From b7c24a0ca8ff4f5d600d95a9dc5e18247c47f962 Mon Sep 17 00:00:00 2001 From: Or Avital <37445345+oravital7@users.noreply.github.com> Date: Mon, 5 Dec 2022 17:29:16 +0200 Subject: [PATCH] [Hub Generated] Publish private branch 'oravital-dev-security-Microsoft.Security-2022-01-01-preview' (#21751) * Update governance API docs (At scale) * Fix model validation * Fix lint * Plain english style * Minor * Update content * Renaming * Comments * Edit descriptions' * Adding deletion operation result * Prettier * Remove LRO --- ...ManagementGroupGovernanceRule_example.json | 15 + ...curityConnectorGovernanceRule_example.json | 5 + .../GetGovernanceRule_example.json | 11 +- ...oupGovernanceRuleDeleteStatus_example.json | 14 + ...upGovernanceRuleExecuteStatus_example.json | 18 + ...ManagementGroupGovernanceRule_example.json | 56 ++ ...curityConnectorGovernanceRule_example.json | 9 + ...anagementGroupGovernanceRules_example.json | 101 ++++ ...urityConnectorGovernanceRules_example.json | 18 + ...BySubscriptionGovernanceRules_example.json | 22 +- .../PostGovernanceRule_example.json | 4 +- ...ManagementGroupGovernanceRule_example.json | 17 + ...curityConnectorGovernanceRule_example.json | 4 +- .../PutGovernanceRule_example.json | 28 +- ...ManagementGroupGovernanceRule_example.json | 137 +++++ ...curityConnectorGovernanceRule_example.json | 21 +- .../governanceAssignments.json | 35 +- .../2022-01-01-preview/governanceRules.json | 480 ++++++++++++++++-- .../resource-manager/common/v1/types.json | 7 + 19 files changed, 925 insertions(+), 77 deletions(-) create mode 100644 specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/DeleteManagementGroupGovernanceRule_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/GetManagementGroupGovernanceRuleDeleteStatus_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/GetManagementGroupGovernanceRuleExecuteStatus_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/GetManagementGroupGovernanceRule_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/ListByManagementGroupGovernanceRules_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PostManagementGroupGovernanceRule_example.json create mode 100644 specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutManagementGroupGovernanceRule_example.json diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/DeleteManagementGroupGovernanceRule_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/DeleteManagementGroupGovernanceRule_example.json new file mode 100644 index 000000000000..785b6b113c12 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/DeleteManagementGroupGovernanceRule_example.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "api-version": "2022-01-01-preview", + "managementGroupId": "contoso", + "ruleId": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8" + }, + "responses": { + "202": { + "headers": { + "location": "https://management.azure.com/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8/operationResults/58b33f4f-c8c7-4b01-99cc-d437db4d40dd?api-version=2022-01-01-preview" + } + }, + "204": {} + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/DeleteSecurityConnectorGovernanceRule_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/DeleteSecurityConnectorGovernanceRule_example.json index eeeb2e6245d2..da56b04bc575 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/DeleteSecurityConnectorGovernanceRule_example.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/DeleteSecurityConnectorGovernanceRule_example.json @@ -8,6 +8,11 @@ }, "responses": { "200": {}, + "202": { + "headers": { + "location": "https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8/operationResults/58b33f4f-c8c7-4b01-99cc-d437db4d40dd?api-version=2022-01-01-preview" + } + }, "204": {} } } diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/GetGovernanceRule_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/GetGovernanceRule_example.json index 10e534dbe20d..aeaa52552c78 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/GetGovernanceRule_example.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/GetGovernanceRule_example.json @@ -11,8 +11,9 @@ "name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8", "type": "Microsoft.Security/governanceRules", "properties": { + "tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23", "displayName": "Admin's rule", - "description": "A rule on critical recommendations", + "description": "A rule for critical recommendations", "remediationTimeframe": "7.00:00:00", "isGracePeriod": true, "rulePriority": 200, @@ -37,6 +38,14 @@ "governanceEmailNotification": { "disableManagerEmailNotification": false, "disableOwnerEmailNotification": false + }, + "excludedScopes": [], + "includeMemberScopes": false, + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "updatedOn": "2022-11-10T08:31:26.7993124Z" } } } diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/GetManagementGroupGovernanceRuleDeleteStatus_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/GetManagementGroupGovernanceRuleDeleteStatus_example.json new file mode 100644 index 000000000000..3e745429ec66 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/GetManagementGroupGovernanceRuleDeleteStatus_example.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "api-version": "2022-01-01-preview", + "managementGroupId": "contoso", + "ruleId": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8", + "operationId": "58b33f4f-c8c7-4b01-99cc-d437db4d40dd" + }, + "responses": { + "202": { + "location": "https://management.azure.com/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8/delete/operationResults/58b33f4f-c8c7-4b01-99cc-d437db4d40dd?api-version=2022-01-01-preview" + }, + "204": {} + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/GetManagementGroupGovernanceRuleExecuteStatus_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/GetManagementGroupGovernanceRuleExecuteStatus_example.json new file mode 100644 index 000000000000..057d6492413c --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/GetManagementGroupGovernanceRuleExecuteStatus_example.json @@ -0,0 +1,18 @@ +{ + "parameters": { + "api-version": "2022-01-01-preview", + "managementGroupId": "contoso", + "ruleId": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8", + "operationId": "58b33f4f-c8c7-4b01-99cc-d437db4d40dd" + }, + "responses": { + "202": { + "location": "https://management.azure.com/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8/execute/operationResults/58b33f4f-c8c7-4b01-99cc-d437db4d40dd?api-version=2022-01-01-preview" + }, + "200": { + "body": { + "operationId": "58b33f4f-c8c7-4b01-99cc-d437db4d40dd" + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/GetManagementGroupGovernanceRule_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/GetManagementGroupGovernanceRule_example.json