diff --git a/schemas/2015-07-01/Microsoft.Authorization.json b/schemas/2015-07-01/Microsoft.Authorization.json new file mode 100644 index 0000000000..a032d9400b --- /dev/null +++ b/schemas/2015-07-01/Microsoft.Authorization.json @@ -0,0 +1,187 @@ +{ + "id": "https://schema.management.azure.com/schemas/2015-07-01/Microsoft.Authorization.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.Authorization", + "description": "Microsoft Authorization Resource Types", + "resourceDefinitions": {}, + "unknown_resourceDefinitions": { + "roleAssignments": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2015-07-01" + ] + }, + "name": { + "type": "string", + "description": "The name of the role assignment to create. It can be any valid GUID." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/RoleAssignmentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role assignment properties." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/roleAssignments" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Authorization/roleAssignments" + }, + "roleDefinitions": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2015-07-01" + ] + }, + "name": { + "type": "string", + "description": "The ID of the role definition." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/RoleDefinitionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role definition properties." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/roleDefinitions" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Authorization/roleDefinitions" + } + }, + "definitions": { + "Permission": { + "type": "object", + "properties": { + "actions": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Allowed actions." + }, + "notActions": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Denied actions." + } + }, + "description": "Role definition permissions." + }, + "RoleAssignmentProperties": { + "type": "object", + "properties": { + "principalId": { + "type": "string", + "description": "The principal ID assigned to the role. This maps to the ID inside the Active Directory. It can point to a user, service principal, or security group." + }, + "roleDefinitionId": { + "type": "string", + "description": "The role definition ID used in the role assignment." + } + }, + "required": [ + "principalId", + "roleDefinitionId" + ], + "description": "Role assignment properties." + }, + "RoleDefinitionProperties": { + "type": "object", + "properties": { + "assignableScopes": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role definition assignable scopes." + }, + "description": { + "type": "string", + "description": "The role definition description." + }, + "permissions": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/Permission" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role definition permissions." + }, + "roleName": { + "type": "string", + "description": "The role name." + }, + "type": { + "type": "string", + "description": "The role type." + } + }, + "description": "Role definition properties." + } + } +} diff --git a/schemas/2017-10-01-preview/Microsoft.Authorization.json b/schemas/2017-10-01-preview/Microsoft.Authorization.json new file mode 100644 index 0000000000..4403356cb0 --- /dev/null +++ b/schemas/2017-10-01-preview/Microsoft.Authorization.json @@ -0,0 +1,75 @@ +{ + "id": "https://schema.management.azure.com/schemas/2017-10-01-preview/Microsoft.Authorization.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.Authorization", + "description": "Microsoft Authorization Resource Types", + "resourceDefinitions": {}, + "unknown_resourceDefinitions": { + "roleAssignments": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2017-10-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the role assignment to create. It can be any valid GUID." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/RoleAssignmentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role assignment properties." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/roleAssignments" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Authorization/roleAssignments" + } + }, + "definitions": { + "RoleAssignmentProperties": { + "type": "object", + "properties": { + "canDelegate": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The delegation flag used for creating a role assignment" + }, + "principalId": { + "type": "string", + "description": "The principal ID assigned to the role. This maps to the ID inside the Active Directory. It can point to a user, service principal, or security group." + }, + "roleDefinitionId": { + "type": "string", + "description": "The role definition ID used in the role assignment." + } + }, + "description": "Role assignment properties." + } + } +} diff --git a/schemas/2018-01-01-preview/Microsoft.Authorization.json b/schemas/2018-01-01-preview/Microsoft.Authorization.json new file mode 100644 index 0000000000..1891f79c0c --- /dev/null +++ b/schemas/2018-01-01-preview/Microsoft.Authorization.json @@ -0,0 +1,226 @@ +{ + "id": "https://schema.management.azure.com/schemas/2018-01-01-preview/Microsoft.Authorization.