Skip to content

Commit

Permalink
Update Swagger for New PolicyDefinitions and PolicyTokens API (#32306)
Browse files Browse the repository at this point in the history 
* Copy files from stable/2025-01-01

Copied the files in a separate commit.
This allows reviewers to easily diff subsequent changes against the previous spec.

* Update version to stable/2025-03-01

Updated the API version from stable/2025-01-01 to stable/2025-03-01.

* Added tag for 2025-03-01 in readme file

* Update readme.md

* Add external evaluation enforcement settings contract

* Add policy token API contract

* Swagger PrettierCheck

* Swagger PrettierCheck

* Fix JsonSerializationException

* Update contract

* Swagger LintDiff

* Increment to v6

* Revert "Increment to v6"

This reverts commit 64631c5.

* Update error response

* Update duration

* Update sdk-suppressions.yaml

---------

Co-authored-by: Celina Zhao <[email protected]>
Co-authored-by: kazrael2119 <[email protected]>
  • Loading branch information
@Celinadhh @kazrael2119
3 people authored Feb 25, 2025
1 parent 2f4175a commit fcd1c49
Show file tree
Hide file tree
Showing 87 changed files with 10,651 additions and 6 deletions.
67 changes: 67 additions & 0 deletions ...source-manager/Microsoft.Authorization/stable/2025-03-01/examples/acquirePolicyToken.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
{
"parameters": {
"subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
"api-version": "2025-03-01",
"parameters": {
"operation": {
"uri": "https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testRG/providers/Microsoft.Compute/virtualMachines/testVM?api-version=2024-01-01",
"httpMethod": "delete"
}
}
},
"responses": {
"200": {
"body": {
"result": "Succeeded",
"results": [
{
"policyInfo": {
"policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/5ed64d02",
"policyAssignmentId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/3f2def86"
},
"result": "Succeeded",
"message": "Coin flip successful (success probability: '1').",
"claims": {
"isValid": false,
"string": "testString",
"int": 2,
"double": 0.99,
"date": "2025-01-01T19:30:00.00Z",
"testObject": {
"id": 12345,
"name": "Complex Object",
"details": {
"createdBy": "John Doe",
"createdDate": "2024-12-13T12:00:00Z",
"metadata": {
"version": "1.0.0",
"isActive": true,
"tags": [
"example",
"test",
"object"
]
}
}
},
"testArray": [
"Apple",
"Banana",
"Cherry"
]
},
"expiration": "2025-01-01T21:30:00.00Z"
}
],
"token": "PoP 7zmVse52pjMKPQd5m2uiNjz5UV2pZ.LPGtRiTeuCDBomEVbzj9kIaL9odEmlNv4D9VzyrQLTAyv4HHnUR7oNytWnL.AQrZ5bSGAQZzr8eySqvugzrD-ceRVL311SL3Nn6f-4c9kgPgU_u1ArXQKW25QCxMlsAuWmaE",
"tokenId": "0da8a969-c660-4de0-a6a4-b2034d4325e4",
"expiration": "2025-01-01T21:30:00.00Z"
}
},
"202": {
"headers": {
"Azure-AsyncOperation": "https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/operationResults/h723ksf8"
}
}
}
}
95 changes: 95 additions & 0 deletions ...er/Microsoft.Authorization/stable/2025-03-01/examples/createOrUpdatePolicyDefinition.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
{
"parameters": {
"subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
"policyDefinitionName": "ResourceNaming",
"api-version": "2025-03-01",
"parameters": {
"properties": {
"mode": "All",
"displayName": "Enforce resource naming convention",
"description": "Force resource names to begin with given 'prefix' and/or end with given 'suffix'",
"metadata": {
"category": "Naming"
},
"policyRule": {
"if": {
"not": {
"field": "name",
"like": "[concat(parameters('prefix'), '*', parameters('suffix'))]"
}
},
"then": {
"effect": "deny"
}
},
"parameters": {
"prefix": {
"type": "String",
"metadata": {
"displayName": "Prefix",
"description": "Resource name prefix"
}
},
"suffix": {
"type": "String",
"metadata": {
"displayName": "Suffix",
"description": "Resource name suffix"
}
}
}
}
}
},
"responses": {
"201": {
"headers": {},
"body": {
"id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
"type": "Microsoft.Authorization/policyDefinitions",
"name": "ResourceNaming",
"properties": {
"mode": "All",
"displayName": "Naming Convention",
"description": "Force resource names to begin with 'prefix' and end with 'suffix'",
"metadata": {
"category": "Naming"
},
"version": "1.2.1",
"versions": [
"1.2.1",
"1.0.0"
],
"policyRule": {
"if": {
"not": {
"field": "name",
"like": "[concat(parameters('prefix'), '*', parameters('suffix'))]"
}
},
"then": {
"effect": "deny"
}
},
"parameters": {
"prefix": {
"type": "String",
"metadata": {