new file mode 100644 index 000000000000..fa6d3f6c8e64 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/GetManagementGroupGovernanceRule_example.json @@ -0,0 +1,56 @@ +{ + "parameters": { + "api-version": "2022-01-01-preview", + "managementGroupId": "contoso", + "ruleId": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8" + }, + "responses": { + "200": { + "body": { + "id": "providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8", + "name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8", + "type": "Microsoft.Security/governanceRules", + "properties": { + "tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23", + "displayName": "Management group rule", + "description": "A rule for a management group", + "remediationTimeframe": "7.00:00:00", + "isGracePeriod": true, + "rulePriority": 200, + "isDisabled": false, + "ruleType": "Integrated", + "sourceResourceType": "Assessments", + "conditionSets": [ + { + "conditions": [ + { + "property": "$.AssessmentKey", + "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]", + "operator": "In" + } + ] + } + ], + "ownerSource": { + "type": "Manually", + "value": "user@contoso.com" + }, + "governanceEmailNotification": { + "disableManagerEmailNotification": false, + "disableOwnerEmailNotification": false + }, + "excludedScopes": [ + "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23" + ], + "includeMemberScopes": false, + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "updatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/GetSecurityConnectorGovernanceRule_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/GetSecurityConnectorGovernanceRule_example.json index c8dbbaf0be7c..1a2db87b075f 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/GetSecurityConnectorGovernanceRule_example.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/GetSecurityConnectorGovernanceRule_example.json @@ -13,6 +13,7 @@ "name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8", "type": "Microsoft.Security/governanceRules", "properties": { + "tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23", "displayName": "GCP Admin's rule", "description": "A rule on critical GCP recommendations", "remediationTimeframe": "7.00:00:00", @@ -39,6 +40,14 @@ "governanceEmailNotification": { "disableManagerEmailNotification": false, "disableOwnerEmailNotification": false + }, + "excludedScopes": [], + "includeMemberScopes": false, + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "updatedOn": "2022-11-10T08:31:26.7993124Z" } } } diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/ListByManagementGroupGovernanceRules_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/ListByManagementGroupGovernanceRules_example.json new file mode 100644 index 000000000000..484546f02b98 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/ListByManagementGroupGovernanceRules_example.json @@ -0,0 +1,101 @@ +{ + "parameters": { + "api-version": "2022-01-01-preview", + "managementGroupId": "contoso", + "ruleId": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8", + "name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8", + "type": "Microsoft.Security/governanceRules", + "properties": { + "tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23", + "displayName": "Management group rule", + "description": "A rule for a management group", + "remediationTimeframe": "7.00:00:00", + "isGracePeriod": true, + "rulePriority": 100, + "isDisabled": false, + "ruleType": "Integrated", + "sourceResourceType": "Assessments", + "conditionSets": [ + { + "conditions": [ + { + "property": "$.AssessmentKey", + "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]", + "operator": "In" + } + ] + } + ], + "ownerSource": { + "type": "Manually", + "value": "user@contoso.com" + }, + "governanceEmailNotification": { + "disableManagerEmailNotification": false, + "disableOwnerEmailNotification": false + }, + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "updatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + }, + { + "id": "providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/4106f43c-6d82-4fc8-a92c-dcfe50799d1d", + "name": "4106f43c-6d82-4fc8-a92c-dcfe50799d1d", + "type": "Microsoft.Security/governanceRules", + "properties": { + "tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23", + "displayName": "Management group rule 2", + "description": "A rule for a management group", + "remediationTimeframe": "7.00:00:00", + "isGracePeriod": true, + "rulePriority": 200, + "isDisabled": false, + "ruleType": "Integrated", + "sourceResourceType": "Assessments", + "conditionSets": [ + { + "conditions": [ + { + "property": "$.Metadata.Severity", + "value": "Low", + "operator": "Equals" + } + ] + } + ], + "ownerSource": { + "type": "Manually", + "value": "user@contoso.com" + }, + "governanceEmailNotification": { + "disableManagerEmailNotification": false, + "disableOwnerEmailNotification": false + }, + "excludedScopes": [ + "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23" + ], + "includeMemberScopes": false, + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "updatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + } + ] + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/ListBySecurityConnectorGovernanceRules_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/ListBySecurityConnectorGovernanceRules_example.json index a8099c0eb295..72a0c0f29bec 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/ListBySecurityConnectorGovernanceRules_example.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/ListBySecurityConnectorGovernanceRules_example.json @@ -14,6 +14,7 @@ "name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8", "type": "Microsoft.Security/governanceRules", "properties": { + "tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23", "displayName": "Admin's GCP rule", "description": "A rule on critical GCP recommendations", "remediationTimeframe": "7.00:00:00", @@ -40,6 +41,14 @@ "governanceEmailNotification": { "disableManagerEmailNotification": false, "disableOwnerEmailNotification": false + }, + "excludedScopes": [], + "includeMemberScopes": false, + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "updatedOn": "2022-11-10T08:31:26.7993124Z" } } }, @@ -48,6 +57,7 @@ "name": "4106f43c-6d82-4fc8-a92c-dcfe50799d1d", "type": "Microsoft.Security/governanceRules", "properties": { + "tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23", "displayName": "GCP Admin's rule", "description": "A rule on critical GCP recommendations", "remediationTimeframe": "7.00:00:00", @@ -74,6 +84,14 @@ "governanceEmailNotification": { "disableManagerEmailNotification": false, "disableOwnerEmailNotification": false + }, + "excludedScopes": [], + "includeMemberScopes": false, + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "updatedOn": "2022-11-10T08:31:26.7993124Z" } } } diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/ListBySubscriptionGovernanceRules_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/ListBySubscriptionGovernanceRules_example.json index e7856c9b0289..ed47c6cc9c24 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/ListBySubscriptionGovernanceRules_example.