From 8ad81f2b3beeb56e6f9b794aba2907e509c2eef1 Mon Sep 17 00:00:00 2001 From: Robert Gao Date: Thu, 1 Aug 2024 15:52:28 -0700 Subject: [PATCH] Update Azure Policy api-version to 2024-05-01 (#29790) * Copied from the previous api-version * Add the new override kind * update sdk-suppressions.yaml * Address linter rules * Address lint error --------- Co-authored-by: Alancere <804873052@qq.com> --- .../common/v2/types.json | 120 ++ .../createOrUpdatePolicyDefinition.json | 95 ++ ...rUpdatePolicyDefinitionAdvancedParams.json | 122 ++ ...datePolicyDefinitionAtManagementGroup.json | 95 ++ ...createOrUpdatePolicyDefinitionVersion.json | 138 +++ ...icyDefinitionVersionAtManagementGroup.json | 138 +++ .../createOrUpdatePolicySetDefinition.json | 160 +++ ...ePolicySetDefinitionAtManagementGroup.json | 135 +++ ...ateOrUpdatePolicySetDefinitionVersion.json | 161 +++ ...SetDefinitionVersionAtManagementGroup.json | 133 +++ ...OrUpdatePolicySetDefinitionWithGroups.json | 196 +++ ...DefinitionWithGroupsAtManagementGroup.json | 194 +++ .../examples/createPolicyAssignment.json | 65 + .../examples/createPolicyAssignmentById.json | 55 + ...PolicyAssignmentNonComplianceMessages.json | 60 + .../createPolicyAssignmentWithIdentity.json | 66 + ...reatePolicyAssignmentWithIdentityById.json | 65 + .../createPolicyAssignmentWithOverrides.json | 83 ++ ...PolicyAssignmentWithResourceSelectors.json | 67 ++ ...icyAssignmentWithUserAssignedIdentity.json | 73 ++ ...atePolicyAssignmentWithoutEnforcement.json | 56 + .../examples/deletePolicyAssignment.json | 39 + .../examples/deletePolicyAssignmentById.json | 37 + .../examples/deletePolicyDefinition.json | 15 + ...letePolicyDefinitionAtManagementGroup.json | 15 + .../deletePolicyDefinitionVersion.json | 16 + ...icyDefinitionVersionAtManagementGroup.json | 16 + .../examples/deletePolicySetDefinition.json | 15 + ...ePolicySetDefinitionAtManagementGroup.json | 15 + .../deletePolicySetDefinitionVersion.json | 16 + ...SetDefinitionVersionAtManagementGroup.json | 16 + .../getBuiltInPolicySetDefinition.json | 82 ++ .../getBuiltInPolicySetDefinitionVersion.json | 79 ++ .../examples/getBuiltinPolicyDefinition.json | 57 + .../getBuiltinPolicyDefinitionVersion.json | 54 + .../examples/getPolicyAssignment.json | 37 + .../examples/getPolicyAssignmentById.json | 35 + .../getPolicyAssignmentWithIdentity.json | 43 + .../getPolicyAssignmentWithIdentityById.json | 41 + .../getPolicyAssignmentWithOverrides.json | 44 + ...PolicyAssignmentWithResourceSelectors.json | 43 + ...icyAssignmentWithUserAssignedIdentity.json | 47 + .../examples/getPolicyDefinition.json | 58 + .../getPolicyDefinitionAtManagementGroup.json | 58 + .../examples/getPolicyDefinitionVersion.json | 55 + ...icyDefinitionVersionAtManagementGroup.json | 55 + .../examples/getPolicySetDefinition.json | 75 ++ ...tPolicySetDefinitionAtManagementGroup.json | 57 + .../getPolicySetDefinitionVersion.json | 72 ++ ...SetDefinitionVersionAtManagementGroup.json | 54 + ...istAllBuiltInPolicyDefinitionVersions.json | 105 ++ ...AllBuiltInPolicySetDefinitionVersions.json | 81 ++ .../listAllPolicyDefinitionVersions.json | 99 ++ ...cyDefinitionVersionsByManagementGroup.json | 99 ++ .../listAllPolicySetDefinitionVersions.json | 56 + ...etDefinitionVersionsByManagementGroup.json | 123 ++ .../listBuiltInPolicyDefinitionVersions.json | 106 ++ .../listBuiltInPolicyDefinitions.json | 145 +++ ...istBuiltInPolicySetDefinitionVersions.json | 82 ++ .../listBuiltInPolicySetDefinitions.json | 85 ++ .../examples/listPolicyAssignments.json | 56 + ...stPolicyAssignmentsForManagementGroup.json | 56 + .../listPolicyAssignmentsForResource.json | 60 + ...listPolicyAssignmentsForResourceGroup.json | 57 + .../listPolicyDefinitionVersions.json | 100 ++ ...cyDefinitionVersionsByManagementGroup.json | 100 ++ .../examples/listPolicyDefinitions.json | 143 +++ ...istPolicyDefinitionsByManagementGroup.json | 106 ++ .../listPolicySetDefinitionVersions.json | 57 + ...etDefinitionVersionsByManagementGroup.json | 57 + .../examples/listPolicySetDefinitions.json | 131 ++ ...PolicySetDefinitionsByManagementGroup.json | 129 ++ .../updatePolicyAssignmentWithIdentity.json | 49 + ...pdatePolicyAssignmentWithIdentityById.json | 47 + .../updatePolicyAssignmentWithOverrides.json | 63 + ...PolicyAssignmentWithResourceSelectors.json | 61 + ...icyAssignmentWithUserAssignedIdentity.json | 56 + .../stable/2024-05-01/policyAssignments.json | 1063 +++++++++++++++++ .../2024-05-01/policyDefinitionVersions.json | 822 +++++++++++++ .../stable/2024-05-01/policyDefinitions.json | 716 +++++++++++ .../policySetDefinitionVersions.json | 826 +++++++++++++ .../2024-05-01/policySetDefinitions.json | 735 ++++++++++++ .../resources/resource-manager/readme.md | 106 +- .../resource-manager/sdk-suppressions.yaml | 68 +- 84 files changed, 10151 insertions(+), 17 deletions(-) create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/common/v2/types.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicyDefinition.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicyDefinitionAdvancedParams.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicyDefinitionAtManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicyDefinitionVersion.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicyDefinitionVersionAtManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicySetDefinition.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicySetDefinitionAtManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicySetDefinitionVersion.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicySetDefinitionVersionAtManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicySetDefinitionWithGroups.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicySetDefinitionWithGroupsAtManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignment.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignmentById.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignmentNonComplianceMessages.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignmentWithIdentity.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignmentWithIdentityById.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignmentWithOverrides.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignmentWithResourceSelectors.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignmentWithUserAssignedIdentity.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignmentWithoutEnforcement.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicyAssignment.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicyAssignmentById.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicyDefinition.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicyDefinitionAtManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicyDefinitionVersion.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicyDefinitionVersionAtManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicySetDefinition.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicySetDefinitionAtManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicySetDefinitionVersion.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicySetDefinitionVersionAtManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getBuiltInPolicySetDefinition.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getBuiltInPolicySetDefinitionVersion.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getBuiltinPolicyDefinition.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getBuiltinPolicyDefinitionVersion.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyAssignment.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyAssignmentById.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyAssignmentWithIdentity.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyAssignmentWithIdentityById.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyAssignmentWithOverrides.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyAssignmentWithResourceSelectors.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyAssignmentWithUserAssignedIdentity.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyDefinition.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyDefinitionAtManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyDefinitionVersion.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyDefinitionVersionAtManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicySetDefinition.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicySetDefinitionAtManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicySetDefinitionVersion.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicySetDefinitionVersionAtManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listAllBuiltInPolicyDefinitionVersions.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listAllBuiltInPolicySetDefinitionVersions.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listAllPolicyDefinitionVersions.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listAllPolicyDefinitionVersionsByManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listAllPolicySetDefinitionVersions.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listAllPolicySetDefinitionVersionsByManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listBuiltInPolicyDefinitionVersions.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listBuiltInPolicyDefinitions.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listBuiltInPolicySetDefinitionVersions.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listBuiltInPolicySetDefinitions.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicyAssignments.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicyAssignmentsForManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicyAssignmentsForResource.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicyAssignmentsForResourceGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicyDefinitionVersions.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicyDefinitionVersionsByManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicyDefinitions.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicyDefinitionsByManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicySetDefinitionVersions.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicySetDefinitionVersionsByManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicySetDefinitions.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicySetDefinitionsByManagementGroup.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/updatePolicyAssignmentWithIdentity.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/updatePolicyAssignmentWithIdentityById.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/updatePolicyAssignmentWithOverrides.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/updatePolicyAssignmentWithResourceSelectors.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/updatePolicyAssignmentWithUserAssignedIdentity.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/policyAssignments.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/policyDefinitionVersions.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/policyDefinitions.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/policySetDefinitionVersions.json create mode 100644 specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/policySetDefinitions.json diff --git a/specification/resources/resource-manager/Microsoft.Authorization/common/v2/types.json b/specification/resources/resource-manager/Microsoft.Authorization/common/v2/types.json new file mode 100644 index 000000000000..39b87c744fac --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/common/v2/types.json @@ -0,0 +1,120 @@ +{ + "swagger": "2.0", + "info": { + "title": "PolicyClient", + "version": "v2" + }, + "paths": {}, + "definitions": { + "Selector": { + "description": "The selector expression.", + "type": "object", + "properties": { + "kind": { + "type": "string", + "description": "The selector kind.", + "enum": [ + "resourceLocation", + "resourceType", + "resourceWithoutLocation", + "policyDefinitionReferenceId" + ], + "x-ms-enum": { + "name": "SelectorKind", + "modelAsString": true, + "values": [ + { + "value": "resourceLocation", + "description": "The selector kind to filter policies by the resource location." + }, + { + "value": "resourceType", + "description": "The selector kind to filter policies by the resource type." + }, + { + "value": "resourceWithoutLocation", + "description": "The selector kind to filter policies by the resource without location." + }, + { + "value": "policyDefinitionReferenceId", + "description": "The selector kind to filter policies by the policy definition reference ID." + } + ] + } + }, + "in": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of values to filter in." + }, + "notIn": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of values to filter out." + } + } + }, + "ResourceSelector": { + "description": "The resource selector to filter policies by resource properties.", + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the resource selector." + }, + "selectors": { + "type": "array", + "items": { + "$ref": "#/definitions/Selector" + }, + "x-ms-identifiers": [], + "description": "The list of the selector expressions." + } + } + }, + "Override": { + "description": "The policy property value override.", + "type": "object", + "properties": { + "kind": { + "type": "string", + "description": "The override kind.", + "enum": [ + "policyEffect", + "definitionVersion" + ], + "x-ms-enum": { + "name": "OverrideKind", + "modelAsString": true, + "values": [ + { + "value": "policyEffect", + "description": "It will override the policy effect type." + }, + { + "value": "definitionVersion", + "description": "It will override the definition version property value of the policy assignment." + } + ] + } + }, + "value": { + "type": "string", + "description": "The value to override the policy property." + }, + "selectors": { + "type": "array", + "items": { + "$ref": "#/definitions/Selector" + }, + "x-ms-identifiers": [], + "description": "The list of the selector expressions." + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicyDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicyDefinition.json new file mode 100644 index 000000000000..3b0eab5d8a88 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicyDefinition.json @@ -0,0 +1,95 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyDefinitionName": "ResourceNaming", + "api-version": "2024-05-01", + "parameters": { + "properties": { + "mode": "All", + "displayName": "Enforce resource naming convention", + "description": "Force resource names to begin with given 'prefix' and/or end with given 'suffix'", + "metadata": { + "category": "Naming" + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + } + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "ResourceNaming", + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicyDefinitionAdvancedParams.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicyDefinitionAdvancedParams.json new file mode 100644 index 000000000000..b087ac2f86d2 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicyDefinitionAdvancedParams.json @@ -0,0 +1,122 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyDefinitionName": "EventHubDiagnosticLogs", + "api-version": "2024-05-01", + "parameters": { + "properties": { + "mode": "Indexed", + "displayName": "Event Hubs should have diagnostic logging enabled", + "description": "Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised", + "metadata": { + "category": "Event Hub" + }, + "policyRule": { + "if": { + "field": "type", + "equals": "Microsoft.EventHub/namespaces" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "type": "Microsoft.Insights/diagnosticSettings", + "existenceCondition": { + "allOf": [ + { + "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled", + "equals": "true" + }, + { + "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days", + "equals": "[parameters('requiredRetentionDays')]" + } + ] + } + } + } + }, + "parameters": { + "requiredRetentionDays": { + "type": "Integer", + "defaultValue": 365, + "allowedValues": [ + 0, + 30, + 90, + 180, + 365 + ], + "metadata": { + "displayName": "Required retention (days)", + "description": "The required diagnostic logs retention in days" + } + } + } + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "ResourceNaming", + "properties": { + "mode": "Indexed", + "displayName": "Event Hubs should have diagnostic logging enabled", + "description": "Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised", + "metadata": { + "category": "Event Hub" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyRule": { + "if": { + "field": "type", + "equals": "Microsoft.EventHub/namespaces" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "type": "Microsoft.Insights/diagnosticSettings", + "existenceCondition": { + "allOf": [ + { + "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled", + "equals": "true" + }, + { + "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days", + "equals": "[parameters('requiredRetentionDays')]" + } + ] + } + } + } + }, + "parameters": { + "requiredRetentionDays": { + "type": "Integer", + "defaultValue": 365, + "allowedValues": [ + 0, + 30, + 90, + 180, + 365 + ], + "metadata": { + "displayName": "Required retention (days)", + "description": "The required diagnostic logs retention in days" + } + } + } + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicyDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicyDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..a7d98c203e00 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicyDefinitionAtManagementGroup.json @@ -0,0 +1,95 @@ +{ + "parameters": { + "managementGroupId": "MyManagementGroup", + "policyDefinitionName": "ResourceNaming", + "api-version": "2024-05-01", + "parameters": { + "properties": { + "mode": "All", + "displayName": "Enforce resource naming convention", + "description": "Force resource names to begin with given 'prefix' and/or end with given 'suffix'", + "metadata": { + "category": "Naming" + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + } + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "ResourceNaming", + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicyDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicyDefinitionVersion.json new file mode 100644 index 000000000000..352faf93543e --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicyDefinitionVersion.json @@ -0,0 +1,138 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyDefinitionName": "ResourceNaming", + "policyDefinitionVersion": "1.2.1", + "api-version": "2024-05-01", + "parameters": { + "properties": { + "mode": "All", + "displayName": "Enforce resource naming convention", + "description": "Force resource names to begin with given 'prefix' and/or end with given 'suffix'", + "metadata": { + "category": "Naming" + }, + "version": "1.2.1", + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + } + } + } + }, + "responses": { + "200": { + "headers": {}, + "body": { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "name": "1.2.1", + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "version": "1.2.1", + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + } + } + }, + "201": { + "headers": {}, + "body": { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "name": "1.2.1", + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "version": "1.2.1", + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicyDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicyDefinitionVersionAtManagementGroup.json new file mode 100644 index 000000000000..3d4fd3063d98 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicyDefinitionVersionAtManagementGroup.json @@ -0,0 +1,138 @@ +{ + "parameters": { + "managementGroupName": "MyManagementGroup", + "policyDefinitionName": "ResourceNaming", + "policyDefinitionVersion": "1.2.1", + "api-version": "2024-05-01", + "parameters": { + "properties": { + "mode": "All", + "displayName": "Enforce resource naming convention", + "description": "Force resource names to begin with given 'prefix' and/or end with given 'suffix'", + "metadata": { + "category": "Naming" + }, + "version": "1.2.1", + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + } + } + } + }, + "responses": { + "200": { + "headers": {}, + "body": { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "name": "1.2.1", + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "version": "1.2.1", + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + } + } + }, + "201": { + "headers": {}, + "body": { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "name": "1.2.1", + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "version": "1.2.1", + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicySetDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicySetDefinition.json new file mode 100644 index 000000000000..d4abc73d8c53 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicySetDefinition.json @@ -0,0 +1,160 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policySetDefinitionName": "CostManagement", + "api-version": "2024-05-01", + "parameters": { + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "parameters": { + "namePrefix": { + "type": "String", + "defaultValue": "myPrefix", + "metadata": { + "displayName": "Prefix to enforce on resource names" + } + } + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "[parameters('namePrefix')]" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "CostManagement", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "parameters": { + "namePrefix": { + "type": "String", + "defaultValue": "myPrefix", + "metadata": { + "displayName": "Prefix to enforce on resource names" + } + } + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "[parameters('namePrefix')]" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + }, + "200": { + "headers": {}, + "body": { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "CostManagement", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "parameters": { + "namePrefix": { + "type": "String", + "defaultValue": "myPrefix", + "metadata": { + "displayName": "Prefix to enforce on resource names" + } + } + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "[parameters('namePrefix')]" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicySetDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicySetDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..14c12805a944 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicySetDefinitionAtManagementGroup.json @@ -0,0 +1,135 @@ +{ + "parameters": { + "managementGroupId": "MyManagementGroup", + "policySetDefinitionName": "CostManagement", + "api-version": "2024-05-01", + "parameters": { + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "CostManagement", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + }, + "200": { + "headers": {}, + "body": { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "CostManagement", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicySetDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicySetDefinitionVersion.json new file mode 100644 index 000000000000..ba74a64f87d8 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicySetDefinitionVersion.json @@ -0,0 +1,161 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policySetDefinitionName": "CostManagement", + "policyDefinitionVersion": "1.2.1", + "api-version": "2024-05-01", + "parameters": { + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "parameters": { + "namePrefix": { + "type": "String", + "defaultValue": "myPrefix", + "metadata": { + "displayName": "Prefix to enforce on resource names" + } + } + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "[parameters('namePrefix')]" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "name": "1.2.1", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "parameters": { + "namePrefix": { + "type": "String", + "defaultValue": "myPrefix", + "metadata": { + "displayName": "Prefix to enforce on resource names" + } + } + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "[parameters('namePrefix')]" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + }, + "200": { + "headers": {}, + "body": { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "name": "1.2.1", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "parameters": { + "namePrefix": { + "type": "String", + "defaultValue": "myPrefix", + "metadata": { + "displayName": "Prefix to enforce on resource names" + } + } + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "[parameters('namePrefix')]" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicySetDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicySetDefinitionVersionAtManagementGroup.json new file mode 100644 index 000000000000..fda0e5bb38bb --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicySetDefinitionVersionAtManagementGroup.json @@ -0,0 +1,133 @@ +{ + "parameters": { + "managementGroupName": "MyManagementGroup", + "policySetDefinitionName": "CostManagement", + "policyDefinitionVersion": "1.2.1", + "api-version": "2024-05-01", + "parameters": { + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "name": "1.2.1", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + }, + "200": { + "headers": {}, + "body": { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "CostManagement", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicySetDefinitionWithGroups.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicySetDefinitionWithGroups.json new file mode 100644 index 000000000000..461a9a447450 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicySetDefinitionWithGroups.json @@ -0,0 +1,196 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policySetDefinitionName": "CostManagement", + "api-version": "2024-05-01", + "parameters": { + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "displayName": "Cost Management Policies", + "description": "Policies designed to control spend within a subscription." + }, + { + "name": "Organizational", + "displayName": "Organizational Policies", + "description": "Policies that help enforce resource organization standards within a subscription." + } + ], + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "CostManagement", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "displayName": "Cost Management Policies", + "description": "Policies designed to control spend within a subscription." + }, + { + "name": "Organizational", + "displayName": "Organizational Policies", + "description": "Policies that help enforce resource organization standards within a subscription." + } + ], + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + }, + "200": { + "headers": {}, + "body": { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "CostManagement", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "displayName": "Cost Management Policies", + "description": "Policies designed to control spend within a subscription." + }, + { + "name": "Organizational", + "displayName": "Organizational Policies", + "description": "Policies that help enforce resource organization standards within a subscription." + } + ], + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicySetDefinitionWithGroupsAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicySetDefinitionWithGroupsAtManagementGroup.json new file mode 100644 index 000000000000..2f7236ec4ff8 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createOrUpdatePolicySetDefinitionWithGroupsAtManagementGroup.json @@ -0,0 +1,194 @@ +{ + "parameters": { + "managementGroupId": "MyManagementGroup", + "policySetDefinitionName": "CostManagement", + "api-version": "2024-05-01", + "parameters": { + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "displayName": "Cost Management Policies", + "description": "Policies designed to control spend within a subscription." + }, + { + "name": "Organizational", + "displayName": "Organizational Policies", + "description": "Policies that help enforce resource organization standards within a subscription." + } + ], + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "CostManagement", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "displayName": "Cost Management Policies", + "description": "Policies designed to control spend within a subscription." + }, + { + "name": "Organizational", + "displayName": "Organizational Policies", + "description": "Policies that help enforce resource organization standards within a subscription." + } + ], + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + }, + "200": { + "headers": {}, + "body": { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "CostManagement", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "displayName": "Cost Management Policies", + "description": "Policies designed to control spend within a subscription." + }, + { + "name": "Organizational", + "displayName": "Organizational Policies", + "description": "Policies that help enforce resource organization standards within a subscription." + } + ], + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignment.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignment.json new file mode 100644 index 000000000000..29d104f8a374 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignment.json @@ -0,0 +1,65 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2024-05-01", + "parameters": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "nonComplianceMessages": [ + { + "message": "Resource names must start with 'DeptA' and end with '-LC'." + } + ] + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "nonComplianceMessages": [ + { + "message": "Resource names must start with 'DeptA' and end with '-LC'." + } + ] + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignmentById.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignmentById.json new file mode 100644 index 000000000000..f8fc409d0969 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignmentById.json @@ -0,0 +1,55 @@ +{ + "parameters": { + "policyAssignmentId": "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "api-version": "2024-05-01", + "parameters": { + "properties": { + "displayName": "Enforce storage account SKU", + "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", + "metadata": { + "assignedBy": "Cheapskate Boss" + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "enforcementMode": "Default" + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce storage account SKU", + "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", + "metadata": { + "assignedBy": "Cheapskate Boss" + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "notScopes": [], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "enforcementMode": "Default" + }, + "id": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "type": "Microsoft.Authorization/policyAssignments", + "name": "LowCostStorage" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignmentNonComplianceMessages.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignmentNonComplianceMessages.json new file mode 100644 index 000000000000..c6ed13e98384 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignmentNonComplianceMessages.json @@ -0,0 +1,60 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "securityInitAssignment", + "api-version": "2024-05-01", + "parameters": { + "properties": { + "displayName": "Enforce security policies", + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative", + "nonComplianceMessages": [ + { + "message": "Resources must comply with all internal security policies. See for more info." + }, + { + "message": "Resource names must start with 'DeptA' and end with '-LC'.", + "policyDefinitionReferenceId": "10420126870854049575" + }, + { + "message": "Storage accounts must have firewall rules configured.", + "policyDefinitionReferenceId": "8572513655450389710" + } + ] + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce security policies", + "metadata": { + "assignedBy": "User 1" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative", + "definitionVersion": "1.*.*", + "notScopes": [], + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "nonComplianceMessages": [ + { + "message": "Resources must comply with all internal security policies. See for more info." + }, + { + "message": "Resource names must start with 'DeptA' and end with '-LC'.", + "policyDefinitionReferenceId": "10420126870854049575" + }, + { + "message": "Storage accounts must have firewall rules configured.", + "policyDefinitionReferenceId": "8572513655450389710" + } + ] + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/securityInitAssignment", + "type": "Microsoft.Authorization/policyAssignments", + "name": "securityInitAssignment" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignmentWithIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignmentWithIdentity.json new file mode 100644 index 000000000000..6a8bacd3d37a --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignmentWithIdentity.json @@ -0,0 +1,66 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2024-05-01", + "parameters": { + "location": "eastus", + "identity": { + "type": "SystemAssigned" + }, + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Foo Bar" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default" + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "eastus", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignmentWithIdentityById.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignmentWithIdentityById.json new file mode 100644 index 000000000000..c23848f9588c --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignmentWithIdentityById.json @@ -0,0 +1,65 @@ +{ + "parameters": { + "policyAssignmentId": "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "api-version": "2024-05-01", + "parameters": { + "identity": { + "type": "SystemAssigned" + }, + "location": "eastus", + "properties": { + "displayName": "Enforce storage account SKU", + "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", + "metadata": { + "assignedBy": "Cheapskate Boss" + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "enforcementMode": "Default" + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce storage account SKU", + "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", + "metadata": { + "assignedBy": "Cheapskate Boss" + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "notScopes": [], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "enforcementMode": "Default" + }, + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "eastus", + "id": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "type": "Microsoft.Authorization/policyAssignments", + "name": "LowCostStorage" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignmentWithOverrides.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignmentWithOverrides.json new file mode 100644 index 000000000000..975f5aa35b5c --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignmentWithOverrides.json @@ -0,0 +1,83 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "CostManagement", + "api-version": "2024-05-01", + "parameters": { + "properties": { + "displayName": "Limit the resource location and resource SKU", + "description": "Limit the resource location and resource SKU", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "definitionVersion": "1.*.*", + "overrides": [ + { + "kind": "policyEffect", + "value": "Audit", + "selectors": [ + { + "kind": "policyDefinitionReferenceId", + "in": [ + "Limit_Skus", + "Limit_Locations" + ] + } + ] + }, + { + "kind": "definitionVersion", + "value": "2.*.*", + "selectors": [ + { + "kind": "resourceLocation", + "in": [ + "eastUSEuap", + "centralUSEuap" + ] + } + ] + } + ] + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "displayName": "Limit the resource location and resource SKU", + "description": "Limit the resource location and resource SKU", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "definitionVersion": "1.*.*", + "notScopes": [], + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "overrides": [ + { + "kind": "policyEffect", + "value": "Audit", + "selectors": [ + { + "kind": "policyDefinitionReferenceId", + "in": [ + "Limit_Skus", + "Limit_Locations" + ] + } + ] + } + ] + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "CostManagement" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignmentWithResourceSelectors.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignmentWithResourceSelectors.json new file mode 100644 index 000000000000..06a69239ba22 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignmentWithResourceSelectors.json @@ -0,0 +1,67 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "CostManagement", + "api-version": "2024-05-01", + "parameters": { + "properties": { + "displayName": "Limit the resource location and resource SKU", + "description": "Limit the resource location and resource SKU", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "kind": "resourceLocation", + "in": [ + "eastus2euap", + "centraluseuap" + ] + } + ] + } + ] + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "displayName": "Limit the resource location and resource SKU", + "description": "Limit the resource location and resource SKU", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "definitionVersion": "1.*.*", + "notScopes": [], + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "kind": "resourceLocation", + "in": [ + "eastus2euap", + "centraluseuap" + ] + } + ] + } + ] + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "CostManagement" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignmentWithUserAssignedIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignmentWithUserAssignedIdentity.json new file mode 100644 index 000000000000..ba29f71d9b49 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignmentWithUserAssignedIdentity.json @@ -0,0 +1,73 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2024-05-01", + "parameters": { + "location": "eastus", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": {} + } + }, + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Foo Bar" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default" + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": { + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "clientId": "4bee2b8a-1bee-47c2-90e9-404241551135" + } + } + }, + "location": "eastus", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignmentWithoutEnforcement.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignmentWithoutEnforcement.json new file mode 100644 index 000000000000..adbf466f12a7 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/createPolicyAssignmentWithoutEnforcement.json @@ -0,0 +1,56 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2024-05-01", + "parameters": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "DoNotEnforce" + } + } + }, + "responses": { + "201": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "DoNotEnforce", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicyAssignment.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicyAssignment.json new file mode 100644 index 000000000000..06e79cc4427b --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicyAssignment.json @@ -0,0 +1,39 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + }, + "204": { + "headers": {} + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicyAssignmentById.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicyAssignmentById.json new file mode 100644 index 000000000000..c8606f1355d8 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicyAssignmentById.json @@ -0,0 +1,37 @@ +{ + "parameters": { + "policyAssignmentId": "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce storage account SKU", + "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", + "metadata": { + "assignedBy": "Cheapskate Boss" + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "notScopes": [], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + "id": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "type": "Microsoft.Authorization/policyAssignments", + "name": "LowCostStorage" + } + }, + "204": { + "headers": {} + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicyDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicyDefinition.json new file mode 100644 index 000000000000..40f8dc06a501 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicyDefinition.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyDefinitionName": "ResourceNaming", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicyDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicyDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..69b35040d879 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicyDefinitionAtManagementGroup.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "managementGroupId": "MyManagementGroup", + "policyDefinitionName": "ResourceNaming", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicyDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicyDefinitionVersion.json new file mode 100644 index 000000000000..6cd6ccf8fb39 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicyDefinitionVersion.json @@ -0,0 +1,16 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyDefinitionName": "ResourceNaming", + "policyDefinitionVersion": "1.2.1", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicyDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicyDefinitionVersionAtManagementGroup.json new file mode 100644 index 000000000000..2f1630b68729 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicyDefinitionVersionAtManagementGroup.json @@ -0,0 +1,16 @@ +{ + "parameters": { + "managementGroupName": "MyManagementGroup", + "policyDefinitionName": "ResourceNaming", + "policyDefinitionVersion": "1.2.1", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicySetDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicySetDefinition.json new file mode 100644 index 000000000000..14e0f5d99585 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicySetDefinition.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policySetDefinitionName": "CostManagement", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicySetDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicySetDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..73180b5444c8 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicySetDefinitionAtManagementGroup.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "managementGroupId": "MyManagementGroup", + "policySetDefinitionName": "CostManagement", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicySetDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicySetDefinitionVersion.json new file mode 100644 index 000000000000..39521f3c639c --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicySetDefinitionVersion.json @@ -0,0 +1,16 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policySetDefinitionName": "CostManagement", + "policyDefinitionVersion": "1.2.1", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicySetDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicySetDefinitionVersionAtManagementGroup.json new file mode 100644 index 000000000000..18c47bcb2108 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/deletePolicySetDefinitionVersionAtManagementGroup.json @@ -0,0 +1,16 @@ +{ + "parameters": { + "managementGroupName": "MyManagementGroup", + "policySetDefinitionName": "CostManagement", + "policyDefinitionVersion": "1.2.1", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getBuiltInPolicySetDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getBuiltInPolicySetDefinition.json new file mode 100644 index 000000000000..cd03050c396f --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getBuiltInPolicySetDefinition.json @@ -0,0 +1,82 @@ +{ + "parameters": { + "policySetDefinitionName": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "policyType": "BuiltIn", + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "metadata": { + "category": "Security Center" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "parameters": {}, + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId1" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId2" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId3" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId4" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId5" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId6" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId7" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId8" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId9" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId10" + } + ] + }, + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getBuiltInPolicySetDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getBuiltInPolicySetDefinitionVersion.json new file mode 100644 index 000000000000..dc13525f3b03 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getBuiltInPolicySetDefinitionVersion.json @@ -0,0 +1,79 @@ +{ + "parameters": { + "policySetDefinitionName": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "policyDefinitionVersion": "1.2.1", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "policyType": "BuiltIn", + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "metadata": { + "category": "Security Center" + }, + "version": "1.2.1", + "parameters": {}, + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId1" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId2" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId3" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId4" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId5" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId6" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId7" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId8" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId9" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId10" + } + ] + }, + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8/versions/1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "name": "1.2.1" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getBuiltinPolicyDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getBuiltinPolicyDefinition.json new file mode 100644 index 000000000000..e3c22e37dc11 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getBuiltinPolicyDefinition.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyDefinitionName": "7433c107-6db4-4ad1-b57a-a76dce0154a1", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "mode": "All", + "displayName": "Allowed storage account SKUs", + "policyType": "BuiltIn", + "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.", + "parameters": { + "listOfAllowedSKUs": { + "type": "Array", + "metadata": { + "description": "The list of SKUs that can be specified for storage accounts.", + "displayName": "Allowed SKUs", + "strongType": "StorageSKUs" + } + } + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyRule": { + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Storage/storageAccounts" + }, + { + "not": { + "field": "Microsoft.Storage/storageAccounts/sku.name", + "in": "[parameters('listOfAllowedSKUs')]" + } + } + ] + }, + "then": { + "effect": "Deny" + } + } + }, + "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getBuiltinPolicyDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getBuiltinPolicyDefinitionVersion.json new file mode 100644 index 000000000000..f3f9aebd22e4 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getBuiltinPolicyDefinitionVersion.json @@ -0,0 +1,54 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyDefinitionName": "7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionVersion": "1.2.1", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "mode": "All", + "displayName": "Allowed storage account SKUs", + "policyType": "BuiltIn", + "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.", + "parameters": { + "listOfAllowedSKUs": { + "type": "Array", + "metadata": { + "description": "The list of SKUs that can be specified for storage accounts.", + "displayName": "Allowed SKUs", + "strongType": "StorageSKUs" + } + } + }, + "version": "1.2.1", + "policyRule": { + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Storage/storageAccounts" + }, + { + "not": { + "field": "Microsoft.Storage/storageAccounts/sku.name", + "in": "[parameters('listOfAllowedSKUs')]" + } + } + ] + }, + "then": { + "effect": "Deny" + } + } + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1/versions/1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "name": "1.2.1" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyAssignment.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyAssignment.json new file mode 100644 index 000000000000..b40abcbd2648 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyAssignment.json @@ -0,0 +1,37 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyAssignmentById.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyAssignmentById.json new file mode 100644 index 000000000000..a40bdf71fb1d --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyAssignmentById.json @@ -0,0 +1,35 @@ +{ + "parameters": { + "policyAssignmentId": "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce storage account SKU", + "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", + "metadata": { + "assignedBy": "Cheapskate Boss" + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "notScopes": [], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "enforcementMode": "Default" + }, + "id": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "type": "Microsoft.Authorization/policyAssignments", + "name": "LowCostStorage" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyAssignmentWithIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyAssignmentWithIdentity.json new file mode 100644 index 000000000000..43e52b4c5611 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyAssignmentWithIdentity.