From 44ab208b1575dd1b1d0c46351c81c7933798503d Mon Sep 17 00:00:00 2001 From: Christopher Scott Date: Tue, 12 Jan 2021 14:48:29 -0600 Subject: [PATCH 01/17] define permissions enums --- .../preview/7.2-preview/rbac.json | 84 ++++++++++++++++++- 1 file changed, 80 insertions(+), 4 deletions(-) diff --git a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json index a15c7e1d7dfb..acdf45ac8a67 100644 --- a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json +++ b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json @@ -391,28 +391,104 @@ "actions": { "type": "array", "items": { - "type": "string" + "type": "string", + "enum": [], + "x-ms-enum": { + "modelAsString": true + } }, "description": "Allowed actions." }, "notActions": { "type": "array", "items": { - "type": "string" + "type": "string", + "enum": [], + "x-ms-enum": { + "modelAsString": true + } }, "description": "Denied actions." }, "dataActions": { "type": "array", "items": { - "type": "string" + "type": "string", + "enum": [ + "Microsoft.KeyVault/managedHsm/keys/read/action", + "Microsoft.KeyVault/managedHsm/keys/write/action", + "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action", + "Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action", + "Microsoft.KeyVault/managedHsm/keys/backup/action", + "Microsoft.KeyVault/managedHsm/keys/restore/action", + "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action", + "Microsoft.KeyVault/managedHsm/roleAssignments/read/action", + "Microsoft.KeyVault/managedHsm/roleAssignments/write/action", + "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action", + "Microsoft.KeyVault/managedHsm/keys/encrypt/action", + "Microsoft.KeyVault/managedHsm/keys/decrypt/action", + "Microsoft.KeyVault/managedHsm/keys/wrap/action", + "Microsoft.KeyVault/managedHsm/keys/unwrap/action", + "Microsoft.KeyVault/managedHsm/keys/sign/action", + "Microsoft.KeyVault/managedHsm/keys/verify/action", + "Microsoft.KeyVault/managedHsm/keys/create", + "Microsoft.KeyVault/managedHsm/keys/delete", + "Microsoft.KeyVault/managedHsm/keys/export/action", + "Microsoft.KeyVault/managedHsm/keys/import/action", + "Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete", + "Microsoft.KeyVault/managedHsm/securitydomain/download/action", + "Microsoft.KeyVault/managedHsm/securitydomain/upload/action", + "Microsoft.KeyVault/managedHsm/securitydomain/upload/read", + "Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read", + "Microsoft.KeyVault/managedHsm/backup/start/action", + "Microsoft.KeyVault/managedHsm/restore/start/action", + "Microsoft.KeyVault/managedHsm/backup/status/action", + "Microsoft.KeyVault/managedHsm/restore/status/action" + ], + "x-ms-enum": { + "modelAsString": true + } }, "description": "Allowed Data actions." }, "notDataActions": { "type": "array", "items": { - "type": "string" + "type": "string", + "enum": [ + "Microsoft.KeyVault/managedHsm/keys/read/action", + "Microsoft.KeyVault/managedHsm/keys/write/action", + "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action", + "Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action", + "Microsoft.KeyVault/managedHsm/keys/backup/action", + "Microsoft.KeyVault/managedHsm/keys/restore/action", + "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action", + "Microsoft.KeyVault/managedHsm/roleAssignments/read/action", + "Microsoft.KeyVault/managedHsm/roleAssignments/write/action", + "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action", + "Microsoft.KeyVault/managedHsm/keys/encrypt/action", + "Microsoft.KeyVault/managedHsm/keys/decrypt/action", + "Microsoft.KeyVault/managedHsm/keys/wrap/action", + "Microsoft.KeyVault/managedHsm/keys/unwrap/action", + "Microsoft.KeyVault/managedHsm/keys/sign/action", + "Microsoft.KeyVault/managedHsm/keys/verify/action", + "Microsoft.KeyVault/managedHsm/keys/create", + "Microsoft.KeyVault/managedHsm/keys/delete", + "Microsoft.KeyVault/managedHsm/keys/export/action", + "Microsoft.KeyVault/managedHsm/keys/import/action", + "Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete", + "Microsoft.KeyVault/managedHsm/securitydomain/download/action", + "Microsoft.KeyVault/managedHsm/securitydomain/upload/action", + "Microsoft.KeyVault/managedHsm/securitydomain/upload/read", + "Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read", + "Microsoft.KeyVault/managedHsm/backup/start/action", + "Microsoft.KeyVault/managedHsm/restore/start/action", + "Microsoft.KeyVault/managedHsm/backup/status/action", + "Microsoft.KeyVault/managedHsm/restore/status/action" + ], + "x-ms-enum": { + "modelAsString": true + } }, "description": "Denied Data actions." } From 9d760043dc4efded480024ef598bcd57738467f8 Mon Sep 17 00:00:00 2001 From: Christopher Scott Date: Tue, 12 Jan 2021 14:59:24 -0600 Subject: [PATCH 02/17] anyOf --- .../Microsoft.KeyVault/preview/7.2-preview/rbac.json | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json index acdf45ac8a67..dcbbff40f19f 100644 --- a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json +++ b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json @@ -511,11 +511,13 @@ "x-ms-client-name": "roleType" }, "permissions": { - "type": "array", - "items": { - "$ref": "#/definitions/Permission" - }, - "description": "Role definition permissions." + "anyOf": { + "type": "array", + "items": { + "$ref": "#/definitions/Permission" + }, + "description": "Role definition permissions." + } }, "assignableScopes": { "type": "array", From 55363c73fffa206d1cc88eb5acdb586adaa66a66 Mon Sep 17 00:00:00 2001 From: Christopher Scott Date: Tue, 12 Jan 2021 17:35:28 -0600 Subject: [PATCH 03/17] fixup schema --- .../preview/7.2-preview/rbac.json | 40 ++++++++----------- 1 file changed, 16 insertions(+), 24 deletions(-) diff --git a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json index dcbbff40f19f..bd6766043afd 100644 --- a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json +++ b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json @@ -390,30 +390,23 @@ "properties": { "actions": { "type": "array", + "description": "Allowed actions.", "items": { - "type": "string", - "enum": [], - "x-ms-enum": { - "modelAsString": true - } - }, - "description": "Allowed actions." + "type": "string" + } }, "notActions": { "type": "array", "items": { "type": "string", - "enum": [], - "x-ms-enum": { - "modelAsString": true - } - }, - "description": "Denied actions." + "description": "Denied actions." + } }, "dataActions": { "type": "array", "items": { "type": "string", + "description": "Allowed Data actions.", "enum": [ "Microsoft.KeyVault/managedHsm/keys/read/action", "Microsoft.KeyVault/managedHsm/keys/write/action", @@ -446,15 +439,16 @@ "Microsoft.KeyVault/managedHsm/restore/status/action" ], "x-ms-enum": { + "name": "AllowedDataActions", "modelAsString": true } - }, - "description": "Allowed Data actions." + } }, "notDataActions": { "type": "array", "items": { "type": "string", + "description": "Denied Data actions.", "enum": [ "Microsoft.KeyVault/managedHsm/keys/read/action", "Microsoft.KeyVault/managedHsm/keys/write/action", @@ -487,10 +481,10 @@ "Microsoft.KeyVault/managedHsm/restore/status/action" ], "x-ms-enum": { + "name": "DeniedDataActions", "modelAsString": true } - }, - "description": "Denied Data actions." + } } }, "description": "Role definition permissions." @@ -511,13 +505,11 @@ "x-ms-client-name": "roleType" }, "permissions": { - "anyOf": { - "type": "array", - "items": { - "$ref": "#/definitions/Permission" - }, - "description": "Role definition permissions." - } + "type": "array", + "items": { + "$ref": "#/definitions/Permission" + }, + "description": "Role definition permissions." }, "assignableScopes": { "type": "array", From c69fd38e09d2f053336c2363def6b852d90a462b Mon Sep 17 00:00:00 2001 From: Christopher Scott Date: Tue, 12 Jan 2021 18:13:14 -0600 Subject: [PATCH 04/17] add enums for roleType and roleDefinitionType --- .../preview/7.2-preview/rbac.json | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json index 339a8e24104b..a19d91cf9fab 100644 --- a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json +++ b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json @@ -663,6 +663,14 @@ "type": { "type": "string", "description": "The role type.", + "enum": [ + "AKVBuiltInRole", + "CustomRole" + ], + "x-ms-enum": { + "name": "RoleType", + "modelAsString": true + }, "x-ms-client-name": "roleType" }, "permissions": { @@ -696,8 +704,15 @@ }, "type": { "type": "string", + "description": "The role definition type.", "readOnly": true, - "description": "The role definition type." + "enum": [ + "Microsoft.Authorization/roleDefinitions" + ], + "x-ms-enum": { + "name": "RoleDefinitionType", + "modelAsString": true + } }, "properties": { "x-ms-client-flatten": true, From 81a41f345678475d65000821bf2c133029cfd38b Mon Sep 17 00:00:00 2001 From: Christopher Scott Date: Wed, 13 Jan 2021 08:45:06 -0600 Subject: [PATCH 05/17] add roleScope enum --- .../preview/7.2-preview/rbac.json | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json index a19d91cf9fab..0c71899b2bb2 100644 --- a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json +++ b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json @@ -443,8 +443,7 @@ "RoleAssignmentPropertiesWithScope": { "properties": { "scope": { - "type": "string", - "description": "The role assignment scope." + "$ref": "#/definitions/RoleScope" }, "roleDefinitionId": { "type": "string", @@ -683,7 +682,7 @@ "assignableScopes": { "type": "array", "items": { - "type": "string" + "$ref": "#/definitions/RoleScope" }, "description": "Role definition assignable scopes." } @@ -737,6 +736,18 @@ } }, "description": "Role definition list operation result." + }, + "RoleScope": { + "type": "string", + "description": "The role scope.", + "enum": [ + "/", + "/keys" + ], + "x-ms-enum": { + "name": "RoleScope", + "modelAsString": true + } } }, "parameters": { From ce25ca984b35654740637094ccfd5ce8ef9fc2ee Mon Sep 17 00:00:00 2001 From: Christopher Scott Date: Wed, 13 Jan 2021 09:08:09 -0600 Subject: [PATCH 06/17] scope names --- .../preview/7.2-preview/rbac.json | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json index 0c71899b2bb2..60be886d1079 100644 --- a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json +++ b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json @@ -443,7 +443,7 @@ "RoleAssignmentPropertiesWithScope": { "properties": { "scope": { - "$ref": "#/definitions/RoleScope" + "$ref": "#/definitions/RoleScope" }, "roleDefinitionId": { "type": "string", @@ -746,7 +746,17 @@ ], "x-ms-enum": { "name": "RoleScope", - "modelAsString": true + "modelAsString": true, + "values": [ + { + "value": "Global", + "description": "Global scope" + }, + { + "value": "Keys", + "description": "Keys scope" + } + ] } } }, From 1c0fc6b3277cb7b0bd085682ff0dd919ed288aed Mon Sep 17 00:00:00 2001 From: Christopher Scott Date: Wed, 13 Jan 2021 09:15:08 -0600 Subject: [PATCH 07/17] set name for enum --- .../Microsoft.KeyVault/preview/7.2-preview/rbac.json | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json index 60be886d1079..7651f45f5c2f 100644 --- a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json +++ b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json @@ -749,11 +749,13 @@ "modelAsString": true, "values": [ { - "value": "Global", + "name": "Global", + "value": "/", "description": "Global scope" }, { - "value": "Keys", + "name": "Keys", + "value": "/keys", "description": "Keys scope" } ] From d7657f1d1c43e78679461d8cbdc5cd02dc04a615 Mon Sep 17 00:00:00 2001 From: Christopher Scott Date: Wed, 13 Jan 2021 09:47:47 -0600 Subject: [PATCH 08/17] consolidate DataActions --- .../preview/7.2-preview/rbac.json | 115 +++++++----------- 1 file changed, 41 insertions(+), 74 deletions(-) diff --git a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json index 7651f45f5c2f..c036d77f6770 100644 --- a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json +++ b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json @@ -565,85 +565,13 @@ "dataActions": { "type": "array", "items": { - "type": "string", - "description": "Allowed Data actions.", - "enum": [ - "Microsoft.KeyVault/managedHsm/keys/read/action", - "Microsoft.KeyVault/managedHsm/keys/write/action", - "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action", - "Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action", - "Microsoft.KeyVault/managedHsm/keys/backup/action", - "Microsoft.KeyVault/managedHsm/keys/restore/action", - "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action", - "Microsoft.KeyVault/managedHsm/roleAssignments/read/action", - "Microsoft.KeyVault/managedHsm/roleAssignments/write/action", - "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action", - "Microsoft.KeyVault/managedHsm/keys/encrypt/action", - "Microsoft.KeyVault/managedHsm/keys/decrypt/action", - "Microsoft.KeyVault/managedHsm/keys/wrap/action", - "Microsoft.KeyVault/managedHsm/keys/unwrap/action", - "Microsoft.KeyVault/managedHsm/keys/sign/action", - "Microsoft.KeyVault/managedHsm/keys/verify/action", - "Microsoft.KeyVault/managedHsm/keys/create", - "Microsoft.KeyVault/managedHsm/keys/delete", - "Microsoft.KeyVault/managedHsm/keys/export/action", - "Microsoft.KeyVault/managedHsm/keys/import/action", - "Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete", - "Microsoft.KeyVault/managedHsm/securitydomain/download/action", - "Microsoft.KeyVault/managedHsm/securitydomain/upload/action", - "Microsoft.KeyVault/managedHsm/securitydomain/upload/read", - "Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read", - "Microsoft.KeyVault/managedHsm/backup/start/action", - "Microsoft.KeyVault/managedHsm/restore/start/action", - "Microsoft.KeyVault/managedHsm/backup/status/action", - "Microsoft.KeyVault/managedHsm/restore/status/action" - ], - "x-ms-enum": { - "name": "AllowedDataActions", - "modelAsString": true - } + "$ref": "#/definitions/DataActions" } }, "notDataActions": { "type": "array", "items": { - "type": "string", - "description": "Denied Data actions.", - "enum": [ - "Microsoft.KeyVault/managedHsm/keys/read/action", - "Microsoft.KeyVault/managedHsm/keys/write/action", - "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action", - "Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action", - "Microsoft.KeyVault/managedHsm/keys/backup/action", - "Microsoft.KeyVault/managedHsm/keys/restore/action", - "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action", - "Microsoft.KeyVault/managedHsm/roleAssignments/read/action", - "Microsoft.KeyVault/managedHsm/roleAssignments/write/action", - "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action", - "Microsoft.KeyVault/managedHsm/keys/encrypt/action", - "Microsoft.KeyVault/managedHsm/keys/decrypt/action", - "Microsoft.KeyVault/managedHsm/keys/wrap/action", - "Microsoft.KeyVault/managedHsm/keys/unwrap/action", - "Microsoft.KeyVault/managedHsm/keys/sign/action", - "Microsoft.KeyVault/managedHsm/keys/verify/action", - "Microsoft.KeyVault/managedHsm/keys/create", - "Microsoft.KeyVault/managedHsm/keys/delete", - "Microsoft.KeyVault/managedHsm/keys/export/action", - "Microsoft.KeyVault/managedHsm/keys/import/action", - "Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete", - "Microsoft.KeyVault/managedHsm/securitydomain/download/action", - "Microsoft.KeyVault/managedHsm/securitydomain/upload/action", - "Microsoft.KeyVault/managedHsm/securitydomain/upload/read", - "Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read", - "Microsoft.KeyVault/managedHsm/backup/start/action", - "Microsoft.KeyVault/managedHsm/restore/start/action", - "Microsoft.KeyVault/managedHsm/backup/status/action", - "Microsoft.KeyVault/managedHsm/restore/status/action" - ], - "x-ms-enum": { - "name": "DeniedDataActions", - "modelAsString": true - } + "$ref": "#/definitions/DataActions" } } }, @@ -760,6 +688,45 @@ } ] } + }, + "DataActions": { + "type": "string", + "description": "Data actions.", + "enum": [ + "Microsoft.KeyVault/managedHsm/keys/read/action", + "Microsoft.KeyVault/managedHsm/keys/write/action", + "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action", + "Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action", + "Microsoft.KeyVault/managedHsm/keys/backup/action", + "Microsoft.KeyVault/managedHsm/keys/restore/action", + "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action", + "Microsoft.KeyVault/managedHsm/roleAssignments/read/action", + "Microsoft.KeyVault/managedHsm/roleAssignments/write/action", + "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action", + "Microsoft.KeyVault/managedHsm/keys/encrypt/action", + "Microsoft.KeyVault/managedHsm/keys/decrypt/action", + "Microsoft.KeyVault/managedHsm/keys/wrap/action", + "Microsoft.KeyVault/managedHsm/keys/unwrap/action", + "Microsoft.KeyVault/managedHsm/keys/sign/action", + "Microsoft.KeyVault/managedHsm/keys/verify/action", + "Microsoft.KeyVault/managedHsm/keys/create", + "Microsoft.KeyVault/managedHsm/keys/delete", + "Microsoft.KeyVault/managedHsm/keys/export/action", + "Microsoft.KeyVault/managedHsm/keys/import/action", + "Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete", + "Microsoft.KeyVault/managedHsm/securitydomain/download/action", + "Microsoft.KeyVault/managedHsm/securitydomain/upload/action", + "Microsoft.KeyVault/managedHsm/securitydomain/upload/read", + "Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read", + "Microsoft.KeyVault/managedHsm/backup/start/action", + "Microsoft.KeyVault/managedHsm/restore/start/action", + "Microsoft.KeyVault/managedHsm/backup/status/action", + "Microsoft.KeyVault/managedHsm/restore/status/action" + ], + "x-ms-enum": { + "name": "DataActions", + "modelAsString": true + } } }, "parameters": { From 646d81959860858c180dc153773716c2c921615b Mon Sep 17 00:00:00 2001 From: Christopher Scott Date: Wed, 13 Jan 2021 09:50:06 -0600 Subject: [PATCH 09/17] revert consolidation --- .../preview/7.2-preview/rbac.json | 115 +++++++++++------- 1 file changed, 74 insertions(+), 41 deletions(-) diff --git a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json index c036d77f6770..7651f45f5c2f 100644 --- a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json +++ b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json @@ -565,13 +565,85 @@ "dataActions": { "type": "array", "items": { - "$ref": "#/definitions/DataActions" + "type": "string", + "description": "Allowed Data actions.", + "enum": [ + "Microsoft.KeyVault/managedHsm/keys/read/action", + "Microsoft.KeyVault/managedHsm/keys/write/action", + "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action", + "Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action", + "Microsoft.KeyVault/managedHsm/keys/backup/action", + "Microsoft.KeyVault/managedHsm/keys/restore/action", + "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action", + "Microsoft.KeyVault/managedHsm/roleAssignments/read/action", + "Microsoft.KeyVault/managedHsm/roleAssignments/write/action", + "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action", + "Microsoft.KeyVault/managedHsm/keys/encrypt/action", + "Microsoft.KeyVault/managedHsm/keys/decrypt/action", + "Microsoft.KeyVault/managedHsm/keys/wrap/action", + "Microsoft.KeyVault/managedHsm/keys/unwrap/action", + "Microsoft.KeyVault/managedHsm/keys/sign/action", + "Microsoft.KeyVault/managedHsm/keys/verify/action", + "Microsoft.KeyVault/managedHsm/keys/create", + "Microsoft.KeyVault/managedHsm/keys/delete", + "Microsoft.KeyVault/managedHsm/keys/export/action", + "Microsoft.KeyVault/managedHsm/keys/import/action", + "Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete", + "Microsoft.KeyVault/managedHsm/securitydomain/download/action", + "Microsoft.KeyVault/managedHsm/securitydomain/upload/action", + "Microsoft.KeyVault/managedHsm/securitydomain/upload/read", + "Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read", + "Microsoft.KeyVault/managedHsm/backup/start/action", + "Microsoft.KeyVault/managedHsm/restore/start/action", + "Microsoft.KeyVault/managedHsm/backup/status/action", + "Microsoft.KeyVault/managedHsm/restore/status/action" + ], + "x-ms-enum": { + "name": "AllowedDataActions", + "modelAsString": true + } } }, "notDataActions": { "type": "array", "items": { - "$ref": "#/definitions/DataActions" + "type": "string", + "description": "Denied Data actions.", + "enum": [ + "Microsoft.KeyVault/managedHsm/keys/read/action", + "Microsoft.KeyVault/managedHsm/keys/write/action", + "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action", + "Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action", + "Microsoft.KeyVault/managedHsm/keys/backup/action", + "Microsoft.KeyVault/managedHsm/keys/restore/action", + "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action", + "Microsoft.KeyVault/managedHsm/roleAssignments/read/action", + "Microsoft.KeyVault/managedHsm/roleAssignments/write/action", + "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action", + "Microsoft.KeyVault/managedHsm/keys/encrypt/action", + "Microsoft.KeyVault/managedHsm/keys/decrypt/action", + "Microsoft.KeyVault/managedHsm/keys/wrap/action", + "Microsoft.KeyVault/managedHsm/keys/unwrap/action", + "Microsoft.KeyVault/managedHsm/keys/sign/action", + "Microsoft.KeyVault/managedHsm/keys/verify/action", + "Microsoft.KeyVault/managedHsm/keys/create", + "Microsoft.KeyVault/managedHsm/keys/delete", + "Microsoft.KeyVault/managedHsm/keys/export/action", + "Microsoft.KeyVault/managedHsm/keys/import/action", + "Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete", + "Microsoft.KeyVault/managedHsm/securitydomain/download/action", + "Microsoft.KeyVault/managedHsm/securitydomain/upload/action", + "Microsoft.KeyVault/managedHsm/securitydomain/upload/read", + "Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read", + "Microsoft.KeyVault/managedHsm/backup/start/action", + "Microsoft.KeyVault/managedHsm/restore/start/action", + "Microsoft.KeyVault/managedHsm/backup/status/action", + "Microsoft.KeyVault/managedHsm/restore/status/action" + ], + "x-ms-enum": { + "name": "DeniedDataActions", + "modelAsString": true + } } } }, @@ -688,45 +760,6 @@ } ] } - }, - "DataActions": { - "type": "string", - "description": "Data actions.", - "enum": [ - "Microsoft.KeyVault/managedHsm/keys/read/action", - "Microsoft.KeyVault/managedHsm/keys/write/action", - "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action", - "Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action", - "Microsoft.KeyVault/managedHsm/keys/backup/action", - "Microsoft.KeyVault/managedHsm/keys/restore/action", - "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action", - "Microsoft.KeyVault/managedHsm/roleAssignments/read/action", - "Microsoft.KeyVault/managedHsm/roleAssignments/write/action", - "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action", - "Microsoft.KeyVault/managedHsm/keys/encrypt/action", - "Microsoft.KeyVault/managedHsm/keys/decrypt/action", - "Microsoft.KeyVault/managedHsm/keys/wrap/action", - "Microsoft.KeyVault/managedHsm/keys/unwrap/action", - "Microsoft.KeyVault/managedHsm/keys/sign/action", - "Microsoft.KeyVault/managedHsm/keys/verify/action", - "Microsoft.KeyVault/managedHsm/keys/create", - "Microsoft.KeyVault/managedHsm/keys/delete", - "Microsoft.KeyVault/managedHsm/keys/export/action", - "Microsoft.KeyVault/managedHsm/keys/import/action", - "Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete", - "Microsoft.KeyVault/managedHsm/securitydomain/download/action", - "Microsoft.KeyVault/managedHsm/securitydomain/upload/action", - "Microsoft.KeyVault/managedHsm/securitydomain/upload/read", - "Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read", - "Microsoft.KeyVault/managedHsm/backup/start/action", - "Microsoft.KeyVault/managedHsm/restore/start/action", - "Microsoft.KeyVault/managedHsm/backup/status/action", - "Microsoft.KeyVault/managedHsm/restore/status/action" - ], - "x-ms-enum": { - "name": "DataActions", - "modelAsString": true - } } }, "parameters": { From 1be72824c35a5745291dc84212e21e9427f4dd24 Mon Sep 17 00:00:00 2001 From: Christopher Scott Date: Wed, 13 Jan 2021 10:18:52 -0600 Subject: [PATCH 10/17] enum names and desscriptions --- .../preview/7.2-preview/rbac.json | 311 +++++++++++++++++- 1 file changed, 308 insertions(+), 3 deletions(-) diff --git a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json index 7651f45f5c2f..52dd54ec316e 100644 --- a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json +++ b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json @@ -600,7 +600,154 @@ ], "x-ms-enum": { "name": "AllowedDataActions", - "modelAsString": true + "modelAsString": true, + "values": [ + { + "name": "ReadHsmKey", + "value": "Microsoft.KeyVault/managedHsm/keys/read/action", + "description": "Read HSM key." + }, + { + "name": "WriteHsmKey", + "value": "Microsoft.KeyVault/managedHsm/keys/write/action", + "description": "Create or update HSM key." + }, + { + "name": "DeleteHsmKey", + "value": "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action", + "description": "Delete HSM key." + }, + { + "name": "RecoverDeletedHsmKey", + "value": "Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action", + "description": "Recover deleted HSM key." + }, + { + "name": "BackupHsmKeys", + "value": "Microsoft.KeyVault/managedHsm/keys/backup/action", + "description": "Backup HSM keys." + }, + { + "name": "RestoreHsmKey", + "value": "Microsoft.KeyVault/managedHsm/keys/restore/action", + "description": "Restore HSM keys." + }, + { + "name": "DeleteRoleAssignment", + "value": "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action", + "description": "Delete role assignment." + }, + { + "name": "GetRoleRoleAssignment", + "value": "Microsoft.KeyVault/managedHsm/roleAssignments/read/action", + "description": "Get role assignment." + }, + { + "name": "WriteRoleAssignment", + "value": "Microsoft.KeyVault/managedHsm/roleAssignments/write/action", + "description": "Create or update role assignment." + }, + { + "name": "ReadRoleDefinition", + "value": "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action", + "description": "Get role definition." + }, + { + "name": "EncryptHsmKeys", + "value": "Microsoft.KeyVault/managedHsm/keys/encrypt/action", + "description": "Encrypt HSM keys." + }, + { + "name": "DecryptHsmKeys", + "value": "Microsoft.KeyVault/managedHsm/keys/decrypt/action", + "description": "Decrypt HSM keys." + }, + { + "name": "WrapHsmKeys", + "value": "Microsoft.KeyVault/managedHsm/keys/wrap/action", + "description": "Wrap HSM keys." + }, + { + "name": "UnwrapHsmKeys", + "value": "Microsoft.KeyVault/managedHsm/keys/unwrap/action", + "description": "Unwrap HSM keys." + }, + { + "name": "SignHsmKeys", + "value": "Microsoft.KeyVault/managedHsm/keys/sign/action", + "description": "Sign HSM keys." + }, + { + "name": "VerifyHsmKeys", + "value": "Microsoft.KeyVault/managedHsm/keys/verify/action", + "description": "Verify HSM keys." + }, + { + "name": "CreateHsmKey", + "value": "Microsoft.KeyVault/managedHsm/keys/create", + "description": "Create HSM key." + }, + { + "name": "DeleteHsmKey", + "value": "Microsoft.KeyVault/managedHsm/keys/delete", + "description": "Delete HSM key." + }, + { + "name": "ExportHsmKey", + "value": "Microsoft.KeyVault/managedHsm/keys/export/action", + "description": "Export HSM key." + }, + { + "name": "ImportHsmKey", + "value": "Microsoft.KeyVault/managedHsm/keys/import/action", + "description": "Import HSM key." + }, + { + "name": "PurgeDeletedHsmKey", + "value": "Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete", + "description": "Purge deleted HSM key." + }, + { + "name": "DownloadHsmSecurityDomain", + "value": "Microsoft.KeyVault/managedHsm/securitydomain/download/action", + "description": "Download HSM security domain." + }, + { + "name": "UploadHsmSecurityDomain", + "value": "Microsoft.KeyVault/managedHsm/securitydomain/upload/action", + "description": "Upload HSM security domain." + }, + { + "name": "ReadHsmSecurityDomain", + "value": "Microsoft.KeyVault/managedHsm/securitydomain/upload/read", + "description": "Check the status of the HSM security domain exchange