"displayName": "Prefix",
"description": "Resource name prefix"
}
},
"suffix": {
"type": "String",
"metadata": {
"displayName": "Suffix",
"description": "Resource name suffix"
}
}
},
"policyType": "Custom"
}
}
}
}
}
122 changes: 122 additions & 0 deletions ...uthorization/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionAdvancedParams.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,122 @@
{
"parameters": {
"subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2",
"policyDefinitionName": "EventHubDiagnosticLogs",
"api-version": "2025-03-01",
"parameters": {
"properties": {
"mode": "Indexed",
"displayName": "Event Hubs should have diagnostic logging enabled",
"description": "Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised",
"metadata": {
"category": "Event Hub"
},
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.EventHub/namespaces"
},
"then": {
"effect": "AuditIfNotExists",
"details": {
"type": "Microsoft.Insights/diagnosticSettings",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled",
"equals": "true"
},
{
"field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days",
"equals": "[parameters('requiredRetentionDays')]"
}
]
}
}
}
},
"parameters": {
"requiredRetentionDays": {
"type": "Integer",
"defaultValue": 365,
"allowedValues": [
0,
30,
90,
180,
365
],
"metadata": {
"displayName": "Required retention (days)",
"description": "The required diagnostic logs retention in days"
}
}
}
}
}
},
"responses": {
"201": {
"headers": {},
"body": {
"id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
"type": "Microsoft.Authorization/policyDefinitions",
"name": "ResourceNaming",
"properties": {
"mode": "Indexed",
"displayName": "Event Hubs should have diagnostic logging enabled",
"description": "Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised",
"metadata": {
"category": "Event Hub"
},
"version": "1.2.1",
"versions": [
"1.2.1",
"1.0.0"
],
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.EventHub/namespaces"
},
"then": {
"effect": "AuditIfNotExists",
"details": {
"type": "Microsoft.Insights/diagnosticSettings",
"existenceCondition": {
"allOf": [
{
"field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled",
"equals": "true"
},
{
"field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days",
"equals": "[parameters('requiredRetentionDays')]"
}
]
}
}
}
},
"parameters": {
"requiredRetentionDays": {
"type": "Integer",
"defaultValue": 365,
"allowedValues": [
0,
30,
90,
180,
365
],
"metadata": {
"displayName": "Required retention (days)",
"description": "The required diagnostic logs retention in days"
}
}
}
}
}
}
}
}
95 changes: 95 additions & 0 deletions ...orization/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionAtManagementGroup.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
{
"parameters": {
"managementGroupId": "MyManagementGroup",
"policyDefinitionName": "ResourceNaming",
"api-version": "2025-03-01",
"parameters": {
"properties": {
"mode": "All",
"displayName": "Enforce resource naming convention",
"description": "Force resource names to begin with given 'prefix' and/or end with given 'suffix'",
"metadata": {
"category": "Naming"
},
"policyRule": {
"if": {
"not": {
"field": "name",
"like": "[concat(parameters('prefix'), '*', parameters('suffix'))]"
}
},
"then": {
"effect": "deny"
}
},
"parameters": {
"prefix": {
"type": "String",
"metadata": {
"displayName": "Prefix",
"description": "Resource name prefix"
}
},
"suffix": {
"type": "String",
"metadata": {
"displayName": "Suffix",
"description": "Resource name suffix"
}
}
}
}
}
},
"responses": {
"201": {
"headers": {},
"body": {
"id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming",
"type": "Microsoft.Authorization/policyDefinitions",
"name": "ResourceNaming",
"properties": {
"mode": "All",
"displayName": "Naming Convention",
"description": "Force resource names to begin with 'prefix' and end with 'suffix'",
"metadata": {
"category": "Naming"
},
"version": "1.2.1",
"versions": [
"1.2.1",
"1.0.0"
],
"policyRule": {
"if": {
"not": {
"field": "name",
"like": "[concat(parameters('prefix'), '*', parameters('suffix'))]"
}
},
"then": {
"effect": "deny"
}
},
"parameters": {
"prefix": {
"type": "String",
"metadata": {
"displayName": "Prefix",
"description": "Resource name prefix"
}
},
"suffix": {
"type": "String",
"metadata": {
"displayName": "Suffix",
"description": "Resource name suffix"
}
}
},
"policyType": "Custom"
}
}
}
}
}
Loading

0 comments on commit fcd1c49

Please sign in to comment.