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "westus", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyAssignmentWithIdentityById.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyAssignmentWithIdentityById.json new file mode 100644 index 000000000000..91b965f23267 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyAssignmentWithIdentityById.json @@ -0,0 +1,41 @@ +{ + "parameters": { + "policyAssignmentId": "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce storage account SKU", + "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", + "metadata": { + "assignedBy": "Cheapskate Boss" + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "notScopes": [], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "enforcementMode": "Default" + }, + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "westus", + "id": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "type": "Microsoft.Authorization/policyAssignments", + "name": "LowCostStorage" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyAssignmentWithOverrides.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyAssignmentWithOverrides.json new file mode 100644 index 000000000000..3b588d00a045 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyAssignmentWithOverrides.json @@ -0,0 +1,44 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "CostManagement", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Limit the resource location and resource SKU", + "description": "Limit the resource location and resource SKU", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "definitionVersion": "1.*.*", + "notScopes": [], + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "overrides": [ + { + "kind": "policyEffect", + "value": "Audit", + "selectors": [ + { + "kind": "policyDefinitionReferenceId", + "in": [ + "Limit_Skus", + "Limit_Locations" + ] + } + ] + } + ] + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "CostManagement" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyAssignmentWithResourceSelectors.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyAssignmentWithResourceSelectors.json new file mode 100644 index 000000000000..af3bdcc14223 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyAssignmentWithResourceSelectors.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "CostManagement", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Limit the resource location and resource SKU", + "description": "Limit the resource location and resource SKU", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "definitionVersion": "1.*.*", + "notScopes": [], + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "kind": "resourceLocation", + "in": [ + "eastus2euap", + "centraluseuap" + ] + } + ] + } + ] + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "CostManagement" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyAssignmentWithUserAssignedIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyAssignmentWithUserAssignedIdentity.json new file mode 100644 index 000000000000..9821f092e887 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyAssignmentWithUserAssignedIdentity.json @@ -0,0 +1,47 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": { + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "clientId": "4bee2b8a-1bee-47c2-90e9-404241551135" + } + } + }, + "location": "westus", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyDefinition.json new file mode 100644 index 000000000000..2cc5538b7f8c --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyDefinition.json @@ -0,0 +1,58 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyDefinitionName": "ResourceNaming", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "ResourceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..3637b140989c --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyDefinitionAtManagementGroup.json @@ -0,0 +1,58 @@ +{ + "parameters": { + "managementGroupId": "MyManagementGroup", + "policyDefinitionName": "ResourceNaming", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "ResourceNaming", + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyDefinitionVersion.json new file mode 100644 index 000000000000..38570152beca --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyDefinitionVersion.json @@ -0,0 +1,55 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyDefinitionName": "ResourceNaming", + "policyDefinitionVersion": "1.2.1", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "version": "1.2.1", + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "name": "1.2.1" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyDefinitionVersionAtManagementGroup.json new file mode 100644 index 000000000000..aba99a6c739f --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicyDefinitionVersionAtManagementGroup.json @@ -0,0 +1,55 @@ +{ + "parameters": { + "managementGroupName": "MyManagementGroup", + "policyDefinitionName": "ResourceNaming", + "policyDefinitionVersion": "1.2.1", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "name": "1.2.1", + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "version": "1.2.1", + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicySetDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicySetDefinition.json new file mode 100644 index 000000000000..2571630499e9 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicySetDefinition.json @@ -0,0 +1,75 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policySetDefinitionName": "CostManagement", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "CostManagement", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "displayName": "Cost Management Policies", + "description": "Policies designed to control spend within a subscription." + }, + { + "name": "Organizational", + "displayName": "Organizational Policies", + "description": "Policies that help enforce resource organization standards within a subscription." + } + ], + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicySetDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicySetDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..bd3e1db482ff --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicySetDefinitionAtManagementGroup.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "managementGroupId": "MyManagementGroup", + "policySetDefinitionName": "CostManagement", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "CostManagement", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicySetDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicySetDefinitionVersion.json new file mode 100644 index 000000000000..cee34af71894 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicySetDefinitionVersion.json @@ -0,0 +1,72 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policySetDefinitionName": "CostManagement", + "policyDefinitionVersion": "1.2.1", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "name": "1.2.1", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "displayName": "Cost Management Policies", + "description": "Policies designed to control spend within a subscription." + }, + { + "name": "Organizational", + "displayName": "Organizational Policies", + "description": "Policies that help enforce resource organization standards within a subscription." + } + ], + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicySetDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicySetDefinitionVersionAtManagementGroup.json new file mode 100644 index 000000000000..3b617d7fd4e8 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/getPolicySetDefinitionVersionAtManagementGroup.json @@ -0,0 +1,54 @@ +{ + "parameters": { + "managementGroupName": "MyManagementGroup", + "policySetDefinitionName": "CostManagement", + "policyDefinitionVersion": "1.2.1", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "name": "1.2.1", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listAllBuiltInPolicyDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listAllBuiltInPolicyDefinitionVersions.json new file mode 100644 index 000000000000..3e60088996e9 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listAllBuiltInPolicyDefinitionVersions.json @@ -0,0 +1,105 @@ +{ + "parameters": { + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "mode": "All", + "displayName": "Audit SQL DB Level Audit Setting", + "policyType": "BuiltIn", + "description": "Audit DB level audit setting for SQL databases", + "parameters": { + "setting": { + "type": "String", + "metadata": { + "displayName": "Audit Setting" + }, + "allowedValues": [ + "enabled", + "disabled" + ] + } + }, + "version": "1.2.1", + "policyRule": { + "if": { + "field": "type", + "equals": "Microsoft.Sql/servers/databases" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "name": "default", + "existenceCondition": { + "allOf": [ + { + "field": "Microsoft.Sql/auditingSettings.state", + "equals": "[parameters('setting')]" + } + ] + } + } + } + } + }, + "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12/versions/1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "name": "1.2.1" + }, + { + "properties": { + "mode": "All", + "displayName": "Audit SQL DB Level Audit Setting", + "policyType": "BuiltIn", + "description": "Audit DB level audit setting for SQL databases", + "parameters": { + "setting": { + "type": "String", + "metadata": { + "displayName": "Audit Setting" + }, + "allowedValues": [ + "enabled", + "disabled", + "default" + ] + } + }, + "version": "1.0.0", + "policyRule": { + "if": { + "field": "type", + "equals": "Microsoft.Sql/servers/databases" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "name": "default", + "existenceCondition": { + "allOf": [ + { + "field": "Microsoft.Sql/auditingSettings.state", + "equals": "[parameters('setting')]" + } + ] + } + } + } + } + }, + "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12/versions/1.0.0", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "name": "1.0.0" + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listAllBuiltInPolicySetDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listAllBuiltInPolicySetDefinitionVersions.json new file mode 100644 index 000000000000..05cba7f5d9cc --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listAllBuiltInPolicySetDefinitionVersions.json @@ -0,0 +1,81 @@ +{ + "parameters": { + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "policyType": "BuiltIn", + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "metadata": { + "category": "Security Center" + }, + "version": "1.2.1", + "parameters": {}, + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId1" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId2" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId3" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId4" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId5" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId6" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId7" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId8" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId9" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId10" + } + ] + }, + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8/versions/1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "name": "1.2.1" + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listAllPolicyDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listAllPolicyDefinitionVersions.json new file mode 100644 index 000000000000..f04ff427f67c --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listAllPolicyDefinitionVersions.json @@ -0,0 +1,99 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "version": "1.2.1", + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "name": "1.2.1" + }, + { + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "version": "1.0.0", + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '-*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/versions/1.0.0", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "1.0.0" + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listAllPolicyDefinitionVersionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listAllPolicyDefinitionVersionsByManagementGroup.json new file mode 100644 index 000000000000..2a57bb9b34ca --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listAllPolicyDefinitionVersionsByManagementGroup.json @@ -0,0 +1,99 @@ +{ + "parameters": { + "managementGroupName": "MyManagementGroup", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "name": "1.2.1", + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "version": "1.2.1", + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + } + }, + { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.0.0", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "name": "1.0.0", + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "version": "1.2.1", + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '-*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listAllPolicySetDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listAllPolicySetDefinitionVersions.json new file mode 100644 index 000000000000..ba2c0476d573 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listAllPolicySetDefinitionVersions.json @@ -0,0 +1,56 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "name": "1.2.1", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listAllPolicySetDefinitionVersionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listAllPolicySetDefinitionVersionsByManagementGroup.json new file mode 100644 index 000000000000..19cbdf603d5b --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listAllPolicySetDefinitionVersionsByManagementGroup.json @@ -0,0 +1,123 @@ +{ + "parameters": { + "managementGroupName": "MyManagementGroup", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "policyType": "BuiltIn", + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "metadata": { + "category": "Security Center" + }, + "version": "1.2.1", + "parameters": {}, + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId1" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId2" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId3" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId4" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId5" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId6" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId7" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId8" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId9" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId10" + } + ] + }, + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8/versoins/1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "name": "1.2.1" + }, + { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "name": "1.2.1", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listBuiltInPolicyDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listBuiltInPolicyDefinitionVersions.json new file mode 100644 index 000000000000..a4e25e7b79c4 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listBuiltInPolicyDefinitionVersions.json @@ -0,0 +1,106 @@ +{ + "parameters": { + "policyDefinitionName": "06a78e20-9358-41c9-923c-fb736d382a12", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "mode": "All", + "displayName": "Audit SQL DB Level Audit Setting", + "policyType": "BuiltIn", + "description": "Audit DB level audit setting for SQL databases", + "parameters": { + "setting": { + "type": "String", + "metadata": { + "displayName": "Audit Setting" + }, + "allowedValues": [ + "enabled", + "disabled" + ] + } + }, + "version": "1.2.1", + "policyRule": { + "if": { + "field": "type", + "equals": "Microsoft.Sql/servers/databases" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "name": "default", + "existenceCondition": { + "allOf": [ + { + "field": "Microsoft.Sql/auditingSettings.state", + "equals": "[parameters('setting')]" + } + ] + } + } + } + } + }, + "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12/versions/1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "name": "1.2.1" + }, + { + "properties": { + "mode": "All", + "displayName": "Audit SQL DB Level Audit Setting", + "policyType": "BuiltIn", + "description": "Audit DB level audit setting for SQL databases", + "parameters": { + "setting": { + "type": "String", + "metadata": { + "displayName": "Audit Setting" + }, + "allowedValues": [ + "enabled", + "disabled", + "default" + ] + } + }, + "version": "1.0.0", + "policyRule": { + "if": { + "field": "type", + "equals": "Microsoft.Sql/servers/databases" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "name": "default", + "existenceCondition": { + "allOf": [ + { + "field": "Microsoft.Sql/auditingSettings.state", + "equals": "[parameters('setting')]" + } + ] + } + } + } + } + }, + "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12/versions/1.0.0", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "name": "1.0.0" + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listBuiltInPolicyDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listBuiltInPolicyDefinitions.json new file mode 100644 index 000000000000..27c4a2728e33 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listBuiltInPolicyDefinitions.json @@ -0,0 +1,145 @@ +{ + "parameters": { + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "mode": "All", + "displayName": "Audit SQL DB Level Audit Setting", + "policyType": "BuiltIn", + "description": "Audit DB level audit setting for SQL databases", + "parameters": { + "setting": { + "type": "String", + "metadata": { + "displayName": "Audit Setting" + }, + "allowedValues": [ + "enabled", + "disabled" + ] + } + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyRule": { + "if": { + "field": "type", + "equals": "Microsoft.Sql/servers/databases" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "name": "default", + "existenceCondition": { + "allOf": [ + { + "field": "Microsoft.Sql/auditingSettings.state", + "equals": "[parameters('setting')]" + } + ] + } + } + } + } + }, + "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "06a78e20-9358-41c9-923c-fb736d382a12" + }, + { + "properties": { + "mode": "All", + "displayName": "Allowed storage account SKUs", + "policyType": "Static", + "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.", + "parameters": { + "listOfAllowedSKUs": { + "type": "Array", + "metadata": { + "description": "The list of SKUs that can be specified for storage accounts.", + "displayName": "Allowed SKUs", + "strongType": "StorageSKUs" + } + } + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyRule": { + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Storage/storageAccounts" + }, + { + "not": { + "field": "Microsoft.Storage/storageAccounts/sku.name", + "in": "[parameters('listOfAllowedSKUs')]" + } + } + ] + }, + "then": { + "effect": "Deny" + } + } + }, + "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1" + }, + { + "properties": { + "mode": "Microsoft.KeyVault.Data", + "displayName": "Audit KeyVault certificates that expire within specified number of days", + "policyType": "BuiltIn", + "description": "Audit certificates that are stored in Azure Key Vault, that expire within 'X' number of days.", + "metadata": { + "category": "KeyVault DataPlane" + }, + "parameters": { + "daysToExpire": { + "type": "Integer", + "metadata": { + "displayName": "Days to expire", + "description": "The number of days for a certificate to expire." + } + } + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyRule": { + "if": { + "field": "Microsoft.KeyVault.Data/vaults/certificates/attributes/expiresOn", + "lessOrEquals": "[addDays(utcNow(), parameters('daysToExpire'))]" + }, + "then": { + "effect": "audit" + } + } + }, + "id": "/providers/Microsoft.Authorization/policyDefinitions/abeed54a-73c5-441d-8a8c-6b5e7a0c299e", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "abeed54a-73c5-441d-8a8c-6b5e7a0c299e" + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listBuiltInPolicySetDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listBuiltInPolicySetDefinitionVersions.json new file mode 100644 index 000000000000..a45dd0e3c82b --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listBuiltInPolicySetDefinitionVersions.json @@ -0,0 +1,82 @@ +{ + "parameters": { + "policySetDefinitionName": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "policyType": "BuiltIn", + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "metadata": { + "category": "Security Center" + }, + "version": "1.2.1", + "parameters": {}, + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId1" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId2" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId3" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId4" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId5" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId6" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId7" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId8" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId9" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId10" + } + ] + }, + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8/versions/1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "name": "1.2.1" + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listBuiltInPolicySetDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listBuiltInPolicySetDefinitions.json new file mode 100644 index 000000000000..0db41056483b --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listBuiltInPolicySetDefinitions.json @@ -0,0 +1,85 @@ +{ + "parameters": { + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "policyType": "BuiltIn", + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "metadata": { + "category": "Security Center" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "parameters": {}, + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId1" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId2" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId3" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId4" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId5" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId6" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId7" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId8" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId9" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId10" + } + ] + }, + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicyAssignments.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicyAssignments.json new file mode 100644 index 000000000000..7c8e8f8e99a2 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicyAssignments.json @@ -0,0 +1,56 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2024-05-01", + "$filter": "atScope()" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "CostManagement", + "location": "eastus", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "properties": { + "displayName": "Storage Cost Management", + "description": "Minimize the risk of accidental cost overruns", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/storageSkus", + "definitionVersion": "1.*.*", + "parameters": { + "allowedSkus": { + "value": "Standard_A1" + } + }, + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "notScopes": [] + } + }, + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/TagEnforcement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TagEnforcement", + "properties": { + "displayName": "Enforces a tag key and value", + "description": "Ensure a given tag key and value are present on all resources", + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue", + "definitionVersion": "1.*.*", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "notScopes": [] + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicyAssignmentsForManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicyAssignmentsForManagementGroup.json new file mode 100644 index 000000000000..75f82c443262 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicyAssignmentsForManagementGroup.json @@ -0,0 +1,56 @@ +{ + "parameters": { + "managementGroupId": "TestManagementGroup", + "api-version": "2024-05-01", + "$filter": "atScope()" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/providers/Microsoft.Management/managementGroups/TestManagementGroup/providers/Microsoft.Authorization/policyAssignments/TestCostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TestCostManagement", + "location": "eastus", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "properties": { + "displayName": "Storage Cost Management", + "description": "Minimize the risk of accidental cost overruns", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/TestManagementGroup/providers/Microsoft.Authorization/policyDefinitions/storageSkus", + "definitionVersion": "1.