diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/createOrUpdatePolicyDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/createOrUpdatePolicyDefinition.json new file mode 100644 index 000000000000..250db181f7d7 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/createOrUpdatePolicyDefinition.json @@ -0,0 +1,90 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyDefinitionName": "ResourceNaming", + "api-version": "2019-06-01", + "parameters": { + "properties": { + "mode": "All", + "displayName": "Enforce resource naming convention", + "description": "Force resource names to begin with given 'prefix' and/or end with given 'suffix'", + "metadata": { + "category": "Naming" + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + } + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "ResourceNaming", + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/createOrUpdatePolicyDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/createOrUpdatePolicyDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..ddf1705fc49c --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/createOrUpdatePolicyDefinitionAtManagementGroup.json @@ -0,0 +1,90 @@ +{ + "parameters": { + "managementGroupId": "MyManagementGroup", + "policyDefinitionName": "ResourceNaming", + "api-version": "2019-06-01", + "parameters": { + "properties": { + "mode": "All", + "displayName": "Enforce resource naming convention", + "description": "Force resource names to begin with given 'prefix' and/or end with given 'suffix'", + "metadata": { + "category": "Naming" + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + } + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "ResourceNaming", + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/createOrUpdatePolicySetDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/createOrUpdatePolicySetDefinition.json new file mode 100644 index 000000000000..e009dfea5a0f --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/createOrUpdatePolicySetDefinition.json @@ -0,0 +1,120 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policySetDefinitionName": "CostManagement", + "api-version": "2019-06-01", + "parameters": { + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "CostManagement", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + }, + "200": { + "headers": {}, + "body": { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "CostManagement", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/createOrUpdatePolicySetDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/createOrUpdatePolicySetDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..e97aa511fc51 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/createOrUpdatePolicySetDefinitionAtManagementGroup.json @@ -0,0 +1,120 @@ +{ + "parameters": { + "managementGroupId": "MyManagementGroup", + "policySetDefinitionName": "CostManagement", + "api-version": "2019-06-01", + "parameters": { + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "CostManagement", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + }, + "200": { + "headers": {}, + "body": { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "CostManagement", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/createPolicyAssignment.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/createPolicyAssignment.json new file mode 100644 index 000000000000..e7b41234c5f3 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/createPolicyAssignment.json @@ -0,0 +1,54 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2019-06-01", + "parameters": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/createPolicyAssignmentById.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/createPolicyAssignmentById.json new file mode 100644 index 000000000000..cd36574044a8 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/createPolicyAssignmentById.json @@ -0,0 +1,53 @@ +{ + "parameters": { + "policyAssignmentId": "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "api-version": "2019-06-01", + "parameters": { + "properties": { + "displayName": "Enforce storage account SKU", + "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", + "metadata": { + "assignedBy": "Cheapskate Boss" + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "enforcementMode": "Default" + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce storage account SKU", + "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", + "metadata": { + "assignedBy": "Cheapskate Boss" + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "notScopes": [], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "enforcementMode": "Default" + }, + "id": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "type": "Microsoft.Authorization/policyAssignments", + "name": "LowCostStorage" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/createPolicyAssignmentWithIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/createPolicyAssignmentWithIdentity.json new file mode 100644 index 000000000000..afaf6b0049cb --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/createPolicyAssignmentWithIdentity.json @@ -0,0 +1,65 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2019-06-01", + "parameters": { + "location": "eastus", + "identity": { + "type": "SystemAssigned" + }, + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Foo Bar" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default" + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "eastus", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/createPolicyAssignmentWithIdentityById.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/createPolicyAssignmentWithIdentityById.json new file mode 100644 index 000000000000..2fcfd2d892a0 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/createPolicyAssignmentWithIdentityById.json @@ -0,0 +1,63 @@ +{ + "parameters": { + "policyAssignmentId": "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "api-version": "2019-06-01", + "parameters": { + "identity": { + "type": "SystemAssigned" + }, + "location": "eastus", + "properties": { + "displayName": "Enforce storage account SKU", + "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", + "metadata": { + "assignedBy": "Cheapskate Boss" + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "enforcementMode": "Default" + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce storage account SKU", + "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", + "metadata": { + "assignedBy": "Cheapskate Boss" + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "notScopes": [], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "enforcementMode": "Default" + }, + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "eastus", + "id": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "type": "Microsoft.Authorization/policyAssignments", + "name": "LowCostStorage" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/createPolicyAssignmentWithoutEnforcement.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/createPolicyAssignmentWithoutEnforcement.json new file mode 100644 index 000000000000..584432cf914d --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/createPolicyAssignmentWithoutEnforcement.json @@ -0,0 +1,55 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2019-06-01", + "parameters": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "DoNotEnforce" + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "DoNotEnforce", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/deletePolicyAssignment.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/deletePolicyAssignment.json new file mode 100644 index 000000000000..632c6f8cffdb --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/deletePolicyAssignment.json @@ -0,0 +1,38 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2019-06-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + }, + "204": { + "headers": {} + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/deletePolicyAssignmentById.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/deletePolicyAssignmentById.json new file mode 100644 index 000000000000..c43391ee8cf0 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/deletePolicyAssignmentById.json @@ -0,0 +1,36 @@ +{ + "parameters": { + "policyAssignmentId": "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "api-version": "2019-06-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce storage account SKU", + "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", + "metadata": { + "assignedBy": "Cheapskate Boss" + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "notScopes": [], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + "id": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "type": "Microsoft.Authorization/policyAssignments", + "name": "LowCostStorage" + } + }, + "204": { + "headers": {} + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/deletePolicyDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/deletePolicyDefinition.json new file mode 100644 index 000000000000..e68165f5af43 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/deletePolicyDefinition.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyDefinitionName": "ResourceNaming", + "api-version": "2019-06-01" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/deletePolicyDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/deletePolicyDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..93ed2d064ffb --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/deletePolicyDefinitionAtManagementGroup.