From 26fd65cccb68f47484c4403b69cc5c4b6bc28ce0 Mon Sep 17 00:00:00 2001 From: Azure SDK Bot <53356347+azure-sdk@users.noreply.github.com> Date: Mon, 24 Feb 2025 11:40:19 -0800 Subject: [PATCH 01/10] bump proxy version to 1.0.0-dev.20250221.1 (#32771) Co-authored-by: Scott Beddall --- eng/common/testproxy/target_version.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eng/common/testproxy/target_version.txt b/eng/common/testproxy/target_version.txt index 7c3d75f3a484..ac6bc7f9f590 100644 --- a/eng/common/testproxy/target_version.txt +++ b/eng/common/testproxy/target_version.txt @@ -1 +1 @@ -1.0.0-dev.20241213.1 +1.0.0-dev.20250221.1 From a23cba3dd912b0e2726b4f0847c0197129534e94 Mon Sep 17 00:00:00 2001 From: Rita Lu Date: Mon, 24 Feb 2025 11:48:02 -0800 Subject: [PATCH 02/10] Microsoft.Advisor New API Version (2023-09-01-preview) (#32691) * Add base for updating Microsoft.Advisor from version stable/2023-01-01 to version 2023-09-01-preview * Add API version changes for Assessments and ResiliencyReviews APIs * revert types.json version * Fix prettier and model validation errors * trigger build --------- Co-authored-by: Rita Lu --- .../preview/2023-09-01-preview/advisor.json | 1901 +++++++++++++++++ .../2023-09-01-preview/assessments.json | 514 +++++ .../examples/CreateConfiguration.json | 61 + .../examples/CreateSuppression.json | 34 + .../examples/DeleteAssessment.json | 13 + .../examples/DeleteSuppression.json | 11 + .../examples/EmptyResponse.json | 11 + .../examples/GenerateRecommendations.json | 14 + .../examples/GetAdvisorScoreDetail.json | 155 ++ .../examples/GetAssessment.json | 36 + .../examples/GetRecommendationDetail.json | 70 + .../GetRecommendationMetadataEntity.json | 41 + .../examples/GetSuppressionDetail.json | 30 + .../examples/ListAdvisorScore.json | 351 +++ .../examples/ListAssessmentTypes.json | 21 + .../examples/ListAssessments.json | 41 + .../examples/ListConfigurations.json | 42 + .../examples/ListRecommendationMetadata.json | 85 + .../examples/ListRecommendations.json | 142 ++ .../examples/ListSuppressions.json | 35 + .../examples/ListWorkloads.json | 20 + .../examples/OperationsList.json | 21 + .../2023-09-01-preview/examples/Predict.json | 46 + .../examples/PutAssessment.json | 70 + .../examples/ResiliencyReviewsGet.json | 33 + .../examples/ResiliencyReviewsList.json | 58 + .../TriageRecommendationsApprove.json | 13 + .../examples/TriageRecommendationsGet.json | 41 + .../examples/TriageRecommendationsList.json | 103 + .../examples/TriageRecommendationsReject.json | 16 + .../examples/TriageRecommendationsReset.json | 13 + .../examples/UpdateTrackedRecommendation.json | 93 + .../2023-09-01-preview/resiliencyReviews.json | 726 +++++++ .../advisor/resource-manager/readme.md | 13 +- 34 files changed, 4873 insertions(+), 1 deletion(-) create mode 100644 specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/advisor.json create mode 100644 specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/assessments.json create mode 100644 specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/CreateConfiguration.json create mode 100644 specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/CreateSuppression.json create mode 100644 specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/DeleteAssessment.json create mode 100644 specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/DeleteSuppression.json create mode 100644 specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/EmptyResponse.json create mode 100644 specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/GenerateRecommendations.json create mode 100644 specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/GetAdvisorScoreDetail.json create mode 100644 specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/GetAssessment.json create mode 100644 specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/GetRecommendationDetail.json create mode 100644 specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/GetRecommendationMetadataEntity.json create mode 100644 specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/GetSuppressionDetail.json create mode 100644 specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ListAdvisorScore.json create mode 100644 specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ListAssessmentTypes.json create mode 100644 specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ListAssessments.json create mode 100644 specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ListConfigurations.json create mode 100644 specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ListRecommendationMetadata.json create mode 100644 specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ListRecommendations.json create mode 100644 specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ListSuppressions.json create mode 100644 specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ListWorkloads.json create mode 100644 specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/OperationsList.json create mode 100644 specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/Predict.json create mode 100644 specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/PutAssessment.json create mode 100644 specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ResiliencyReviewsGet.json create mode 100644 specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ResiliencyReviewsList.json create mode 100644 specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/TriageRecommendationsApprove.json create mode 100644 specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/TriageRecommendationsGet.json create mode 100644 specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/TriageRecommendationsList.json create mode 100644 specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/TriageRecommendationsReject.json create mode 100644 specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/TriageRecommendationsReset.json create mode 100644 specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/UpdateTrackedRecommendation.json create mode 100644 specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/resiliencyReviews.json diff --git a/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/advisor.json b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/advisor.json new file mode 100644 index 000000000000..35b907125588 --- /dev/null +++ b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/advisor.json @@ -0,0 +1,1901 @@ +{ + "swagger": "2.0", + "info": { + "version": "2023-09-01-preview", + "title": "AdvisorManagementClient", + "description": "REST APIs for Azure Advisor" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "paths": { + "/providers/Microsoft.Advisor/metadata/{name}": { + "get": { + "tags": [ + "Metadata" + ], + "summary": "Gets the metadata entity.", + "operationId": "RecommendationMetadata_Get", + "parameters": [ + { + "name": "name", + "in": "path", + "description": "Name of metadata entity.", + "required": true, + "type": "string" + }, + { + "$ref": "#/parameters/apiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK. Successfully retrieved metadata entities", + "schema": { + "$ref": "#/definitions/MetadataEntity" + } + }, + "404": { + "description": "Client sent unknown metadata name", + "schema": { + "$ref": "#/definitions/ARMErrorResponseBody" + }, + "x-ms-error-response": true + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ArmErrorResponse" + } + } + }, + "x-ms-examples": { + "GetMetadata": { + "$ref": "./examples/GetRecommendationMetadataEntity.json" + } + } + } + }, + "/providers/Microsoft.Advisor/metadata": { + "get": { + "tags": [ + "Metadata" + ], + "summary": "Gets the list of metadata entities.", + "operationId": "RecommendationMetadata_List", + "parameters": [ + { + "$ref": "#/parameters/apiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK. Successfully retrieved metadata entities", + "schema": { + "$ref": "#/definitions/MetadataEntityListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ArmErrorResponse" + } + } + }, + "x-ms-examples": { + "GetMetadata": { + "$ref": "./examples/ListRecommendationMetadata.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Advisor/configurations": { + "get": { + "tags": [ + "Configurations" + ], + "summary": "Retrieve Azure Advisor configurations.", + "description": "Retrieve Azure Advisor configurations and also retrieve configurations of contained resource groups.", + "operationId": "Configurations_ListBySubscription", + "parameters": [ + { + "$ref": "#/parameters/apiVersionParameter" + }, + { + "$ref": "#/parameters/subscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "OK. Successfully retrieved zero or more configurations.", + "schema": { + "$ref": "#/definitions/ConfigurationListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ArmErrorResponse" + } + } + }, + "deprecated": false, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "GetConfigurations": { + "$ref": "./examples/ListConfigurations.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Advisor/configurations/{configurationName}": { + "put": { + "tags": [ + "Configurations" + ], + "summary": "Create/Overwrite Azure Advisor configuration.", + "description": "Create/Overwrite Azure Advisor configuration and also delete all configurations of contained resource groups.", + "operationId": "Configurations_CreateInSubscription", + "parameters": [ + { + "$ref": "#/parameters/apiVersionParameter" + }, + { + "name": "configContract", + "in": "body", + "description": "The Azure Advisor configuration data structure.", + "required": true, + "schema": { + "$ref": "#/definitions/ConfigData" + } + }, + { + "$ref": "#/parameters/subscriptionIdParameter" + }, + { + "name": "configurationName", + "in": "path", + "description": "Advisor configuration name. Value must be 'default'", + "required": true, + "type": "string", + "enum": [ + "default" + ], + "x-ms-enum": { + "name": "ConfigurationName", + "modelAsString": true + } + } + ], + "responses": { + "200": { + "description": "Successfully created/overwrote configuration.", + "schema": { + "$ref": "#/definitions/ConfigData" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ArmErrorResponse" + } + } + }, + "deprecated": false, + "x-ms-examples": { + "PutConfigurations": { + "$ref": "./examples/CreateConfiguration.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Advisor/configurations": { + "get": { + "tags": [ + "Configurations" + ], + "summary": "Retrieve Azure Advisor configurations.", + "operationId": "Configurations_ListByResourceGroup", + "parameters": [ + { + "$ref": "#/parameters/apiVersionParameter" + }, + { + "$ref": "#/parameters/subscriptionIdParameter" + }, + { + "name": "resourceGroup", + "in": "path", + "description": "The name of the Azure resource group.", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "OK. Successfully retrieved zero or more configurations.", + "schema": { + "$ref": "#/definitions/ConfigurationListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ArmErrorResponse" + } + } + }, + "deprecated": false, + "x-ms-pageable": { + "nextLinkName": null + }, + "x-ms-examples": { + "GetConfigurations": { + "$ref": "./examples/ListConfigurations.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Advisor/configurations/{configurationName}": { + "put": { + "tags": [ + "Configurations" + ], + "summary": "Create/Overwrite Azure Advisor configuration.", + "operationId": "Configurations_CreateInResourceGroup", + "parameters": [ + { + "$ref": "#/parameters/apiVersionParameter" + }, + { + "name": "configContract", + "in": "body", + "description": "The Azure Advisor configuration data structure.", + "required": true, + "schema": { + "$ref": "#/definitions/ConfigData" + } + }, + { + "$ref": "#/parameters/subscriptionIdParameter" + }, + { + "name": "configurationName", + "in": "path", + "description": "Advisor configuration name. Value must be 'default'", + "required": true, + "type": "string", + "enum": [ + "default" + ], + "x-ms-enum": { + "name": "ConfigurationName", + "modelAsString": true + } + }, + { + "name": "resourceGroup", + "in": "path", + "description": "The name of the Azure resource group.", + "required": true, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Successfully created/overwrote configuration.", + "schema": { + "$ref": "#/definitions/ConfigData" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ArmErrorResponse" + } + } + }, + "deprecated": false, + "x-ms-examples": { + "PutConfigurations": { + "$ref": "./examples/CreateConfiguration.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Advisor/generateRecommendations": { + "post": { + "tags": [ + "GenerateRecommendations" + ], + "description": "Initiates the recommendation generation or computation process for a subscription. This operation is asynchronous. The generated recommendations are stored in a cache in the Advisor service.", + "operationId": "Recommendations_Generate", + "parameters": [ + { + "$ref": "#/parameters/subscriptionIdParameter" + }, + { + "$ref": "#/parameters/apiVersionParameter" + } + ], + "responses": { + "202": { + "description": "Accepted. Recommendation generation has been accepted.", + "headers": { + "Location": { + "description": "The URL where the status of the asynchronous operation can be checked.", + "type": "string" + }, + "Retry-After": { + "description": "The amount of delay to use while the status of the operation is checked. The value is expressed in seconds.", + "type": "string" + } + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ArmErrorResponse" + } + } + }, + "deprecated": false, + "x-ms-examples": { + "GenerateRecommendations": { + "$ref": "./examples/GenerateRecommendations.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Advisor/generateRecommendations/{operationId}": { + "get": { + "tags": [ + "GenerateRecommendations" + ], + "description": "Retrieves the status of the recommendation computation or generation process. Invoke this API after calling the generation recommendation. The URI of this API is returned in the Location field of the response header.", + "operationId": "Recommendations_GetGenerateStatus", + "parameters": [ + { + "$ref": "#/parameters/subscriptionIdParameter" + }, + { + "name": "operationId", + "in": "path", + "description": "The operation ID, which can be found from the Location field in the generate recommendation response header.", + "required": true, + "type": "string", + "format": "uuid" + }, + { + "$ref": "#/parameters/apiVersionParameter" + } + ], + "responses": { + "202": { + "description": "Accepted. Recommendation generation is in progress." + }, + "204": { + "description": "NoContent. Recommendation generation has been completed." + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ArmErrorResponse" + } + } + }, + "deprecated": false, + "x-ms-examples": { + "GetGenerateStatus": { + "$ref": "./examples/EmptyResponse.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Advisor/recommendations": { + "get": { + "tags": [ + "GetRecommendations" + ], + "description": "Obtains cached recommendations for a subscription. The recommendations are generated or computed by invoking generateRecommendations.", + "operationId": "Recommendations_List", + "parameters": [ + { + "$ref": "#/parameters/subscriptionIdParameter" + }, + { + "$ref": "#/parameters/apiVersionParameter" + }, + { + "name": "$filter", + "in": "query", + "description": "The filter to apply to the recommendations.
Filter can be applied to properties ['ResourceId', 'ResourceGroup', 'RecommendationTypeGuid', '[Category](#category)'] with operators ['eq', 'and', 'or'].
Example:
- $filter=Category eq 'Cost' and ResourceGroup eq 'MyResourceGroup'", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "The number of recommendations per page if a paged version of this API is being used.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skipToken", + "in": "query", + "description": "The page-continuation token to use with a paged version of this API.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "OK. Successfully obtained cached recommendations.", + "schema": { + "$ref": "#/definitions/ResourceRecommendationBaseListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ArmErrorResponse" + } + } + }, + "deprecated": false, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "ListRecommendations": { + "$ref": "./examples/ListRecommendations.json" + } + } + } + }, + "/providers/Microsoft.Advisor/operations": { + "get": { + "tags": [ + "Operations" + ], + "description": "Lists all the available Advisor REST API operations.", + "operationId": "Operations_List", + "parameters": [ + { + "$ref": "#/parameters/apiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK. Successfully retrieved operation list.", + "schema": { + "$ref": "#/definitions/OperationEntityListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ArmErrorResponse" + } + } + }, + "deprecated": false, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "OperationsList": { + "$ref": "./examples/OperationsList.json" + } + } + } + }, + "/{resourceUri}/providers/Microsoft.Advisor/recommendations/{recommendationId}": { + "get": { + "tags": [ + "GetRecommendations" + ], + "description": "Obtains details of a cached recommendation.", + "operationId": "Recommendations_Get", + "parameters": [ + { + "name": "resourceUri", + "in": "path", + "description": "The fully qualified Azure Resource Manager identifier of the resource to which the recommendation applies.", + "required": true, + "type": "string" + }, + { + "name": "recommendationId", + "in": "path", + "description": "The recommendation ID.", + "required": true, + "type": "string" + }, + { + "$ref": "#/parameters/apiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK. Successfully got recommendation detail.", + "schema": { + "$ref": "#/definitions/ResourceRecommendationBase" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ArmErrorResponse" + } + } + }, + "deprecated": false, + "x-ms-examples": { + "GetRecommendationDetail": { + "$ref": "./examples/GetRecommendationDetail.json" + } + } + }, + "patch": { + "tags": [ + "PatchRecommendations" + ], + "description": "Update the tracked properties of a Recommendation.", + "operationId": "Recommendations_Patch", + "parameters": [ + { + "name": "resourceUri", + "in": "path", + "description": "The fully qualified Azure Resource Manager identifier of the resource to which the tracked recommendation applies.", + "required": true, + "type": "string" + }, + { + "name": "recommendationId", + "in": "path", + "description": "The RecommendationId ID.", + "required": true, + "type": "string" + }, + { + "name": "trackedProperties", + "in": "body", + "description": "The properties to update on the recommendation.", + "required": true, + "schema": { + "$ref": "#/definitions/TrackedRecommendationPropertiesPayload" + } + }, + { + "$ref": "#/parameters/apiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK. Successfully updated recommendation status.", + "schema": { + "$ref": "#/definitions/ResourceRecommendationBase" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ArmErrorResponse" + } + } + }, + "deprecated": false, + "x-ms-examples": { + "UpdateTrackedRecommendation": { + "$ref": "./examples/UpdateTrackedRecommendation.json" + } + } + } + }, + "/{resourceUri}/providers/Microsoft.Advisor/recommendations/{recommendationId}/suppressions/{name}": { + "get": { + "tags": [ + "Suppressions" + ], + "description": "Obtains the details of a suppression.", + "operationId": "Suppressions_Get", + "parameters": [ + { + "name": "resourceUri", + "in": "path", + "description": "The fully qualified Azure Resource Manager identifier of the resource to which the recommendation applies.", + "required": true, + "type": "string" + }, + { + "name": "recommendationId", + "in": "path", + "description": "The recommendation ID.", + "required": true, + "type": "string" + }, + { + "name": "name", + "in": "path", + "description": "The name of the suppression.", + "required": true, + "type": "string" + }, + { + "$ref": "#/parameters/apiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK. Successfully got suppression detail.", + "schema": { + "$ref": "#/definitions/SuppressionContract" + } + }, + "404": { + "description": "Suppression name is not specified or Suppression Id not found.", + "schema": { + "$ref": "#/definitions/ArmErrorResponse" + }, + "x-ms-error-response": true + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ArmErrorResponse" + } + } + }, + "deprecated": false, + "x-ms-examples": { + "GetSuppressionDetail": { + "$ref": "./examples/GetSuppressionDetail.json" + } + } + }, + "put": { + "tags": [ + "Suppressions" + ], + "description": "Enables the snoozed or dismissed attribute of a recommendation. The snoozed or dismissed attribute is referred to as a suppression. Use this API to create or update the snoozed or dismissed status of a recommendation.", + "operationId": "Suppressions_Create", + "parameters": [ + { + "name": "resourceUri", + "in": "path", + "description": "The fully qualified Azure Resource Manager identifier of the resource to which the recommendation applies.", + "required": true, + "type": "string" + }, + { + "name": "recommendationId", + "in": "path", + "description": "The recommendation ID.", + "required": true, + "type": "string" + }, + { + "name": "name", + "in": "path", + "description": "The name of the suppression.", + "required": true, + "type": "string" + }, + { + "name": "suppressionContract", + "in": "body", + "description": "The snoozed or dismissed attribute; for example, the snooze duration.", + "required": true, + "schema": { + "$ref": "#/definitions/SuppressionContract" + } + }, + { + "$ref": "#/parameters/apiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK. Successfully created suppression.", + "schema": { + "$ref": "#/definitions/SuppressionContract" + } + }, + "404": { + "description": "Recommendation to be suppressed is not found.", + "schema": { + "$ref": "#/definitions/ArmErrorResponse" + }, + "x-ms-error-response": true + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ArmErrorResponse" + } + } + }, + "deprecated": false, + "x-ms-examples": { + "CreateSuppression": { + "$ref": "./examples/CreateSuppression.json" + } + } + }, + "delete": { + "tags": [ + "Suppressions" + ], + "description": "Enables the activation of a snoozed or dismissed recommendation. The snoozed or dismissed attribute of a recommendation is referred to as a suppression.", + "operationId": "Suppressions_Delete", + "parameters": [ + { + "name": "resourceUri", + "in": "path", + "description": "The fully qualified Azure Resource Manager identifier of the resource to which the recommendation applies.", + "required": true, + "type": "string" + }, + { + "name": "recommendationId", + "in": "path", + "description": "The recommendation ID.", + "required": true, + "type": "string" + }, + { + "name": "name", + "in": "path", + "description": "The name of the suppression.", + "required": true, + "type": "string" + }, + { + "$ref": "#/parameters/apiVersionParameter" + } + ], + "responses": { + "204": { + "description": "NoContent. The recommendation has been activated." + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ArmErrorResponse" + } + } + }, + "deprecated": false, + "x-ms-examples": { + "DeleteSuppression": { + "$ref": "./examples/DeleteSuppression.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Advisor/suppressions": { + "get": { + "tags": [ + "Suppressions" + ], + "description": "Retrieves the list of snoozed or dismissed suppressions for a subscription. The snoozed or dismissed attribute of a recommendation is referred to as a suppression.", + "operationId": "Suppressions_List", + "parameters": [ + { + "$ref": "#/parameters/subscriptionIdParameter" + }, + { + "$ref": "#/parameters/apiVersionParameter" + }, + { + "name": "$top", + "in": "query", + "description": "The number of suppressions per page if a paged version of this API is being used.", + "required": false, + "type": "integer", + "format": "int32" + }, + { + "name": "$skipToken", + "in": "query", + "description": "The page-continuation token to use with a paged version of this API.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "OK. Successfully got all suppressions in a subscription.", + "schema": { + "$ref": "#/definitions/SuppressionContractListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ArmErrorResponse" + } + } + }, + "deprecated": false, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "ListSuppressions": { + "$ref": "./examples/ListSuppressions.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Advisor/predict": { + "post": { + "tags": [ + "Prediction" + ], + "summary": "Predicts a recommendation.", + "operationId": "Predict", + "parameters": [ + { + "$ref": "#/parameters/subscriptionIdParameter" + }, + { + "name": "predictionRequest", + "in": "body", + "description": "Parameters for predict recommendation.", + "required": true, + "schema": { + "$ref": "#/definitions/PredictionRequest" + } + }, + { + "$ref": "#/parameters/apiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK. Successfully obtained prediction.", + "schema": { + "$ref": "#/definitions/PredictionResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ArmErrorResponse" + } + } + }, + "deprecated": false, + "x-ms-examples": { + "Predict": { + "$ref": "./examples/Predict.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Advisor/advisorScore": { + "get": { + "tags": [ + "AdvisorScore" + ], + "description": "Gets the list of advisor scores.", + "operationId": "AdvisorScores_List", + "parameters": [ + { + "$ref": "#/parameters/subscriptionIdParameter" + }, + { + "$ref": "#/parameters/apiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK.", + "schema": { + "$ref": "#/definitions/AdvisorScoreResponse" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ArmErrorResponse" + } + } + }, + "deprecated": false, + "x-ms-examples": { + "ListAdvisorScore": { + "$ref": "./examples/ListAdvisorScore.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Advisor/advisorScore/{name}": { + "get": { + "tags": [ + "AdvisorScore" + ], + "description": "Gets the advisor score.", + "operationId": "AdvisorScores_Get", + "parameters": [ + { + "$ref": "#/parameters/subscriptionIdParameter" + }, + { + "name": "name", + "in": "path", + "description": "The scope of Advisor score entity.", + "required": true, + "type": "string" + }, + { + "$ref": "#/parameters/apiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK.", + "schema": { + "$ref": "#/definitions/advisorScoreEntity" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/ArmErrorResponse" + } + } + }, + "deprecated": false, + "x-ms-examples": { + "GetAdvisorScoreDetail": { + "$ref": "./examples/GetAdvisorScoreDetail.json" + } + } + } + } + }, + "definitions": { + "MetadataEntityListResult": { + "description": "The list of metadata entities", + "type": "object", + "properties": { + "value": { + "description": "The list of metadata entities.", + "type": "array", + "items": { + "$ref": "#/definitions/MetadataEntity" + } + }, + "nextLink": { + "description": "The link used to get the next page of metadata.", + "type": "string" + } + } + }, + "MetadataEntity": { + "description": "The metadata entity contract.", + "type": "object", + "properties": { + "id": { + "description": "The resource Id of the metadata entity.", + "type": "string" + }, + "type": { + "description": "The type of the metadata entity.", + "type": "string" + }, + "name": { + "description": "The name of the metadata entity.", + "type": "string" + }, + "properties": { + "$ref": "#/definitions/MetadataEntityProperties", + "description": "The metadata entity properties.", + "x-ms-client-flatten": true + } + } + }, + "MetadataEntityProperties": { + "description": "The metadata entity properties", + "type": "object", + "properties": { + "displayName": { + "description": "The display name.", + "type": "string" + }, + "dependsOn": { + "description": "The list of keys on which this entity depends on.", + "type": "array", + "items": { + "type": "string" + } + }, + "applicableScenarios": { + "description": "The list of scenarios applicable to this metadata entity.", + "type": "array", + "items": { + "enum": [ + "Alerts" + ], + "type": "string", + "x-ms-enum": { + "name": "Scenario", + "modelAsString": true + } + } + }, + "supportedValues": { + "description": "The list of supported values.", + "type": "array", + "items": { + "$ref": "#/definitions/MetadataSupportedValueDetail" + } + } + } + }, + "MetadataSupportedValueDetail": { + "description": "The metadata supported value detail.", + "type": "object", + "properties": { + "id": { + "description": "The id.", + "type": "string" + }, + "displayName": { + "description": "The display name.", + "type": "string" + } + } + }, + "ConfigurationListResult": { + "description": "The list of Advisor configurations.", + "type": "object", + "properties": { + "value": { + "description": "The list of configurations.", + "type": "array", + "items": { + "$ref": "#/definitions/ConfigData" + } + }, + "nextLink": { + "description": "The link used to get the next page of configurations.", + "type": "string" + } + } + }, + "ConfigData": { + "description": "The Advisor configuration data structure.", + "type": "object", + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v4/types.json#/definitions/Resource" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/ConfigDataProperties", + "description": "The Advisor configuration data structure.", + "x-ms-client-flatten": true + } + } + }, + "ConfigDataProperties": { + "description": "Configuration data properties", + "type": "object", + "properties": { + "exclude": { + "description": "Exclude the resource from Advisor evaluations. Valid values: False (default) or True.", + "type": "boolean" + }, + "lowCpuThreshold": { + "description": "Minimum percentage threshold for Advisor low CPU utilization evaluation. Valid only for subscriptions. Valid values: 5 (default), 10, 15 or 20.", + "enum": [ + "5", + "10", + "15", + "20" + ], + "type": "string", + "x-ms-enum": { + "name": "CpuThreshold", + "modelAsString": true + } + }, + "duration": { + "description": "Minimum duration for Advisor low CPU utilization evaluation. Valid only for subscriptions. Valid values: 7 (default), 14, 21, 30, 60 or 90.", + "enum": [ + "7", + "14", + "21", + "30", + "60", + "90" + ], + "type": "string", + "x-ms-enum": { + "name": "Duration", + "modelAsString": true + } + }, + "digests": { + "description": "Advisor digest configuration. Valid only for subscriptions", + "type": "array", + "items": { + "$ref": "#/definitions/DigestConfig" + }, + "x-ms-identifiers": [ + "name" + ] + } + } + }, + "DigestConfig": { + "description": "Advisor Digest configuration entity", + "type": "object", + "properties": { + "name": { + "description": "Name of digest configuration. Value is case-insensitive and must be unique within a subscription.", + "type": "string" + }, + "actionGroupResourceId": { + "description": "Action group resource id used by digest.", + "type": "string" + }, + "frequency": { + "format": "int32", + "description": "Frequency that digest will be triggered, in days. Value must be between 7 and 30 days inclusive.", + "type": "integer" + }, + "categories": { + "description": "Categories to send digest for. If categories are not provided, then digest will be sent for all categories.", + "type": "array", + "items": { + "enum": [ + "HighAvailability", + "Security", + "Performance", + "Cost", + "OperationalExcellence" + ], + "type": "string", + "x-ms-enum": { + "name": "Category", + "modelAsString": true + } + } + }, + "language": { + "description": "Language for digest content body. Value must be ISO 639-1 code for one of Azure portal supported languages. Otherwise, it will be converted into one. Default value is English (en).", + "type": "string" + }, + "state": { + "description": "State of digest configuration.", + "enum": [ + "Active", + "Disabled" + ], + "type": "string", + "x-ms-enum": { + "name": "DigestConfigState", + "modelAsString": true + } + } + } + }, + "ArmErrorResponse": { + "type": "object", + "properties": { + "error": { + "$ref": "#/definitions/ARMErrorResponseBody" + } + } + }, + "ARMErrorResponseBody": { + "description": "ARM error response body.", + "type": "object", + "properties": { + "message": { + "description": "Gets or sets the string that describes the error in detail and provides debugging information.", + "type": "string" + }, + "code": { + "description": "Gets or sets the string that can be used to programmatically identify the error.", + "type": "string" + } + } + }, + "ResourceRecommendationBaseListResult": { + "description": "The list of Advisor recommendations.", + "type": "object", + "properties": { + "nextLink": { + "description": "The link used to get the next page of recommendations.", + "type": "string" + }, + "value": { + "description": "The list of recommendations.", + "type": "array", + "items": { + "$ref": "#/definitions/ResourceRecommendationBase" + } + } + } + }, + "ResourceRecommendationBase": { + "description": "Advisor Recommendation.", + "type": "object", + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v4/types.json#/definitions/Resource" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/RecommendationProperties", + "description": "The properties of the recommendation.", + "x-ms-client-flatten": true + } + } + }, + "RecommendationProperties": { + "description": "The properties of the recommendation.", + "type": "object", + "properties": { + "category": { + "description": "The category of the recommendation.", + "enum": [ + "HighAvailability", + "Security", + "Performance", + "Cost", + "OperationalExcellence" + ], + "type": "string", + "x-ms-enum": { + "name": "category", + "modelAsString": true + } + }, + "impact": { + "description": "The business impact of the recommendation.", + "enum": [ + "High", + "Medium", + "Low" + ], + "type": "string", + "x-ms-enum": { + "name": "impact", + "modelAsString": true + } + }, + "impactedField": { + "description": "The resource type identified by Advisor.", + "type": "string" + }, + "impactedValue": { + "description": "The resource identified by Advisor.", + "type": "string" + }, + "lastUpdated": { + "format": "date-time", + "description": "The most recent time that Advisor checked the validity of the recommendation.", + "type": "string" + }, + "metadata": { + "description": "The recommendation metadata.", + "type": "object", + "additionalProperties": { + "type": "object" + } + }, + "recommendationTypeId": { + "description": "The recommendation-type GUID.", + "type": "string" + }, + "risk": { + "description": "The potential risk of not implementing the recommendation.", + "enum": [ + "Error", + "Warning", + "None" + ], + "type": "string", + "x-ms-enum": { + "name": "risk", + "modelAsString": true + } + }, + "shortDescription": { + "$ref": "#/definitions/ShortDescription", + "description": "A summary of the recommendation." + }, + "suppressionIds": { + "description": "The list of snoozed and dismissed rules for the recommendation.", + "type": "array", + "items": { + "format": "uuid", + "type": "string" + } + }, + "extendedProperties": { + "description": "Extended properties", + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "resourceMetadata": { + "$ref": "#/definitions/ResourceMetadata", + "description": "Metadata of resource that was assessed" + }, + "description": { + "description": "The detailed description of recommendation.", + "type": "string" + }, + "label": { + "description": "The label of recommendation.", + "type": "string" + }, + "learnMoreLink": { + "description": "The link to learn more about recommendation and generation logic.", + "type": "string" + }, + "potentialBenefits": { + "description": "The potential benefit of implementing recommendation.", + "type": "string" + }, + "actions": { + "description": "The list of recommended actions to implement recommendation.", + "type": "array", + "items": { + "type": "object", + "additionalProperties": { + "type": "object" + } + }, + "x-ms-identifiers": [] + }, + "remediation": { + "description": "The automated way to apply recommendation.", + "type": "object", + "additionalProperties": { + "type": "object" + } + }, + "exposedMetadataProperties": { + "description": "The recommendation metadata properties exposed to customer to provide additional information.", + "type": "object", + "additionalProperties": { + "type": "object" + } + }, + "tracked": { + "type": "boolean", + "description": "If the Recommendation has Tracking enabled." + }, + "trackedProperties": { + "$ref": "#/definitions/TrackedRecommendationProperties", + "description": "The properties of a tracked recommendation." + }, + "review": { + "description": "The Review that this Recommendation belongs to.", + "type": "object", + "properties": { + "id": { + "description": "The ARM Resource Id of the Review", + "type": "string" + }, + "name": { + "description": "The Name of the Review", + "type": "string" + } + } + }, + "resourceWorkload": { + "description": "The Workload that this Resource belongs to.", + "type": "object", + "properties": { + "id": { + "description": "The Id of the Workload", + "type": "string" + }, + "name": { + "description": "The Name of the Workload", + "type": "string" + } + } + }, + "sourceSystem": { + "description": "The Source System that this Recommendation originated from.", + "type": "string" + }, + "notes": { + "description": "Additional notes for the Recommendation", + "type": "string" + } + } + }, + "ShortDescription": { + "description": "A summary of the recommendation.", + "type": "object", + "properties": { + "problem": { + "description": "The issue or opportunity identified by the recommendation and proposed solution.", + "type": "string" + }, + "solution": { + "description": "The issue or opportunity identified by the recommendation and proposed solution.", + "type": "string" + } + } + }, + "ResourceMetadata": { + "description": "Recommendation resource metadata", + "type": "object", + "properties": { + "resourceId": { + "description": "Azure resource Id of the assessed resource", + "type": "string" + }, + "source": { + "description": "Source from which recommendation is generated", + "type": "string" + }, + "action": { + "description": "The action to view resource.", + "type": "object", + "additionalProperties": { + "type": "object" + } + }, + "singular": { + "description": "The singular user friendly name of resource type. eg: virtual machine", + "type": "string" + }, + "plural": { + "description": "The plural user friendly name of resource type. eg: virtual machines", + "type": "string" + } + } + }, + "OperationEntityListResult": { + "description": "The list of Advisor operations.", + "type": "object", + "properties": { + "nextLink": { + "description": "The link used to get the next page of operations.", + "type": "string" + }, + "value": { + "description": "The list of operations.", + "type": "array", + "items": { + "$ref": "#/definitions/OperationEntity" + }, + "x-ms-identifiers": [ + "name" + ] + } + } + }, + "OperationEntity": { + "description": "The operation supported by Advisor.", + "type": "object", + "properties": { + "name": { + "description": "Operation name: {provider}/{resource}/{operation}.", + "type": "string" + }, + "display": { + "$ref": "#/definitions/OperationDisplayInfo", + "description": "The operation supported by Advisor." + } + } + }, + "OperationDisplayInfo": { + "description": "The operation supported by Advisor.", + "type": "object", + "properties": { + "description": { + "description": "The description of the operation.", + "type": "string" + }, + "operation": { + "description": "The action that users can perform, based on their permission level.", + "type": "string" + }, + "provider": { + "description": "Service provider: Microsoft Advisor.", + "type": "string" + }, + "resource": { + "description": "Resource on which the operation is performed.", + "type": "string" + } + } + }, + "SuppressionContract": { + "description": "The details of the snoozed or dismissed rule; for example, the duration, name, and GUID associated with the rule.", + "type": "object", + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v4/types.json#/definitions/Resource" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/SuppressionProperties", + "description": "The properties of the suppression.", + "x-ms-client-flatten": true + } + } + }, + "SuppressionProperties": { + "description": "The properties of the suppression.", + "type": "object", + "properties": { + "suppressionId": { + "description": "The GUID of the suppression.", + "type": "string" + }, + "ttl": { + "description": "The duration for which the suppression is valid.", + "type": "string" + }, + "expirationTimeStamp": { + "readOnly": true, + "format": "date-time", + "description": "Gets or sets the expiration time stamp.", + "type": "string" + } + } + }, + "SuppressionContractListResult": { + "description": "The list of Advisor suppressions.", + "type": "object", + "properties": { + "nextLink": { + "description": "The link used to get the next page of suppressions.", + "type": "string" + }, + "value": { + "description": "The list of suppressions.", + "type": "array", + "items": { + "$ref": "#/definitions/SuppressionContract" + } + } + } + }, + "PredictionRequest": { + "description": "Parameters for predict recommendation.", + "type": "object", + "properties": { + "properties": { + "$ref": "#/definitions/PredictionRequestProperties", + "description": "Request properties for prediction recommendation.", + "x-ms-client-flatten": true + } + } + }, + "PredictionRequestProperties": { + "description": "Properties given for the predictor.", + "type": "object", + "properties": { + "predictionType": { + "description": "Type of the prediction.", + "enum": [ + "PredictiveRightsizing" + ], + "type": "string", + "x-ms-enum": { + "name": "predictionType", + "modelAsString": true + } + }, + "extendedProperties": { + "description": "Extended properties are arguments specific for each prediction type.", + "type": "object" + } + } + }, + "AdvisorScoreResponse": { + "type": "object", + "properties": { + "value": { + "description": "The list of operations.", + "type": "array", + "items": { + "$ref": "#/definitions/advisorScoreEntity" + } + } + } + }, + "PredictionResponse": { + "description": "Response used by predictions.", + "type": "object", + "properties": { + "properties": { + "$ref": "#/definitions/PredictionResponseProperties", + "description": "The properties of the prediction.", + "x-ms-client-flatten": true + } + }, + "x-ms-azure-resource": true + }, + "PredictionResponseProperties": { + "description": "Properties of the prediction", + "type": "object", + "properties": { + "extendedProperties": { + "description": "Extended properties", + "type": "object" + }, + "predictionType": { + "description": "Type of the prediction.", + "enum": [ + "PredictiveRightsizing" + ], + "type": "string", + "x-ms-enum": { + "name": "predictionType", + "modelAsString": true + } + }, + "category": { + "description": "The category of the recommendation.", + "enum": [ + "HighAvailability", + "Security", + "Performance", + "Cost", + "OperationalExcellence" + ], + "type": "string", + "x-ms-enum": { + "name": "category", + "modelAsString": true + } + }, + "impact": { + "description": "The business impact of the recommendation.", + "enum": [ + "High", + "Medium", + "Low" + ], + "type": "string", + "x-ms-enum": { + "name": "impact", + "modelAsString": true + } + }, + "impactedField": { + "description": "The resource type identified by Advisor.", + "type": "string" + }, + "lastUpdated": { + "format": "date-time", + "description": "The most recent time that Advisor checked the validity of the recommendation.", + "type": "string" + }, + "shortDescription": { + "$ref": "#/definitions/ShortDescription", + "description": "A summary of the recommendation." + } + } + }, + "scoreEntity": { + "description": "The details of Advisor Score", + "type": "object", + "properties": { + "date": { + "description": "The date score was calculated.", + "type": "string" + }, + "score": { + "description": "The percentage score.", + "type": "number" + }, + "consumptionUnits": { + "description": "The consumption units for the score.", + "type": "number" + }, + "impactedResourceCount": { + "description": "The number of impacted resources.", + "type": "number" + }, + "potentialScoreIncrease": { + "description": "The potential percentage increase in overall score at subscription level once all recommendations in this scope are implemented.", + "type": "number" + }, + "categoryCount": { + "description": "The count of impacted categories.", + "type": "number", + "readOnly": true + } + } + }, + "timeSeriesEntity": { + "description": "The historic data at different aggregation levels.", + "type": "array", + "items": { + "description": "The data from different aggregation levels.", + "type": "object", + "properties": { + "aggregationLevel": { + "description": "The aggregation level of the score. ", + "type": "string", + "enum": [ + "week", + "day", + "month" + ], + "x-ms-enum": { + "name": "aggregated", + "modelAsString": true + } + }, + "scoreHistory": { + "description": "The past score data", + "type": "array", + "items": { + "$ref": "#/definitions/scoreEntity" + }, + "x-ms-identifiers": [] + } + } + }, + "x-ms-identifiers": [] + }, + "advisorScoreEntity": { + "description": "The details of Advisor score for a single category.", + "type": "object", + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v4/types.json#/definitions/ProxyResource" + } + ], + "properties": { + "properties": { + "description": "The Advisor score data.", + "type": "object", + "properties": { + "lastRefreshedScore": { + "description": "The details of latest available score.", + "$ref": "#/definitions/scoreEntity" + }, + "timeSeries": { + "description": "The historic Advisor score data.", + "$ref": "#/definitions/timeSeriesEntity" + } + } + } + } + }, + "TrackedRecommendationPropertiesPayload": { + "type": "object", + "properties": { + "properties": { + "type": "object", + "properties": { + "trackedProperties": { + "$ref": "#/definitions/TrackedRecommendationProperties" + } + } + } + } + }, + "TrackedRecommendationProperties": { + "description": "The tracked properties of a Recommendation", + "type": "object", + "properties": { + "state": { + "description": "The state of the Recommendation", + "enum": [ + "Approved", + "Rejected", + "Pending", + "InProgress", + "Postponed", + "Dismissed", + "Completed" + ], + "type": "string", + "x-ms-enum": { + "name": "state", + "modelAsString": true + } + }, + "postponedTime": { + "description": "The time the Recommendation was postponed until.", + "type": "string", + "format": "date-time" + }, + "reason": { + "description": "The reason the state of the Recommendation was changed.", + "enum": [ + "ExcessiveInvestment", + "TooComplex", + "AlternativeSolution", + "Incompatible", + "Unclear", + "RiskAccepted" + ], + "type": "string", + "x-ms-enum": { + "name": "reason", + "modelAsString": true + } + }, + "priority": { + "description": "The Priority of the Recommendation.", + "enum": [ + "Critical", + "High", + "Medium", + "Low", + "Informational" + ], + "type": "string", + "x-ms-enum": { + "name": "priority", + "modelAsString": true + } + } + } + } + }, + "parameters": { + "subscriptionIdParameter": { + "name": "subscriptionId", + "in": "path", + "description": "The Azure subscription ID.", + "required": true, + "type": "string" + }, + "apiVersionParameter": { + "name": "api-version", + "in": "query", + "description": "The version of the API to be used with the client request.", + "required": true, + "type": "string" + } + }, + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "description": "Azure Active Directory OAuth2 Flow.", + "flow": "implicit", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ] +} diff --git a/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/assessments.json b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/assessments.json new file mode 100644 index 000000000000..3fb0ed615241 --- /dev/null +++ b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/assessments.json @@ -0,0 +1,514 @@ +{ + "swagger": "2.0", + "info": { + "version": "2023-09-01-preview", + "title": "AdvisorManagementClient", + "description": "REST APIs for Azure Advisor Assessments" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "paths": { + "/subscriptions/{subscriptionId}/providers/Microsoft.Advisor/assessments/{assessmentName}": { + "delete": { + "tags": [ + "assessments" + ], + "summary": "Delete existing assessment.", + "description": "Delete a existing Azure Advisor assessment.", + "operationId": "Assessments_Delete", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v4/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v4/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/assessmentNameParameter" + } + ], + "responses": { + "200": { + "description": "Success" + }, + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + }, + "deprecated": false, + "x-ms-examples": { + "DeleteAssessment": { + "$ref": "./examples/DeleteAssessment.json" + } + } + }, + "get": { + "tags": [ + "assessments" + ], + "summary": "Get existing assessment.", + "description": "Get a existing Azure Advisor assessment.", + "operationId": "Assessments_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v4/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v4/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/assessmentNameParameter" + } + ], + "responses": { + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/AssessmentResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + }, + "deprecated": false, + "x-ms-examples": { + "GetAssessment": { + "$ref": "./examples/GetAssessment.json" + } + } + }, + "put": { + "tags": [ + "assessments" + ], + "summary": "Create/Overwrite Azure Advisor assessment.", + "description": "Create or Overwrite Azure Advisor assessment resource.", + "operationId": "Assessments_Put", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v4/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v4/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "assessmentContract", + "in": "body", + "description": "The Azure Advisor assessment data structure.", + "required": true, + "schema": { + "$ref": "#/definitions/AssessmentResult" + } + }, + { + "$ref": "#/parameters/assessmentNameParameter" + } + ], + "responses": { + "200": { + "description": "Successfully created/update assessment.", + "schema": { + "$ref": "#/definitions/AssessmentResult" + } + }, + "201": { + "description": "Successfully created/update assessment.", + "schema": { + "$ref": "#/definitions/AssessmentResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + }, + "deprecated": false, + "x-ms-examples": { + "PutAssessment": { + "$ref": "./examples/PutAssessment.