "description": "The resource selector list to filter policies by resource properties." + }, + "overrides": { + "type": "array", + "items": { + "$ref": "../../common/v1/types.json#/definitions/Override" + }, + "description": "The policy property value override." + } + }, + "description": "The policy assignment properties for Patch request." + }, "PolicyAssignmentUpdate": { "type": "object", "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/PolicyAssignmentUpdateProperties", + "description": "The policy assignment properties for Patch request." + }, "location": { "type": "string", "description": "The location of the policy assignment. Only required when utilizing managed identity." @@ -934,7 +997,8 @@ "$ref": "#/definitions/Identity", "description": "The managed identity associated with the policy assignment." } - } + }, + "description": "The policy assignment for Patch request." } }, "parameters": { diff --git a/specification/resources/resource-manager/readme.go.md b/specification/resources/resource-manager/readme.go.md index 42ba1bdeee0d..a3f2aa516419 100644 --- a/specification/resources/resource-manager/readme.go.md +++ b/specification/resources/resource-manager/readme.go.md @@ -109,6 +109,7 @@ batch: - tag: package-features-2021-07 - tag: package-locks-2016-09 - tag: package-locks-2015-01 + - tag: package-policy-2022-06 - tag: package-policy-2021-06 - tag: package-policy-2020-09 - tag: package-policy-2020-03 @@ -208,6 +209,16 @@ namespace: locks output-folder: $(go-sdk-folder)/services/resources/mgmt/2015-01-01/locks ``` +### Tag: package-policy-2022-06 and go + +These settings apply only when `--tag=package-policy-2022-06 --go` is specified on the command line. +Please also specify `--go-sdk-folder=`. + +``` yaml $(tag) == 'package-policy-2022-06' && $(go) +namespace: policy +output-folder: $(go-sdk-folder)/services/preview/resources/mgmt/2022-06-01-preview/policy +``` + ### Tag: package-policy-2021-06 and go These settings apply only when `--tag=package-policy-2021-06 --go` is specified on the command line. diff --git a/specification/resources/resource-manager/readme.md b/specification/resources/resource-manager/readme.md index 83994fb5e305..f97fbd319cff 100644 --- a/specification/resources/resource-manager/readme.md +++ b/specification/resources/resource-manager/readme.md @@ -42,7 +42,7 @@ tag: package-locks-2020-05 ``` ``` yaml $(package-policy) -tag: package-policy-2021-06 +tag: package-policy-2022-06 ``` ``` yaml $(package-resources) @@ -72,6 +72,26 @@ tag: package-templatespecs-2022-02 ``` yaml $(package-changes) tag: package-changes-2022-05 ``` + +### Tag: package-policy-2022-06 + +These settings apply only when `--tag=package-policy-2022-06` is specified on the command line. + +``` yaml $(tag) == 'package-policy-2022-06' +input-file: +- Microsoft.Authorization/stable/2020-09-01/dataPolicyManifests.json +- Microsoft.Authorization/stable/2021-06-01/policyDefinitions.json +- Microsoft.Authorization/stable/2021-06-01/policySetDefinitions.json +- Microsoft.Authorization/stable/2022-06-01/policyAssignments.json +- Microsoft.Authorization/preview/2022-07-01-preview/policyExemptions.json +- Microsoft.Authorization/preview/2022-08-01-preview/policyVariables.json +- Microsoft.Authorization/preview/2022-08-01-preview/policyVariableValues.json + +# Needed when there is more than one input file +override-info: + title: PolicyClient +``` + ### Tag: package-changes-2022-05 These settings apply only when `--tag=package-changes-2022-05` is specified on the command line. @@ -735,6 +755,10 @@ directive: from: policyVariableValues.json where: $.paths reason: operation APIs for Microsoft.Authorization are to be defined in RBAC swagger + - suppress: BodyTopLevelProperties + from: policyAssignments.json + where: $.definitions.PolicyAssignment.properties + reason: Currently systemData is not allowed - suppress: BodyTopLevelProperties from: policyExemptions.json where: $.definitions.PolicyExemption.properties From 6dfbf174c101a86f43bd9a5944ab0ee33e4f9e9f Mon Sep 17 00:00:00 2001 From: Robert Gao Date: Sat, 10 Sep 2022 00:30:04 -0700 Subject: [PATCH 3/8] fix file name casing --- ...ctors.json => updatePolicyExemptionWithResourceSelectors.json} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/{UpdatePolicyExemptionWithResourceSelectors.json => updatePolicyExemptionWithResourceSelectors.json} (100%) diff --git a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/UpdatePolicyExemptionWithResourceSelectors.json b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/updatePolicyExemptionWithResourceSelectors.json similarity index 100% rename from specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/UpdatePolicyExemptionWithResourceSelectors.json rename to specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/updatePolicyExemptionWithResourceSelectors.json From f8f5368673f6d0b710d296a9af4786b922aa62d7 Mon Sep 17 00:00:00 2001 From: Robert Gao Date: Sat, 10 Sep 2022 08:52:21 -0700 Subject: [PATCH 4/8] Trigger checks From c907fbe65f4fe10ea3ccd08c343ba9c398abc18a Mon Sep 17 00:00:00 2001 From: Robert Gao Date: Sat, 10 Sep 2022 10:07:47 -0700 Subject: [PATCH 5/8] Addressed comments --- .../common/v1/types.json | 10 ++++++---- ...ePolicyExemptionWithResourceSelectors.json | 15 +++++++++++--- ...tPolicyExemptionWithResourceSelectors.json | 5 ++++- ...ePolicyExemptionWithResourceSelectors.json | 10 ++++++++-- .../2022-07-01-preview/policyExemptions.json | 14 +++++++------ .../createPolicyAssignmentWithOverrides.json | 10 ++++++++-- ...PolicyAssignmentWithResourceSelectors.json | 10 ++++++++-- .../getPolicyAssignmentWithOverrides.json | 5 ++++- ...PolicyAssignmentWithResourceSelectors.json | 5 ++++- .../updatePolicyAssignmentWithOverrides.json | 10 ++++++++-- ...PolicyAssignmentWithResourceSelectors.json | 10 ++++++++-- .../stable/2022-06-01/policyAssignments.json | 20 ++++++++++++------- 12 files changed, 91 insertions(+), 33 deletions(-) diff --git a/specification/resources/resource-manager/Microsoft.Authorization/common/v1/types.json b/specification/resources/resource-manager/Microsoft.Authorization/common/v1/types.json index 91e753906f4b..e76cc96fecd8 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/common/v1/types.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/common/v1/types.json @@ -20,7 +20,7 @@ "policyDefinitionReferenceId" ], "x-ms-enum": { - "name": "kind", + "name": "SelectorKind", "modelAsString": true, "values": [ { @@ -71,6 +71,7 @@ "items": { "$ref": "#/definitions/Selector" }, + "x-ms-identifiers": [], "description": "The list of the selector expressions." } } @@ -86,7 +87,7 @@ "policyEffect" ], "x-ms-enum": { - "name": "kind", + "name": "OverrideKind", "modelAsString": true, "values": [ { @@ -105,9 +106,10 @@ "items": { "$ref": "#/definitions/Selector" }, + "x-ms-identifiers": [], "description": "The list of the selector expressions." } } - } + } } -} \ No newline at end of file +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/createOrUpdatePolicyExemptionWithResourceSelectors.json b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/createOrUpdatePolicyExemptionWithResourceSelectors.json index 2755b8eb231c..84704c9fd46b 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/createOrUpdatePolicyExemptionWithResourceSelectors.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/createOrUpdatePolicyExemptionWithResourceSelectors.json @@ -22,7 +22,10 @@ "selectors": [ { "kind": "resourceLocation", - "in": [ "eastus2euap", "centraluseuap" ] + "in": [ + "eastus2euap", + "centraluseuap" + ] } ] } @@ -52,7 +55,10 @@ "selectors": [ { "kind": "resourceLocation", - "in": [ "eastus2euap", "centraluseuap" ] + "in": [ + "eastus2euap", + "centraluseuap" + ] } ] } @@ -92,7 +98,10 @@ "selectors": [ { "kind": "resourceLocation", - "in": [ "eastus2euap", "centraluseuap" ] + "in": [ + "eastus2euap", + "centraluseuap" + ] } ] } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/getPolicyExemptionWithResourceSelectors.json b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/getPolicyExemptionWithResourceSelectors.json index 86bfe3b92d1f..8891dd68d7b7 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/getPolicyExemptionWithResourceSelectors.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/getPolicyExemptionWithResourceSelectors.json @@ -26,7 +26,10 @@ "selectors": [ { "kind": "resourceLocation", - "in": [ "eastus2euap", "centraluseuap" ] + "in": [ + "eastus2euap", + "centraluseuap" + ] } ] } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/updatePolicyExemptionWithResourceSelectors.json b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/updatePolicyExemptionWithResourceSelectors.json index 4a6be623297d..bffbcb50e0f4 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/updatePolicyExemptionWithResourceSelectors.