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.Authorization", + "description": "Microsoft Authorization Resource Types", + "resourceDefinitions": {}, + "unknown_resourceDefinitions": { + "roleAssignments": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2018-01-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the role assignment to create. It can be any valid GUID." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/RoleAssignmentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role assignment properties." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/roleAssignments" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Authorization/roleAssignments" + }, + "roleDefinitions": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2018-01-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The ID of the role definition." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/RoleDefinitionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role definition properties." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/roleDefinitions" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Authorization/roleDefinitions" + } + }, + "definitions": { + "Permission": { + "type": "object", + "properties": { + "actions": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Allowed actions." + }, + "dataActions": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Allowed Data actions." + }, + "notActions": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Denied actions." + }, + "notDataActions": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Denied Data actions." + } + }, + "description": "Role definition permissions." + }, + "RoleAssignmentProperties": { + "type": "object", + "properties": { + "canDelegate": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The delegation flag used for creating a role assignment" + }, + "principalId": { + "type": "string", + "description": "The principal ID assigned to the role. This maps to the ID inside the Active Directory. It can point to a user, service principal, or security group." + }, + "roleDefinitionId": { + "type": "string", + "description": "The role definition ID used in the role assignment." + } + }, + "required": [ + "principalId", + "roleDefinitionId" + ], + "description": "Role assignment properties." + }, + "RoleDefinitionProperties": { + "type": "object", + "properties": { + "assignableScopes": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role definition assignable scopes." + }, + "description": { + "type": "string", + "description": "The role definition description." + }, + "permissions": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/Permission" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role definition permissions." + }, + "roleName": { + "type": "string", + "description": "The role name." + }, + "type": { + "type": "string", + "description": "The role type." + } + }, + "description": "Role definition properties." + } + } +} diff --git a/schemas/2018-05-01-preview/Microsoft.Authorization.json b/schemas/2018-05-01-preview/Microsoft.Authorization.json new file mode 100644 index 0000000000..c7514d9b89 --- /dev/null +++ b/schemas/2018-05-01-preview/Microsoft.Authorization.json @@ -0,0 +1,478 @@ +{ + "id": "https://schema.management.azure.com/schemas/2018-05-01-preview/Microsoft.Authorization.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.Authorization", + "description": "Microsoft Authorization Resource Types", + "resourceDefinitions": {}, + "subscription_resourceDefinitions": { + "accessReviewScheduleDefinitions": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2018-05-01-preview" + ] + }, + "descriptionForAdmins": { + "type": "string", + "description": "The description provided by the access review creator and visible to admins." + }, + "descriptionForReviewers": { + "type": "string", + "description": "The description provided by the access review creator to be shown to reviewers." + }, + "displayName": { + "type": "string", + "description": "The display name for the schedule definition." + }, + "instances": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/AccessReviewInstance" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "This is the collection of instances returned when one does an expand on it." + }, + "name": { + "type": "string", + "description": "The id of the access review schedule definition." + }, + "reviewers": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/AccessReviewReviewer" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "This is the collection of reviewers." + }, + "settings": { + "oneOf": [ + { + "$ref": "#/definitions/AccessReviewScheduleSettings" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Settings of an Access Review." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/accessReviewScheduleDefinitions" + ] + } + }, + "required": [ + "apiVersion", + "name", + "type" + ], + "description": "Microsoft.Authorization/accessReviewScheduleDefinitions" + }, + "accessReviewScheduleSettings": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2018-05-01-preview" + ] + }, + "autoApplyDecisionsEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether auto-apply capability, to automatically change the target object access resource, is enabled. If not enabled, a user must, after the review completes, apply the access review." + }, + "defaultDecision": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Approve", + "Deny", + "Recommendation" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "This specifies the behavior for the autoReview feature when an access review completes." + }, + "defaultDecisionEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether reviewers are required to provide a justification when reviewing access." + }, + "instanceDurationInDays": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The duration in days for an instance." + }, + "justificationRequiredOnApproval": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether the reviewer is required to pass justification when recording a decision." + }, + "mailNotificationsEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether sending mails to reviewers and the review creator is enabled." + }, + "name": { + "type": "string", + "enum": [ + "default" + ] + }, + "recommendationsEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether showing recommendations to reviewers is enabled." + }, + "recurrence": { + "oneOf": [ + { + "$ref": "#/definitions/AccessReviewRecurrenceSettings" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Recurrence Settings of an Access Review Schedule Definition." + }, + "reminderNotificationsEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether sending reminder emails to reviewers are enabled." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/accessReviewScheduleSettings" + ] + } + }, + "required": [ + "apiVersion", + "name", + "type" + ], + "description": "Microsoft.Authorization/accessReviewScheduleSettings" + } + }, + "definitions": { + "AccessReviewInstance": { + "type": "object", + "properties": { + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/AccessReviewInstanceProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Access Review Instance properties." + } + }, + "description": "Access Review Instance." + }, + "AccessReviewInstanceProperties": { + "type": "object", + "properties": { + "endDateTime": { + "type": "string", + "format": "date-time", + "description": "The DateTime when the review instance is scheduled to end." + }, + "startDateTime": { + "type": "string", + "format": "date-time", + "description": "The DateTime when the review instance is scheduled to be start." + } + }, + "description": "Access Review Instance properties." + }, + "AccessReviewRecurrencePattern": { + "type": "object", + "properties": { + "interval": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The interval for recurrence. For a quarterly review, the interval is 3 for type : absoluteMonthly." + }, + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "weekly", + "absoluteMonthly" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The recurrence type : weekly, monthly, etc." + } + }, + "description": "Recurrence Pattern of an Access Review Schedule Definition." + }, + "AccessReviewRecurrenceRange": { + "type": "object", + "properties": { + "endDate": { + "type": "string", + "format": "date-time", + "description": "The DateTime when the review is scheduled to end. Required if type is endDate" + }, + "numberOfOccurrences": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The number of times to repeat the access review. Required and must be positive if type is numbered." + }, + "startDate": { + "type": "string", + "format": "date-time", + "description": "The DateTime when the review is scheduled to be start. This could be a date in the future. Required on create." + }, + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "endDate", + "noEnd", + "numbered" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The recurrence range type. The possible values are: endDate, noEnd, numbered." + } + }, + "description": "Recurrence Range of an Access Review Schedule Definition." + }, + "AccessReviewRecurrenceSettings": { + "type": "object", + "properties": { + "pattern": { + "oneOf": [ + { + "$ref": "#/definitions/AccessReviewRecurrencePattern" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Recurrence Pattern of an Access Review Schedule Definition." + }, + "range": { + "oneOf": [ + { + "$ref": "#/definitions/AccessReviewRecurrenceRange" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Recurrence Range of an Access Review Schedule Definition." + } + }, + "description": "Recurrence Settings of an Access Review Schedule Definition." + }, + "AccessReviewReviewer": { + "type": "object", + "properties": { + "principalId": { + "type": "string", + "description": "The id of the reviewer(user/servicePrincipal)" + } + }, + "description": "Descriptor for what needs to be reviewed" + }, + "AccessReviewScheduleSettings": { + "type": "object", + "properties": { + "autoApplyDecisionsEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether auto-apply capability, to automatically change the target object access resource, is enabled. If not enabled, a user must, after the review completes, apply the access review." + }, + "defaultDecision": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Approve", + "Deny", + "Recommendation" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "This specifies the behavior for the autoReview feature when an access review completes." + }, + "defaultDecisionEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether reviewers are required to provide a justification when reviewing access." + }, + "instanceDurationInDays": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The duration in days for an instance." + }, + "justificationRequiredOnApproval": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether the reviewer is required to pass justification when recording a decision." + }, + "mailNotificationsEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether sending mails to reviewers and the review creator is enabled." + }, + "recommendationsEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether showing recommendations to reviewers is enabled." + }, + "recurrence": { + "oneOf": [ + { + "$ref": "#/definitions/AccessReviewRecurrenceSettings" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Recurrence Settings of an Access Review Schedule Definition." + }, + "reminderNotificationsEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether sending reminder emails to reviewers are enabled." + } + }, + "description": "Settings of an Access Review." + } + } +} diff --git a/schemas/2018-09-01-preview/Microsoft.Authorization.json b/schemas/2018-09-01-preview/Microsoft.Authorization.json new file mode 100644 index 0000000000..1c9ddd7682 --- /dev/null +++ b/schemas/2018-09-01-preview/Microsoft.Authorization.json @@ -0,0 +1,102 @@ +{ + "id": "https://schema.management.azure.com/schemas/2018-09-01-preview/Microsoft.Authorization.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.Authorization", + "description": "Microsoft Authorization Resource Types", + "resourceDefinitions": {}, + "unknown_resourceDefinitions": { + "roleAssignments": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2018-09-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the role assignment to create. It can be any valid GUID." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/RoleAssignmentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role assignment properties." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/roleAssignments" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Authorization/roleAssignments" + } + }, + "definitions": { + "RoleAssignmentProperties": { + "type": "object", + "properties": { + "canDelegate": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The delegation flag used for creating a role assignment" + }, + "principalId": { + "type": "string", + "description": "The principal ID assigned to the role. This maps to the ID inside the Active Directory. It can point to a user, service principal, or security group." + }, + "principalType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "User", + "Group", + "ServicePrincipal", + "Unknown", + "DirectoryRoleTemplate", + "ForeignGroup", + "Application", + "MSI", + "DirectoryObjectOrGroup", + "Everyone" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The principal type of the assigned principal ID." + }, + "roleDefinitionId": { + "type": "string", + "description": "The role definition ID used in the role assignment." + } + }, + "required": [ + "principalId", + "roleDefinitionId" + ], + "description": "Role assignment properties." + } + } +} diff --git a/schemas/2020-04-01-preview/Microsoft.Authorization.json b/schemas/2020-04-01-preview/Microsoft.Authorization.json new file mode 100644 index 0000000000..82e9c48392 --- /dev/null +++ b/schemas/2020-04-01-preview/Microsoft.Authorization.json @@ -0,0 +1,114 @@ +{ + "id": "https://schema.management.azure.com/schemas/2020-04-01-preview/Microsoft.Authorization.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.Authorization", + "description": "Microsoft Authorization Resource Types", + "resourceDefinitions": {}, + "unknown_resourceDefinitions": { + "roleAssignments": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2020-04-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the role assignment to create. It can be any valid GUID." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/RoleAssignmentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role assignment properties." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/roleAssignments" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Authorization/roleAssignments" + } + }, + "definitions": { + "RoleAssignmentProperties": { + "type": "object", + "properties": { + "canDelegate": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The delegation flag used for creating a role assignment" + }, + "condition": { + "type": "string", + "description": "The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'" + }, + "conditionVersion": { + "type": "string", + "description": "Version of the condition. Currently accepted value is '2.0'" + }, + "description": { + "type": "string", + "description": "Description of role assignment" + }, + "principalId": { + "type": "string", + "description": "The principal ID assigned to the role. This maps to the ID inside the Active Directory. It can point to a user, service principal, or security group." + }, + "principalType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "User", + "Group", + "ServicePrincipal", + "Unknown", + "DirectoryRoleTemplate", + "ForeignGroup", + "Application", + "MSI", + "DirectoryObjectOrGroup", + "Everyone" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The principal type of the assigned principal ID." + }, + "roleDefinitionId": { + "type": "string", + "description": "The role definition ID used in the role assignment." + } + }, + "required": [ + "principalId", + "roleDefinitionId" + ], + "description": "Role assignment properties." + } + } +} diff --git a/schemas/2020-10-01-preview/Microsoft.Authorization.json b/schemas/2020-10-01-preview/Microsoft.Authorization.json new file mode 100644 index 0000000000..80b63ec18b --- /dev/null +++ b/schemas/2020-10-01-preview/Microsoft.Authorization.json @@ -0,0 +1,1023 @@ +{ + "id": "https://schema.management.azure.com/schemas/2020-10-01-preview/Microsoft.Authorization.