From 7abd0f58122b70b09ac744ba5cbc04a4369fa5f2 Mon Sep 17 00:00:00 2001 From: Chris Eggert Date: Tue, 15 Sep 2020 13:37:39 -0700 Subject: [PATCH 1/5] CheckPolicyRestrictions API --- .../stable/2019-10-01/policyStates.json | 5 + .../2020-07-01/checkPolicyRestrictions.json | 320 ++++++++++++++++++ ...estrictions_CheckAtResourceGroupScope.json | 137 ++++++++ ...Restrictions_CheckAtSubscriptionScope.json | 136 ++++++++ .../policyinsights/resource-manager/readme.md | 15 + 5 files changed, 613 insertions(+) create mode 100644 specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/checkPolicyRestrictions.json create mode 100644 specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/examples/PolicyRestrictions_CheckAtResourceGroupScope.json create mode 100644 specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/examples/PolicyRestrictions_CheckAtSubscriptionScope.json diff --git a/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2019-10-01/policyStates.json b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2019-10-01/policyStates.json index aa28868c3b51..4f30ea580583 100644 --- a/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2019-10-01/policyStates.json +++ b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2019-10-01/policyStates.json @@ -1398,6 +1398,11 @@ "description": "Expression evaluated.", "type": "string" }, + "expressionKind": { + "description": "The kind of expression that was evaluated.", + "type": "string", + "readOnly": true + }, "path": { "description": "Property path if the expression is a field or an alias.", "type": "string" diff --git a/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/checkPolicyRestrictions.json b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/checkPolicyRestrictions.json new file mode 100644 index 000000000000..03de054c3e5a --- /dev/null +++ b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/checkPolicyRestrictions.json @@ -0,0 +1,320 @@ +{ + "swagger": "2.0", + "info": { + "title": "CheckPolicyRestrictionsClient", + "version": "2020-07-01" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/providers/Microsoft.PolicyInsights/checkPolicyRestrictions": { + "post": { + "operationId": "PolicyRestrictions_CheckAtSubscriptionScope", + "description": "Checks what restrictions Azure Policy will place on a resource within a subscription.", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/CheckRestrictionsRequest" + }, + "description": "The check policy restrictions parameters." + } + ], + "responses": { + "200": { + "description": "The restrictions that will be placed on the resource by Azure Policy.", + "schema": { + "$ref": "#/definitions/CheckRestrictionsResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../stable/2019-10-01/policyMetadata.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Check policy restrictions at subscription scope": { + "$ref": "./examples/PolicyRestrictions_CheckAtSubscriptionScope.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.PolicyInsights/checkPolicyRestrictions": { + "post": { + "operationId": "PolicyRestrictions_CheckAtResourceGroupScope", + "description": "Checks what restrictions Azure Policy will place on a resource within a resource group. Use this when the resource group the resource will be created in is already known.", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/CheckRestrictionsRequest" + }, + "description": "The check policy restrictions parameters." + } + ], + "responses": { + "200": { + "description": "The restrictions that will be placed on the resource by Azure Policy.", + "schema": { + "$ref": "#/definitions/CheckRestrictionsResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../stable/2019-10-01/policyMetadata.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Check policy restrictions at resource group scope": { + "$ref": "./examples/PolicyRestrictions_CheckAtResourceGroupScope.json" + } + } + } + } + }, + "definitions": { + "CheckRestrictionsRequest": { + "description": "The check policy restrictions parameters describing the resource that is being evaluated.", + "properties": { + "resourceDetails": { + "description": "The information about the resource that will be evaluated.", + "$ref": "#/definitions/CheckRestrictionsResourceDetails" + }, + "pendingFields": { + "description": "The list of fields and values that should be evaluated for potential restrictions.", + "type": "array", + "items": { + "$ref": "#/definitions/PendingField" + } + } + }, + "required": [ + "resourceDetails" + ] + }, + "CheckRestrictionsResourceDetails": { + "description": "The information about the resource that will be evaluated.", + "properties": { + "resourceContent": { + "description": "The resource content. This should include whatever properties are already known and can be a partial set of all resource properties.", + "type": "object" + }, + "apiVersion": { + "description": "The api-version of the resource content.", + "type": "string" + }, + "scope": { + "description": "The scope where the resource is being created. For example, if the resource is a child resource this would be the parent resource's resource ID.", + "type": "string" + } + }, + "required": [ + "resourceContent" + ] + }, + "PendingField": { + "description": "A field that should be evaluated against Azure Policy to determine restrictions.", + "properties": { + "field": { + "description": "The name of the field. This can be a top-level property like 'name' or 'type' or an Azure Policy field alias.", + "type": "string" + }, + "values": { + "description": "The list of potential values for the field that should be evaluated against Azure Policy.", + "type": "array", + "items": { + "type": "string" + } + } + }, + "required": [ + "field" + ] + }, + "CheckRestrictionsResult": { + "description": "The result of a check policy restrictions evaluation on a resource.", + "properties": { + "fieldRestrictions": { + "description": "The restrictions that will be placed on various fields in the resource by policy.", + "type": "array", + "items": { + "$ref": "#/definitions/FieldRestrictions" + }, + "readOnly": true + }, + "contentEvaluationResult": { + "description": "Evaluation results for the provided partial resource content.", + "properties": { + "policyEvaluations": { + "description": "Policy evaluation results against the given resource content. This will indicate if the partial content that was provided will be denied as-is.", + "type": "array", + "items": { + "$ref": "#/definitions/PolicyEvaluationResult" + } + } + }, + "readOnly": true + } + } + }, + "FieldRestrictions": { + "description": "The restrictions that will be placed on a field in the resource by policy.", + "properties": { + "field": { + "description": "The name of the field. This can be a top-level property like 'name' or 'type' or an Azure Policy field