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/examples/updatePolicyExemptionWithResourceSelectors.json @@ -12,7 +12,10 @@ "selectors": [ { "kind": "resourceLocation", - "in": [ "eastus2euap", "centraluseuap" ] + "in": [ + "eastus2euap", + "centraluseuap" + ] } ] } @@ -42,7 +45,10 @@ "selectors": [ { "kind": "resourceLocation", - "in": [ "eastus2euap", "centraluseuap" ] + "in": [ + "eastus2euap", + "centraluseuap" + ] } ] } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/policyExemptions.json b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/policyExemptions.json index c8a49ca4cb54..5c5011db32fd 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/policyExemptions.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/policyExemptions.json @@ -27,7 +27,7 @@ "type": "oauth2", "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", "flow": "implicit", - "description": "Azure Active Directory OAuth2 Flow", + "description": "Azure Active Directory OAuth2 Flow.", "scopes": { "user_impersonation": "impersonate your user account" } @@ -429,6 +429,7 @@ }, "definitions": { "CloudError": { + "type": "object", "x-ms-external": true, "properties": { "error": { @@ -438,6 +439,7 @@ "description": "An error response from a policy operation." }, "PolicyExemptionProperties": { + "type": "object", "required": [ "policyAssignmentId", "exemptionCategory" @@ -510,7 +512,7 @@ "DoNotValidate" ], "x-ms-enum": { - "name": "assignmentScopeValidation", + "name": "AssignmentScopeValidation", "modelAsString": true, "values": [ { @@ -530,6 +532,7 @@ "description": "The policy exemption properties." }, "PolicyExemption": { + "type": "object", "required": [ "properties" ], @@ -565,6 +568,7 @@ "x-ms-azure-resource": true }, "PolicyExemptionListResult": { + "type": "object", "properties": { "value": { "type": "array", @@ -589,9 +593,7 @@ "items": { "$ref": "../../common/v1/types.json#/definitions/ResourceSelector" }, - "x-ms-identifiers": [ - "name" - ], + "x-ms-identifiers": [], "description": "The resource selector list to filter policies by resource properties." }, "assignmentScopeValidation": { @@ -601,7 +603,7 @@ "DoNotValidate" ], "x-ms-enum": { - "name": "assignmentScopeValidation", + "name": "AssignmentScopeValidation", "modelAsString": true, "values": [ { diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithOverrides.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithOverrides.json index d27e18935a8d..19f81f962c9a 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithOverrides.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithOverrides.json @@ -18,7 +18,10 @@ "selectors": [ { "kind": "policyDefinitionReferenceId", - "in": [ "Limit_Skus", "Limit_Locations" ] + "in": [ + "Limit_Skus", + "Limit_Locations" + ] } ] } @@ -47,7 +50,10 @@ "selectors": [ { "kind": "policyDefinitionReferenceId", - "in": [ "Limit_Skus", "Limit_Locations" ] + "in": [ + "Limit_Skus", + "Limit_Locations" + ] } ] } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithResourceSelectors.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithResourceSelectors.json index efadb7893250..53a005b8e3a1 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithResourceSelectors.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/createPolicyAssignmentWithResourceSelectors.json @@ -17,7 +17,10 @@ "selectors": [ { "kind": "resourceLocation", - "in": [ "eastus2euap", "centraluseuap" ] + "in": [ + "eastus2euap", + "centraluseuap" + ] } ] } @@ -45,7 +48,10 @@ "selectors": [ { "kind": "resourceLocation", - "in": [ "eastus2euap", "centraluseuap" ] + "in": [ + "eastus2euap", + "centraluseuap" + ] } ] } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithOverrides.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithOverrides.json index 74c887912a8a..e4c8def35beb 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithOverrides.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithOverrides.json @@ -25,7 +25,10 @@ "selectors": [ { "kind": "policyDefinitionReferenceId", - "in": [ "Limit_Skus", "Limit_Locations" ] + "in": [ + "Limit_Skus", + "Limit_Locations" + ] } ] } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithResourceSelectors.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithResourceSelectors.json index c1229184697e..66470cfd9538 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithResourceSelectors.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/getPolicyAssignmentWithResourceSelectors.json @@ -24,7 +24,10 @@ "selectors": [ { "kind": "resourceLocation", - "in": [ "eastus2euap", "centraluseuap" ] + "in": [ + "eastus2euap", + "centraluseuap" + ] } ] } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithOverrides.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithOverrides.json index c8973eecc863..ccefd8cef60d 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithOverrides.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithOverrides.json @@ -12,7 +12,10 @@ "selectors": [ { "kind": "policyDefinitionReferenceId", - "in": [ "Limit_Skus", "Limit_Locations" ] + "in": [ + "Limit_Skus", + "Limit_Locations" + ] } ] } @@ -41,7 +44,10 @@ "selectors": [ { "kind": "policyDefinitionReferenceId", - "in": [ "Limit_Skus", "Limit_Locations" ] + "in": [ + "Limit_Skus", + "Limit_Locations" + ] } ] } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithResourceSelectors.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithResourceSelectors.json index 40e4d516f8e4..94e5a5f91a24 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithResourceSelectors.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/examples/updatePolicyAssignmentWithResourceSelectors.json @@ -11,7 +11,10 @@ "selectors": [ { "kind": "resourceLocation", - "in": [ "eastus2euap", "centraluseuap" ] + "in": [ + "eastus2euap", + "centraluseuap" + ] } ] } @@ -39,7 +42,10 @@ "selectors": [ { "kind": "resourceLocation", - "in": [ "eastus2euap", "centraluseuap" ] + "in": [ + "eastus2euap", + "centraluseuap" + ] } ] } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/policyAssignments.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/policyAssignments.json index 6a519cbd2dda..77746d633458 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/policyAssignments.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/policyAssignments.json @@ -27,7 +27,7 @@ "type": "oauth2", "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", "flow": "implicit", - "description": "Azure Active Directory OAuth2 Flow", + "description": "Azure Active Directory OAuth2 Flow.", "scopes": { "user_impersonation": "impersonate your user account" } @@ -713,6 +713,7 @@ }, "definitions": { "CloudError": { + "type": "object", "x-ms-external": true, "properties": { "error": { @@ -722,6 +723,7 @@ "description": "An error response from a policy operation." }, "PolicyAssignmentProperties": { + "type": "object", "properties": { "displayName": { "type": "string", @@ -794,9 +796,7 @@ "items": { "$ref": "../../common/v1/types.json#/definitions/ResourceSelector" }, - "x-ms-identifiers": [ - "name" - ], + "x-ms-identifiers": [], "description": "The resource selector list to filter policies by resource properties." }, "overrides": { @@ -804,12 +804,14 @@ "items": { "$ref": "../../common/v1/types.json#/definitions/Override" }, + "x-ms-identifiers": [], "description": "The policy property value override." } }, "description": "The policy assignment properties." }, "NonComplianceMessage": { + "type": "object", "properties": { "message": { "type": "string", @@ -833,6 +835,7 @@ "description": "The parameter values for the policy rule. The keys are the parameter names." }, "ParameterValuesValue": { + "type": "object", "properties": { "value": { "description": "The value of the parameter.", @@ -842,6 +845,7 @@ "description": "The value of a parameter." }, "PolicyAssignment": { + "type": "object", "properties": { "properties": { "x-ms-client-flatten": true, @@ -881,12 +885,14 @@ "x-ms-azure-resource": true }, "PolicyAssignmentListResult": { + "type": "object", "properties": { "value": { "type": "array", "items": { "$ref": "#/definitions/PolicyAssignment" }, + "x-ms-identifiers": [], "description": "An array of policy assignments." }, "nextLink": { @@ -897,6 +903,7 @@ "description": "List of policy assignments." }, "Identity": { + "type": "object", "properties": { "principalId": { "readOnly": true, @@ -966,9 +973,7 @@ "items": { "$ref": "../../common/v1/types.json#/definitions/ResourceSelector" }, - "x-ms-identifiers": [ - "name" - ], + "x-ms-identifiers": [], "description": "The resource