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/ListBySubscriptionGovernanceRules_example.json @@ -12,8 +12,9 @@ "name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8", "type": "Microsoft.Security/governanceRules", "properties": { + "tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23", "displayName": "Admin's rule", - "description": "A rule on critical recommendations", + "description": "A rule for critical recommendations", "remediationTimeframe": "7.00:00:00", "isGracePeriod": true, "rulePriority": 100, @@ -38,6 +39,14 @@ "governanceEmailNotification": { "disableManagerEmailNotification": false, "disableOwnerEmailNotification": false + }, + "excludedScopes": [], + "includeMemberScopes": false, + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "updatedOn": "2022-11-10T08:31:26.7993124Z" } } }, @@ -46,8 +55,9 @@ "name": "4106f43c-6d82-4fc8-a92c-dcfe50799d1d", "type": "Microsoft.Security/governanceRules", "properties": { + "tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23", "displayName": "Admin's rule", - "description": "A rule on critical recommendations", + "description": "A rule for critical recommendations", "remediationTimeframe": "7.00:00:00", "isGracePeriod": true, "rulePriority": 200, @@ -72,6 +82,14 @@ "governanceEmailNotification": { "disableManagerEmailNotification": true, "disableOwnerEmailNotification": true + }, + "excludedScopes": [], + "includeMemberScopes": false, + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "updatedOn": "2022-11-10T08:31:26.7993124Z" } } } diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PostGovernanceRule_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PostGovernanceRule_example.json index aec228b2bc63..8591c717f382 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PostGovernanceRule_example.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PostGovernanceRule_example.json @@ -9,7 +9,9 @@ }, "responses": { "202": { - "location": "https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8/operationResults/58b33f4f-c8c7-4b01-99cc-d437db4d40dd?api-version=2022-01-01-preview" + "headers": { + "location": "https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8/operationResults/58b33f4f-c8c7-4b01-99cc-d437db4d40dd?api-version=2022-01-01-preview" + } } } } diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PostManagementGroupGovernanceRule_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PostManagementGroupGovernanceRule_example.json new file mode 100644 index 000000000000..9c67bb17a0c0 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PostManagementGroupGovernanceRule_example.json @@ -0,0 +1,17 @@ +{ + "parameters": { + "api-version": "2022-01-01-preview", + "managementGroupId": "contoso", + "ruleId": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8", + "ExecuteGovernanceRuleBody": { + "override": false + } + }, + "responses": { + "202": { + "headers": { + "location": "https://management.azure.com/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8/operationResults/58b33f4f-c8c7-4b01-99cc-d437db4d40dd?api-version=2022-01-01-preview" + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PostSecurityConnectorGovernanceRule_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PostSecurityConnectorGovernanceRule_example.json index a658f384f64a..6a6b1a688a92 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PostSecurityConnectorGovernanceRule_example.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PostSecurityConnectorGovernanceRule_example.json @@ -11,7 +11,9 @@ }, "responses": { "202": { - "location": "https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8/operationResults/58b33f4f-c8c7-4b01-99cc-d437db4d40dd?api-version=2022-01-01-preview" + "headers": { + "location": "https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8/operationResults/58b33f4f-c8c7-4b01-99cc-d437db4d40dd?api-version=2022-01-01-preview" + } } } } diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutGovernanceRule_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutGovernanceRule_example.json index 31bda10f6157..650faec996ac 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutGovernanceRule_example.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutGovernanceRule_example.json @@ -6,7 +6,7 @@ "governanceRule": { "properties": { "displayName": "Admin's rule", - "description": "A rule on critical recommendations", + "description": "A rule for critical recommendations", "remediationTimeframe": "7.00:00:00", "isGracePeriod": true, "rulePriority": 200, @@ -39,11 +39,12 @@ "200": { "body": { "id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8", - "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8", "type": "Microsoft.Security/governanceRules", "properties": { + "tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23", "displayName": "Admin's rule", - "description": "A rule on critical recommendations", + "description": "A rule for critical recommendations", "remediationTimeframe": "7.00:00:00", "isGracePeriod": true, "rulePriority": 200, @@ -68,6 +69,14 @@ "governanceEmailNotification": { "disableManagerEmailNotification": false, "disableOwnerEmailNotification": false + }, + "excludedScopes": [], + "includeMemberScopes": false, + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "updatedOn": "2022-11-10T08:31:26.7993124Z" } } } @@ -75,11 +84,12 @@ "201": { "body": { "id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8", - "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8", "type": "Microsoft.Security/governanceRules", "properties": { + "tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23", "displayName": "Admin's rule", - "description": "A rule on critical recommendations", + "description": "A rule for critical recommendations", "remediationTimeframe": "7.00:00:00", "isGracePeriod": true, "rulePriority": 200, @@ -104,6 +114,14 @@ "governanceEmailNotification": { "disableManagerEmailNotification": false, "disableOwnerEmailNotification": false + }, + "excludedScopes": [], + "includeMemberScopes": false, + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "updatedOn": "2022-11-10T08:31:26.7993124Z" } } } diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutManagementGroupGovernanceRule_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutManagementGroupGovernanceRule_example.json new file mode 100644 index 000000000000..5c3b5abe0ad7 --- /dev/null +++ b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutManagementGroupGovernanceRule_example.json @@ -0,0 +1,137 @@ +{ + "parameters": { + "api-version": "2022-01-01-preview", + "managementGroupId": "contoso", + "ruleId": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8", + "governanceRule": { + "properties": { + "displayName": "Management group rule", + "description": "A rule for a management group", + "remediationTimeframe": "7.00:00:00", + "isGracePeriod": true, + "rulePriority": 200, + "isDisabled": false, + "ruleType": "Integrated", + "sourceResourceType": "Assessments", + "conditionSets": [ + { + "conditions": [ + { + "property": "$.AssessmentKey", + "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]", + "operator": "In" + } + ] + } + ], + "ownerSource": { + "type": "Manually", + "value": "user@contoso.com" + }, + "governanceEmailNotification": { + "disableManagerEmailNotification": true, + "disableOwnerEmailNotification": false + }, + "excludedScopes": [ + "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23" + ] + } + } + }, + "responses": { + "200": { + "body": { + "id": "providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8", + "name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8", + "type": "Microsoft.Security/governanceRules", + "properties": { + "tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23", + "displayName": "Management group rule", + "description": "A rule for a management group", + "remediationTimeframe": "7.00:00:00", + "isGracePeriod": true, + "rulePriority": 200, + "isDisabled": false, + "ruleType": "Integrated", + "sourceResourceType": "Assessments", + "conditionSets": [ + { + "conditions": [ + { + "property": "$.AssessmentKey", + "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]", + "operator": "In" + } + ] + } + ], + "ownerSource": { + "type": "Manually", + "value": "user@contoso.com" + }, + "governanceEmailNotification": { + "disableManagerEmailNotification": true, + "disableOwnerEmailNotification": false + }, + "excludedScopes": [ + "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23" + ], + "includeMemberScopes": false, + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "updatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + } + }, + "201": { + "body": { + "id": "providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8", + "name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8", + "type": "Microsoft.Security/governanceRules", + "properties": { + "tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23", + "displayName": "Management group rule", + "description": "A rule for a management group", + "remediationTimeframe": "7.00:00:00", + "isGracePeriod": true, + "rulePriority": 200, + "isDisabled": false, + "ruleType": "Integrated", + "sourceResourceType": "Assessments", + "conditionSets": [ + { + "conditions": [ + { + "property": "$.AssessmentKey", + "value": "[\"b1cd27e0-4ecc-4246-939f-49c426d9d72f\", \"fe83f80b-073d-4ccf-93d9-6797eb870201\"]", + "operator": "In" + } + ] + } + ], + "ownerSource": { + "type": "Manually", + "value": "user@contoso.com" + }, + "governanceEmailNotification": { + "disableManagerEmailNotification": true, + "disableOwnerEmailNotification": false + }, + "excludedScopes": [ + "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23" + ], + "includeMemberScopes": false, + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "updatedOn": "2022-11-10T08:31:26.7993124Z" + } + } + } + } + } +} diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutSecurityConnectorGovernanceRule_example.json b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutSecurityConnectorGovernanceRule_example.json index 1a7510485ef1..9653be520939 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutSecurityConnectorGovernanceRule_example.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/examples/GovernanceRules/PutSecurityConnectorGovernanceRule_example.json @@ -41,9 +41,10 @@ "200": { "body": { "id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8", - "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8", "type": "Microsoft.Security/governanceRules", "properties": { + "tenantId": "f0b6d37b-e4bc-4719-9291-c066c3194f23", "displayName": "GCP Admin's rule", "description": "A rule on critical GCP recommendations", "remediationTimeframe": "7.00:00:00", @@ -70,6 +71,14 @@ "governanceEmailNotification": { "disableManagerEmailNotification": true, "disableOwnerEmailNotification": false + }, + "excludedScopes": [], + "includeMemberScopes": false, + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "updatedOn": "2022-11-10T08:31:26.7993124Z" } } } @@ -77,7 +86,7 @@ "201": { "body": { "id": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/gcpResourceGroup/providers/Microsoft.Security/securityConnectors/gcpconnector/providers/Microsoft.Security/governanceRules/ad9a8e26-29d9-4829-bb30-e597a58cdbb8", - "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "name": "ad9a8e26-29d9-4829-bb30-e597a58cdbb8", "type": "Microsoft.Security/governanceRules", "properties": { "displayName": "GCP Admin's rule", @@ -106,6 +115,14 @@ "governanceEmailNotification": { "disableManagerEmailNotification": true, "disableOwnerEmailNotification": false + }, + "excludedScopes": [], + "includeMemberScopes": false, + "metadata": { + "createdBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "createdOn": "2022-11-10T08:31:26.7993124Z", + "updatedBy": "c23b5354-ff0a-4b2a-9f92-6f144effd936", + "updatedOn": "2022-11-10T08:31:26.7993124Z" } } } diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/governanceAssignments.json b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/governanceAssignments.json index ae86fdca8419..1733a6db08af 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/governanceAssignments.