file." + }, + { + "name": "ReadHsmSecurityDomain", + "value": "Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read", + "description": "Download HSM security domain transfer key." + }, + { + "name": "StartHsmBackup", + "value": "Microsoft.KeyVault/managedHsm/backup/start/action", + "description": "Start HSM backup." + }, + { + "name": "StartHsmRestore", + "value": "Microsoft.KeyVault/managedHsm/restore/start/action", + "description": "Start HSM restore." + }, + { + "name": "ReadHsmBackupStatus", + "value": "Microsoft.KeyVault/managedHsm/backup/status/action", + "description": "Read HSM backup status." + }, + { + "name": "ReadHsmResetoreStatus", + "value": "Microsoft.KeyVault/managedHsm/restore/status/action", + "description": "Read HSM restore status." + } + ] } } }, @@ -642,7 +789,154 @@ ], "x-ms-enum": { "name": "DeniedDataActions", - "modelAsString": true + "modelAsString": true, + "values": [ + { + "name": "ReadHsmKey", + "value": "Microsoft.KeyVault/managedHsm/keys/read/action", + "description": "Read HSM key." + }, + { + "name": "WriteHsmKey", + "value": "Microsoft.KeyVault/managedHsm/keys/write/action", + "description": "Create or update HSM key." + }, + { + "name": "DeleteHsmKey", + "value": "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action", + "description": "Delete HSM key." + }, + { + "name": "RecoverDeletedHsmKey", + "value": "Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action", + "description": "Recover deleted HSM key." + }, + { + "name": "BackupHsmKeys", + "value": "Microsoft.KeyVault/managedHsm/keys/backup/action", + "description": "Backup HSM keys." + }, + { + "name": "RestoreHsmKey", + "value": "Microsoft.KeyVault/managedHsm/keys/restore/action", + "description": "Restore HSM keys." + }, + { + "name": "DeleteRoleAssignment", + "value": "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action", + "description": "Delete role assignment." + }, + { + "name": "GetRoleRoleAssignment", + "value": "Microsoft.KeyVault/managedHsm/roleAssignments/read/action", + "description": "Get role assignment." + }, + { + "name": "WriteRoleAssignment", + "value": "Microsoft.KeyVault/managedHsm/roleAssignments/write/action", + "description": "Create or update role assignment." + }, + { + "name": "ReadRoleDefinition", + "value": "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action", + "description": "Get role definition." + }, + { + "name": "EncryptHsmKeys", + "value": "Microsoft.KeyVault/managedHsm/keys/encrypt/action", + "description": "Encrypt HSM keys." + }, + { + "name": "DecryptHsmKeys", + "value": "Microsoft.KeyVault/managedHsm/keys/decrypt/action", + "description": "Decrypt HSM keys." + }, + { + "name": "WrapHsmKeys", + "value": "Microsoft.KeyVault/managedHsm/keys/wrap/action", + "description": "Wrap HSM keys." + }, + { + "name": "UnwrapHsmKeys", + "value": "Microsoft.KeyVault/managedHsm/keys/unwrap/action", + "description": "Unwrap HSM keys." + }, + { + "name": "SignHsmKeys", + "value": "Microsoft.KeyVault/managedHsm/keys/sign/action", + "description": "Sign HSM keys." + }, + { + "name": "VerifyHsmKeys", + "value": "Microsoft.KeyVault/managedHsm/keys/verify/action", + "description": "Verify HSM keys." + }, + { + "name": "CreateHsmKey", + "value": "Microsoft.KeyVault/managedHsm/keys/create", + "description": "Create HSM key." + }, + { + "name": "DeleteHsmKey", + "value": "Microsoft.KeyVault/managedHsm/keys/delete", + "description": "Delete HSM key." + }, + { + "name": "ExportHsmKey", + "value": "Microsoft.KeyVault/managedHsm/keys/export/action", + "description": "Export HSM key." + }, + { + "name": "ImportHsmKey", + "value": "Microsoft.KeyVault/managedHsm/keys/import/action", + "description": "Import HSM key." + }, + { + "name": "PurgeDeletedHsmKey", + "value": "Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete", + "description": "Purge deleted HSM key." + }, + { + "name": "DownloadHsmSecurityDomain", + "value": "Microsoft.KeyVault/managedHsm/securitydomain/download/action", + "description": "Download HSM security domain." + }, + { + "name": "UploadHsmSecurityDomain", + "value": "Microsoft.KeyVault/managedHsm/securitydomain/upload/action", + "description": "Upload HSM security domain." + }, + { + "name": "ReadHsmSecurityDomain", + "value": "Microsoft.KeyVault/managedHsm/securitydomain/upload/read", + "description": "Check the status of the HSM security domain exchange file." + }, + { + "name": "ReadHsmSecurityDomain", + "value": "Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read", + "description": "Download HSM security domain transfer key." + }, + { + "name": "StartHsmBackup", + "value": "Microsoft.KeyVault/managedHsm/backup/start/action", + "description": "Start HSM backup." + }, + { + "name": "StartHsmRestore", + "value": "Microsoft.KeyVault/managedHsm/restore/start/action", + "description": "Start HSM restore." + }, + { + "name": "ReadHsmBackupStatus", + "value": "Microsoft.KeyVault/managedHsm/backup/status/action", + "description": "Read HSM backup status." + }, + { + "name": "ReadHsmResetoreStatus", + "value": "Microsoft.KeyVault/managedHsm/restore/status/action", + "description": "Read HSM restore status." + } + ] } } } @@ -668,7 +962,18 @@ ], "x-ms-enum": { "name": "RoleType", - "modelAsString": true + "modelAsString": true, + "values": [ + { + "name": "BuiltInRole", + "value": "AKVBuiltInRole", + "description": "Built in role." + }, + { + "value": "CustomRole", + "description": "Custom role." + } + ] }, "x-ms-client-name": "roleType" }, From c94850741db8f1718c68a7a539ebaabf904fbab7 Mon Sep 17 00:00:00 2001 From: Christopher Scott Date: Wed, 13 Jan 2021 10:22:39 -0600 Subject: [PATCH 11/17] fix ReadDeletedHsmKey --- .../Microsoft.KeyVault/preview/7.2-preview/rbac.