selector list to filter policies by resource properties." }, "overrides": { @@ -976,6 +981,7 @@ "items": { "$ref": "../../common/v1/types.json#/definitions/Override" }, + "x-ms-identifiers": [], "description": "The policy property value override." } }, From 47b7b8c6fa56369aef29677652e8c0637735c36f Mon Sep 17 00:00:00 2001 From: Robert Gao Date: Thu, 22 Sep 2022 14:36:02 -0700 Subject: [PATCH 6/8] Addressed comment --- specification/resources/resource-manager/readme.go.md | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/specification/resources/resource-manager/readme.go.md b/specification/resources/resource-manager/readme.go.md index a3f2aa516419..42ba1bdeee0d 100644 --- a/specification/resources/resource-manager/readme.go.md +++ b/specification/resources/resource-manager/readme.go.md @@ -109,7 +109,6 @@ batch: - tag: package-features-2021-07 - tag: package-locks-2016-09 - tag: package-locks-2015-01 - - tag: package-policy-2022-06 - tag: package-policy-2021-06 - tag: package-policy-2020-09 - tag: package-policy-2020-03 @@ -209,16 +208,6 @@ namespace: locks output-folder: $(go-sdk-folder)/services/resources/mgmt/2015-01-01/locks ``` -### Tag: package-policy-2022-06 and go - -These settings apply only when `--tag=package-policy-2022-06 --go` is specified on the command line. -Please also specify `--go-sdk-folder=`. - -``` yaml $(tag) == 'package-policy-2022-06' && $(go) -namespace: policy -output-folder: $(go-sdk-folder)/services/preview/resources/mgmt/2022-06-01-preview/policy -``` - ### Tag: package-policy-2021-06 and go These settings apply only when `--tag=package-policy-2021-06 --go` is specified on the command line. From 09e29e1416fd82370fbb0b962fce99620fa4a194 Mon Sep 17 00:00:00 2001 From: Robert Gao Date: Tue, 27 Sep 2022 23:33:59 -0700 Subject: [PATCH 7/8] Addressed comments --- .../preview/2022-07-01-preview/policyExemptions.json | 2 +- .../stable/2022-06-01/policyAssignments.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/policyExemptions.json b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/policyExemptions.json index 5c5011db32fd..72fe5048991c 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/policyExemptions.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/preview/2022-07-01-preview/policyExemptions.json @@ -546,7 +546,7 @@ "readOnly": true, "type": "object", "description": "Azure Resource Manager metadata containing createdBy and modifiedBy information.", - "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/systemData" + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/systemData" }, "id": { "readOnly": true, diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/policyAssignments.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/policyAssignments.json index 77746d633458..097a64136112 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/policyAssignments.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2022-06-01/policyAssignments.json @@ -876,7 +876,7 @@ "description": "The managed identity associated with the policy assignment." }, "systemData": { - "$ref": "../../../../../common-types/resource-management/v2/types.json#/definitions/systemData", + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/systemData", "readOnly": true, "description": "The system metadata relating to this resource." } From 6afa9c3eb8eda0f8f43b6f9105322197c080bf69 Mon Sep 17 00:00:00 2001 From: Robert Gao Date: Thu, 6 Oct 2022 22:24:43 -0700 Subject: [PATCH 8/8] Fixed the merge error --- specification/resources/resource-manager/readme.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/specification/resources/resource-manager/readme.md b/specification/resources/resource-manager/readme.md index 2d3f5d94d765..3d556d1e6c76 100644 --- a/specification/resources/resource-manager/readme.md +++ b/specification/resources/resource-manager/readme.md @@ -73,6 +73,10 @@ tag: package-templatespecs-2022-02 tag: package-changes-2022-05 ``` +``` yaml $(package-snapshots) +tag: package-snapshots-2022-11 +``` + ### Tag: package-policy-2022-06 These settings apply only when `--tag=package-policy-2022-06` is specified on the command line. @@ -90,8 +94,6 @@ input-file: # Needed when there is more than one input file override-info: title: PolicyClient -``` yaml $(package-snapshots) -tag: package-snapshots-2022-11 ``` ### Tag: package-snapshots-2022-11