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "managementGroupId": "MyManagementGroup", + "policyDefinitionName": "ResourceNaming", + "api-version": "2019-06-01" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/deletePolicySetDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/deletePolicySetDefinition.json new file mode 100644 index 000000000000..b335b056e3d4 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/deletePolicySetDefinition.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policySetDefinitionName": "CostManagement", + "api-version": "2019-06-01" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/deletePolicySetDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/deletePolicySetDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..75ebab143036 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/deletePolicySetDefinitionAtManagementGroup.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "managementGroupId": "MyManagementGroup", + "policySetDefinitionName": "CostManagement", + "api-version": "2019-06-01" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/getBuiltInPolicySetDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/getBuiltInPolicySetDefinition.json new file mode 100644 index 000000000000..fe1345f26960 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/getBuiltInPolicySetDefinition.json @@ -0,0 +1,66 @@ +{ + "parameters": { + "policySetDefinitionName": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "api-version": "2019-06-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "policyType": "BuiltIn", + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "metadata": { + "category": "Security Center" + }, + "parameters": {}, + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6" + } + ] + }, + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/getBuiltinPolicyDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/getBuiltinPolicyDefinition.json new file mode 100644 index 000000000000..c40ef2c74dc9 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/getBuiltinPolicyDefinition.json @@ -0,0 +1,52 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyDefinitionName": "7433c107-6db4-4ad1-b57a-a76dce0154a1", + "api-version": "2019-06-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "mode": "All", + "displayName": "Allowed storage account SKUs", + "policyType": "BuiltIn", + "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.", + "parameters": { + "listOfAllowedSKUs": { + "type": "Array", + "metadata": { + "description": "The list of SKUs that can be specified for storage accounts.", + "displayName": "Allowed SKUs", + "strongType": "StorageSKUs" + } + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Storage/storageAccounts" + }, + { + "not": { + "field": "Microsoft.Storage/storageAccounts/sku.name", + "in": "[parameters('listOfAllowedSKUs')]" + } + } + ] + }, + "then": { + "effect": "Deny" + } + } + }, + "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/getPolicyAssignment.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/getPolicyAssignment.json new file mode 100644 index 000000000000..f0ca8a4ac32d --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/getPolicyAssignment.json @@ -0,0 +1,36 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2019-06-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/getPolicyAssignmentById.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/getPolicyAssignmentById.json new file mode 100644 index 000000000000..b208e5f63bbe --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/getPolicyAssignmentById.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "policyAssignmentId": "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "api-version": "2019-06-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce storage account SKU", + "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", + "metadata": { + "assignedBy": "Cheapskate Boss" + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "notScopes": [], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "enforcementMode": "Default" + }, + "id": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "type": "Microsoft.Authorization/policyAssignments", + "name": "LowCostStorage" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/getPolicyAssignmentWithIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/getPolicyAssignmentWithIdentity.json new file mode 100644 index 000000000000..88dbf613b125 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/getPolicyAssignmentWithIdentity.json @@ -0,0 +1,42 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2019-06-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "westus", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/getPolicyAssignmentWithIdentityById.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/getPolicyAssignmentWithIdentityById.json new file mode 100644 index 000000000000..e3a46ce6c7be --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/getPolicyAssignmentWithIdentityById.json @@ -0,0 +1,40 @@ +{ + "parameters": { + "policyAssignmentId": "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "api-version": "2019-06-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce storage account SKU", + "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", + "metadata": { + "assignedBy": "Cheapskate Boss" + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "notScopes": [], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "enforcementMode": "Default" + }, + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "westus", + "id": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "type": "Microsoft.Authorization/policyAssignments", + "name": "LowCostStorage" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/getPolicyDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/getPolicyDefinition.json new file mode 100644 index 000000000000..8c733e6c9574 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/getPolicyDefinition.json @@ -0,0 +1,53 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyDefinitionName": "ResourceNaming", + "api-version": "2019-06-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "ResourceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/getPolicyDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/getPolicyDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..cc51c7df24f8 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/getPolicyDefinitionAtManagementGroup.json @@ -0,0 +1,53 @@ +{ + "parameters": { + "managementGroupId": "MyManagementGroup", + "policyDefinitionName": "ResourceNaming", + "api-version": "2019-06-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "ResourceNaming", + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/getPolicySetDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/getPolicySetDefinition.json new file mode 100644 index 000000000000..cd765fcebf0c --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/getPolicySetDefinition.json @@ -0,0 +1,48 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policySetDefinitionName": "CostManagement", + "api-version": "2019-06-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "CostManagement", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/getPolicySetDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/getPolicySetDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..94637a0c826c --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/getPolicySetDefinitionAtManagementGroup.json @@ -0,0 +1,48 @@ +{ + "parameters": { + "managementGroupId": "MyManagementGroup", + "policySetDefinitionName": "CostManagement", + "api-version": "2019-06-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "CostManagement", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/listBuiltInPolicyDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/listBuiltInPolicyDefinitions.json new file mode 100644 index 000000000000..30e75c86dfaf --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/listBuiltInPolicyDefinitions.json @@ -0,0 +1,130 @@ +{ + "parameters": { + "api-version": "2019-06-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "mode": "All", + "displayName": "Audit SQL DB Level Audit Setting", + "policyType": "BuiltIn", + "description": "Audit DB level audit setting for SQL databases", + "parameters": { + "setting": { + "type": "String", + "metadata": { + "displayName": "Audit Setting" + }, + "allowedValues": [ + "enabled", + "disabled" + ] + } + }, + "policyRule": { + "if": { + "field": "type", + "equals": "Microsoft.Sql/servers/databases" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "name": "default", + "existenceCondition": { + "allOf": [ + { + "field": "Microsoft.Sql/auditingSettings.state", + "equals": "[parameters('setting')]" + } + ] + } + } + } + } + }, + "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "06a78e20-9358-41c9-923c-fb736d382a12" + }, + { + "properties": { + "mode": "All", + "displayName": "Allowed storage account SKUs", + "policyType": "BuiltIn", + "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.", + "parameters": { + "listOfAllowedSKUs": { + "type": "Array", + "metadata": { + "description": "The list of SKUs that can be specified for storage accounts.", + "displayName": "Allowed SKUs", + "strongType": "StorageSKUs" + } + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Storage/storageAccounts" + }, + { + "not": { + "field": "Microsoft.Storage/storageAccounts/sku.name", + "in": "[parameters('listOfAllowedSKUs')]" + } + } + ] + }, + "then": { + "effect": "Deny" + } + } + }, + "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1" + }, + { + "properties": { + "mode": "Microsoft.KeyVault.Data", + "displayName": "Audit