alias.", + "type": "string", + "readOnly": true + }, + "restrictions": { + "description": "The restrictions placed on that field by policy.", + "type": "array", + "items": { + "$ref": "#/definitions/FieldRestriction" + } + } + } + }, + "FieldRestriction": { + "description": "The restrictions on a field imposed by a specific policy.", + "properties": { + "result": { + "description": "The type of restriction that is imposed on the field.", + "type": "string", + "enum": [ + "Required", + "Removed", + "Deny" + ], + "x-ms-enum": { + "name": "FieldRestrictionResult", + "modelAsString": true, + "values": [ + { + "value": "Required", + "description": "The field and/or values are required by policy." + }, + { + "value": "Removed", + "description": "The field will be removed by policy." + }, + { + "value": "Deny", + "description": "The field and/or values will be denied by policy." + } + ] + }, + "readOnly": true + }, + "defaultValue": { + "description": "The value that policy will set for the field if the user does not provide a value.", + "type": "string", + "readOnly": true + }, + "values": { + "description": "The values that policy either requires or denies for the field.", + "type": "array", + "items": { + "type": "string" + }, + "readOnly": true + }, + "policy": { + "description": "The details of the policy that is causing the field restriction.", + "$ref": "#/definitions/PolicyReference", + "readOnly": true + } + } + }, + "PolicyEvaluationResult": { + "description": "The result of a non-compliant policy evaluation against the given resource content.", + "properties": { + "policyInfo": { + "description": "The details of the policy that was evaluated.", + "$ref": "#/definitions/PolicyReference", + "readOnly": true + }, + "evaluationResult": { + "description": "The result of the policy evaluation against the resource. This will typically be 'NonCompliant' but may contain other values if errors were encountered.", + "type": "string", + "readOnly": true + }, + "evaluationDetails": { + "description": "The detailed results of the policy expressions and values that were evaluated.", + "$ref": "../../stable/2019-10-01/policyStates.json#/definitions/PolicyEvaluationDetails", + "readOnly": true + } + } + }, + "PolicyReference": { + "description": "Resource identifiers for a policy.", + "properties": { + "policyDefinitionId": { + "description": "The resource identifier of the policy definition.", + "type": "string", + "readOnly": true + }, + "policySetDefinitionId": { + "description": "The resource identifier of the policy set definition.", + "type": "string", + "readOnly": true + }, + "policyDefinitionReferenceId": { + "description": "The reference identifier of a specific policy definition within a policy set definition.", + "type": "string", + "readOnly": true + }, + "policyAssignmentId": { + "description": "The resource identifier of the policy assignment.", + "type": "string", + "readOnly": true + } + } + } + } +} \ No newline at end of file diff --git a/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/examples/PolicyRestrictions_CheckAtResourceGroupScope.json b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/examples/PolicyRestrictions_CheckAtResourceGroupScope.json new file mode 100644 index 000000000000..5e21a75a34a9 --- /dev/null +++ b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/examples/PolicyRestrictions_CheckAtResourceGroupScope.json @@ -0,0 +1,137 @@ +{ + "parameters": { + "subscriptionId": "35ee058e-5fa0-414c-8145-3ebb8d09b6e2", + "resourceGroupName": "vmRg", + "api-version": "2020-07-01", + "parameters": { + "resourceDetails": { + "resourceContent": { + "type": "Microsoft.Compute/virtualMachines", + "properties": { + "priority": "Spot" + } + }, + "apiVersion": "2019-12-01" + }, + "pendingFields": [ + { + "field": "name", + "values": [ + "myVMName" + ] + }, + { + "field": "location", + "values": [ + "eastus", + "westus", + "westus2", + "westeurope" + ] + }, + { + "field": "tags" + } + ] + } + }, + "responses": { + "200": { + "headers": {}, + "body": { + "fieldRestrictions": [ + { + "field": "tags.newtag", + "restrictions": [ + { + "result": "Required", + "defaultValue": "defaultVal", + "policy": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/1D0906C3", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/57DAC8A0", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/05D92080", + "policyDefinitionReferenceId": "DefRef" + } + } + ] + }, + { + "field": "tags.environment", + "restrictions": [ + { + "result": "Required", + "values": [ + "Prod", + "Int", + "Test" + ], + "policy": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/30BD79F6", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/7EB1508A", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/735551F1", + "policyDefinitionReferenceId": "DefRef" + } + } + ] + }, + { + "field": "location", + "restrictions": [ + { + "result": "Deny", + "values": [ + "west europe" + ], + "policy": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/0711CCC1", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/1563EBD3", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/1E17783A", + "policyDefinitionReferenceId": "DefRef" + } + }, + { + "result": "Deny", + "values": [ + "eastus", + "westus" + ], + "policy": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/25C9F66B", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/5382A69D", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/392D107B", + "policyDefinitionReferenceId": "DefRef" + } + } + ] + } + ], + "contentEvaluationResult": { + "policyEvaluations": [ + { + "policyInfo": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/435CAE41", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/2162358E", + "policyDefinitionReferenceId": "defref222", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/2FF66C37" + }, + "evaluationResult": "NonCompliant", + "evaluationDetails": { + "evaluatedExpressions": [ + { + "result": "True", + "expressionKind": "field", + "expression": "type", + "path": "type", + "expressionValue": "microsoft.compute/virtualmachines", + "targetValue": "microsoft.compute/virtualmachines", + "operator": "equals" + } + ] + } + } + ] + } + } + } + } +} \ No newline at end of file diff --git a/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/examples/PolicyRestrictions_CheckAtSubscriptionScope.json b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/examples/PolicyRestrictions_CheckAtSubscriptionScope.json new file mode 100644 index 000000000000..7e2de16df1e0 --- /dev/null +++ b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/examples/PolicyRestrictions_CheckAtSubscriptionScope.json @@ -0,0 +1,136 @@ +{ + "parameters": { + "subscriptionId": "35ee058e-5fa0-414c-8145-3ebb8d09b6e2", + "api-version": "2020-07-01", + "parameters": { + "resourceDetails": { + "resourceContent": { + "type": "Microsoft.Compute/virtualMachines", + "properties": { + "priority": "Spot" + } + }, + "apiVersion": "2019-12-01" + }, + "pendingFields": [ + { + "field": "name", + "values": [ + "myVMName" + ] + }, + { + "field": "location", + "values": [ + "eastus", + "westus", + "westus2", + "westeurope" + ] + }, + { + "field": "tags" + } + ] + } + }, + "responses": { + "200": { + "headers": {}, + "body": { + "fieldRestrictions": [ + { + "field": "tags.newtag", + "restrictions": [ + { + "result": "Required", + "defaultValue": "defaultVal", + "policy": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/1D0906C3", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/57DAC8A0", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/05D92080", + "policyDefinitionReferenceId": "DefRef" + } + } + ] + }, + { + "field": "tags.environment", + "restrictions": [ + { + "result": "Required", + "values": [ + "Prod", + "Int", + "Test" + ], + "policy": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/30BD79F6", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/7EB1508A", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/735551F1", + "policyDefinitionReferenceId": "DefRef" + } + } + ] + }, + { + "field": "location", + "restrictions": [ + { + "result": "Deny", + "values": [ + "west europe" + ], + "policy": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/0711CCC1", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/1563EBD3", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/1E17783A", + "policyDefinitionReferenceId": "DefRef" + } + }, + { + "result": "Deny", + "values": [ + "eastus", + "westus" + ], + "policy": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/25C9F66B", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/5382A69D", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/392D107B", + "policyDefinitionReferenceId": "DefRef" + } + } + ] + } + ], + "contentEvaluationResult": { + "policyEvaluations": [ + { + "policyInfo": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/435CAE41", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/2162358E", + "policyDefinitionReferenceId": "defref222", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/2FF66C37" + }, + "evaluationResult": "NonCompliant", + "evaluationDetails": { + "evaluatedExpressions": [ + { + "result": "True", + "expressionKind": "field", + "expression": "type", + "path": "type", + "expressionValue": "microsoft.compute/virtualmachines", + "targetValue": "microsoft.compute/virtualmachines", + "operator": "equals" + } + ] + } + } + ] + } + } + } + } +} \ No newline at end of file diff --git a/specification/policyinsights/resource-manager/readme.md b/specification/policyinsights/resource-manager/readme.md index c6dcf11c08eb..29926a85511c 100644 --- a/specification/policyinsights/resource-manager/readme.md +++ b/specification/policyinsights/resource-manager/readme.md @@ -66,6 +66,20 @@ directive: where: - $.paths["/providers/Microsoft.PolicyInsights/operations"].get + - suppress: PostOperationIdContainsUrlVerb + reason: The operation can be performed at multiple scopes. The operationId needs to indicate the scope. + where: + - $.paths["/subscriptions/{subscriptionId}/providers/Microsoft.PolicyInsights/policyStates/latest/triggerEvaluation"].post.operationId + - $.paths["/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.PolicyInsights/policyStates/latest/triggerEvaluation"].post.operationId + - $.paths["/subscriptions/{subscriptionId}/providers/Microsoft.PolicyInsights/checkPolicyRestrictions"].post.operationId + - $.paths["/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.PolicyInsights/checkPolicyRestrictions"].post.operationId + + - suppress: ListInOperationName + reason: The result is an object that contains two arrays, it is not a top level list nor what would be considered a list operation. + where: + - $.paths["/subscriptions/{subscriptionId}/providers/Microsoft.PolicyInsights/checkPolicyRestrictions"].post.operationId + - $.paths["/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.PolicyInsights/checkPolicyRestrictions"].post.operationId + ``` ### Tag: package-2019-10 @@ -79,6 +93,7 @@ input-file: - Microsoft.PolicyInsights/stable/2019-10-01/policyEvents.json - Microsoft.PolicyInsights/stable/2019-10-01/policyStates.json - Microsoft.PolicyInsights/stable/2019-10-01/policyMetadata.json +- Microsoft.PolicyInsights/stable/2020-07-01/checkPolicyRestrictions.json ``` From 1144249e38328c6892ac246382220254c63249af Mon Sep 17 00:00:00 2001 From: Chris Eggert Date: Tue, 15 Sep 2020 13:44:01 -0700 Subject: [PATCH 2/5] Run prettier --- .../2020-07-01/checkPolicyRestrictions.json | 612 +++++++++--------- ...estrictions_CheckAtResourceGroupScope.json | 260 ++++---- ...Restrictions_CheckAtSubscriptionScope.json | 258 ++++---- 3 files changed, 565 insertions(+), 565 deletions(-) diff --git a/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/checkPolicyRestrictions.json b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/checkPolicyRestrictions.json index 03de054c3e5a..f1bf4d7106fd 100644 --- a/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/checkPolicyRestrictions.json +++ b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/checkPolicyRestrictions.json @@ -1,320 +1,320 @@ { - "swagger": "2.0", - "info": { - "title": "CheckPolicyRestrictionsClient", - "version": "2020-07-01" - }, - "host": "management.azure.com", - "schemes": [ - "https" - ], - "produces": [ - "application/json" - ], - "security": [ - { - "azure_auth": [ - "user_impersonation" - ] + "swagger": "2.0", + "info": { + "title": "CheckPolicyRestrictionsClient", + "version": "2020-07-01" + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" } - ], - "securityDefinitions": { - "azure_auth": { - "type": "oauth2", - "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", - "flow": "implicit", - "description": "Azure Active Directory OAuth2 Flow", - "scopes": { - "user_impersonation": "impersonate your user account" - } - } - }, - "paths": { - "/subscriptions/{subscriptionId}/providers/Microsoft.PolicyInsights/checkPolicyRestrictions": { - "post": { - "operationId": "PolicyRestrictions_CheckAtSubscriptionScope", - "description": "Checks what restrictions Azure Policy will place on a resource within a subscription.", - "parameters": [ - { - "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" - }, - { - "name": "parameters", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/CheckRestrictionsRequest" - }, - "description": "The check policy restrictions parameters." - } - ], - "responses": { - "200": { - "description": "The restrictions that will be placed on the resource by Azure