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Advisor/assessments": { + "get": { + "tags": [ + "assessments" + ], + "summary": "Get list of assessment.", + "description": "Get list of Azure Advisor assessment.", + "operationId": "Assessments_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v4/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v4/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/$top" + }, + { + "$ref": "#/parameters/$skiptoken" + } + ], + "responses": { + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/AssessmentListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + }, + "deprecated": false, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "ListAssessments": { + "$ref": "./examples/ListAssessments.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Advisor/assessmentTypes": { + "get": { + "tags": [ + "assessmentTypes" + ], + "summary": "Get assessment types list.", + "description": "Get list of Azure Advisor assessment types.", + "operationId": "AssessmentTypes_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v4/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v4/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/AssessmentTypeListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + }, + "deprecated": false, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "GetAssessmentTypes": { + "$ref": "./examples/ListAssessmentTypes.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Advisor/workloads": { + "get": { + "tags": [ + "workloads" + ], + "summary": "Get Workloads list.", + "description": "Get list of Workloads.", + "operationId": "Workloads_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v4/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v4/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/WorkloadListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + }, + "deprecated": false, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "GetWorkloads": { + "$ref": "./examples/ListWorkloads.json" + } + } + } + } + }, + "definitions": { + "AssessmentResult": { + "description": "The Advisor assessment result data structure.", + "type": "object", + "x-ms-azure-resource": true, + "properties": { + "id": { + "type": "string", + "description": "Assessment Id", + "readOnly": true + }, + "name": { + "type": "string", + "description": "Assessment Name", + "readOnly": true + }, + "type": { + "type": "string", + "description": "Resource Type", + "readOnly": true + }, + "systemData": { + "$ref": "../../../../../common-types/resource-management/v4/types.json#/definitions/systemData", + "readOnly": true + }, + "properties": { + "$ref": "#/definitions/AssessmentResultProperties", + "description": "The Advisor assessment result properties structure.", + "x-ms-client-flatten": true + } + } + }, + "AssessmentResultProperties": { + "description": "Assessment result properties.", + "type": "object", + "properties": { + "workloadId": { + "type": "string", + "description": "Workload Id." + }, + "workloadName": { + "type": "string", + "description": "Workload Name.", + "readOnly": true + }, + "assessmentId": { + "type": "string", + "readOnly": true, + "description": "Assessment Id." + }, + "description": { + "type": "string", + "readOnly": true, + "description": "Assessment Type Description." + }, + "typeId": { + "type": "string", + "description": "Assessment Type Id." + }, + "type": { + "type": "string", + "description": "Assessment Type.", + "readOnly": true + }, + "score": { + "type": "integer", + "format": "int32", + "readOnly": true, + "description": "Assessment Score." + }, + "state": { + "type": "string", + "readOnly": true, + "description": "Assessment State." + }, + "typeVersion": { + "type": "string", + "description": "Assessment Type Version.", + "readOnly": true + }, + "locale": { + "type": "string", + "description": "Assessment Type Locale." + } + } + }, + "AssessmentListResult": { + "description": "The Advisor assessment list result data structure.", + "type": "object", + "properties": { + "value": { + "description": "List of Assessments.", + "type": "array", + "items": { + "$ref": "#/definitions/AssessmentResult" + } + }, + "nextLink": { + "type": "string", + "description": "The URL to get the next set of Advisor assessments, if there are any." + } + } + }, + "AssessmentTypeListResult": { + "description": "The Advisor assessment type list result data structure.", + "type": "object", + "properties": { + "value": { + "description": "List of Assessments Types.", + "type": "array", + "items": { + "$ref": "#/definitions/AssessmentTypeResult" + } + }, + "nextLink": { + "type": "string", + "description": "The URL to get the next set of Advisor assessments types, if there are any." + } + } + }, + "AssessmentTypeResult": { + "description": "The Advisor assessment type result data structure.", + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Assessment Type Id" + }, + "title": { + "type": "string", + "description": "Assessment Type Title" + }, + "description": { + "type": "string", + "description": "Assessment Type Description" + }, + "locale": { + "type": "string", + "description": "Assessment Type Locale" + }, + "version": { + "type": "string", + "description": "Assessment Type Version" + } + } + }, + "WorkloadListResult": { + "description": "The Workload list result data structure.", + "type": "object", + "properties": { + "value": { + "description": "List of Workload.", + "type": "array", + "items": { + "$ref": "#/definitions/WorkloadResult" + } + }, + "nextLink": { + "type": "string", + "description": "The URL to get the next set of Workloads, if there are any." + } + } + }, + "WorkloadResult": { + "description": "The Workload result data structure.", + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Workload Id" + }, + "name": { + "type": "string", + "description": "Workload Name" + }, + "subscriptionId": { + "type": "string", + "description": "Subscription Id" + }, + "subscriptionName": { + "type": "string", + "description": "Subscription Name" + } + } + } + }, + "parameters": { + "assessmentNameParameter": { + "name": "assessmentName", + "in": "path", + "description": "Advisor assessment name.", + "required": true, + "type": "string", + "pattern": "^[-0-9a-zA-Z_]{1,63}$", + "x-ms-parameter-location": "method" + }, + "$top": { + "name": "$top", + "in": "query", + "description": "Limit the result to the specified number of rows.", + "required": false, + "type": "string", + "x-ms-parameter-location": "method" + }, + "$skiptoken": { + "name": "$skiptoken", + "in": "query", + "description": "The page-continuation token to use with a paged version of this API.", + "required": false, + "type": "string", + "x-ms-parameter-location": "method" + } + }, + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "description": "Azure Active Directory OAuth2 Flow.", + "flow": "implicit", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ] +} diff --git a/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/CreateConfiguration.json b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/CreateConfiguration.json new file mode 100644 index 000000000000..bb6c68a08b16 --- /dev/null +++ b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/CreateConfiguration.json @@ -0,0 +1,61 @@ +{ + "parameters": { + "subscriptionId": "subscriptionId", + "resourceGroup": "resourceGroup", + "configurationName": "default", + "configContract": { + "properties": { + "lowCpuThreshold": "5", + "duration": "7", + "exclude": true, + "digests": [ + { + "name": "digestConfigName", + "actionGroupResourceId": "/subscriptions/58c3f667-7a62-4bfd-a658-846493e9a493/resourceGroups/resourceGroup/providers/microsoft.insights/actionGroups/actionGroupName", + "frequency": 30, + "categories": [ + "HighAvailability", + "Security", + "Performance", + "Cost", + "OperationalExcellence" + ], + "language": "en", + "state": "Active" + } + ] + } + }, + "api-version": "2023-09-01-preview" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/58c3f667-7a62-4bfd-a658-846493e9a493/resourceGroups/resourceGroup/providers/Microsoft.Advisor/configurations/default", + "type": "Microsoft.Advisor/configurations", + "name": "default", + "properties": { + "lowCpuThreshold": "5", + "duration": "7", + "exclude": true, + "digests": [ + { + "name": "digestConfigName", + "actionGroupResourceId": "/subscriptions/58c3f667-7a62-4bfd-a658-846493e9a493/resourceGroups/resourceGroup/providers/microsoft.insights/actionGroups/actionGroupName", + "frequency": 30, + "categories": [ + "HighAvailability", + "Security", + "Performance", + "Cost", + "OperationalExcellence" + ], + "language": "en", + "state": "Active" + } + ] + } + } + } + } +} diff --git a/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/CreateSuppression.json b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/CreateSuppression.json new file mode 100644 index 000000000000..7c54927b84b1 --- /dev/null +++ b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/CreateSuppression.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "resourceUri": "resourceUri", + "recommendationId": "recommendationId", + "name": "suppressionName1", + "suppressionContract": { + "properties": { + "ttl": "07:00:00:00" + } + }, + "api-version": "2023-09-01-preview" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/a5481ee1-95df-47d0-85d4-dd3f0dfa19bc/resourceGroups/resourceGroup/providers/Microsoft.Compute/availabilitysets/armavset/providers/Microsoft.Advisor/recommendations/bd27ddc6-1312-4067-b4af-cbb45e32cfd7/suppressions/HardcodedSuppressionName", + "name": "suppressionName1", + "type": "Microsoft.Advisor/suppressions", + "properties": { + "suppressionId": "suppressionId", + "ttl": "07:00:00:00" + } + } + }, + "404": { + "body": { + "error": { + "code": "NotFound", + "message": "Recommendation to be suppressed is not found. Subscription Id:{0} Recommendation Id:{1}" + } + } + } + } +} diff --git a/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/DeleteAssessment.json b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/DeleteAssessment.json new file mode 100644 index 000000000000..fe6d510fc65f --- /dev/null +++ b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/DeleteAssessment.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "assessmentName": "assessment1", + "api-version": "2023-09-01-preview" + }, + "responses": { + "200": {}, + "204": { + "description": "The Assessment is not found or has been deleted already." + } + } +} diff --git a/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/DeleteSuppression.json b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/DeleteSuppression.json new file mode 100644 index 000000000000..d857328e4b2f --- /dev/null +++ b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/DeleteSuppression.json @@ -0,0 +1,11 @@ +{ + "parameters": { + "resourceUri": "resourceUri", + "recommendationId": "recommendationId", + "name": "suppressionName1", + "api-version": "2023-09-01-preview" + }, + "responses": { + "204": {} + } +} diff --git a/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/EmptyResponse.json b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/EmptyResponse.json new file mode 100644 index 000000000000..66e136cfec7c --- /dev/null +++ b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/EmptyResponse.json @@ -0,0 +1,11 @@ +{ + "parameters": { + "subscriptionId": "subscriptionId", + "operationId": "123e4567-e89b-12d3-a456-426614174000", + "api-version": "2023-09-01-preview" + }, + "responses": { + "202": {}, + "204": {} + } +} diff --git a/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/GenerateRecommendations.json b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/GenerateRecommendations.json new file mode 100644 index 000000000000..683c6aa58537 --- /dev/null +++ b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/GenerateRecommendations.json @@ -0,0 +1,14 @@ +{ + "parameters": { + "subscriptionId": "subscriptionId", + "api-version": "2023-09-01-preview" + }, + "responses": { + "202": { + "headers": { + "Location": "https://management.azure.com/subscriptions/subscriptionId/providers/Microsoft.Microsoft.Advisor/generateRecommendations/recGUID?api-version=2023-09-01-preview", + "Retry-After": "60" + } + } + } +} diff --git a/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/GetAdvisorScoreDetail.json b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/GetAdvisorScoreDetail.json new file mode 100644 index 000000000000..d124272b51a7 --- /dev/null +++ b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/GetAdvisorScoreDetail.json @@ -0,0 +1,155 @@ +{ + "parameters": { + "subscriptionId": "a5481ee1-95df-47d0-85d4-dd3f0dfa19bc", + "name": "Cost", + "api-version": "2023-09-01-preview" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/a5481ee1-95df-47d0-85d4-dd3f0dfa19bc/providers/Microsoft.Advisor/advisorScore/Cost", + "name": "Cost", + "type": "Microsoft.Advisor/advisorScore", + "properties": { + "lastRefreshedScore": { + "date": "2020-06-25T00:00:00Z", + "score": 1, + "consumptionUnits": 12, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0, + "categoryCount": 1 + }, + "timeSeries": [ + { + "aggregationLevel": "day", + "scoreHistory": [ + { + "date": "2020-06-25T00:00:00Z", + "score": 1, + "consumptionUnits": 12, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + }, + { + "date": "2020-06-24T00:00:00Z", + "score": 1, + "consumptionUnits": 12, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + }, + { + "date": "2020-06-23T00:00:00Z", + "score": 1, + "consumptionUnits": 12, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + }, + { + "date": "2020-06-22T00:00:00Z", + "score": 1, + "consumptionUnits": 12, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + }, + { + "date": "2020-06-21T00:00:00Z", + "score": 1, + "consumptionUnits": 12, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + }, + { + "date": "2020-06-20T00:00:00Z", + "score": 1, + "consumptionUnits": 12, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + }, + { + "date": "2020-06-19T00:00:00Z", + "score": 1, + "consumptionUnits": 12, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + } + ] + }, + { + "aggregationLevel": "month", + "scoreHistory": [ + { + "date": "2020-06-25T00:00:00Z", + "score": 1, + "consumptionUnits": 12, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + }, + { + "date": "2020-05-30T00:00:00Z", + "score": 1, + "consumptionUnits": 12, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + }, + { + "date": "2020-04-30T00:00:00Z", + "score": 1, + "consumptionUnits": 12, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + } + ] + }, + { + "aggregationLevel": "week", + "scoreHistory": [ + { + "date": "2020-06-25T00:00:00Z", + "score": 1, + "consumptionUnits": 12, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + }, + { + "date": "2020-06-21T00:00:00Z", + "score": 1, + "consumptionUnits": 12, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + }, + { + "date": "2020-06-14T00:00:00Z", + "score": 1, + "consumptionUnits": 12, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + }, + { + "date": "2020-06-07T00:00:00Z", + "score": 1, + "consumptionUnits": 12, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + }, + { + "date": "2020-05-31T00:00:00Z", + "score": 1, + "consumptionUnits": 12, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + }, + { + "date": "2020-05-24T00:00:00Z", + "score": 1, + "consumptionUnits": 12, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + } + ] + } + ] + } + } + } + } +} diff --git a/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/GetAssessment.json b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/GetAssessment.json new file mode 100644 index 000000000000..948eff894ae2 --- /dev/null +++ b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/GetAssessment.json @@ -0,0 +1,36 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "assessmentName": "assessment1", + "api-version": "2023-09-01-preview" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/2f2edd23-bded-4c8d-bdef-1f32a9b83f84/providers/Microsoft.Advisor/assessments/MCWAR1", + "name": "MCWAR1", + "type": "Microsoft.Advisor/assessments", + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-03T04:41:33.937Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-03T04:41:33.937Z" + }, + "properties": { + "workloadId": "f72b7134-800f-4f1b-a5bd-691e2140c7d5", + "workloadName": "Workload1", + "assessmentId": "fa5cb863-6ed4-4b6b-8c72-06f847cac885", + "description": "Evaluate your mission critical workloads by assessing the technical design", + "typeId": "23513bdb-e8a2-4f0b-8b6b-191ee1f52d34", + "type": "Mission Critical Well-Architected Review", + "typeVersion": "20221031192816.497", + "locale": "en-us", + "score": 60, + "state": "InProgress" + } + } + } + } +} diff --git a/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/GetRecommendationDetail.json b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/GetRecommendationDetail.json new file mode 100644 index 000000000000..b3d9d67d87de --- /dev/null +++ b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/GetRecommendationDetail.json @@ -0,0 +1,70 @@ +{ + "parameters": { + "resourceUri": "subscriptions/a5481ee1-95df-47d0-85d4-dd3f0dfa19bc/resourceGroups/resourceGroup/providers/Microsoft.Compute/availabilitysets/armavset", + "recommendationId": "bd27ddc6-1312-4067-b4af-cbb45e32cfd7", + "api-version": "2023-09-01-preview" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/a5481ee1-95df-47d0-85d4-dd3f0dfa19bc/resourceGroups/resourceGroup/providers/Microsoft.Compute/availabilitysets/armavset/providers/Microsoft.Advisor/recommendations/bd27ddc6-1312-4067-b4af-cbb45e32cfd7", + "name": "bd27ddc6-1312-4067-b4af-cbb45e32cfd7", + "properties": { + "category": "Security", + "impact": "Medium", + "impactedField": "Microsoft.Compute/availabilitysets", + "impactedValue": "armavset", + "lastUpdated": "2017-02-24T22:24:43.3216408Z", + "risk": "Warning", + "shortDescription": { + "problem": "Monitoring agent should be installed on your machines", + "solution": "Monitoring agent should be installed on your machines" + }, + "remediation": { + "additionalProperties": { + "httpMethod": "POST", + "uri": "uri", + "details": "link to document" + } + }, + "resourceMetadata": { + "resourceId": "/subscriptions/a5481ee1-95df-47d0-85d4-dd3f0dfa19bc/resourceGroups/resourceGroup/providers/Microsoft.Compute/availabilitysets/armavset", + "source": "/subscriptions/a5481ee1-95df-47d0-85d4-dd3f0dfa19bc/resourceGroups/resourceGroup/providers/Microsoft.Compute/availabilitysets/armavset/providers/Microsoft.Security/assessments/15e912ef-221a-4efe-80d2-df5671cdd5f5", + "action": { + "additionalProperties": { + "actionType": "Document", + "link": "https://link3", + "caption": "Enable Soft Delete to protect blob data", + "description": "Enable Soft Delete to protect blob data" + }, + "metadata": { + "id": "/subscriptions/a5481ee1-95df-47d0-85d4-dd3f0dfa19bc/resourceGroups/resourceGroup/providers/Microsoft.Compute/availabilitysets/armavset" + } + }, + "singular": "Availability set", + "plural": "Availability sets" + }, + "actions": [ + { + "additionalProperties": { + "actionType": "Document", + "link": "https://link1", + "caption": "Enable Soft Delete to protect blob data", + "description": "Enable Soft Delete to protect blob data" + }, + "metadata": { + "id": "/subscriptions/a5481ee1-95df-47d0-85d4-dd3f0dfa19bc" + } + } + ], + "description": "After enabling Soft Delete, deleted data transitions to a soft deleted state instead of being permanently deleted. When data is overwritten, a soft deleted snapshot is generated to save the state of the overwritten data. You can configure the amount of time soft deleted data is recoverable before it permanently expires.", + "label": "Enable Soft Delete", + "learnMoreLink": "https://link2", + "potentialBenefits": "Save and recover your data when blobs or blob snapshots are accidentally overwritten or deleted", + "tracked": false + }, + "type": "Microsoft.Advisor/recommendations" + } + } + } +} diff --git a/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/GetRecommendationMetadataEntity.json b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/GetRecommendationMetadataEntity.json new file mode 100644 index 000000000000..cdce114ec3e7 --- /dev/null +++ b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/GetRecommendationMetadataEntity.json @@ -0,0 +1,41 @@ +{ + "parameters": { + "name": "types", + "api-version": "2023-09-01-preview" + }, + "responses": { + "200": { + "body": { + "id": "providers/Microsoft.Advisor/metadata/recommendationType", + "name": "recommendationType", + "type": "Microsoft.Advisor/metadata", + "properties": { + "displayName": "Recommendation Type", + "dependsOn": [ + "category", + "impact" + ], + "applicableScenarios": [ + "Alerts" + ], + "supportedValues": [ + { + "id": "6a2b1e70-bd4c-4163-86de-5243d7ac05ee", + "displayName": "Upgrade your SKU or add more instances to ensure fault tolerance" + }, + { + "id": "da6630fb-4286-4996-92a3-a43f5f26dd34", + "displayName": "Delete ExpressRoute circuits in the provider status of Not Provisioned" + } + ] + } + } + }, + "404": { + "body": { + "code": "NotFound", + "message": "Unknown metadata name" + } + } + } +} diff --git a/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/GetSuppressionDetail.json b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/GetSuppressionDetail.json new file mode 100644 index 000000000000..d2921f0eebe3 --- /dev/null +++ b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/GetSuppressionDetail.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "resourceUri": "resourceUri", + "recommendationId": "recommendationId", + "name": "suppressionName1", + "api-version": "2023-09-01-preview" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/a5481ee1-95df-47d0-85d4-dd3f0dfa19bc/resourceGroups/resourceGroup/providers/Microsoft.Compute/availabilitysets/armavset/providers/Microsoft.Advisor/recommendations/recommendationId/suppressions/suppressionName1", + "name": "suppressionName1", + "type": "Microsoft.Advisor/suppressions", + "properties": { + "suppressionId": "suppressionId1", + "ttl": "7.00:00:00", + "expirationTimeStamp": "2020-10-25T22:24:43.3216408Z" + } + } + }, + "404": { + "body": { + "error": { + "code": "NotFound", + "message": "Suppression name is not specified or Suppression Id not found" + } + } + } + } +} diff --git a/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ListAdvisorScore.json b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ListAdvisorScore.json new file mode 100644 index 000000000000..e8671c134d36 --- /dev/null +++ b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ListAdvisorScore.json @@ -0,0 +1,351 @@ +{ + "parameters": { + "subscriptionId": "a5481ee1-95df-47d0-85d4-dd3f0dfa19bc", + "api-version": "2023-09-01-preview" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/a5481ee1-95df-47d0-85d4-dd3f0dfa19bc/providers/Microsoft.Advisor/advisorScore/Cost", + "name": "Cost", + "type": "Microsoft.Advisor/advisorScore", + "properties": { + "lastRefreshedScore": { + "date": "2020-06-25T00:00:00Z", + "score": 1, + "consumptionUnits": 12.24521, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0, + "categoryCount": 2 + }, + "timeSeries": [ + { + "aggregationLevel": "day", + "scoreHistory": [ + { + "date": "2020-06-25T00:00:00Z", + "score": 1, + "consumptionUnits": 12.24521, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + }, + { + "date": "2020-06-24T00:00:00Z", + "score": 1, + "consumptionUnits": 12.24521, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + }, + { + "date": "2020-06-23T00:00:00Z", + "score": 1, + "consumptionUnits": 12.24521, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + }, + { + "date": "2020-06-22T00:00:00Z", + "score": 1, + "consumptionUnits": 12.24521, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + }, + { + "date": "2020-06-21T00:00:00Z", + "score": 1, + "consumptionUnits": 12.24521, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + }, + { + "date": "2020-06-20T00:00:00Z", + "score": 1, + "consumptionUnits": 12.24521, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + }, + { + "date": "2020-06-19T00:00:00Z", + "score": 1, + "consumptionUnits": 12.24521, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + } + ] + }, + { + "aggregationLevel": "month", + "scoreHistory": [ + { + "date": "2020-06-25T00:00:00Z", + "score": 1, + "consumptionUnits": 12.24521, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + }, + { + "date": "2020-05-30T00:00:00Z", + "score": 1, + "consumptionUnits": 12.24521, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + }, + { + "date": "2020-04-30T00:00:00Z", + "score": 1, + "consumptionUnits": 12.24521, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + } + ] + }, + { + "aggregationLevel": "week", + "scoreHistory": [ + { + "date": "2020-06-25T00:00:00Z", + "score": 1, + "consumptionUnits": 12.24521, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + }, + { + "date": "2020-06-21T00:00:00Z", + "score": 1, + "consumptionUnits": 12.24521, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + }, + { + "date": "2020-06-14T00:00:00Z", + "score": 1, + "consumptionUnits": 12.24521, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + }, + { + "date": "2020-06-07T00:00:00Z", + "score": 1, + "consumptionUnits": 12.24521, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + }, + { + "date": "2020-05-31T00:00:00Z", + "score": 1, + "consumptionUnits": 12.24521, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + }, + { + "date": "2020-05-24T00:00:00Z", + "score": 1, + "consumptionUnits": 12.24521, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + } + ] + } + ] + } + }, + { + "id": "/subscriptions/a5481ee1-95df-47d0-85d4-dd3f0dfa19bc/providers/Microsoft.Advisor/advisorScore/Performance", + "name": "Performance", + "type": "Microsoft.Advisor/advisorScore", + "properties": { + "lastRefreshedScore": { + "date": "2020-06-25T00:00:00Z", + "score": 1, + "consumptionUnits": 12.24521, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0, + "categoryCount": 2 + }, + "timeSeries": [ + { + "aggregationLevel": "day", + "scoreHistory": [ + { + "date": "2020-06-25T00:00:00Z", + "score": 1, + "consumptionUnits": 12.24521, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + } + ] + }, + { + "aggregationLevel": "month", + "scoreHistory": [ + { + "date": "2020-05-30T00:00:00Z", + "score": 1, + "consumptionUnits": 12.24521, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + } + ] + }, + { + "aggregationLevel": "week", + "scoreHistory": [ + { + "date": "2020-06-25T00:00:00Z", + "score": 1, + "consumptionUnits": 12.24521, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + } + ] + } + ] + } + }, + { + "id": "/subscriptions/a5481ee1-95df-47d0-85d4-dd3f0dfa19bc/providers/Microsoft.Advisor/advisorScore/Security", + "name": "Security", + "type": "Microsoft.Advisor/advisorScore", + "properties": { + "lastRefreshedScore": { + "date": "2020-06-25T00:00:00Z", + "score": 1, + "consumptionUnits": 12.24521, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0, + "categoryCount": 3 + }, + "timeSeries": [ + { + "aggregationLevel": "day", + "scoreHistory": [ + { + "date": "2020-06-25T00:00:00Z", + "score": 1, + "consumptionUnits": 12.24521, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + } + ] + }, + { + "aggregationLevel": "month", + "scoreHistory": [ + { + "date": "2020-05-30T00:00:00Z", + "score": 1, + "consumptionUnits": 12.24521, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + } + ] + }, + { + "aggregationLevel": "week", + "scoreHistory": [ + { + "date": "2020-06-25T00:00:00Z", + "score": 1, + "consumptionUnits": 12.24521, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + } + ] + } + ] + } + }, + { + "id": "/subscriptions/a5481ee1-95df-47d0-85d4-dd3f0dfa19bc/providers/Microsoft.Advisor/advisorScore/HighAvailability", + "name": "HighAvailability", + "type": "Microsoft.Advisor/advisorScore", + "properties": { + "lastRefreshedScore": { + "date": "2020-06-25T00:00:00Z", + "score": 1, + "consumptionUnits": 12.24521, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0, + "categoryCount": 2 + }, + "timeSeries": [ + { + "aggregationLevel": "day", + "scoreHistory": [ + { + "date": "2020-06-25T00:00:00Z", + "score": 1, + "consumptionUnits": 12.24521, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + } + ] + } + ] + } + }, + { + "id": "/subscriptions/a5481ee1-95df-47d0-85d4-dd3f0dfa19bc/providers/Microsoft.Advisor/advisorScore/OperationalExcellence", + "name": "OperationalExcellence", + "type": "Microsoft.Advisor/advisorScore", + "properties": { + "lastRefreshedScore": { + "date": "2020-06-25T00:00:00Z", + "score": 1, + "consumptionUnits": 12.24521, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0, + "categoryCount": 1 + }, + "timeSeries": [ + { + "aggregationLevel": "day", + "scoreHistory": [ + { + "date": "2020-06-25T00:00:00Z", + "score": 1, + "consumptionUnits": 12.24521, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + } + ] + } + ] + } + }, + { + "id": "/subscriptions/a5481ee1-95df-47d0-85d4-dd3f0dfa19bc/providers/Microsoft.Advisor/advisorScore/Advisor", + "name": "Advisor", + "type": "Microsoft.Advisor/advisorScore", + "properties": { + "lastRefreshedScore": { + "date": "2020-06-25T00:00:00Z", + "score": 1, + "consumptionUnits": 12.24521, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0, + "categoryCount": 1 + }, + "timeSeries": [ + { + "aggregationLevel": "day", + "scoreHistory": [ + { + "date": "2020-06-25T00:00:00Z", + "score": 1, + "consumptionUnits": 12.24521, + "impactedResourceCount": 1, + "potentialScoreIncrease": 0 + } + ] + } + ] + } + } + ] + } + } + } +} diff --git a/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ListAssessmentTypes.json b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ListAssessmentTypes.json new file mode 100644 index 000000000000..777650df3621 --- /dev/null +++ b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ListAssessmentTypes.json @@ -0,0 +1,21 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "api-version": "2023-09-01-preview" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "23513bdb-e8a2-4f0b-8b6b-191ee1f52d34", + "title": "Mission Critical | Well-Architected Review", + "description": "Evaluate your mission critical workloads by assessing the technical design areas and overall operational effectiveness.", + "locale": "en-us", + "version": "20221031192816.497" + } + ] + } + } + } +} diff --git a/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ListAssessments.json b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ListAssessments.json new file mode 100644 index 000000000000..3e219e22c622 --- /dev/null +++ b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ListAssessments.json @@ -0,0 +1,41 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "assessmentName": "MCWAR1", + "api-version": "2023-09-01-preview" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/2f2edd23-bded-4c8d-bdef-1f32a9b83f84/providers/Microsoft.Advisor/assessments/MCWAR1", + "name": "MCWAR1", + "type": "Microsoft.Advisor/assessments", + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-03T04:41:33.937Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-03T04:41:33.937Z" + }, + "properties": { + "workloadId": "f72b7134-800f-4f1b-a5bd-691e2140c7d5", + "workloadName": "Workload1", + "assessmentId": "fa5cb863-6ed4-4b6b-8c72-06f847cac885", + "description": "Evaluate your mission critical workloads by assessing the technical design", + "typeId": "23513bdb-e8a2-4f0b-8b6b-191ee1f52d34", + "type": "Mission Critical Well-Architected Review", + "typeVersion": "20221031192816.497", + "locale": "en-us", + "score": 60, + "state": "InProgress" + } + } + ], + "nextLink": "https://management.azure.com/subscriptions/2f2edd23-bded-4c8d-bdef-1f32a9b83f84/providers/Microsoft.Advisor/assessments?api-version=2023-07-01&$top=10&$skiptoken=skiptoken" + } + } + } +} diff --git a/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ListConfigurations.json b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ListConfigurations.json new file mode 100644 index 000000000000..96dee7dfceac --- /dev/null +++ b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ListConfigurations.json @@ -0,0 +1,42 @@ +{ + "parameters": { + "subscriptionId": "subscriptionId", + "resourceGroup": "resourceGroup", + "api-version": "2023-09-01-preview" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/subscriptionId/resourceGroups/resourceGroup/providers/Microsoft.Advisor/configurations/default", + "type": "Microsoft.Advisor/configurations", + "name": "default", + "properties": { + "lowCpuThreshold": "5", + "duration": "7", + "exclude": false, + "digests": [ + { + "name": "digestConfigName", + "actionGroupResourceId": "/subscriptions/subscriptionId/resourceGroups/resourceGroup/providers/microsoft.insights/actionGroups/actionGroupName", + "frequency": 30, + "categories": [ + "HighAvailability", + "Security", + "Performance", + "Cost", + "OperationalExcellence" + ], + "language": "en", + "state": "Active" + } + ] + } + } + ], + "nextLink": "string" + } + } + } +} diff --git a/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ListRecommendationMetadata.json b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ListRecommendationMetadata.json new file mode 100644 index 000000000000..8253f3a440e7 --- /dev/null +++ b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ListRecommendationMetadata.json @@ -0,0 +1,85 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview" + }, + "responses": { + "200": { + "body": { + "nextLink": "string", + "value": [ + { + "id": "providers/Microsoft.Advisor/metadata/recommendationType", + "name": "recommendationType", + "type": "Microsoft.Advisor/metadata", + "properties": { + "displayName": "Recommendation Type", + "dependsOn": [ + "category", + "impact" + ], + "applicableScenarios": [ + "Alerts" + ], + "supportedValues": [ + { + "id": "6a2b1e70-bd4c-4163-86de-5243d7ac05ee", + "displayName": "Upgrade your SKU or add more instances to ensure fault tolerance" + }, + { + "id": "da6630fb-4286-4996-92a3-a43f5f26dd34", + "displayName": "Delete ExpressRoute circuits in the provider status of Not Provisioned" + } + ] + } + }, + { + "id": "providers/Microsoft.Advisor/metadata/recommendationCategory", + "name": "recommendationCategory", + "type": "Microsoft.Advisor/metadata", + "properties": { + "displayName": "Category", + "dependsOn": null, + "applicableScenarios": [ + "Alerts" + ], + "supportedValues": [ + { + "id": "Cost", + "displayName": "Cost" + }, + { + "id": "Performance", + "displayName": "Performance" + } + ] + } + }, + { + "id": "providers/Microsoft.Advisor/metadata/recommendationImpact", + "name": "recommendationImpact", + "type": "Microsoft.Advisor/metadata", + "properties": { + "displayName": "Impact", + "dependsOn": null, + "applicableScenarios": null, + "supportedValues": [ + { + "id": "High", + "displayName": "High" + }, + { + "id": "Medium", + "displayName": "Medium" + }, + { + "id": "Low", + "displayName": "Low" + } + ] + } + } + ] + } + } + } +} diff --git a/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ListRecommendations.json b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ListRecommendations.json new file mode 100644 index 000000000000..1acbfdb1a1e3 --- /dev/null +++ b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ListRecommendations.json @@ -0,0 +1,142 @@ +{ + "parameters": { + "subscriptionId": "a5481ee1-95df-47d0-85d4-dd3f0dfa19bc", + "$top": 10, + "api-version": "2023-09-01-preview" + }, + "responses": { + "200": { + "body": { + "nextLink": "https://management.azure.com/subscriptions/a5481ee1-95df-47d0-85d4-dd3f0dfa19bc/providers/Microsoft.Advisor/recommendations?api-version=2023-09-01-preview&$top=10&$skiptoken=skiptoken", + "value": [ + { + "id": "/subscriptions/a5481ee1-95df-47d0-85d4-dd3f0dfa19bc/resourceGroups/resourceGroup/providers/Microsoft.Compute/availabilitysets/armavset/providers/Microsoft.Advisor/recommendations/bd27ddc6-1312-4067-b4af-cbb45e32cfd7", + "name": "bd27ddc6-1312-4067-b4af-cbb45e32cfd7", + "type": "Microsoft.Advisor/recommendations", + "properties": { + "category": "HighAvailability", + "impact": "Medium", + "impactedField": "Microsoft.Compute/availabilitySets", + "impactedValue": "armavset", + "lastUpdated": "2017-02-24T22:24:43.3216408Z", + "risk": "Warning", + "remediation": { + "additionalProperties": { + "httpMethod": "POST", + "uri": "uri", + "details": "link to document" + } + }, + "shortDescription": { + "problem": "To ensure high availability add one or more virtual machines to this availability set", + "solution": "To ensure high availability add one or more virtual machines to this availability set" + }, + "resourceMetadata": { + "resourceId": "/subscriptions/a5481ee1-95df-47d0-85d4-dd3f0dfa19bc/resourceGroups/resourceGroup/providers/Microsoft.Compute/availabilitysets/armavset", + "action": { + "additionalProperties": { + "actionType": "Document", + "link": "https://link3", + "caption": "Enable Soft Delete to protect blob data", + "description": "Enable Soft Delete to protect blob data" + }, + "metadata": { + "id": "/subscriptions/a5481ee1-95df-47d0-85d4-dd3f0dfa19bc" + } + }, + "singular": "Availability set", + "plural": "Availability sets" + }, + "actions": [ + { + "additionalProperties": { + "actionType": "Document", + "link": "https://link1", + "caption": "Enable Soft Delete to protect blob data", + "description": "Enable Soft Delete to protect blob data" + }, + "metadata": { + "id": "/subscriptions/a5481ee1-95df-47d0-85d4-dd3f0dfa19bc" + } + } + ], + "description": "After enabling Soft Delete, deleted data transitions to a soft deleted state instead of being permanently deleted. When data is overwritten, a soft deleted snapshot is generated to save the state of the overwritten data. You can configure the amount of time soft deleted data is recoverable before it permanently expires.", + "label": "Enable Soft Delete", + "learnMoreLink": "https://link2", + "potentialBenefits": "Save and recover your data when blobs or blob snapshots are accidentally overwritten or deleted", + "tracked": false + } + }, + { + "id": "/subscriptions/a5481ee1-95df-47d0-85d4-dd3f0dfa19bc/resourceGroups/resourceGroup/providers/Microsoft.Compute/virtualMachines/xyz/providers/Microsoft.Advisor/recommendations/1b266c91-3a92-4423-8aa2-ee13a6d90f47", + "name": "1b266c91-3a92-4423-8aa2-ee13a6d90f47", + "type": "Microsoft.Advisor/recommendations", + "properties": { + "category": "Security", + "impact": "Medium", + "impactedField": "Microsoft.Compute/virtualMachines", + "impactedValue": "xyz", + "lastUpdated": "2017-02-24T22:24:43.3216408Z", + "risk": "Warning", + "shortDescription": { + "problem": "Monitoring