KeyVault certificates that expire within specified number of days", + "policyType": "BuiltIn", + "description": "Audit certificates that are stored in Azure Key Vault, that expire within 'X' number of days.", + "metadata": { + "category": "KeyVault DataPlane" + }, + "parameters": { + "daysToExpire": { + "type": "Integer", + "metadata": { + "displayName": "Days to expire", + "description": "The number of days for a certificate to expire." + } + } + }, + "policyRule": { + "if": { + "field": "Microsoft.KeyVault.Data/vaults/certificates/attributes/expiresOn", + "lessOrEquals": "[addDays(utcNow(), parameters('daysToExpire'))]" + }, + "then": { + "effect": "audit" + } + } + }, + "id": "/providers/Microsoft.Authorization/policyDefinitions/abeed54a-73c5-441d-8a8c-6b5e7a0c299e", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "abeed54a-73c5-441d-8a8c-6b5e7a0c299e" + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/listBuiltInPolicySetDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/listBuiltInPolicySetDefinitions.json new file mode 100644 index 000000000000..7917b62f9788 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/listBuiltInPolicySetDefinitions.json @@ -0,0 +1,69 @@ +{ + "parameters": { + "api-version": "2019-06-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "policyType": "BuiltIn", + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "metadata": { + "category": "Security Center" + }, + "parameters": {}, + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6" + } + ] + }, + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/listPolicyAssignments.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/listPolicyAssignments.json new file mode 100644 index 000000000000..5e38fa76ec7d --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/listPolicyAssignments.json @@ -0,0 +1,62 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2019-06-01", + "$filter": "atScope()" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "CostManagement", + "location": "eastus", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "properties": { + "displayName": "Storage Cost Management", + "description": "Minimize the risk of accidental cost overruns", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/storageSkus", + "parameters": { + "allowedSkus": { + "type": "Array" + } + }, + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "notScopes": [] + }, + "sku": { + "name": "A0", + "tier": "Free" + } + }, + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/TagEnforcement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TagEnforcement", + "properties": { + "displayName": "Enforces a tag key and value", + "description": "Ensure a given tag key and value are present on all resources", + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "notScopes": [] + }, + "sku": { + "name": "A0", + "tier": "Free" + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/listPolicyAssignmentsForResource.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/listPolicyAssignmentsForResource.json new file mode 100644 index 000000000000..8c272aa0a1cf --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/listPolicyAssignmentsForResource.json @@ -0,0 +1,66 @@ +{ + "parameters": { + "resourceGroupName": "TestResourceGroup", + "resourceProviderNamespace": "Microsoft.Compute", + "parentResourcePath": "virtualMachines/MyTestVm", + "resourceType": "domainNames", + "resourceName": "MyTestComputer.cloudapp.net", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2019-06-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestCostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TestCostManagement", + "location": "eastus", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "properties": { + "displayName": "VM Cost Management", + "description": "Minimize the risk of accidental cost overruns", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/vmSkus", + "parameters": { + "allowedSkus": { + "type": "Array" + } + }, + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup", + "notScopes": [] + }, + "sku": { + "name": "A0", + "tier": "Free" + } + }, + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestTagEnforcement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TestTagEnforcement", + "properties": { + "displayName": "Enforces a tag key and value", + "description": "Ensure a given tag key and value are present on all resources", + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup", + "notScopes": [] + }, + "sku": { + "name": "A0", + "tier": "Free" + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/listPolicyAssignmentsForResourceGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/listPolicyAssignmentsForResourceGroup.json new file mode 100644 index 000000000000..34d832550dfa --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/listPolicyAssignmentsForResourceGroup.json @@ -0,0 +1,63 @@ +{ + "parameters": { + "resourceGroupName": "TestResourceGroup", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2019-06-01", + "$filter": "atScope()" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestCostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TestCostManagement", + "location": "eastus", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "properties": { + "displayName": "Storage Cost Management", + "description": "Minimize the risk of accidental cost overruns", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/storageSkus", + "parameters": { + "allowedSkus": { + "type": "Array" + } + }, + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup", + "notScopes": [] + }, + "sku": { + "name": "A0", + "tier": "Free" + } + }, + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestTagEnforcement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TestTagEnforcement", + "properties": { + "displayName": "Enforces a tag key and value", + "description": "Ensure a given tag key and value are present on all resources", + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup", + "notScopes": [] + }, + "sku": { + "name": "A0", + "tier": "Free" + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/listPolicyDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/listPolicyDefinitions.json new file mode 100644 index 000000000000..531be24b5f40 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/listPolicyDefinitions.json @@ -0,0 +1,128 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2019-06-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "mode": "All", + "displayName": "Allowed storage account SKUs", + "policyType": "BuiltIn", + "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.", + "parameters": { + "listOfAllowedSKUs": { + "type": "Array", + "metadata": { + "description": "The list of SKUs that can be specified for storage accounts.", + "displayName": "Allowed SKUs", + "strongType": "StorageSKUs" + } + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Storage/storageAccounts" + }, + { + "not": { + "field": "Microsoft.Storage/storageAccounts/sku.name", + "in": "[parameters('listOfAllowedSKUs')]" + } + } + ] + }, + "then": { + "effect": "Deny" + } + } + }, + "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1" + }, + { + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "ResourceNaming" + }, + { + "properties": { + "mode": "Microsoft.KeyVault.Data", + "displayName": "Audit KeyVault certificates that expire within specified number of days", + "description": "Audit certificates that are stored in Azure Key Vault, that expire within 'X' number of days.", + "metadata": { + "category": "KeyVault DataPlane" + }, + "parameters": { + "daysToExpire": { + "type": "Integer", + "metadata": { + "displayName": "Days to expire", + "description": "The number of days for a certificate to expire." + } + } + }, + "policyRule": { + "if": { + "field": "Microsoft.KeyVault.Data/vaults/certificates/attributes/expiresOn", + "lessOrEquals": "[addDays(utcNow(), parameters('daysToExpire'))]" + }, + "then": { + "effect": "audit" + } + }, + "policyType": "Custom" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/AuditSoonToExpireCerts", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "AuditSoonToExpireCerts" + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/listPolicyDefinitionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/listPolicyDefinitionsByManagementGroup.json new file mode 100644 index 000000000000..41255ce25aaf --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/listPolicyDefinitionsByManagementGroup.json @@ -0,0 +1,96 @@ +{ + "parameters": { + "managementGroupId": "MyManagementGroup", + "api-version": "2019-06-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "mode": "All", + "displayName": "Allowed storage account SKUs", + "policyType": "BuiltIn", + "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.", + "parameters": { + "listOfAllowedSKUs": { + "type": "Array", + "metadata": { + "description": "The list of SKUs that can be specified for storage accounts.", + "displayName": "Allowed SKUs", + "strongType": "StorageSKUs" + } + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Storage/storageAccounts" + }, + { + "not": { + "field": "Microsoft.Storage/storageAccounts/sku.name", + "in": "[parameters('listOfAllowedSKUs')]" + } + } + ] + }, + "then": { + "effect": "Deny" + } + } + }, + "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1" + }, + { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "ResourceNaming", + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/listPolicySetDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/listPolicySetDefinitions.json