Policy.", - "schema": { - "$ref": "#/definitions/CheckRestrictionsResult" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../stable/2019-10-01/policyMetadata.json#/definitions/ErrorResponse" - } - } + } + }, + "paths": { + "/subscriptions/{subscriptionId}/providers/Microsoft.PolicyInsights/checkPolicyRestrictions": { + "post": { + "operationId": "PolicyRestrictions_CheckAtSubscriptionScope", + "description": "Checks what restrictions Azure Policy will place on a resource within a subscription.", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/CheckRestrictionsRequest" }, - "x-ms-examples": { - "Check policy restrictions at subscription scope": { - "$ref": "./examples/PolicyRestrictions_CheckAtSubscriptionScope.json" - } + "description": "The check policy restrictions parameters." + } + ], + "responses": { + "200": { + "description": "The restrictions that will be placed on the resource by Azure Policy.", + "schema": { + "$ref": "#/definitions/CheckRestrictionsResult" } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.PolicyInsights/checkPolicyRestrictions": { - "post": { - "operationId": "PolicyRestrictions_CheckAtResourceGroupScope", - "description": "Checks what restrictions Azure Policy will place on a resource within a resource group. Use this when the resource group the resource will be created in is already known.", - "parameters": [ - { - "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" - }, - { - "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" - }, - { - "name": "parameters", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/CheckRestrictionsRequest" - }, - "description": "The check policy restrictions parameters." - } - ], - "responses": { - "200": { - "description": "The restrictions that will be placed on the resource by Azure Policy.", - "schema": { - "$ref": "#/definitions/CheckRestrictionsResult" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../stable/2019-10-01/policyMetadata.json#/definitions/ErrorResponse" - } - } - }, - "x-ms-examples": { - "Check policy restrictions at resource group scope": { - "$ref": "./examples/PolicyRestrictions_CheckAtResourceGroupScope.json" - } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../stable/2019-10-01/policyMetadata.json#/definitions/ErrorResponse" } - } + } + }, + "x-ms-examples": { + "Check policy restrictions at subscription scope": { + "$ref": "./examples/PolicyRestrictions_CheckAtSubscriptionScope.json" + } + } } - }, - "definitions": { - "CheckRestrictionsRequest": { - "description": "The check policy restrictions parameters describing the resource that is being evaluated.", - "properties": { - "resourceDetails": { - "description": "The information about the resource that will be evaluated.", - "$ref": "#/definitions/CheckRestrictionsResourceDetails" - }, - "pendingFields": { - "description": "The list of fields and values that should be evaluated for potential restrictions.", - "type": "array", - "items": { - "$ref": "#/definitions/PendingField" - } - } - }, - "required": [ - "resourceDetails" - ] - }, - "CheckRestrictionsResourceDetails": { - "description": "The information about the resource that will be evaluated.", - "properties": { - "resourceContent": { - "description": "The resource content. This should include whatever properties are already known and can be a partial set of all resource properties.", - "type": "object" + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.PolicyInsights/checkPolicyRestrictions": { + "post": { + "operationId": "PolicyRestrictions_CheckAtResourceGroupScope", + "description": "Checks what restrictions Azure Policy will place on a resource within a resource group. Use this when the resource group the resource will be created in is already known.", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/CheckRestrictionsRequest" }, - "apiVersion": { - "description": "The api-version of the resource content.", - "type": "string" - }, - "scope": { - "description": "The scope where the resource is being created. For example, if the resource is a child resource this would be the parent resource's resource ID.", - "type": "string" + "description": "The check policy restrictions parameters." + } + ], + "responses": { + "200": { + "description": "The restrictions that will be placed on the resource by Azure Policy.", + "schema": { + "$ref": "#/definitions/CheckRestrictionsResult" } - }, - "required": [ - "resourceContent" - ] - }, - "PendingField": { - "description": "A field that should be evaluated against Azure Policy to determine restrictions.", - "properties": { - "field": { - "description": "The name of the field. This can be a top-level property like 'name' or 'type' or an Azure Policy field alias.", - "type": "string" - }, - "values": { - "description": "The list of potential values for the field that should be evaluated against Azure Policy.", - "type": "array", - "items": { - "type": "string" - } - } - }, - "required": [ - "field" - ] - }, - "CheckRestrictionsResult": { - "description": "The result of a check policy restrictions evaluation on a resource.", - "properties": { - "fieldRestrictions": { - "description": "The restrictions that will be placed on various fields in the resource by policy.", - "type": "array", - "items": { - "$ref": "#/definitions/FieldRestrictions" - }, - "readOnly": true - }, - "contentEvaluationResult": { - "description": "Evaluation results for the provided partial resource content.", - "properties": { - "policyEvaluations": { - "description": "Policy evaluation results against the given resource content. This will indicate if the partial content that was provided will be denied as-is.", - "type": "array", - "items": { - "$ref": "#/definitions/PolicyEvaluationResult" - } - } - }, - "readOnly": true - } - } - }, - "FieldRestrictions": { - "description": "The restrictions that will be placed on a field in the resource by policy.", - "properties": { - "field": { - "description": "The name of the field. This can be a top-level property like 'name' or 'type' or an Azure Policy field alias.", - "type": "string", - "readOnly": true - }, - "restrictions": { - "description": "The restrictions placed on that field by policy.", - "type": "array", - "items": { - "$ref": "#/definitions/FieldRestriction" - } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "../../stable/2019-10-01/policyMetadata.json#/definitions/ErrorResponse" } - } + } + }, + "x-ms-examples": { + "Check policy restrictions at resource group scope": { + "$ref": "./examples/PolicyRestrictions_CheckAtResourceGroupScope.json" + } + } + } + } + }, + "definitions": { + "CheckRestrictionsRequest": { + "description": "The check policy restrictions parameters describing the resource that is being evaluated.", + "properties": { + "resourceDetails": { + "description": "The information about the resource that will be evaluated.", + "$ref": "#/definitions/CheckRestrictionsResourceDetails" + }, + "pendingFields": { + "description": "The list of fields and values that