*.*", + "parameters": { + "allowedSkus": { + "value": "Standard_A1" + } + }, + "scope": "/providers/Microsoft.Management/managementGroups/TestManagementGroup", + "notScopes": [] + } + }, + { + "id": "/providers/Microsoft.Management/managementGroups/TestManagementGroup/providers/Microsoft.Authorization/policyAssignments/TestTagEnforcement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TestTagEnforcement", + "properties": { + "displayName": "Enforces a tag key and value", + "description": "Ensure a given tag key and value are present on all resources", + "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/TestManagementGroup/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue", + "definitionVersion": "1.*.*", + "scope": "/providers/Microsoft.Management/managementGroups/TestManagementGroup", + "notScopes": [] + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicyAssignmentsForResource.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicyAssignmentsForResource.json new file mode 100644 index 000000000000..ea7dc3af21fe --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicyAssignmentsForResource.json @@ -0,0 +1,60 @@ +{ + "parameters": { + "resourceGroupName": "TestResourceGroup", + "resourceProviderNamespace": "Microsoft.Compute", + "parentResourcePath": "virtualMachines/MyTestVm", + "resourceType": "domainNames", + "resourceName": "MyTestComputer.cloudapp.net", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestCostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TestCostManagement", + "location": "eastus", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "properties": { + "displayName": "VM Cost Management", + "description": "Minimize the risk of accidental cost overruns", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/vmSkus", + "definitionVersion": "1.*.*", + "parameters": { + "allowedSkus": { + "value": "Standard_A1" + } + }, + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup", + "notScopes": [] + } + }, + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestTagEnforcement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TestTagEnforcement", + "properties": { + "displayName": "Enforces a tag key and value", + "description": "Ensure a given tag key and value are present on all resources", + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue", + "definitionVersion": "1.*.*", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup", + "notScopes": [] + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicyAssignmentsForResourceGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicyAssignmentsForResourceGroup.json new file mode 100644 index 000000000000..0002347985a2 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicyAssignmentsForResourceGroup.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "resourceGroupName": "TestResourceGroup", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2024-05-01", + "$filter": "atScope()" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestCostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TestCostManagement", + "location": "eastus", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "properties": { + "displayName": "Storage Cost Management", + "description": "Minimize the risk of accidental cost overruns", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/storageSkus", + "definitionVersion": "1.*.*", + "parameters": { + "allowedSkus": { + "value": "Standard_A1" + } + }, + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup", + "notScopes": [] + } + }, + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestTagEnforcement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TestTagEnforcement", + "properties": { + "displayName": "Enforces a tag key and value", + "description": "Ensure a given tag key and value are present on all resources", + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue", + "definitionVersion": "1.*.*", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup", + "notScopes": [] + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicyDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicyDefinitionVersions.json new file mode 100644 index 000000000000..1e1e0422e0c4 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicyDefinitionVersions.json @@ -0,0 +1,100 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyDefinitionName": "ResourceNaming", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "version": "1.2.1", + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "name": "1.2.1" + }, + { + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "version": "1.0.0", + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '-*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/versions/1.0.0", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "1.0.0" + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicyDefinitionVersionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicyDefinitionVersionsByManagementGroup.json new file mode 100644 index 000000000000..f7ab67f592d0 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicyDefinitionVersionsByManagementGroup.json @@ -0,0 +1,100 @@ +{ + "parameters": { + "managementGroupName": "MyManagementGroup", + "policyDefinitionName": "ResourceNaming", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "name": "1.2.1", + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "version": "1.2.1", + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + } + }, + { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.0.0", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "name": "1.0.0", + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "version": "1.2.1", + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '-*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicyDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicyDefinitions.json new file mode 100644 index 000000000000..ec725eb7ba31 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicyDefinitions.json @@ -0,0 +1,143 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "mode": "All", + "displayName": "Allowed storage account SKUs", + "policyType": "BuiltIn", + "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.", + "parameters": { + "listOfAllowedSKUs": { + "type": "Array", + "metadata": { + "description": "The list of SKUs that can be specified for storage accounts.", + "displayName": "Allowed SKUs", + "strongType": "StorageSKUs" + } + } + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyRule": { + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Storage/storageAccounts" + }, + { + "not": { + "field": "Microsoft.Storage/storageAccounts/sku.name", + "in": "[parameters('listOfAllowedSKUs')]" + } + } + ] + }, + "then": { + "effect": "Deny" + } + } + }, + "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1" + }, + { + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "ResourceNaming" + }, + { + "properties": { + "mode": "Microsoft.KeyVault.Data", + "displayName": "Audit KeyVault certificates that expire within specified number of days", + "description": "Audit certificates that are stored in Azure Key Vault, that expire within 'X' number of days.", + "metadata": { + "category": "KeyVault DataPlane" + }, + "parameters": { + "daysToExpire": { + "type": "Integer", + "metadata": { + "displayName": "Days to expire", + "description": "The number of days for a certificate to expire." + } + } + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyRule": { + "if": { + "field": "Microsoft.KeyVault.Data/vaults/certificates/attributes/expiresOn", + "lessOrEquals": "[addDays(utcNow(), parameters('daysToExpire'))]" + }, + "then": { + "effect": "audit" + } + }, + "policyType": "Custom" + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/AuditSoonToExpireCerts", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "AuditSoonToExpireCerts" + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicyDefinitionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicyDefinitionsByManagementGroup.json new file mode 100644 index 000000000000..dd9f3858b5ee --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicyDefinitionsByManagementGroup.json @@ -0,0 +1,106 @@ +{ + "parameters": { + "managementGroupId": "MyManagementGroup", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "mode": "All", + "displayName": "Allowed storage account SKUs", + "policyType": "BuiltIn", + "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.", + "parameters": { + "listOfAllowedSKUs": { + "type": "Array", + "metadata": { + "description": "The list of SKUs that can be specified for storage accounts.", + "displayName": "Allowed SKUs", + "strongType": "StorageSKUs" + } + } + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyRule": { + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.Storage/storageAccounts" + }, + { + "not": { + "field": "Microsoft.Storage/storageAccounts/sku.name", + "in": "[parameters('listOfAllowedSKUs')]" + } + } + ] + }, + "then": { + "effect": "Deny" + } + } + }, + "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1" + }, + { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "name": "ResourceNaming", + "properties": { + "mode": "All", + "displayName": "Naming Convention", + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "metadata": { + "category": "Naming" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "displayName": "Prefix", + "description": "Resource name prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "displayName": "Suffix", + "description": "Resource name suffix" + } + } + }, + "policyType": "Custom" + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicySetDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicySetDefinitionVersions.json new file mode 100644 index 000000000000..8527df2fafd6 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicySetDefinitionVersions.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policySetDefinitionName": "CostManagement", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "name": "1.2.1", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicySetDefinitionVersionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicySetDefinitionVersionsByManagementGroup.json new file mode 100644 index 000000000000..1c38b3d202ec --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicySetDefinitionVersionsByManagementGroup.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "managementGroupName": "MyManagementGroup", + "policySetDefinitionName": "CostManagement", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "name": "1.2.1", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicySetDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicySetDefinitions.json new file mode 100644 index 000000000000..8587f6e9fdb9 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicySetDefinitions.json @@ -0,0 +1,131 @@ +{ + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "policyType": "BuiltIn", + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "metadata": { + "category": "Security Center" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "parameters": {}, + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId1" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId2" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId3" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId4" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId5" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId6" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId7" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId8" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId9" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId10" + } + ] + }, + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + }, + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "CostManagement", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyDefinitions": [ + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicySetDefinitionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicySetDefinitionsByManagementGroup.json new file mode 100644 index 000000000000..e5b46c5b2131 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/listPolicySetDefinitionsByManagementGroup.json @@ -0,0 +1,129 @@ +{ + "parameters": { + "managementGroupId": "MyManagementGroup", + "api-version": "2024-05-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "properties": { + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "policyType": "BuiltIn", + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "metadata": { + "category": "Security Center" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "parameters": {}, + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId1" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId2" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId3" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId4" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "policyDefinitionReferenceId": "RefId5" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId6" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId7" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "policyDefinitionReferenceId": "RefId8" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId9" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "RefId10" + } + ] + }, + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + }, + { + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "name": "CostManagement", + "properties": { + "displayName": "Cost Management", + "description": "Policies to enforce low cost storage SKUs", + "metadata": { + "category": "Cost Management" + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ], + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Limit_Skus", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + } + }, + { + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "policyDefinitionReferenceId": "Resource_Naming", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + } + } + ] + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/updatePolicyAssignmentWithIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/updatePolicyAssignmentWithIdentity.json new file mode 100644 index 000000000000..123680545508 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/updatePolicyAssignmentWithIdentity.json @@ -0,0 +1,49 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2024-05-01", + "parameters": { + "location": "eastus", + "identity": { + "type": "SystemAssigned" + } + } + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "eastus", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/updatePolicyAssignmentWithIdentityById.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/updatePolicyAssignmentWithIdentityById.json new file mode 100644 index 000000000000..dc9624954fef --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/updatePolicyAssignmentWithIdentityById.json @@ -0,0 +1,47 @@ +{ + "parameters": { + "policyAssignmentId": "providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "api-version": "2024-05-01", + "parameters": { + "identity": { + "type": "SystemAssigned" + }, + "location": "eastus" + } + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce storage account SKU", + "description": "Allow only storage accounts of SKU Standard_GRS or Standard_LRS to be created", + "metadata": { + "assignedBy": "Cheapskate Boss" + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "definitionVersion": "1.*.*", + "notScopes": [], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "enforcementMode": "Default" + }, + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "eastus", + "id": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/LowCostStorage", + "type": "Microsoft.Authorization/policyAssignments", + "name": "LowCostStorage" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/updatePolicyAssignmentWithOverrides.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/updatePolicyAssignmentWithOverrides.json new file mode 100644 index 000000000000..aaad21828557 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/updatePolicyAssignmentWithOverrides.json @@ -0,0 +1,63 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "CostManagement", + "api-version": "2024-05-01", + "parameters": { + "properties": { + "overrides": [ + { + "kind": "policyEffect", + "value": "Audit", + "selectors": [ + { + "kind": "policyDefinitionReferenceId", + "in": [ + "Limit_Skus", + "Limit_Locations" + ] + } + ] + } + ] + } + } + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Limit the resource location and resource SKU", + "description": "Limit the resource location and resource SKU", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "definitionVersion": "1.*.*", + "notScopes": [], + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "overrides": [ + { + "kind": "policyEffect", + "value": "Audit", + "selectors": [ + { + "kind": "policyDefinitionReferenceId", + "in": [ + "Limit_Skus", + "Limit_Locations" + ] + } + ] + } + ] + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "CostManagement" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/updatePolicyAssignmentWithResourceSelectors.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/updatePolicyAssignmentWithResourceSelectors.json new file mode 100644 index 000000000000..5d2fdae630fb --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/updatePolicyAssignmentWithResourceSelectors.json @@ -0,0 +1,61 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "CostManagement", + "api-version": "2024-05-01", + "parameters": { + "properties": { + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "kind": "resourceLocation", + "in": [ + "eastus2euap", + "centraluseuap" + ] + } + ] + } + ] + } + } + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Limit the resource location and resource SKU", + "description": "Limit the resource location and resource SKU", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "definitionVersion": "1.*.*", + "notScopes": [], + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "kind": "resourceLocation", + "in": [ + "eastus2euap", + "centraluseuap" + ] + } + ] + } + ] + }, + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "CostManagement" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/updatePolicyAssignmentWithUserAssignedIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/updatePolicyAssignmentWithUserAssignedIdentity.json new file mode 100644 index 000000000000..64edb2203808 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/examples/updatePolicyAssignmentWithUserAssignedIdentity.json @@ -0,0 +1,56 @@ +{ + "parameters": { + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyAssignmentName": "EnforceNaming", + "api-version": "2024-05-01", + "parameters": { + "location": "eastus", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": {} + } + } + } + }, + "responses": { + "200": { + "headers": {}, + "body": { + "properties": { + "displayName": "Enforce resource naming rules", + "description": "Force resource names to begin with given DeptA and end with -LC", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "definitionVersion": "1.*.*", + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "enforcementMode": "Default", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": { + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "clientId": "4bee2b8a-1bee-47c2-90e9-404241551135" + } + } + }, + "location": "eastus", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "name": "EnforceNaming" + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/policyAssignments.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/policyAssignments.json new file mode 100644 index 000000000000..badc035c2478 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/policyAssignments.json @@ -0,0 +1,1063 @@ +{ + "swagger": "2.0", + "info": { + "title": "PolicyClient", + "version": "2024-05-01", + "description": "To manage and control access to your resources, you can define customized policies and assign them at a scope." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow.", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}": { + "delete": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_Delete", + "summary": "Deletes a policy assignment.", + "description": "This operation deletes a policy assignment, given its name and the scope it was created in. The scope of a policy assignment is the part of its ID preceding '/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.", + "x-ms-examples": { + "Delete a policy assignment": { + "$ref": "./examples/deletePolicyAssignment.json" + } + }, + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'", + "x-ms-skip-url-encoding": true + }, + { + "name": "policyAssignmentName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy assignment to delete." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the deleted assignment.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "204": { + "description": "No Content - the policy assignment doesn't exist." + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "put": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_Create", + "summary": "Creates or updates a policy assignment.", + "description": " This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.", + "x-ms-examples": { + "Create or update a policy assignment": { + "$ref": "./examples/createPolicyAssignment.json" + }, + "Create or update a policy assignment with multiple non-compliance messages": { + "$ref": "./examples/createPolicyAssignmentNonComplianceMessages.json" + }, + "Create or update a policy assignment with a system assigned identity": { + "$ref": "./examples/createPolicyAssignmentWithIdentity.json" + }, + "Create or update a policy assignment with a user assigned identity": { + "$ref": "./examples/createPolicyAssignmentWithUserAssignedIdentity.json" + }, + "Create or update a policy assignment without enforcing policy effect during resource creation or update.": { + "$ref": "./examples/createPolicyAssignmentWithoutEnforcement.json" + }, + "Create or update a policy assignment with resource selectors": { + "$ref": "./examples/createPolicyAssignmentWithResourceSelectors.json" + }, + "Create or update a policy assignment with overrides": { + "$ref": "./examples/createPolicyAssignmentWithOverrides.json" + } + }, + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'", + "x-ms-skip-url-encoding": true + }, + { + "name": "policyAssignmentName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy assignment." + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyAssignment" + }, + "description": "Parameters for the policy assignment." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "201": { + "description": "Created - Returns information about the new policy assignment.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "get": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_Get", + "summary": "Retrieves a policy assignment.", + "description": "This operation retrieves a single policy assignment, given its name and the scope it was created at.", + "x-ms-examples": { + "Retrieve a policy assignment": { + "$ref": "./examples/getPolicyAssignment.json" + }, + "Retrieve a policy assignment with a system assigned identity": { + "$ref": "./examples/getPolicyAssignmentWithIdentity.json" + }, + "Retrieve a policy assignment with a user assigned identity": { + "$ref": "./examples/getPolicyAssignmentWithUserAssignedIdentity.json" + }, + "Retrieve a policy assignment with resource selectors": { + "$ref": "./examples/getPolicyAssignmentWithResourceSelectors.json" + }, + "Retrieve a policy assignment with overrides": { + "$ref": "./examples/getPolicyAssignmentWithOverrides.json" + } + }, + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'", + "x-ms-skip-url-encoding": true + }, + { + "name": "policyAssignmentName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy assignment to get." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy assignment.