diff --git a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/examples/DeleteRoleDefinition-example.json b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/examples/DeleteRoleDefinition-example.json new file mode 100644 index 000000000000..d707b2b24e5a --- /dev/null +++ b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/examples/DeleteRoleDefinition-example.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "vaultBaseUrl": "https://myvault.vault.azure.net/", + "scope": "", + "api-version": "7.2-preview", + "roleDefinitionName": "00000000-0000-0000-0000-000000000000" + }, + "responses": { + "200": { + "body": { + "properties": { + "roleName": "My custom role", + "type": "CustomRole", + "description": "Role description", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "dataActions": [ "Microsoft.KeyVault/managedHsm/keys/sign/action" ], + } + ] + }, + "id": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/00000000-0000-0000-0000-000000000000", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "00000000-0000-0000-0000-000000000000" + } + } + } +} \ No newline at end of file diff --git a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/examples/GetRoleDefinition-example.json b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/examples/GetRoleDefinition-example.json new file mode 100644 index 000000000000..d707b2b24e5a --- /dev/null +++ b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/examples/GetRoleDefinition-example.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "vaultBaseUrl": "https://myvault.vault.azure.net/", + "scope": "", + "api-version": "7.2-preview", + "roleDefinitionName": "00000000-0000-0000-0000-000000000000" + }, + "responses": { + "200": { + "body": { + "properties": { + "roleName": "My custom role", + "type": "CustomRole", + "description": "Role description", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "dataActions": [ "Microsoft.KeyVault/managedHsm/keys/sign/action" ], + } + ] + }, + "id": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/00000000-0000-0000-0000-000000000000", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "00000000-0000-0000-0000-000000000000" + } + } + } +} \ No newline at end of file diff --git a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/examples/PutRoleDefinition-example.json b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/examples/PutRoleDefinition-example.json new file mode 100644 index 000000000000..473984477f83 --- /dev/null +++ b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/examples/PutRoleDefinition-example.json @@ -0,0 +1,43 @@ +{ + "parameters": { + "vaultBaseUrl": "https://myvault.vault.azure.net/", + "scope": "keys", + "roleDefinitionName": "00000000-0000-0000-0000-000000000000", + "parameters": { + "properties": { + "roleName": "My custom role", + "type": "CustomRole", + "description": "Role description", + "permissions": [ + { + "dataActions": [ "Microsoft.KeyVault/managedHsm/keys/sign/action" ], + } + ] + } + }, + "api-version": "7.2-preview" + }, + "responses": { + "201": { + "body": { + "properties": { + "roleName": "My custom role", + "type": "CustomRole", + "description": "Role description", + "assignableScopes": [ + "/" + ], + "permissions": [ + { + "dataActions": [ "Microsoft.KeyVault/managedHsm/keys/sign/action" ], + } + ] + }, + "id": "Microsoft.KeyVault/providers/Microsoft.Authorization/roleDefinitions/00000000-0000-0000-0000-000000000000", + "type": "Microsoft.Authorization/roleDefinitions", + "name": "00000000-0000-0000-0000-000000000000" + } + } + } + } + \ No newline at end of file diff --git a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json index a15c7e1d7dfb..f5a4a9b8429a 100644 --- a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json +++ b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json @@ -27,6 +27,155 @@ "application/json" ], "paths": { + "/{scope}/providers/Microsoft.Authorization/roleDefinitions/{roleDefinitionName}": { + "delete": { + "tags": [ + "RoleDefinitions" + ], + "operationId": "RoleDefinitions_Delete", + "description": "Deletes a custom role definition.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the role definition to delete. Managed HSM only supports '/'.", + "x-ms-skip-url-encoding": true + }, + { + "name": "roleDefinitionName", + "in": "path", + "required": true, + "type": "string", + "description": "The name (GUID) of the role definition to delete." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the role definition that was deleted.", + "schema": { + "$ref": "#/definitions/RoleDefinition" + } + }, + "default": { + "description": "Key Vault error response describing why the operation failed.", + "schema": { + "$ref": "common.json#/definitions/KeyVaultError" + } + } + }, + "x-ms-examples": { + "DeleteRoleDefinition": { + "$ref": "./examples/DeleteRoleDefinition-example.json" + } + } + }, + "put": { + "tags": [ + "RoleDefinitions" + ], + "operationId": "RoleDefinitions_CreateOrUpdate", + "description": "Creates or updates a custom role definition.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the role definition to create or update. Managed HSM only supports '/'.", + "x-ms-skip-url-encoding": true + }, + { + "name": "roleDefinitionName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the role definition to create or update. It can be any valid GUID." + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/RoleDefinitionCreateParameters" + }, + "description": "Parameters for the role definition." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "201": { + "description": "Created - Returns information about the role definition.", + "schema": { + "$ref": "#/definitions/RoleDefinition" + } + }, + "default": { + "description": "Key Vault error response describing why the operation failed.", + "schema": { + "$ref": "common.json#/definitions/KeyVaultError" + } + } + }, + "x-ms-examples": { + "PutRoleDefinition": { + "$ref": "./examples/PutRoleDefinition-example.json" + } + } + }, + "get": { + "tags": [ + "RoleDefinitions" + ], + "operationId": "RoleDefinitions_Get", + "description": "Get the specified role definition.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the role definition to get. Managed HSM only supports '/'.", + "x-ms-skip-url-encoding": true + }, + { + "name": "roleDefinitionName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the role definition to get." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the role definition.", + "schema": { + "$ref": "#/definitions/RoleDefinition" + } + }, + "default": { + "description": "Key Vault error response describing why the operation failed.", + "schema": { + "$ref": "common.json#/definitions/KeyVaultError" + } + } + }, + "x-ms-examples": { + "GetRoleAssignments": { + "$ref": "./examples/GetRoleDefinition-example.json" + } + } + } + }, "/{scope}/providers/Microsoft.Authorization/roleDefinitions": { "get": { "tags": [ @@ -365,6 +514,18 @@ ], "description": "Role assignment properties." }, + "RoleDefinitionCreateParameters": { + "properties": { + "properties": { + "$ref": "#/definitions/RoleDefinitionProperties", + "description": "Role definition properties." + } + }, + "required": [ + "properties" + ], + "description": "Role definition create parameters." + }, "RoleAssignmentCreateParameters": { "properties": { "properties": {