new file mode 100644 index 000000000000..001568ae68aa --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/listPolicySetDefinitions.json @@ -0,0 +1,106 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2019-06-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "policyType": "BuiltIn", + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "metadata": { + "category": "Security Center" + }, + "parameters": {}, + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6" + } + ] + }, + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + }, + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "CostManagement", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/listPolicySetDefinitionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/listPolicySetDefinitionsByManagementGroup.json new file mode 100644 index 000000000000..65c672d6caa4 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/examples/listPolicySetDefinitionsByManagementGroup.json @@ -0,0 +1,106 @@ +{ + "parameters": { + "managementGroupId": "MyManagementGroup", + "api-version": "2019-06-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "policyType": "BuiltIn", + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "metadata": { + "category": "Security Center" + }, + "parameters": {}, + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6" + } + ] + }, + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + }, + { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "CostManagement", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/policyAssignments.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/policyAssignments.json new file mode 100644 index 000000000000..4b93d9b9b14a --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/policyAssignments.json @@ -0,0 +1,729 @@ +{ + "swagger": "2.0", + "info": { + "title": "PolicyClient", + "version": "2019-06-01", + "description": "To manage and control access to your resources, you can define customized policies and assign them at a scope." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}": { + "delete": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_Delete", + "summary": "Deletes a policy assignment.", + "description": "This operation deletes a policy assignment, given its name and the scope it was created in. The scope of a policy assignment is the part of its ID preceding '/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.", + "x-ms-examples": { + "Delete a policy assignment": { + "$ref": "./examples/deletePolicyAssignment.json" + } + }, + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'", + "x-ms-skip-url-encoding": true + }, + { + "name": "policyAssignmentName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the policy assignment to delete." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the deleted assignment.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "204": { + "description": "No Content - the policy assignment doesn't exist." + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorResponse" + } + } + } + }, + "put": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_Create", + "summary": "Creates or updates a policy assignment.", + "description": " This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.", + "x-ms-examples": { + "Create or update a policy assignment": { + "$ref": "./examples/createPolicyAssignment.json" + }, + "Create or update a policy assignment with a managed identity": { + "$ref": "./examples/createPolicyAssignmentWithIdentity.json" + } + , + "Create or update a policy assignment without enforcing policy effect during resource creation or update.": { + "$ref": "./examples/createPolicyAssignmentWithoutEnforcement.json" + } + }, + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'", + "x-ms-skip-url-encoding": true + }, + { + "name": "policyAssignmentName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the policy assignment." + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyAssignment" + }, + "description": "Parameters for the policy assignment." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "201": { + "description": "Created - Returns information about the new policy assignment.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorResponse" + } + } + } + }, + "get": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_Get", + "summary": "Retrieves a policy assignment.", + "description": "This operation retrieves a single policy assignment, given its name and the scope it was created at.", + "x-ms-examples": { + "Retrieve a policy assignment": { + "$ref": "./examples/getPolicyAssignment.json" + }, + "Retrieve a policy assignment with a managed identity": { + "$ref": "./examples/getPolicyAssignmentWithIdentity.json" + } + }, + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'", + "x-ms-skip-url-encoding": true + }, + { + "name": "policyAssignmentName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the policy assignment to get." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy assignment.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorResponse" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Authorization/policyAssignments": { + "get": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_ListForResourceGroup", + "summary": "Retrieves all policy assignments that apply to a resource group.", + "description": "This operation retrieves the list of all policy assignments associated with the given resource group in the given subscription that match the optional given $filter. Valid values for $filter are: 'atScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy assignments associated with the resource group, including those that apply directly or apply from containing scopes, as well as any applied to resources contained within the resource group. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the resource group, which is everything in the unfiltered list except those applied to resources contained within the resource group. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value} that apply to the resource group.", + "x-ms-examples": { + "List policy assignments that apply to a resource group": { + "$ref": "./examples/listPolicyAssignmentsForResourceGroup.json" + } + }, + "parameters": [ + { + "name": "resourceGroupName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the resource group that contains policy assignments.", + "pattern": "^[-\\w\\._\\(\\)]+$", + "minLength": 1, + "maxLength": 90 + }, + { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, no filtering is performed.", + "x-ms-skip-url-encoding": true + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy assignments.", + "schema": { + "$ref": "#/definitions/PolicyAssignmentListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourcegroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePath}/{resourceType}/{resourceName}/providers/Microsoft.Authorization/policyAssignments": { + "get": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_ListForResource", + "summary": "Retrieves all policy assignments that apply to a resource.", + "description": "This operation retrieves the list of all policy assignments associated with the specified resource in the given resource group and subscription that match the optional given $filter. Valid values for $filter are: 'atScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy assignments associated with the resource, including those that apply directly or from all containing scopes, as well as any applied to resources contained within the resource. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the resource, which is everything in the unfiltered list except those applied to resources contained within the resource. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value} that apply to the resource. Three parameters plus the resource name are used to identify a specific resource. If the resource is not part of a parent resource (the more common case), the parent resource path should not be provided (or provided as ''). For example a web app could be specified as ({resourceProviderNamespace} == 'Microsoft.Web', {parentResourcePath} == '', {resourceType} == 'sites', {resourceName} == 'MyWebApp'). If the resource is part of a parent resource, then all parameters should be provided. For example a virtual machine DNS name could be specified as ({resourceProviderNamespace} == 'Microsoft.Compute', {parentResourcePath} == 'virtualMachines/MyVirtualMachine', {resourceType} == 'domainNames', {resourceName} == 'MyComputerName'). A convenient alternative to providing the namespace and type name separately is to provide both in the {resourceType} parameter, format: ({resourceProviderNamespace} == '', {parentResourcePath} == '', {resourceType} == 'Microsoft.Web/sites', {resourceName} == 'MyWebApp').", + "deprecated": false, + "x-ms-examples": { + "List all policy assignments that apply to a resource": { + "$ref": "./examples/listPolicyAssignmentsForResource.json" + } + }, + "parameters": [ + { + "name": "resourceGroupName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the resource group containing the resource.", + "pattern": "^[-\\w\\._\\(\\)]+$", + "minLength": 1, + "maxLength": 90 + }, + { + "name": "resourceProviderNamespace", + "in": "path", + "required": true, + "type": "string", + "description": "The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines)" + }, + { + "name": "parentResourcePath", + "in": "path", + "required": true, + "type": "string", + "description": "The parent resource path. Use empty string if there is none.", + "x-ms-skip-url-encoding": true + }, + { + "name": "resourceType", + "in": "path", + "required": true, + "type": "string", + "description": "The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites).", + "x-ms-skip-url-encoding": true + }, + { + "name": "resourceName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the resource." + }, + { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, no filtering is performed." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy assignments.", + "schema": { + "$ref": "#/definitions/PolicyAssignmentListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "#/definitions/PolicyAssignment" + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyAssignments": { + "get": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_List", + "summary": "Retrieves all policy assignments that apply to a subscription.", + "description": "This operation retrieves the list of all policy assignments associated with the given subscription that match the optional given $filter. Valid values for $filter are: 'atScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy assignments associated with the subscription, including those that apply directly or from management groups that contain the given subscription, as well as any applied to objects contained within the subscription. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the subscription, which is everything in the unfiltered list except those applied to objects contained within the subscription. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value}.", + "x-ms-examples": { + "List policy assignments that apply to a subscription": { + "$ref": "./examples/listPolicyAssignments.json" + } + }, + "parameters": [ + { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, no filtering is performed." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy assignments.", + "schema": { + "$ref": "#/definitions/PolicyAssignmentListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "#/definitions/PolicyAssignment" + } + }, + "/{policyAssignmentId}": { + "delete": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_DeleteById", + "summary": "Deletes a policy assignment.", + "description": "This operation deletes the policy with the given ID. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid formats for {scope} are: '/providers/Microsoft.Management/managementGroups/{managementGroup}' (management group), '/subscriptions/{subscriptionId}' (subscription), '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}' (resource group), or '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' (resource).", + "x-ms-examples": { + "Delete a policy assignment by ID": { + "$ref": "./examples/deletePolicyAssignmentById.json" + } + }, + "parameters": [ + { + "name": "policyAssignmentId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.", + "x-ms-skip-url-encoding": true + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy assignment.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "204": { + "description": "No Content - the policy assignment doesn't exist." + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorResponse" + } + } + } + }, + "put": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_CreateById", + "summary": "Creates or updates a policy assignment.", + "description": "This operation creates or updates the policy assignment with the given ID. Policy assignments made on a scope apply to all resources contained in that scope. For example, when you assign a policy to a resource group that policy applies to all resources in the group. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'.", + "x-ms-examples": { + "Create or update policy assignment by ID": { + "$ref": "./examples/createPolicyAssignmentById.json" + }, + "Create or update policy assignment with a managed identity by ID": { + "$ref": "./examples/createPolicyAssignmentWithIdentityById.json" + } + }, + "parameters": [ + { + "name": "policyAssignmentId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the policy assignment to create. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.", + "x-ms-skip-url-encoding": true + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyAssignment" + }, + "description": "Parameters for policy assignment." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "201": { + "description": "Created - Returns information about the policy assignment.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorResponse" + } + } + } + }, + "get": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_GetById", + "summary": "Retrieves the policy assignment with the given ID.", + "description": "The operation retrieves the policy assignment with the given ID. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'.", + "x-ms-examples": { + "Retrieve a policy assignment by ID": { + "$ref": "./examples/getPolicyAssignmentById.json" + }, + "Retrieve a policy assignment with a managed identity by ID": { + "$ref": "./examples/getPolicyAssignmentWithIdentityById.json" + } + }, + "parameters": [ + { + "name": "policyAssignmentId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the policy assignment to get. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.", + "x-ms-skip-url-encoding": true + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy assignment.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorResponse" + } + } + } + } + } + }, + "definitions": { + "PolicyAssignmentProperties": { + "properties": { + "displayName": { + "type": "string", + "description": "The display name of the policy assignment." + }, + "policyDefinitionId": { + "type": "string", + "description": "The ID of the policy definition or policy set definition being assigned." + }, + "scope": { + "type": "string", + "description": "The scope for the policy assignment." + }, + "notScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The policy's excluded scopes." + }, + "parameters": { + "type": "object", + "description": "Required if a parameter is used in policy rule." + }, + "description": { + "type": "string", + "description": "This message will be part of response in case of policy violation." + }, + "metadata": { + "type": "object", + "description": "The policy assignment metadata." + }, + "enforcementMode": { + "type": "string", + "description": "The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.", + "enum": [ + "Default", + "DoNotEnforce" + ], + "x-ms-enum": { + "name": "enforcementMode", + "modelAsString": true, + "values": [ + { + "value": "Default", + "description": "The policy effect is enforced during resource creation or update." + }, + { + "value": "DoNotEnforce", + "description": "The policy effect is not enforced during resource creation or update." + } + ] + } + } + }, + "description": "The policy assignment properties." + }, + "PolicySku": { + "properties": { + "name": { + "type": "string", + "description": "The name of the policy sku. Possible values are A0 and A1." + }, + "tier": { + "type": "string", + "description": "The policy sku tier. Possible values are Free and Standard." + } + }, + "required": [ + "name" + ], + "description": "The policy sku. This property is optional, obsolete, and will be ignored." + }, + "PolicyAssignment": { + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/PolicyAssignmentProperties", + "description": "Properties for the policy assignment." + }, + "id": { + "type": "string", + "description": "The ID of the policy assignment.", + "readOnly": true + }, + "type": { + "type": "string", + "description": "The type of the policy assignment.", + "readOnly": true + }, + "name": { + "type": "string", + "description": "The name of the policy assignment.", + "readOnly": true + }, + "sku": { + "$ref": "#/definitions/PolicySku", + "description": "The policy sku. This property is optional, obsolete, and will be ignored." + }, + "location": { + "type": "string", + "description": "The location of the policy assignment. Only required when utilizing managed identity." + }, + "identity": { + "$ref": "#/definitions/Identity", + "description": "The managed identity associated with the policy assignment." + } + }, + "description": "The policy assignment.", + "x-ms-azure-resource": true + }, + "PolicyAssignmentListResult": { + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/PolicyAssignment" + }, + "description": "An array of policy assignments." + }, + "nextLink": { + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "description": "List of policy assignments." + }, + "Identity": { + "properties": { + "principalId": { + "readOnly": true, + "type": "string", + "description": "The principal ID of the resource identity." + }, + "tenantId": { + "readOnly": true, + "type": "string", + "description": "The tenant ID of the resource identity." + }, + "type": { + "type": "string", + "description": "The identity type.", + "enum": [ + "SystemAssigned", + "None" + ], + "x-ms-enum": { + "name": "ResourceIdentityType", + "modelAsString": false + } + } + }, + "description": "Identity for the resource." + }, + "ErrorResponse": { + "description": "Error response indicates Azure Resource Manager is not able to process the incoming request. The reason is provided in the error message.", + "type": "object", + "properties": { + "httpStatus": { + "description": "Http status code.", + "type": "string" + }, + "errorCode": { + "description": "Error code.", + "type": "string" + }, + "errorMessage": { + "description": "Error message indicating why the operation failed.", + "type": "string" + } + } + } + }, + "parameters": { + "SubscriptionIdParameter": { + "name": "subscriptionId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the target subscription." + }, + "ApiVersionParameter": { + "name": "api-version", + "in": "query", + "required": true, + "type": "string", + "description": "The API version to use for the operation." + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/policyDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/policyDefinitions.json new file mode 100644 index 000000000000..f8d63a0da270 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/policyDefinitions.json @@ -0,0 +1,520 @@ +{ + "swagger": "2.0", + "info": { + "title": "PolicyClient", + "version": "2019-06-01", + "description": "To manage and control access to your resources, you can define customized policies and assign them at a scope." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}": { + "put": { + "tags": [ + "PolicyDefinitions" + ], + "operationId": "PolicyDefinitions_CreateOrUpdate", + "summary": "Creates or updates a policy definition in a subscription.", + "description": "This operation creates or updates a policy definition in the given subscription with the given name.", + "x-ms-examples": { + "Create or update a policy definition": { + "$ref": "./examples/createOrUpdatePolicyDefinition.json" + } + }, + "parameters": [ + { + "name": "policyDefinitionName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the policy definition to create." + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyDefinition" + }, + "description": "The policy definition properties." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "201": { + "description": "Created - Returns information about the policy definition.", + "schema": { + "$ref": "#/definitions/PolicyDefinition" + } + } + } + }, + "delete": { + "tags": [ + "PolicyDefinitions" + ], + "operationId": "PolicyDefinitions_Delete", + "summary": "Deletes a policy definition in a subscription.", + "description": "This operation deletes the policy definition in the given subscription with the given name.", + "x-ms-examples": { + "Delete a policy definition": { + "$ref": "./examples/deletePolicyDefinition.json" + } + }, + "parameters": [ + { + "name": "policyDefinitionName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the policy definition to delete." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "200": { + "description": "OK" + } + } + }, + "get": { + "tags": [ + "PolicyDefinitions" + ], + "operationId": "PolicyDefinitions_Get", + "summary": "Retrieves a policy definition in a subscription.", + "description": "This operation retrieves the policy definition in the given subscription with the given name.", + "x-ms-examples": { + "Retrieve a policy definition": { + "$ref": "./examples/getPolicyDefinition.json" + } + }, + "parameters": [ + { + "name": "policyDefinitionName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the policy definition to get." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy definition.", + "schema": { + "$ref": "#/definitions/PolicyDefinition" + } + } + } + } + }, + "/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}": { + "get": { + "tags": [ + "PolicyDefinitions" + ], + "operationId": "PolicyDefinitions_GetBuiltIn", + "summary": "Retrieves a built-in policy definition.", + "description": "This operation retrieves the built-in policy definition with the given name.", + "x-ms-examples": { + "Retrieve a built-in policy definition": { + "$ref": "./examples/getBuiltinPolicyDefinition.json" + } + }, + "parameters": [ + { + "name": "policyDefinitionName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the built-in policy definition to get." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the built-in policy definition.", + "schema": { + "$ref": "#/definitions/PolicyDefinition" + } + } + } + } + }, + "/providers/Microsoft.Management/managementgroups/{managementGroupId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}": { + "put": { + "tags": [ + "PolicyDefinitions" + ], + "operationId": "PolicyDefinitions_CreateOrUpdateAtManagementGroup", + "summary": "Creates or updates a policy definition in a management group.", + "description": "This operation creates or updates a policy definition in the given management group with the given name.", + "x-ms-examples": { + "Create or update a policy definition at management group level": { + "$ref": "./examples/createOrUpdatePolicyDefinitionAtManagementGroup.json" + } + }, + "parameters": [ + { + "name": "policyDefinitionName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the policy definition to create." + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyDefinition" + }, + "description": "The policy definition properties." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/ManagementGroupIdParameter" + } + ], + "responses": { + "201": { + "description": "Created - Returns information about the policy definition.", + "schema": { + "$ref": "#/definitions/PolicyDefinition" + } + } + } + }, + "delete": { + "tags": [ + "PolicyDefinitions" + ], + "operationId": "PolicyDefinitions_DeleteAtManagementGroup", + "summary": "Deletes a policy definition in a management group.", + "description": "This operation deletes the policy definition in the given management group with the given name.", + "x-ms-examples": { + "Delete a policy definition at management group level": { + "$ref": "./examples/deletePolicyDefinitionAtManagementGroup.json" + } + }, + "parameters": [ + { + "name": "policyDefinitionName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the policy definition to delete." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/ManagementGroupIdParameter" + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "200": { + "description": "OK" + } + } + }, + "get": { + "tags": [ + "PolicyDefinitions" + ], + "operationId": "PolicyDefinitions_GetAtManagementGroup", + "summary": "Retrieve a policy definition in a management group.", + "description": "This operation retrieves the policy definition in the given management group with the given name.", + "x-ms-examples": { + "Retrieve a policy definition at management group level": { + "$ref": "./examples/getPolicyDefinitionAtManagementGroup.json" + } + }, + "parameters": [ + { + "name": "policyDefinitionName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the policy definition to get." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/ManagementGroupIdParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy definition.", + "schema": { + "$ref": "#/definitions/PolicyDefinition" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions": { + "get": { + "tags": [ + "PolicyDefinitions" + ], + "operationId": "PolicyDefinitions_List", + "summary": "Retrieves policy definitions in a subscription", + "description": "This operation retrieves a list of all the policy definitions in a given subscription.", + "x-ms-examples": { + "List policy definitions by subscription": { + "$ref": "./examples/listPolicyDefinitions.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy definitions.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionListResult" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Authorization/policyDefinitions": { + "get": { + "tags": [ + "PolicyDefinitions" + ], + "operationId": "PolicyDefinitions_ListBuiltIn", + "summary": "Retrieve built-in policy definitions", + "description": "This operation retrieves a list of all the built-in policy definitions.", + "x-ms-examples": { + "List built-in policy definitions": { + "$ref": "./examples/listBuiltInPolicyDefinitions.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of built-in policy definitions.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionListResult" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Management/managementgroups/{managementGroupId}/providers/Microsoft.Authorization/policyDefinitions": { + "get": { + "tags": [ + "PolicyDefinitions" + ], + "operationId": "PolicyDefinitions_ListByManagementGroup", + "summary": "Retrieve policy definitions in a management group", + "description": "This operation retrieves a list of all the policy definitions in a given management group.", + "x-ms-examples": { + "List policy definitions by management group": { + "$ref": "./examples/listPolicyDefinitionsByManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/ManagementGroupIdParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy definitions.