diff --git a/schemas/2018-06-01-preview/Microsoft.ManagedServices.json b/schemas/2018-06-01-preview/Microsoft.ManagedServices.json index 83bdecc7d2..e7482d78aa 100644 --- a/schemas/2018-06-01-preview/Microsoft.ManagedServices.json +++ b/schemas/2018-06-01-preview/Microsoft.ManagedServices.json @@ -3,26 +3,21 @@ "$schema": "http://json-schema.org/draft-04/schema#", "title": "Microsoft.ManagedServices", "description": "Microsoft ManagedServices Resource Types", - "resourceDefinitions": { + "resourceDefinitions": {}, + "unknown_resourceDefinitions": { "registrationAssignments": { "type": "object", "properties": { - "name": { - "type": "string", - "description": "Guid of the registration assignment." - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.ManagedServices/registrationAssignments" - ] - }, "apiVersion": { "type": "string", "enum": [ "2018-06-01-preview" ] }, + "name": { + "type": "string", + "description": "Guid of the registration assignment." + }, "properties": { "oneOf": [ { @@ -33,63 +28,69 @@ } ], "description": "Properties of a registration assignment." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.ManagedServices/registrationAssignments" + ] } }, "required": [ - "name", - "type", "apiVersion", - "properties" + "name", + "properties", + "type" ], "description": "Microsoft.ManagedServices/registrationAssignments" }, "registrationDefinitions": { "type": "object", "properties": { - "name": { - "type": "string", - "description": "Guid of the registration definition." - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.ManagedServices/registrationDefinitions" - ] - }, "apiVersion": { "type": "string", "enum": [ "2018-06-01-preview" ] }, - "properties": { + "name": { + "type": "string", + "description": "Guid of the registration definition." + }, + "plan": { "oneOf": [ { - "$ref": "#/definitions/RegistrationDefinitionProperties" + "$ref": "#/definitions/Plan" }, { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "Properties of a registration definition." + "description": "Plan details for the managed services." }, - "plan": { + "properties": { "oneOf": [ { - "$ref": "#/definitions/Plan" + "$ref": "#/definitions/RegistrationDefinitionProperties" }, { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "Plan details for the managed services." + "description": "Properties of a registration definition." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.ManagedServices/registrationDefinitions" + ] } }, "required": [ - "name", - "type", "apiVersion", - "properties" + "name", + "properties", + "type" ], "description": "Microsoft.ManagedServices/registrationDefinitions" } @@ -98,10 +99,29 @@ "Authorization": { "type": "object", "properties": { + "delegatedRoleDefinitionIds": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The delegatedRoleDefinitionIds field is required when the roleDefinitionId refers to the User Access Administrator Role. It is the list of role definition ids which define all the permissions that the user in the authorization can assign to other security groups/service principals/users." + }, "principalId": { "type": "string", "description": "Principal Id of the security group/service principal/user that would be assigned permissions to the projected subscription" }, + "principalIdDisplayName": { + "type": "string", + "description": "Display name of the principal Id." + }, "roleDefinitionId": { "type": "string", "description": "The role definition identifier. This role will define all the permissions that the security group/service principal/user must have on the projected subscription. This role cannot be an owner role." @@ -120,14 +140,14 @@ "type": "string", "description": "The plan name." }, - "publisher": { - "type": "string", - "description": "The publisher ID." - }, "product": { "type": "string", "description": "The product code." }, + "publisher": { + "type": "string", + "description": "The publisher ID." + }, "version": { "type": "string", "description": "The plan's version." @@ -135,8 +155,8 @@ }, "required": [ "name", - "publisher", "product", + "publisher", "version" ], "description": "Plan details for the managed services." @@ -157,10 +177,6 @@ "RegistrationDefinitionProperties": { "type": "object", "properties": { - "description": { - "type": "string", - "description": "Description of the registration definition." - }, "authorizations": { "oneOf": [ { @@ -175,13 +191,17 @@ ], "description": "Authorization tuple containing principal id of the user/security group or service principal and id of the build-in role." }, - "registrationDefinitionName": { + "description": { "type": "string", - "description": "Name of the registration definition." + "description": "Description of the registration definition." }, "managedByTenantId": { "type": "string", "description": "Id of the managedBy tenant." + }, + "registrationDefinitionName": { + "type": "string", + "description": "Name of the registration definition." } }, "required": [ diff --git a/schemas/2019-04-01-preview/Microsoft.ManagedServices.json b/schemas/2019-04-01-preview/Microsoft.ManagedServices.json new file mode 100644 index 0000000000..7b4494394b --- /dev/null +++ b/schemas/2019-04-01-preview/Microsoft.ManagedServices.json @@ -0,0 +1,214 @@ +{ + "id": "https://schema.management.azure.com/schemas/2019-04-01-preview/Microsoft.ManagedServices.