agent should be installed on your machines", + "solution": "Monitoring agent should be installed on your machines" + }, + "resourceMetadata": { + "resourceId": "/subscriptions/a5481ee1-95df-47d0-85d4-dd3f0dfa19bc/resourceGroups/resourceGroup/providers/Microsoft.Compute/virtualMachines/xyz", + "source": "/subscriptions/a5481ee1-95df-47d0-85d4-dd3f0dfa19bc/resourceGroups/resourceGroup/providers/Microsoft.Compute/virtualMachines/xyz/providers/Microsoft.Security/assessments/15e912ef-221a-4efe-80d2-df5671cdd5f5", + "action": { + "additionalProperties": { + "actionType": "Document", + "link": "https://link3", + "caption": "Enable Soft Delete to protect blob data", + "description": "Enable Soft Delete to protect blob data" + }, + "metadata": { + "id": "/subscriptions/a5481ee1-95df-47d0-85d4-dd3f0dfa19bc" + } + }, + "singular": "Virtual machine", + "plural": "Virtual machines" + }, + "actions": [ + { + "additionalProperties": { + "actionType": "Document", + "link": "https://link1", + "caption": "Enable Soft Delete to protect blob data", + "description": "Enable Soft Delete to protect blob data" + }, + "metadata": { + "id": "/subscriptions/a5481ee1-95df-47d0-85d4-dd3f0dfa19bc" + } + } + ], + "description": "Monitoring agent should be installed on your machines.", + "label": "Enable monitoring agent", + "learnMoreLink": "https://link2", + "potentialBenefits": "Protect and monitor machine", + "tracked": true, + "trackedProperties": { + "state": "Postponed", + "postponedTime": "2023-10-01T00:00:00Z", + "reason": "RiskAccepted", + "priority": "High" + }, + "resourceWorkload": { + "id": "0560dbdb-f207-4690-b4ba-1fc0c3a0f082", + "name": "Critical VM Workload" + }, + "review": { + "id": "/subscriptions/a5481ee1-95df-47d0-85d4-dd3f0dfa19bc/providers/Microsoft.Advisor/assessments/MCWAR1", + "name": "Monthly WAF Review 09/23" + }, + "sourceSystem": "CxObserve", + "notes": "This is a note" + } + } + ] + } + } + } +} diff --git a/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ListSuppressions.json b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ListSuppressions.json new file mode 100644 index 000000000000..26f218ebb79e --- /dev/null +++ b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ListSuppressions.json @@ -0,0 +1,35 @@ +{ + "parameters": { + "subscriptionId": "a5481ee1-95df-47d0-85d4-dd3f0dfa19bc", + "api-version": "2023-09-01-preview" + }, + "responses": { + "200": { + "body": { + "nextLink": "https://management.azure.com/subscriptions/a5481ee1-95df-47d0-85d4-dd3f0dfa19bc/providers/microsoft.Advisor/suppressions?api-version=2023-09-01-preview&$top=3&$skiptoken=skiptoken", + "value": [ + { + "id": "/subscriptions/a5481ee1-95df-47d0-85d4-dd3f0dfa19bc/resourceGroups/resourceGroup/providers/Microsoft.Compute/availabilitysets/armavset/providers/Microsoft.Advisor/recommendations/1b266c91-3a92-4423-8aa2-ee13a6d90f47/suppressions/HardcodedSuppressionName", + "name": "HardcodedSuppressionName", + "type": "Microsoft.Advisor/suppressions", + "properties": { + "suppressionId": "58403b0e-113b-e428-d6f7-2a524380b955", + "ttl": "7.00:00:00", + "expirationTimeStamp": "2022-10-24T22:24:43.3216408Z" + } + }, + { + "id": "/subscriptions/a5481ee1-95df-47d0-85d4-dd3f0dfa19bc/resourceGroups/resourceGroup/providers/Microsoft.Compute/virtualMachines/xyz/providers/Microsoft.Advisor/recommendations/3385b5d0-b8cc-bdcf-0e0d-b5a3d1e9b93b/suppressions/HardcodedSuppressionName", + "name": "HardcodedSuppressionName", + "type": "Microsoft.Advisor/suppressions", + "properties": { + "suppressionId": "72a23574-d49a-84d0-0a7d-fb3fe6cba16b", + "ttl": "7.00:00:00", + "expirationTimeStamp": "2022-10-25T22:24:43.3216408Z" + } + } + ] + } + } + } +} diff --git a/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ListWorkloads.json b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ListWorkloads.json new file mode 100644 index 000000000000..4c8a9680774e --- /dev/null +++ b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ListWorkloads.json @@ -0,0 +1,20 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "api-version": "2023-09-01-preview" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "d8004ffb-de76-4bc4-b0bc-32880a031843", + "name": "Workload1", + "subscriptionId": "2f2edd23-bded-4c8d-bdef-1f32a9b83f84", + "subscriptionName": "Subscription1" + } + ] + } + } + } +} diff --git a/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/OperationsList.json b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/OperationsList.json new file mode 100644 index 000000000000..9f401c381631 --- /dev/null +++ b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/OperationsList.json @@ -0,0 +1,21 @@ +{ + "parameters": { + "api-version": "2023-09-01-preview" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "Microsoft.Advisor/prediction", + "display": { + "provider": "Microsoft Advisor", + "resource": "Prediction", + "description": "Predicts a recommendation." + } + } + ] + } + } + } +} diff --git a/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/Predict.json b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/Predict.json new file mode 100644 index 000000000000..e95245d94c87 --- /dev/null +++ b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/Predict.json @@ -0,0 +1,46 @@ +{ + "parameters": { + "subscriptionId": "subscriptionId", + "predictionRequest": { + "properties": { + "predictionType": "PredictiveRightsizing", + "extendedProperties": { + "region": "CentralUS", + "deploymentType": "Linux_IaaS_Software_Store", + "sku": "Standard_Dv4", + "type": "iaas", + "numberOfInstances": 10 + } + } + }, + "api-version": "2023-09-01-preview" + }, + "responses": { + "200": { + "body": { + "properties": { + "predictionType": "PredictiveRightsizing", + "extendedProperties": { + "region": "CentralUS", + "deploymentType": "Linux_IaaS_Software_Store", + "sku": "Standard_Dv4", + "type": "iaas", + "numberOfInstances": 10, + "prediction": { + "recommendedSku": "Standard_Dv2", + "numberOfInstances": 8, + "confidence": 0.9 + } + }, + "category": "Cost", + "impact": "Low", + "impactedField": "Microsoft.Compute/virtualMachines", + "lastUpdated": "2022-02-14T14:47:18.436Z", + "shortDescription": { + "solution": "We recommend using 8 instances of type Standard_Dv2." + } + } + } + } + } +} diff --git a/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/PutAssessment.json b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/PutAssessment.json new file mode 100644 index 000000000000..3226aa497572 --- /dev/null +++ b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/PutAssessment.json @@ -0,0 +1,70 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "api-version": "2023-09-01-preview", + "assessmentName": "assessment1", + "assessmentContract": { + "properties": { + "workloadId": "f72b7134-800f-4f1b-a5bd-691e2140c7d5", + "typeId": "23513bdb-e8a2-4f0b-8b6b-191ee1f52d34", + "locale": "en-us" + } + } + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/2f2edd23-bded-4c8d-bdef-1f32a9b83f84/providers/Microsoft.Advisor/assessments/MCWAR1", + "name": "MCWAR1", + "type": "Microsoft.Advisor/assessments", + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-03T04:41:33.937Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-03T04:41:33.937Z" + }, + "properties": { + "workloadId": "f72b7134-800f-4f1b-a5bd-691e2140c7d5", + "workloadName": "Workload1", + "assessmentId": "fa5cb863-6ed4-4b6b-8c72-06f847cac885", + "description": "Evaluate your mission critical workloads by assessing the technical design", + "typeId": "23513bdb-e8a2-4f0b-8b6b-191ee1f52d34", + "type": "Mission Critical Well-Architected Review", + "typeVersion": "20221031192816.497", + "locale": "en-us", + "score": 60, + "state": "Inprogress" + } + } + }, + "201": { + "body": { + "id": "/subscriptions/2f2edd23-bded-4c8d-bdef-1f32a9b83f84/providers/Microsoft.Advisor/assessments/MCWAR1", + "name": "MCWAR1", + "type": "Microsoft.Advisor/assessments", + "systemData": { + "createdBy": "string", + "createdByType": "User", + "createdAt": "2020-04-03T04:41:33.937Z", + "lastModifiedBy": "string", + "lastModifiedByType": "User", + "lastModifiedAt": "2020-04-03T04:41:33.937Z" + }, + "properties": { + "workloadId": "f72b7134-800f-4f1b-a5bd-691e2140c7d5", + "workloadName": "Workload1", + "assessmentId": "fa5cb863-6ed4-4b6b-8c72-06f847cac885", + "description": "Evaluate your mission critical workloads by assessing the technical design", + "typeId": "23513bdb-e8a2-4f0b-8b6b-191ee1f52d34", + "type": "Mission Critical Well-Architected Review", + "typeVersion": "20221031192816.497", + "locale": "en-us", + "score": 60, + "state": "Inprogress" + } + } + } + } +} diff --git a/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ResiliencyReviewsGet.json b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ResiliencyReviewsGet.json new file mode 100644 index 000000000000..08337a445c46 --- /dev/null +++ b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ResiliencyReviewsGet.json @@ -0,0 +1,33 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "reviewId": "11111111-1111-2222-3333-444444444444", + "api-version": "2023-09-01-preview" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/providers/Microsoft.Advisor/ResiliencyReview/11111111-1111-2222-3333-444444444444", + "name": "11111111-1111-2222-3333-444444444444", + "type": "Microsoft.Advisor/ResiliencyReview", + "systemData": { + "createdBy": "user-identity", + "createdByType": "User", + "createdAt": "2023-06-30T09:41:00Z", + "lastModifiedBy": "user-identity", + "lastModifiedByType": "User", + "lastModifiedAt": "2023-06-30T09:41:00Z" + }, + "properties": { + "reviewName": "review name xyz", + "workloadName": "workload name xyz", + "reviewStatus": "Triaged", + "recommendationsCount": 4, + "publishedAt": "2023-06-30T09:41:00Z", + "updatedAt": "2023-06-30T09:41:00Z" + } + } + } + } +} diff --git a/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ResiliencyReviewsList.json b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ResiliencyReviewsList.json new file mode 100644 index 000000000000..59baebe9e351 --- /dev/null +++ b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/ResiliencyReviewsList.json @@ -0,0 +1,58 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "api-version": "2023-09-01-preview" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/providers/Microsoft.Advisor/ResiliencyReview/11111111-1111-2222-3333-444444444444", + "name": "11111111-1111-2222-3333-444444444444", + "type": "Microsoft.Advisor/ResiliencyReview", + "systemData": { + "createdBy": "user-identity", + "createdByType": "User", + "createdAt": "2023-06-30T09:41:00Z", + "lastModifiedBy": "user-identity", + "lastModifiedByType": "User", + "lastModifiedAt": "2023-06-30T09:41:00Z" + }, + "properties": { + "reviewName": "review name xyz", + "workloadName": "workload name xyz", + "reviewStatus": "Triaged", + "recommendationsCount": 4, + "publishedAt": "2023-06-30T09:41:00Z", + "updatedAt": "2023-06-30T09:41:00Z" + } + }, + { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/providers/Microsoft.Advisor/ResiliencyReview/11111111-1111-2222-3333-555555555555", + "name": "11111111-1111-2222-3333-555555555555", + "type": "Microsoft.Advisor/ResiliencyReview", + "systemData": { + "createdBy": "user-identity", + "createdByType": "User", + "createdAt": "2023-06-30T09:41:00Z", + "lastModifiedBy": "user-identity", + "lastModifiedByType": "User", + "lastModifiedAt": "2023-06-30T09:41:00Z" + }, + "properties": { + "reviewName": "review name abc", + "workloadName": "workload name abc", + "reviewStatus": "Triaged", + "recommendationsCount": 5, + "publishedAt": "2023-06-30T09:41:00Z", + "updatedAt": "2023-06-30T09:41:00Z" + } + } + ], + "nextLink": "" + } + } + } +} diff --git a/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/TriageRecommendationsApprove.json b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/TriageRecommendationsApprove.json new file mode 100644 index 000000000000..8c8902f2c1cf --- /dev/null +++ b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/TriageRecommendationsApprove.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "reviewId": "11111111-1111-2222-3333-444444444444", + "recommendationId": "22222222-1111-2222-3333-444444444444", + "api-version": "2023-09-01-preview" + }, + "responses": { + "200": { + "headers": {} + } + } +} diff --git a/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/TriageRecommendationsGet.json b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/TriageRecommendationsGet.json new file mode 100644 index 000000000000..0d5f97d07b18 --- /dev/null +++ b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/TriageRecommendationsGet.json @@ -0,0 +1,41 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "reviewId": "11111111-1111-2222-3333-444444444444", + "recommendationId": "22222222-1111-2222-3333-444444444444", + "api-version": "2023-09-01-preview" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/providers/Microsoft.Advisor/ResiliencyReview/11111111-1111-2222-3333-444444444444/providers/Microsoft.Advisor/TriageRecommendations/22222222-1111-2222-3333-444444444444", + "name": "22222222-1111-2222-3333-444444444444", + "type": "Microsoft.Advisor/TriageRecommendations", + "systemData": { + "createdBy": "user-identity", + "createdByType": "User", + "createdAt": "2023-06-30T09:41:00Z", + "lastModifiedBy": "user-identity", + "lastModifiedByType": "User", + "lastModifiedAt": "2023-06-30T09:41:00Z" + }, + "properties": { + "reviewId": "11111111-1111-2222-3333-444444444444", + "title": "Explore the scale-limits of each Azure resource", + "priority": "High", + "recommendationStatus": "Pending", + "updatedAt": "2023-06-30T10:51:00Z", + "rejectReason": "", + "appliesToSubscriptions": [ + "00000000-1111-2222-3333-444444444444", + "00000000-1111-2222-3333-555555555555", + "00000000-1111-2222-3333-666666666666" + ], + "description": "Azure resources have scale limits. If you are planning to deploy a large number of resources, you should be aware of these limits. This recommendation provides links to the scale limits for each Azure resource.", + "potentialBenefits": "Avoid deployment failures due to scale limits.", + "notes": "This recommendation is based on the scale limits for each Azure resource. For more information, see Azure subscription and service limits, quotas, and constraints." + } + } + } + } +} diff --git a/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/TriageRecommendationsList.json b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/TriageRecommendationsList.json new file mode 100644 index 000000000000..3e09c3aa7def --- /dev/null +++ b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/TriageRecommendationsList.json @@ -0,0 +1,103 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "reviewId": "11111111-1111-2222-3333-444444444444", + "api-version": "2023-09-01-preview" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/providers/Microsoft.Advisor/ResiliencyReview/11111111-1111-2222-3333-444444444444/providers/Microsoft.Advisor/TriageRecommendations/22222222-1111-2222-3333-444444444444", + "name": "22222222-1111-2222-3333-444444444444", + "type": "Microsoft.Advisor/TriageRecommendations", + "systemData": { + "createdBy": "user-identity", + "createdByType": "User", + "createdAt": "2023-06-30T09:41:00Z", + "lastModifiedBy": "user-identity", + "lastModifiedByType": "User", + "lastModifiedAt": "2023-06-30T09:41:00Z" + }, + "properties": { + "reviewId": "11111111-1111-2222-3333-444444444444", + "title": "Explore the scale-limits of each Azure resource", + "priority": "High", + "recommendationStatus": "Pending", + "updatedAt": "2023-06-30T10:51:00Z", + "rejectReason": "", + "appliesToSubscriptions": [ + "00000000-1111-2222-3333-444444444444", + "00000000-1111-2222-3333-555555555555", + "00000000-1111-2222-3333-666666666666" + ], + "description": "Azure resources have scale limits. If you are planning to deploy a large number of resources, you should be aware of these limits. This recommendation provides links to the scale limits for each Azure resource.", + "potentialBenefits": "Avoid deployment failures due to scale limits.", + "notes": "This recommendation is based on the scale limits for each Azure resource. For more information, see Azure subscription and service limits, quotas, and constraints." + } + }, + { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/providers/Microsoft.Advisor/ResiliencyReview/11111111-1111-2222-3333-444444444444/providers/Microsoft.Advisor/TriageRecommendations/22222222-1111-2222-3333-555555555555", + "name": "22222222-1111-2222-3333-555555555555", + "type": "Microsoft.Advisor/TriageRecommendations", + "systemData": { + "createdBy": "user-identity", + "createdByType": "User", + "createdAt": "2023-06-30T09:41:00Z", + "lastModifiedBy": "user-identity", + "lastModifiedByType": "User", + "lastModifiedAt": "2023-06-30T09:41:00Z" + }, + "properties": { + "reviewId": "11111111-1111-2222-3333-444444444444", + "title": "Turn off unused resources", + "priority": "High", + "recommendationStatus": "Rejected", + "updatedAt": "2023-06-30T10:51:00Z", + "rejectReason": "Not a risk", + "appliesToSubscriptions": [ + "00000000-1111-2222-3333-444444444444", + "00000000-1111-2222-3333-555555555555", + "00000000-1111-2222-3333-777777777777" + ], + "description": "Azure resources have scale limits. If you are planning to deploy a large number of resources, you should be aware of these limits. This recommendation provides links to the scale limits for each Azure resource.", + "potentialBenefits": "Avoid deployment failures due to scale limits.", + "notes": "This recommendation is based on the scale limits for each Azure resource. For more information, see Azure subscription and service limits, quotas, and constraints." + } + }, + { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/providers/Microsoft.Advisor/ResiliencyReview/11111111-1111-2222-3333-444444444444/providers/Microsoft.Advisor/TriageRecommendations/22222222-1111-2222-3333-666666666666", + "name": "22222222-1111-2222-3333-666666666666", + "type": "Microsoft.Advisor/TriageRecommendations", + "systemData": { + "createdBy": "user-identity", + "createdByType": "User", + "createdAt": "2023-06-30T09:41:00Z", + "lastModifiedBy": "user-identity", + "lastModifiedByType": "User", + "lastModifiedAt": "2023-06-30T09:41:00Z" + }, + "properties": { + "reviewId": "11111111-1111-2222-3333-444444444444", + "title": "Enabled HTTPS on all web apps", + "priority": "High", + "recommendationStatus": "Approved", + "updatedAt": "2023-06-30T10:51:00Z", + "rejectReason": "", + "appliesToSubscriptions": [ + "00000000-1111-2222-3333-888888888888", + "00000000-1111-2222-3333-555555555555", + "00000000-1111-2222-3333-777777777777" + ], + "description": "Azure resources have scale limits. If you are planning to deploy a large number of resources, you should be aware of these limits. This recommendation provides links to the scale limits for each Azure resource.", + "potentialBenefits": "Avoid deployment failures due to scale limits.", + "notes": "This recommendation is based on the scale limits for each Azure resource. For more information, see Azure subscription and service limits, quotas, and constraints." + } + } + ], + "nextLink": "" + } + } + } +} diff --git a/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/TriageRecommendationsReject.json b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/TriageRecommendationsReject.json new file mode 100644 index 000000000000..ce73d90e3fab --- /dev/null +++ b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/TriageRecommendationsReject.json @@ -0,0 +1,16 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "reviewId": "11111111-1111-2222-3333-444444444444", + "recommendationId": "22222222-1111-2222-3333-444444444444", + "api-version": "2023-09-01-preview", + "recommendationRejectBody": { + "reasonForRejection": "NotARisk" + } + }, + "responses": { + "200": { + "headers": {} + } + } +} diff --git a/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/TriageRecommendationsReset.json b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/TriageRecommendationsReset.json new file mode 100644 index 000000000000..8c8902f2c1cf --- /dev/null +++ b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/TriageRecommendationsReset.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "subscriptionId": "00000000-1111-2222-3333-444444444444", + "reviewId": "11111111-1111-2222-3333-444444444444", + "recommendationId": "22222222-1111-2222-3333-444444444444", + "api-version": "2023-09-01-preview" + }, + "responses": { + "200": { + "headers": {} + } + } +} diff --git a/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/UpdateTrackedRecommendation.json b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/UpdateTrackedRecommendation.json new file mode 100644 index 000000000000..f8cac97a1830 --- /dev/null +++ b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/examples/UpdateTrackedRecommendation.json @@ -0,0 +1,93 @@ +{ + "parameters": { + "resourceUri": "subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/resourceGroupName/providers/Microsoft.Compute/virtualMachines/xyz", + "recommendationId": "c5532a76-8605-4328-ad27-f37ae87c086c", + "trackedProperties": { + "properties": { + "trackedProperties": { + "state": "Postponed", + "postponedTime": "2023-10-01T00:00:00Z" + } + } + }, + "api-version": "2023-09-01-preview" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/resourceGroupName/providers/Microsoft.Compute/virtualMachines/xyz/providers/Microsoft.Advisor/recommendations/c5532a76-8605-4328-ad27-f37ae87c086c", + "name": "c5532a76-8605-4328-ad27-f37ae87c086c", + "type": "Microsoft.Advisor/recommendations", + "properties": { + "category": "Security", + "impact": "Medium", + "impactedField": "Microsoft.Compute/virtualMachines", + "impactedValue": "armavset", + "lastUpdated": "2017-02-24T22:24:43.3216408Z", + "risk": "Warning", + "shortDescription": { + "problem": "Monitoring agent should be installed on your machines", + "solution": "Monitoring agent should be installed on your machines" + }, + "remediation": { + "additionalProperties": { + "httpMethod": "POST", + "uri": "uri", + "details": "link to document" + } + }, + "resourceMetadata": { + "resourceId": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/resourceGroupName/providers/Microsoft.Compute/virtualMachines/xyz", + "source": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/resourceGroupName/providers/Microsoft.Compute/virtualMachines/xyz/providers/Microsoft.Security/assessments/7d5f6ba5-307e-452e-b3c4-7d636f722055", + "action": { + "additionalProperties": { + "actionType": "Document", + "link": "https://link3", + "caption": "Enable Soft Delete to protect blob data", + "description": "Enable Soft Delete to protect blob data" + }, + "metadata": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/resourceGroupName/providers/Microsoft.Compute/virtualMachines/xyz" + } + }, + "singular": "Virtual machine", + "plural": "Virtual machines" + }, + "actions": [ + { + "additionalProperties": { + "actionType": "Document", + "link": "https://link1", + "caption": "Enable Soft Delete to protect blob data", + "description": "Enable Soft Delete to protect blob data" + }, + "metadata": { + "id": "/subscriptions/00000000-1111-2222-3333-444444444444" + } + } + ], + "description": "After enabling Soft Delete, deleted data transitions to a soft deleted state instead of being permanently deleted. When data is overwritten, a soft deleted snapshot is generated to save the state of the overwritten data. You can configure the amount of time soft deleted data is recoverable before it permanently expires.", + "label": "Enable Soft Delete", + "learnMoreLink": "https://link2", + "potentialBenefits": "Save and recover your data when blobs or blob snapshots are accidentally overwritten or deleted", + "tracked": true, + "trackedProperties": { + "state": "Postponed", + "postponedTime": "2023-10-01T00:00:00Z", + "priority": "High" + }, + "resourceWorkload": { + "id": "0560dbdb-f207-4690-b4ba-1fc0c3a0f082", + "name": "Critical VM Workload" + }, + "review": { + "id": "/subscriptions/a5481ee1-95df-47d0-85d4-dd3f0dfa19bc/providers/Microsoft.Advisor/assessments/MCWAR1", + "name": "Monthly WAF Review 09/23" + }, + "sourceSystem": "CxObserve", + "notes": "This is a note" + } + } + } + } +} diff --git a/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/resiliencyReviews.json b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/resiliencyReviews.json new file mode 100644 index 000000000000..07d8f6fba189 --- /dev/null +++ b/specification/advisor/resource-manager/Microsoft.Advisor/preview/2023-09-01-preview/resiliencyReviews.json @@ -0,0 +1,726 @@ +{ + "swagger": "2.0", + "info": { + "version": "2023-09-01-preview", + "title": "AdvisorManagementClient", + "description": "REST APIs for Azure Advisor Resiliency Reviews." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "paths": { + "/subscriptions/{subscriptionId}/providers/Microsoft.Advisor/resiliencyReviews": { + "get": { + "tags": [ + "resiliencyReviews" + ], + "summary": "Get list of resiliency reviews.", + "description": "Get list of Azure Advisor resiliency reviews.", + "operationId": "resiliencyReviews_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v4/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v4/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/topParameter" + }, + { + "$ref": "#/parameters/skipParameter" + }, + { + "$ref": "#/parameters/filterParameter" + } + ], + "responses": { + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/resiliencyReviewCollection" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + }, + "deprecated": false, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "ListResiliencyReviews": { + "$ref": "./examples/ResiliencyReviewsList.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Advisor/resiliencyReviews/{reviewId}": { + "get": { + "tags": [ + "resiliencyReviews" + ], + "summary": "Get existing resiliency review.", + "description": "Get existing Azure Advisor resiliency review by id.", + "operationId": "resiliencyReviews_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v4/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v4/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/reviewIdParameter" + } + ], + "responses": { + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/resiliencyReview" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + }, + "deprecated": false, + "x-ms-examples": { + "GetResiliencyReview": { + "$ref": "./examples/ResiliencyReviewsGet.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Advisor/resiliencyReviews/{reviewId}/providers/Microsoft.Advisor/triageRecommendations": { + "get": { + "tags": [ + "triageRecommendations" + ], + "summary": "Get list of recommendations for an existing resiliency review id.", + "description": "Get list of recommendations for an existing Azure Advisor Resiliency Review Id.", + "operationId": "triageRecommendations_List", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v4/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v4/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/reviewIdParameter" + }, + { + "$ref": "#/parameters/topParameter" + }, + { + "$ref": "#/parameters/skipParameter" + } + ], + "responses": { + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/triageRecommendationCollection" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + }, + "deprecated": false, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "ListTriageRecommendations": { + "$ref": "./examples/TriageRecommendationsList.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Advisor/resiliencyReviews/{reviewId}/providers/Microsoft.Advisor/triageRecommendations/{recommendationId}": { + "get": { + "tags": [ + "triageRecommendations" + ], + "summary": "Get an existing recommendation by id for an existing resiliency review id.", + "description": "Get an existing recommendation by id for an existing Azure Advisor Resiliency Review Id.", + "operationId": "triageRecommendations_Get", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v4/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v4/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/reviewIdParameter" + }, + { + "$ref": "#/parameters/recommendationIdParameter" + } + ], + "produces": [ + "application/json" + ], + "responses": { + "200": { + "description": "Success", + "schema": { + "$ref": "#/definitions/triageRecommendation" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + }, + "deprecated": false, + "x-ms-examples": { + "GetTriageRecommendation": { + "$ref": "./examples/TriageRecommendationsGet.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Advisor/resiliencyReviews/{reviewId}/providers/Microsoft.Advisor/triageRecommendations/{recommendationId}/approve": { + "post": { + "tags": [ + "triageRecommendations" + ], + "summary": "Approve triage recommendation by id.", + "description": "Approve a triage recommendation for a given id.", + "operationId": "triageRecommendations_ApproveTriageRecommendation", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v4/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v4/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/reviewIdParameter" + }, + { + "$ref": "#/parameters/recommendationIdParameter" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + }, + "deprecated": false, + "x-ms-examples": { + "Approve a triage recommendation": { + "$ref": "./examples/TriageRecommendationsApprove.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Advisor/resiliencyReviews/{reviewId}/providers/Microsoft.Advisor/triageRecommendations/{recommendationId}/reject": { + "post": { + "tags": [ + "triageRecommendations" + ], + "summary": "Reject existing triage recommendation by id.", + "description": "Reject an existing triage recommendation for a given id.", + "operationId": "triageRecommendations_RejectTriageRecommendation", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v4/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v4/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/reviewIdParameter" + }, + { + "$ref": "#/parameters/recommendationIdParameter" + }, + { + "$ref": "#/parameters/recommendationRejectBodyParameter" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + }, + "deprecated": false, + "x-ms-examples": { + "Reject a triage recommendation": { + "$ref": "./examples/TriageRecommendationsReject.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Advisor/resiliencyReviews/{reviewId}/providers/Microsoft.Advisor/triageRecommendations/{recommendationId}/reset": { + "post": { + "tags": [ + "triageRecommendations" + ], + "summary": "Reset existing triage recommendation by id.", + "description": "Reset an existing triage recommendation for a given id.", + "operationId": "triageRecommendations_ResetTriageRecommendation", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v4/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v4/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/reviewIdParameter" + }, + { + "$ref": "#/parameters/recommendationIdParameter" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/ErrorResponse" + } + } + }, + "deprecated": false, + "x-ms-examples": { + "Reset a triage recommendation": { + "$ref": "./examples/TriageRecommendationsReset.json" + } + } + } + } + }, + "definitions": { + "resiliencyReviewCollection": { + "description": "Collection of Resiliency Reviews.", + "required": [ + "value" + ], + "type": "object", + "properties": { + "value": { + "description": "List of resiliency reviews.", + "type": "array", + "items": { + "$ref": "#/definitions/resiliencyReview" + } + }, + "nextLink": { + "type": "string", + "description": "The URL to get the next set of Advisor resiliency reviews, if there are any." + } + } + }, + "resiliencyReview": { + "description": "The Advisor resiliency review data structure.", + "type": "object", + "x-ms-azure-resource": true, + "properties": { + "id": { + "type": "string", + "format": "arm-id", + "description": "Fully qualified resource ID for the resource. E.g. \"/subscriptions/{subscriptionId}/providers/Microsoft.Advisor/ResiliencyReviews/{reviewId}\".", + "readOnly": true + }, + "name": { + "type": "string", + "description": "Resource name E.g. \"{guid}\".", + "readOnly": true + }, + "type": { + "type": "string", + "description": "Resource type E.g. \"Microsoft.Advisor/resiliencyReviews\".", + "readOnly": true + }, + "systemData": { + "$ref": "../../../../../common-types/resource-management/v4/types.json#/definitions/systemData", + "readOnly": true + }, + "properties": { + "$ref": "#/definitions/resiliencyReviewProperties", + "description": "Advisor resiliency review properties.", + "x-ms-client-flatten": true + } + } + }, + "resiliencyReviewProperties": { + "description": "Resiliency review properties.", + "type": "object", + "properties": { + "reviewName": { + "type": "string", + "readOnly": true, + "description": "Review name." + }, + "workloadName": { + "type": "string", + "readOnly": true, + "description": "Workload Name." + }, + "reviewStatus": { + "readOnly": true, + "description": "Review status.", + "$ref": "#/definitions/reviewStatusName" + }, + "recommendationsCount": { + "type": "integer", + "format": "int32", + "readOnly": true, + "description": "Review recommendations count." + }, + "publishedAt": { + "type": "string", + "readOnly": true, + "description": "Review last updated timestamp." + }, + "updatedAt": { + "type": "string", + "readOnly": true, + "description": "Review last updated timestamp." + } + } + }, + "triageRecommendationCollection": { + "description": "Collection of Advisor triage recommendations.", + "required": [ + "value" + ], + "type": "object", + "properties": { + "value": { + "description": "List of triage recommendations.", + "type": "array", + "items": { + "$ref": "#/definitions/triageRecommendation" + } + }, + "nextLink": { + "type": "string", + "description": "The URL to get the next set of triage recommendations, if there are any." + } + } + }, + "triageRecommendation": { + "description": "Triage recommendation data structure.", + "type": "object", + "x-ms-azure-resource": true, + "properties": { + "id": { + "type": "string", + "format": "arm-id", + "description": "Fully qualified resource ID for the resource. E.g. \"/subscriptions/{subscriptionId}/providers/Microsoft.Advisor/ResiliencyReviews/{reviewId}/providers/Microsoft.Advisor/triageRecommendation/{recommendationId}\".", + "readOnly": true + }, + "name": { + "type": "string", + "description": "Resource name E.g. \"{guid}\".", + "readOnly": true + }, + "type": { + "type": "string", + "description": "Resource type E.g. \"Microsoft.Advisor/triageRecommendation\".", + "readOnly": true + }, + "systemData": { + "$ref": "../../../../../common-types/resource-management/v4/types.json#/definitions/systemData", + "readOnly": true + }, + "properties": { + "$ref": "#/definitions/triageRecommendationProperties", + "description": "Advisor resiliency review properties.", + "x-ms-client-flatten": true + } + } + }, + "triageRecommendationProperties": { + "description": "Triage recommendation properties.", + "type": "object", + "properties": { + "reviewId": { + "type": "string", + "readOnly": true, + "description": "Review id." + }, + "title": { + "type": "string", + "readOnly": true, + "description": "Recommendation label." + }, + "priority": { + "description": "Recommendation priority.", + "$ref": "#/definitions/priorityName" + }, + "appliesToSubscriptions": { + "type": "array", + "readOnly": true, + "description": "List of subscription ids.", + "items": { + "type": "string" + } + }, + "recommendationStatus": { + "description": "Recommendation status.", + "$ref": "#/definitions/recommendationStatusName" + }, + "updatedAt": { + "type": "string", + "readOnly": true, + "description": "Recommendation potential benefit." + }, + "rejectReason": { + "type": "string", + "readOnly": true, + "description": "Recommendation rejection reason." + }, + "potentialBenefits": { + "type": "string", + "readOnly": true, + "description": "Recommendation potential benefit." + }, + "description": { + "type": "string", + "readOnly": true, + "description": "Recommendation description." + }, + "notes": { + "type": "string", + "readOnly": true, + "description": "Recommendation notes." + } + } + }, + "priorityName": { + "description": "Recommendation priority name enum.", + "type": "string", + "readOnly": true, + "enum": [ + "High", + "Medium", + "Low" + ], + "x-ms-enum": { + "name": "priorityName", + "modelAsString": true, + "values": [ + { + "value": "High", + "description": "High" + }, + { + "value": "Medium", + "description": "Medium" + }, + { + "value": "Low", + "description": "Low" + } + ] + } + }, + "recommendationStatusName": { + "description": "Recommendation status name enum.", + "type": "string", + "readOnly": true, + "enum": [ + "Approved", + "Rejected", + "Pending" + ], + "x-ms-enum": { + "name": "recommendationStatusName", + "modelAsString": true, + "values": [ + { + "value": "Approved", + "description": "Approved" + }, + { + "value": "Rejected", + "description": "Rejected" + }, + { + "value": "Pending", + "description": "Pending" + } + ] + } + }, + "reviewStatusName": { + "description": "Review status string, returns the Reviews by the given status (e.g. 'New', 'Triaged', 'Completed').", + "type": "string", + "readOnly": true, + "enum": [ + "New", + "InProgress", + "Triaged", + "Completed" + ], + "x-ms-enum": { + "name": "reviewStatus", + "modelAsString": true, + "values": [ + { + "value": "New", + "description": "New" + }, + { + "value": "InProgress", + "description": "In Progress" + }, + { + "value": "Triaged", + "description": "Triaged" + }, + { + "value": "Completed", + "description": "Completed" + } + ] + } + }, + "recommendationRejectBody": { + "description": "Recommendation reject body.", + "type": "object", + "properties": { + "reasonForRejection": { + "description": "Reason for rejecting recommendation.", + "$ref": "#/definitions/reasonForRejectionName" + } + } + }, + "reasonForRejectionName": { + "description": "Reason for rejecting recommendation name enum.", + "type": "string", + "enum": [ + "NotARisk", + "RiskAccepted" + ], + "x-ms-enum": { + "name": "reasonForRejectionName", + "modelAsString": true, + "values": [ + { + "value": "NotARisk", + "description": "Not A Risk" + }, + { + "value": "RiskAccepted", + "description": "Risk Accepted" + } + ] + } + } + }, + "parameters": { + "reviewIdParameter": { + "name": "reviewId", + "in": "path", + "description": "Existing review id. This is a GUID-formatted string (e.g. 00000000-0000-0000-0000-000000000000).", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "recommendationIdParameter": { + "name": "recommendationId", + "in": "path", + "description": "Existing triage recommendation id. This is a GUID-formatted string (e.g. 00000000-0000-0000-0000-000000000000).", + "required": true, + "type": "string", + "x-ms-parameter-location": "method" + }, + "recommendationRejectBodyParameter": { + "name": "recommendationRejectBody", + "in": "body", + "description": "JSON object that contains reason for rejecting triage recommendation.", + "required": true, + "schema": { + "$ref": "#/definitions/recommendationRejectBody" + } + }, + "topParameter": { + "name": "$top", + "in": "query", + "description": "The number of items to be included in the result.", + "required": false, + "type": "integer", + "format": "int32", + "x-ms-parameter-location": "method" + }, + "skipParameter": { + "name": "$skip", + "in": "query", + "description": "The number of items to skip before starting to collect the result set.", + "required": false, + "type": "integer", + "format": "int32", + "x-ms-parameter-location": "method" + }, + "filterParameter": { + "name": "$filter", + "in": "query", + "description": "The filter to apply.
Filter can be applied to properties ['reviewStatus', 'reviewId'] with operators ['eq', 'and', 'or'].
Example:
- $filter=reviewStatus eq 'New'", + "required": false, + "type": "string", + "x-ms-parameter-location": "method" + } + }, + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "description": "Azure Active Directory OAuth2 Flow.", + "flow": "implicit", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "scopes": { + "user_impersonation": "impersonate your user account." + } + } + }, + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ] +} diff --git a/specification/advisor/resource-manager/readme.md b/specification/advisor/resource-manager/readme.md index bda9e84bc0ca..629a4d152c05 100644 --- a/specification/advisor/resource-manager/readme.md +++ b/specification/advisor/resource-manager/readme.md @@ -26,9 +26,19 @@ These are the global settings for the Advisor API. ``` yaml openapi-type: arm -tag: package-2023-01 +tag: package-2023-09-preview ``` +### Tag: package-2023-09-preview + +These settings apply only when `--tag=package-2023-09-preview` is specified on the command line. + +```yaml $(tag) == 'package-2023-09-preview' +input-file: + - Microsoft.Advisor/preview/2023-09-01-preview/advisor.json + - Microsoft.Advisor/preview/2023-09-01-preview/assessments.json + - Microsoft.Advisor/preview/2023-09-01-preview/resiliencyReviews.json +``` ### Tag: package-2023-01 @@ -38,6 +48,7 @@ These settings apply only when `--tag=package-2023-01` is specified on the comma input-file: - Microsoft.Advisor/stable/2023-01-01/advisor.json ``` + ### Tag: package-2022-10 These settings apply only when `--tag=package-2022-10` is specified on the command line. From 6d887c274ad9e0e96234676834e20504149a4d69 Mon Sep 17 00:00:00 2001 From: amber-ccc Date: Mon, 24 Feb 2025 12:33:38 -0800 Subject: [PATCH 03/10] added `generate-sample-project: false` in yaml file (#32777) * added `generate-sample-project: false` in yaml file * fix typespec validation * fix typespec validation for text authoring --- .../Language.AnalyzeConversations-authoring/tspconfig.yaml | 1 + .../Language.AnalyzeText-authoring/tspconfig.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/specification/cognitiveservices/Language.AnalyzeConversations-authoring/tspconfig.yaml b/specification/cognitiveservices/Language.AnalyzeConversations-authoring/tspconfig.yaml index 131a858340f1..26ad74704e32 100644 --- a/specification/cognitiveservices/Language.AnalyzeConversations-authoring/tspconfig.yaml +++ b/specification/cognitiveservices/Language.AnalyzeConversations-authoring/tspconfig.yaml @@ -19,3 +19,4 @@ options: model-namespace: true namespace: "Azure.AI.Language.Conversations.Authoring" flavor: azure + generate-sample-project: false diff --git a/specification/cognitiveservices/Language.AnalyzeText-authoring/tspconfig.yaml b/specification/cognitiveservices/Language.AnalyzeText-authoring/tspconfig.yaml index c4a9f941c543..afa1e606fae0 100644 --- a/specification/cognitiveservices/Language.AnalyzeText-authoring/tspconfig.yaml +++ b/specification/cognitiveservices/Language.AnalyzeText-authoring/tspconfig.yaml @@ -19,3 +19,4 @@ options: model-namespace: true namespace: "Azure.AI.Language.Text.Authoring" flavor: azure + generate-sample-project: false From 2f9b4fb3e3f8bf822476acac1faefc3ef7389d8a Mon Sep 17 00:00:00 2001 From: Maor Leger Date: Mon, 24 Feb 2025 13:27:23 -0800 Subject: [PATCH 04/10] [keyvault] Restore JS customization (#32784) --- .../keyvault/Security.KeyVault.Administration/client.tsp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/specification/keyvault/Security.KeyVault.Administration/client.tsp b/specification/keyvault/Security.KeyVault.Administration/client.tsp index 1436bd827d6f..b8715032b3b7 100644 --- a/specification/keyvault/Security.KeyVault.Administration/client.tsp +++ b/specification/keyvault/Security.KeyVault.Administration/client.tsp @@ -19,3 +19,9 @@ namespace ClientCustomizations; @@clientName(KeyVault.Setting.type, "SettingType", "csharp"); @@clientName(KeyVault.Setting.value, "Content", "csharp"); @@access(KeyVault, Access.internal, "csharp"); + +// JavaScript customizations +@@clientName(KeyVault.FullBackupOperation.azureStorageBlobContainerUri, + "folderUri", + "javascript" +); From f3721c713f9e44b59be3338ee4f4358a5fabe60c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Feb 2025 17:08:44 -0800 Subject: [PATCH 05/10] Bump @azure-tools/typespec-client-generator-core (#32797) Bumps the typespec group with 1 update in the / directory: [@azure-tools/typespec-client-generator-core](https://github.com/Azure/typespec-azure). Updates `@azure-tools/typespec-client-generator-core` from 0.51.2 to 0.51.3 - [Release notes](https://github.com/Azure/typespec-azure/releases) - [Commits](https://github.com/Azure/typespec-azure/compare/@azure-tools/typespec-client-generator-core@0.51.2...@azure-tools/typespec-client-generator-core@0.51.3) --- updated-dependencies: - dependency-name: "@azure-tools/typespec-client-generator-core" dependency-type: direct:development update-type: version-update:semver-patch dependency-group: typespec ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index acda22c5d6c7..5a52ae77884d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -14,7 +14,7 @@ "@azure-tools/typespec-azure-resource-manager": "0.51.0", "@azure-tools/typespec-azure-rulesets": "0.51.0", "@azure-tools/typespec-client-generator-cli": "0.15.3", - "@azure-tools/typespec-client-generator-core": "0.51.2", + "@azure-tools/typespec-client-generator-core": "0.51.3", "@azure-tools/typespec-liftr-base": "0.7.0", "@azure/avocado": "^0.9.1", "@typespec/compiler": "0.65.3", @@ -1149,9 +1149,9 @@ } }, "node_modules/@azure-tools/typespec-client-generator-core": { - "version": "0.51.2", - "resolved": "https://registry.npmjs.org/@azure-tools/typespec-client-generator-core/-/typespec-client-generator-core-0.51.2.tgz", - "integrity": "sha512-wMhZXjQykZJSTxGH1bzJh6Ktu8Y0XAjkqwO8pL9NkKNQOvpouSxF8RfovrUlzjJDHJVyjbfYQAfH8ldYGq0p0w==", + "version": "0.51.3", + "resolved": "https://registry.npmjs.org/@azure-tools/typespec-client-generator-core/-/typespec-client-generator-core-0.51.3.tgz", + "integrity": "sha512-gwHpnZsUdfJAiJ3vlLzZeBQB/2Z/CKvL8144v9mOBuqrTnF4NVr+KWahFY6GrH+5/2gWxcVVKBYsGOS6eTdKuA==", "dev": true, "license": "MIT", "dependencies": { diff --git a/package.json b/package.json index a80bc256a953..eb98cbfcd3c5 100644 --- a/package.json +++ b/package.json @@ -8,7 +8,7 @@ "@azure-tools/typespec-azure-resource-manager": "0.51.0", "@azure-tools/typespec-azure-rulesets": "0.51.0", "@azure-tools/typespec-client-generator-cli": "0.15.3", - "@azure-tools/typespec-client-generator-core": "0.51.2", + "@azure-tools/typespec-client-generator-core": "0.51.3", "@azure-tools/typespec-liftr-base": "0.7.0", "@azure/avocado": "^0.9.1", "@autorest/openapi-to-typespec": "0.10.10", From b34740ddec859f5a55ba176a3ccba39335b16ad4 Mon Sep 17 00:00:00 2001 From: Azure SDK Bot <53356347+azure-sdk@users.noreply.github.com> Date: Mon, 24 Feb 2025 17:35:57 -0800 Subject: [PATCH 06/10] Sync eng/common directory with azure-sdk-tools for PR 9902 (#32794) * populate triggeringPaths of each artifactdetails with the owning ci.yml * handle service-directory changes in Get-PrPkgProperties --------- Co-authored-by: Scott Beddall --- eng/common/scripts/Package-Properties.ps1 | 45 ++++++++++++++++++++++- 1 file changed, 43 insertions(+), 2 deletions(-) diff --git a/eng/common/scripts/Package-Properties.ps1 b/eng/common/scripts/Package-Properties.ps1 index bd445f7c6b45..e9254ba9667e 100644 --- a/eng/common/scripts/Package-Properties.ps1 +++ b/eng/common/scripts/Package-Properties.ps1 @@ -91,6 +91,7 @@ class PackageProps { $result = [PSCustomObject]@{ ArtifactConfig = [HashTable]$artifactForCurrentPackage ParsedYml = $content + Location = $ymlPath } return $result @@ -126,6 +127,14 @@ class PackageProps { if ($ciArtifactResult) { $this.ArtifactDetails = [Hashtable]$ciArtifactResult.ArtifactConfig + + if (-not $this.ArtifactDetails["triggeringPaths"]) { + $this.ArtifactDetails["triggeringPaths"] = @() + } + $RepoRoot = Resolve-Path (Join-Path $PSScriptRoot ".." ".." "..") + $relativePath = (Resolve-Path -Path $ciArtifactResult.Location -Relative -RelativeBasePath $RepoRoot).TrimStart(".").Replace("`\", "/") + $this.ArtifactDetails["triggeringPaths"] += $relativePath + $this.CIParameters["CIMatrixConfigs"] = @() # if we know this is the matrix for our file, we should now see if there is a custom matrix config for the package @@ -207,6 +216,7 @@ function Get-PrPkgProperties([string]$InputDiffJson) { } foreach ($file in $targetedFiles) { + $pathComponents = $file -split "/" $shouldExclude = $false foreach ($exclude in $excludePaths) { if ($file.StartsWith($exclude,'CurrentCultureIgnoreCase')) { @@ -219,12 +229,12 @@ function Get-PrPkgProperties([string]$InputDiffJson) { } $filePath = (Join-Path $RepoRoot $file) + # handle direct changes to packages $shouldInclude = $filePath -like (Join-Path "$pkgDirectory" "*") - # this implementation guesses the working directory of the ci.yml + # handle changes to files that are RELATED to each package foreach($triggerPath in $triggeringPaths) { $resolvedRelativePath = (Join-Path $RepoRoot $triggerPath) - # utilize the various trigger paths against the targeted file here if (!$triggerPath.StartsWith("/")){ $resolvedRelativePath = (Join-Path $RepoRoot "sdk" "$($pkg.ServiceDirectory)" $triggerPath) } @@ -237,6 +247,36 @@ function Get-PrPkgProperties([string]$InputDiffJson) { if ($includedForValidation) { $pkg.IncludedForValidation = $true } + break + } + } + + # handle service-level changes to the ci.yml files + # we are using the ci.yml file being added automatically to each artifactdetails as the input + # for this task. This is because we can resolve a service directory from the ci.yml, and if + # there is a single ci.yml in that directory, we can assume that any file change in that directory + # will apply to all packages that exist in that directory. + $triggeringCIYmls = $triggeringPaths | Where-Object { $_ -like "*ci*.yml" } + + foreach($yml in $triggeringCIYmls) { + # given that this path is coming from the populated triggering paths in the artifact, + # we can assume that the path to the ci.yml will successfully resolve. + $ciYml = Join-Path $RepoRoot $yml + # ensure we terminate the service directory with a / + $directory = [System.IO.Path]::GetDirectoryName($ciYml).Replace("`\", "/") + "/" + $soleCIYml = (Get-ChildItem -Path $directory -Filter "ci*.yml" -File).Count -eq 1 + + if ($soleCIYml -and $filePath.Replace("`\", "/").StartsWith($directory)) { + if (-not $shouldInclude) { + $pkg.IncludedForValidation = $true + $shouldInclude = $true + } + break + } + else { + # if the ci.yml is not the only file in the directory, we cannot assume that any file changed within the directory that isn't the ci.yml + # should trigger this package + Write-Host "Skipping adding package for file `"$file`" because the ci yml `"$yml`" is not the only file in the service directory `"$directory`"" } } @@ -280,6 +320,7 @@ function Get-PrPkgProperties([string]$InputDiffJson) { # packages. We should never return NO validation. if ($packagesWithChanges.Count -eq 0) { $packagesWithChanges += ($allPackageProperties | Where-Object { $_.ServiceDirectory -eq "template" }) + $packagesWithChanges[0].IncludedForValidation = $true } return $packagesWithChanges From 8c8172241392cfc8c4131f5d8a6935b73ab640ec Mon Sep 17 00:00:00 2001 From: Yuchao Yan Date: Tue, 25 Feb 2025 10:28:49 +0800 Subject: [PATCH 07/10] [keyvault] Update readme.python.md (#32530) --- .../resource-manager/readme.python.md | 87 ++----------------- 1 file changed, 8 insertions(+), 79 deletions(-) diff --git a/specification/keyvault/resource-manager/readme.python.md b/specification/keyvault/resource-manager/readme.python.md index bd1089a6a70c..05291fc59a83 100644 --- a/specification/keyvault/resource-manager/readme.python.md +++ b/specification/keyvault/resource-manager/readme.python.md @@ -19,35 +19,27 @@ Generate all API versions currently shipped for this package ```yaml $(python) multiapi: true -default-api-version: "2023-07-01" +default-api-version: "2024-11-01" clear-output-folder: true batch: - - tag: package-2019-09 - - tag: package-2018-02 - - tag: package-2016-10 - - tag: package-preview-2020-04-full - - tag: package-preview-2021-04 - - tag: package-preview-2021-06 - - tag: package-2021-10 - - tag: package-2022-07 + - tag: package-2024-11-01 - tag: package-2023-02 - - tag: package-2023-07 + - tag: package-2016-10 - multiapiscript: true ``` ``` yaml $(multiapiscript) output-folder: $(python-sdks-folder)/keyvault/azure-mgmt-keyvault/azure/mgmt/keyvault/ -clear-output-folder: false perform-load: false ``` -### Tag: package-2023-07 and python +### Tag: package-2024-11-01 and python -These settings apply only when `--tag=package-2023-07 --python` is specified on the command line. +These settings apply only when `--tag=package-2024-11-01 --python` is specified on the command line. -``` yaml $(tag) == 'package-2023-07' -namespace: azure.mgmt.keyvault.v2023_07_01 -output-folder: $(python-sdks-folder)/keyvault/azure-mgmt-keyvault/azure/mgmt/keyvault/v2023_07_01 +``` yaml $(tag) == 'package-2024-11-01' +namespace: azure.mgmt.keyvault.v2024_11_01 +output-folder: $(python-sdks-folder)/keyvault/azure-mgmt-keyvault/azure/mgmt/keyvault/v2024_11_01 ``` ### Tag: package-2023-02 and python @@ -59,69 +51,6 @@ namespace: azure.mgmt.keyvault.v2023_02_01 output-folder: $(python-sdks-folder)/keyvault/azure-mgmt-keyvault/azure/mgmt/keyvault/v2023_02_01 ``` -### Tag: package-2022-07 and python - -These settings apply only when `--tag=package-2022-07 --python` is specified on the command line. - -``` yaml $(tag) == 'package-2022-07' -namespace: azure.mgmt.keyvault.v2022_07_01 -output-folder: $(python-sdks-folder)/keyvault/azure-mgmt-keyvault/azure/mgmt/keyvault/v2022_07_01 -``` - -### Tag: package-2021-10 and python - -These settings apply only when `--tag=package-2021-10 --python` is specified on the command line. - -``` yaml $(tag) == 'package-2021-10' -namespace: azure.mgmt.keyvault.v2021_10_01 -output-folder: $(python-sdks-folder)/keyvault/azure-mgmt-keyvault/azure/mgmt/keyvault/v2021_10_01 -``` - -### Tag: package-preview-2021-06 and python - -These settings apply only when `--tag=package-preview-2021-06 --python` is specified on the command line. - -``` yaml $(tag) == 'package-preview-2021-06' -namespace: azure.mgmt.keyvault.v2021_06_01_preview -output-folder: $(python-sdks-folder)/keyvault/azure-mgmt-keyvault/azure/mgmt/keyvault/v2021_06_01_preview -``` - -### Tag: package-preview-2021-04 and python - -These settings apply only when `--tag=package-preview-2021-04 --python` is specified on the command line. - -``` yaml $(tag) == 'package-preview-2021-04' -namespace: azure.mgmt.keyvault.v2021_04_01_preview -output-folder: $(python-sdks-folder)/keyvault/azure-mgmt-keyvault/azure/mgmt/keyvault/v2021_04_01_preview -``` - -### Tag: package-preview-2020-04-full and python - -These settings apply only when `--tag=package-preview-2020-04-full --python` is specified on the command line. - -``` yaml $(tag) == 'package-preview-2020-04-full' -namespace: azure.mgmt.keyvault.v2020_04_01_preview -output-folder: $(python-sdks-folder)/keyvault/azure-mgmt-keyvault/azure/mgmt/keyvault/v2020_04_01_preview -``` - -### Tag: package-2019-09 and python - -These settings apply only when `--tag=package-2019-09 --python` is specified on the command line. - -``` yaml $(tag) == 'package-2019-09' -namespace: azure.mgmt.keyvault.v2019_09_01 -output-folder: $(python-sdks-folder)/keyvault/azure-mgmt-keyvault/azure/mgmt/keyvault/v2019_09_01 -``` - -### Tag: package-2018-02 and python - -These settings apply only when `--tag=package-2018-02 --python` is specified on the command line. - -``` yaml $(tag) == 'package-2018-02' -namespace: azure.mgmt.keyvault.v2018_02_14 -output-folder: $(python-sdks-folder)/keyvault/azure-mgmt-keyvault/azure/mgmt/keyvault/v2018_02_14 -``` - ### Tag: package-2016-10 and python These settings apply only when `--tag=package-2016-10 --python` is specified on the command line. From 8691e5081766c7ad602a9e55de841d07bed5196a Mon Sep 17 00:00:00 2001 From: Yao Kou Date: Tue, 25 Feb 2025 10:33:27 +0800 Subject: [PATCH 08/10] update oracle linked service (#32750) Co-authored-by: Jingshu918 <138486531+Jingshu918@users.noreply.github.com> --- .../stable/2018-06-01/entityTypes/LinkedService.json | 5 +---- .../stable/2020-12-01/entityTypes/LinkedService.json | 5 +---- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/specification/datafactory/resource-manager/Microsoft.DataFactory/stable/2018-06-01/entityTypes/LinkedService.json b/specification/datafactory/resource-manager/Microsoft.DataFactory/stable/2018-06-01/entityTypes/LinkedService.json index 41457f164a17..a48fd7d34e1c 100644 --- a/specification/datafactory/resource-manager/Microsoft.DataFactory/stable/2018-06-01/entityTypes/LinkedService.json +++ b/specification/datafactory/resource-manager/Microsoft.DataFactory/stable/2018-06-01/entityTypes/LinkedService.json @@ -1766,10 +1766,7 @@ "type": "string", "description": "The encrypted credential used for authentication. Credentials are encrypted using the integration runtime credential manager. Type: string." } - }, - "required": [ - "connectionString" - ] + } }, "AmazonRdsForOracleLinkedService": { "x-ms-discriminator-value": "AmazonRdsForOracle", diff --git a/specification/synapse/data-plane/Microsoft.Synapse/stable/2020-12-01/entityTypes/LinkedService.json b/specification/synapse/data-plane/Microsoft.Synapse/stable/2020-12-01/entityTypes/LinkedService.json index 15399c6dcbb8..88013f6be131 100644 --- a/specification/synapse/data-plane/Microsoft.Synapse/stable/2020-12-01/entityTypes/LinkedService.json +++ b/specification/synapse/data-plane/Microsoft.Synapse/stable/2020-12-01/entityTypes/LinkedService.json @@ -1509,10 +1509,7 @@ "type": "object", "description": "The encrypted credential used for authentication. Credentials are encrypted using the integration runtime credential manager. Type: string (or Expression with resultType string)." } - }, - "required": [ - "connectionString" - ] + } }, "AmazonRdsForOracleLinkedService": { "x-ms-discriminator-value": "AmazonRdsForOracle", From 2f4175af8e79fe3957f71c4d0c9c79d865622698 Mon Sep 17 00:00:00 2001 From: Wanpeng Li Date: Tue, 25 Feb 2025 11:07:48 +0800 Subject: [PATCH 09/10] Add Go Data Plane Rules of tspconfig.yaml for TSV (#32779) * manually add * add go dp rules * update --------- Co-authored-by: albertxavier100 --- .../src/rules/sdk-tspconfig-validation.ts | 73 ++++++++--- .../test/sdk-tspconfig-validation.test.ts | 117 +++++++++++++----- 2 files changed, 146 insertions(+), 44 deletions(-) diff --git a/eng/tools/typespec-validation/src/rules/sdk-tspconfig-validation.ts b/eng/tools/typespec-validation/src/rules/sdk-tspconfig-validation.ts index dda07055a2b7..27f820247507 100644 --- a/eng/tools/typespec-validation/src/rules/sdk-tspconfig-validation.ts +++ b/eng/tools/typespec-validation/src/rules/sdk-tspconfig-validation.ts @@ -98,7 +98,7 @@ class TspconfigParameterSubRuleBase extends TspconfigSubRuleBase { } class TspconfigEmitterOptionsSubRuleBase extends TspconfigSubRuleBase { - private emitterName: string; + protected emitterName: string; constructor(emitterName: string, keyToValidate: string, expectedValue: ExpectedValueType) { super(keyToValidate, expectedValue); @@ -141,7 +141,14 @@ function isManagementSdk(folder: string): boolean { function skipForDataPlane(folder: string): SkipResult { return { shouldSkip: !isManagementSdk(folder), - reason: "This rule is only applicable for management SDKs.", + reason: "This rule is only applicable for management plane SDKs.", + }; +} + +function skipForManagementPlane(folder: string): SkipResult { + return { + shouldSkip: isManagementSdk(folder), + reason: "This rule is only applicable for data plane SDKs.", }; } @@ -230,7 +237,43 @@ export class TspConfigTsMgmtModularPackageNameMatchPatternSubRule extends Tspcon } } -// ----- Go management sub rules ----- +// ----- Go data plane sub rules ----- +export class TspConfigGoDpServiceDirMatchPatternSubRule extends TspconfigEmitterOptionsSubRuleBase { + constructor() { + super("@azure-tools/typespec-go", "service-dir", new RegExp(/^sdk\/.*$/)); + } + protected skip(_: any, folder: string) { + return skipForManagementPlane(folder); + } +} + +export class TspConfigGoDpPackageDirectoryMatchPatternSubRule extends TspconfigEmitterOptionsSubRuleBase { + constructor() { + super("@azure-tools/typespec-go", "package-dir", new RegExp(/^az.*$/)); + } + protected skip(_: any, folder: string) { + return skipForManagementPlane(folder); + } +} + +export class TspConfigGoDpModuleMatchPatternSubRule extends TspconfigEmitterOptionsSubRuleBase { + constructor() { + super( + "@azure-tools/typespec-go", + "module", + new RegExp(/^github.com\/Azure\/azure-sdk-for-go\/.*$/), + ); + } + protected validate(config: any): RuleResult { + let module = config?.options?.[this.emitterName]?.module; + if (module === undefined) return { success: true }; + return super.validate(config); + } + protected skip(_: any, folder: string) { + return skipForManagementPlane(folder); + } +} + export class TspConfigGoMgmtServiceDirMatchPatternSubRule extends TspconfigEmitterOptionsSubRuleBase { constructor() { super("@azure-tools/typespec-go", "service-dir", new RegExp(/^sdk\/resourcemanager\/[^\/]*$/)); @@ -280,31 +323,26 @@ export class TspConfigGoMgmtGenerateExamplesTrueSubRule extends TspconfigEmitter } } -export class TspConfigGoMgmtGenerateFakesTrueSubRule extends TspconfigEmitterOptionsSubRuleBase { +export class TspConfigGoMgmtHeadAsBooleanTrueSubRule extends TspconfigEmitterOptionsSubRuleBase { constructor() { - super("@azure-tools/typespec-go", "generate-fakes", true); + super("@azure-tools/typespec-go", "head-as-boolean", true); } protected skip(_: any, folder: string) { return skipForDataPlane(folder); } } -export class TspConfigGoMgmtHeadAsBooleanTrueSubRule extends TspconfigEmitterOptionsSubRuleBase { +// ----- Go az sub rules ----- +export class TspConfigGoAzGenerateFakesTrueSubRule extends TspconfigEmitterOptionsSubRuleBase { constructor() { - super("@azure-tools/typespec-go", "head-as-boolean", true); - } - protected skip(_: any, folder: string) { - return skipForDataPlane(folder); + super("@azure-tools/typespec-go", "generate-fakes", true); } } -export class TspConfigGoMgmtInjectSpansTrueSubRule extends TspconfigEmitterOptionsSubRuleBase { +export class TspConfigGoAzInjectSpansTrueSubRule extends TspconfigEmitterOptionsSubRuleBase { constructor() { super("@azure-tools/typespec-go", "inject-spans", true); } - protected skip(_: any, folder: string) { - return skipForDataPlane(folder); - } } // ----- Python management sub rules ----- @@ -386,9 +424,12 @@ export const defaultRules = [ new TspConfigGoMgmtModuleEqualStringSubRule(), new TspConfigGoMgmtFixConstStutteringTrueSubRule(), new TspConfigGoMgmtGenerateExamplesTrueSubRule(), - new TspConfigGoMgmtGenerateFakesTrueSubRule(), + new TspConfigGoAzGenerateFakesTrueSubRule(), new TspConfigGoMgmtHeadAsBooleanTrueSubRule(), - new TspConfigGoMgmtInjectSpansTrueSubRule(), + new TspConfigGoAzInjectSpansTrueSubRule(), + new TspConfigGoDpServiceDirMatchPatternSubRule(), + new TspConfigGoDpPackageDirectoryMatchPatternSubRule(), + new TspConfigGoDpModuleMatchPatternSubRule(), new TspConfigPythonMgmtPackageDirectorySubRule(), new TspConfigPythonMgmtPackageNameEqualStringSubRule(), new TspConfigPythonMgmtGenerateTestTrueSubRule(), diff --git a/eng/tools/typespec-validation/test/sdk-tspconfig-validation.test.ts b/eng/tools/typespec-validation/test/sdk-tspconfig-validation.test.ts index 9555a1a74a93..5515b9c31fa5 100644 --- a/eng/tools/typespec-validation/test/sdk-tspconfig-validation.test.ts +++ b/eng/tools/typespec-validation/test/sdk-tspconfig-validation.test.ts @@ -14,9 +14,12 @@ import { TspConfigGoMgmtModuleEqualStringSubRule, TspConfigGoMgmtFixConstStutteringTrueSubRule, TspConfigGoMgmtGenerateExamplesTrueSubRule, - TspConfigGoMgmtGenerateFakesTrueSubRule, TspConfigGoMgmtHeadAsBooleanTrueSubRule, - TspConfigGoMgmtInjectSpansTrueSubRule, + TspConfigGoAzGenerateFakesTrueSubRule, + TspConfigGoAzInjectSpansTrueSubRule, + TspConfigGoDpModuleMatchPatternSubRule, + TspConfigGoDpPackageDirectoryMatchPatternSubRule, + TspConfigGoDpServiceDirMatchPatternSubRule, TspConfigJavaAzPackageDirectorySubRule, TspConfigPythonMgmtPackageDirectorySubRule, TspConfigPythonMgmtPackageNameEqualStringSubRule, @@ -105,31 +108,38 @@ function createEmitterOptionTestCases( validValue: boolean | string, invalidValue: boolean | string, subRules: TspconfigSubRuleBase[], + allowUndefined: boolean = false, ): Case[] { - const cases: Case[] = [ - { - description: `Validate ${emitterName}'s option:${key} with valid value ${validValue}`, - folder, - tspconfigContent: createEmitterOptionExample(emitterName, { key: key, value: validValue }), - success: true, - subRules, - }, - { - description: `Validate ${emitterName}'s option:${key} with invalid value ${invalidValue}`, - folder, - tspconfigContent: createEmitterOptionExample(emitterName, { key: key, value: invalidValue }), - success: false, - subRules, - }, - { - description: `Validate ${emitterName}'s option:${key} with undefined value`, - folder, - tspconfigContent: createEmitterOptionExample(emitterName), - success: false, - subRules, - }, - ]; - if (key.includes(".")) { + const cases: Case[] = []; + + cases.push({ + description: `Validate ${emitterName}'s option:${key} with valid value ${validValue}`, + folder, + tspconfigContent: createEmitterOptionExample(emitterName, { key: key, value: validValue }), + success: true, + subRules, + }); + + cases.push({ + description: `Validate ${emitterName}'s option:${key} with invalid value ${invalidValue}`, + folder, + tspconfigContent: createEmitterOptionExample(emitterName, { + key: key, + value: invalidValue, + }), + success: false, + subRules, + }); + + cases.push({ + description: `Validate ${emitterName}'s option:${key} with undefined value`, + folder, + tspconfigContent: createEmitterOptionExample(emitterName), + success: allowUndefined ? true : false, + subRules, + }); + + if (!allowUndefined && key.includes(".")) { cases.push({ description: `Validate ${emitterName}'s option:${key} with incomplete key`, folder, @@ -267,7 +277,16 @@ const goManagementGenerateFakesTestCases = createEmitterOptionTestCases( "generate-fakes", true, false, - [new TspConfigGoMgmtGenerateFakesTrueSubRule()], + [new TspConfigGoAzGenerateFakesTrueSubRule()], +); + +const goDpGenerateFakesTestCases = createEmitterOptionTestCases( + "@azure-tools/typespec-go", + "", + "generate-fakes", + true, + false, + [new TspConfigGoAzGenerateFakesTrueSubRule()], ); const goManagementHeadAsBooleanTestCases = createEmitterOptionTestCases( @@ -285,7 +304,44 @@ const goManagementInjectSpansTestCases = createEmitterOptionTestCases( "inject-spans", true, false, - [new TspConfigGoMgmtInjectSpansTrueSubRule()], + [new TspConfigGoAzInjectSpansTrueSubRule()], +); + +const goDpInjectSpansTestCases = createEmitterOptionTestCases( + "@azure-tools/typespec-go", + "", + "inject-spans", + true, + false, + [new TspConfigGoAzInjectSpansTrueSubRule()], +); + +const goDpModuleTestCases = createEmitterOptionTestCases( + "@azure-tools/typespec-go", + "", + "module", + "github.com/Azure/azure-sdk-for-go/aaa", + "github.com/Azure/azure-sdk-for-cpp/bbb", + [new TspConfigGoDpModuleMatchPatternSubRule()], + true, +); + +const goDpPackageDirTestCases = createEmitterOptionTestCases( + "@azure-tools/typespec-go", + "", + "package-dir", + "az1/2/3", + "bzasd", + [new TspConfigGoDpPackageDirectoryMatchPatternSubRule()], +); + +const goDpServiceDirTestCases = createEmitterOptionTestCases( + "@azure-tools/typespec-go", + "", + "service-dir", + "sdk/2/3", + "sd/k", + [new TspConfigGoDpServiceDirMatchPatternSubRule()], ); const javaManagementPackageDirTestCases = createEmitterOptionTestCases( @@ -389,6 +445,11 @@ describe("tspconfig", function () { ...goManagementGenerateFakesTestCases, ...goManagementHeadAsBooleanTestCases, ...goManagementInjectSpansTestCases, + ...goDpGenerateFakesTestCases, + ...goDpInjectSpansTestCases, + ...goDpModuleTestCases, + ...goDpPackageDirTestCases, + ...goDpServiceDirTestCases, // java ...javaManagementPackageDirTestCases, // python From fcd1c4977ad31417ab298205e87727c4cc8474f1 Mon Sep 17 00:00:00 2001 From: ccz77 <48917249+Celinadhh@users.noreply.github.com> Date: Tue, 25 Feb 2025 11:45:07 -0800 Subject: [PATCH 10/10] Update Swagger for New PolicyDefinitions and PolicyTokens API (#32306) * Copy files from stable/2025-01-01 Copied the files in a separate commit. This allows reviewers to easily diff subsequent changes against the previous spec. * Update version to stable/2025-03-01 Updated the API version from stable/2025-01-01 to stable/2025-03-01. * Added tag for 2025-03-01 in readme file * Update readme.md * Add external evaluation enforcement settings contract * Add policy token API contract * Swagger PrettierCheck * Swagger PrettierCheck * Fix JsonSerializationException * Update contract * Swagger LintDiff * Increment to v6 * Revert "Increment to v6" This reverts commit 64631c50492e725da774258a4ac4db5d540c4c64. * Update error response * Update duration * Update sdk-suppressions.yaml --------- Co-authored-by: Celina Zhao Co-authored-by: kazrael2119 <98569699+kazrael2119@users.noreply.github.com> --- .../examples/acquirePolicyToken.json | 67 + .../createOrUpdatePolicyDefinition.json | 95 ++ ...rUpdatePolicyDefinitionAdvancedParams.json | 122 ++ ...datePolicyDefinitionAtManagementGroup.json | 95 ++ ...ExternalEvaluationEnforcementSettings.json | 107 ++ ...createOrUpdatePolicyDefinitionVersion.json | 138 +++ ...icyDefinitionVersionAtManagementGroup.json | 138 +++ .../createOrUpdatePolicySetDefinition.json | 160 +++ ...ePolicySetDefinitionAtManagementGroup.json | 135 ++ ...ateOrUpdatePolicySetDefinitionVersion.json | 161 +++ ...SetDefinitionVersionAtManagementGroup.json | 133 ++ ...OrUpdatePolicySetDefinitionWithGroups.json | 196 +++ ...DefinitionWithGroupsAtManagementGroup.json | 194 +++ .../examples/createPolicyAssignment.json | 66 + .../examples/createPolicyAssignmentById.json | 56 + ...PolicyAssignmentNonComplianceMessages.json | 61 + ...PolicyAssignmentWithEnrollEnforcement.json | 57 + .../createPolicyAssignmentWithIdentity.json | 67 + ...reatePolicyAssignmentWithIdentityById.json | 66 + .../createPolicyAssignmentWithOverrides.json | 84 ++ ...PolicyAssignmentWithResourceSelectors.json | 68 + ...icyAssignmentWithUserAssignedIdentity.json | 74 ++ ...atePolicyAssignmentWithoutEnforcement.json | 57 + .../examples/deletePolicyAssignment.json | 40 + .../examples/deletePolicyAssignmentById.json | 38 + .../examples/deletePolicyDefinition.json | 15 + ...letePolicyDefinitionAtManagementGroup.json | 15 + .../deletePolicyDefinitionVersion.json | 16 + ...icyDefinitionVersionAtManagementGroup.json | 16 + .../examples/deletePolicySetDefinition.json | 15 + ...ePolicySetDefinitionAtManagementGroup.json | 15 + .../deletePolicySetDefinitionVersion.json | 16 + ...SetDefinitionVersionAtManagementGroup.json | 16 + .../getBuiltInPolicySetDefinition.json | 82 ++ .../getBuiltInPolicySetDefinitionVersion.json | 79 ++ .../examples/getBuiltinPolicyDefinition.json | 57 + .../getBuiltinPolicyDefinitionVersion.json | 54 + .../examples/getPolicyAssignment.json | 38 + .../examples/getPolicyAssignmentById.json | 36 + .../getPolicyAssignmentWithIdentity.json | 44 + .../getPolicyAssignmentWithIdentityById.json | 42 + .../getPolicyAssignmentWithOverrides.json | 45 + ...PolicyAssignmentWithResourceSelectors.json | 44 + ...icyAssignmentWithUserAssignedIdentity.json | 48 + .../examples/getPolicyDefinition.json | 58 + .../getPolicyDefinitionAtManagementGroup.json | 58 + .../examples/getPolicyDefinitionVersion.json | 55 + ...icyDefinitionVersionAtManagementGroup.json | 55 + .../examples/getPolicySetDefinition.json | 75 ++ ...tPolicySetDefinitionAtManagementGroup.json | 57 + .../getPolicySetDefinitionVersion.json | 72 ++ ...SetDefinitionVersionAtManagementGroup.json | 54 + ...istAllBuiltInPolicyDefinitionVersions.json | 105 ++ ...AllBuiltInPolicySetDefinitionVersions.json | 81 ++ .../listAllPolicyDefinitionVersions.json | 99 ++ ...cyDefinitionVersionsByManagementGroup.json | 99 ++ .../listAllPolicySetDefinitionVersions.json | 56 + ...etDefinitionVersionsByManagementGroup.json | 123 ++ .../listBuiltInPolicyDefinitionVersions.json | 106 ++ .../listBuiltInPolicyDefinitions.json | 145 +++ ...istBuiltInPolicySetDefinitionVersions.json | 82 ++ .../listBuiltInPolicySetDefinitions.json | 85 ++ .../examples/listPolicyAssignments.json | 63 + ...stPolicyAssignmentsForManagementGroup.json | 63 + .../listPolicyAssignmentsForResource.json | 62 + ...listPolicyAssignmentsForResourceGroup.json | 64 + .../listPolicyDefinitionVersions.json | 100 ++ ...cyDefinitionVersionsByManagementGroup.json | 100 ++ .../examples/listPolicyDefinitions.json | 143 +++ ...istPolicyDefinitionsByManagementGroup.json | 106 ++ .../listPolicySetDefinitionVersions.json | 57 + ...etDefinitionVersionsByManagementGroup.json | 57 + .../examples/listPolicySetDefinitions.json | 131 ++ ...PolicySetDefinitionsByManagementGroup.json | 129 ++ .../updatePolicyAssignmentWithIdentity.json | 50 + ...pdatePolicyAssignmentWithIdentityById.json | 48 + .../updatePolicyAssignmentWithOverrides.json | 64 + ...PolicyAssignmentWithResourceSelectors.json | 62 + ...icyAssignmentWithUserAssignedIdentity.json | 57 + .../stable/2025-03-01/policyAssignments.json | 1099 +++++++++++++++++ .../2025-03-01/policyDefinitionVersions.json | 856 +++++++++++++ .../stable/2025-03-01/policyDefinitions.json | 753 +++++++++++ .../policySetDefinitionVersions.json | 852 +++++++++++++ .../2025-03-01/policySetDefinitions.json | 761 ++++++++++++ .../stable/2025-03-01/policyTokens.json | 312 +++++ .../resources/resource-manager/readme.md | 28 +- .../resource-manager/sdk-suppressions.yaml | 7 +- 87 files changed, 10651 insertions(+), 6 deletions(-) create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/acquirePolicyToken.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicyDefinition.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionAdvancedParams.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionAtManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionExternalEvaluationEnforcementSettings.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionVersion.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionVersionAtManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicySetDefinition.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionAtManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionVersion.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionVersionAtManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionWithGroups.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionWithGroupsAtManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignment.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentById.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentNonComplianceMessages.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentWithEnrollEnforcement.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentWithIdentity.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentWithIdentityById.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentWithOverrides.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentWithResourceSelectors.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentWithUserAssignedIdentity.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentWithoutEnforcement.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicyAssignment.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicyAssignmentById.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicyDefinition.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicyDefinitionAtManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicyDefinitionVersion.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicyDefinitionVersionAtManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicySetDefinition.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicySetDefinitionAtManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicySetDefinitionVersion.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicySetDefinitionVersionAtManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getBuiltInPolicySetDefinition.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getBuiltInPolicySetDefinitionVersion.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getBuiltinPolicyDefinition.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getBuiltinPolicyDefinitionVersion.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyAssignment.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyAssignmentById.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyAssignmentWithIdentity.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyAssignmentWithIdentityById.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyAssignmentWithOverrides.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyAssignmentWithResourceSelectors.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyAssignmentWithUserAssignedIdentity.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyDefinition.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyDefinitionAtManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyDefinitionVersion.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyDefinitionVersionAtManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicySetDefinition.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicySetDefinitionAtManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicySetDefinitionVersion.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicySetDefinitionVersionAtManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listAllBuiltInPolicyDefinitionVersions.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listAllBuiltInPolicySetDefinitionVersions.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listAllPolicyDefinitionVersions.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listAllPolicyDefinitionVersionsByManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listAllPolicySetDefinitionVersions.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listAllPolicySetDefinitionVersionsByManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listBuiltInPolicyDefinitionVersions.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listBuiltInPolicyDefinitions.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listBuiltInPolicySetDefinitionVersions.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listBuiltInPolicySetDefinitions.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicyAssignments.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicyAssignmentsForManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicyAssignmentsForResource.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicyAssignmentsForResourceGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicyDefinitionVersions.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicyDefinitionVersionsByManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicyDefinitions.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicyDefinitionsByManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicySetDefinitionVersions.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicySetDefinitionVersionsByManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicySetDefinitions.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicySetDefinitionsByManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/updatePolicyAssignmentWithIdentity.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/updatePolicyAssignmentWithIdentityById.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/updatePolicyAssignmentWithOverrides.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/updatePolicyAssignmentWithResourceSelectors.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/updatePolicyAssignmentWithUserAssignedIdentity.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/policyAssignments.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/policyDefinitionVersions.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/policyDefinitions.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/policySetDefinitionVersions.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/policySetDefinitions.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/policyTokens.json diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/acquirePolicyToken.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/acquirePolicyToken.json new file mode 100644 index 000000000000..4728619b7052 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/acquirePolicyToken.json @@ -0,0 +1,67 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2025-03-01", + "parameters": { + "operation": { + "uri": "https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testRG/providers/Microsoft.Compute/virtualMachines/testVM?api-version=2024-01-01", + "httpMethod": "delete" + } + } + }, + "responses": { + "200": { + "body": { + "result": "Succeeded", + "results": [ + { + "policyInfo": { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/5ed64d02", + "policyAssignmentId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/3f2def86" + }, + "result": "Succeeded", + "message": "Coin flip successful (success probability: '1').", + "claims": { + "isValid": false, + "string": "testString", + "int": 2, + "double": 0.99, + "date": "2025-01-01T19:30:00.00Z", + "testObject": { + "id": 12345, + "name": "Complex Object", + "details": { + "createdBy": "John Doe", + "createdDate": "2024-12-13T12:00:00Z", + "metadata": { + "version": "1.0.0", + "isActive": true, + "tags": [ + "example", + "test", + "object" + ] + } + } + }, + "testArray": [ + "Apple", + "Banana", + "Cherry" + ] + }, + "expiration": "2025-01-01T21:30:00.00Z" + } + ], + "token": "PoP 7zmVse52pjMKPQd5m2uiNjz5UV2pZ.LPGtRiTeuCDBomEVbzj9kIaL9odEmlNv4D9VzyrQLTAyv4HHnUR7oNytWnL.AQrZ5bSGAQZzr8eySqvugzrD-ceRVL311SL3Nn6f-4c9kgPgU_u1ArXQKW25QCxMlsAuWmaE", + "tokenId": "0da8a969-c660-4de0-a6a4-b2034d4325e4", + "expiration": "2025-01-01T21:30:00.00Z" + } + }, + "202": { + "headers": { + "Azure-AsyncOperation": "https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/operationResults/h723ksf8" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicyDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicyDefinition.json new file mode 100644 index 000000000000..67c0bfce97f2 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicyDefinition.json @@ -0,0 +1,95 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyDefinitionName": "ResourceNaming", + "api-version": "2025-03-01", + "parameters": { + "properties": { + "mode": "All", + "displayName": "Enforce resource naming convention", + "description": "Force resource names to begin with given 'prefix' and/or end with given 'suffix'", + "metadata": { + "category": "Naming" + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + } + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "ResourceNaming", + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionAdvancedParams.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionAdvancedParams.json new file mode 100644 index 000000000000..c0088f8a738d --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionAdvancedParams.json @@ -0,0 +1,122 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyDefinitionName": "EventHubDiagnosticLogs", + "api-version": "2025-03-01", + "parameters": { + "properties": { + "mode": "Indexed", + "displayName": "Event Hubs should have diagnostic logging enabled", + "description": "Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised", + "metadata": { + "category": "Event Hub" + }, + "policyRule": { + "if": { + "field": "type", + "equals": "Microsoft.EventHub/namespaces" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "type": "Microsoft.Insights/diagnosticSettings", + "existenceCondition": { + "allOf": [ + { + "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled", + "equals": "true" + }, + { + "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days", + "equals": "[parameters('requiredRetentionDays')]" + } + ] + } + } + } + }, + "parameters": { + "requiredRetentionDays": { + "type": "Integer", + "defaultValue": 365, + "allowedValues": [ + 0, + 30, + 90, + 180, + 365 + ], + "metadata": { + "displayName": "Required retention (days)", + "description": "The required diagnostic logs retention in days" + } + } + } + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "ResourceNaming", + "properties": { + "mode": "Indexed", + "displayName": "Event Hubs should have diagnostic logging enabled", + "description": "Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised", + "metadata": { + "category": "Event Hub" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyRule": { + "if": { + "field": "type", + "equals": "Microsoft.EventHub/namespaces" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "type": "Microsoft.Insights/diagnosticSettings", + "existenceCondition": { + "allOf": [ + { + "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled", + "equals": "true" + }, + { + "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days", + "equals": "[parameters('requiredRetentionDays')]" + } + ] + } + } + } + }, + "parameters": { + "requiredRetentionDays": { + "type": "Integer", + "defaultValue": 365, + "allowedValues": [ + 0, + 30, + 90, + 180, + 365 + ], + "metadata": { + "displayName": "Required retention (days)", + "description": "The required diagnostic logs retention in days" + } + } + } + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..dfad853cc2c8 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionAtManagementGroup.json @@ -0,0 +1,95 @@ +{ + "parameters": { + "managementGroupId": "MyManagementGroup", + "policyDefinitionName": "ResourceNaming", + "api-version": "2025-03-01", + "parameters": { + "properties": { + "mode": "All", + "displayName": "Enforce resource naming convention", + "description": "Force resource names to begin with given 'prefix' and/or end with given 'suffix'", + "metadata": { + "category": "Naming" + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + } + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "ResourceNaming", + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionExternalEvaluationEnforcementSettings.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionExternalEvaluationEnforcementSettings.json new file mode 100644 index 000000000000..a629d1a47c0b --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionExternalEvaluationEnforcementSettings.json @@ -0,0 +1,107 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyDefinitionName": "RandomizeVMAllocation", + "api-version": "2025-03-01", + "parameters": { + "properties": { + "mode": "Indexed", + "displayName": "Randomize VM Allocation", + "description": "Randomly disable VM allocation in eastus by having policy rule reference the outcome of invoking an external endpoint using the CoinFlip endpoint that returns random values.", + "metadata": { + "category": "VM" + }, + "policyRule": { + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Compute/virtualMachines" + }, + { + "field": "location", + "equals": "eastus" + }, + { + "value": "[claims().isValid]", + "equals": "false" + } + ] + }, + "then": { + "effect": "deny" + } + }, + "externalEvaluationEnforcementSettings": { + "missingTokenAction": "audit", + "endpointSettings": { + "kind": "CoinFlip", + "details": { + "successProbability": 0.5 + } + }, + "roleDefinitionIds": [ + "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/roleDefinitions/f0cc2aea-b517-48f6-8f9e-0c01c687907b" + ] + } + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/RandomizeVMAllocation", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "RandomizeVMAllocation", + "properties": { + "mode": "Indexed", + "displayName": "Randomize VM Allocation", + "description": "Randomly disable VM allocation in eastus by having policy rule reference the outcome of invoking an external endpoint using the CoinFlip endpoint that returns random values.", + "metadata": { + "category": "VM" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyRule": { + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Compute/virtualMachines" + }, + { + "field": "location", + "equals": "eastus" + }, + { + "value": "[claims().isValid]", + "equals": "false" + } + ] + }, + "then": { + "effect": "deny" + } + }, + "externalEvaluationEnforcementSettings": { + "missingTokenAction": "audit", + "endpointSettings": { + "kind": "CoinFlip", + "details": { + "successProbability": 0.5 + } + }, + "roleDefinitionIds": [ + "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/roleDefinitions/f0cc2aea-b517-48f6-8f9e-0c01c687907b" + ] + }, + "policyType": "Custom" + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionVersion.json new file mode 100644 index 000000000000..a91f163f900f --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionVersion.json @@ -0,0 +1,138 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyDefinitionName": "ResourceNaming", + "policyDefinitionVersion": "1.2.1", + "api-version": "2025-03-01", + "parameters": { + "properties": { + "mode": "All", + "displayName": "Enforce resource naming convention", + "description": "Force resource names to begin with given 'prefix' and/or end with given 'suffix'", + "metadata": { + "category": "Naming" + }, + "version": "1.2.1", + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + } + } + } + }, + "responses": { + "200": { + "headers": {}, + "body": { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "name": "1.2.1", + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "version": "1.2.1", + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + } + } + }, + "201": { + "headers": {}, + "body": { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "name": "1.2.1", + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "version": "1.2.1", + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionVersionAtManagementGroup.json new file mode 100644 index 000000000000..00d18dd67ceb --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionVersionAtManagementGroup.json @@ -0,0 +1,138 @@ +{ + "parameters": { + "managementGroupName": "MyManagementGroup", + "policyDefinitionName": "ResourceNaming", + "policyDefinitionVersion": "1.2.1", + "api-version": "2025-03-01", + "parameters": { + "properties": { + "mode": "All", + "displayName": "Enforce resource naming convention", + "description": "Force resource names to begin with given 'prefix' and/or end with given 'suffix'", + "metadata": { + "category": "Naming" + }, + "version": "1.2.1", + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + } + } + } + }, + "responses": { + "200": { + "headers": {}, + "body": { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "name": "1.2.1", + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "version": "1.2.1", + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + } + } + }, + "201": { + "headers": {}, + "body": { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "name": "1.2.1", + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "version": "1.2.1", + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicySetDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicySetDefinition.json new file mode 100644 index 000000000000..ef7e08b69614 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicySetDefinition.json @@ -0,0 +1,160 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policySetDefinitionName": "CostManagement", + "api-version": "2025-03-01", + "parameters": { + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "parameters": { + "namePrefix": { + "type": "String", + "defaultValue": "myPrefix", + "metadata": { + "displayName": "Prefix to enforce on resource names" + } + } + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "[parameters('namePrefix')]" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "CostManagement", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "parameters": { + "namePrefix": { + "type": "String", + "defaultValue": "myPrefix", + "metadata": { + "displayName": "Prefix to enforce on resource names" + } + } + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "[parameters('namePrefix')]" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + }, + "200": { + "headers": {}, + "body": { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "CostManagement", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "parameters": { + "namePrefix": { + "type": "String", + "defaultValue": "myPrefix", + "metadata": { + "displayName": "Prefix to enforce on resource names" + } + } + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "[parameters('namePrefix')]" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..4127fe0bb59e --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionAtManagementGroup.json @@ -0,0 +1,135 @@ +{ + "parameters": { + "managementGroupId": "MyManagementGroup", + "policySetDefinitionName": "CostManagement", + "api-version": "2025-03-01", + "parameters": { + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "CostManagement", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + }, + "200": { + "headers": {}, + "body": { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "CostManagement", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionVersion.json new file mode 100644 index 000000000000..0a5b284e5a73 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionVersion.json @@ -0,0 +1,161 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policySetDefinitionName": "CostManagement", + "policyDefinitionVersion": "1.2.1", + "api-version": "2025-03-01", + "parameters": { + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "parameters": { + "namePrefix": { + "type": "String", + "defaultValue": "myPrefix", + "metadata": { + "displayName": "Prefix to enforce on resource names" + } + } + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "[parameters('namePrefix')]" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "name": "1.2.1", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "parameters": { + "namePrefix": { + "type": "String", + "defaultValue": "myPrefix", + "metadata": { + "displayName": "Prefix to enforce on resource names" + } + } + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "[parameters('namePrefix')]" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + }, + "200": { + "headers": {}, + "body": { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "name": "1.2.1", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "parameters": { + "namePrefix": { + "type": "String", + "defaultValue": "myPrefix", + "metadata": { + "displayName": "Prefix to enforce on resource names" + } + } + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "[parameters('namePrefix')]" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionVersionAtManagementGroup.json new file mode 100644 index 000000000000..8acf8598ccec --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionVersionAtManagementGroup.json @@ -0,0 +1,133 @@ +{ + "parameters": { + "managementGroupName": "MyManagementGroup", + "policySetDefinitionName": "CostManagement", + "policyDefinitionVersion": "1.2.1", + "api-version": "2025-03-01", + "parameters": { + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "name": "1.2.1", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + }, + "200": { + "headers": {}, + "body": { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "CostManagement", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionWithGroups.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionWithGroups.json new file mode 100644 index 000000000000..fd6f4b9e25d9 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionWithGroups.json @@ -0,0 +1,196 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policySetDefinitionName": "CostManagement", + "api-version": "2025-03-01", + "parameters": { + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "displayName": "Cost Management Policies", + "description": "Policies designed to control spend within a subscription." + }, + { + "name": "Organizational", + "displayName": "Organizational Policies", + "description": "Policies that help enforce resource organization standards within a subscription." + } + ], + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "CostManagement", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "displayName": "Cost Management Policies", + "description": "Policies designed to control spend within a subscription." + }, + { + "name": "Organizational", + "displayName": "Organizational Policies", + "description": "Policies that help enforce resource organization standards within a subscription." + } + ], + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + }, + "200": { + "headers": {}, + "body": { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "CostManagement", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "displayName": "Cost Management Policies", + "description": "Policies designed to control spend within a subscription." + }, + { + "name": "Organizational", + "displayName": "Organizational Policies", + "description": "Policies that help enforce resource organization standards within a subscription." + } + ], + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionWithGroupsAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionWithGroupsAtManagementGroup.json new file mode 100644 index 000000000000..529e8355de04 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionWithGroupsAtManagementGroup.json @@ -0,0 +1,194 @@ +{ + "parameters": { + "managementGroupId": "MyManagementGroup", + "policySetDefinitionName": "CostManagement", + "api-version": "2025-03-01", + "parameters": { + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "displayName": "Cost Management Policies", + "description": "Policies designed to control spend within a subscription." + }, + { + "name": "Organizational", + "displayName": "Organizational Policies", + "description": "Policies that help enforce resource organization standards within a subscription." + } + ], + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "CostManagement", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "displayName": "Cost Management Policies", + "description": "Policies designed to control spend within a subscription." + }, + { + "name": "Organizational", + "displayName": "Organizational Policies", + "description": "Policies that help enforce resource organization standards within a subscription." + } + ], + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + }, + "200": { + "headers": {}, + "body": { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "CostManagement", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "displayName": "Cost Management Policies", + "description": "Policies designed to control spend within a subscription." + }, + { + "name": "Organizational", + "displayName": "Organizational Policies", + "description": "Policies that help enforce resource organization standards within a subscription." + } + ], + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignment.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignment.json new file mode 100644 index 000000000000..9df240827893 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignment.json @@ -0,0 +1,66 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2025-03-01", + "parameters": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "nonComplianceMessages": [ + { + "message": "Resource names must start with 'DeptA' and end with '-LC'." + } + ] + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "nonComplianceMessages": [ + { + "message": "Resource names must start with 'DeptA' and end with '-LC'." + } + ], + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentById.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentById.json new file mode 100644 index 000000000000..3361bfde7462 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentById.json @@ -0,0 +1,56 @@ +{ + "parameters": { + "policyAssignmentId": "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "api-version": "2025-03-01", + "parameters": { + "properties": { + "displayName": "Enforce storage account SKU", + "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", + "metadata": { + "assignedBy": "Cheapskate Boss" + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "enforcementMode": "Default" + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce storage account SKU", + "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", + "metadata": { + "assignedBy": "Cheapskate Boss" + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "notScopes": [], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "enforcementMode": "Default", + "instanceId": "b7e0f8a9-1c2d-4e3f-8b4c-5d6e7f8a9b0c" + }, + "id": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "type": "Microsoft.Authorization/policyAssignments", + "name": "LowCostStorage" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentNonComplianceMessages.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentNonComplianceMessages.json new file mode 100644 index 000000000000..f31383871d17 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentNonComplianceMessages.json @@ -0,0 +1,61 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "securityInitAssignment", + "api-version": "2025-03-01", + "parameters": { + "properties": { + "displayName": "Enforce security policies", + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative", + "nonComplianceMessages": [ + { + "message": "Resources must comply with all internal security policies. See for more info." + }, + { + "message": "Resource names must start with 'DeptA' and end with '-LC'.", + "policyDefinitionReferenceId": "10420126870854049575" + }, + { + "message": "Storage accounts must have firewall rules configured.", + "policyDefinitionReferenceId": "8572513655450389710" + } + ] + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce security policies", + "metadata": { + "assignedBy": "User 1" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative", + "definitionVersion": "1.*.*", + "notScopes": [], + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "nonComplianceMessages": [ + { + "message": "Resources must comply with all internal security policies. See for more info." + }, + { + "message": "Resource names must start with 'DeptA' and end with '-LC'.", + "policyDefinitionReferenceId": "10420126870854049575" + }, + { + "message": "Storage accounts must have firewall rules configured.", + "policyDefinitionReferenceId": "8572513655450389710" + } + ], + "instanceId": "b7e0f8a9-1c2d-4e3f-8b4c-5d6e7f8a9b0c" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/securityInitAssignment", + "type": "Microsoft.Authorization/policyAssignments", + "name": "securityInitAssignment" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentWithEnrollEnforcement.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentWithEnrollEnforcement.json new file mode 100644 index 000000000000..12743358049d --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentWithEnrollEnforcement.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNamingEnroll", + "api-version": "2025-03-01", + "parameters": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Enroll" + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Enroll", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "instanceId": "f2b3c4d5-e6f7-8a9b-0c1d-2e3f4a5b6c7d" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNamingEnroll", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNamingEnroll" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentWithIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentWithIdentity.json new file mode 100644 index 000000000000..68286fd11f2a --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentWithIdentity.json @@ -0,0 +1,67 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2025-03-01", + "parameters": { + "location": "eastus", + "identity": { + "type": "SystemAssigned" + }, + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Foo Bar" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default" + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b" + }, + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "eastus", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentWithIdentityById.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentWithIdentityById.json new file mode 100644 index 000000000000..bd92a4bdcbcc --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentWithIdentityById.json @@ -0,0 +1,66 @@ +{ + "parameters": { + "policyAssignmentId": "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "api-version": "2025-03-01", + "parameters": { + "identity": { + "type": "SystemAssigned" + }, + "location": "eastus", + "properties": { + "displayName": "Enforce storage account SKU", + "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", + "metadata": { + "assignedBy": "Cheapskate Boss" + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "enforcementMode": "Default" + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce storage account SKU", + "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", + "metadata": { + "assignedBy": "Cheapskate Boss" + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "notScopes": [], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "enforcementMode": "Default", + "instanceId": "b7e0f8a9-1c2d-4e3f-8b4c-5d6e7f8a9b0c" + }, + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "eastus", + "id": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "type": "Microsoft.Authorization/policyAssignments", + "name": "LowCostStorage" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentWithOverrides.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentWithOverrides.json new file mode 100644 index 000000000000..93b4de1a4387 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentWithOverrides.json @@ -0,0 +1,84 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "CostManagement", + "api-version": "2025-03-01", + "parameters": { + "properties": { + "displayName": "Limit the resource location and resource SKU", + "description": "Limit the resource location and resource SKU", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "definitionVersion": "1.*.*", + "overrides": [ + { + "kind": "policyEffect", + "value": "Audit", + "selectors": [ + { + "kind": "policyDefinitionReferenceId", + "in": [ + "Limit_Skus", + "Limit_Locations" + ] + } + ] + }, + { + "kind": "definitionVersion", + "value": "2.*.*", + "selectors": [ + { + "kind": "resourceLocation", + "in": [ + "eastUSEuap", + "centralUSEuap" + ] + } + ] + } + ] + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "displayName": "Limit the resource location and resource SKU", + "description": "Limit the resource location and resource SKU", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "definitionVersion": "1.*.*", + "notScopes": [], + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "overrides": [ + { + "kind": "policyEffect", + "value": "Audit", + "selectors": [ + { + "kind": "policyDefinitionReferenceId", + "in": [ + "Limit_Skus", + "Limit_Locations" + ] + } + ] + } + ], + "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "CostManagement" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentWithResourceSelectors.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentWithResourceSelectors.json new file mode 100644 index 000000000000..30625c8405d4 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentWithResourceSelectors.json @@ -0,0 +1,68 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "CostManagement", + "api-version": "2025-03-01", + "parameters": { + "properties": { + "displayName": "Limit the resource location and resource SKU", + "description": "Limit the resource location and resource SKU", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "kind": "resourceLocation", + "in": [ + "eastus2euap", + "centraluseuap" + ] + } + ] + } + ] + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "displayName": "Limit the resource location and resource SKU", + "description": "Limit the resource location and resource SKU", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "definitionVersion": "1.*.*", + "notScopes": [], + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "kind": "resourceLocation", + "in": [ + "eastus2euap", + "centraluseuap" + ] + } + ] + } + ], + "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "CostManagement" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentWithUserAssignedIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentWithUserAssignedIdentity.json new file mode 100644 index 000000000000..eb03da7619e8 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentWithUserAssignedIdentity.json @@ -0,0 +1,74 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2025-03-01", + "parameters": { + "location": "eastus", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": {} + } + }, + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Foo Bar" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default" + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b" + }, + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": { + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "clientId": "4bee2b8a-1bee-47c2-90e9-404241551135" + } + } + }, + "location": "eastus", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentWithoutEnforcement.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentWithoutEnforcement.json new file mode 100644 index 000000000000..8a9d3d0c5137 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/createPolicyAssignmentWithoutEnforcement.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2025-03-01", + "parameters": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "DoNotEnforce" + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "DoNotEnforce", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicyAssignment.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicyAssignment.json new file mode 100644 index 000000000000..28849c27c25f --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicyAssignment.json @@ -0,0 +1,40 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + }, + "204": { + "headers": {} + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicyAssignmentById.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicyAssignmentById.json new file mode 100644 index 000000000000..19f9b62b7b22 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicyAssignmentById.json @@ -0,0 +1,38 @@ +{ + "parameters": { + "policyAssignmentId": "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce storage account SKU", + "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", + "metadata": { + "assignedBy": "Cheapskate Boss" + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "notScopes": [], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "instanceId": "b7e0f8a9-1c2d-4e3f-8b4c-5d6e7f8a9b0c" + }, + "id": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "type": "Microsoft.Authorization/policyAssignments", + "name": "LowCostStorage" + } + }, + "204": { + "headers": {} + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicyDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicyDefinition.json new file mode 100644 index 000000000000..840f916a951e --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicyDefinition.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyDefinitionName": "ResourceNaming", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicyDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicyDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..b80dd773ec0d --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicyDefinitionAtManagementGroup.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "managementGroupId": "MyManagementGroup", + "policyDefinitionName": "ResourceNaming", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicyDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicyDefinitionVersion.json new file mode 100644 index 000000000000..0f654df7e16d --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicyDefinitionVersion.json @@ -0,0 +1,16 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyDefinitionName": "ResourceNaming", + "policyDefinitionVersion": "1.2.1", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicyDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicyDefinitionVersionAtManagementGroup.json new file mode 100644 index 000000000000..3209fd673fec --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicyDefinitionVersionAtManagementGroup.json @@ -0,0 +1,16 @@ +{ + "parameters": { + "managementGroupName": "MyManagementGroup", + "policyDefinitionName": "ResourceNaming", + "policyDefinitionVersion": "1.2.1", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicySetDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicySetDefinition.json new file mode 100644 index 000000000000..a69af9a5d9cc --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicySetDefinition.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policySetDefinitionName": "CostManagement", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicySetDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicySetDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..4e6b5a0e1a3b --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicySetDefinitionAtManagementGroup.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "managementGroupId": "MyManagementGroup", + "policySetDefinitionName": "CostManagement", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicySetDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicySetDefinitionVersion.json new file mode 100644 index 000000000000..9c5b2f3db5bf --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicySetDefinitionVersion.json @@ -0,0 +1,16 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policySetDefinitionName": "CostManagement", + "policyDefinitionVersion": "1.2.1", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicySetDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicySetDefinitionVersionAtManagementGroup.json new file mode 100644 index 000000000000..d3cfdea83687 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/deletePolicySetDefinitionVersionAtManagementGroup.json @@ -0,0 +1,16 @@ +{ + "parameters": { + "managementGroupName": "MyManagementGroup", + "policySetDefinitionName": "CostManagement", + "policyDefinitionVersion": "1.2.1", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getBuiltInPolicySetDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getBuiltInPolicySetDefinition.json new file mode 100644 index 000000000000..d47320962b32 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getBuiltInPolicySetDefinition.json @@ -0,0 +1,82 @@ +{ + "parameters": { + "policySetDefinitionName": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "policyType": "BuiltIn", + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "metadata": { + "category": "Security Center" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "parameters": {}, + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId1" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId2" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId3" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId4" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId5" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId6" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId7" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId8" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId9" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId10" + } + ] + }, + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getBuiltInPolicySetDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getBuiltInPolicySetDefinitionVersion.json new file mode 100644 index 000000000000..703092a8f55b --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getBuiltInPolicySetDefinitionVersion.json @@ -0,0 +1,79 @@ +{ + "parameters": { + "policySetDefinitionName": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "policyDefinitionVersion": "1.2.1", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "policyType": "BuiltIn", + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "metadata": { + "category": "Security Center" + }, + "version": "1.2.1", + "parameters": {}, + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId1" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId2" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId3" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId4" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId5" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId6" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId7" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId8" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId9" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId10" + } + ] + }, + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8/versions/1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "name": "1.2.1" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getBuiltinPolicyDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getBuiltinPolicyDefinition.json new file mode 100644 index 000000000000..54655f98071c --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getBuiltinPolicyDefinition.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyDefinitionName": "7433c107-6db4-4ad1-b57a-a76dce0154a1", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "mode": "All", + "displayName": "Allowed storage account SKUs", + "policyType": "BuiltIn", + "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.", + "parameters": { + "listOfAllowedSKUs": { + "type": "Array", + "metadata": { + "description": "The list of SKUs that can be specified for storage accounts.", + "displayName": "Allowed SKUs", + "strongType": "StorageSKUs" + } + } + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyRule": { + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Storage/storageAccounts" + }, + { + "not": { + "field": "Microsoft.Storage/storageAccounts/sku.name", + "in": "[parameters('listOfAllowedSKUs')]" + } + } + ] + }, + "then": { + "effect": "Deny" + } + } + }, + "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getBuiltinPolicyDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getBuiltinPolicyDefinitionVersion.json new file mode 100644 index 000000000000..000131b68354 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getBuiltinPolicyDefinitionVersion.json @@ -0,0 +1,54 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyDefinitionName": "7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionVersion": "1.2.1", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "mode": "All", + "displayName": "Allowed storage account SKUs", + "policyType": "BuiltIn", + "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.", + "parameters": { + "listOfAllowedSKUs": { + "type": "Array", + "metadata": { + "description": "The list of SKUs that can be specified for storage accounts.", + "displayName": "Allowed SKUs", + "strongType": "StorageSKUs" + } + } + }, + "version": "1.2.1", + "policyRule": { + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Storage/storageAccounts" + }, + { + "not": { + "field": "Microsoft.Storage/storageAccounts/sku.name", + "in": "[parameters('listOfAllowedSKUs')]" + } + } + ] + }, + "then": { + "effect": "Deny" + } + } + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1/versions/1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "name": "1.2.1" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyAssignment.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyAssignment.json new file mode 100644 index 000000000000..b13348bfbe4c --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyAssignment.json @@ -0,0 +1,38 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyAssignmentById.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyAssignmentById.json new file mode 100644 index 000000000000..5154ca518827 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyAssignmentById.json @@ -0,0 +1,36 @@ +{ + "parameters": { + "policyAssignmentId": "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce storage account SKU", + "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", + "metadata": { + "assignedBy": "Cheapskate Boss" + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "notScopes": [], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "enforcementMode": "Default", + "instanceId": "b7e0f8a9-1c2d-4e3f-8b4c-5d6e7f8a9b0c" + }, + "id": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "type": "Microsoft.Authorization/policyAssignments", + "name": "LowCostStorage" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyAssignmentWithIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyAssignmentWithIdentity.json new file mode 100644 index 000000000000..62bcd6d8a09d --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyAssignmentWithIdentity.json @@ -0,0 +1,44 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b" + }, + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "westus", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyAssignmentWithIdentityById.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyAssignmentWithIdentityById.json new file mode 100644 index 000000000000..223537177b4f --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyAssignmentWithIdentityById.json @@ -0,0 +1,42 @@ +{ + "parameters": { + "policyAssignmentId": "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce storage account SKU", + "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", + "metadata": { + "assignedBy": "Cheapskate Boss" + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "notScopes": [], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "enforcementMode": "Default", + "instanceId": "b7e0f8a9-1c2d-4e3f-8b4c-5d6e7f8a9b0c" + }, + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "westus", + "id": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "type": "Microsoft.Authorization/policyAssignments", + "name": "LowCostStorage" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyAssignmentWithOverrides.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyAssignmentWithOverrides.json new file mode 100644 index 000000000000..d420f53da7cd --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyAssignmentWithOverrides.json @@ -0,0 +1,45 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "CostManagement", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Limit the resource location and resource SKU", + "description": "Limit the resource location and resource SKU", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "definitionVersion": "1.*.*", + "notScopes": [], + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "overrides": [ + { + "kind": "policyEffect", + "value": "Audit", + "selectors": [ + { + "kind": "policyDefinitionReferenceId", + "in": [ + "Limit_Skus", + "Limit_Locations" + ] + } + ] + } + ], + "instanceId": "d2f3a4b5-c6d7-8e9f-0a1b-2c3d4e5f6a7b" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "CostManagement" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyAssignmentWithResourceSelectors.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyAssignmentWithResourceSelectors.json new file mode 100644 index 000000000000..566863608c02 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyAssignmentWithResourceSelectors.json @@ -0,0 +1,44 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "CostManagement", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Limit the resource location and resource SKU", + "description": "Limit the resource location and resource SKU", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "definitionVersion": "1.*.*", + "notScopes": [], + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "kind": "resourceLocation", + "in": [ + "eastus2euap", + "centraluseuap" + ] + } + ] + } + ], + "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "CostManagement" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyAssignmentWithUserAssignedIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyAssignmentWithUserAssignedIdentity.json new file mode 100644 index 000000000000..e5b0add8f919 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyAssignmentWithUserAssignedIdentity.json @@ -0,0 +1,48 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b" + }, + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": { + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "clientId": "4bee2b8a-1bee-47c2-90e9-404241551135" + } + } + }, + "location": "westus", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyDefinition.json new file mode 100644 index 000000000000..d788bd2519a1 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyDefinition.json @@ -0,0 +1,58 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyDefinitionName": "ResourceNaming", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "ResourceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..04176da89e1a --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyDefinitionAtManagementGroup.json @@ -0,0 +1,58 @@ +{ + "parameters": { + "managementGroupId": "MyManagementGroup", + "policyDefinitionName": "ResourceNaming", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "ResourceNaming", + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyDefinitionVersion.json new file mode 100644 index 000000000000..7cdc4bdf4a82 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyDefinitionVersion.json @@ -0,0 +1,55 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyDefinitionName": "ResourceNaming", + "policyDefinitionVersion": "1.2.1", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "version": "1.2.1", + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "name": "1.2.1" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyDefinitionVersionAtManagementGroup.json new file mode 100644 index 000000000000..0766eddc08ec --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicyDefinitionVersionAtManagementGroup.json @@ -0,0 +1,55 @@ +{ + "parameters": { + "managementGroupName": "MyManagementGroup", + "policyDefinitionName": "ResourceNaming", + "policyDefinitionVersion": "1.2.1", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "name": "1.2.1", + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "version": "1.2.1", + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicySetDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicySetDefinition.json new file mode 100644 index 000000000000..b484c4817f88 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicySetDefinition.json @@ -0,0 +1,75 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policySetDefinitionName": "CostManagement", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "CostManagement", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "displayName": "Cost Management Policies", + "description": "Policies designed to control spend within a subscription." + }, + { + "name": "Organizational", + "displayName": "Organizational Policies", + "description": "Policies that help enforce resource organization standards within a subscription." + } + ], + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicySetDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicySetDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..e5833e082973 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicySetDefinitionAtManagementGroup.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "managementGroupId": "MyManagementGroup", + "policySetDefinitionName": "CostManagement", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "CostManagement", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicySetDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicySetDefinitionVersion.json new file mode 100644 index 000000000000..b7f664242381 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicySetDefinitionVersion.json @@ -0,0 +1,72 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policySetDefinitionName": "CostManagement", + "policyDefinitionVersion": "1.2.1", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "name": "1.2.1", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "displayName": "Cost Management Policies", + "description": "Policies designed to control spend within a subscription." + }, + { + "name": "Organizational", + "displayName": "Organizational Policies", + "description": "Policies that help enforce resource organization standards within a subscription." + } + ], + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicySetDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicySetDefinitionVersionAtManagementGroup.json new file mode 100644 index 000000000000..0af50c6a463d --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/getPolicySetDefinitionVersionAtManagementGroup.json @@ -0,0 +1,54 @@ +{ + "parameters": { + "managementGroupName": "MyManagementGroup", + "policySetDefinitionName": "CostManagement", + "policyDefinitionVersion": "1.2.1", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "name": "1.2.1", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listAllBuiltInPolicyDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listAllBuiltInPolicyDefinitionVersions.json new file mode 100644 index 000000000000..59e20cf76f02 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listAllBuiltInPolicyDefinitionVersions.json @@ -0,0 +1,105 @@ +{ + "parameters": { + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "mode": "All", + "displayName": "Audit SQL DB Level Audit Setting", + "policyType": "BuiltIn", + "description": "Audit DB level audit setting for SQL databases", + "parameters": { + "setting": { + "type": "String", + "metadata": { + "displayName": "Audit Setting" + }, + "allowedValues": [ + "enabled", + "disabled" + ] + } + }, + "version": "1.2.1", + "policyRule": { + "if": { + "field": "type", + "equals": "Microsoft.Sql/servers/databases" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "name": "default", + "existenceCondition": { + "allOf": [ + { + "field": "Microsoft.Sql/auditingSettings.state", + "equals": "[parameters('setting')]" + } + ] + } + } + } + } + }, + "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12/versions/1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "name": "1.2.1" + }, + { + "properties": { + "mode": "All", + "displayName": "Audit SQL DB Level Audit Setting", + "policyType": "BuiltIn", + "description": "Audit DB level audit setting for SQL databases", + "parameters": { + "setting": { + "type": "String", + "metadata": { + "displayName": "Audit Setting" + }, + "allowedValues": [ + "enabled", + "disabled", + "default" + ] + } + }, + "version": "1.0.0", + "policyRule": { + "if": { + "field": "type", + "equals": "Microsoft.Sql/servers/databases" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "name": "default", + "existenceCondition": { + "allOf": [ + { + "field": "Microsoft.Sql/auditingSettings.state", + "equals": "[parameters('setting')]" + } + ] + } + } + } + } + }, + "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12/versions/1.0.0", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "name": "1.0.0" + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listAllBuiltInPolicySetDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listAllBuiltInPolicySetDefinitionVersions.json new file mode 100644 index 000000000000..fa58704e81c1 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listAllBuiltInPolicySetDefinitionVersions.json @@ -0,0 +1,81 @@ +{ + "parameters": { + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "policyType": "BuiltIn", + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "metadata": { + "category": "Security Center" + }, + "version": "1.2.1", + "parameters": {}, + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId1" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId2" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId3" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId4" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId5" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId6" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId7" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId8" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId9" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId10" + } + ] + }, + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8/versions/1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "name": "1.2.1" + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listAllPolicyDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listAllPolicyDefinitionVersions.json new file mode 100644 index 000000000000..fa26db1913a8 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listAllPolicyDefinitionVersions.json @@ -0,0 +1,99 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "version": "1.2.1", + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "name": "1.2.1" + }, + { + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "version": "1.0.0", + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '-*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/versions/1.0.0", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "1.0.0" + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listAllPolicyDefinitionVersionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listAllPolicyDefinitionVersionsByManagementGroup.json new file mode 100644 index 000000000000..b90f835faf7f --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listAllPolicyDefinitionVersionsByManagementGroup.json @@ -0,0 +1,99 @@ +{ + "parameters": { + "managementGroupName": "MyManagementGroup", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "name": "1.2.1", + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "version": "1.2.1", + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + } + }, + { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.0.0", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "name": "1.0.0", + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "version": "1.2.1", + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '-*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listAllPolicySetDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listAllPolicySetDefinitionVersions.json