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "patch": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_Update", + "summary": "Updates a policy assignment.", + "description": " This operation updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.", + "x-ms-examples": { + "Update a policy assignment with a system assigned identity": { + "$ref": "./examples/updatePolicyAssignmentWithIdentity.json" + }, + "Update a policy assignment with a user assigned identity": { + "$ref": "./examples/updatePolicyAssignmentWithUserAssignedIdentity.json" + }, + "Update a policy assignment with resource selectors": { + "$ref": "./examples/updatePolicyAssignmentWithResourceSelectors.json" + }, + "Update a policy assignment with overrides": { + "$ref": "./examples/updatePolicyAssignmentWithOverrides.json" + } + }, + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'", + "x-ms-skip-url-encoding": true + }, + { + "name": "policyAssignmentName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy assignment." + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyAssignmentUpdate" + }, + "description": "Parameters for policy assignment patch request." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy assignment.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Authorization/policyAssignments": { + "get": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_ListForResourceGroup", + "summary": "Retrieves all policy assignments that apply to a resource group.", + "description": "This operation retrieves the list of all policy assignments associated with the given resource group in the given subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy assignments associated with the resource group, including those that apply directly or apply from containing scopes, as well as any applied to resources contained within the resource group. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the resource group, which is everything in the unfiltered list except those applied to resources contained within the resource group. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the resource group. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value} that apply to the resource group.", + "x-ms-examples": { + "List policy assignments that apply to a resource group": { + "$ref": "./examples/listPolicyAssignmentsForResourceGroup.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "resourceGroupName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the resource group that contains policy assignments.", + "pattern": "^[-\\w\\._\\(\\)]+$", + "minLength": 1, + "maxLength": 90 + }, + { + "$ref": "#/parameters/PolicyAssignmentsFilterParameter" + }, + { + "$ref": "#/parameters/TopParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy assignments.", + "schema": { + "$ref": "#/definitions/PolicyAssignmentListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePath}/{resourceType}/{resourceName}/providers/Microsoft.Authorization/policyAssignments": { + "get": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_ListForResource", + "summary": "Retrieves all policy assignments that apply to a resource.", + "description": "This operation retrieves the list of all policy assignments associated with the specified resource in the given resource group and subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy assignments associated with the resource, including those that apply directly or from all containing scopes, as well as any applied to resources contained within the resource. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the resource, which is everything in the unfiltered list except those applied to resources contained within the resource. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the resource level. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value} that apply to the resource. Three parameters plus the resource name are used to identify a specific resource. If the resource is not part of a parent resource (the more common case), the parent resource path should not be provided (or provided as ''). For example a web app could be specified as ({resourceProviderNamespace} == 'Microsoft.Web', {parentResourcePath} == '', {resourceType} == 'sites', {resourceName} == 'MyWebApp'). If the resource is part of a parent resource, then all parameters should be provided. For example a virtual machine DNS name could be specified as ({resourceProviderNamespace} == 'Microsoft.Compute', {parentResourcePath} == 'virtualMachines/MyVirtualMachine', {resourceType} == 'domainNames', {resourceName} == 'MyComputerName'). A convenient alternative to providing the namespace and type name separately is to provide both in the {resourceType} parameter, format: ({resourceProviderNamespace} == '', {parentResourcePath} == '', {resourceType} == 'Microsoft.Web/sites', {resourceName} == 'MyWebApp').", + "deprecated": false, + "x-ms-examples": { + "List all policy assignments that apply to a resource": { + "$ref": "./examples/listPolicyAssignmentsForResource.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "resourceGroupName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the resource group containing the resource.", + "pattern": "^[-\\w\\._\\(\\)]+$", + "minLength": 1, + "maxLength": 90 + }, + { + "name": "resourceProviderNamespace", + "in": "path", + "required": true, + "type": "string", + "description": "The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines)" + }, + { + "name": "parentResourcePath", + "in": "path", + "required": true, + "type": "string", + "description": "The parent resource path. Use empty string if there is none.", + "x-ms-skip-url-encoding": true + }, + { + "name": "resourceType", + "in": "path", + "required": true, + "type": "string", + "description": "The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites).", + "x-ms-skip-url-encoding": true + }, + { + "name": "resourceName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^.+$", + "description": "The name of the resource." + }, + { + "$ref": "#/parameters/PolicyAssignmentsFilterParameter" + }, + { + "$ref": "#/parameters/TopParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy assignments.", + "schema": { + "$ref": "#/definitions/PolicyAssignmentListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "#/definitions/PolicyAssignment" + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policyAssignments": { + "get": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_ListForManagementGroup", + "summary": "Retrieves all policy assignments that apply to a management group.", + "description": "This operation retrieves the list of all policy assignments applicable to the management group that match the given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter=atScope() is provided, the returned list includes all policy assignments that are assigned to the management group or the management group's ancestors. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the management group. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value} that apply to the management group.", + "x-ms-examples": { + "List policy assignments that apply to a management group": { + "$ref": "./examples/listPolicyAssignmentsForManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/ManagementGroupIdParameter" + }, + { + "$ref": "#/parameters/PolicyAssignmentsFilterParameter" + }, + { + "$ref": "#/parameters/TopParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy assignments.", + "schema": { + "$ref": "#/definitions/PolicyAssignmentListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyAssignments": { + "get": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_List", + "summary": "Retrieves all policy assignments that apply to a subscription.", + "description": "This operation retrieves the list of all policy assignments associated with the given subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy assignments associated with the subscription, including those that apply directly or from management groups that contain the given subscription, as well as any applied to objects contained within the subscription. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the subscription, which is everything in the unfiltered list except those applied to objects contained within the subscription. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the subscription. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value}.", + "x-ms-examples": { + "List policy assignments that apply to a subscription": { + "$ref": "./examples/listPolicyAssignments.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/PolicyAssignmentsFilterParameter" + }, + { + "$ref": "#/parameters/TopParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy assignments.", + "schema": { + "$ref": "#/definitions/PolicyAssignmentListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-odata": "#/definitions/PolicyAssignment" + } + }, + "/{policyAssignmentId}": { + "delete": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_DeleteById", + "summary": "Deletes a policy assignment.", + "description": "This operation deletes the policy with the given ID. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid formats for {scope} are: '/providers/Microsoft.Management/managementGroups/{managementGroup}' (management group), '/subscriptions/{subscriptionId}' (subscription), '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}' (resource group), or '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' (resource).", + "x-ms-examples": { + "Delete a policy assignment by ID": { + "$ref": "./examples/deletePolicyAssignmentById.json" + } + }, + "parameters": [ + { + "name": "policyAssignmentId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.", + "x-ms-skip-url-encoding": true + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy assignment.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "204": { + "description": "No Content - the policy assignment doesn't exist." + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "put": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_CreateById", + "summary": "Creates or updates a policy assignment.", + "description": "This operation creates or updates the policy assignment with the given ID. Policy assignments made on a scope apply to all resources contained in that scope. For example, when you assign a policy to a resource group that policy applies to all resources in the group. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'.", + "x-ms-examples": { + "Create or update policy assignment by ID": { + "$ref": "./examples/createPolicyAssignmentById.json" + }, + "Create or update policy assignment with a managed identity by ID": { + "$ref": "./examples/createPolicyAssignmentWithIdentityById.json" + } + }, + "parameters": [ + { + "name": "policyAssignmentId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the policy assignment to create. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.", + "x-ms-skip-url-encoding": true + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyAssignment" + }, + "description": "Parameters for policy assignment." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "201": { + "description": "Created - Returns information about the policy assignment.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "get": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_GetById", + "summary": "Retrieves the policy assignment with the given ID.", + "description": "The operation retrieves the policy assignment with the given ID. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'.", + "x-ms-examples": { + "Retrieve a policy assignment by ID": { + "$ref": "./examples/getPolicyAssignmentById.json" + }, + "Retrieve a policy assignment with a managed identity by ID": { + "$ref": "./examples/getPolicyAssignmentWithIdentityById.json" + } + }, + "parameters": [ + { + "name": "policyAssignmentId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the policy assignment to get. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.", + "x-ms-skip-url-encoding": true + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy assignment.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "patch": { + "tags": [ + "PolicyAssignments" + ], + "operationId": "PolicyAssignments_UpdateById", + "summary": "Updates a policy assignment.", + "description": "This operation updates the policy assignment with the given ID. Policy assignments made on a scope apply to all resources contained in that scope. For example, when you assign a policy to a resource group that policy applies to all resources in the group. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'.", + "x-ms-examples": { + "Update policy assignment with a managed identity by ID": { + "$ref": "./examples/updatePolicyAssignmentWithIdentityById.json" + } + }, + "parameters": [ + { + "name": "policyAssignmentId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the policy assignment to update. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.", + "x-ms-skip-url-encoding": true + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyAssignmentUpdate" + }, + "description": "Parameters for policy assignment patch request." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy assignment.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + } + }, + "definitions": { + "CloudError": { + "type": "object", + "x-ms-external": true, + "properties": { + "error": { + "$ref": "../../../../../common-types/resource-management/v1/types.json#/definitions/ErrorResponse" + } + }, + "description": "An error response from a policy operation." + }, + "PolicyAssignmentProperties": { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "description": "The display name of the policy assignment." + }, + "policyDefinitionId": { + "type": "string", + "description": "The ID of the policy definition or policy set definition being assigned." + }, + "definitionVersion": { + "type": "string", + "description": "The version of the policy definition to use." + }, + "scope": { + "type": "string", + "description": "The scope for the policy assignment.", + "readOnly": true + }, + "notScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The policy's excluded scopes." + }, + "parameters": { + "description": "The parameter values for the assigned policy rule. The keys are the parameter names.", + "$ref": "#/definitions/ParameterValues" + }, + "description": { + "type": "string", + "description": "This message will be part of response in case of policy violation." + }, + "metadata": { + "type": "object", + "description": "The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs." + }, + "enforcementMode": { + "type": "string", + "description": "The policy assignment enforcement mode. Possible values are Default and DoNotEnforce.", + "enum": [ + "Default", + "DoNotEnforce" + ], + "x-ms-enum": { + "name": "enforcementMode", + "modelAsString": true, + "values": [ + { + "value": "Default", + "description": "The policy effect is enforced during resource creation or update." + }, + { + "value": "DoNotEnforce", + "description": "The policy effect is not enforced during resource creation or update." + } + ] + }, + "default": "Default" + }, + "nonComplianceMessages": { + "type": "array", + "items": { + "$ref": "#/definitions/NonComplianceMessage" + }, + "x-ms-identifiers": [ + "message", + "policyDefinitionReferenceId" + ], + "description": "The messages that describe why a resource is non-compliant with the policy." + }, + "resourceSelectors": { + "type": "array", + "items": { + "$ref": "../../common/v2/types.json#/definitions/ResourceSelector" + }, + "x-ms-identifiers": [], + "description": "The resource selector list to filter policies by resource properties." + }, + "overrides": { + "type": "array", + "items": { + "$ref": "../../common/v2/types.json#/definitions/Override" + }, + "x-ms-identifiers": [], + "description": "The policy property value override." + }, + "assignmentType": { + "type": "string", + "description": "The type of policy assignment. Possible values are NotSpecified, System, SystemHidden, and Custom. Immutable.", + "enum": [ + "NotSpecified", + "System", + "SystemHidden", + "Custom" + ], + "x-ms-enum": { + "name": "assignmentType", + "modelAsString": true + } + } + }, + "description": "The policy assignment properties." + }, + "NonComplianceMessage": { + "type": "object", + "properties": { + "message": { + "type": "string", + "description": "A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results." + }, + "policyDefinitionReferenceId": { + "type": "string", + "description": "The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment." + } + }, + "required": [ + "message" + ], + "description": "A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results." + }, + "ParameterValues": { + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/ParameterValuesValue" + }, + "description": "The parameter values for the policy rule. The keys are the parameter names." + }, + "ParameterValuesValue": { + "type": "object", + "properties": { + "value": { + "description": "The value of the parameter.", + "type": "object" + } + }, + "description": "The value of a parameter." + }, + "PolicyAssignment": { + "type": "object", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/PolicyAssignmentProperties", + "description": "Properties for the policy assignment." + }, + "id": { + "type": "string", + "description": "The ID of the policy assignment.", + "readOnly": true + }, + "type": { + "type": "string", + "description": "The type of the policy assignment.", + "readOnly": true + }, + "name": { + "type": "string", + "description": "The name of the policy assignment.", + "readOnly": true + }, + "location": { + "type": "string", + "description": "The location of the policy assignment. Only required when utilizing managed identity." + }, + "identity": { + "$ref": "#/definitions/Identity", + "description": "The managed identity associated with the policy assignment." + }, + "systemData": { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/definitions/systemData", + "readOnly": true, + "description": "The system metadata relating to this resource." + } + }, + "description": "The policy assignment.", + "x-ms-azure-resource": true + }, + "PolicyAssignmentListResult": { + "type": "object", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/PolicyAssignment" + }, + "x-ms-identifiers": [], + "description": "An array of policy assignments." + }, + "nextLink": { + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "description": "List of policy assignments." + }, + "Identity": { + "type": "object", + "properties": { + "principalId": { + "readOnly": true, + "type": "string", + "description": "The principal ID of the resource identity. This property will only be provided for a system assigned identity" + }, + "tenantId": { + "readOnly": true, + "type": "string", + "description": "The tenant ID of the resource identity. This property will only be provided for a system assigned identity" + }, + "type": { + "type": "string", + "description": "The identity type. This is the only required field when adding a system or user assigned identity to a resource.", + "enum": [ + "SystemAssigned", + "UserAssigned", + "None" + ], + "x-ms-enum": { + "name": "ResourceIdentityType", + "modelAsString": false, + "values": [ + { + "value": "SystemAssigned", + "description": "Indicates that a system assigned identity is associated with the resource." + }, + { + "value": "UserAssigned", + "description": "Indicates that a system assigned identity is associated with the resource." + }, + { + "value": "None", + "description": "Indicates that no identity is associated with the resource or that the existing identity should be removed." + } + ] + } + }, + "userAssignedIdentities": { + "type": "object", + "additionalProperties": { + "type": "object", + "x-ms-client-name": "userAssignedIdentitiesValue", + "properties": { + "principalId": { + "readOnly": true, + "type": "string", + "description": "The principal id of user assigned identity." + }, + "clientId": { + "readOnly": true, + "type": "string", + "description": "The client id of user assigned identity." + } + } + }, + "description": "The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'." + } + }, + "description": "Identity for the resource. Policy assignments support a maximum of one identity. That is either a system assigned identity or a single user assigned identity." + }, + "PolicyAssignmentUpdateProperties": { + "type": "object", + "properties": { + "resourceSelectors": { + "type": "array", + "items": { + "$ref": "../../common/v2/types.json#/definitions/ResourceSelector" + }, + "x-ms-identifiers": [], + "description": "The resource selector list to filter policies by resource properties." + }, + "overrides": { + "type": "array", + "items": { + "$ref": "../../common/v2/types.json#/definitions/Override" + }, + "x-ms-identifiers": [], + "description": "The policy property value override." + } + }, + "description": "The policy assignment properties for Patch request." + }, + "PolicyAssignmentUpdate": { + "type": "object", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/PolicyAssignmentUpdateProperties", + "description": "The policy assignment properties for Patch request." + }, + "location": { + "type": "string", + "description": "The location of the policy assignment. Only required when utilizing managed identity." + }, + "identity": { + "$ref": "#/definitions/Identity", + "description": "The managed identity associated with the policy assignment." + } + }, + "description": "The policy assignment for Patch request." + } + }, + "parameters": { + "ManagementGroupIdParameter": { + "name": "managementGroupId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the management group.", + "x-ms-parameter-location": "method" + }, + "PolicyAssignmentsFilterParameter": { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atScope() is provided, the returned list only includes all policy assignments that apply to the scope, which is everything in the unfiltered list except those applied to sub scopes contained within the given scope. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the given scope. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value}.", + "x-ms-skip-url-encoding": true, + "x-ms-parameter-location": "method" + }, + "TopParameter": { + "name": "$top", + "in": "query", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000, + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/policyDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/policyDefinitionVersions.json new file mode 100644 index 000000000000..e54a13d9c570 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/policyDefinitionVersions.json @@ -0,0 +1,822 @@ +{ + "swagger": "2.0", + "info": { + "title": "PolicyClient", + "version": "2024-05-01", + "description": "To manage and control access to your resources, you can define customized policies and assign them at a scope." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow.", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/providers/Microsoft.Authorization/listPolicyDefinitionVersions": { + "post": { + "tags": [ + "PolicyDefinitionVersions" + ], + "operationId": "PolicyDefinitionVersions_ListAllBuiltins", + "summary": "Lists all built-in policy definition versions.", + "description": "This operation lists all the built-in policy definition versions for all built-in policy definitions.", + "x-ms-examples": { + "List all built-in policy definition versions": { + "$ref": "./examples/listAllBuiltInPolicyDefinitionVersions.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy definition versions.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/listPolicyDefinitionVersions": { + "post": { + "tags": [ + "PolicyDefinitionVersions" + ], + "operationId": "PolicyDefinitionVersions_ListAllAtManagementGroup", + "summary": "Lists all policy definition versions at management group scope.", + "description": "This operation lists all the policy definition versions for all policy definitions at the management group scope.", + "x-ms-examples": { + "List all policy definition versions at management group": { + "$ref": "./examples/listAllPolicyDefinitionVersionsByManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy definition versions.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/listPolicyDefinitionVersions": { + "post": { + "tags": [ + "PolicyDefinitionVersions" + ], + "operationId": "PolicyDefinitionVersions_ListAll", + "summary": "Lists all policy definition versions within a subscription.", + "description": "This operation lists all the policy definition versions for all policy definitions within a subscription.", + "x-ms-examples": { + "List all policy definition versions at subscription": { + "$ref": "./examples/listAllPolicyDefinitionVersions.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy definition versions.