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.ManagedServices", + "description": "Microsoft ManagedServices Resource Types", + "resourceDefinitions": {}, + "unknown_resourceDefinitions": { + "registrationAssignments": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2019-04-01-preview" + ] + }, + "name": { + "type": "string", + "description": "Guid of the registration assignment." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/RegistrationAssignmentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a registration assignment." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.ManagedServices/registrationAssignments" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.ManagedServices/registrationAssignments" + }, + "registrationDefinitions": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2019-04-01-preview" + ] + }, + "name": { + "type": "string", + "description": "Guid of the registration definition." + }, + "plan": { + "oneOf": [ + { + "$ref": "#/definitions/Plan" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Plan details for the managed services." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/RegistrationDefinitionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a registration definition." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.ManagedServices/registrationDefinitions" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.ManagedServices/registrationDefinitions" + } + }, + "definitions": { + "Authorization": { + "type": "object", + "properties": { + "delegatedRoleDefinitionIds": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The delegatedRoleDefinitionIds field is required when the roleDefinitionId refers to the User Access Administrator Role. It is the list of role definition ids which define all the permissions that the user in the authorization can assign to other security groups/service principals/users." + }, + "principalId": { + "type": "string", + "description": "Principal Id of the security group/service principal/user that would be assigned permissions to the projected subscription" + }, + "principalIdDisplayName": { + "type": "string", + "description": "Display name of the principal Id." + }, + "roleDefinitionId": { + "type": "string", + "description": "The role definition identifier. This role will define all the permissions that the security group/service principal/user must have on the projected subscription. This role cannot be an owner role." + } + }, + "required": [ + "principalId", + "roleDefinitionId" + ], + "description": "Authorization tuple containing principal Id (of user/service principal/security group) and role definition id." + }, + "Plan": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The plan name." + }, + "product": { + "type": "string", + "description": "The product code." + }, + "publisher": { + "type": "string", + "description": "The publisher ID." + }, + "version": { + "type": "string", + "description": "The plan's version." + } + }, + "required": [ + "name", + "product", + "publisher", + "version" + ], + "description": "Plan details for the managed services." + }, + "RegistrationAssignmentProperties": { + "type": "object", + "properties": { + "registrationDefinitionId": { + "type": "string", + "description": "Fully qualified path of the registration definition." + } + }, + "required": [ + "registrationDefinitionId" + ], + "description": "Properties of a registration assignment." + }, + "RegistrationDefinitionProperties": { + "type": "object", + "properties": { + "authorizations": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/Authorization" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Authorization tuple containing principal id of the user/security group or service principal and id of the build-in role." + }, + "description": { + "type": "string", + "description": "Description of the registration definition." + }, + "managedByTenantId": { + "type": "string", + "description": "Id of the managedBy tenant." + }, + "registrationDefinitionName": { + "type": "string", + "description": "Name of the registration definition." + } + }, + "required": [ + "authorizations", + "managedByTenantId" + ], + "description": "Properties of a registration definition." + } + } +} diff --git a/schemas/2019-06-01/Microsoft.ManagedServices.json b/schemas/2019-06-01/Microsoft.ManagedServices.json index 4846f3fda5..ba31902d14 100644 --- a/schemas/2019-06-01/Microsoft.ManagedServices.json +++ b/schemas/2019-06-01/Microsoft.ManagedServices.json @@ -3,26 +3,21 @@ "$schema": "http://json-schema.org/draft-04/schema#", "title": "Microsoft.ManagedServices", "description": "Microsoft ManagedServices Resource Types", - "resourceDefinitions": { + "resourceDefinitions": {}, + "unknown_resourceDefinitions": { "registrationAssignments": { "type": "object", "properties": { - "name": { - "type": "string", - "description": "Guid of the registration assignment." - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.ManagedServices/registrationAssignments" - ] - }, "apiVersion": { "type": "string", "enum": [ "2019-06-01" ] }, + "name": { + "type": "string", + "description": "Guid of the registration assignment." + }, "properties": { "oneOf": [ { @@ -33,63 +28,69 @@ } ], "description": "Properties of a registration assignment." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.ManagedServices/registrationAssignments" + ] } }, "required": [ - "name", - "type", "apiVersion", - "properties" + "name", + "properties", + "type" ], "description": "Microsoft.ManagedServices/registrationAssignments" }, "registrationDefinitions": { "type": "object", "properties": { - "name": { - "type": "string", - "description": "Guid of the registration definition." - }, - "type": { - "type": "string", - "enum": [ - "Microsoft.ManagedServices/registrationDefinitions" - ] - }, "apiVersion": { "type": "string", "enum": [ "2019-06-01" ] }, - "properties": { + "name": { + "type": "string", + "description": "Guid of the registration definition." + }, + "plan": { "oneOf": [ { - "$ref": "#/definitions/RegistrationDefinitionProperties" + "$ref": "#/definitions/Plan" }, { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "Properties of a registration definition." + "description": "Plan details for the managed services." }, - "plan": { + "properties": { "oneOf": [ { - "$ref": "#/definitions/Plan" + "$ref": "#/definitions/RegistrationDefinitionProperties" }, { "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" } ], - "description": "Plan details for the managed services." + "description": "Properties of a registration definition." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.ManagedServices/registrationDefinitions" + ] } }, "required": [ - "name", - "type", "apiVersion", - "properties" + "name", + "properties", + "type" ], "description": "Microsoft.ManagedServices/registrationDefinitions" } @@ -98,10 +99,29 @@ "Authorization": { "type": "object", "properties": { + "delegatedRoleDefinitionIds": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The delegatedRoleDefinitionIds field is required when the roleDefinitionId refers to the User Access Administrator Role. It is the list of role definition ids which define all the permissions that the user in the authorization can assign to other security groups/service principals/users." + }, "principalId": { "type": "string", "description": "Principal Id of the security group/service principal/user that would be assigned permissions to the projected subscription" }, + "principalIdDisplayName": { + "type": "string", + "description": "Display name of the principal Id." + }, "roleDefinitionId": { "type": "string", "description": "The role definition identifier. This role will define all the permissions that the security group/service principal/user must have on the projected subscription. This role cannot be an owner role." @@ -120,14 +140,14 @@ "type": "string", "description": "The plan name." }, - "publisher": { - "type": "string", - "description": "The publisher ID." - }, "product": { "type": "string", "description": "The product code." }, + "publisher": { + "type": "string", + "description": "The publisher ID." + }, "version": { "type": "string", "description": "The plan's version." @@ -135,8 +155,8 @@ }, "required": [ "name", - "publisher", "product", + "publisher", "version" ], "description": "Plan details for the managed services." @@ -157,10 +177,6 @@ "RegistrationDefinitionProperties": { "type": "object", "properties": { - "description": { - "type": "string", - "description": "Description of the registration definition." - }, "authorizations": { "oneOf": [ { @@ -175,13 +191,17 @@ ], "description": "Authorization tuple containing principal id of the user/security group or service principal and id of the build-in role." }, - "registrationDefinitionName": { + "description": { "type": "string", - "description": "Name of the registration definition." + "description": "Description of the registration definition." }, "managedByTenantId": { "type": "string", "description": "Id of the managedBy tenant." + }, + "registrationDefinitionName": { + "type": "string", + "description": "Name of the registration definition." } }, "required": [ diff --git a/schemas/2019-09-01/Microsoft.ManagedServices.json b/schemas/2019-09-01/Microsoft.ManagedServices.json new file mode 100644 index 0000000000..11d6d1437d --- /dev/null +++ b/schemas/2019-09-01/Microsoft.ManagedServices.json @@ -0,0 +1,214 @@ +{ + "id": "https://schema.management.azure.com/schemas/2019-09-01/Microsoft.ManagedServices.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.ManagedServices", + "description": "Microsoft ManagedServices Resource Types", + "resourceDefinitions": {}, + "unknown_resourceDefinitions": { + "registrationAssignments": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2019-09-01" + ] + }, + "name": { + "type": "string", + "description": "Guid of the registration assignment." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/RegistrationAssignmentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a registration assignment." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.ManagedServices/registrationAssignments" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.ManagedServices/registrationAssignments" + }, + "registrationDefinitions": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2019-09-01" + ] + }, + "name": { + "type": "string", + "description": "Guid of the registration definition." + }, + "plan": { + "oneOf": [ + { + "$ref": "#/definitions/Plan" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Plan details for the managed services." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/RegistrationDefinitionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a registration definition." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.ManagedServices/registrationDefinitions" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.ManagedServices/registrationDefinitions" + } + }, + "definitions": { + "Authorization": { + "type": "object", + "properties": { + "delegatedRoleDefinitionIds": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The delegatedRoleDefinitionIds field is required when the roleDefinitionId refers to the User Access Administrator Role. It is the list of role definition ids which define all the permissions that the user in the authorization can assign to other security groups/service principals/users." + }, + "principalId": { + "type": "string", + "description": "Principal Id of the security group/service principal/user that would be assigned permissions to the projected subscription" + }, + "principalIdDisplayName": { + "type": "string", + "description": "Display name of the principal Id." + }, + "roleDefinitionId": { + "type": "string", + "description": "The role definition identifier. This role will define all the permissions that the security group/service principal/user must have on the projected subscription. This role cannot be an owner role." + } + }, + "required": [ + "principalId", + "roleDefinitionId" + ], + "description": "Authorization tuple containing principal Id (of user/service principal/security group) and role definition id." + }, + "Plan": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The plan name." + }, + "product": { + "type": "string", + "description": "The product code." + }, + "publisher": { + "type": "string", + "description": "The publisher ID." + }, + "version": { + "type": "string", + "description": "The plan's version." + } + }, + "required": [ + "name", + "product", + "publisher", + "version" + ], + "description": "Plan details for the managed services." + }, + "RegistrationAssignmentProperties": { + "type": "object", + "properties": { + "registrationDefinitionId": { + "type": "string", + "description": "Fully qualified path of the registration definition." + } + }, + "required": [ + "registrationDefinitionId" + ], + "description": "Properties of a registration assignment." + }, + "RegistrationDefinitionProperties": { + "type": "object", + "properties": { + "authorizations": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/Authorization" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Authorization tuple containing principal id of the user/security group or service principal and id of the build-in role." + }, + "description": { + "type": "string", + "description": "Description of the registration definition." + }, + "managedByTenantId": { + "type": "string", + "description": "Id of the managedBy tenant." + }, + "registrationDefinitionName": { + "type": "string", + "description": "Name of the registration definition." + } + }, + "required": [ + "authorizations", + "managedByTenantId" + ], + "description": "Properties of a registration definition." + } + } +} diff --git a/schemas/2020-02-01-preview/Microsoft.ManagedServices.json b/schemas/2020-02-01-preview/Microsoft.ManagedServices.json new file mode 100644 index 0000000000..3b80dd3d10 --- /dev/null +++ b/schemas/2020-02-01-preview/Microsoft.ManagedServices.json @@ -0,0 +1,290 @@ +{ + "id": "https://schema.management.azure.com/schemas/2020-02-01-preview/Microsoft.ManagedServices.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.ManagedServices", + "description": "Microsoft ManagedServices Resource Types", + "resourceDefinitions": {}, + "unknown_resourceDefinitions": { + "registrationAssignments": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2020-02-01-preview" + ] + }, + "name": { + "type": "string", + "description": "Guid of the registration assignment." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/RegistrationAssignmentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a registration assignment." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.ManagedServices/registrationAssignments" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.ManagedServices/registrationAssignments" + }, + "registrationDefinitions": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2020-02-01-preview" + ] + }, + "name": { + "type": "string", + "description": "Guid of the registration definition." + }, + "plan": { + "oneOf": [ + { + "$ref": "#/definitions/Plan" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Plan details for the managed services." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/RegistrationDefinitionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Properties of a registration definition." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.ManagedServices/registrationDefinitions" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.ManagedServices/registrationDefinitions" + } + }, + "definitions": { + "Authorization": { + "type": "object", + "properties": { + "delegatedRoleDefinitionIds": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string", + "pattern": "^[0-9a-fA-F]{8}(-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}$" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The delegatedRoleDefinitionIds field is required when the roleDefinitionId refers to the User Access Administrator Role. It is the list of role definition ids which define all the permissions that the user in the authorization can assign to other security groups/service principals/users." + }, + "principalId": { + "type": "string", + "description": "Principal Id of the security group/service principal/user that would be assigned permissions to the projected subscription" + }, + "principalIdDisplayName": { + "type": "string", + "description": "Display name of the principal Id." + }, + "roleDefinitionId": { + "type": "string", + "description": "The role definition identifier. This role will define all the permissions that the security group/service principal/user must have on the projected subscription. This role cannot be an owner role." + } + }, + "required": [ + "principalId", + "roleDefinitionId" + ], + "description": "Authorization tuple containing principal Id (of user/service principal/security group) and role definition id." + }, + "EligibleAuthorization": { + "type": "object", + "properties": { + "justInTimeAccessPolicy": { + "oneOf": [ + { + "$ref": "#/definitions/JustInTimeAccessPolicy" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Just-in-time access policy setting." + }, + "principalId": { + "type": "string", + "description": "Principal Id of the security group/service principal/user that would be delegated permissions to the projected subscription" + }, + "principalIdDisplayName": { + "type": "string", + "description": "Display name of the principal Id." + }, + "roleDefinitionId": { + "type": "string", + "description": "The role definition identifier. This role will delegate all the permissions that the security group/service principal/user must have on the projected subscription. This role cannot be an owner role." + } + }, + "required": [ + "principalId", + "roleDefinitionId" + ], + "description": "Eligible authorization tuple containing principle Id (of user/service principal/security group), role definition id, and the just-in-time access setting." + }, + "JustInTimeAccessPolicy": { + "type": "object", + "properties": { + "maximumActivationDuration": { + "type": "string", + "format": "duration", + "description": "Maximum access duration in ISO 8601 format. The default value is \"PT8H\"." + }, + "multiFactorAuthProvider": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Azure", + "None" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "MFA provider." + } + }, + "required": [ + "multiFactorAuthProvider" + ], + "description": "Just-in-time access policy setting." + }, + "Plan": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The plan name." + }, + "product": { + "type": "string", + "description": "The product code." + }, + "publisher": { + "type": "string", + "description": "The publisher ID." + }, + "version": { + "type": "string", + "description": "The plan's version." + } + }, + "required": [ + "name", + "product", + "publisher", + "version" + ], + "description": "Plan details for the managed services." + }, + "RegistrationAssignmentProperties": { + "type": "object", + "properties": { + "registrationDefinitionId": { + "type": "string", + "description": "Fully qualified path of the registration definition." + } + }, + "required": [ + "registrationDefinitionId" + ], + "description": "Properties of a registration assignment." + }, + "RegistrationDefinitionProperties": { + "type": "object", + "properties": { + "authorizations": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/Authorization" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Authorization tuple containing principal id of the user/security group or service principal and id of the build-in role." + }, + "description": { + "type": "string", + "description": "Description of the registration definition." + }, + "eligibleAuthorizations": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/EligibleAuthorization" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Eligible PIM authorization tuple containing principal id of the user/security group or service principal, id of the built-in role, and just-in-time access policy setting" + }, + "managedByTenantId": { + "type": "string", + "description": "Id of the managedBy tenant." + }, + "registrationDefinitionName": { + "type": "string", + "description": "Name of the registration definition." + } + }, + "required": [ + "authorizations", + "managedByTenantId" + ], + "description": "Properties of a registration definition." + } + } +}