new file mode 100644 index 000000000000..b6e838b5d50a --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listAllPolicySetDefinitionVersions.json @@ -0,0 +1,56 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "name": "1.2.1", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listAllPolicySetDefinitionVersionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listAllPolicySetDefinitionVersionsByManagementGroup.json new file mode 100644 index 000000000000..d4dac0e763e9 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listAllPolicySetDefinitionVersionsByManagementGroup.json @@ -0,0 +1,123 @@ +{ + "parameters": { + "managementGroupName": "MyManagementGroup", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "policyType": "BuiltIn", + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "metadata": { + "category": "Security Center" + }, + "version": "1.2.1", + "parameters": {}, + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId1" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId2" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId3" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId4" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId5" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId6" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId7" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId8" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId9" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId10" + } + ] + }, + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8/versoins/1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "name": "1.2.1" + }, + { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "name": "1.2.1", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listBuiltInPolicyDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listBuiltInPolicyDefinitionVersions.json new file mode 100644 index 000000000000..3578b8146312 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listBuiltInPolicyDefinitionVersions.json @@ -0,0 +1,106 @@ +{ + "parameters": { + "policyDefinitionName": "06a78e20-9358-41c9-923c-fb736d382a12", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "mode": "All", + "displayName": "Audit SQL DB Level Audit Setting", + "policyType": "BuiltIn", + "description": "Audit DB level audit setting for SQL databases", + "parameters": { + "setting": { + "type": "String", + "metadata": { + "displayName": "Audit Setting" + }, + "allowedValues": [ + "enabled", + "disabled" + ] + } + }, + "version": "1.2.1", + "policyRule": { + "if": { + "field": "type", + "equals": "Microsoft.Sql/servers/databases" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "name": "default", + "existenceCondition": { + "allOf": [ + { + "field": "Microsoft.Sql/auditingSettings.state", + "equals": "[parameters('setting')]" + } + ] + } + } + } + } + }, + "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12/versions/1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "name": "1.2.1" + }, + { + "properties": { + "mode": "All", + "displayName": "Audit SQL DB Level Audit Setting", + "policyType": "BuiltIn", + "description": "Audit DB level audit setting for SQL databases", + "parameters": { + "setting": { + "type": "String", + "metadata": { + "displayName": "Audit Setting" + }, + "allowedValues": [ + "enabled", + "disabled", + "default" + ] + } + }, + "version": "1.0.0", + "policyRule": { + "if": { + "field": "type", + "equals": "Microsoft.Sql/servers/databases" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "name": "default", + "existenceCondition": { + "allOf": [ + { + "field": "Microsoft.Sql/auditingSettings.state", + "equals": "[parameters('setting')]" + } + ] + } + } + } + } + }, + "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12/versions/1.0.0", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "name": "1.0.0" + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listBuiltInPolicyDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listBuiltInPolicyDefinitions.json new file mode 100644 index 000000000000..cbd5ec9a6c53 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listBuiltInPolicyDefinitions.json @@ -0,0 +1,145 @@ +{ + "parameters": { + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "mode": "All", + "displayName": "Audit SQL DB Level Audit Setting", + "policyType": "BuiltIn", + "description": "Audit DB level audit setting for SQL databases", + "parameters": { + "setting": { + "type": "String", + "metadata": { + "displayName": "Audit Setting" + }, + "allowedValues": [ + "enabled", + "disabled" + ] + } + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyRule": { + "if": { + "field": "type", + "equals": "Microsoft.Sql/servers/databases" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "name": "default", + "existenceCondition": { + "allOf": [ + { + "field": "Microsoft.Sql/auditingSettings.state", + "equals": "[parameters('setting')]" + } + ] + } + } + } + } + }, + "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "06a78e20-9358-41c9-923c-fb736d382a12" + }, + { + "properties": { + "mode": "All", + "displayName": "Allowed storage account SKUs", + "policyType": "Static", + "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.", + "parameters": { + "listOfAllowedSKUs": { + "type": "Array", + "metadata": { + "description": "The list of SKUs that can be specified for storage accounts.", + "displayName": "Allowed SKUs", + "strongType": "StorageSKUs" + } + } + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyRule": { + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Storage/storageAccounts" + }, + { + "not": { + "field": "Microsoft.Storage/storageAccounts/sku.name", + "in": "[parameters('listOfAllowedSKUs')]" + } + } + ] + }, + "then": { + "effect": "Deny" + } + } + }, + "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1" + }, + { + "properties": { + "mode": "Microsoft.KeyVault.Data", + "displayName": "Audit KeyVault certificates that expire within specified number of days", + "policyType": "BuiltIn", + "description": "Audit certificates that are stored in Azure Key Vault, that expire within 'X' number of days.", + "metadata": { + "category": "KeyVault DataPlane" + }, + "parameters": { + "daysToExpire": { + "type": "Integer", + "metadata": { + "displayName": "Days to expire", + "description": "The number of days for a certificate to expire." + } + } + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyRule": { + "if": { + "field": "Microsoft.KeyVault.Data/vaults/certificates/attributes/expiresOn", + "lessOrEquals": "[addDays(utcNow(), parameters('daysToExpire'))]" + }, + "then": { + "effect": "audit" + } + } + }, + "id": "/providers/Microsoft.Authorization/policyDefinitions/abeed54a-73c5-441d-8a8c-6b5e7a0c299e", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "abeed54a-73c5-441d-8a8c-6b5e7a0c299e" + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listBuiltInPolicySetDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listBuiltInPolicySetDefinitionVersions.json new file mode 100644 index 000000000000..71616e96bc4a --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listBuiltInPolicySetDefinitionVersions.json @@ -0,0 +1,82 @@ +{ + "parameters": { + "policySetDefinitionName": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "policyType": "BuiltIn", + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "metadata": { + "category": "Security Center" + }, + "version": "1.2.1", + "parameters": {}, + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId1" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId2" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId3" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId4" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId5" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId6" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId7" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId8" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId9" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId10" + } + ] + }, + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8/versions/1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "name": "1.2.1" + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listBuiltInPolicySetDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listBuiltInPolicySetDefinitions.json new file mode 100644 index 000000000000..f237429c3d84 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listBuiltInPolicySetDefinitions.json @@ -0,0 +1,85 @@ +{ + "parameters": { + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "policyType": "BuiltIn", + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "metadata": { + "category": "Security Center" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "parameters": {}, + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId1" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId2" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId3" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId4" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId5" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId6" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId7" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId8" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId9" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId10" + } + ] + }, + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicyAssignments.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicyAssignments.json new file mode 100644 index 000000000000..92062c71726d --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicyAssignments.json @@ -0,0 +1,63 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2025-03-01", + "$filter": "atScope()", + "$expand": "LatestDefinitionVersion, EffectiveDefinitionVersion" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "CostManagement", + "location": "eastus", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "properties": { + "displayName": "Storage Cost Management", + "description": "Minimize the risk of accidental cost overruns", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/storageSkus", + "definitionVersion": "1.*.*", + "latestDefinitionVersion": "1.0.0", + "effectiveDefinitionVersion": "1.0.0", + "parameters": { + "allowedSkus": { + "value": "Standard_A1" + } + }, + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "notScopes": [], + "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e" + } + }, + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/TagEnforcement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TagEnforcement", + "properties": { + "displayName": "Enforces a tag key and value", + "description": "Ensure a given tag key and value are present on all resources", + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue", + "definitionVersion": "1.*.*", + "latestDefinitionVersion": "1.0.0", + "effectiveDefinitionVersion": "1.0.0", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "notScopes": [], + "instanceId": "b6d7e8f9-a0b1-2c3d-4e5f-6a7b8c9d0e1f" + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicyAssignmentsForManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicyAssignmentsForManagementGroup.json new file mode 100644 index 000000000000..0806c968fed0 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicyAssignmentsForManagementGroup.json @@ -0,0 +1,63 @@ +{ + "parameters": { + "managementGroupId": "TestManagementGroup", + "api-version": "2025-03-01", + "$filter": "atScope()", + "$expand": "LatestDefinitionVersion, EffectiveDefinitionVersion" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/providers/Microsoft.Management/managementGroups/TestManagementGroup/providers/Microsoft.Authorization/policyAssignments/TestCostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TestCostManagement", + "location": "eastus", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "properties": { + "displayName": "Storage Cost Management", + "description": "Minimize the risk of accidental cost overruns", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/TestManagementGroup/providers/Microsoft.Authorization/policyDefinitions/storageSkus", + "definitionVersion": "1.*.*", + "latestDefinitionVersion": "1.0.0", + "effectiveDefinitionVersion": "1.0.0", + "parameters": { + "allowedSkus": { + "value": "Standard_A1" + } + }, + "scope": "/providers/Microsoft.Management/managementGroups/TestManagementGroup", + "notScopes": [], + "instanceId": "c7e8f9a0-b1c2-3d4e-5f6a-7b8c9d0e1f2a" + } + }, + { + "id": "/providers/Microsoft.Management/managementGroups/TestManagementGroup/providers/Microsoft.Authorization/policyAssignments/TestTagEnforcement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TestTagEnforcement", + "properties": { + "displayName": "Enforces a tag key and value", + "description": "Ensure a given tag key and value are present on all resources", + "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/TestManagementGroup/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue", + "definitionVersion": "1.*.*", + "latestDefinitionVersion": "1.0.0", + "effectiveDefinitionVersion": "1.0.0", + "scope": "/providers/Microsoft.Management/managementGroups/TestManagementGroup", + "notScopes": [], + "instanceId": "d8f9a0b1-c2d3-4e5f-6a7b-8c9d0e1f2a3b" + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicyAssignmentsForResource.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicyAssignmentsForResource.json new file mode 100644 index 000000000000..85d210c3d825 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicyAssignmentsForResource.json @@ -0,0 +1,62 @@ +{ + "parameters": { + "resourceGroupName": "TestResourceGroup", + "resourceProviderNamespace": "Microsoft.Compute", + "parentResourcePath": "virtualMachines/MyTestVm", + "resourceType": "domainNames", + "resourceName": "MyTestComputer.cloudapp.net", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestCostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TestCostManagement", + "location": "eastus", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "properties": { + "displayName": "VM Cost Management", + "description": "Minimize the risk of accidental cost overruns", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/vmSkus", + "definitionVersion": "1.*.*", + "parameters": { + "allowedSkus": { + "value": "Standard_A1" + } + }, + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup", + "notScopes": [], + "instanceId": "e9a0b1c2-d3e4-5f6a-7b8c-9d0e1f2a3b4c" + } + }, + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestTagEnforcement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TestTagEnforcement", + "properties": { + "displayName": "Enforces a tag key and value", + "description": "Ensure a given tag key and value are present on all resources", + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue", + "definitionVersion": "1.*.*", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup", + "notScopes": [], + "instanceId": "f0b1c2d3-e4f5-6a7b-8c9d-0e1f2a3b4c5d" + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicyAssignmentsForResourceGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicyAssignmentsForResourceGroup.json new file mode 100644 index 000000000000..76ad72cea4b6 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicyAssignmentsForResourceGroup.json @@ -0,0 +1,64 @@ +{ + "parameters": { + "resourceGroupName": "TestResourceGroup", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2025-03-01", + "$filter": "atScope()", + "$expand": "LatestDefinitionVersion, EffectiveDefinitionVersion" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestCostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TestCostManagement", + "location": "eastus", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "properties": { + "displayName": "Storage Cost Management", + "description": "Minimize the risk of accidental cost overruns", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/storageSkus", + "definitionVersion": "1.*.*", + "latestDefinitionVersion": "1.0.0", + "effectiveDefinitionVersion": "1.0.0", + "parameters": { + "allowedSkus": { + "value": "Standard_A1" + } + }, + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup", + "notScopes": [], + "instanceId": "a1b2c3d4-e5f6-7a8b-9c0d-1e2f3a4b5c6d" + } + }, + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestTagEnforcement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TestTagEnforcement", + "properties": { + "displayName": "Enforces a tag key and value", + "description": "Ensure a given tag key and value are present on all resources", + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue", + "definitionVersion": "1.*.*", + "latestDefinitionVersion": "1.0.0", + "effectiveDefinitionVersion": "1.0.0", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup", + "notScopes": [], + "instanceId": "f0b1c2d3-e4f5-6a7b-8c9d-0e1f2a3b4c5d" + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicyDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicyDefinitionVersions.json new file mode 100644 index 000000000000..bb2a72539039 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicyDefinitionVersions.json @@ -0,0 +1,100 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyDefinitionName": "ResourceNaming", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "version": "1.2.1", + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "name": "1.2.1" + }, + { + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "version": "1.0.0", + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '-*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/versions/1.0.0", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "1.0.0" + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicyDefinitionVersionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicyDefinitionVersionsByManagementGroup.json new file mode 100644 index 000000000000..e38ade5e719c --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicyDefinitionVersionsByManagementGroup.json @@ -0,0 +1,100 @@ +{ + "parameters": { + "managementGroupName": "MyManagementGroup", + "policyDefinitionName": "ResourceNaming", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "name": "1.2.1", + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "version": "1.2.1", + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + } + }, + { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.0.0", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "name": "1.0.0", + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "version": "1.2.1", + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '-*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicyDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicyDefinitions.json new file mode 100644 index 000000000000..0300c5692247 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicyDefinitions.json @@ -0,0 +1,143 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "mode": "All", + "displayName": "Allowed storage account SKUs", + "policyType": "BuiltIn", + "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.", + "parameters": { + "listOfAllowedSKUs": { + "type": "Array", + "metadata": { + "description": "The list of SKUs that can be specified for storage accounts.", + "displayName": "Allowed SKUs", + "strongType": "StorageSKUs" + } + } + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyRule": { + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Storage/storageAccounts" + }, + { + "not": { + "field": "Microsoft.Storage/storageAccounts/sku.name", + "in": "[parameters('listOfAllowedSKUs')]" + } + } + ] + }, + "then": { + "effect": "Deny" + } + } + }, + "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1" + }, + { + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "ResourceNaming" + }, + { + "properties": { + "mode": "Microsoft.KeyVault.Data", + "displayName": "Audit KeyVault certificates that expire within specified number of days", + "description": "Audit certificates that are stored in Azure Key Vault, that expire within 'X' number of days.", + "metadata": { + "category": "KeyVault DataPlane" + }, + "parameters": { + "daysToExpire": { + "type": "Integer", + "metadata": { + "displayName": "Days to expire", + "description": "The number of days for a certificate to expire." + } + } + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyRule": { + "if": { + "field": "Microsoft.KeyVault.Data/vaults/certificates/attributes/expiresOn", + "lessOrEquals": "[addDays(utcNow(), parameters('daysToExpire'))]" + }, + "then": { + "effect": "audit" + } + }, + "policyType": "Custom" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/AuditSoonToExpireCerts", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "AuditSoonToExpireCerts" + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicyDefinitionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicyDefinitionsByManagementGroup.json new file mode 100644 index 000000000000..c6e21558a995 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicyDefinitionsByManagementGroup.json @@ -0,0 +1,106 @@ +{ + "parameters": { + "managementGroupId": "MyManagementGroup", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "mode": "All", + "displayName": "Allowed storage account SKUs", + "policyType": "BuiltIn", + "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.", + "parameters": { + "listOfAllowedSKUs": { + "type": "Array", + "metadata": { + "description": "The list of SKUs that can be specified for storage accounts.", + "displayName": "Allowed SKUs", + "strongType": "StorageSKUs" + } + } + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyRule": { + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Storage/storageAccounts" + }, + { + "not": { + "field": "Microsoft.Storage/storageAccounts/sku.name", + "in": "[parameters('listOfAllowedSKUs')]" + } + } + ] + }, + "then": { + "effect": "Deny" + } + } + }, + "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1" + }, + { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "ResourceNaming", + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicySetDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicySetDefinitionVersions.json new file mode 100644 index 000000000000..030f3c29d7a4 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicySetDefinitionVersions.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policySetDefinitionName": "CostManagement", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "name": "1.2.1", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicySetDefinitionVersionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicySetDefinitionVersionsByManagementGroup.json new file mode 100644 index 000000000000..21b9eba9cd79 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicySetDefinitionVersionsByManagementGroup.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "managementGroupName": "MyManagementGroup", + "policySetDefinitionName": "CostManagement", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "name": "1.2.1", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicySetDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicySetDefinitions.json new file mode 100644 index 000000000000..7eb27af4f3e1 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicySetDefinitions.json @@ -0,0 +1,131 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "policyType": "BuiltIn", + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "metadata": { + "category": "Security Center" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "parameters": {}, + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId1" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId2" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId3" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId4" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId5" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId6" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId7" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId8" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId9" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId10" + } + ] + }, + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + }, + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "CostManagement", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicySetDefinitionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicySetDefinitionsByManagementGroup.json new file mode 100644 index 000000000000..22dc8d8b4b27 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/listPolicySetDefinitionsByManagementGroup.json @@ -0,0 +1,129 @@ +{ + "parameters": { + "managementGroupId": "MyManagementGroup", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "policyType": "BuiltIn", + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "metadata": { + "category": "Security Center" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "parameters": {}, + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId1" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId2" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId3" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId4" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "policyDefinitionReferenceId": "RefId5" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId6" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId7" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "policyDefinitionReferenceId": "RefId8" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId9" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId10" + } + ] + }, + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + }, + { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "CostManagement", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/updatePolicyAssignmentWithIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/updatePolicyAssignmentWithIdentity.json new file mode 100644 index 000000000000..60cd5093992b --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/updatePolicyAssignmentWithIdentity.json @@ -0,0 +1,50 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2025-03-01", + "parameters": { + "location": "eastus", + "identity": { + "type": "SystemAssigned" + } + } + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b" + }, + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "eastus", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/updatePolicyAssignmentWithIdentityById.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/updatePolicyAssignmentWithIdentityById.json new file mode 100644 index 000000000000..ccaace88cca9 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/updatePolicyAssignmentWithIdentityById.json @@ -0,0 +1,48 @@ +{ + "parameters": { + "policyAssignmentId": "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "api-version": "2025-03-01", + "parameters": { + "identity": { + "type": "SystemAssigned" + }, + "location": "eastus" + } + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce storage account SKU", + "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", + "metadata": { + "assignedBy": "Cheapskate Boss" + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "notScopes": [], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "enforcementMode": "Default", + "instanceId": "b7e0f8a9-1c2d-4e3f-8b4c-5d6e7f8a9b0c" + }, + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "eastus", + "id": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "type": "Microsoft.Authorization/policyAssignments", + "name": "LowCostStorage" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/updatePolicyAssignmentWithOverrides.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/updatePolicyAssignmentWithOverrides.json new file mode 100644 index 000000000000..89fb00c11dcd --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/updatePolicyAssignmentWithOverrides.json @@ -0,0 +1,64 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "CostManagement", + "api-version": "2025-03-01", + "parameters": { + "properties": { + "overrides": [ + { + "kind": "policyEffect", + "value": "Audit", + "selectors": [ + { + "kind": "policyDefinitionReferenceId", + "in": [ + "Limit_Skus", + "Limit_Locations" + ] + } + ] + } + ] + } + } + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Limit the resource location and resource SKU", + "description": "Limit the resource location and resource SKU", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "definitionVersion": "1.*.*", + "notScopes": [], + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "overrides": [ + { + "kind": "policyEffect", + "value": "Audit", + "selectors": [ + { + "kind": "policyDefinitionReferenceId", + "in": [ + "Limit_Skus", + "Limit_Locations" + ] + } + ] + } + ], + "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "CostManagement" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/updatePolicyAssignmentWithResourceSelectors.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/updatePolicyAssignmentWithResourceSelectors.json new file mode 100644 index 000000000000..fa5606cea323 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/updatePolicyAssignmentWithResourceSelectors.json @@ -0,0 +1,62 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "CostManagement", + "api-version": "2025-03-01", + "parameters": { + "properties": { + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "kind": "resourceLocation", + "in": [ + "eastus2euap", + "centraluseuap" + ] + } + ] + } + ] + } + } + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Limit the resource location and resource SKU", + "description": "Limit the resource location and resource SKU", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "definitionVersion": "1.*.*", + "notScopes": [], + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "kind": "resourceLocation", + "in": [ + "eastus2euap", + "centraluseuap" + ] + } + ] + } + ], + "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "CostManagement" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/updatePolicyAssignmentWithUserAssignedIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/updatePolicyAssignmentWithUserAssignedIdentity.json new file mode 100644 index 000000000000..b9f912dcf623 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/examples/updatePolicyAssignmentWithUserAssignedIdentity.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2025-03-01", + "parameters": { + "location": "eastus", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": {} + } + } + } + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b" + }, + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": { + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "clientId": "4bee2b8a-1bee-47c2-90e9-404241551135" + } + } + }, + "location": "eastus", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/policyAssignments.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/policyAssignments.json new file mode 100644 index 000000000000..6ebcb4c38b4a --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/policyAssignments.json @@ -0,0 +1,1099 @@ +{ + "swagger": "2.0", + "info": { + "title": "PolicyClient", + "version": "2025-03-01", + "description": "To manage and control access to your resources, you can define customized policies and assign them at a scope." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow.", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}": { + "delete": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_Delete", + "summary": "Deletes a policy assignment.", + "description": "This operation deletes a policy assignment, given its name and the scope it was created in. The scope of a policy assignment is the part of its ID preceding '/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.", + "x-ms-examples": { + "Delete a policy assignment": { + "$ref": "./examples/deletePolicyAssignment.json" + } + }, + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'", + "x-ms-skip-url-encoding": true + }, + { + "name": "policyAssignmentName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy assignment to delete." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the deleted assignment.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "204": { + "description": "No Content - the policy assignment doesn't exist." + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + }, + "put": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_Create", + "summary": "Creates or updates a policy assignment.", + "description": " This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.", + "x-ms-examples": { + "Create or update a policy assignment": { + "$ref": "./examples/createPolicyAssignment.json" + }, + "Create or update a policy assignment with multiple non-compliance messages": { + "$ref": "./examples/createPolicyAssignmentNonComplianceMessages.json" + }, + "Create or update a policy assignment with a system assigned identity": { + "$ref": "./examples/createPolicyAssignmentWithIdentity.json" + }, + "Create or update a policy assignment with a user assigned identity": { + "$ref": "./examples/createPolicyAssignmentWithUserAssignedIdentity.json" + }, + "Create or update a policy assignment without enforcing policy effect during resource creation or update.": { + "$ref": "./examples/createPolicyAssignmentWithoutEnforcement.json" + }, + "Create or update a policy assignment to enforce policy effect only on enrolled resources during resource creation or update.": { + "$ref": "./examples/createPolicyAssignmentWithEnrollEnforcement.json" + }, + "Create or update a policy assignment with resource selectors": { + "$ref": "./examples/createPolicyAssignmentWithResourceSelectors.json" + }, + "Create or update a policy assignment with overrides": { + "$ref": "./examples/createPolicyAssignmentWithOverrides.json" + } + }, + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'", + "x-ms-skip-url-encoding": true + }, + { + "name": "policyAssignmentName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy assignment." + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyAssignment" + }, + "description": "Parameters for the policy assignment." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "201": { + "description": "Created - Returns information about the new policy assignment.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + }, + "get": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_Get", + "summary": "Retrieves a policy assignment.", + "description": "This operation retrieves a single policy assignment, given its name and the scope it was created at.", + "x-ms-examples": { + "Retrieve a policy assignment": { + "$ref": "./examples/getPolicyAssignment.json" + }, + "Retrieve a policy assignment with a system assigned identity": { + "$ref": "./examples/getPolicyAssignmentWithIdentity.json" + }, + "Retrieve a policy assignment with a user assigned identity": { + "$ref": "./examples/getPolicyAssignmentWithUserAssignedIdentity.json" + }, + "Retrieve a policy assignment with resource selectors": { + "$ref": "./examples/getPolicyAssignmentWithResourceSelectors.json" + }, + "Retrieve a policy assignment with overrides": { + "$ref": "./examples/getPolicyAssignmentWithOverrides.json" + } + }, + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'", + "x-ms-skip-url-encoding": true + }, + { + "name": "policyAssignmentName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy assignment to get." + }, + { + "$ref": "#/parameters/PolicyAssignmentExpandParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy assignment.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + }, + "patch": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_Update", + "summary": "Updates a policy assignment.", + "description": " This operation updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.", + "x-ms-examples": { + "Update a policy assignment with a system assigned identity": { + "$ref": "./examples/updatePolicyAssignmentWithIdentity.json" + }, + "Update a policy assignment with a user assigned identity": { + "$ref": "./examples/updatePolicyAssignmentWithUserAssignedIdentity.json" + }, + "Update a policy assignment with resource selectors": { + "$ref": "./examples/updatePolicyAssignmentWithResourceSelectors.json" + }, + "Update a policy assignment with overrides": { + "$ref": "./examples/updatePolicyAssignmentWithOverrides.json" + } + }, + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'", + "x-ms-skip-url-encoding": true + }, + { + "name": "policyAssignmentName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy assignment." + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyAssignmentUpdate" + }, + "description": "Parameters for policy assignment patch request." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy assignment.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Authorization/policyAssignments": { + "get": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_ListForResourceGroup", + "summary": "Retrieves all policy assignments that apply to a resource group.", + "description": "This operation retrieves the list of all policy assignments associated with the given resource group in the given subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy assignments associated with the resource group, including those that apply directly or apply from containing scopes, as well as any applied to resources contained within the resource group. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the resource group, which is everything in the unfiltered list except those applied to resources contained within the resource group. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the resource group. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value} that apply to the resource group.", + "x-ms-examples": { + "List policy assignments that apply to a resource group": { + "$ref": "./examples/listPolicyAssignmentsForResourceGroup.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "resourceGroupName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the resource group that contains policy assignments.", + "pattern": "^[-\\w\\._\\(\\)]+$", + "minLength": 1, + "maxLength": 90 + }, + { + "$ref": "#/parameters/PolicyAssignmentsFilterParameter" + }, + { + "$ref": "#/parameters/PolicyAssignmentExpandParameter" + }, + { + "$ref": "#/parameters/TopParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy assignments.", + "schema": { + "$ref": "#/definitions/PolicyAssignmentListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePath}/{resourceType}/{resourceName}/providers/Microsoft.Authorization/policyAssignments": { + "get": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_ListForResource", + "summary": "Retrieves all policy assignments that apply to a resource.", + "description": "This operation retrieves the list of all policy assignments associated with the specified resource in the given resource group and subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy assignments associated with the resource, including those that apply directly or from all containing scopes, as well as any applied to resources contained within the resource. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the resource, which is everything in the unfiltered list except those applied to resources contained within the resource. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the resource level. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value} that apply to the resource. Three parameters plus the resource name are used to identify a specific resource. If the resource is not part of a parent resource (the more common case), the parent resource path should not be provided (or provided as ''). For example a web app could be specified as ({resourceProviderNamespace} == 'Microsoft.Web', {parentResourcePath} == '', {resourceType} == 'sites', {resourceName} == 'MyWebApp'). If the resource is part of a parent resource, then all parameters should be provided. For example a virtual machine DNS name could be specified as ({resourceProviderNamespace} == 'Microsoft.Compute', {parentResourcePath} == 'virtualMachines/MyVirtualMachine', {resourceType} == 'domainNames', {resourceName} == 'MyComputerName'). A convenient alternative to providing the namespace and type name separately is to provide both in the {resourceType} parameter, format: ({resourceProviderNamespace} == '', {parentResourcePath} == '', {resourceType} == 'Microsoft.Web/sites', {resourceName} == 'MyWebApp').", + "deprecated": false, + "x-ms-examples": { + "List all policy assignments that apply to a resource": { + "$ref": "./examples/listPolicyAssignmentsForResource.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "resourceGroupName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the resource group containing the resource.", + "pattern": "^[-\\w\\._\\(\\)]+$", + "minLength": 1, + "maxLength": 90 + }, + { + "name": "resourceProviderNamespace", + "in": "path", + "required": true, + "type": "string", + "description": "The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines)" + }, + { + "name": "parentResourcePath", + "in": "path", + "required": true, + "type": "string", + "description": "The parent resource path. Use empty string if there is none.", + "x-ms-skip-url-encoding": true + }, + { + "name": "resourceType", + "in": "path", + "required": true, + "type": "string", + "description": "The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites).", + "x-ms-skip-url-encoding": true + }, + { + "name": "resourceName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^.+$", + "description": "The name of the resource." + }, + { + "$ref": "#/parameters/PolicyAssignmentsFilterParameter" + }, + { + "$ref": "#/parameters/PolicyAssignmentExpandParameter" + }, + { + "$ref": "#/parameters/TopParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy assignments.", + "schema": { + "$ref": "#/definitions/PolicyAssignmentListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "#/definitions/PolicyAssignment" + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policyAssignments": { + "get": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_ListForManagementGroup", + "summary": "Retrieves all policy assignments that apply to a management group.", + "description": "This operation retrieves the list of all policy assignments applicable to the management group that match the given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter=atScope() is provided, the returned list includes all policy assignments that are assigned to the management group or the management group's ancestors. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the management group. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value} that apply to the management group.", + "x-ms-examples": { + "List policy assignments that apply to a management group": { + "$ref": "./examples/listPolicyAssignmentsForManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/ManagementGroupIdParameter" + }, + { + "$ref": "#/parameters/PolicyAssignmentsFilterParameter" + }, + { + "$ref": "#/parameters/PolicyAssignmentExpandParameter" + }, + { + "$ref": "#/parameters/TopParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy assignments.", + "schema": { + "$ref": "#/definitions/PolicyAssignmentListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyAssignments": { + "get": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_List", + "summary": "Retrieves all policy assignments that apply to a subscription.", + "description": "This operation retrieves the list of all policy assignments associated with the given subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy assignments associated with the subscription, including those that apply directly or from management groups that contain the given subscription, as well as any applied to objects contained within the subscription. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the subscription, which is everything in the unfiltered list except those applied to objects contained within the subscription. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the subscription. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value}.", + "x-ms-examples": { + "List policy assignments that apply to a subscription": { + "$ref": "./examples/listPolicyAssignments.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/PolicyAssignmentsFilterParameter" + }, + { + "$ref": "#/parameters/PolicyAssignmentExpandParameter" + }, + { + "$ref": "#/parameters/TopParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy assignments.", + "schema": { + "$ref": "#/definitions/PolicyAssignmentListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "#/definitions/PolicyAssignment" + } + }, + "/{policyAssignmentId}": { + "delete": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_DeleteById", + "summary": "Deletes a policy assignment.", + "description": "This operation deletes the policy with the given ID. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid formats for {scope} are: '/providers/Microsoft.Management/managementGroups/{managementGroup}' (management group), '/subscriptions/{subscriptionId}' (subscription), '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}' (resource group), or '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' (resource).", + "x-ms-examples": { + "Delete a policy assignment by ID": { + "$ref": "./examples/deletePolicyAssignmentById.json" + } + }, + "parameters": [ + { + "name": "policyAssignmentId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.", + "x-ms-skip-url-encoding": true + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy assignment.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "204": { + "description": "No Content - the policy assignment doesn't exist." + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + }, + "put": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_CreateById", + "summary": "Creates or updates a policy assignment.", + "description": "This operation creates or updates the policy assignment with the given ID. Policy assignments made on a scope apply to all resources contained in that scope. For example, when you assign a policy to a resource group that policy applies to all resources in the group. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'.", + "x-ms-examples": { + "Create or update policy assignment by ID": { + "$ref": "./examples/createPolicyAssignmentById.json" + }, + "Create or update policy assignment with a managed identity by ID": { + "$ref": "./examples/createPolicyAssignmentWithIdentityById.json" + } + }, + "parameters": [ + { + "name": "policyAssignmentId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the policy assignment to create. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.", + "x-ms-skip-url-encoding": true + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyAssignment" + }, + "description": "Parameters for policy assignment." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "201": { + "description": "Created - Returns information about the policy assignment.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + }, + "get": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_GetById", + "summary": "Retrieves the policy assignment with the given ID.", + "description": "The operation retrieves the policy assignment with the given ID. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'.", + "x-ms-examples": { + "Retrieve a policy assignment by ID": { + "$ref": "./examples/getPolicyAssignmentById.json" + }, + "Retrieve a policy assignment with a managed identity by ID": { + "$ref": "./examples/getPolicyAssignmentWithIdentityById.json" + } + }, + "parameters": [ + { + "name": "policyAssignmentId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the policy assignment to get. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.", + "x-ms-skip-url-encoding": true + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy assignment.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + }, + "patch": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_UpdateById", + "summary": "Updates a policy assignment.", + "description": "This operation updates the policy assignment with the given ID. Policy assignments made on a scope apply to all resources contained in that scope. For example, when you assign a policy to a resource group that policy applies to all resources in the group. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'.", + "x-ms-examples": { + "Update policy assignment with a managed identity by ID": { + "$ref": "./examples/updatePolicyAssignmentWithIdentityById.json" + } + }, + "parameters": [ + { + "name": "policyAssignmentId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the policy assignment to update. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.", + "x-ms-skip-url-encoding": true + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyAssignmentUpdate" + }, + "description": "Parameters for policy assignment patch request." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy assignment.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + } + } + }, + "definitions": { + "PolicyAssignmentProperties": { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "description": "The display name of the policy assignment." + }, + "policyDefinitionId": { + "type": "string", + "description": "The ID of the policy definition or policy set definition being assigned." + }, + "definitionVersion": { + "type": "string", + "description": "The version of the policy definition to use." + }, + "latestDefinitionVersion": { + "type": "string", + "description": "The latest version of the policy definition available. This is only present if requested via the $expand query parameter.", + "readOnly": true + }, + "effectiveDefinitionVersion": { + "type": "string", + "description": "The effective version of the policy definition in use. This is only present if requested via the $expand query parameter.", + "readOnly": true + }, + "scope": { + "type": "string", + "description": "The scope for the policy assignment.", + "readOnly": true + }, + "notScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The policy's excluded scopes." + }, + "parameters": { + "description": "The parameter values for the assigned policy rule. The keys are the parameter names.", + "$ref": "#/definitions/ParameterValues" + }, + "description": { + "type": "string", + "description": "This message will be part of response in case of policy violation." + }, + "metadata": { + "type": "object", + "description": "The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs." + }, + "enforcementMode": { + "type": "string", + "description": "The policy assignment enforcement mode. Possible values are Default, DoNotEnforce, and Enroll", + "enum": [ + "Default", + "DoNotEnforce", + "Enroll" + ], + "x-ms-enum": { + "name": "enforcementMode", + "modelAsString": true, + "values": [ + { + "value": "Default", + "description": "The policy effect is enforced during resource creation or update." + }, + { + "value": "DoNotEnforce", + "description": "The policy effect is not enforced during resource creation or update." + }, + { + "value": "Enroll", + "description": "The policy effect is not enforced during resource creation or update until the resource or scope of the resource is enrolled to the assignment instance. Enrollment occurs upon deployment of the policy enrollment resource." + } + ] + }, + "default": "Default" + }, + "nonComplianceMessages": { + "type": "array", + "items": { + "$ref": "#/definitions/NonComplianceMessage" + }, + "x-ms-identifiers": [ + "message", + "policyDefinitionReferenceId" + ], + "description": "The messages that describe why a resource is non-compliant with the policy." + }, + "resourceSelectors": { + "type": "array", + "items": { + "$ref": "../../common/v2/types.json#/definitions/ResourceSelector" + }, + "x-ms-identifiers": [], + "description": "The resource selector list to filter policies by resource properties." + }, + "overrides": { + "type": "array", + "items": { + "$ref": "../../common/v2/types.json#/definitions/Override" + }, + "x-ms-identifiers": [], + "description": "The policy property value override." + }, + "assignmentType": { + "type": "string", + "description": "The type of policy assignment. Possible values are NotSpecified, System, SystemHidden, and Custom. Immutable.", + "enum": [ + "NotSpecified", + "System", + "SystemHidden", + "Custom" + ], + "x-ms-enum": { + "name": "assignmentType", + "modelAsString": true + } + }, + "instanceId": { + "type": "string", + "description": "The instance ID of the policy assignment. This ID only and always changes when the assignment is deleted and recreated.", + "readOnly": true + } + }, + "description": "The policy assignment properties." + }, + "NonComplianceMessage": { + "type": "object", + "properties": { + "message": { + "type": "string", + "description": "A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results." + }, + "policyDefinitionReferenceId": { + "type": "string", + "description": "The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment." + } + }, + "required": [ + "message" + ], + "description": "A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results." + }, + "ParameterValues": { + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/ParameterValuesValue" + }, + "description": "The parameter values for the policy rule. The keys are the parameter names." + }, + "ParameterValuesValue": { + "type": "object", + "properties": { + "value": { + "description": "The value of the parameter.", + "type": "object" + } + }, + "description": "The value of a parameter." + }, + "PolicyAssignment": { + "type": "object", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/PolicyAssignmentProperties", + "description": "Properties for the policy assignment." + }, + "id": { + "type": "string", + "description": "The ID of the policy assignment.", + "readOnly": true + }, + "type": { + "type": "string", + "description": "The type of the policy assignment.", + "readOnly": true + }, + "name": { + "type": "string", + "description": "The name of the policy assignment.", + "readOnly": true + }, + "location": { + "type": "string", + "description": "The location of the policy assignment. Only required when utilizing managed identity." + }, + "identity": { + "$ref": "#/definitions/Identity", + "description": "The managed identity associated with the policy assignment." + }, + "systemData": { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/definitions/systemData", + "readOnly": true, + "description": "The system metadata relating to this resource." + } + }, + "description": "The policy assignment.", + "x-ms-azure-resource": true + }, + "PolicyAssignmentListResult": { + "type": "object", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/PolicyAssignment" + }, + "x-ms-identifiers": [], + "description": "An array of policy assignments." + }, + "nextLink": { + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "description": "List of policy assignments." + }, + "Identity": { + "type": "object", + "properties": { + "principalId": { + "readOnly": true, + "type": "string", + "description": "The principal ID of the resource identity. This property will only be provided for a system assigned identity" + }, + "tenantId": { + "readOnly": true, + "type": "string", + "description": "The tenant ID of the resource identity. This property will only be provided for a system assigned identity" + }, + "type": { + "type": "string", + "description": "The identity type. This is the only required field when adding a system or user assigned identity to a resource.", + "enum": [ + "SystemAssigned", + "UserAssigned", + "None" + ], + "x-ms-enum": { + "name": "ResourceIdentityType", + "modelAsString": false, + "values": [ + { + "value": "SystemAssigned", + "description": "Indicates that a system assigned identity is associated with the resource." + }, + { + "value": "UserAssigned", + "description": "Indicates that a system assigned identity is associated with the resource." + }, + { + "value": "None", + "description": "Indicates that no identity is associated with the resource or that the existing identity should be removed." + } + ] + } + }, + "userAssignedIdentities": { + "type": "object", + "additionalProperties": { + "type": "object", + "x-ms-client-name": "userAssignedIdentitiesValue", + "properties": { + "principalId": { + "readOnly": true, + "type": "string", + "description": "The principal id of user assigned identity." + }, + "clientId": { + "readOnly": true, + "type": "string", + "description": "The client id of user assigned identity." + } + } + }, + "description": "The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'." + } + }, + "description": "Identity for the resource. Policy assignments support a maximum of one identity. That is either a system assigned identity or a single user assigned identity." + }, + "PolicyAssignmentUpdateProperties": { + "type": "object", + "properties": { + "resourceSelectors": { + "type": "array", + "items": { + "$ref": "../../common/v2/types.json#/definitions/ResourceSelector" + }, + "x-ms-identifiers": [], + "description": "The resource selector list to filter policies by resource properties." + }, + "overrides": { + "type": "array", + "items": { + "$ref": "../../common/v2/types.json#/definitions/Override" + }, + "x-ms-identifiers": [], + "description": "The policy property value override." + } + }, + "description": "The policy assignment properties for Patch request." + }, + "PolicyAssignmentUpdate": { + "type": "object", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/PolicyAssignmentUpdateProperties", + "description": "The policy assignment properties for Patch request." + }, + "location": { + "type": "string", + "description": "The location of the policy assignment. Only required when utilizing managed identity." + }, + "identity": { + "$ref": "#/definitions/Identity", + "description": "The managed identity associated with the policy assignment." + } + }, + "description": "The policy assignment for Patch request." + } + }, + "parameters": { + "ManagementGroupIdParameter": { + "name": "managementGroupId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the management group.", + "x-ms-parameter-location": "method" + }, + "PolicyAssignmentsFilterParameter": { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atScope() is provided, the returned list only includes all policy assignments that apply to the scope, which is everything in the unfiltered list except those applied to sub scopes contained within the given scope. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the given scope. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value}.", + "x-ms-skip-url-encoding": true, + "x-ms-parameter-location": "method" + }, + "PolicyAssignmentExpandParameter": { + "name": "$expand", + "in": "query", + "required": false, + "type": "string", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "x-ms-parameter-location": "method" + }, + "TopParameter": { + "name": "$top", + "in": "query", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000, + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/policyDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/policyDefinitionVersions.json new file mode 100644 index 000000000000..afb5dfbfd7ea --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/policyDefinitionVersions.json @@ -0,0 +1,856 @@ +{ + "swagger": "2.0", + "info": { + "title": "PolicyClient", + "version": "2025-03-01", + "description": "To manage and control access to your resources, you can define customized policies and assign them at a scope." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow.", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/providers/Microsoft.Authorization/listPolicyDefinitionVersions": { + "post": { + "tags": [ + "PolicyDefinitionVersions" + ], + "operationId": "PolicyDefinitionVersions_ListAllBuiltins", + "summary": "Lists all built-in policy definition versions.", + "description": "This operation lists all the built-in policy definition versions for all built-in policy definitions.", + "x-ms-examples": { + "List all built-in policy definition versions": { + "$ref": "./examples/listAllBuiltInPolicyDefinitionVersions.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy definition versions.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/listPolicyDefinitionVersions": { + "post": { + "tags": [ + "PolicyDefinitionVersions" + ], + "operationId": "PolicyDefinitionVersions_ListAllAtManagementGroup", + "summary": "Lists all policy definition versions at management group scope.", + "description": "This operation lists all the policy definition versions for all policy definitions at the management group scope.", + "x-ms-examples": { + "List all policy definition versions at management group": { + "$ref": "./examples/listAllPolicyDefinitionVersionsByManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy definition versions.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/listPolicyDefinitionVersions": { + "post": { + "tags": [ + "PolicyDefinitionVersions" + ], + "operationId": "PolicyDefinitionVersions_ListAll", + "summary": "Lists all policy definition versions within a subscription.", + "description": "This operation lists all the policy definition versions for all policy definitions within a subscription.", + "x-ms-examples": { + "List all policy definition versions at subscription": { + "$ref": "./examples/listAllPolicyDefinitionVersions.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy definition versions.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions/{policyDefinitionVersion}": { + "put": { + "tags": [ + "PolicyDefinitionVersions" + ], + "operationId": "PolicyDefinitionVersions_CreateOrUpdate", + "summary": "Creates or updates a policy definition in a subscription.", + "description": "This operation creates or updates a policy definition in the given subscription with the given name.", + "x-ms-examples": { + "Create or update a policy definition version": { + "$ref": "./examples/createOrUpdatePolicyDefinitionVersion.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/PolicyDefinitionName" + }, + { + "$ref": "#/parameters/PolicyDefinitionVersion" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + }, + "description": "The policy definition properties." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "201": { + "description": "Created - Returns information about the policy definition version.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + } + }, + "200": { + "description": "OK - Successfully updated policy definition version.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "tags": [ + "PolicyDefinitionVersions" + ], + "operationId": "PolicyDefinitionVersions_Delete", + "summary": "Deletes a policy definition version in a subscription.", + "description": "This operation deletes the policy definition version in the given subscription with the given name.", + "x-ms-examples": { + "Delete a policy definition version": { + "$ref": "./examples/deletePolicyDefinitionVersion.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/PolicyDefinitionName" + }, + { + "$ref": "#/parameters/PolicyDefinitionVersion" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "200": { + "description": "OK" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + }, + "get": { + "tags": [ + "PolicyDefinitionVersions" + ], + "operationId": "PolicyDefinitionVersions_Get", + "summary": "Retrieves a policy definition version in a subscription.", + "description": "This operation retrieves the policy definition version in the given subscription with the given name.", + "x-ms-examples": { + "Retrieve a policy definition version": { + "$ref": "./examples/getPolicyDefinitionVersion.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/PolicyDefinitionName" + }, + { + "$ref": "#/parameters/PolicyDefinitionVersion" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy definition.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions/{policyDefinitionVersion}": { + "get": { + "tags": [ + "PolicyDefinitionVersions" + ], + "operationId": "PolicyDefinitionVersions_GetBuiltIn", + "summary": "Retrieves a built-in policy definition version.", + "description": "This operation retrieves the built-in policy definition version with the given name.", + "x-ms-examples": { + "Retrieve a built-in policy definition version": { + "$ref": "./examples/getBuiltinPolicyDefinitionVersion.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/PolicyDefinitionName" + }, + { + "$ref": "#/parameters/PolicyDefinitionVersion" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the built-in policy definition.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions/{policyDefinitionVersion}": { + "put": { + "tags": [ + "PolicyDefinitionVersions" + ], + "operationId": "PolicyDefinitionVersions_CreateOrUpdateAtManagementGroup", + "summary": "Creates or updates a policy definition version in a management group.", + "description": "This operation creates or updates a policy definition version in the given management group with the given name.", + "x-ms-examples": { + "Create or update a policy definition version at management group level": { + "$ref": "./examples/createOrUpdatePolicyDefinitionVersionAtManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "$ref": "#/parameters/PolicyDefinitionName" + }, + { + "$ref": "#/parameters/PolicyDefinitionVersion" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + }, + "description": "The policy definition properties." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "201": { + "description": "Created - Returns information about the policy definition version.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + } + }, + "200": { + "description": "OK - Successfully updated policy definition version.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "tags": [ + "PolicyDefinitionVersions" + ], + "operationId": "PolicyDefinitionVersions_DeleteAtManagementGroup", + "summary": "Deletes a policy definition in a management group.", + "description": "This operation deletes the policy definition in the given management group with the given name.", + "x-ms-examples": { + "Delete a policy definition version at management group level": { + "$ref": "./examples/deletePolicyDefinitionVersionAtManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "$ref": "#/parameters/PolicyDefinitionName" + }, + { + "$ref": "#/parameters/PolicyDefinitionVersion" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "200": { + "description": "OK" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + }, + "get": { + "tags": [ + "PolicyDefinitionVersions" + ], + "operationId": "PolicyDefinitionVersions_GetAtManagementGroup", + "summary": "Retrieve a policy definition version in a management group.", + "description": "This operation retrieves the policy definition version in the given management group with the given name.", + "x-ms-examples": { + "Retrieve a policy definition version at management group level": { + "$ref": "./examples/getPolicyDefinitionVersionAtManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "$ref": "#/parameters/PolicyDefinitionName" + }, + { + "$ref": "#/parameters/PolicyDefinitionVersion" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy definition.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions": { + "get": { + "tags": [ + "PolicyDefinitionVersions" + ], + "operationId": "PolicyDefinitionVersions_List", + "summary": "Retrieves policy definition versions for a given policy definition in a subscription", + "description": "This operation retrieves a list of all the policy definition versions for the given policy definition.", + "x-ms-examples": { + "List policy definition versions by subscription": { + "$ref": "./examples/listPolicyDefinitionVersions.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/PolicyDefinitionName" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/TopParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy definition versions.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions": { + "get": { + "tags": [ + "PolicyDefinitionVersions" + ], + "operationId": "PolicyDefinitionVersions_ListBuiltIn", + "summary": "Retrieve built-in policy definition versions", + "description": "This operation retrieves a list of all the built-in policy definition versions for the given policy definition.", + "x-ms-examples": { + "List built-in policy definition versions": { + "$ref": "./examples/listBuiltInPolicyDefinitionVersions.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/PolicyDefinitionName" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/TopParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of built-in policy definition versions.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions": { + "get": { + "tags": [ + "PolicyDefinitionVersions" + ], + "operationId": "PolicyDefinitionVersions_ListByManagementGroup", + "summary": "Retrieve policy definition versions in a management group policy definition.", + "description": "This operation retrieves a list of all the policy definition versions for the given policy definition in the given management group.", + "x-ms-examples": { + "List policy definition versions by management group": { + "$ref": "./examples/listPolicyDefinitionVersionsByManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "$ref": "#/parameters/PolicyDefinitionName" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/TopParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy definition versions.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + } + }, + "definitions": { + "PolicyDefinitionVersionProperties": { + "type": "object", + "properties": { + "policyType": { + "type": "string", + "description": "The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.", + "enum": [ + "NotSpecified", + "BuiltIn", + "Custom", + "Static" + ], + "x-ms-enum": { + "name": "policyType", + "modelAsString": true + } + }, + "mode": { + "type": "string", + "description": "The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.", + "default": "Indexed" + }, + "displayName": { + "type": "string", + "description": "The display name of the policy definition." + }, + "description": { + "type": "string", + "description": "The policy definition description." + }, + "policyRule": { + "type": "object", + "description": "The policy rule." + }, + "metadata": { + "type": "object", + "description": "The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs." + }, + "parameters": { + "description": "The parameter definitions for parameters used in the policy rule. The keys are the parameter names.", + "$ref": "#/definitions/ParameterDefinitions" + }, + "version": { + "type": "string", + "description": "The policy definition version in #.#.# format." + }, + "externalEvaluationEnforcementSettings": { + "description": "The details of the source of external evaluation results required by the policy during enforcement evaluation.", + "$ref": "#/definitions/ExternalEvaluationEnforcementSettings" + } + }, + "description": "The policy definition properties." + }, + "ParameterDefinitionsValue": { + "type": "object", + "properties": { + "type": { + "description": "The data type of the parameter.", + "type": "string", + "enum": [ + "String", + "Array", + "Object", + "Boolean", + "Integer", + "Float", + "DateTime" + ], + "x-ms-enum": { + "name": "parameterType", + "modelAsString": true + } + }, + "allowedValues": { + "type": "array", + "items": { + "type": "object" + }, + "x-ms-identifiers": [], + "description": "The allowed values for the parameter." + }, + "defaultValue": { + "type": "object", + "description": "The default value for the parameter if no value is provided." + }, + "schema": { + "type": "object", + "description": "Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/." + }, + "metadata": { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "description": "The display name for the parameter." + }, + "description": { + "type": "string", + "description": "The description of the parameter." + }, + "strongType": { + "type": "string", + "description": "Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from." + }, + "assignPermissions": { + "type": "boolean", + "description": "Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope." + } + }, + "additionalProperties": { + "type": "object" + }, + "description": "General metadata for the parameter." + } + }, + "description": "The definition of a parameter that can be provided to the policy." + }, + "ParameterDefinitions": { + "description": "The parameter definitions for parameters used in the policy. The keys are the parameter names.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/ParameterDefinitionsValue" + } + }, + "PolicyDefinitionVersion": { + "type": "object", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/PolicyDefinitionVersionProperties", + "description": "The policy definition version properties." + }, + "id": { + "readOnly": true, + "type": "string", + "description": "The ID of the policy definition version." + }, + "name": { + "readOnly": true, + "type": "string", + "description": "The name of the policy definition version." + }, + "type": { + "readOnly": true, + "type": "string", + "description": "The type of the resource (Microsoft.Authorization/policyDefinitions/versions)." + }, + "systemData": { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/definitions/systemData", + "readOnly": true, + "description": "The system metadata relating to this resource." + } + }, + "description": "The ID of the policy definition version.", + "x-ms-azure-resource": true + }, + "PolicyDefinitionVersionListResult": { + "type": "object", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/PolicyDefinitionVersion" + }, + "description": "An array of policy definitions versions." + }, + "nextLink": { + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "description": "List of policy definition versions." + }, + "ExternalEvaluationEnforcementSettings": { + "type": "object", + "properties": { + "missingTokenAction": { + "type": "string", + "description": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny." + }, + "resultLifespan": { + "type": "string", + "description": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format.", + "pattern": "^P(\\d+Y)?(\\d+M)?(\\d+D)?(T(\\d+H)?(\\d+M)?(\\d+(\\.\\d+)?S)?)?$" + }, + "endpointSettings": { + "description": "The settings of an external endpoint providing evaluation results.", + "$ref": "#/definitions/ExternalEvaluationEndpointSettings" + }, + "roleDefinitionIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint." + } + }, + "description": "The details of the source of external evaluation results required by the policy during enforcement evaluation." + }, + "ExternalEvaluationEndpointSettings": { + "type": "object", + "properties": { + "kind": { + "type": "string", + "description": "The kind of the endpoint." + }, + "details": { + "type": "object", + "description": "The details of the endpoint." + } + }, + "description": "The settings of an external endpoint providing evaluation results." + } + }, + "parameters": { + "PolicyDefinitionName": { + "name": "policyDefinitionName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy definition.", + "x-ms-parameter-location": "method" + }, + "PolicyDefinitionVersion": { + "name": "policyDefinitionVersion", + "in": "path", + "required": true, + "type": "string", + "pattern": "^\\d+\\.\\d+\\.\\d+$", + "description": "The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number", + "x-ms-parameter-location": "method" + }, + "PolicyDefinitionsFilterParameter": { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}.", + "x-ms-skip-url-encoding": true, + "x-ms-parameter-location": "method" + }, + "TopParameter": { + "name": "$top", + "in": "query", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000, + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/policyDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/policyDefinitions.json new file mode 100644 index 000000000000..920edca395bb --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/policyDefinitions.json @@ -0,0 +1,753 @@ +{ + "swagger": "2.0", + "info": { + "title": "PolicyClient", + "version": "2025-03-01", + "description": "To manage and control access to your resources, you can define customized policies and assign them at a scope." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow.", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}": { + "put": { + "tags": [ + "PolicyDefinitions" + ], + "operationId": "PolicyDefinitions_CreateOrUpdate", + "summary": "Creates or updates a policy definition in a subscription.", + "description": "This operation creates or updates a policy definition in the given subscription with the given name.", + "x-ms-examples": { + "Create or update a policy definition": { + "$ref": "./examples/createOrUpdatePolicyDefinition.json" + }, + "Create or update a policy definition with advanced parameters": { + "$ref": "./examples/createOrUpdatePolicyDefinitionAdvancedParams.json" + }, + "Create or update a policy definition with external evaluation enforcement settings": { + "$ref": "./examples/createOrUpdatePolicyDefinitionExternalEvaluationEnforcementSettings.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy definition to create." + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyDefinition" + }, + "description": "The policy definition properties." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "201": { + "description": "Created - Returns information about the policy definition.", + "schema": { + "$ref": "#/definitions/PolicyDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "tags": [ + "PolicyDefinitions" + ], + "operationId": "PolicyDefinitions_Delete", + "summary": "Deletes a policy definition in a subscription.", + "description": "This operation deletes the policy definition in the given subscription with the given name.", + "x-ms-examples": { + "Delete a policy definition": { + "$ref": "./examples/deletePolicyDefinition.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy definition to delete." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "200": { + "description": "OK" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + }, + "get": { + "tags": [ + "PolicyDefinitions" + ], + "operationId": "PolicyDefinitions_Get", + "summary": "Retrieves a policy definition in a subscription.", + "description": "This operation retrieves the policy definition in the given subscription with the given name.", + "x-ms-examples": { + "Retrieve a policy definition": { + "$ref": "./examples/getPolicyDefinition.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy definition to get." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy definition.", + "schema": { + "$ref": "#/definitions/PolicyDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}": { + "get": { + "tags": [ + "PolicyDefinitions" + ], + "operationId": "PolicyDefinitions_GetBuiltIn", + "summary": "Retrieves a built-in policy definition.", + "description": "This operation retrieves the built-in policy definition with the given name.", + "x-ms-examples": { + "Retrieve a built-in policy definition": { + "$ref": "./examples/getBuiltinPolicyDefinition.json" + } + }, + "parameters": [ + { + "name": "policyDefinitionName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the built-in policy definition to get." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the built-in policy definition.", + "schema": { + "$ref": "#/definitions/PolicyDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}": { + "put": { + "tags": [ + "PolicyDefinitions" + ], + "operationId": "PolicyDefinitions_CreateOrUpdateAtManagementGroup", + "summary": "Creates or updates a policy definition in a management group.", + "description": "This operation creates or updates a policy definition in the given management group with the given name.", + "x-ms-examples": { + "Create or update a policy definition at management group level": { + "$ref": "./examples/createOrUpdatePolicyDefinitionAtManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/ManagementGroupIdParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy definition to create." + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyDefinition" + }, + "description": "The policy definition properties." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "201": { + "description": "Created - Returns information about the policy definition.", + "schema": { + "$ref": "#/definitions/PolicyDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "tags": [ + "PolicyDefinitions" + ], + "operationId": "PolicyDefinitions_DeleteAtManagementGroup", + "summary": "Deletes a policy definition in a management group.", + "description": "This operation deletes the policy definition in the given management group with the given name.", + "x-ms-examples": { + "Delete a policy definition at management group level": { + "$ref": "./examples/deletePolicyDefinitionAtManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/ManagementGroupIdParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy definition to delete." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "200": { + "description": "OK" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + }, + "get": { + "tags": [ + "PolicyDefinitions" + ], + "operationId": "PolicyDefinitions_GetAtManagementGroup", + "summary": "Retrieve a policy definition in a management group.", + "description": "This operation retrieves the policy definition in the given management group with the given name.", + "x-ms-examples": { + "Retrieve a policy definition at management group level": { + "$ref": "./examples/getPolicyDefinitionAtManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/ManagementGroupIdParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy definition to get." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy definition.", + "schema": { + "$ref": "#/definitions/PolicyDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions": { + "get": { + "tags": [ + "PolicyDefinitions" + ], + "operationId": "PolicyDefinitions_List", + "summary": "Retrieves policy definitions in a subscription", + "description": "This operation retrieves a list of all the policy definitions in a given subscription that match the optional given $filter. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, the unfiltered list includes all policy definitions associated with the subscription, including those that apply directly or from management groups that contain the given subscription. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given subscription. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}.", + "x-ms-examples": { + "List policy definitions by subscription": { + "$ref": "./examples/listPolicyDefinitions.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/PolicyDefinitionsFilterParameter" + }, + { + "$ref": "#/parameters/TopParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy definitions.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Authorization/policyDefinitions": { + "get": { + "tags": [ + "PolicyDefinitions" + ], + "operationId": "PolicyDefinitions_ListBuiltIn", + "summary": "Retrieve built-in policy definitions", + "description": "This operation retrieves a list of all the built-in policy definitions that match the optional given $filter. If $filter='policyType -eq {value}' is provided, the returned list only includes all built-in policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all built-in policy definitions whose category match the {value}.", + "x-ms-examples": { + "List built-in policy definitions": { + "$ref": "./examples/listBuiltInPolicyDefinitions.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/PolicyDefinitionsFilterParameter" + }, + { + "$ref": "#/parameters/TopParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of built-in policy definitions.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policyDefinitions": { + "get": { + "tags": [ + "PolicyDefinitions" + ], + "operationId": "PolicyDefinitions_ListByManagementGroup", + "summary": "Retrieve policy definitions in a management group", + "description": "This operation retrieves a list of all the policy definitions in a given management group that match the optional given $filter. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, the unfiltered list includes all policy definitions associated with the management group, including those that apply directly or from management groups that contain the given management group. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given management group. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}.", + "x-ms-examples": { + "List policy definitions by management group": { + "$ref": "./examples/listPolicyDefinitionsByManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/ManagementGroupIdParameter" + }, + { + "$ref": "#/parameters/PolicyDefinitionsFilterParameter" + }, + { + "$ref": "#/parameters/TopParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy definitions.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + } + }, + "definitions": { + "PolicyDefinitionProperties": { + "type": "object", + "properties": { + "policyType": { + "type": "string", + "description": "The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.", + "enum": [ + "NotSpecified", + "BuiltIn", + "Custom", + "Static" + ], + "x-ms-enum": { + "name": "policyType", + "modelAsString": true + } + }, + "mode": { + "type": "string", + "description": "The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.", + "default": "Indexed" + }, + "displayName": { + "type": "string", + "description": "The display name of the policy definition." + }, + "description": { + "type": "string", + "description": "The policy definition description." + }, + "policyRule": { + "type": "object", + "description": "The policy rule." + }, + "metadata": { + "type": "object", + "description": "The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs." + }, + "parameters": { + "description": "The parameter definitions for parameters used in the policy rule. The keys are the parameter names.", + "$ref": "#/definitions/ParameterDefinitions" + }, + "version": { + "type": "string", + "description": "The policy definition version in #.#.# format." + }, + "versions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of available versions for this policy definition." + }, + "externalEvaluationEnforcementSettings": { + "description": "The details of the source of external evaluation results required by the policy during enforcement evaluation.", + "$ref": "#/definitions/ExternalEvaluationEnforcementSettings" + } + }, + "description": "The policy definition properties." + }, + "ParameterDefinitionsValue": { + "type": "object", + "properties": { + "type": { + "description": "The data type of the parameter.", + "type": "string", + "enum": [ + "String", + "Array", + "Object", + "Boolean", + "Integer", + "Float", + "DateTime" + ], + "x-ms-enum": { + "name": "parameterType", + "modelAsString": true + } + }, + "allowedValues": { + "type": "array", + "items": { + "type": "object" + }, + "x-ms-identifiers": [], + "description": "The allowed values for the parameter." + }, + "defaultValue": { + "type": "object", + "description": "The default value for the parameter if no value is provided." + }, + "schema": { + "type": "object", + "description": "Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/." + }, + "metadata": { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "description": "The display name for the parameter." + }, + "description": { + "type": "string", + "description": "The description of the parameter." + }, + "strongType": { + "type": "string", + "description": "Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from." + }, + "assignPermissions": { + "type": "boolean", + "description": "Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope." + } + }, + "additionalProperties": { + "type": "object" + }, + "description": "General metadata for the parameter." + } + }, + "description": "The definition of a parameter that can be provided to the policy." + }, + "ParameterDefinitions": { + "description": "The parameter definitions for parameters used in the policy. The keys are the parameter names.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/ParameterDefinitionsValue" + } + }, + "PolicyDefinition": { + "type": "object", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/PolicyDefinitionProperties", + "description": "The policy definition properties." + }, + "id": { + "readOnly": true, + "type": "string", + "description": "The ID of the policy definition." + }, + "name": { + "readOnly": true, + "type": "string", + "description": "The name of the policy definition." + }, + "type": { + "readOnly": true, + "type": "string", + "description": "The type of the resource (Microsoft.Authorization/policyDefinitions)." + }, + "systemData": { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/definitions/systemData", + "readOnly": true, + "description": "The system metadata relating to this resource." + } + }, + "description": "The policy definition.", + "x-ms-azure-resource": true + }, + "PolicyDefinitionListResult": { + "type": "object", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/PolicyDefinition" + }, + "description": "An array of policy definitions." + }, + "nextLink": { + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "description": "List of policy definitions." + }, + "ExternalEvaluationEnforcementSettings": { + "type": "object", + "properties": { + "missingTokenAction": { + "type": "string", + "description": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny." + }, + "resultLifespan": { + "type": "string", + "description": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format.", + "pattern": "^P(\\d+Y)?