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions/{policyDefinitionVersion}": { + "put": { + "tags": [ + "PolicyDefinitionVersions" + ], + "operationId": "PolicyDefinitionVersions_CreateOrUpdate", + "summary": "Creates or updates a policy definition in a subscription.", + "description": "This operation creates or updates a policy definition in the given subscription with the given name.", + "x-ms-examples": { + "Create or update a policy definition version": { + "$ref": "./examples/createOrUpdatePolicyDefinitionVersion.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/PolicyDefinitionName" + }, + { + "$ref": "#/parameters/PolicyDefinitionVersion" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + }, + "description": "The policy definition properties." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "201": { + "description": "Created - Returns information about the policy definition version.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + } + }, + "200": { + "description": "OK - Successfully updated policy definition version.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "delete": { + "tags": [ + "PolicyDefinitionVersions" + ], + "operationId": "PolicyDefinitionVersions_Delete", + "summary": "Deletes a policy definition version in a subscription.", + "description": "This operation deletes the policy definition version in the given subscription with the given name.", + "x-ms-examples": { + "Delete a policy definition version": { + "$ref": "./examples/deletePolicyDefinitionVersion.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/PolicyDefinitionName" + }, + { + "$ref": "#/parameters/PolicyDefinitionVersion" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "200": { + "description": "OK" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "get": { + "tags": [ + "PolicyDefinitionVersions" + ], + "operationId": "PolicyDefinitionVersions_Get", + "summary": "Retrieves a policy definition version in a subscription.", + "description": "This operation retrieves the policy definition version in the given subscription with the given name.", + "x-ms-examples": { + "Retrieve a policy definition version": { + "$ref": "./examples/getPolicyDefinitionVersion.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/PolicyDefinitionName" + }, + { + "$ref": "#/parameters/PolicyDefinitionVersion" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy definition.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions/{policyDefinitionVersion}": { + "get": { + "tags": [ + "PolicyDefinitionVersions" + ], + "operationId": "PolicyDefinitionVersions_GetBuiltIn", + "summary": "Retrieves a built-in policy definition version.", + "description": "This operation retrieves the built-in policy definition version with the given name.", + "x-ms-examples": { + "Retrieve a built-in policy definition version": { + "$ref": "./examples/getBuiltinPolicyDefinitionVersion.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/PolicyDefinitionName" + }, + { + "$ref": "#/parameters/PolicyDefinitionVersion" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the built-in policy definition.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions/{policyDefinitionVersion}": { + "put": { + "tags": [ + "PolicyDefinitionVersions" + ], + "operationId": "PolicyDefinitionVersions_CreateOrUpdateAtManagementGroup", + "summary": "Creates or updates a policy definition version in a management group.", + "description": "This operation creates or updates a policy definition version in the given management group with the given name.", + "x-ms-examples": { + "Create or update a policy definition version at management group level": { + "$ref": "./examples/createOrUpdatePolicyDefinitionVersionAtManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "$ref": "#/parameters/PolicyDefinitionName" + }, + { + "$ref": "#/parameters/PolicyDefinitionVersion" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + }, + "description": "The policy definition properties." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "201": { + "description": "Created - Returns information about the policy definition version.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + } + }, + "200": { + "description": "OK - Successfully updated policy definition version.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "delete": { + "tags": [ + "PolicyDefinitionVersions" + ], + "operationId": "PolicyDefinitionVersions_DeleteAtManagementGroup", + "summary": "Deletes a policy definition in a management group.", + "description": "This operation deletes the policy definition in the given management group with the given name.", + "x-ms-examples": { + "Delete a policy definition version at management group level": { + "$ref": "./examples/deletePolicyDefinitionVersionAtManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "$ref": "#/parameters/PolicyDefinitionName" + }, + { + "$ref": "#/parameters/PolicyDefinitionVersion" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "200": { + "description": "OK" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "get": { + "tags": [ + "PolicyDefinitionVersions" + ], + "operationId": "PolicyDefinitionVersions_GetAtManagementGroup", + "summary": "Retrieve a policy definition version in a management group.", + "description": "This operation retrieves the policy definition version in the given management group with the given name.", + "x-ms-examples": { + "Retrieve a policy definition version at management group level": { + "$ref": "./examples/getPolicyDefinitionVersionAtManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "$ref": "#/parameters/PolicyDefinitionName" + }, + { + "$ref": "#/parameters/PolicyDefinitionVersion" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy definition.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions": { + "get": { + "tags": [ + "PolicyDefinitionVersions" + ], + "operationId": "PolicyDefinitionVersions_List", + "summary": "Retrieves policy definition versions for a given policy definition in a subscription", + "description": "This operation retrieves a list of all the policy definition versions for the given policy definition.", + "x-ms-examples": { + "List policy definition versions by subscription": { + "$ref": "./examples/listPolicyDefinitionVersions.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/PolicyDefinitionName" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/TopParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy definition versions.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions": { + "get": { + "tags": [ + "PolicyDefinitionVersions" + ], + "operationId": "PolicyDefinitionVersions_ListBuiltIn", + "summary": "Retrieve built-in policy definition versions", + "description": "This operation retrieves a list of all the built-in policy definition versions for the given policy definition.", + "x-ms-examples": { + "List built-in policy definition versions": { + "$ref": "./examples/listBuiltInPolicyDefinitionVersions.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/PolicyDefinitionName" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/TopParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of built-in policy definition versions.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions": { + "get": { + "tags": [ + "PolicyDefinitionVersions" + ], + "operationId": "PolicyDefinitionVersions_ListByManagementGroup", + "summary": "Retrieve policy definition versions in a management group policy definition.", + "description": "This operation retrieves a list of all the policy definition versions for the given policy definition in the given management group.", + "x-ms-examples": { + "List policy definition versions by management group": { + "$ref": "./examples/listPolicyDefinitionVersionsByManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "$ref": "#/parameters/PolicyDefinitionName" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/TopParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy definition versions.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + } + }, + "definitions": { + "CloudError": { + "type": "object", + "x-ms-external": true, + "properties": { + "error": { + "$ref": "../../../../../common-types/resource-management/v1/types.json#/definitions/ErrorResponse" + } + }, + "description": "An error response from a policy operation." + }, + "PolicyDefinitionVersionProperties": { + "type": "object", + "properties": { + "policyType": { + "type": "string", + "description": "The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.", + "enum": [ + "NotSpecified", + "BuiltIn", + "Custom", + "Static" + ], + "x-ms-enum": { + "name": "policyType", + "modelAsString": true + } + }, + "mode": { + "type": "string", + "description": "The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.", + "default": "Indexed" + }, + "displayName": { + "type": "string", + "description": "The display name of the policy definition." + }, + "description": { + "type": "string", + "description": "The policy definition description." + }, + "policyRule": { + "type": "object", + "description": "The policy rule." + }, + "metadata": { + "type": "object", + "description": "The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs." + }, + "parameters": { + "description": "The parameter definitions for parameters used in the policy rule. The keys are the parameter names.", + "$ref": "#/definitions/ParameterDefinitions" + }, + "version": { + "type": "string", + "description": "The policy definition version in #.#.# format." + } + }, + "description": "The policy definition properties." + }, + "ParameterDefinitionsValue": { + "type": "object", + "properties": { + "type": { + "description": "The data type of the parameter.", + "type": "string", + "enum": [ + "String", + "Array", + "Object", + "Boolean", + "Integer", + "Float", + "DateTime" + ], + "x-ms-enum": { + "name": "parameterType", + "modelAsString": true + } + }, + "allowedValues": { + "type": "array", + "items": { + "type": "object" + }, + "x-ms-identifiers": [], + "description": "The allowed values for the parameter." + }, + "defaultValue": { + "type": "object", + "description": "The default value for the parameter if no value is provided." + }, + "schema": { + "type": "object", + "description": "Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/." + }, + "metadata": { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "description": "The display name for the parameter." + }, + "description": { + "type": "string", + "description": "The description of the parameter." + }, + "strongType": { + "type": "string", + "description": "Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from." + }, + "assignPermissions": { + "type": "boolean", + "description": "Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope." + } + }, + "additionalProperties": { + "type": "object" + }, + "description": "General metadata for the parameter." + } + }, + "description": "The definition of a parameter that can be provided to the policy." + }, + "ParameterDefinitions": { + "description": "The parameter definitions for parameters used in the policy. The keys are the parameter names.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/ParameterDefinitionsValue" + } + }, + "PolicyDefinitionVersion": { + "type": "object", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/PolicyDefinitionVersionProperties", + "description": "The policy definition version properties." + }, + "id": { + "readOnly": true, + "type": "string", + "description": "The ID of the policy definition version." + }, + "name": { + "readOnly": true, + "type": "string", + "description": "The name of the policy definition version." + }, + "type": { + "readOnly": true, + "type": "string", + "description": "The type of the resource (Microsoft.Authorization/policyDefinitions/versions)." + }, + "systemData": { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/definitions/systemData", + "readOnly": true, + "description": "The system metadata relating to this resource." + } + }, + "description": "The ID of the policy definition version.", + "x-ms-azure-resource": true + }, + "PolicyDefinitionVersionListResult": { + "type": "object", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/PolicyDefinitionVersion" + }, + "description": "An array of policy definitions versions." + }, + "nextLink": { + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "description": "List of policy definition versions." + } + }, + "parameters": { + "PolicyDefinitionName": { + "name": "policyDefinitionName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy definition.", + "x-ms-parameter-location": "method" + }, + "PolicyDefinitionVersion": { + "name": "policyDefinitionVersion", + "in": "path", + "required": true, + "type": "string", + "pattern": "^\\d+\\.\\d+\\.\\d+$", + "description": "The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number", + "x-ms-parameter-location": "method" + }, + "PolicyDefinitionsFilterParameter": { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}.", + "x-ms-skip-url-encoding": true, + "x-ms-parameter-location": "method" + }, + "TopParameter": { + "name": "$top", + "in": "query", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000, + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/policyDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/policyDefinitions.json new file mode 100644 index 000000000000..36d952e6f2ee --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/policyDefinitions.json @@ -0,0 +1,716 @@ +{ + "swagger": "2.0", + "info": { + "title": "PolicyClient", + "version": "2024-05-01", + "description": "To manage and control access to your resources, you can define customized policies and assign them at a scope." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow.", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}": { + "put": { + "tags": [ + "PolicyDefinitions" + ], + "operationId": "PolicyDefinitions_CreateOrUpdate", + "summary": "Creates or updates a policy definition in a subscription.", + "description": "This operation creates or updates a policy definition in the given subscription with the given name.", + "x-ms-examples": { + "Create or update a policy definition": { + "$ref": "./examples/createOrUpdatePolicyDefinition.json" + }, + "Create or update a policy definition with advanced parameters": { + "$ref": "./examples/createOrUpdatePolicyDefinitionAdvancedParams.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy definition to create." + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyDefinition" + }, + "description": "The policy definition properties." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "201": { + "description": "Created - Returns information about the policy definition.", + "schema": { + "$ref": "#/definitions/PolicyDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "delete": { + "tags": [ + "PolicyDefinitions" + ], + "operationId": "PolicyDefinitions_Delete", + "summary": "Deletes a policy definition in a subscription.", + "description": "This operation deletes the policy definition in the given subscription with the given name.", + "x-ms-examples": { + "Delete a policy definition": { + "$ref": "./examples/deletePolicyDefinition.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy definition to delete." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "200": { + "description": "OK" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "get": { + "tags": [ + "PolicyDefinitions" + ], + "operationId": "PolicyDefinitions_Get", + "summary": "Retrieves a policy definition in a subscription.", + "description": "This operation retrieves the policy definition in the given subscription with the given name.", + "x-ms-examples": { + "Retrieve a policy definition": { + "$ref": "./examples/getPolicyDefinition.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy definition to get." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy definition.", + "schema": { + "$ref": "#/definitions/PolicyDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}": { + "get": { + "tags": [ + "PolicyDefinitions" + ], + "operationId": "PolicyDefinitions_GetBuiltIn", + "summary": "Retrieves a built-in policy definition.", + "description": "This operation retrieves the built-in policy definition with the given name.", + "x-ms-examples": { + "Retrieve a built-in policy definition": { + "$ref": "./examples/getBuiltinPolicyDefinition.json" + } + }, + "parameters": [ + { + "name": "policyDefinitionName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the built-in policy definition to get." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the built-in policy definition.", + "schema": { + "$ref": "#/definitions/PolicyDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}": { + "put": { + "tags": [ + "PolicyDefinitions" + ], + "operationId": "PolicyDefinitions_CreateOrUpdateAtManagementGroup", + "summary": "Creates or updates a policy definition in a management group.", + "description": "This operation creates or updates a policy definition in the given management group with the given name.", + "x-ms-examples": { + "Create or update a policy definition at management group level": { + "$ref": "./examples/createOrUpdatePolicyDefinitionAtManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/ManagementGroupIdParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy definition to create." + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyDefinition" + }, + "description": "The policy definition properties." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "201": { + "description": "Created - Returns information about the policy definition.", + "schema": { + "$ref": "#/definitions/PolicyDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "delete": { + "tags": [ + "PolicyDefinitions" + ], + "operationId": "PolicyDefinitions_DeleteAtManagementGroup", + "summary": "Deletes a policy definition in a management group.", + "description": "This operation deletes the policy definition in the given management group with the given name.", + "x-ms-examples": { + "Delete a policy definition at management group level": { + "$ref": "./examples/deletePolicyDefinitionAtManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/ManagementGroupIdParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy definition to delete." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "200": { + "description": "OK" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "get": { + "tags": [ + "PolicyDefinitions" + ], + "operationId": "PolicyDefinitions_GetAtManagementGroup", + "summary": "Retrieve a policy definition in a management group.", + "description": "This operation retrieves the policy definition in the given management group with the given name.", + "x-ms-examples": { + "Retrieve a policy definition at management group level": { + "$ref": "./examples/getPolicyDefinitionAtManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/ManagementGroupIdParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy definition to get." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy definition.", + "schema": { + "$ref": "#/definitions/PolicyDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions": { + "get": { + "tags": [ + "PolicyDefinitions" + ], + "operationId": "PolicyDefinitions_List", + "summary": "Retrieves policy definitions in a subscription", + "description": "This operation retrieves a list of all the policy definitions in a given subscription that match the optional given $filter. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, the unfiltered list includes all policy definitions associated with the subscription, including those that apply directly or from management groups that contain the given subscription. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given subscription. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}.", + "x-ms-examples": { + "List policy definitions by subscription": { + "$ref": "./examples/listPolicyDefinitions.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/PolicyDefinitionsFilterParameter" + }, + { + "$ref": "#/parameters/TopParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy definitions.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Authorization/policyDefinitions": { + "get": { + "tags": [ + "PolicyDefinitions" + ], + "operationId": "PolicyDefinitions_ListBuiltIn", + "summary": "Retrieve built-in policy definitions", + "description": "This operation retrieves a list of all the built-in policy definitions that match the optional given $filter. If $filter='policyType -eq {value}' is provided, the returned list only includes all built-in policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all built-in policy definitions whose category match the {value}.", + "x-ms-examples": { + "List built-in policy definitions": { + "$ref": "./examples/listBuiltInPolicyDefinitions.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/PolicyDefinitionsFilterParameter" + }, + { + "$ref": "#/parameters/TopParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of built-in policy definitions.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policyDefinitions": { + "get": { + "tags": [ + "PolicyDefinitions" + ], + "operationId": "PolicyDefinitions_ListByManagementGroup", + "summary": "Retrieve policy definitions in a management group", + "description": "This operation retrieves a list of all the policy definitions in a given management group that match the optional given $filter. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, the unfiltered list includes all policy definitions associated with the management group, including those that apply directly or from management groups that contain the given management group. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given management group. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}.", + "x-ms-examples": { + "List policy definitions by management group": { + "$ref": "./examples/listPolicyDefinitionsByManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/ManagementGroupIdParameter" + }, + { + "$ref": "#/parameters/PolicyDefinitionsFilterParameter" + }, + { + "$ref": "#/parameters/TopParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy definitions.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + } + }, + "definitions": { + "CloudError": { + "type": "object", + "x-ms-external": true, + "properties": { + "error": { + "$ref": "../../../../../common-types/resource-management/v1/types.json#/definitions/ErrorResponse" + } + }, + "description": "An error response from a policy operation." + }, + "PolicyDefinitionProperties": { + "type": "object", + "properties": { + "policyType": { + "type": "string", + "description": "The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.", + "enum": [ + "NotSpecified", + "BuiltIn", + "Custom", + "Static" + ], + "x-ms-enum": { + "name": "policyType", + "modelAsString": true + } + }, + "mode": { + "type": "string", + "description": "The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.", + "default": "Indexed" + }, + "displayName": { + "type": "string", + "description": "The display name of the policy definition." + }, + "description": { + "type": "string", + "description": "The policy definition description." + }, + "policyRule": { + "type": "object", + "description": "The policy rule." + }, + "metadata": { + "type": "object", + "description": "The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs." + }, + "parameters": { + "description": "The parameter definitions for parameters used in the policy rule. The keys are the parameter names.", + "$ref": "#/definitions/ParameterDefinitions" + }, + "version": { + "type": "string", + "description": "The policy definition version in #.#.# format." + }, + "versions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of available versions for this policy definition." + } + }, + "description": "The policy definition properties." + }, + "ParameterDefinitionsValue": { + "type": "object", + "properties": { + "type": { + "description": "The data type of the parameter.", + "type": "string", + "enum": [ + "String", + "Array", + "Object", + "Boolean", + "Integer", + "Float", + "DateTime" + ], + "x-ms-enum": { + "name": "parameterType", + "modelAsString": true + } + }, + "allowedValues": { + "type": "array", + "items": { + "type": "object" + }, + "x-ms-identifiers": [], + "description": "The allowed values for the parameter." + }, + "defaultValue": { + "type": "object", + "description": "The default value for the parameter if no value is provided." + }, + "schema": { + "type": "object", + "description": "Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/." + }, + "metadata": { + "type": "object", + "properties": { + "displayName": { + "type": "string", + "description": "The display name for the parameter." + }, + "description": { + "type": "string", + "description": "The description of the parameter." + }, + "strongType": { + "type": "string", + "description": "Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from." + }, + "assignPermissions": { + "type": "boolean", + "description": "Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope." + } + }, + "additionalProperties": { + "type": "object" + }, + "description": "General metadata for the parameter." + } + }, + "description": "The definition of a parameter that can be provided to the policy." + }, + "ParameterDefinitions": { + "description": "The parameter definitions for parameters used in the policy. The keys are the parameter names.