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.Authorization", + "description": "Microsoft Authorization Resource Types", + "resourceDefinitions": {}, + "unknown_resourceDefinitions": { + "roleAssignmentScheduleRequests": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2020-10-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the role assignment to create. It can be any valid GUID." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/RoleAssignmentScheduleRequestProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role assignment schedule request properties with scope." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/roleAssignmentScheduleRequests" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Authorization/roleAssignmentScheduleRequests" + }, + "roleEligibilityScheduleRequests": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2020-10-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the role eligibility to create. It can be any valid GUID." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/RoleEligibilityScheduleRequestProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role eligibility schedule request properties with scope." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/roleEligibilityScheduleRequests" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Authorization/roleEligibilityScheduleRequests" + }, + "roleManagementPolicies": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2020-10-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name (guid) of the role management policy to upsert." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/RoleManagementPolicyProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role management policy properties with scope." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/roleManagementPolicies" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Authorization/roleManagementPolicies" + }, + "roleManagementPolicyAssignments": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2020-10-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of format {guid_guid} the role management policy assignment to upsert." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/RoleManagementPolicyAssignmentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role management policy assignment properties with scope." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/roleManagementPolicyAssignments" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Authorization/roleManagementPolicyAssignments" + } + }, + "definitions": { + "ApprovalSettings": { + "type": "object", + "properties": { + "approvalMode": { + "oneOf": [ + { + "type": "string", + "enum": [ + "SingleStage", + "Serial", + "Parallel", + "NoApproval" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The type of rule." + }, + "approvalStages": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/ApprovalStage" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The approval stages of the request." + }, + "isApprovalRequired": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Determine whether approval is required or not." + }, + "isApprovalRequiredForExtension": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Determine whether approval is required for assignment extension." + }, + "isRequestorJustificationRequired": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Determine whether requestor justification required." + } + }, + "description": "The approval settings." + }, + "ApprovalStage": { + "type": "object", + "properties": { + "approvalStageTimeOutInDays": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The time in days when approval request would be timed out." + }, + "escalationApprovers": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/UserSet" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The escalation approver of the request." + }, + "escalationTimeInMinutes": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The time in minutes when the approval request would be escalated if the primary approver does not approves." + }, + "isApproverJustificationRequired": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Determine whether approver need to provide justification for his decision." + }, + "isEscalationEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The value determine whether escalation feature is enabled." + }, + "primaryApprovers": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/UserSet" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The primary approver of the request." + } + }, + "description": "The