(\\d+M)?(\\d+D)?(T(\\d+H)?(\\d+M)?(\\d+(\\.\\d+)?S)?)?$" + }, + "endpointSettings": { + "description": "The settings of an external endpoint providing evaluation results.", + "$ref": "#/definitions/ExternalEvaluationEndpointSettings" + }, + "roleDefinitionIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint." + } + }, + "description": "The details of the source of external evaluation results required by the policy during enforcement evaluation." + }, + "ExternalEvaluationEndpointSettings": { + "type": "object", + "properties": { + "kind": { + "type": "string", + "description": "The kind of the endpoint." + }, + "details": { + "type": "object", + "description": "The details of the endpoint." + } + }, + "description": "The settings of an external endpoint providing evaluation results." + } + }, + "parameters": { + "ManagementGroupIdParameter": { + "name": "managementGroupId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the management group.", + "x-ms-parameter-location": "method" + }, + "PolicyDefinitionsFilterParameter": { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}.", + "x-ms-skip-url-encoding": true, + "x-ms-parameter-location": "method" + }, + "TopParameter": { + "name": "$top", + "in": "query", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000, + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/policySetDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/policySetDefinitionVersions.json new file mode 100644 index 000000000000..d95878667293 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/policySetDefinitionVersions.json @@ -0,0 +1,852 @@ +{ + "swagger": "2.0", + "info": { + "title": "PolicyClient", + "version": "2025-03-01", + "description": "To manage and control access to your resources, you can define customized policies and assign them at a scope." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow.", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/providers/Microsoft.Authorization/listPolicySetDefinitionVersions": { + "post": { + "tags": [ + "PolicySetDefinitionVersions" + ], + "operationId": "PolicySetDefinitionVersions_ListAllBuiltins", + "summary": "Lists all built-in policy set definition versions.", + "description": "This operation lists all the built-in policy set definition versions for all built-in policy set definitions.", + "x-ms-examples": { + "List all built-in policy definition versions": { + "$ref": "./examples/listAllBuiltInPolicySetDefinitionVersions.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy set definition versions.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/listPolicySetDefinitionVersions": { + "post": { + "tags": [ + "PolicySetDefinitionVersions" + ], + "operationId": "PolicySetDefinitionVersions_ListAllAtManagementGroup", + "summary": "Lists all policy set definition versions at management group scope.", + "description": "This operation lists all the policy set definition versions for all policy set definitions at the management group scope.", + "x-ms-examples": { + "List all policy definition versions at management group": { + "$ref": "./examples/listAllPolicySetDefinitionVersionsByManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy set definition versions.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/listPolicySetDefinitionVersions": { + "post": { + "tags": [ + "PolicySetDefinitionVersions" + ], + "operationId": "PolicySetDefinitionVersions_ListAll", + "summary": "Lists all policy set definition versions within a subscription.", + "description": "This operation lists all the policy set definition versions for all policy set definitions within a subscription.", + "x-ms-examples": { + "List all policy definition versions at subscription": { + "$ref": "./examples/listAllPolicySetDefinitionVersions.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy set definition versions.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions/{policyDefinitionVersion}": { + "put": { + "tags": [ + "PolicySetDefinitionVersions" + ], + "operationId": "PolicySetDefinitionVersions_CreateOrUpdate", + "summary": "Creates or updates a policy set definition version.", + "description": "This operation creates or updates a policy set definition version in the given subscription with the given name and version.", + "x-ms-examples": { + "Create or update a policy set definition version": { + "$ref": "./examples/createOrUpdatePolicySetDefinitionVersion.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/PolicySetDefinitionName" + }, + { + "$ref": "#/parameters/PolicySetDefinitionVersion" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + }, + "description": "The policy set definition properties." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "201": { + "description": "Created - Returns information about the policy set definition version.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + } + }, + "200": { + "description": "OK - Successfully updated policy set definition version.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "tags": [ + "PolicySetDefinitionVersions" + ], + "operationId": "PolicySetDefinitionVersions_Delete", + "summary": "Deletes a policy set definition version.", + "description": "This operation deletes the policy set definition version in the given subscription with the given name and version.", + "x-ms-examples": { + "Delete a policy set definition version": { + "$ref": "./examples/deletePolicySetDefinitionVersion.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/PolicySetDefinitionName" + }, + { + "$ref": "#/parameters/PolicySetDefinitionVersion" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "204": { + "description": "No Content - the policy set definition doesn't exist in the subscription." + }, + "200": { + "description": "OK" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + }, + "get": { + "tags": [ + "PolicySetDefinitionVersions" + ], + "operationId": "PolicySetDefinitionVersions_Get", + "summary": "Retrieves a policy set definition version.", + "description": "This operation retrieves the policy set definition version in the given subscription with the given name and version.", + "x-ms-examples": { + "Retrieve a policy set definition version": { + "$ref": "./examples/getPolicySetDefinitionVersion.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/PolicySetDefinitionName" + }, + { + "$ref": "#/parameters/PolicySetDefinitionVersion" + }, + { + "$ref": "#/parameters/PolicySetDefinitionsExpandParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy set definition version.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions/{policyDefinitionVersion}": { + "get": { + "tags": [ + "PolicySetDefinitionVersions" + ], + "operationId": "PolicySetDefinitionVersions_GetBuiltIn", + "summary": "Retrieves a built in policy set definition version.", + "description": "This operation retrieves the built-in policy set definition version with the given name and version.", + "x-ms-examples": { + "Retrieve a built-in policy set definition version": { + "$ref": "./examples/getBuiltInPolicySetDefinitionVersion.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/PolicySetDefinitionName" + }, + { + "$ref": "#/parameters/PolicySetDefinitionVersion" + }, + { + "$ref": "#/parameters/PolicySetDefinitionsExpandParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the built in policy set definition version.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions": { + "get": { + "tags": [ + "PolicySetDefinitionVersions" + ], + "operationId": "PolicySetDefinitionVersions_List", + "summary": "Retrieves the policy set definition versions for a given policy set definition in a subscription.", + "description": "This operation retrieves a list of all the policy set definition versions for the given policy set definition.", + "x-ms-examples": { + "List policy set definitions": { + "$ref": "./examples/listPolicySetDefinitionVersions.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/PolicySetDefinitionName" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/PolicySetDefinitionsExpandParameter" + }, + { + "$ref": "#/parameters/TopParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy set definition versions.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions": { + "get": { + "tags": [ + "PolicySetDefinitionVersions" + ], + "operationId": "PolicySetDefinitionVersions_ListBuiltIn", + "summary": "Retrieves built-in policy set definition versions.", + "description": "This operation retrieves a list of all the built-in policy set definition versions for the given built-in policy set definition.", + "x-ms-examples": { + "List built-in policy set definitions": { + "$ref": "./examples/listBuiltInPolicySetDefinitionVersions.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/PolicySetDefinitionName" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/PolicySetDefinitionsExpandParameter" + }, + { + "$ref": "#/parameters/TopParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of built in policy set definition versions.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions/{policyDefinitionVersion}": { + "put": { + "tags": [ + "PolicySetDefinitionVersions" + ], + "operationId": "PolicySetDefinitionVersions_CreateOrUpdateAtManagementGroup", + "summary": "Creates or updates a policy set definition version.", + "description": "This operation creates or updates a policy set definition version in the given management group with the given name and version.", + "x-ms-examples": { + "Create or update a policy set definition version at management group level": { + "$ref": "./examples/createOrUpdatePolicySetDefinitionVersionAtManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "$ref": "#/parameters/PolicySetDefinitionName" + }, + { + "$ref": "#/parameters/PolicySetDefinitionVersion" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + }, + "description": "The policy set definition version properties." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "201": { + "description": "Created - Returns information about the policy set definition version.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + } + }, + "200": { + "description": "OK - Successfully updated policy set definition version.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "tags": [ + "PolicySetDefinitionVersions" + ], + "operationId": "PolicySetDefinitionVersions_DeleteAtManagementGroup", + "summary": "Deletes a policy set definition version.", + "description": "This operation deletes the policy set definition version in the given management group with the given name and version.", + "x-ms-examples": { + "Delete a policy set definition version at management group level": { + "$ref": "./examples/deletePolicySetDefinitionVersionAtManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "$ref": "#/parameters/PolicySetDefinitionName" + }, + { + "$ref": "#/parameters/PolicySetDefinitionVersion" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "204": { + "description": "No Content - the policy set definition doesn't exist in the subscription." + }, + "200": { + "description": "OK" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + }, + "get": { + "tags": [ + "PolicySetDefinitionVersions" + ], + "operationId": "PolicySetDefinitionVersions_GetAtManagementGroup", + "summary": "Retrieves a policy set definition version.", + "description": "This operation retrieves the policy set definition version in the given management group with the given name and version.", + "x-ms-examples": { + "Retrieve a policy set definition version at management group level": { + "$ref": "./examples/getPolicySetDefinitionVersionAtManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "$ref": "#/parameters/PolicySetDefinitionName" + }, + { + "$ref": "#/parameters/PolicySetDefinitionVersion" + }, + { + "$ref": "#/parameters/PolicySetDefinitionsExpandParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy set definition version.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions": { + "get": { + "tags": [ + "PolicySetDefinitionVersions" + ], + "operationId": "PolicySetDefinitionVersions_ListByManagementGroup", + "summary": "Retrieves all policy set definition versions for a given policy set definition in a management group.", + "description": "This operation retrieves a list of all the policy set definition versions for the given policy set definition in a given management group.", + "x-ms-examples": { + "List policy set definitions at management group level": { + "$ref": "./examples/listPolicySetDefinitionVersionsByManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "$ref": "#/parameters/PolicySetDefinitionName" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/PolicySetDefinitionsExpandParameter" + }, + { + "$ref": "#/parameters/TopParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy set definition versions.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + } + }, + "definitions": { + "PolicySetDefinitionVersionProperties": { + "type": "object", + "properties": { + "policyType": { + "type": "string", + "description": "The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.", + "enum": [ + "NotSpecified", + "BuiltIn", + "Custom", + "Static" + ], + "x-ms-enum": { + "name": "policyType", + "modelAsString": true + } + }, + "displayName": { + "type": "string", + "description": "The display name of the policy set definition." + }, + "description": { + "type": "string", + "description": "The policy set definition description." + }, + "metadata": { + "type": "object", + "description": "The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs." + }, + "parameters": { + "description": "The policy set definition parameters that can be used in policy definition references.", + "$ref": "./policyDefinitions.json#/definitions/ParameterDefinitions" + }, + "policyDefinitions": { + "type": "array", + "items": { + "$ref": "#/definitions/PolicyDefinitionReference" + }, + "x-ms-identifiers": [ + "policyDefinitionReferenceId" + ], + "description": "An array of policy definition references." + }, + "policyDefinitionGroups": { + "type": "array", + "items": { + "$ref": "#/definitions/PolicyDefinitionGroup" + }, + "x-ms-identifiers": [ + "name" + ], + "description": "The metadata describing groups of policy definition references within the policy set definition." + }, + "version": { + "type": "string", + "description": "The policy set definition version in #.#.# format." + } + }, + "required": [ + "policyDefinitions" + ], + "description": "The policy set definition properties." + }, + "PolicyDefinitionReference": { + "type": "object", + "properties": { + "policyDefinitionId": { + "type": "string", + "description": "The ID of the policy definition or policy set definition." + }, + "definitionVersion": { + "type": "string", + "description": "The version of the policy definition to use." + }, + "latestDefinitionVersion": { + "type": "string", + "description": "The latest version of the policy definition available. This is only present if requested via the $expand query parameter.", + "readOnly": true + }, + "effectiveDefinitionVersion": { + "type": "string", + "description": "The effective version of the policy definition in use. This is only present if requested via the $expand query parameter.", + "readOnly": true + }, + "parameters": { + "description": "The parameter values for the referenced policy rule. The keys are the parameter names.", + "$ref": "./policyAssignments.json#/definitions/ParameterValues" + }, + "policyDefinitionReferenceId": { + "type": "string", + "description": "A unique id (within the policy set definition) for this policy definition reference." + }, + "groupNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The name of the groups that this policy definition reference belongs to." + } + }, + "required": [ + "policyDefinitionId" + ], + "description": "The policy definition reference." + }, + "PolicyDefinitionGroup": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the group." + }, + "displayName": { + "type": "string", + "description": "The group's display name." + }, + "category": { + "type": "string", + "description": "The group's category." + }, + "description": { + "type": "string", + "description": "The group's description." + }, + "additionalMetadataId": { + "type": "string", + "description": "A resource ID of a resource that contains additional metadata about the group." + } + }, + "required": [ + "name" + ], + "description": "The policy definition group." + }, + "PolicySetDefinitionVersion": { + "type": "object", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/PolicySetDefinitionVersionProperties", + "description": "The policy set definition version properties." + }, + "id": { + "readOnly": true, + "type": "string", + "description": "The ID of the policy set definition version." + }, + "name": { + "readOnly": true, + "type": "string", + "description": "The name of the policy set definition version." + }, + "type": { + "readOnly": true, + "type": "string", + "description": "The type of the resource (Microsoft.Authorization/policySetDefinitions/versions)." + }, + "systemData": { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/definitions/systemData", + "readOnly": true, + "description": "The system metadata relating to this resource." + } + }, + "description": "The policy set definition version.", + "x-ms-azure-resource": true + }, + "PolicySetDefinitionVersionListResult": { + "type": "object", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + }, + "description": "An array of policy set definition versions." + }, + "nextLink": { + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "description": "List of policy set definition versions." + } + }, + "parameters": { + "PolicySetDefinitionName": { + "name": "policySetDefinitionName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy set definition.", + "x-ms-parameter-location": "method" + }, + "PolicySetDefinitionVersion": { + "name": "policyDefinitionVersion", + "in": "path", + "required": true, + "type": "string", + "pattern": "^\\d+\\.\\d+\\.\\d+$", + "description": "The policy set definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number", + "x-ms-parameter-location": "method" + }, + "PolicySetDefinitionsFilterParameter": { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}.", + "x-ms-skip-url-encoding": true, + "x-ms-parameter-location": "method" + }, + "PolicySetDefinitionsExpandParameter": { + "name": "$expand", + "in": "query", + "required": false, + "type": "string", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "x-ms-parameter-location": "method" + }, + "TopParameter": { + "name": "$top", + "in": "query", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000, + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/policySetDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/policySetDefinitions.json new file mode 100644 index 000000000000..fe8dafde6444 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/policySetDefinitions.json @@ -0,0 +1,761 @@ +{ + "swagger": "2.0", + "info": { + "title": "PolicyClient", + "version": "2025-03-01", + "description": "To manage and control access to your resources, you can define customized policies and assign them at a scope." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow.", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}": { + "put": { + "tags": [ + "PolicySetDefinitions" + ], + "operationId": "PolicySetDefinitions_CreateOrUpdate", + "summary": "Creates or updates a policy set definition.", + "description": "This operation creates or updates a policy set definition in the given subscription with the given name.", + "x-ms-examples": { + "Create or update a policy set definition": { + "$ref": "./examples/createOrUpdatePolicySetDefinition.json" + }, + "Create or update a policy set definition with groups": { + "$ref": "./examples/createOrUpdatePolicySetDefinitionWithGroups.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy set definition to create." + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + }, + "description": "The policy set definition properties." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "201": { + "description": "Created - Returns information about the policy set definition.", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "200": { + "description": "OK - Returns information about the policy set definition.", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "tags": [ + "PolicySetDefinitions" + ], + "operationId": "PolicySetDefinitions_Delete", + "summary": "Deletes a policy set definition.", + "description": "This operation deletes the policy set definition in the given subscription with the given name.", + "x-ms-examples": { + "Delete a policy set definition": { + "$ref": "./examples/deletePolicySetDefinition.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy set definition to delete." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "204": { + "description": "No Content - the policy set definition doesn't exist in the subscription." + }, + "200": { + "description": "OK" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + }, + "get": { + "tags": [ + "PolicySetDefinitions" + ], + "operationId": "PolicySetDefinitions_Get", + "summary": "Retrieves a policy set definition.", + "description": "This operation retrieves the policy set definition in the given subscription with the given name.", + "x-ms-examples": { + "Retrieve a policy set definition": { + "$ref": "./examples/getPolicySetDefinition.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy set definition to get." + }, + { + "$ref": "#/parameters/PolicySetDefinitionsExpandParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy set definition.", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}": { + "get": { + "tags": [ + "PolicySetDefinitions" + ], + "operationId": "PolicySetDefinitions_GetBuiltIn", + "summary": "Retrieves a built in policy set definition.", + "description": "This operation retrieves the built-in policy set definition with the given name.", + "x-ms-examples": { + "Retrieve a built-in policy set definition": { + "$ref": "./examples/getBuiltInPolicySetDefinition.json" + } + }, + "parameters": [ + { + "name": "policySetDefinitionName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy set definition to get." + }, + { + "$ref": "#/parameters/PolicySetDefinitionsExpandParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the built in policy set definition.", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions": { + "get": { + "tags": [ + "PolicySetDefinitions" + ], + "operationId": "PolicySetDefinitions_List", + "summary": "Retrieves the policy set definitions for a subscription.", + "description": "This operation retrieves a list of all the policy set definitions in a given subscription that match the optional given $filter. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, the unfiltered list includes all policy set definitions associated with the subscription, including those that apply directly or from management groups that contain the given subscription. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given subscription. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn and Custom. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}.", + "x-ms-examples": { + "List policy set definitions": { + "$ref": "./examples/listPolicySetDefinitions.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/PolicySetDefinitionsFilterParameter" + }, + { + "$ref": "#/parameters/PolicySetDefinitionsExpandParameter" + }, + { + "$ref": "#/parameters/TopParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy set definitions.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Authorization/policySetDefinitions": { + "get": { + "tags": [ + "PolicySetDefinitions" + ], + "operationId": "PolicySetDefinitions_ListBuiltIn", + "summary": "Retrieves built-in policy set definitions.", + "description": "This operation retrieves a list of all the built-in policy set definitions that match the optional given $filter. If $filter='category -eq {value}' is provided, the returned list only includes all built-in policy set definitions whose category match the {value}.", + "x-ms-examples": { + "List built-in policy set definitions": { + "$ref": "./examples/listBuiltInPolicySetDefinitions.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/PolicySetDefinitionsFilterParameter" + }, + { + "$ref": "#/parameters/PolicySetDefinitionsExpandParameter" + }, + { + "$ref": "#/parameters/TopParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of built in policy set definitions.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}": { + "put": { + "tags": [ + "PolicySetDefinitions" + ], + "operationId": "PolicySetDefinitions_CreateOrUpdateAtManagementGroup", + "summary": "Creates or updates a policy set definition.", + "description": "This operation creates or updates a policy set definition in the given management group with the given name.", + "x-ms-examples": { + "Create or update a policy set definition at management group level": { + "$ref": "./examples/createOrUpdatePolicySetDefinitionAtManagementGroup.json" + }, + "Create or update a policy set definition with groups at management group level": { + "$ref": "./examples/createOrUpdatePolicySetDefinitionWithGroupsAtManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/ManagementGroupIdParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy set definition to create." + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + }, + "description": "The policy set definition properties." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "201": { + "description": "Created - Returns information about the policy set definition.", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "200": { + "description": "OK - Returns information about the policy set definition.", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + }, + "delete": { + "tags": [ + "PolicySetDefinitions" + ], + "operationId": "PolicySetDefinitions_DeleteAtManagementGroup", + "summary": "Deletes a policy set definition.", + "description": "This operation deletes the policy set definition in the given management group with the given name.", + "x-ms-examples": { + "Delete a policy set definition at management group level": { + "$ref": "./examples/deletePolicySetDefinitionAtManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/ManagementGroupIdParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy set definition to delete." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "204": { + "description": "No Content - the policy set definition doesn't exist in the subscription." + }, + "200": { + "description": "OK" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + }, + "get": { + "tags": [ + "PolicySetDefinitions" + ], + "operationId": "PolicySetDefinitions_GetAtManagementGroup", + "summary": "Retrieves a policy set definition.", + "description": "This operation retrieves the policy set definition in the given management group with the given name.", + "x-ms-examples": { + "Retrieve a policy set definition at management group level": { + "$ref": "./examples/getPolicySetDefinitionAtManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/ManagementGroupIdParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy set definition to get." + }, + { + "$ref": "#/parameters/PolicySetDefinitionsExpandParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy set definition.", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policySetDefinitions": { + "get": { + "tags": [ + "PolicySetDefinitions" + ], + "operationId": "PolicySetDefinitions_ListByManagementGroup", + "summary": "Retrieves all policy set definitions in management group.", + "description": "This operation retrieves a list of all the policy set definitions in a given management group that match the optional given $filter. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, the unfiltered list includes all policy set definitions associated with the management group, including those that apply directly or from management groups that contain the given management group. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given management group. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn and Custom. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}.", + "x-ms-examples": { + "List policy set definitions at management group level": { + "$ref": "./examples/listPolicySetDefinitionsByManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/ManagementGroupIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/PolicySetDefinitionsFilterParameter" + }, + { + "$ref": "#/parameters/PolicySetDefinitionsExpandParameter" + }, + { + "$ref": "#/parameters/TopParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy set definitions.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + } + }, + "definitions": { + "PolicySetDefinitionProperties": { + "type": "object", + "properties": { + "policyType": { + "type": "string", + "description": "The type of policy set definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.", + "enum": [ + "NotSpecified", + "BuiltIn", + "Custom", + "Static" + ], + "x-ms-enum": { + "name": "policyType", + "modelAsString": true + } + }, + "displayName": { + "type": "string", + "description": "The display name of the policy set definition." + }, + "description": { + "type": "string", + "description": "The policy set definition description." + }, + "metadata": { + "type": "object", + "description": "The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs." + }, + "parameters": { + "description": "The policy set definition parameters that can be used in policy definition references.", + "$ref": "./policyDefinitions.json#/definitions/ParameterDefinitions" + }, + "policyDefinitions": { + "type": "array", + "items": { + "$ref": "#/definitions/PolicyDefinitionReference" + }, + "x-ms-identifiers": [ + "policyDefinitionReferenceId" + ], + "description": "An array of policy definition references." + }, + "policyDefinitionGroups": { + "type": "array", + "items": { + "$ref": "#/definitions/PolicyDefinitionGroup" + }, + "x-ms-identifiers": [ + "name" + ], + "description": "The metadata describing groups of policy definition references within the policy set definition." + }, + "version": { + "type": "string", + "description": "The policy set definition version in #.#.# format." + }, + "versions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of available versions for this policy set definition." + } + }, + "required": [ + "policyDefinitions" + ], + "description": "The policy set definition properties." + }, + "PolicyDefinitionReference": { + "type": "object", + "properties": { + "policyDefinitionId": { + "type": "string", + "description": "The ID of the policy definition or policy set definition." + }, + "definitionVersion": { + "type": "string", + "description": "The version of the policy definition to use." + }, + "latestDefinitionVersion": { + "type": "string", + "description": "The latest version of the policy definition available. This is only present if requested via the $expand query parameter.", + "readOnly": true + }, + "effectiveDefinitionVersion": { + "type": "string", + "description": "The effective version of the policy definition in use. This is only present if requested via the $expand query parameter.", + "readOnly": true + }, + "parameters": { + "description": "The parameter values for the referenced policy rule. The keys are the parameter names.", + "$ref": "./policyAssignments.json#/definitions/ParameterValues" + }, + "policyDefinitionReferenceId": { + "type": "string", + "description": "A unique id (within the policy set definition) for this policy definition reference." + }, + "groupNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The name of the groups that this policy definition reference belongs to." + } + }, + "required": [ + "policyDefinitionId" + ], + "description": "The policy definition reference." + }, + "PolicyDefinitionGroup": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the group." + }, + "displayName": { + "type": "string", + "description": "The group's display name." + }, + "category": { + "type": "string", + "description": "The group's category." + }, + "description": { + "type": "string", + "description": "The group's description." + }, + "additionalMetadataId": { + "type": "string", + "description": "A resource ID of a resource that contains additional metadata about the group." + } + }, + "required": [ + "name" + ], + "description": "The policy definition group." + }, + "PolicySetDefinition": { + "type": "object", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/PolicySetDefinitionProperties", + "description": "The policy set definition properties." + }, + "id": { + "readOnly": true, + "type": "string", + "description": "The ID of the policy set definition." + }, + "name": { + "readOnly": true, + "type": "string", + "description": "The name of the policy set definition." + }, + "type": { + "readOnly": true, + "type": "string", + "description": "The type of the resource (Microsoft.Authorization/policySetDefinitions)." + }, + "systemData": { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/definitions/systemData", + "readOnly": true, + "description": "The system metadata relating to this resource." + } + }, + "description": "The policy set definition.", + "x-ms-azure-resource": true + }, + "PolicySetDefinitionListResult": { + "type": "object", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/PolicySetDefinition" + }, + "description": "An array of policy set definitions." + }, + "nextLink": { + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "description": "List of policy set definitions." + } + }, + "parameters": { + "ManagementGroupIdParameter": { + "name": "managementGroupId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the management group.", + "x-ms-parameter-location": "method" + }, + "PolicySetDefinitionsFilterParameter": { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}.", + "x-ms-skip-url-encoding": true, + "x-ms-parameter-location": "method" + }, + "PolicySetDefinitionsExpandParameter": { + "name": "$expand", + "in": "query", + "required": false, + "type": "string", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "x-ms-parameter-location": "method" + }, + "TopParameter": { + "name": "$top", + "in": "query", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000, + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/policyTokens.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/policyTokens.json new file mode 100644 index 000000000000..3aefb7bc9c27 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2025-03-01/policyTokens.json @@ -0,0 +1,312 @@ +{ + "swagger": "2.0", + "info": { + "title": "PolicyClient", + "version": "2025-03-01", + "description": "Allows resource operations to call external endpoints, issuing tokens upon validation." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow.", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/acquirePolicyToken": { + "post": { + "tags": [ + "PolicyTokens" + ], + "operationId": "PolicyTokens_Acquire", + "summary": "Acquires a policy token.", + "description": "This operation acquires a policy token in the given subscription for the given request body.", + "x-ms-examples": { + "Acquire a policy token": { + "$ref": "./examples/acquirePolicyToken.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyTokenRequest" + }, + "description": "The policy token properties." + } + ], + "responses": { + "200": { + "description": "Successfully acquired the policy token.", + "schema": { + "$ref": "#/definitions/PolicyTokenResponse" + } + }, + "202": { + "description": "Accepted and the request for acquiring the policy token is being processed asynchronously." + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-long-running-operation": true, + "x-ms-long-running-operation-options": { + "final-state-via": "azure-async-operation" + } + } + } + }, + "definitions": { + "PolicyTokenRequest": { + "type": "object", + "properties": { + "operation": { + "description": "The resource operation to acquire a token for.", + "$ref": "#/definitions/PolicyTokenOperation" + }, + "changeReference": { + "type": "string", + "description": "The change reference." + } + }, + "description": "The policy token request properties." + }, + "PolicyTokenResponse": { + "type": "object", + "properties": { + "result": { + "type": "string", + "description": "The result of the completed token acquisition operation. Possible values are Succeeded and Failed.", + "enum": [ + "Succeeded", + "Failed" + ], + "x-ms-enum": { + "name": "policyTokenResult", + "modelAsString": true + } + }, + "message": { + "type": "string", + "description": "Status message with additional details about the token acquisition operation result." + }, + "retryAfter": { + "type": "string", + "format": "date-time", + "description": "The date and time after which the client can try to acquire a token again in the case of retry-able failures." + }, + "results": { + "type": "array", + "items": { + "$ref": "#/definitions/ExternalEvaluationEndpointInvocationResult" + }, + "description": "An array of external evaluation endpoint invocation results." + }, + "changeReference": { + "type": "string", + "description": "The change reference associated with the operation for which the token is acquired." + }, + "token": { + "type": "string", + "description": "The issued policy token." + }, + "tokenId": { + "type": "string", + "description": "The unique Id assigned to the policy token." + }, + "expiration": { + "type": "string", + "format": "date-time", + "description": "The expiration of the policy token." + } + }, + "description": "The policy token response properties." + }, + "PolicyTokenOperation": { + "type": "object", + "properties": { + "uri": { + "type": "string", + "description": "The request URI of the resource operation." + }, + "httpMethod": { + "type": "string", + "description": "The http method of the resource operation." + }, + "content": { + "type": "object", + "description": "The payload of the resource operation." + } + }, + "description": "The resource operation to acquire a token for." + }, + "ExternalEvaluationEndpointInvocationResult": { + "type": "object", + "properties": { + "policyInfo": { + "description": "The details of the policy requiring the external endpoint invocation.", + "$ref": "#/definitions/PolicyLogInfo" + }, + "result": { + "type": "string", + "description": "The result of the external endpoint. Possible values are Succeeded and Failed.", + "enum": [ + "Succeeded", + "Failed" + ], + "x-ms-enum": { + "name": "externalEndpointResult", + "modelAsString": true + } + }, + "message": { + "type": "string", + "description": "The status message with additional details about the invocation result." + }, + "retryAfter": { + "type": "string", + "format": "date-time", + "description": "The date and time after which a failed endpoint invocation can be retried." + }, + "claims": { + "type": "object", + "description": "The set of claims that will be attached to the policy token as an attestation for the result of the endpoint invocation." + }, + "expiration": { + "type": "string", + "format": "date-time", + "description": "The expiration of the results." + } + }, + "description": "The external evaluation endpoint invocation results." + }, + "PolicyLogInfo": { + "type": "object", + "properties": { + "policyDefinitionId": { + "type": "string", + "description": "The policy definition Id." + }, + "policySetDefinitionId": { + "type": "string", + "description": "The policy set definition Id." + }, + "policyDefinitionReferenceId": { + "type": "string", + "description": "The policy definition instance Id inside a policy set." + }, + "policySetDefinitionName": { + "type": "string", + "description": "The policy set definition name." + }, + "policySetDefinitionDisplayName": { + "type": "string", + "description": "The policy set definition display name." + }, + "policySetDefinitionVersion": { + "type": "string", + "description": "The policy set definition version." + }, + "policySetDefinitionCategory": { + "type": "string", + "description": "The policy set definition category." + }, + "policyDefinitionName": { + "type": "string", + "description": "The policy definition name." + }, + "policyDefinitionDisplayName": { + "type": "string", + "description": "The policy definition display name." + }, + "policyDefinitionVersion": { + "type": "string", + "description": "The policy definition version." + }, + "policyDefinitionEffect": { + "type": "string", + "description": "The policy definition action." + }, + "policyDefinitionGroupNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of policy definition group names." + }, + "policyAssignmentId": { + "type": "string", + "description": "The policy assignment Id." + }, + "policyAssignmentName": { + "type": "string", + "description": "The policy assignment name." + }, + "policyAssignmentDisplayName": { + "type": "string", + "description": "The policy assignment display name." + }, + "policyAssignmentVersion": { + "type": "string", + "description": "The policy assignment version." + }, + "policyAssignmentScope": { + "type": "string", + "description": "The policy assignment scope." + }, + "resourceLocation": { + "type": "string", + "description": "The resource location." + }, + "ancestors": { + "type": "string", + "description": "The management group ancestors." + }, + "complianceReasonCode": { + "type": "string", + "description": "The policy compliance reason code." + }, + "policyExemptionIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of policy exemption Ids." + } + }, + "description": "The policy log info." + } + } +} diff --git a/specification/resources/resource-manager/readme.md b/specification/resources/resource-manager/readme.md index a91a7215a859..02c9b408b9b6 100644 --- a/specification/resources/resource-manager/readme.md +++ b/specification/resources/resource-manager/readme.md @@ -42,7 +42,7 @@ tag: package-locks-2020-05 ``` ``` yaml $(package-policy) -tag: package-policy-2025-01-stable +tag: package-policy-2025-03-stable ``` ``` yaml $(package-databoundaries) @@ -97,11 +97,29 @@ tag: package-snapshots-2022-11 tag: package-bicep-2023-11 ``` -### Tag: package-policy-2025-01-stable +### Tag: package-policy-2025-03-stable -These settings apply only when `--tag=package-policy-2025-01-stable` is specified on the command line. +These settings apply only when `--tag=package-2025-03-01` is specified on the command line. -```yaml $(tag) == 'package-policy-2025-01-stable' +```yaml $(tag) == 'package-policy-2025-03-stable' +input-file: + - Microsoft.Authorization/stable/2025-03-01/policyAssignments.json + - Microsoft.Authorization/stable/2025-03-01/policyDefinitions.json + - Microsoft.Authorization/stable/2025-03-01/policyDefinitionVersions.json + - Microsoft.Authorization/stable/2025-03-01/policySetDefinitions.json + - Microsoft.Authorization/stable/2025-03-01/policySetDefinitionVersions.json + - Microsoft.Authorization/stable/2025-03-01/policyTokens.json + +# Needed when there is more than one input file +override-info: + title: PolicyClient +``` + +### Tag: package-policy-2025-01 + +These settings apply only when `--tag=package-policy-2025-01` is specified on the command line. + +```yaml $(tag) == 'package-policy-2025-01' input-file: - Microsoft.Authorization/stable/2025-01-01/policyDefinitions.json - Microsoft.Authorization/stable/2025-01-01/policyDefinitionVersions.json @@ -1669,4 +1687,4 @@ batch: - package-changes: true - package-snapshots: true - package-bicep: true -``` +``` \ No newline at end of file diff --git a/specification/resources/resource-manager/sdk-suppressions.yaml b/specification/resources/resource-manager/sdk-suppressions.yaml index 919761a7b43e..148ac5b05a8d 100644 --- a/specification/resources/resource-manager/sdk-suppressions.yaml +++ b/specification/resources/resource-manager/sdk-suppressions.yaml @@ -105,4 +105,9 @@ suppressions: - Removed Enum KnownAliasPathTokenType - Removed Enum KnownExemptionCategory - Removed operation group DataPolicyManifests - - Removed operation group PolicyExemptions \ No newline at end of file + - Removed operation group PolicyExemptions + - Interface ErrorResponse no longer has parameter additionalInfo + - Interface ErrorResponse no longer has parameter code + - Interface ErrorResponse no longer has parameter details + - Interface ErrorResponse no longer has parameter message + - Interface ErrorResponse no longer has parameter target \ No newline at end of file