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/ParameterDefinitionsValue" + } + }, + "PolicyDefinition": { + "type": "object", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/PolicyDefinitionProperties", + "description": "The policy definition properties." + }, + "id": { + "readOnly": true, + "type": "string", + "description": "The ID of the policy definition." + }, + "name": { + "readOnly": true, + "type": "string", + "description": "The name of the policy definition." + }, + "type": { + "readOnly": true, + "type": "string", + "description": "The type of the resource (Microsoft.Authorization/policyDefinitions)." + }, + "systemData": { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/definitions/systemData", + "readOnly": true, + "description": "The system metadata relating to this resource." + } + }, + "description": "The policy definition.", + "x-ms-azure-resource": true + }, + "PolicyDefinitionListResult": { + "type": "object", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/PolicyDefinition" + }, + "description": "An array of policy definitions." + }, + "nextLink": { + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "description": "List of policy definitions." + } + }, + "parameters": { + "ManagementGroupIdParameter": { + "name": "managementGroupId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the management group.", + "x-ms-parameter-location": "method" + }, + "PolicyDefinitionsFilterParameter": { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}.", + "x-ms-skip-url-encoding": true, + "x-ms-parameter-location": "method" + }, + "TopParameter": { + "name": "$top", + "in": "query", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000, + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/policySetDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/policySetDefinitionVersions.json new file mode 100644 index 000000000000..03b687410544 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/policySetDefinitionVersions.json @@ -0,0 +1,826 @@ +{ + "swagger": "2.0", + "info": { + "title": "PolicyClient", + "version": "2024-05-01", + "description": "To manage and control access to your resources, you can define customized policies and assign them at a scope." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow.", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/providers/Microsoft.Authorization/listPolicySetDefinitionVersions": { + "post": { + "tags": [ + "PolicySetDefinitionVersions" + ], + "operationId": "PolicySetDefinitionVersions_ListAllBuiltins", + "summary": "Lists all built-in policy set definition versions.", + "description": "This operation lists all the built-in policy set definition versions for all built-in policy set definitions.", + "x-ms-examples": { + "List all built-in policy definition versions": { + "$ref": "./examples/listAllBuiltInPolicySetDefinitionVersions.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy set definition versions.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/listPolicySetDefinitionVersions": { + "post": { + "tags": [ + "PolicySetDefinitionVersions" + ], + "operationId": "PolicySetDefinitionVersions_ListAllAtManagementGroup", + "summary": "Lists all policy set definition versions at management group scope.", + "description": "This operation lists all the policy set definition versions for all policy set definitions at the management group scope.", + "x-ms-examples": { + "List all policy definition versions at management group": { + "$ref": "./examples/listAllPolicySetDefinitionVersionsByManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy set definition versions.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/listPolicySetDefinitionVersions": { + "post": { + "tags": [ + "PolicySetDefinitionVersions" + ], + "operationId": "PolicySetDefinitionVersions_ListAll", + "summary": "Lists all policy set definition versions within a subscription.", + "description": "This operation lists all the policy set definition versions for all policy set definitions within a subscription.", + "x-ms-examples": { + "List all policy definition versions at subscription": { + "$ref": "./examples/listAllPolicySetDefinitionVersions.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy set definition versions.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions/{policyDefinitionVersion}": { + "put": { + "tags": [ + "PolicySetDefinitionVersions" + ], + "operationId": "PolicySetDefinitionVersions_CreateOrUpdate", + "summary": "Creates or updates a policy set definition version.", + "description": "This operation creates or updates a policy set definition version in the given subscription with the given name and version.", + "x-ms-examples": { + "Create or update a policy set definition version": { + "$ref": "./examples/createOrUpdatePolicySetDefinitionVersion.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/PolicySetDefinitionName" + }, + { + "$ref": "#/parameters/PolicySetDefinitionVersion" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + }, + "description": "The policy set definition properties." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "201": { + "description": "Created - Returns information about the policy set definition version.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + } + }, + "200": { + "description": "OK - Successfully updated policy set definition version.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "delete": { + "tags": [ + "PolicySetDefinitionVersions" + ], + "operationId": "PolicySetDefinitionVersions_Delete", + "summary": "Deletes a policy set definition version.", + "description": "This operation deletes the policy set definition version in the given subscription with the given name and version.", + "x-ms-examples": { + "Delete a policy set definition version": { + "$ref": "./examples/deletePolicySetDefinitionVersion.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/PolicySetDefinitionName" + }, + { + "$ref": "#/parameters/PolicySetDefinitionVersion" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "204": { + "description": "No Content - the policy set definition doesn't exist in the subscription." + }, + "200": { + "description": "OK" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "get": { + "tags": [ + "PolicySetDefinitionVersions" + ], + "operationId": "PolicySetDefinitionVersions_Get", + "summary": "Retrieves a policy set definition version.", + "description": "This operation retrieves the policy set definition version in the given subscription with the given name and version.", + "x-ms-examples": { + "Retrieve a policy set definition version": { + "$ref": "./examples/getPolicySetDefinitionVersion.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/PolicySetDefinitionName" + }, + { + "$ref": "#/parameters/PolicySetDefinitionVersion" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy set definition version.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions/{policyDefinitionVersion}": { + "get": { + "tags": [ + "PolicySetDefinitionVersions" + ], + "operationId": "PolicySetDefinitionVersions_GetBuiltIn", + "summary": "Retrieves a built in policy set definition version.", + "description": "This operation retrieves the built-in policy set definition version with the given name and version.", + "x-ms-examples": { + "Retrieve a built-in policy set definition version": { + "$ref": "./examples/getBuiltInPolicySetDefinitionVersion.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/PolicySetDefinitionName" + }, + { + "$ref": "#/parameters/PolicySetDefinitionVersion" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the built in policy set definition version.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions": { + "get": { + "tags": [ + "PolicySetDefinitionVersions" + ], + "operationId": "PolicySetDefinitionVersions_List", + "summary": "Retrieves the policy set definition versions for a given policy set definition in a subscription.", + "description": "This operation retrieves a list of all the policy set definition versions for the given policy set definition.", + "x-ms-examples": { + "List policy set definitions": { + "$ref": "./examples/listPolicySetDefinitionVersions.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "#/parameters/PolicySetDefinitionName" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/TopParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy set definition versions.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions": { + "get": { + "tags": [ + "PolicySetDefinitionVersions" + ], + "operationId": "PolicySetDefinitionVersions_ListBuiltIn", + "summary": "Retrieves built-in policy set definition versions.", + "description": "This operation retrieves a list of all the built-in policy set definition versions for the given built-in policy set definition.", + "x-ms-examples": { + "List built-in policy set definitions": { + "$ref": "./examples/listBuiltInPolicySetDefinitionVersions.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/PolicySetDefinitionName" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/TopParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of built in policy set definition versions.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions/{policyDefinitionVersion}": { + "put": { + "tags": [ + "PolicySetDefinitionVersions" + ], + "operationId": "PolicySetDefinitionVersions_CreateOrUpdateAtManagementGroup", + "summary": "Creates or updates a policy set definition version.", + "description": "This operation creates or updates a policy set definition version in the given management group with the given name and version.", + "x-ms-examples": { + "Create or update a policy set definition version at management group level": { + "$ref": "./examples/createOrUpdatePolicySetDefinitionVersionAtManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "$ref": "#/parameters/PolicySetDefinitionName" + }, + { + "$ref": "#/parameters/PolicySetDefinitionVersion" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + }, + "description": "The policy set definition version properties." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "201": { + "description": "Created - Returns information about the policy set definition version.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + } + }, + "200": { + "description": "OK - Successfully updated policy set definition version.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "delete": { + "tags": [ + "PolicySetDefinitionVersions" + ], + "operationId": "PolicySetDefinitionVersions_DeleteAtManagementGroup", + "summary": "Deletes a policy set definition version.", + "description": "This operation deletes the policy set definition version in the given management group with the given name and version.", + "x-ms-examples": { + "Delete a policy set definition version at management group level": { + "$ref": "./examples/deletePolicySetDefinitionVersionAtManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "$ref": "#/parameters/PolicySetDefinitionName" + }, + { + "$ref": "#/parameters/PolicySetDefinitionVersion" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "204": { + "description": "No Content - the policy set definition doesn't exist in the subscription." + }, + "200": { + "description": "OK" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "get": { + "tags": [ + "PolicySetDefinitionVersions" + ], + "operationId": "PolicySetDefinitionVersions_GetAtManagementGroup", + "summary": "Retrieves a policy set definition version.", + "description": "This operation retrieves the policy set definition version in the given management group with the given name and version.", + "x-ms-examples": { + "Retrieve a policy set definition version at management group level": { + "$ref": "./examples/getPolicySetDefinitionVersionAtManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "$ref": "#/parameters/PolicySetDefinitionName" + }, + { + "$ref": "#/parameters/PolicySetDefinitionVersion" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy set definition version.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions": { + "get": { + "tags": [ + "PolicySetDefinitionVersions" + ], + "operationId": "PolicySetDefinitionVersions_ListByManagementGroup", + "summary": "Retrieves all policy set definition versions for a given policy set definition in a management group.", + "description": "This operation retrieves a list of all the policy set definition versions for the given policy set definition in a given management group.", + "x-ms-examples": { + "List policy set definitions at management group level": { + "$ref": "./examples/listPolicySetDefinitionVersionsByManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "$ref": "#/parameters/PolicySetDefinitionName" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/TopParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy set definition versions.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + } + }, + "definitions": { + "CloudError": { + "type": "object", + "x-ms-external": true, + "properties": { + "error": { + "$ref": "../../../../../common-types/resource-management/v1/types.json#/definitions/ErrorResponse" + } + }, + "description": "An error response from a policy operation." + }, + "PolicySetDefinitionVersionProperties": { + "type": "object", + "properties": { + "policyType": { + "type": "string", + "description": "The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.", + "enum": [ + "NotSpecified", + "BuiltIn", + "Custom", + "Static" + ], + "x-ms-enum": { + "name": "policyType", + "modelAsString": true + } + }, + "displayName": { + "type": "string", + "description": "The display name of the policy set definition." + }, + "description": { + "type": "string", + "description": "The policy set definition description." + }, + "metadata": { + "type": "object", + "description": "The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs." + }, + "parameters": { + "description": "The policy set definition parameters that can be used in policy definition references.", + "$ref": "./policyDefinitions.json#/definitions/ParameterDefinitions" + }, + "policyDefinitions": { + "type": "array", + "items": { + "$ref": "#/definitions/PolicyDefinitionReference" + }, + "x-ms-identifiers": [ + "policyDefinitionReferenceId" + ], + "description": "An array of policy definition references." + }, + "policyDefinitionGroups": { + "type": "array", + "items": { + "$ref": "#/definitions/PolicyDefinitionGroup" + }, + "x-ms-identifiers": [ + "name" + ], + "description": "The metadata describing groups of policy definition references within the policy set definition." + }, + "version": { + "type": "string", + "description": "The policy set definition version in #.#.# format." + } + }, + "required": [ + "policyDefinitions" + ], + "description": "The policy set definition properties." + }, + "PolicyDefinitionReference": { + "type": "object", + "properties": { + "policyDefinitionId": { + "type": "string", + "description": "The ID of the policy definition or policy set definition." + }, + "definitionVersion": { + "type": "string", + "description": "The version of the policy definition to use." + }, + "parameters": { + "description": "The parameter values for the referenced policy rule. The keys are the parameter names.", + "$ref": "./policyAssignments.json#/definitions/ParameterValues" + }, + "policyDefinitionReferenceId": { + "type": "string", + "description": "A unique id (within the policy set definition) for this policy definition reference." + }, + "groupNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The name of the groups that this policy definition reference belongs to." + } + }, + "required": [ + "policyDefinitionId" + ], + "description": "The policy definition reference." + }, + "PolicyDefinitionGroup": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the group." + }, + "displayName": { + "type": "string", + "description": "The group's display name." + }, + "category": { + "type": "string", + "description": "The group's category." + }, + "description": { + "type": "string", + "description": "The group's description." + }, + "additionalMetadataId": { + "type": "string", + "description": "A resource ID of a resource that contains additional metadata about the group." + } + }, + "required": [ + "name" + ], + "description": "The policy definition group." + }, + "PolicySetDefinitionVersion": { + "type": "object", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/PolicySetDefinitionVersionProperties", + "description": "The policy set definition version properties." + }, + "id": { + "readOnly": true, + "type": "string", + "description": "The ID of the policy set definition version." + }, + "name": { + "readOnly": true, + "type": "string", + "description": "The name of the policy set definition version." + }, + "type": { + "readOnly": true, + "type": "string", + "description": "The type of the resource (Microsoft.Authorization/policySetDefinitions/versions)." + }, + "systemData": { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/definitions/systemData", + "readOnly": true, + "description": "The system metadata relating to this resource." + } + }, + "description": "The policy set definition version.", + "x-ms-azure-resource": true + }, + "PolicySetDefinitionVersionListResult": { + "type": "object", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + }, + "description": "An array of policy set definition versions." + }, + "nextLink": { + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "description": "List of policy set definition versions." + } + }, + "parameters": { + "PolicySetDefinitionName": { + "name": "policySetDefinitionName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy set definition.", + "x-ms-parameter-location": "method" + }, + "PolicySetDefinitionVersion": { + "name": "policyDefinitionVersion", + "in": "path", + "required": true, + "type": "string", + "pattern": "^\\d+\\.\\d+\\.\\d+$", + "description": "The policy set definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number", + "x-ms-parameter-location": "method" + }, + "PolicySetDefinitionsFilterParameter": { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}.", + "x-ms-skip-url-encoding": true, + "x-ms-parameter-location": "method" + }, + "TopParameter": { + "name": "$top", + "in": "query", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000, + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/policySetDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/policySetDefinitions.json new file mode 100644 index 000000000000..f53730a36a79 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/stable/2024-05-01/policySetDefinitions.json @@ -0,0 +1,735 @@ +{ + "swagger": "2.0", + "info": { + "title": "PolicyClient", + "version": "2024-05-01", + "description": "To manage and control access to your resources, you can define customized policies and assign them at a scope." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow.", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}": { + "put": { + "tags": [ + "PolicySetDefinitions" + ], + "operationId": "PolicySetDefinitions_CreateOrUpdate", + "summary": "Creates or updates a policy set definition.", + "description": "This operation creates or updates a policy set definition in the given subscription with the given name.", + "x-ms-examples": { + "Create or update a policy set definition": { + "$ref": "./examples/createOrUpdatePolicySetDefinition.json" + }, + "Create or update a policy set definition with groups": { + "$ref": "./examples/createOrUpdatePolicySetDefinitionWithGroups.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy set definition to create." + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + }, + "description": "The policy set definition properties." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "201": { + "description": "Created - Returns information about the policy set definition.", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "200": { + "description": "OK - Returns information about the policy set definition.", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "delete": { + "tags": [ + "PolicySetDefinitions" + ], + "operationId": "PolicySetDefinitions_Delete", + "summary": "Deletes a policy set definition.", + "description": "This operation deletes the policy set definition in the given subscription with the given name.", + "x-ms-examples": { + "Delete a policy set definition": { + "$ref": "./examples/deletePolicySetDefinition.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy set definition to delete." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "204": { + "description": "No Content - the policy set definition doesn't exist in the subscription." + }, + "200": { + "description": "OK" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "get": { + "tags": [ + "PolicySetDefinitions" + ], + "operationId": "PolicySetDefinitions_Get", + "summary": "Retrieves a policy set definition.", + "description": "This operation retrieves the policy set definition in the given subscription with the given name.", + "x-ms-examples": { + "Retrieve a policy set definition": { + "$ref": "./examples/getPolicySetDefinition.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy set definition to get." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy set definition.", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}": { + "get": { + "tags": [ + "PolicySetDefinitions" + ], + "operationId": "PolicySetDefinitions_GetBuiltIn", + "summary": "Retrieves a built in policy set definition.", + "description": "This operation retrieves the built-in policy set definition with the given name.", + "x-ms-examples": { + "Retrieve a built-in policy set definition": { + "$ref": "./examples/getBuiltInPolicySetDefinition.json" + } + }, + "parameters": [ + { + "name": "policySetDefinitionName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy set definition to get." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the built in policy set definition.", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions": { + "get": { + "tags": [ + "PolicySetDefinitions" + ], + "operationId": "PolicySetDefinitions_List", + "summary": "Retrieves the policy set definitions for a subscription.", + "description": "This operation retrieves a list of all the policy set definitions in a given subscription that match the optional given $filter. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, the unfiltered list includes all policy set definitions associated with the subscription, including those that apply directly or from management groups that contain the given subscription. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given subscription. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn and Custom. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}.", + "x-ms-examples": { + "List policy set definitions": { + "$ref": "./examples/listPolicySetDefinitions.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/PolicySetDefinitionsFilterParameter" + }, + { + "$ref": "#/parameters/TopParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy set definitions.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Authorization/policySetDefinitions": { + "get": { + "tags": [ + "PolicySetDefinitions" + ], + "operationId": "PolicySetDefinitions_ListBuiltIn", + "summary": "Retrieves built-in policy set definitions.", + "description": "This operation retrieves a list of all the built-in policy set definitions that match the optional given $filter. If $filter='category -eq {value}' is provided, the returned list only includes all built-in policy set definitions whose category match the {value}.", + "x-ms-examples": { + "List built-in policy set definitions": { + "$ref": "./examples/listBuiltInPolicySetDefinitions.json" + } + }, + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/PolicySetDefinitionsFilterParameter" + }, + { + "$ref": "#/parameters/TopParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of built in policy set definitions.