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionListResult" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + } + }, + "definitions": { + "PolicyDefinitionProperties": { + "properties": { + "policyType": { + "type": "string", + "description": "The type of policy definition. Possible values are NotSpecified, BuiltIn, and Custom.", + "enum": [ + "NotSpecified", + "BuiltIn", + "Custom" + ], + "x-ms-enum": { + "name": "policyType", + "modelAsString": true + } + }, + "mode": { + "type": "string", + "description": "The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data." + }, + "displayName": { + "type": "string", + "description": "The display name of the policy definition." + }, + "description": { + "type": "string", + "description": "The policy definition description." + }, + "policyRule": { + "type": "object", + "description": "The policy rule." + }, + "metadata": { + "type": "object", + "description": "The policy definition metadata." + }, + "parameters": { + "type": "object", + "description": "Required if a parameter is used in policy rule." + } + }, + "description": "The policy definition properties." + }, + "PolicyDefinition": { + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/PolicyDefinitionProperties", + "description": "The policy definition properties." + }, + "id": { + "readOnly": true, + "type": "string", + "description": "The ID of the policy definition." + }, + "name": { + "readOnly": true, + "type": "string", + "description": "The name of the policy definition." + }, + "type": { + "readOnly": true, + "type": "string", + "description": "The type of the resource (Microsoft.Authorization/policyDefinitions)." + } + }, + "description": "The policy definition.", + "x-ms-azure-resource": true + }, + "PolicyDefinitionListResult": { + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/PolicyDefinition" + }, + "description": "An array of policy definitions." + }, + "nextLink": { + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "description": "List of policy definitions." + } + }, + "parameters": { + "SubscriptionIdParameter": { + "name": "subscriptionId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the target subscription." + }, + "ManagementGroupIdParameter": { + "name": "managementGroupId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the management group.", + "x-ms-parameter-location": "method" + }, + "ApiVersionParameter": { + "name": "api-version", + "in": "query", + "required": true, + "type": "string", + "description": "The API version to use for the operation." + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/policySetDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/policySetDefinitions.json new file mode 100644 index 000000000000..591123069fc3 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2019-06-01/policySetDefinitions.json @@ -0,0 +1,625 @@ +{ + "swagger": "2.0", + "info": { + "title": "PolicyClient", + "version": "2019-06-01", + "description": "To manage and control access to your resources, you can define customized policies and assign them at a scope." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}": { + "put": { + "tags": [ + "PolicySetDefinitions" + ], + "operationId": "PolicySetDefinitions_CreateOrUpdate", + "summary": "Creates or updates a policy set definition.", + "description": "This operation creates or updates a policy set definition in the given subscription with the given name.", + "x-ms-examples": { + "Create or update a policy set definition": { + "$ref": "./examples/createOrUpdatePolicySetDefinition.json" + } + }, + "parameters": [ + { + "name": "policySetDefinitionName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the policy set definition to create." + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + }, + "description": "The policy set definition properties." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "201": { + "description": "Created - Returns information about the policy set definition.", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "200": { + "description": "OK - Returns information about the policy set definition.", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "tags": [ + "PolicySetDefinitions" + ], + "operationId": "PolicySetDefinitions_Delete", + "summary": "Deletes a policy set definition.", + "description": "This operation deletes the policy set definition in the given subscription with the given name.", + "x-ms-examples": { + "Delete a policy set definition": { + "$ref": "./examples/deletePolicySetDefinition.json" + } + }, + "parameters": [ + { + "name": "policySetDefinitionName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the policy set definition to delete." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "204": { + "description": "No Content - the policy set definition doesn't exist in the subscription." + }, + "200": { + "description": "OK" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorResponse" + } + } + } + }, + "get": { + "tags": [ + "PolicySetDefinitions" + ], + "operationId": "PolicySetDefinitions_Get", + "summary": "Retrieves a policy set definition.", + "description": "This operation retrieves the policy set definition in the given subscription with the given name.", + "x-ms-examples": { + "Retrieve a policy set definition": { + "$ref": "./examples/getPolicySetDefinition.json" + } + }, + "parameters": [ + { + "name": "policySetDefinitionName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the policy set definition to get." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy set definition.", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorResponse" + } + } + } + } + }, + "/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}": { + "get": { + "tags": [ + "PolicySetDefinitions" + ], + "operationId": "PolicySetDefinitions_GetBuiltIn", + "summary": "Retrieves a built in policy set definition.", + "description": "This operation retrieves the built-in policy set definition with the given name.", + "x-ms-examples": { + "Retrieve a built-in policy set definition": { + "$ref": "./examples/getBuiltInPolicySetDefinition.json" + } + }, + "parameters": [ + { + "name": "policySetDefinitionName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the policy set definition to get." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the built in policy set definition.", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorResponse" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions": { + "get": { + "tags": [ + "PolicySetDefinitions" + ], + "operationId": "PolicySetDefinitions_List", + "summary": "Retrieves the policy set definitions for a subscription.", + "description": "This operation retrieves a list of all the policy set definitions in the given subscription.", + "x-ms-examples": { + "List policy set definitions": { + "$ref": "./examples/listPolicySetDefinitions.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy set definitions.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Authorization/policySetDefinitions": { + "get": { + "tags": [ + "PolicySetDefinitions" + ], + "operationId": "PolicySetDefinitions_ListBuiltIn", + "summary": "Retrieves built-in policy set definitions.", + "description": "This operation retrieves a list of all the built-in policy set definitions.", + "x-ms-examples": { + "List built-in policy set definitions": { + "$ref": "./examples/listBuiltInPolicySetDefinitions.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of built in policy set definitions.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Management/managementgroups/{managementGroupId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}": { + "put": { + "tags": [ + "PolicySetDefinitions" + ], + "operationId": "PolicySetDefinitions_CreateOrUpdateAtManagementGroup", + "summary": "Creates or updates a policy set definition.", + "description": "This operation creates or updates a policy set definition in the given management group with the given name.", + "x-ms-examples": { + "Create or update a policy set definition at management group level": { + "$ref": "./examples/createOrUpdatePolicySetDefinitionAtManagementGroup.json" + } + }, + "parameters": [ + { + "name": "policySetDefinitionName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the policy set definition to create." + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + }, + "description": "The policy set definition properties." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/ManagementGroupIdParameter" + } + ], + "responses": { + "201": { + "description": "Created - Returns information about the policy set definition.", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "200": { + "description": "OK - Returns information about the policy set definition.", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "tags": [ + "PolicySetDefinitions" + ], + "operationId": "PolicySetDefinitions_DeleteAtManagementGroup", + "summary": "Deletes a policy set definition.", + "description": "This operation deletes the policy set definition in the given management group with the given name.", + "x-ms-examples": { + "Delete a policy set definition at management group level": { + "$ref": "./examples/deletePolicySetDefinitionAtManagementGroup.json" + } + }, + "parameters": [ + { + "name": "policySetDefinitionName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the policy set definition to delete." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/ManagementGroupIdParameter" + } + ], + "responses": { + "204": { + "description": "No Content - the policy set definition doesn't exist in the subscription." + }, + "200": { + "description": "OK" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorResponse" + } + } + } + }, + "get": { + "tags": [ + "PolicySetDefinitions" + ], + "operationId": "PolicySetDefinitions_GetAtManagementGroup", + "summary": "Retrieves a policy set definition.", + "description": "This operation retrieves the policy set definition in the given management group with the given name.", + "x-ms-examples": { + "Retrieve a policy set definition at management group level": { + "$ref": "./examples/getPolicySetDefinitionAtManagementGroup.json" + } + }, + "parameters": [ + { + "name": "policySetDefinitionName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the policy set definition to get." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/ManagementGroupIdParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy set definition.", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorResponse" + } + } + } + } + }, + "/providers/Microsoft.Management/managementgroups/{managementGroupId}/providers/Microsoft.Authorization/policySetDefinitions": { + "get": { + "tags": [ + "PolicySetDefinitions" + ], + "operationId": "PolicySetDefinitions_ListByManagementGroup", + "summary": "Retrieves all policy set definitions in management group.", + "description": "This operation retrieves a list of all the a policy set definition in the given management group.", + "x-ms-examples": { + "List policy set definitions at management group level": { + "$ref": "./examples/listPolicySetDefinitionsByManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/ManagementGroupIdParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy set definitions.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + } + }, + "definitions": { + "PolicySetDefinitionProperties": { + "properties": { + "policyType": { + "type": "string", + "description": "The type of policy definition. Possible values are NotSpecified, BuiltIn, and Custom.", + "enum": [ + "NotSpecified", + "BuiltIn", + "Custom" + ], + "x-ms-enum": { + "name": "policyType", + "modelAsString": true + } + }, + "displayName": { + "type": "string", + "description": "The display name of the policy set definition." + }, + "description": { + "type": "string", + "description": "The policy set definition description." + }, + "metadata": { + "type": "object", + "description": "The policy set definition metadata." + }, + "parameters": { + "type": "object", + "description": "The policy set definition parameters that can be used in policy definition references." + }, + "policyDefinitions": { + "type": "array", + "items": { + "$ref": "#/definitions/PolicyDefinitionReference" + }, + "description": "An array of policy definition references." + } + }, + "required": [ + "policyDefinitions" + ], + "description": "The policy set definition properties." + }, + "PolicyDefinitionReference": { + "properties": { + "policyDefinitionId": { + "type": "string", + "description": "The ID of the policy definition or policy set definition." + }, + "parameters": { + "type": "object", + "description": "Required if a parameter is used in policy rule." + } + }, + "description": "The policy definition reference." + }, + "PolicySetDefinition": { + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/PolicySetDefinitionProperties", + "description": "The policy definition properties." + }, + "id": { + "readOnly": true, + "type": "string", + "description": "The ID of the policy set definition." + }, + "name": { + "readOnly": true, + "type": "string", + "description": "The name of the policy set definition." + }, + "type": { + "readOnly": true, + "type": "string", + "description": "The type of the resource (Microsoft.Authorization/policySetDefinitions)." + } + }, + "description": "The policy set definition.", + "x-ms-azure-resource": true + }, + "PolicySetDefinitionListResult": { + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/PolicySetDefinition" + }, + "description": "An array of policy set definitions." + }, + "nextLink": { + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "description": "List of policy set definitions." + }, + "ErrorResponse": { + "description": "Error response indicates Azure Resource Manager is not able to process the incoming request. The reason is provided in the error message.", + "type": "object", + "properties": { + "httpStatus": { + "description": "Http status code.", + "type": "string" + }, + "errorCode": { + "description": "Error code.", + "type": "string" + }, + "errorMessage": { + "description": "Error message indicating why the operation failed.", + "type": "string" + } + } + } + }, + "parameters": { + "SubscriptionIdParameter": { + "name": "subscriptionId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the target subscription." + }, + "ManagementGroupIdParameter": { + "name": "managementGroupId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the management group.", + "x-ms-parameter-location": "method" + }, + "ApiVersionParameter": { + "name": "api-version", + "in": "query", + "required": true, + "type": "string", + "description": "The API version to use for the operation." + } + } +} diff --git a/specification/resources/resource-manager/readme.go.md b/specification/resources/resource-manager/readme.go.md index 6afd2005a1a8..d92100bcc165 100644 --- a/specification/resources/resource-manager/readme.go.md +++ b/specification/resources/resource-manager/readme.go.md @@ -25,6 +25,7 @@ batch: - tag: package-features-2015-12 - tag: package-locks-2016-09 - tag: package-locks-2015-01 + - tag: package-policy-2019-06 - tag: package-policy-2019-01 - tag: package-policy-2018-05 - tag: package-policy-2018-03 @@ -80,6 +81,16 @@ namespace: locks output-folder: $(go-sdk-folder)/services/resources/mgmt/2015-01-01/locks ``` +### Tag: package-policy-2019-06 and go + +These settings apply only when `--tag=package-policy-2019-06 --go` is specified on the command line. +Please also specify `--go-sdk-folder=`. + +``` yaml $(tag) == 'package-policy-2019-06' && $(go) +namespace: policy +output-folder: $(go-sdk-folder)/services/resources/mgmt/2019-06-01/policy +``` + ### Tag: package-policy-2019-01 and go These settings apply only when `--tag=package-policy-2019-01 --go` is specified on the command line. diff --git a/specification/resources/resource-manager/readme.md b/specification/resources/resource-manager/readme.md index 2d017716a504..3b5d87adc3f5 100644 --- a/specification/resources/resource-manager/readme.md +++ b/specification/resources/resource-manager/readme.md @@ -36,6 +36,10 @@ tag: package-features-2015-12 tag: package-locks-2016-09 ``` +``` yaml $(package-policy) +tag: package-policy-2019-06 +``` + ``` yaml $(package-policy) tag: package-policy-2019-01 ``` @@ -92,6 +96,21 @@ input-file: - Microsoft.Authorization/stable/2015-01-01/locks.json ``` +### Tag: package-policy-2019-06 + +These settings apply only when `--tag=package-policy-2019-06` is specified on the command line. + +``` yaml $(tag) == 'package-policy-2019-06' +input-file: +- Microsoft.Authorization/stable/2019-06-01/policyAssignments.json +- Microsoft.Authorization/stable/2019-06-01/policyDefinitions.json +- Microsoft.Authorization/stable/2019-06-01/policySetDefinitions.json + +# Needed when there is more than one input file +override-info: + title: PolicyClient +``` + ### Tag: package-policy-2019-01 These settings apply only when `--tag=package-policy-2019-01` is specified on the command line. @@ -482,6 +501,7 @@ Generate all API versions currently shipped for this package batch: - tag: package-features-2015-12 - tag: package-locks-2016-09 + - tag: package-policy-2019-06 - tag: package-policy-2019-01 - tag: package-policy-2018-05 - tag: package-policy-2018-03 @@ -524,6 +544,24 @@ generate-interface: true fconfig: '{"moduleName": "Locks"}' ``` +### Tag: package-policy-2019-06 and java + +These settings apply only when `--tag=package-policy-2019-06 --java` is specified on the command line. +Please also specify `--azure-libraries-for-java-folder=`. + +``` yaml $(tag) == 'package-policy-2019-06' && $(java) && $(multiapi) +java: + namespace: com.microsoft.azure.management.policy.v2019_06_01 + output-folder: $(azure-libraries-for-java-folder)/policy/resource-manager/v2019_06_01 +regenerate-manager: true +generate-interface: true +fconfig: '{"moduleName": "Policy"}' +directive: + from: policyAssignments.json + where: $.definitions.PolicyAssignmentProperties.properties.scope + transform: $['x-ms-client-name'] = 'scopeProperty' +``` + ### Tag: package-policy-2019-01 and java These settings apply only when `--tag=package-policy-2019-01 --java` is specified on the command line. @@ -745,6 +783,9 @@ input-file: - $(this-folder)/Microsoft.Features/stable/2015-12-01/features.json - $(this-folder)/Microsoft.Authorization/stable/2016-09-01/locks.json - $(this-folder)/Microsoft.Authorization/stable/2015-01-01/locks.json + - $(this-folder)/Microsoft.Authorization/stable/2019-06-01/policyAssignments.json + - $(this-folder)/Microsoft.Authorization/stable/2019-06-01/policyDefinitions.json + - $(this-folder)/Microsoft.Authorization/stable/2019-06-01/policySetDefinitions.json - $(this-folder)/Microsoft.Authorization/stable/2019-01-01/policyAssignments.json - $(this-folder)/Microsoft.Authorization/stable/2019-01-01/policyDefinitions.json - $(this-folder)/Microsoft.Authorization/stable/2019-01-01/policySetDefinitions.json diff --git a/specification/resources/resource-manager/readme.python.md b/specification/resources/resource-manager/readme.python.md index 560d35a698fc..afc89c937c2b 100644 --- a/specification/resources/resource-manager/readme.python.md +++ b/specification/resources/resource-manager/readme.python.md @@ -26,6 +26,7 @@ batch: - tag: package-locks-2015-01 - tag: package-managedapplications-2018-06 - tag: package-managedapplications-2017-09 + - tag: package-policy-2019-06 - tag: package-policy-2019-01 - tag: package-policy-2018-05 - tag: package-policy-2018-03 @@ -112,6 +113,17 @@ python: output-folder: $(python-sdks-folder)/resources/azure-mgmt-resource/azure/mgmt/resource/managedapplications ``` +### Tag: package-policy-2019-06 and python + +These settings apply only when `--tag=package-policy-2019-06 --python` is specified on the command line. +Please also specify `--python-sdks-folder=`. + +``` yaml $(tag) == 'package-policy-2019-06' && $(python) +python: + namespace: azure.mgmt.resource.policy.v2019_06_01 + output-folder: $(python-sdks-folder)/resources/azure-mgmt-resource/azure/mgmt/resource/policy/v2019_06_01 +``` + ### Tag: package-policy-2019-01 and python These settings apply only when `--tag=package-policy-2019-01 --python` is specified on the command line.