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/governanceAssignments.json @@ -2,7 +2,7 @@ "swagger": "2.0", "info": { "title": "Security Center", - "description": "API spec for Microsoft.Security (Azure Security Center) resource provider", + "description": "API spec for Microsoft.Security (Microsoft Defender for Cloud) resource provider", "version": "2022-01-01-preview" }, "host": "management.azure.com", @@ -37,14 +37,14 @@ "/{scope}/providers/Microsoft.Security/assessments/{assessmentName}/governanceAssignments": { "get": { "x-ms-examples": { - "List security governanceAssignments": { + "List governance assignments": { "$ref": "./examples/GovernanceAssignments/ListGovernanceAssignments_example.json" } }, "tags": [ "GovernanceAssignments" ], - "description": "Get security governanceAssignments on all your resources inside a scope", + "description": "Get governance assignments on all of your resources inside a scope", "operationId": "GovernanceAssignments_List", "parameters": [ { @@ -79,7 +79,7 @@ "/{scope}/providers/Microsoft.Security/assessments/{assessmentName}/governanceAssignments/{assignmentKey}": { "get": { "x-ms-examples": { - "Get security governanceAssignment by specific governanceAssignmentKey": { + "Get governanceAssignment by specific governanceAssignmentKey": { "$ref": "./examples/GovernanceAssignments/GetGovernanceAssignment_example.json" } }, @@ -126,7 +126,7 @@ "tags": [ "GovernanceAssignments" ], - "description": "Creates or update a security GovernanceAssignment on the given subscription.", + "description": "Creates or updates a governance assignment on the given subscription.", "operationId": "GovernanceAssignments_CreateOrUpdate", "parameters": [ { @@ -193,10 +193,10 @@ ], "responses": { "200": { - "description": "OK - GovernanceAssignment was deleted" + "description": "OK - Governance assignment was deleted" }, "204": { - "description": "No Content - GovernanceAssignment does not exist" + "description": "No Content - Governance assignment does not exist" }, "default": { "description": "Error response describing why the operation failed" @@ -208,7 +208,7 @@ "definitions": { "GovernanceAssignmentsList": { "type": "object", - "description": "Page of a security governance assignments list", + "description": "Page of a governance assignments list", "properties": { "value": { "description": "Collection of governance assignments in this page", @@ -227,10 +227,10 @@ }, "GovernanceAssignment": { "type": "object", - "description": "Security GovernanceAssignment over a given scope", + "description": "Governance assignment over a given scope", "properties": { "properties": { - "description": "Properties of a security governanceAssignment", + "description": "The properties of a governance assignment", "x-ms-client-flatten": true, "$ref": "#/definitions/GovernanceAssignmentProperties" } @@ -291,20 +291,20 @@ }, "GovernanceAssignmentAdditionalData": { "type": "object", - "description": "Describe the additional data of GovernanceAssignment - optional", + "description": "Describe the additional data of governance assignment - optional", "properties": { "ticketNumber": { - "description": "Ticket number associated with this GovernanceAssignment", + "description": "Ticket number associated with this governance assignment", "type": "integer", "format": "int32", "minimum": 0 }, "ticketLink": { - "description": "Ticket link associated with this GovernanceAssignment - for example: https://snow.com", + "description": "Ticket link associated with this governance assignment - for example: https://snow.com", "type": "string" }, "ticketStatus": { - "description": "The ticket status associated with this GovernanceAssignment - for example: Active", + "description": "The ticket status associated with this governance assignment - for example: Active", "type": "string" } } @@ -335,7 +335,7 @@ "in": "path", "required": true, "type": "string", - "description": "The security governance assignment key - the assessment key of the required governance assignment", + "description": "The governance assignment key - the assessment key of the required governance assignment", "x-ms-parameter-location": "method" }, "AssessmentName": { @@ -343,7 +343,8 @@ "in": "path", "required": true, "type": "string", - "description": "The Assessment Key - Unique key for the assessment type", + "pattern": "^[-\\w\\._\\(\\)]+$", + "description": "The Assessment Key - A unique key for the assessment type", "x-ms-parameter-location": "method" }, "GovernanceAssignmentBody": { @@ -353,7 +354,7 @@ "schema": { "$ref": "#/definitions/GovernanceAssignment" }, - "description": "GovernanceAssignment over a subscription scope", + "description": "Governance assignment over a subscription scope", "x-ms-parameter-location": "method" } } diff --git a/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/governanceRules.json b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/governanceRules.json index cb94196c2433..22f4734fbc73 100644 --- a/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/governanceRules.json +++ b/specification/security/resource-manager/Microsoft.Security/preview/2022-01-01-preview/governanceRules.json @@ -37,14 +37,14 @@ "/subscriptions/{subscriptionId}/providers/Microsoft.Security/governanceRules": { "get": { "x-ms-examples": { - "List security governanceRules by subscription level scope": { + "List governance rules by subscription level scope": { "$ref": "./examples/GovernanceRules/ListBySubscriptionGovernanceRules_example.json" } }, "tags": [ "GovernanceRules" ], - "description": "Get a list of all relevant governanceRules over a subscription level scope", + "description": "Get a list of the governance rules on the subscription level scope", "operationId": "GovernanceRule_List", "parameters": [ { @@ -76,14 +76,14 @@ "/subscriptions/{subscriptionId}/providers/Microsoft.Security/governanceRules/{ruleId}": { "get": { "x-ms-examples": { - "Get security governanceRules by specific governanceRuleId": { + "Get a governance rule by its' ID": { "$ref": "./examples/GovernanceRules/GetGovernanceRule_example.json" } }, "tags": [ "GovernanceRules" ], - "description": "Get a specific governanceRule for the requested scope by ruleId", + "description": "Get a specific governance rule for the requested scope by ruleId", "operationId": "GovernanceRules_Get", "parameters": [ { @@ -113,14 +113,14 @@ }, "put": { "x-ms-examples": { - "Create Governance rule": { + "Create governance rule": { "$ref": "./examples/GovernanceRules/PutGovernanceRule_example.json" } }, "tags": [ "GovernanceRules" ], - "description": "Creates or update a security GovernanceRule on the given subscription.", + "description": "Creates or updates a governance rule on a subscription", "operationId": "GovernanceRules_CreateOrUpdate", "parameters": [ { @@ -159,14 +159,14 @@ }, "delete": { "x-ms-examples": { - "Delete security GovernanceRule": { + "Delete governance