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}": { + "put": { + "tags": [ + "PolicySetDefinitions" + ], + "operationId": "PolicySetDefinitions_CreateOrUpdateAtManagementGroup", + "summary": "Creates or updates a policy set definition.", + "description": "This operation creates or updates a policy set definition in the given management group with the given name.", + "x-ms-examples": { + "Create or update a policy set definition at management group level": { + "$ref": "./examples/createOrUpdatePolicySetDefinitionAtManagementGroup.json" + }, + "Create or update a policy set definition with groups at management group level": { + "$ref": "./examples/createOrUpdatePolicySetDefinitionWithGroupsAtManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/ManagementGroupIdParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy set definition to create." + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + }, + "description": "The policy set definition properties." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "201": { + "description": "Created - Returns information about the policy set definition.", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "200": { + "description": "OK - Returns information about the policy set definition.", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "delete": { + "tags": [ + "PolicySetDefinitions" + ], + "operationId": "PolicySetDefinitions_DeleteAtManagementGroup", + "summary": "Deletes a policy set definition.", + "description": "This operation deletes the policy set definition in the given management group with the given name.", + "x-ms-examples": { + "Delete a policy set definition at management group level": { + "$ref": "./examples/deletePolicySetDefinitionAtManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/ManagementGroupIdParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy set definition to delete." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "204": { + "description": "No Content - the policy set definition doesn't exist in the subscription." + }, + "200": { + "description": "OK" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + }, + "get": { + "tags": [ + "PolicySetDefinitions" + ], + "operationId": "PolicySetDefinitions_GetAtManagementGroup", + "summary": "Retrieves a policy set definition.", + "description": "This operation retrieves the policy set definition in the given management group with the given name.", + "x-ms-examples": { + "Retrieve a policy set definition at management group level": { + "$ref": "./examples/getPolicySetDefinitionAtManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/ManagementGroupIdParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", + "description": "The name of the policy set definition to get." + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the policy set definition.", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policySetDefinitions": { + "get": { + "tags": [ + "PolicySetDefinitions" + ], + "operationId": "PolicySetDefinitions_ListByManagementGroup", + "summary": "Retrieves all policy set definitions in management group.", + "description": "This operation retrieves a list of all the policy set definitions in a given management group that match the optional given $filter. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, the unfiltered list includes all policy set definitions associated with the management group, including those that apply directly or from management groups that contain the given management group. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given management group. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn and Custom. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}.", + "x-ms-examples": { + "List policy set definitions at management group level": { + "$ref": "./examples/listPolicySetDefinitionsByManagementGroup.json" + } + }, + "parameters": [ + { + "$ref": "#/parameters/ManagementGroupIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/PolicySetDefinitionsFilterParameter" + }, + { + "$ref": "#/parameters/TopParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of policy set definitions.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + } + }, + "definitions": { + "CloudError": { + "type": "object", + "x-ms-external": true, + "properties": { + "error": { + "$ref": "../../../../../common-types/resource-management/v1/types.json#/definitions/ErrorResponse" + } + }, + "description": "An error response from a policy operation." + }, + "PolicySetDefinitionProperties": { + "type": "object", + "properties": { + "policyType": { + "type": "string", + "description": "The type of policy set definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.", + "enum": [ + "NotSpecified", + "BuiltIn", + "Custom", + "Static" + ], + "x-ms-enum": { + "name": "policyType", + "modelAsString": true + } + }, + "displayName": { + "type": "string", + "description": "The display name of the policy set definition." + }, + "description": { + "type": "string", + "description": "The policy set definition description." + }, + "metadata": { + "type": "object", + "description": "The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs." + }, + "parameters": { + "description": "The policy set definition parameters that can be used in policy definition references.", + "$ref": "./policyDefinitions.json#/definitions/ParameterDefinitions" + }, + "policyDefinitions": { + "type": "array", + "items": { + "$ref": "#/definitions/PolicyDefinitionReference" + }, + "x-ms-identifiers": [ + "policyDefinitionReferenceId" + ], + "description": "An array of policy definition references." + }, + "policyDefinitionGroups": { + "type": "array", + "items": { + "$ref": "#/definitions/PolicyDefinitionGroup" + }, + "x-ms-identifiers": [ + "name" + ], + "description": "The metadata describing groups of policy definition references within the policy set definition." + }, + "version": { + "type": "string", + "description": "The policy set definition version in #.#.# format." + }, + "versions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of available versions for this policy set definition." + } + }, + "required": [ + "policyDefinitions" + ], + "description": "The policy set definition properties." + }, + "PolicyDefinitionReference": { + "type": "object", + "properties": { + "policyDefinitionId": { + "type": "string", + "description": "The ID of the policy definition or policy set definition." + }, + "definitionVersion": { + "type": "string", + "description": "The version of the policy definition to use." + }, + "parameters": { + "description": "The parameter values for the referenced policy rule. The keys are the parameter names.", + "$ref": "./policyAssignments.json#/definitions/ParameterValues" + }, + "policyDefinitionReferenceId": { + "type": "string", + "description": "A unique id (within the policy set definition) for this policy definition reference." + }, + "groupNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The name of the groups that this policy definition reference belongs to." + } + }, + "required": [ + "policyDefinitionId" + ], + "description": "The policy definition reference." + }, + "PolicyDefinitionGroup": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the group." + }, + "displayName": { + "type": "string", + "description": "The group's display name." + }, + "category": { + "type": "string", + "description": "The group's category." + }, + "description": { + "type": "string", + "description": "The group's description." + }, + "additionalMetadataId": { + "type": "string", + "description": "A resource ID of a resource that contains additional metadata about the group." + } + }, + "required": [ + "name" + ], + "description": "The policy definition group." + }, + "PolicySetDefinition": { + "type": "object", + "properties": { + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/PolicySetDefinitionProperties", + "description": "The policy set definition properties." + }, + "id": { + "readOnly": true, + "type": "string", + "description": "The ID of the policy set definition." + }, + "name": { + "readOnly": true, + "type": "string", + "description": "The name of the policy set definition." + }, + "type": { + "readOnly": true, + "type": "string", + "description": "The type of the resource (Microsoft.Authorization/policySetDefinitions)." + }, + "systemData": { + "$ref": "../../../../../common-types/resource-management/v5/types.json#/definitions/systemData", + "readOnly": true, + "description": "The system metadata relating to this resource." + } + }, + "description": "The policy set definition.", + "x-ms-azure-resource": true + }, + "PolicySetDefinitionListResult": { + "type": "object", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/PolicySetDefinition" + }, + "description": "An array of policy set definitions." + }, + "nextLink": { + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "description": "List of policy set definitions." + } + }, + "parameters": { + "ManagementGroupIdParameter": { + "name": "managementGroupId", + "in": "path", + "required": true, + "type": "string", + "description": "The ID of the management group.", + "x-ms-parameter-location": "method" + }, + "PolicySetDefinitionsFilterParameter": { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}.", + "x-ms-skip-url-encoding": true, + "x-ms-parameter-location": "method" + }, + "TopParameter": { + "name": "$top", + "in": "query", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000, + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "x-ms-parameter-location": "method" + } + } +} diff --git a/specification/resources/resource-manager/readme.md b/specification/resources/resource-manager/readme.md index 596a5be4769a..52d9c4d2dc38 100644 --- a/specification/resources/resource-manager/readme.md +++ b/specification/resources/resource-manager/readme.md @@ -42,7 +42,7 @@ tag: package-locks-2020-05 ``` ``` yaml $(package-policy) -tag: package-policy-2023-04 +tag: package-policy-2024-05-stable ``` ``` yaml $(package-resources) @@ -82,18 +82,36 @@ tag: package-snapshots-2022-11 ``` ``` yaml $(package-bicep) -tag: package-2024-04 +tag: package-bicep-2023-11 ``` -### Tag: package-2024-04 +### Tag: package-policy-2024-05-stable -These settings apply only when `--tag=package-2024-04` is specified on the command line. +These settings apply only when `--tag=package-policy-2024-05-stable` is specified on the command line. -```yaml $(tag) == 'package-2024-04' +```yaml $(tag) == 'package-policy-2024-05-stable' +input-file: +- Microsoft.Authorization/stable/2024-05-01/policyDefinitions.json +- Microsoft.Authorization/stable/2024-05-01/policyDefinitionVersions.json +- Microsoft.Authorization/stable/2024-05-01/policySetDefinitions.json +- Microsoft.Authorization/stable/2024-05-01/policySetDefinitionVersions.json +- Microsoft.Authorization/stable/2024-05-01/policyAssignments.json + +# Needed when there is more than one input file +override-info: + title: PolicyClient +``` + +### Tag: package-policy-2024-04 + +These settings apply only when `--tag=package-policy-2024-04` is specified on the command line. + +```yaml $(tag) == 'package-policy-2024-04' input-file: - Microsoft.Authorization/stable/2024-04-01/policyAssignments.json ``` + ### Tag: package-bicep-2023-11 These settings apply only when `--tag=package-bicep-2023-11` is specified on the command line. @@ -983,7 +1001,6 @@ input-file: directive: - suppress: UniqueResourcePaths from: policySetDefinitions.json - where: $.paths reason: policy set definition under an extension resource with Microsoft.Management - suppress: UniqueResourcePaths from: resources.json @@ -991,11 +1008,9 @@ directive: reason: route definitions under an extension resource with Microsoft.Management - suppress: UniqueResourcePaths from: policyDefinitions.json - where: $.paths reason: policy definition under an extension resource with Microsoft.Management - suppress: UniqueResourcePaths from: policyAssignments.json - where: $.paths reason: policy assignment under an extension resource with Microsoft.Management - suppress: UniqueResourcePaths from: policyExemptions.json @@ -1003,7 +1018,6 @@ directive: reason: policy exemption under an extension resource with Microsoft.Management - suppress: OperationsAPIImplementation from: policyAssignments.json - where: $.paths reason: operation APIs for Microsoft.Authorization are to be defined in RBAC swagger - suppress: OperationsAPIImplementation from: privateLinks.json @@ -1011,11 +1025,15 @@ directive: reason: operation APIs for Microsoft.Authorization are to be defined in RBAC swagger - suppress: OperationsAPIImplementation from: policyDefinitions.json - where: $.paths + reason: operation APIs for Microsoft.Authorization are to be defined in RBAC swagger + - suppress: OperationsAPIImplementation + from: policyDefinitionVersions.json reason: operation APIs for Microsoft.Authorization are to be defined in RBAC swagger - suppress: OperationsAPIImplementation from: policySetDefinitions.json - where: $.paths + reason: operation APIs for Microsoft.Authorization are to be defined in RBAC swagger + - suppress: OperationsAPIImplementation + from: policySetDefinitionVersions.json reason: operation APIs for Microsoft.Authorization are to be defined in RBAC swagger - suppress: OperationsAPIImplementation from: policyExemptions.json @@ -1031,8 +1049,19 @@ directive: reason: operation APIs for Microsoft.Authorization are to be defined in RBAC swagger - suppress: BodyTopLevelProperties from: policyAssignments.json - where: $.definitions.PolicyAssignment.properties - reason: Currently systemData is not allowed + reason: Currently systemData is not allowed. Lint bug - collection GET result contains value and nextLink properties. + - suppress: BodyTopLevelProperties + from: policyDefinitions.json + reason: Currently systemData is not allowed. Lint bug - collection GET result contains value and nextLink properties. + - suppress: BodyTopLevelProperties + from: policyDefinitionVersions.json + reason: Currently systemData is not allowed. Lint bug - collection GET result contains value and nextLink properties. + - suppress: BodyTopLevelProperties + from: policySetDefinitions.json + reason: Currently systemData is not allowed. Lint bug - collection GET result contains value and nextLink properties. + - suppress: BodyTopLevelProperties + from: policySetDefinitionVersions.json + reason: Currently systemData is not allowed. Lint bug - collection GET result contains value and nextLink properties. - suppress: BodyTopLevelProperties from: policyExemptions.json where: $.definitions.PolicyExemption.properties @@ -1107,7 +1136,7 @@ directive: reason: OperationsAPI will come from Resources - suppress: IntegerTypeMustHaveFormat from: deploymentScripts.json - reason: Tooling issue, default is int32, explictly mentioning the format as per doc, it still flags breaking change. + reason: Tooling issue, default is int32, explicitly mentioning the format as per doc, it still flags breaking change. - suppress: ResourceNameRestriction from: deploymentScripts.json reason: Pre-existing lint error. Not related to this version release. Will fix in the future. @@ -1343,30 +1372,75 @@ directive: - suppress: PathForTrackedResourceTypes from: resources.json reason: Not a tracked resource type. Cannot change anything due to design philosophy in ARM. + - suppress: PathForTrackedResourceTypes + from: policyAssignments.json + reason: Not a tracked resource type. The API has never been changed since inception. Would be a breaking change. - suppress: PostResponseCodes from: resources.json reason: Breaking change in order to change the API response code. - suppress: TenantLevelAPIsNotAllowed from: resources.json reason: Tenant level API's are allowed as an exception in ARM repo. It is a breaking change to modify it. + - suppress: TenantLevelAPIsNotAllowed + from: policyDefinitions.json + reason: Linter rule limitation. The API has always supported management group scope. + - suppress: TenantLevelAPIsNotAllowed + from: policyDefinitionVersions.json + reason: Linter rule limitation. The API has always supported management group scope. + - suppress: TenantLevelAPIsNotAllowed + from: policySetDefinitions.json + reason: Linter rule limitation. The API has always supported management group scope. + - suppress: TenantLevelAPIsNotAllowed + from: policySetDefinitionVersions.json + reason: Linter rule limitation. The API has always supported management group scope. + - suppress: TenantLevelAPIsNotAllowed + from: policyAssignments.json + reason: Linter rule limitation. The API has always supported management group scope. - suppress: XmsPageableForListCalls from: resources.json reason: Shared swagger with other teams. We cannot make changes to the API as we don't own it. - suppress: EvenSegmentedPathForPutOperation from: resources.json reason: Linter rule limitation. The API has never been changed since inception. Would be a breaking change. + - suppress: EvenSegmentedPathForPutOperation + from: policyAssignments.json + reason: Linter rule limitation. The API has never been changed since inception. Would be a breaking change. - suppress: DeleteResponseCodes from: resources.json reason: Breaking change in order to change the API response code. - suppress: PutResponseCodes from: resources.json reason: Breaking change in order to change the API response code. + - suppress: PutResponseCodes + from: policyDefinitions.json + reason: Linter rule limitation. The API has never been changed since inception. Would be a breaking change. + - suppress: PutResponseCodes + from: policySetDefinitions.json + reason: Linter rule limitation. The API has never been changed since inception. Would be a breaking change. + - suppress: PutResponseCodes + from: policyAssignments.json + reason: Linter rule limitation. The API has never been changed since inception. Would be a breaking change. - suppress: AvoidAdditionalProperties from: resources.json reason: Breaking change in order to change the property names for multiple API's. Will fix in the future. - suppress: AvoidAdditionalProperties from: changes.json reason: "Change properties including the dictionary of individual property changes are dynamic types. where clause is not working on all parent fields using this property bag, hence we're suppressing the entire file for now." + - suppress: AvoidAdditionalProperties + from: policyDefinitions.json + reason: Linter rule limitation. The API has never been changed since inception. Would be a breaking change. + - suppress: AvoidAdditionalProperties + from: policyDefinitionVersions.json + reason: Linter rule limitation. The API has never been changed since inception. Would be a breaking change. + - suppress: AvoidAdditionalProperties + from: policySetDefinitions.json + reason: Linter rule limitation. The API has never been changed since inception. Would be a breaking change. + - suppress: AvoidAdditionalProperties + from: policySetDefinitionVersions.json + reason: Linter rule limitation. The API has never been changed since inception. Would be a breaking change. + - suppress: AvoidAdditionalProperties + from: policyAssignments.json + reason: Linter rule limitation. The API has never been changed since inception. Would be a breaking change. - suppress: XmsExamplesRequired from: resources.json reason: Xms Examples required is a pre-existing lint error. Not related to this version release. Will fix in the future. @@ -1399,8 +1473,8 @@ directive: reason: A 400 response from the validate endpoint indicates a validation failure and should not throw an exception. - suppress: DeleteResponseCodes from: deploymentStacks.json - reason: Deployment stacks supports synchronous delete with 200 reponse. - - supress: OperationsAPIImplementation + reason: Deployment stacks supports synchronous delete with 200 response. + - suppress: OperationsAPIImplementation from: deploymentStacks.json reason: This comes from resources.json - suppress: PathForPutOperation diff --git a/specification/resources/resource-manager/sdk-suppressions.yaml b/specification/resources/resource-manager/sdk-suppressions.yaml index 3f7208d7112a..855544d6aadf 100644 --- a/specification/resources/resource-manager/sdk-suppressions.yaml +++ b/specification/resources/resource-manager/sdk-suppressions.yaml @@ -16,4 +16,70 @@ suppressions: - Type of `DeploymentStackProperties.Parameters` has been changed from `any` to `map[string]*DeploymentParameter` - Type of `ResourceReferenceExtended.Error` has been changed from `*ErrorResponse` to `*ErrorDetail` - "`DeploymentStackProvisioningStateLocking` from enum `DeploymentStackProvisioningState` has been removed" - - "`ResourceStatusModeNone` from enum `ResourceStatusMode` has been removed" \ No newline at end of file + - "`ResourceStatusModeNone` from enum `ResourceStatusMode` has been removed" + - package: sdk/resourcemanager/resources/armpolicy + breaking-changes: + - Enum `AliasPathAttributes` has been removed + - Enum `AliasPathTokenType` has been removed + - Enum `AliasPatternType` has been removed + - Enum `AliasType` has been removed + - Enum `AssignmentScopeValidation` has been removed + - Enum `ExemptionCategory` has been removed + - Function `*ClientFactory.NewDataPolicyManifestsClient` has been removed + - Function `*ClientFactory.NewExemptionsClient` has been removed + - Function `*ClientFactory.NewVariableValuesClient` has been removed + - Function `*ClientFactory.NewVariablesClient` has been removed + - Function `NewDataPolicyManifestsClient` has been removed + - Function `*DataPolicyManifestsClient.GetByPolicyMode` has been removed + - Function `*DataPolicyManifestsClient.NewListPager` has been removed + - Function `NewExemptionsClient` has been removed + - Function `*ExemptionsClient.CreateOrUpdate` has been removed + - Function `*ExemptionsClient.Delete` has been removed + - Function `*ExemptionsClient.Get` has been removed + - Function `*ExemptionsClient.NewListForManagementGroupPager` has been removed + - Function `*ExemptionsClient.NewListForResourceGroupPager` has been removed + - Function `*ExemptionsClient.NewListForResourcePager` has been removed + - Function `*ExemptionsClient.NewListPager` has been removed + - Function `*ExemptionsClient.Update` has been removed + - Function `NewVariableValuesClient` has been removed + - Function `*VariableValuesClient.CreateOrUpdate` has been removed + - Function `*VariableValuesClient.CreateOrUpdateAtManagementGroup` has been removed + - Function `*VariableValuesClient.Delete` has been removed + - Function `*VariableValuesClient.DeleteAtManagementGroup` has been removed + - Function `*VariableValuesClient.Get` has been removed + - Function `*VariableValuesClient.GetAtManagementGroup` has been removed + - Function `*VariableValuesClient.NewListForManagementGroupPager` has been removed + - Function `*VariableValuesClient.NewListPager` has been removed + - Function `NewVariablesClient` has been removed + - Function `*VariablesClient.CreateOrUpdate` has been removed + - Function `*VariablesClient.CreateOrUpdateAtManagementGroup` has been removed + - Function `*VariablesClient.Delete` has been removed + - Function `*VariablesClient.DeleteAtManagementGroup` has been removed + - Function `*VariablesClient.Get` has been removed + - Function `*VariablesClient.GetAtManagementGroup` has been removed + - Function `*VariablesClient.NewListForManagementGroupPager` has been removed + - Function `*VariablesClient.NewListPager` has been removed + - Struct `Alias` has been removed + - Struct `AliasPath` has been removed + - Struct `AliasPathMetadata` has been removed + - Struct `AliasPattern` has been removed + - Struct `DataEffect` has been removed + - Struct `DataManifestCustomResourceFunctionDefinition` has been removed + - Struct `DataManifestResourceFunctionsDefinition` has been removed + - Struct `DataPolicyManifest` has been removed + - Struct `DataPolicyManifestListResult` has been removed + - Struct `DataPolicyManifestProperties` has been removed + - Struct `Exemption` has been removed + - Struct `ExemptionListResult` has been removed + - Struct `ExemptionProperties` has been removed + - Struct `ExemptionUpdate` has been removed + - Struct `ExemptionUpdateProperties` has been removed + - Struct `ResourceTypeAliases` has been removed + - Struct `Variable` has been removed + - Struct `VariableColumn` has been removed + - Struct `VariableListResult` has been removed + - Struct `VariableProperties` has been removed + - Struct `VariableValue` has been removed + - Struct `VariableValueColumnValue` has been removed + - Struct `VariableValueListResult` has been removed + - Struct `VariableValueProperties` has been removed \ No newline at end of file