approval stage." + }, + "RoleAssignmentScheduleRequestProperties": { + "type": "object", + "properties": { + "condition": { + "type": "string", + "description": "The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'" + }, + "conditionVersion": { + "type": "string", + "description": "Version of the condition. Currently accepted value is '2.0'" + }, + "justification": { + "type": "string", + "description": "Justification for the role assignment" + }, + "linkedRoleEligibilityScheduleId": { + "type": "string", + "description": "The linked role eligibility schedule id - to activate an eligibility." + }, + "principalId": { + "type": "string", + "description": "The principal ID." + }, + "requestType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "AdminAssign", + "AdminRemove", + "AdminUpdate", + "AdminExtend", + "AdminRenew", + "SelfActivate", + "SelfDeactivate", + "SelfExtend", + "SelfRenew" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The type of the role assignment schedule request. Eg: SelfActivate, AdminAssign etc." + }, + "roleDefinitionId": { + "type": "string", + "description": "The role definition ID." + }, + "scheduleInfo": { + "oneOf": [ + { + "$ref": "#/definitions/RoleAssignmentScheduleRequestPropertiesScheduleInfo" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Schedule info of the role assignment schedule" + }, + "targetRoleAssignmentScheduleId": { + "type": "string", + "description": "The resultant role assignment schedule id or the role assignment schedule id being updated" + }, + "targetRoleAssignmentScheduleInstanceId": { + "type": "string", + "description": "The role assignment schedule instance id being updated" + }, + "ticketInfo": { + "oneOf": [ + { + "$ref": "#/definitions/RoleAssignmentScheduleRequestPropertiesTicketInfo" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Ticket Info of the role assignment" + } + }, + "required": [ + "principalId", + "requestType", + "roleDefinitionId" + ], + "description": "Role assignment schedule request properties with scope." + }, + "RoleAssignmentScheduleRequestPropertiesScheduleInfo": { + "type": "object", + "properties": { + "expiration": { + "oneOf": [ + { + "$ref": "#/definitions/RoleAssignmentScheduleRequestPropertiesScheduleInfoExpiration" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Expiration of the role assignment schedule" + }, + "startDateTime": { + "type": "string", + "format": "date-time", + "description": "Start DateTime of the role assignment schedule." + } + }, + "description": "Schedule info of the role assignment schedule" + }, + "RoleAssignmentScheduleRequestPropertiesScheduleInfoExpiration": { + "type": "object", + "properties": { + "duration": { + "type": "string", + "description": "Duration of the role assignment schedule in TimeSpan." + }, + "endDateTime": { + "type": "string", + "format": "date-time", + "description": "End DateTime of the role assignment schedule." + }, + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "AfterDuration", + "AfterDateTime", + "NoExpiration" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Type of the role assignment schedule expiration." + } + }, + "description": "Expiration of the role assignment schedule" + }, + "RoleAssignmentScheduleRequestPropertiesTicketInfo": { + "type": "object", + "properties": { + "ticketNumber": { + "type": "string", + "description": "Ticket number for the role assignment" + }, + "ticketSystem": { + "type": "string", + "description": "Ticket system name for the role assignment" + } + }, + "description": "Ticket Info of the role assignment" + }, + "RoleEligibilityScheduleRequestProperties": { + "type": "object", + "properties": { + "condition": { + "type": "string", + "description": "The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'" + }, + "conditionVersion": { + "type": "string", + "description": "Version of the condition. Currently accepted value is '2.0'" + }, + "justification": { + "type": "string", + "description": "Justification for the role eligibility" + }, + "principalId": { + "type": "string", + "description": "The principal ID." + }, + "requestType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "AdminAssign", + "AdminRemove", + "AdminUpdate", + "AdminExtend", + "AdminRenew", + "SelfActivate", + "SelfDeactivate", + "SelfExtend", + "SelfRenew" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The type of the role assignment schedule request. Eg: SelfActivate, AdminAssign etc." + }, + "roleDefinitionId": { + "type": "string", + "description": "The role definition ID." + }, + "scheduleInfo": { + "oneOf": [ + { + "$ref": "#/definitions/RoleEligibilityScheduleRequestPropertiesScheduleInfo" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Schedule info of the role eligibility schedule" + }, + "targetRoleEligibilityScheduleId": { + "type": "string", + "description": "The resultant role eligibility schedule id or the role eligibility schedule id being updated" + }, + "targetRoleEligibilityScheduleInstanceId": { + "type": "string", + "description": "The role eligibility schedule instance id being updated" + }, + "ticketInfo": { + "oneOf": [ + { + "$ref": "#/definitions/RoleEligibilityScheduleRequestPropertiesTicketInfo" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Ticket