rule": { "$ref": "./examples/GovernanceRules/DeleteGovernanceRule_example.json" } }, "tags": [ "GovernanceRules" ], - "description": "Delete a GovernanceRule over a given scope", + "description": "Delete a Governance rule over a given scope", "operationId": "GovernanceRules_Delete", "parameters": [ { @@ -181,7 +181,7 @@ ], "responses": { "200": { - "description": "OK - GovernanceRule was deleted" + "description": "OK - Governance rule was deleted" }, "204": { "description": "No Content - GovernanceRule does not exist" @@ -195,14 +195,14 @@ "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName}/providers/Microsoft.Security/governanceRules": { "get": { "x-ms-examples": { - "List security governanceRules by security connector level scope": { + "List governance rules by security connector level scope": { "$ref": "./examples/GovernanceRules/ListBySecurityConnectorGovernanceRules_example.json" } }, "tags": [ "GovernanceRules" ], - "description": "Get a list of all relevant governanceRules over a security connector level scope", + "description": "Get a list of all relevant governance rules over a security connector level scope", "operationId": "SecurityConnectorGovernanceRule_List", "parameters": [ { @@ -240,14 +240,14 @@ "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName}/providers/Microsoft.Security/governanceRules/{ruleId}": { "get": { "x-ms-examples": { - "Get security governanceRules by specific governanceRuleId": { + "Get a governance rule by its' ID": { "$ref": "./examples/GovernanceRules/GetSecurityConnectorGovernanceRule_example.json" } }, "tags": [ "GovernanceRules" ], - "description": "Get a specific governanceRule for the requested scope by ruleId", + "description": "Get a specific governance rule for the requested scope by ruleId", "operationId": "SecurityConnectorGovernanceRules_Get", "parameters": [ { @@ -290,7 +290,7 @@ "tags": [ "GovernanceRules" ], - "description": "Creates or update a security GovernanceRule on the given security connector.", + "description": "Creates or updates a governance rule on the given security connector", "operationId": "SecurityConnectorGovernanceRules_CreateOrUpdate", "parameters": [ { @@ -335,14 +335,14 @@ }, "delete": { "x-ms-examples": { - "Delete security GovernanceRule": { + "Delete governance rule": { "$ref": "./examples/GovernanceRules/DeleteSecurityConnectorGovernanceRule_example.json" } }, "tags": [ "GovernanceRules" ], - "description": "Delete a GovernanceRule over a given scope", + "description": "Delete a Governance rule over a given scope", "operationId": "SecurityConnectorGovernanceRules_Delete", "parameters": [ { @@ -363,14 +363,195 @@ ], "responses": { "200": { - "description": "OK - GovernanceRule was deleted" + "description": "OK - Governance rule was deleted" + }, + "202": { + "description": "Accepted - Governance rule deletion on management scope", + "headers": { + "location": { + "type": "string", + "description": "Location URL for the deletion status" + } + } }, "204": { - "description": "No Content - GovernanceRule does not exist" + "description": "No Content - Governance rule does not exist" + }, + "default": { + "description": "Error response describing why the operation failed" + } + }, + "x-ms-long-running-operation": true, + "x-ms-long-running-operation-options": { + "final-state-via": "location" + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Security/governanceRules": { + "get": { + "x-ms-examples": { + "List governance rules by management group level scope": { + "$ref": "./examples/GovernanceRules/ListByManagementGroupGovernanceRules_example.json" + } + }, + "tags": [ + "GovernanceRules" + ], + "description": "Get a list of all relevant governance rules over a management group level scope", + "operationId": "ManagementGroupGovernanceRule_List", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ManagementGroupId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/GovernanceRuleList" + } + }, + "default": { + "description": "Error response describing why the operation failed", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Security/governanceRules/{ruleId}": { + "get": { + "x-ms-examples": { + "Get governance rules by specific governanceRuleId": { + "$ref": "./examples/GovernanceRules/GetManagementGroupGovernanceRule_example.json" + } + }, + "tags": [ + "GovernanceRules" + ], + "description": "Get a specific governance rule for the requested scope by ruleId", + "operationId": "managementGroupGovernanceRules_Get", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ManagementGroupId" + }, + { + "$ref": "#/parameters/RuleId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/GovernanceRule" + } + }, + "default": { + "description": "Error response describing why the operation failed", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + }, + "put": { + "x-ms-examples": { + "Create Governance rule": { + "$ref": "./examples/GovernanceRules/PutManagementGroupGovernanceRule_example.json" + } + }, + "tags": [ + "GovernanceRules" + ], + "description": "Creates or updates governance rule on the given management group", + "operationId": "ManagementGroupGovernanceRules_CreateOrUpdate", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ManagementGroupId" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/GovernanceRuleBody" + } + ], + "responses": { + "201": { + "description": "Created", + "schema": { + "$ref": "#/definitions/GovernanceRule" + } + }, + "200": { + "description": "OK - Updated", + "schema": { + "$ref": "#/definitions/GovernanceRule" + } + }, + "default": { + "description": "Error response describing why the operation failed", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + }, + "delete": { + "x-ms-examples": { + "Delete Governance rule": { + "$ref": "./examples/GovernanceRules/DeleteManagementGroupGovernanceRule_example.json" + } + }, + "tags": [ + "GovernanceRules" + ], + "description": "Delete a Governance rule over a given scope", + "operationId": "ManagementGroupGovernanceRules_Delete", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ManagementGroupId" + }, + { + "$ref": "#/parameters/RuleId" + } + ], + "responses": { + "202": { + "description": "Accepted - Governance rule deletion on management scope", + "headers": { + "location": { + "type": "string", + "description": "Location URL for the deletion status" + } + } + }, + "204": { + "description": "No Content - Governance rule does not exist" }, "default": { "description": "Error response describing why the operation failed" } + }, + "x-ms-long-running-operation": true, + "x-ms-long-running-operation-options": { + "final-state-via": "location" } } }, @@ -384,7 +565,7 @@ "tags": [ "GovernanceRules" ], - "description": "Execute a security GovernanceRule on the given subscription.", + "description": "Execute a governance rule on a subscription", "operationId": "GovernanceRules_RuleIdExecuteSingleSubscription", "parameters": [ { @@ -417,20 +598,23 @@ } } }, - "x-ms-long-running-operation": true + "x-ms-long-running-operation": true, + "x-ms-long-running-operation-options": { + "final-state-via": "location" + } } }, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName}/providers/Microsoft.Security/governanceRules/{ruleId}/execute": { "post": { "x-ms-examples": { - "Execute Governance rule": { + "Execute governance rule": { "$ref": "./examples/GovernanceRules/PostSecurityConnectorGovernanceRule_example.json" } }, "tags": [ "GovernanceRules" ], - "description": "Execute a security GovernanceRule on the given security connector.", + "description": "Execute a governance rule on the given security connector", "operationId": "GovernanceRules_RuleIdExecuteSingleSecurityConnector", "parameters": [ { @@ -469,20 +653,72 @@ } } }, - "x-ms-long-running-operation": true + "x-ms-long-running-operation": true, + "x-ms-long-running-operation-options": { + "final-state-via": "location" + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Security/governanceRules/{ruleId}/execute": { + "post": { + "x-ms-examples": { + "Execute governance rule": { + "$ref": "./examples/GovernanceRules/PostManagementGroupGovernanceRule_example.json" + } + }, + "tags": [ + "GovernanceRules" + ], + "description": "Execute governance rule on the given management group", + "operationId": "GovernanceRules_RuleIdExecuteSingleManagementGroup", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ManagementGroupId" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/ExecuteGovernanceRuleBody" + } + ], + "responses": { + "202": { + "description": "Accepted", + "headers": { + "location": { + "type": "string", + "description": "Location URL for the execution status" + } + } + }, + "default": { + "description": "Error response describing why the operation failed", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + }, + "x-ms-long-running-operation": true, + "x-ms-long-running-operation-options": { + "final-state-via": "location" + } } }, "/subscriptions/{subscriptionId}/providers/Microsoft.Security/governanceRules/{ruleId}/operationResults/{operationId}": { "get": { "x-ms-examples": { - "Get security governanceRules execution status by specific governanceRuleId": { + "Get governance rules execution status by specific governanceRuleId": { "$ref": "./examples/GovernanceRules/GetGovernanceRuleExecuteStatus_example.json" } }, "tags": [ "GovernanceRules" ], - "description": "Get a specific governanceRule execution status for the requested scope by ruleId and operationId", + "description": "Get a specific governance rule execution status for the requested scope by ruleId and operationId", "operationId": "SubscriptionGovernanceRulesExecuteStatus_Get", "parameters": [ { @@ -520,21 +756,20 @@ "$ref": "../../../common/v1/types.json#/definitions/CloudError" } } - }, - "x-ms-long-running-operation": true + } } }, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/securityConnectors/{securityConnectorName}/providers/Microsoft.Security/governanceRules/{ruleId}/operationResults/{operationId}": { "get": { "x-ms-examples": { - "Get security governanceRules execution status by specific governanceRuleId": { + "Get governance rules execution status by specific governanceRuleId": { "$ref": "./examples/GovernanceRules/GetSecurityConnectorGovernanceRuleExecuteStatus_example.json" } }, "tags": [ "GovernanceRules" ], - "description": "Get a specific governanceRule execution status for the requested scope by ruleId and operationId", + "description": "Get a specific governance rule execution status for the requested scope by ruleId and operationId", "operationId": "SecurityConnectorGovernanceRulesExecuteStatus_Get", "parameters": [ { @@ -578,18 +813,116 @@ "$ref": "../../../common/v1/types.json#/definitions/CloudError" } } + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Security/governanceRules/{ruleId}/execute/operationResults/{operationId}": { + "get": { + "x-ms-examples": { + "Get governance rules execution status by specific governance rule ID": { + "$ref": "./examples/GovernanceRules/GetManagementGroupGovernanceRuleExecuteStatus_example.json" + } }, - "x-ms-long-running-operation": true + "tags": [ + "GovernanceRules" + ], + "description": "Get a specific governance rule execution status for the requested scope by ruleId and operationId", + "operationId": "ManagementGroupGovernanceRulesExecuteStatus_Get", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ManagementGroupId" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/OperationId" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/ExecuteRuleStatus" + } + }, + "202": { + "description": "Accepted", + "headers": { + "location": { + "type": "string", + "description": "Location URL for the execution status" + } + } + }, + "default": { + "description": "Error response describing why the operation failed", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Security/governanceRules/{ruleId}/delete/operationResults/{operationId}": { + "get": { + "x-ms-examples": { + "Get governance rules deletion status by specific governance rule ID": { + "$ref": "./examples/GovernanceRules/GetManagementGroupGovernanceRuleDeleteStatus_example.json" + } + }, + "tags": [ + "GovernanceRules" + ], + "description": "Get a specific governance rule deletion status for the requested scope by rule ID and operation ID", + "operationId": "ManagementGroupGovernanceRulesDeleteStatus_Get", + "parameters": [ + { + "$ref": "../../../common/v1/types.json#/parameters/ApiVersion" + }, + { + "$ref": "../../../common/v1/types.json#/parameters/ManagementGroupId" + }, + { + "$ref": "#/parameters/RuleId" + }, + { + "$ref": "#/parameters/OperationId" + } + ], + "responses": { + "204": { + "description": "Delete succeeded" + }, + "202": { + "description": "Accepted", + "headers": { + "location": { + "type": "string", + "description": "Location URL for the deletion status" + } + } + }, + "default": { + "description": "Error response describing why the operation failed", + "schema": { + "$ref": "../../../common/v1/types.json#/definitions/CloudError" + } + } + } } } }, "definitions": { "GovernanceRuleList": { "type": "object", - "description": "Page of a security governanceRules list", + "description": "Page of a governance rules list", "properties": { "value": { - "description": "Collection