should be evaluated for potential restrictions.", + "type": "array", + "items": { + "$ref": "#/definitions/PendingField" + } + } }, - "FieldRestriction": { - "description": "The restrictions on a field imposed by a specific policy.", - "properties": { - "result": { - "description": "The type of restriction that is imposed on the field.", - "type": "string", - "enum": [ - "Required", - "Removed", - "Deny" - ], - "x-ms-enum": { - "name": "FieldRestrictionResult", - "modelAsString": true, - "values": [ - { - "value": "Required", - "description": "The field and/or values are required by policy." - }, - { - "value": "Removed", - "description": "The field will be removed by policy." - }, - { - "value": "Deny", - "description": "The field and/or values will be denied by policy." - } - ] - }, - "readOnly": true - }, - "defaultValue": { - "description": "The value that policy will set for the field if the user does not provide a value.", - "type": "string", - "readOnly": true - }, - "values": { - "description": "The values that policy either requires or denies for the field.", - "type": "array", - "items": { - "type": "string" - }, - "readOnly": true - }, - "policy": { - "description": "The details of the policy that is causing the field restriction.", - "$ref": "#/definitions/PolicyReference", - "readOnly": true - } - } + "required": [ + "resourceDetails" + ] + }, + "CheckRestrictionsResourceDetails": { + "description": "The information about the resource that will be evaluated.", + "properties": { + "resourceContent": { + "description": "The resource content. This should include whatever properties are already known and can be a partial set of all resource properties.", + "type": "object" + }, + "apiVersion": { + "description": "The api-version of the resource content.", + "type": "string" + }, + "scope": { + "description": "The scope where the resource is being created. For example, if the resource is a child resource this would be the parent resource's resource ID.", + "type": "string" + } }, - "PolicyEvaluationResult": { - "description": "The result of a non-compliant policy evaluation against the given resource content.", - "properties": { - "policyInfo": { - "description": "The details of the policy that was evaluated.", - "$ref": "#/definitions/PolicyReference", - "readOnly": true - }, - "evaluationResult": { - "description": "The result of the policy evaluation against the resource. This will typically be 'NonCompliant' but may contain other values if errors were encountered.", - "type": "string", - "readOnly": true - }, - "evaluationDetails": { - "description": "The detailed results of the policy expressions and values that were evaluated.", - "$ref": "../../stable/2019-10-01/policyStates.json#/definitions/PolicyEvaluationDetails", - "readOnly": true - } - } + "required": [ + "resourceContent" + ] + }, + "PendingField": { + "description": "A field that should be evaluated against Azure Policy to determine restrictions.", + "properties": { + "field": { + "description": "The name of the field. This can be a top-level property like 'name' or 'type' or an Azure Policy field alias.", + "type": "string" + }, + "values": { + "description": "The list of potential values for the field that should be evaluated against Azure Policy.", + "type": "array", + "items": { + "type": "string" + } + } }, - "PolicyReference": { - "description": "Resource identifiers for a policy.", - "properties": { - "policyDefinitionId": { - "description": "The resource identifier of the policy definition.", - "type": "string", - "readOnly": true - }, - "policySetDefinitionId": { - "description": "The resource identifier of the policy set definition.", - "type": "string", - "readOnly": true - }, - "policyDefinitionReferenceId": { - "description": "The reference identifier of a specific policy definition within a policy set definition.", - "type": "string", - "readOnly": true - }, - "policyAssignmentId": { - "description": "The resource identifier of the policy assignment.", - "type": "string", - "readOnly": true + "required": [ + "field" + ] + }, + "CheckRestrictionsResult": { + "description": "The result of a check policy restrictions evaluation on a resource.", + "properties": { + "fieldRestrictions": { + "description": "The restrictions that will be placed on various fields in the resource by policy.", + "type": "array", + "items": { + "$ref": "#/definitions/FieldRestrictions" + }, + "readOnly": true + }, + "contentEvaluationResult": { + "description": "Evaluation results for the provided partial resource content.", + "properties": { + "policyEvaluations": { + "description": "Policy evaluation results against the given resource content. This will indicate if the partial content that was provided will be denied as-is.", + "type": "array", + "items": { + "$ref": "#/definitions/PolicyEvaluationResult" + } } - } + }, + "readOnly": true + } + } + }, + "FieldRestrictions": { + "description": "The restrictions that will be placed on a field in the resource by policy.", + "properties": { + "field": { + "description": "The name of the field. This can be a top-level property like 'name' or 'type' or an Azure Policy field alias.", + "type": "string", + "readOnly": true + }, + "restrictions": { + "description": "The restrictions placed on that field by policy.", + "type": "array", + "items": { + "$ref": "#/definitions/FieldRestriction" + } + } + } + }, + "FieldRestriction": { + "description": "The restrictions on a field imposed by a specific policy.", + "properties": { + "result": { + "description": "The type of restriction that is imposed on the field.", + "type": "string", + "enum": [ + "Required", + "Removed", + "Deny" + ], + "x-ms-enum": { + "name": "FieldRestrictionResult", + "modelAsString": true, + "values": [ + { + "value": "Required", + "description": "The field and/or values are required by policy." + }, + { + "value": "Removed", + "description": "The field will be removed by policy." + }, + { + "value": "Deny", + "description": "The field and/or values will be denied by policy." + } + ] + }, + "readOnly": true + }, + "defaultValue": { + "description": "The value that policy will set for the field if the user does not provide a value.", + "type": "string", + "readOnly": true + }, + "values": { + "description": "The values that policy either requires or denies for the field.", + "type": "array", + "items": { + "type": "string" + }, + "readOnly": true + }, + "policy": { + "description": "The details of the policy that is causing the field restriction.", + "$ref": "#/definitions/PolicyReference", + "readOnly": true + } + } + }, + "PolicyEvaluationResult": { + "description": "The result of a non-compliant policy evaluation against the given resource content.", + "properties": { + "policyInfo": { + "description": "The details of the policy that was