Info of the role eligibility" + } + }, + "required": [ + "principalId", + "requestType", + "roleDefinitionId" + ], + "description": "Role eligibility schedule request properties with scope." + }, + "RoleEligibilityScheduleRequestPropertiesScheduleInfo": { + "type": "object", + "properties": { + "expiration": { + "oneOf": [ + { + "$ref": "#/definitions/RoleEligibilityScheduleRequestPropertiesScheduleInfoExpiration" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Expiration of the role eligibility schedule" + }, + "startDateTime": { + "type": "string", + "format": "date-time", + "description": "Start DateTime of the role eligibility schedule." + } + }, + "description": "Schedule info of the role eligibility schedule" + }, + "RoleEligibilityScheduleRequestPropertiesScheduleInfoExpiration": { + "type": "object", + "properties": { + "duration": { + "type": "string", + "description": "Duration of the role eligibility schedule in TimeSpan." + }, + "endDateTime": { + "type": "string", + "format": "date-time", + "description": "End DateTime of the role eligibility schedule." + }, + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "AfterDuration", + "AfterDateTime", + "NoExpiration" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Type of the role eligibility schedule expiration." + } + }, + "description": "Expiration of the role eligibility schedule" + }, + "RoleEligibilityScheduleRequestPropertiesTicketInfo": { + "type": "object", + "properties": { + "ticketNumber": { + "type": "string", + "description": "Ticket number for the role eligibility" + }, + "ticketSystem": { + "type": "string", + "description": "Ticket system name for the role eligibility" + } + }, + "description": "Ticket Info of the role eligibility" + }, + "RoleManagementPolicyApprovalRule": { + "type": "object", + "properties": { + "ruleType": { + "type": "string", + "enum": [ + "RoleManagementPolicyApprovalRule" + ] + }, + "setting": { + "oneOf": [ + { + "$ref": "#/definitions/ApprovalSettings" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The approval settings." + } + }, + "required": [ + "ruleType" + ], + "description": "The role management policy rule." + }, + "RoleManagementPolicyAssignmentProperties": { + "type": "object", + "properties": { + "policyId": { + "type": "string", + "description": "The policy id role management policy assignment." + }, + "roleDefinitionId": { + "type": "string", + "description": "The role definition of management policy assignment." + }, + "scope": { + "type": "string", + "description": "The role management policy scope." + } + }, + "description": "Role management policy assignment properties with scope." + }, + "RoleManagementPolicyAuthenticationContextRule": { + "type": "object", + "properties": { + "claimValue": { + "type": "string", + "description": "The claim value." + }, + "isEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The value indicating if rule is enabled." + }, + "ruleType": { + "type": "string", + "enum": [ + "RoleManagementPolicyAuthenticationContextRule" + ] + } + }, + "required": [ + "ruleType" + ], + "description": "The role management policy rule." + }, + "RoleManagementPolicyEnablementRule": { + "type": "object", + "properties": { + "enabledRules": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The list of enabled rules." + }, + "ruleType": { + "type": "string", + "enum": [ + "RoleManagementPolicyEnablementRule" + ] + } + }, + "required": [ + "ruleType" + ], + "description": "The role management policy rule." + }, + "RoleManagementPolicyExpirationRule": { + "type": "object", + "properties": { + "isExpirationRequired": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The value indicating whether expiration is required." + }, + "maximumDuration": { + "type": "string", + "description": "The maximum duration of expiration in timespan." + }, + "ruleType": { + "type": "string", + "enum": [ + "RoleManagementPolicyExpirationRule" + ] + } + }, + "required": [ + "ruleType" + ], + "description": "The role management policy rule." + }, + "RoleManagementPolicyNotificationRule": { + "type": "object", + "properties": { + "notificationLevel": { + "oneOf": [ + { + "type": "string", + "enum": [ + "NONE", + "CRITICAL", + "ALL" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The notification level." + }, + "notificationRecipients": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The list notification recipients." + }, + "notificationType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Email" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The type of notification." + }, + "recipientType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Requestor", + "Approver", + "Admin" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The recipient type." + }, + "ruleType": { + "type": "string", + "enum": [ + "RoleManagementPolicyNotificationRule" + ] + } + }, + "required": [ + "ruleType" + ], + "description": "The role management policy rule." + }, + "RoleManagementPolicyProperties": { + "type": "object", + "properties": { + "description": { + "type": "string", + "description": "The role management policy description." + }, + "displayName": { + "type": "string", + "description": "The role management