of governanceRules in this page", + "description": "Collection of governance rules in this page", "readOnly": true, "type": "array", "items": { @@ -605,10 +938,10 @@ }, "GovernanceRule": { "type": "object", - "description": "Security GovernanceRule over a given scope", + "description": "Governance rule over a given scope", "properties": { "properties": { - "description": "Properties of a security governanceRule", + "description": "Properties of a governance rule", "x-ms-client-flatten": true, "$ref": "#/definitions/GovernanceRuleProperties" } @@ -621,19 +954,25 @@ }, "GovernanceRuleProperties": { "type": "object", - "description": "Describes properties of an governanceRule", + "description": "Describes properties of an governance rule", "properties": { + "tenantId": { + "description": "The tenantId (GUID)", + "readOnly": true, + "type": "string" + }, "displayName": { - "description": "display name of the governanceRule", + "description": "Display name of the governance rule", "type": "string" }, "description": { - "description": "description of the governanceRule", + "description": "Description of the governance rule", "type": "string" }, "remediationTimeframe": { "type": "string", - "description": "Governance rule remediation timeframe - this is the time that will affect on the grace-period duration e.g. 7.00:00:00 - means 7 days" + "description": "Governance rule remediation timeframe - this is the time that will affect on the grace-period duration e.g. 7.00:00:00 - means 7 days", + "pattern": "^[0-9]+\\.[0-9]{2}:[0-9]{2}:[0-9]{2}$" }, "isGracePeriod": { "description": "Defines whether there is a grace period on the governance rule", @@ -689,6 +1028,15 @@ ] } }, + "excludedScopes": { + "type": "array", + "description": "Excluded scopes, filter out the descendants of the scope (on management scopes)", + "items": { + "description": "The excluded scope", + "type": "string" + }, + "x-ms-identifiers": [] + }, "conditionSets": { "type": "array", "description": "The governance rule conditionSets - see examples", @@ -697,13 +1045,20 @@ }, "x-ms-identifiers": [] }, + "includeMemberScopes": { + "type": "boolean", + "description": "Defines whether the rule is management scope rule (master connector as a single scope or management scope)" + }, "ownerSource": { - "description": "The Owner source for the governance rule - e.g. Manually by user@contoso.com - see example", + "description": "The owner source for the governance rule - e.g. Manually by user@contoso.com - see example", "$ref": "#/definitions/GovernanceRuleOwnerSource" }, "governanceEmailNotification": { "description": "The email notifications settings for the governance rule, states whether to disable notifications for mangers and owners", "$ref": "#/definitions/GovernanceRuleEmailNotification" + }, + "metadata": { + "$ref": "#/definitions/GovernanceRuleMetadata" } }, "required": [ @@ -810,24 +1165,52 @@ }, "GovernanceRuleEmailNotification": { "type": "object", - "description": "The governance email weekly notification configuration.", + "description": "The governance email weekly notification configuration", "properties": { "disableManagerEmailNotification": { - "description": "Defines whether manager email notifications are disabled.", + "description": "Defines whether manager email notifications are disabled", "type": "boolean" }, "disableOwnerEmailNotification": { - "description": "Defines whether owner email notifications are disabled.", + "description": "Defines whether owner email notifications are disabled", "type": "boolean" } } }, + "GovernanceRuleMetadata": { + "type": "object", + "description": "The governance rule metadata", + "properties": { + "createdBy": { + "description": "Governance rule Created by object id (GUID)", + "type": "string", + "readOnly": true + }, + "createdOn": { + "description": "Governance rule creation date", + "type": "string", + "format": "date-time", + "readOnly": true + }, + "updatedBy": { + "description": "Governance rule last updated by object id (GUID)", + "type": "string", + "readOnly": true + }, + "updatedOn": { + "description": "Governance rule last update date", + "type": "string", + "format": "date-time", + "readOnly": true + } + } + }, "ExecuteRuleStatus": { "type": "object", - "description": "Execute status of Security GovernanceRule over a given scope", + "description": "Execute status of governance rule over a given scope", "properties": { "operationId": { - "description": "Unique key for the execution of GovernanceRule", + "description": "Unique key for the execution of governance rule", "type": "string", "readOnly": true } @@ -840,7 +1223,7 @@ "in": "path", "required": true, "type": "string", - "description": "The security GovernanceRule key - unique key for the standard GovernanceRule", + "description": "The governance rule key - unique key for the standard governance rule (GUID)", "x-ms-parameter-location": "method" }, "GovernanceRuleBody": { @@ -850,7 +1233,7 @@ "schema": { "$ref": "#/definitions/GovernanceRule" }, - "description": "GovernanceRule over a subscription scope", + "description": "Governance rule over a given scope", "x-ms-parameter-location": "method" }, "ExecuteGovernanceRuleBody": { @@ -859,7 +1242,7 @@ "schema": { "$ref": "#/definitions/ExecuteGovernanceRuleParams" }, - "description": "GovernanceRule over a subscription scope", + "description": "Execute governance rule over a given scope", "x-ms-parameter-location": "method" }, "SecurityConnectorName": { @@ -867,6 +1250,7 @@ "in": "path", "required": true, "type": "string", + "pattern": "^[-\\w\\._\\(\\)]+$", "description": "The security connector name.", "x-ms-parameter-location": "method" }, @@ -875,7 +1259,7 @@ "in": "path", "required": true, "type": "string", - "description": "The security GovernanceRule execution key - unique key for the execution of GovernanceRule", + "description": "The governance rule execution key - unique key for the execution of governance rule", "x-ms-parameter-location": "method" } } diff --git a/specification/security/resource-manager/common/v1/types.json b/specification/security/resource-manager/common/v1/types.json index 854ff73dac6e..7163609879a1 100644 --- a/specification/security/resource-manager/common/v1/types.json +++ b/specification/security/resource-manager/common/v1/types.json @@ -376,6 +376,13 @@ "type": "string", "description": "Azure subscription ID" }, + "ManagementGroupId": { + "name": "managementGroupId", + "in": "path", + "required": true, + "type": "string", + "description": "Azure Management Group ID" + }, "ResourceGroupName": { "name": "resourceGroupName", "in": "path",