evaluated.", + "$ref": "#/definitions/PolicyReference", + "readOnly": true + }, + "evaluationResult": { + "description": "The result of the policy evaluation against the resource. This will typically be 'NonCompliant' but may contain other values if errors were encountered.", + "type": "string", + "readOnly": true + }, + "evaluationDetails": { + "description": "The detailed results of the policy expressions and values that were evaluated.", + "$ref": "../../stable/2019-10-01/policyStates.json#/definitions/PolicyEvaluationDetails", + "readOnly": true + } + } + }, + "PolicyReference": { + "description": "Resource identifiers for a policy.", + "properties": { + "policyDefinitionId": { + "description": "The resource identifier of the policy definition.", + "type": "string", + "readOnly": true + }, + "policySetDefinitionId": { + "description": "The resource identifier of the policy set definition.", + "type": "string", + "readOnly": true + }, + "policyDefinitionReferenceId": { + "description": "The reference identifier of a specific policy definition within a policy set definition.", + "type": "string", + "readOnly": true + }, + "policyAssignmentId": { + "description": "The resource identifier of the policy assignment.", + "type": "string", + "readOnly": true + } } - } -} \ No newline at end of file + } + } +} diff --git a/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/examples/PolicyRestrictions_CheckAtResourceGroupScope.json b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/examples/PolicyRestrictions_CheckAtResourceGroupScope.json index 5e21a75a34a9..d90062bfc1bf 100644 --- a/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/examples/PolicyRestrictions_CheckAtResourceGroupScope.json +++ b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/examples/PolicyRestrictions_CheckAtResourceGroupScope.json @@ -1,137 +1,137 @@ { - "parameters": { - "subscriptionId": "35ee058e-5fa0-414c-8145-3ebb8d09b6e2", - "resourceGroupName": "vmRg", - "api-version": "2020-07-01", - "parameters": { - "resourceDetails": { - "resourceContent": { - "type": "Microsoft.Compute/virtualMachines", - "properties": { - "priority": "Spot" - } - }, - "apiVersion": "2019-12-01" - }, - "pendingFields": [ - { - "field": "name", - "values": [ - "myVMName" - ] - }, - { - "field": "location", - "values": [ + "parameters": { + "subscriptionId": "35ee058e-5fa0-414c-8145-3ebb8d09b6e2", + "resourceGroupName": "vmRg", + "api-version": "2020-07-01", + "parameters": { + "resourceDetails": { + "resourceContent": { + "type": "Microsoft.Compute/virtualMachines", + "properties": { + "priority": "Spot" + } + }, + "apiVersion": "2019-12-01" + }, + "pendingFields": [ + { + "field": "name", + "values": [ + "myVMName" + ] + }, + { + "field": "location", + "values": [ + "eastus", + "westus", + "westus2", + "westeurope" + ] + }, + { + "field": "tags" + } + ] + } + }, + "responses": { + "200": { + "headers": {}, + "body": { + "fieldRestrictions": [ + { + "field": "tags.newtag", + "restrictions": [ + { + "result": "Required", + "defaultValue": "defaultVal", + "policy": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/1D0906C3", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/57DAC8A0", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/05D92080", + "policyDefinitionReferenceId": "DefRef" + } + } + ] + }, + { + "field": "tags.environment", + "restrictions": [ + { + "result": "Required", + "values": [ + "Prod", + "Int", + "Test" + ], + "policy": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/30BD79F6", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/7EB1508A", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/735551F1", + "policyDefinitionReferenceId": "DefRef" + } + } + ] + }, + { + "field": "location", + "restrictions": [ + { + "result": "Deny", + "values": [ + "west europe" + ], + "policy": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/0711CCC1", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/1563EBD3", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/1E17783A", + "policyDefinitionReferenceId": "DefRef" + } + }, + { + "result": "Deny", + "values": [ "eastus", - "westus", - "westus2", - "westeurope" - ] - }, + "westus" + ], + "policy": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/25C9F66B", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/5382A69D", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/392D107B", + "policyDefinitionReferenceId": "DefRef" + } + } + ] + } + ], + "contentEvaluationResult": { + "policyEvaluations": [ { - "field": "tags" - } - ] - } - }, - "responses": { - "200": { - "headers": {}, - "body": { - "fieldRestrictions": [ - { - "field": "tags.newtag", - "restrictions": [ - { - "result": "Required", - "defaultValue": "defaultVal", - "policy": { - "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/1D0906C3", - "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/57DAC8A0", - "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/05D92080", - "policyDefinitionReferenceId": "DefRef" - } - } - ] - }, - { - "field": "tags.environment", - "restrictions": [ - { - "result": "Required", - "values": [ - "Prod", - "Int", - "Test" - ], - "policy": { - "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/30BD79F6", - "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/7EB1508A", - "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/735551F1", - "policyDefinitionReferenceId": "DefRef" - } - } - ] - }, - { - "field": "location", - "restrictions": [ - { - "result": "Deny", - "values": [ - "west europe" - ], - "policy": { - "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/0711CCC1", - "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/1563EBD3", - "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/1E17783A", - "policyDefinitionReferenceId": "DefRef" - } - }, - { - "result": "Deny", - "values": [ - "eastus", - "westus" - ], - "policy": { - "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/25C9F66B", - "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/5382A69D", - "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/392D107B", - "policyDefinitionReferenceId": "DefRef" - } - } - ] - } - ], - "contentEvaluationResult": { - "policyEvaluations": [ + "policyInfo": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/435CAE41", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/2162358E", + "policyDefinitionReferenceId": "defref222", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/2FF66C37" + }, + "evaluationResult": "NonCompliant", + "evaluationDetails": { + "evaluatedExpressions": [ { - "policyInfo": { - "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/435CAE41", - "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/2162358E", - "policyDefinitionReferenceId": "defref222", - "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/2FF66C37" - }, - "evaluationResult": "NonCompliant", - "evaluationDetails": { - "evaluatedExpressions": [ - { - "result": "True", - "expressionKind": "field", - "expression": "type", - "path": "type", - "expressionValue": "microsoft.compute/virtualmachines", - "targetValue": "microsoft.compute/virtualmachines", - "operator": "equals" - } - ] - } + "result": "True", + "expressionKind": "field", + "expression": "type", + "path": "type", + "expressionValue": "microsoft.compute/virtualmachines", + "targetValue": "microsoft.compute/virtualmachines", + "operator": "equals" } - ] + ] + } } - } + ] + } } - } -} \ No newline at end of file + } + } +} diff --git a/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/examples/PolicyRestrictions_CheckAtSubscriptionScope.json b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/examples/PolicyRestrictions_CheckAtSubscriptionScope.json index 7e2de16df1e0..fd0e34342f3f 100644 --- a/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/examples/PolicyRestrictions_CheckAtSubscriptionScope.json +++ b/specification/policyinsights/resource-manager/Microsoft.PolicyInsights/stable/2020-07-01/examples/PolicyRestrictions_CheckAtSubscriptionScope.json @@ -1,136 +1,136 @@ { - "parameters": { - "subscriptionId": "35ee058e-5fa0-414c-8145-3ebb8d09b6e2", - "api-version": "2020-07-01", - "parameters": { - "resourceDetails": { - "resourceContent": { - "type": "Microsoft.Compute/virtualMachines", - "properties": { - "priority": "Spot" - } - }, - "apiVersion": "2019-12-01" - }, - "pendingFields": [ - { - "field": "name", - "values": [ - "myVMName" - ] - }, - { - "field": "location", - "values": [ + "parameters": { + "subscriptionId": "35ee058e-5fa0-414c-8145-3ebb8d09b6e2", + "api-version": "2020-07-01", + "parameters": { + "resourceDetails": { + "resourceContent": { + "type": "Microsoft.Compute/virtualMachines", + "properties": { + "priority": "Spot" + } + }, + "apiVersion": "2019-12-01" + }, + "pendingFields": [ + { + "field": "name", + "values": [ + "myVMName" + ] + }, + { + "field": "location", + "values": [ + "eastus", + "westus", + "westus2", + "westeurope" + ] + }, + { + "field": "tags" + } + ] + } + }, + "responses": { + "200": { + "headers": {}, + "body": { + "fieldRestrictions": [ + { + "field": "tags.newtag", + "restrictions": [ + { + "result": "Required", + "defaultValue": "defaultVal", + "policy": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/1D0906C3", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/57DAC8A0", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/05D92080", + "policyDefinitionReferenceId": "DefRef" + } + } + ] + }, + { + "field": "tags.environment", + "restrictions": [ + { + "result": "Required", + "values": [ + "Prod", + "Int", + "Test" + ], + "policy": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/30BD79F6", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/7EB1508A", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/735551F1", + "policyDefinitionReferenceId": "DefRef" + } + } + ] + }, + { + "field": "location", + "restrictions": [ + { + "result": "Deny", + "values": [ + "west europe" + ], + "policy": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/0711CCC1", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/1563EBD3", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/1E17783A", + "policyDefinitionReferenceId": "DefRef" + } + }, + { + "result": "Deny", + "values": [ "eastus", - "westus", - "westus2", - "westeurope" - ] - }, + "westus" + ], + "policy": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/25C9F66B", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/5382A69D", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/392D107B", + "policyDefinitionReferenceId": "DefRef" + } + } + ] + } + ], + "contentEvaluationResult": { + "policyEvaluations": [ { - "field": "tags" - } - ] - } - }, - "responses": { - "200": { - "headers": {}, - "body": { - "fieldRestrictions": [ - { - "field": "tags.newtag", - "restrictions": [ - { - "result": "Required", - "defaultValue": "defaultVal", - "policy": { - "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/1D0906C3", - "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/57DAC8A0", - "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/05D92080", - "policyDefinitionReferenceId": "DefRef" - } - } - ] - }, - { - "field": "tags.environment", - "restrictions": [ - { - "result": "Required", - "values": [ - "Prod", - "Int", - "Test" - ], - "policy": { - "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/30BD79F6", - "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/7EB1508A", - "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/735551F1", - "policyDefinitionReferenceId": "DefRef" - } - } - ] - }, - { - "field": "location", - "restrictions": [ - { - "result": "Deny", - "values": [ - "west europe" - ], - "policy": { - "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/0711CCC1", - "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/1563EBD3", - "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/1E17783A", - "policyDefinitionReferenceId": "DefRef" - } - }, - { - "result": "Deny", - "values": [ - "eastus", - "westus" - ], - "policy": { - "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/25C9F66B", - "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/5382A69D", - "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/392D107B", - "policyDefinitionReferenceId": "DefRef" - } - } - ] - } - ], - "contentEvaluationResult": { - "policyEvaluations": [ + "policyInfo": { + "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/435CAE41", + "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/2162358E", + "policyDefinitionReferenceId": "defref222", + "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/2FF66C37" + }, + "evaluationResult": "NonCompliant", + "evaluationDetails": { + "evaluatedExpressions": [ { - "policyInfo": { - "policyDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyDefinitions/435CAE41", - "policySetDefinitionId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policySetDefinitions/2162358E", - "policyDefinitionReferenceId": "defref222", - "policyAssignmentId": "/subscriptions/d8db6de6-2b96-46af-b825-07aef2033c0b/providers/microsoft.authorization/policyAssignments/2FF66C37" - }, - "evaluationResult": "NonCompliant", - "evaluationDetails": { - "evaluatedExpressions": [ - { - "result": "True", - "expressionKind": "field", - "expression": "type", - "path": "type", - "expressionValue": "microsoft.compute/virtualmachines", - "targetValue": "microsoft.compute/virtualmachines", - "operator": "equals" - } - ] - } + "result": "True", + "expressionKind": "field", + "expression": "type", + "path": "type", + "expressionValue": "microsoft.compute/virtualmachines", + "targetValue": "microsoft.compute/virtualmachines", + "operator": "equals" } - ] + ] + } } - } + ] + } } - } -} \ No newline at end of file + } + } +} From 2ce955a353a54caa31852cdee8b3fa12ba8c023a Mon Sep 17 00:00:00 2001 From: Chris Eggert Date: Mon, 16 Nov 2020 11:37:28 -0800 Subject: [PATCH 3/5] Increment package version --- .../readme.azureresourceschema.md | 12 +++++++ .../resource-manager/readme.go.md | 11 +++++++ .../policyinsights/resource-manager/readme.md | 32 ++++++++++++++++++- 3 files changed, 54 insertions(+), 1 deletion(-) diff --git a/specification/policyinsights/resource-manager/readme.azureresourceschema.md b/specification/policyinsights/resource-manager/readme.azureresourceschema.md index 7bf614fc2a2a..6f29372463f3 100644 --- a/specification/policyinsights/resource-manager/readme.azureresourceschema.md +++ b/specification/policyinsights/resource-manager/readme.azureresourceschema.md @@ -6,6 +6,7 @@ These settings apply only when `--azureresourceschema` is specified on the comma ``` yaml $(azureresourceschema) && $(multiapi) batch: + - tag: schema-policyinsights-2020-07-01 - tag: schema-policyinsights-2019-10-01 - tag: schema-policyinsights-2019-07-01 - tag: schema-policyinsights-2018-07-01-preview @@ -15,6 +16,17 @@ batch: Please also specify `--azureresourceschema-folder=`. +### Tag: schema-policyinsights-2020-07-01 and azureresourceschema + +``` yaml $(tag) == 'schema-policyinsights-2020-07-01' && $(azureresourceschema) +output-folder: $(azureresourceschema-folder)/schemas + +# all the input files in this apiVersion +input-file: + - Microsoft.PolicyInsights/stable/2020-07-01/checkPolicyRestrictions.json + +``` + ### Tag: schema-policyinsights-2019-10-01 and azureresourceschema ``` yaml $(tag) == 'schema-policyinsights-2019-10-01' && $(azureresourceschema) diff --git a/specification/policyinsights/resource-manager/readme.go.md b/specification/policyinsights/resource-manager/readme.go.md index 249c80b4f08a..d8a65fc72804 100644 --- a/specification/policyinsights/resource-manager/readme.go.md +++ b/specification/policyinsights/resource-manager/readme.go.md @@ -13,10 +13,21 @@ go: ``` yaml $(go) && $(multiapi) batch: + - tag: package-2020-07 - tag: package-2019-10 - tag: package-2018-07 - tag: package-2018-04 ``` + +### Tag: package-2020-07 and go + +These settings apply only when `--tag=package-2020-07 --go` is specified on the command line. +Please also specify `--go-sdk-folder=`. + +``` yaml $(tag) == 'package-2020-07' && $(go) +output-folder: $(go-sdk-folder)/services/preview/$(namespace)/mgmt/2020-07-01-preview/$(namespace) +``` + ### Tag: package-2019-10 and go These settings apply only when `--tag=package-2019-10 --go` is specified on the command line. diff --git a/specification/policyinsights/resource-manager/readme.md b/specification/policyinsights/resource-manager/readme.md index 07feb56e1e2f..01f2408a3405 100644 --- a/specification/policyinsights/resource-manager/readme.md +++ b/specification/policyinsights/resource-manager/readme.md @@ -27,7 +27,7 @@ These are the global settings for the PolicyInsights API. ``` yaml title: PolicyInsightsClient openapi-type: arm -tag: package-2019-10 +tag: package-2020-07 ``` ### Validations @@ -82,6 +82,21 @@ directive: ``` +### Tag: package-2020-07 + +These settings apply only when `--tag=package-2020-07` is specified on the command line. + +``` yaml $(tag) == 'package-2020-07' +input-file: +- Microsoft.PolicyInsights/preview/2018-07-01-preview/policyTrackedResources.json +- Microsoft.PolicyInsights/stable/2019-07-01/remediations.json +- Microsoft.PolicyInsights/stable/2019-10-01/policyEvents.json +- Microsoft.PolicyInsights/stable/2019-10-01/policyStates.json +- Microsoft.PolicyInsights/stable/2019-10-01/policyMetadata.json +- Microsoft.PolicyInsights/stable/2020-07-01/checkPolicyRestrictions.json +``` + + ### Tag: package-2019-10 These settings apply only when `--tag=package-2019-10` is specified on the command line. @@ -206,11 +221,26 @@ output-folder: $(azure-libraries-for-java-folder)/azure-mgmt-policyinsights ``` yaml $(java) && $(multiapi) batch: + - tag: package-2020-07 - tag: package-2019-10 - tag: package-2018-07 - tag: package-2018-04 ``` +### Tag: package-2020-07 and java + +These settings apply only when `--tag=package-2020-07 --java` is specified on the command line. +Please also specify `--azure-libraries-for-java-folder=`. + +``` yaml $(tag) == 'package-2020-07' && $(java) +java: + namespace: com.microsoft.azure.management.policyinsights.v2020_07_01 + output-folder: $(azure-libraries-for-java-folder)/sdk/policyinsights/mgmt-v2020_07_01 +regenerate-manager: true +generate-interface: true +``` + + ### Tag: package-2019-10 and java These settings apply only when `--tag=package-2019-10 --java` is specified on the command line. From 7dd574863c08d4474a88ac13c2e91ff53ec98691 Mon Sep 17 00:00:00 2001 From: Chris Eggert Date: Mon, 16 Nov 2020 12:23:40 -0800 Subject: [PATCH 4/5] Remove from old tag --- specification/policyinsights/resource-manager/readme.md | 1 - 1 file changed, 1 deletion(-) diff --git a/specification/policyinsights/resource-manager/readme.md b/specification/policyinsights/resource-manager/readme.md index 01f2408a3405..b1d0f80cbca2 100644 --- a/specification/policyinsights/resource-manager/readme.md +++ b/specification/policyinsights/resource-manager/readme.md @@ -108,7 +108,6 @@ input-file: - Microsoft.PolicyInsights/stable/2019-10-01/policyEvents.json - Microsoft.PolicyInsights/stable/2019-10-01/policyStates.json - Microsoft.PolicyInsights/stable/2019-10-01/policyMetadata.json -- Microsoft.PolicyInsights/stable/2020-07-01/checkPolicyRestrictions.json ``` From bfd00ba0e23814b7914d4b93ccea127ed6498861 Mon Sep 17 00:00:00 2001 From: Chris Eggert Date: Tue, 17 Nov 2020 09:58:46 -0800 Subject: [PATCH 5/5] Remove suppression --- specification/policyinsights/resource-manager/readme.md | 6 ------ 1 file changed, 6 deletions(-) diff --git a/specification/policyinsights/resource-manager/readme.md b/specification/policyinsights/resource-manager/readme.md index b1d0f80cbca2..666f3b6efd0f 100644 --- a/specification/policyinsights/resource-manager/readme.md +++ b/specification/policyinsights/resource-manager/readme.md @@ -74,12 +74,6 @@ directive: - $.paths["/subscriptions/{subscriptionId}/providers/Microsoft.PolicyInsights/checkPolicyRestrictions"].post.operationId - $.paths["/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.PolicyInsights/checkPolicyRestrictions"].post.operationId - - suppress: ListInOperationName - reason: The result is an object that contains two arrays, it is not a top level list nor what would be considered a list operation. - where: - - $.paths["/subscriptions/{subscriptionId}/providers/Microsoft.PolicyInsights/checkPolicyRestrictions"].post.operationId - - $.paths["/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.PolicyInsights/checkPolicyRestrictions"].post.operationId - ``` ### Tag: package-2020-07