policy display name." + }, + "isOrganizationDefault": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The role management policy is default policy." + }, + "rules": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/RoleManagementPolicyRule" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The rule applied to the policy." + }, + "scope": { + "type": "string", + "description": "The role management policy scope." + } + }, + "description": "Role management policy properties with scope." + }, + "RoleManagementPolicyRule": { + "type": "object", + "oneOf": [ + { + "$ref": "#/definitions/RoleManagementPolicyApprovalRule" + }, + { + "$ref": "#/definitions/RoleManagementPolicyAuthenticationContextRule" + }, + { + "$ref": "#/definitions/RoleManagementPolicyEnablementRule" + }, + { + "$ref": "#/definitions/RoleManagementPolicyExpirationRule" + }, + { + "$ref": "#/definitions/RoleManagementPolicyNotificationRule" + } + ], + "properties": { + "id": { + "type": "string", + "description": "The id of the rule." + }, + "target": { + "oneOf": [ + { + "$ref": "#/definitions/RoleManagementPolicyRuleTarget" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The role management policy rule target." + } + }, + "description": "The role management policy rule." + }, + "RoleManagementPolicyRuleTarget": { + "type": "object", + "properties": { + "caller": { + "type": "string", + "description": "The caller of the setting." + }, + "enforcedSettings": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The list of enforced settings." + }, + "inheritableSettings": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The list of inheritable settings." + }, + "level": { + "type": "string", + "description": "The assignment level to which it is applied." + }, + "operations": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The type of operation." + }, + "targetObjects": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The list of target objects." + } + }, + "description": "The role management policy rule target." + }, + "SingleUser": { + "type": "object", + "properties": { + "description": { + "type": "string", + "description": "The description of the user." + }, + "id": { + "type": "string", + "description": "The object id of the user." + }, + "userType": { + "type": "string", + "enum": [ + "SingleUser" + ] + } + }, + "required": [ + "userType" + ], + "description": "The detail of a user." + }, + "UserSet": { + "type": "object", + "oneOf": [ + { + "$ref": "#/definitions/SingleUser" + } + ], + "properties": { + "isBackup": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The value indicating whether the user is a backup fallback approver" + } + }, + "description": "The detail of a user." + } + } +} diff --git a/schemas/2021-01-01-preview/Microsoft.Authorization.json b/schemas/2021-01-01-preview/Microsoft.Authorization.json new file mode 100644 index 0000000000..69393d7138 --- /dev/null +++ b/schemas/2021-01-01-preview/Microsoft.Authorization.json @@ -0,0 +1,114 @@ +{ + "id": "https://schema.management.azure.com/schemas/2021-01-01-preview/Microsoft.Authorization.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.Authorization", + "description": "Microsoft Authorization Resource Types", + "resourceDefinitions": {}, + "tenant_resourceDefinitions": { + "roleAssignmentApprovals_stages": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-01-01-preview" + ] + }, + "displayName": { + "type": "string", + "description": "The display name for the approval stage." + }, + "justification": { + "type": "string", + "description": "Justification provided by approvers for their action" + }, + "name": { + "type": "string", + "description": "The id of the role assignment approval stage." + }, + "reviewResult": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Approve", + "Deny", + "NotReviewed" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The decision on the approval stage. This value is initially set to NotReviewed. Approvers can take action of Approve/Deny." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/roleAssignmentApprovals/stages" + ] + } + }, + "required": [ + "apiVersion", + "name", + "type" + ], + "description": "Microsoft.Authorization/roleAssignmentApprovals/stages" + } + }, + "unknown_resourceDefinitions": { + "roleAssignmentApprovals_stages": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-01-01-preview" + ] + }, + "displayName": { + "type": "string", + "description": "The display name for the approval stage." + }, + "justification": { + "type": "string", + "description": "Justification provided by approvers for their action" + }, + "name": { + "type": "string", + "description": "The id of the role assignment approval stage." + }, + "reviewResult": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Approve", + "Deny", + "NotReviewed" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The decision on the approval stage. This value is initially set to NotReviewed. Approvers can take action of Approve/Deny." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/roleAssignmentApprovals/stages" + ] + } + }, + "required": [ + "apiVersion", + "name", + "type" + ], + "description": "Microsoft.Authorization/roleAssignmentApprovals/stages" + } + }, + "definitions": {} +}