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json index 52dd54ec316e..4bda79a4ff60 100644 --- a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json +++ b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json @@ -613,9 +613,9 @@ "description": "Create or update HSM key." }, { - "name": "DeleteHsmKey", + "name": "ReadDeletedHsmKey", "value": "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action", - "description": "Delete HSM key." + "description": "Read deleted HSM key." }, { "name": "RecoverDeletedHsmKey", @@ -802,9 +802,9 @@ "description": "Create or update HSM key." }, { - "name": "DeleteHsmKey", + "name": "ReadDeleteHsmKey", "value": "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action", - "description": "Delete HSM key." + "description": "Read deleted HSM key." }, { "name": "RecoverDeletedHsmKey", From 4bd8acb2d4fcaaa0f5615614fcf65bfda89292d4 Mon Sep 17 00:00:00 2001 From: Christopher Scott Date: Wed, 13 Jan 2021 10:26:19 -0600 Subject: [PATCH 12/17] ReadHsmSecurityDomainTransferKey --- .../Microsoft.KeyVault/preview/7.2-preview/rbac.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json index 4bda79a4ff60..cd6fdd7e32cb 100644 --- a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json +++ b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json @@ -718,12 +718,12 @@ "description": "Upload HSM security domain." }, { - "name": "ReadHsmSecurityDomain", + "name": "ReadHsmSecurityDomainStatus", "value": "Microsoft.KeyVault/managedHsm/securitydomain/upload/read", "description": "Check the status of the HSM security domain exchange file." }, { - "name": "ReadHsmSecurityDomain", + "name": "ReadHsmSecurityDomainTransferKey", "value": "Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read", "description": "Download HSM security domain transfer key." }, @@ -907,12 +907,12 @@ "description": "Upload HSM security domain." }, { - "name": "ReadHsmSecurityDomain", + "name": "ReadHsmSecurityDomainStatus", "value": "Microsoft.KeyVault/managedHsm/securitydomain/upload/read", "description": "Check the status of the HSM security domain exchange file." }, { - "name": "ReadHsmSecurityDomain", + "name": "ReadHsmSecurityDomainTransferKey", "value": "Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read", "description": "Download HSM security domain transfer key." }, From 1323b51eeb5ca8a5c2edbfe431d9c779fa5c20e1 Mon Sep 17 00:00:00 2001 From: Christopher Scott Date: Wed, 13 Jan 2021 14:51:06 -0600 Subject: [PATCH 13/17] spellcheck --- .../Microsoft.KeyVault/preview/7.2-preview/rbac.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json index cd6fdd7e32cb..53407d5c3206 100644 --- a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json +++ b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json @@ -743,7 +743,7 @@ "description": "Read HSM backup status." }, { - "name": "ReadHsmResetoreStatus", + "name": "ReadHsmRestoreStatus", "value": "Microsoft.KeyVault/managedHsm/restore/status/action", "description": "Read HSM restore status." } @@ -932,7 +932,7 @@ "description": "Read HSM backup status." }, { - "name": "ReadHsmResetoreStatus", + "name": "ReadHsmRestoreStatus", "value": "Microsoft.KeyVault/managedHsm/restore/status/action", "description": "Read HSM restore status." } From c9ccfcb21ab1e3c5321b718851d8b69b012e206b Mon Sep 17 00:00:00 2001 From: Christopher Scott Date: Thu, 14 Jan 2021 10:02:43 -0600 Subject: [PATCH 14/17] pr comments --- .../preview/7.2-preview/rbac.json | 561 ++++++------------ 1 file changed, 192 insertions(+), 369 deletions(-) diff --git a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json index 53407d5c3206..92e7bad65e83 100644 --- a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json +++ b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json @@ -557,387 +557,24 @@ }, "notActions": { "type": "array", + "description": "Not actions.", "items": { "type": "string", - "description": "Denied actions." + "description": "Not actions." } }, "dataActions": { "type": "array", + "description": "Allowed data actions.", "items": { - "type": "string", - "description": "Allowed Data actions.", - "enum": [ - "Microsoft.KeyVault/managedHsm/keys/read/action", - "Microsoft.KeyVault/managedHsm/keys/write/action", - "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action", - "Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action", - "Microsoft.KeyVault/managedHsm/keys/backup/action", - "Microsoft.KeyVault/managedHsm/keys/restore/action", - "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action", - "Microsoft.KeyVault/managedHsm/roleAssignments/read/action", - "Microsoft.KeyVault/managedHsm/roleAssignments/write/action", - "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action", - "Microsoft.KeyVault/managedHsm/keys/encrypt/action", - "Microsoft.KeyVault/managedHsm/keys/decrypt/action", - "Microsoft.KeyVault/managedHsm/keys/wrap/action", - "Microsoft.KeyVault/managedHsm/keys/unwrap/action", - "Microsoft.KeyVault/managedHsm/keys/sign/action", - "Microsoft.KeyVault/managedHsm/keys/verify/action", - "Microsoft.KeyVault/managedHsm/keys/create", - "Microsoft.KeyVault/managedHsm/keys/delete", - "Microsoft.KeyVault/managedHsm/keys/export/action", - "Microsoft.KeyVault/managedHsm/keys/import/action", - "Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete", - "Microsoft.KeyVault/managedHsm/securitydomain/download/action", - "Microsoft.KeyVault/managedHsm/securitydomain/upload/action", - "Microsoft.KeyVault/managedHsm/securitydomain/upload/read", - "Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read", - "Microsoft.KeyVault/managedHsm/backup/start/action", - "Microsoft.KeyVault/managedHsm/restore/start/action", - "Microsoft.KeyVault/managedHsm/backup/status/action", - "Microsoft.KeyVault/managedHsm/restore/status/action" - ], - "x-ms-enum": { - "name": "AllowedDataActions", - "modelAsString": true, - "values": [ - { - "name": "ReadHsmKey", - "value": "Microsoft.KeyVault/managedHsm/keys/read/action", - "description": "Read HSM key." - }, - { - "name": "WriteHsmKey", - "value": "Microsoft.KeyVault/managedHsm/keys/write/action", - "description": "Create or update HSM key." - }, - { - "name": "ReadDeletedHsmKey", - "value": "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action", - "description": "Read deleted HSM key." - }, - { - "name": "RecoverDeletedHsmKey", - "value": "Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action", - "description": "Recover deleted HSM key." - }, - { - "name": "BackupHsmKeys", - "value": "Microsoft.KeyVault/managedHsm/keys/backup/action", - "description": "Backup HSM keys." - }, - { - "name": "RestoreHsmKey", - "value": "Microsoft.KeyVault/managedHsm/keys/restore/action", - "description": "Restore HSM keys." - }, - { - "name": "DeleteRoleAssignment", - "value": "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action", - "description": "Delete role assignment." - }, - { - "name": "GetRoleRoleAssignment", - "value": "Microsoft.KeyVault/managedHsm/roleAssignments/read/action", - "description": "Get role assignment." - }, - { - "name": "WriteRoleAssignment", - "value": "Microsoft.KeyVault/managedHsm/roleAssignments/write/action", - "description": "Create or update role assignment." - }, - { - "name": "ReadRoleDefinition", - "value": "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action", - "description": "Get role definition." - }, - { - "name": "EncryptHsmKeys", - "value": "Microsoft.KeyVault/managedHsm/keys/encrypt/action", - "description": "Encrypt HSM keys." - }, - { - "name": "DecryptHsmKeys", - "value": "Microsoft.KeyVault/managedHsm/keys/decrypt/action", - "description": "Decrypt HSM keys." - }, - { - "name": "WrapHsmKeys", - "value": "Microsoft.KeyVault/managedHsm/keys/wrap/action", - "description": "Wrap HSM keys." - }, - { - "name": "UnwrapHsmKeys", - "value": "Microsoft.KeyVault/managedHsm/keys/unwrap/action", - "description": "Unwrap HSM keys." - }, - { - "name": "SignHsmKeys", - "value": "Microsoft.KeyVault/managedHsm/keys/sign/action", - "description": "Sign HSM keys." - }, - { - "name": "VerifyHsmKeys", - "value": "Microsoft.KeyVault/managedHsm/keys/verify/action", - "description": "Verify HSM keys." - }, - { - "name": "CreateHsmKey", - "value": "Microsoft.KeyVault/managedHsm/keys/create", - "description": "Create HSM key." - }, - { - "name": "DeleteHsmKey", - "value": "Microsoft.KeyVault/managedHsm/keys/delete", - "description": "Delete HSM key." - }, - { - "name": "ExportHsmKey", - "value": "Microsoft.KeyVault/managedHsm/keys/export/action", - "description": "Export HSM key." - }, - { - "name": "ImportHsmKey", - "value": "Microsoft.KeyVault/managedHsm/keys/import/action", - "description": "Import HSM key." - }, - { - "name": "PurgeDeletedHsmKey", - "value": "Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete", - "description": "Purge deleted HSM key." - }, - { - "name": "DownloadHsmSecurityDomain", - "value": "Microsoft.KeyVault/managedHsm/securitydomain/download/action", - "description": "Download HSM security domain." - }, - { - "name": "UploadHsmSecurityDomain", - "value": "Microsoft.KeyVault/managedHsm/securitydomain/upload/action", - "description": "Upload HSM security domain." - }, - { - "name": "ReadHsmSecurityDomainStatus", - "value": "Microsoft.KeyVault/managedHsm/securitydomain/upload/read", - "description": "Check the status of the HSM security domain exchange file." - }, - { - "name": "ReadHsmSecurityDomainTransferKey", - "value": "Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read", - "description": "Download HSM security domain transfer key." - }, - { - "name": "StartHsmBackup", - "value": "Microsoft.KeyVault/managedHsm/backup/start/action", - "description": "Start HSM backup." - }, - { - "name": "StartHsmRestore", - "value": "Microsoft.KeyVault/managedHsm/restore/start/action", - "description": "Start HSM restore." - }, - { - "name": "ReadHsmBackupStatus", - "value": "Microsoft.KeyVault/managedHsm/backup/status/action", - "description": "Read HSM backup status." - }, - { - "name": "ReadHsmRestoreStatus", - "value": "Microsoft.KeyVault/managedHsm/restore/status/action", - "description": "Read HSM restore status." - } - ] - } + "$ref": "#/definitions/DataActionPermissions" } }, "notDataActions": { "type": "array", + "description": "Not data actions.", "items": { - "type": "string", - "description": "Denied Data actions.", - "enum": [ - "Microsoft.KeyVault/managedHsm/keys/read/action", - "Microsoft.KeyVault/managedHsm/keys/write/action", - "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action", - "Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action", - "Microsoft.KeyVault/managedHsm/keys/backup/action", - "Microsoft.KeyVault/managedHsm/keys/restore/action", - "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action", - "Microsoft.KeyVault/managedHsm/roleAssignments/read/action", - "Microsoft.KeyVault/managedHsm/roleAssignments/write/action", - "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action", - "Microsoft.KeyVault/managedHsm/keys/encrypt/action", - "Microsoft.KeyVault/managedHsm/keys/decrypt/action", - "Microsoft.KeyVault/managedHsm/keys/wrap/action", - "Microsoft.KeyVault/managedHsm/keys/unwrap/action", - "Microsoft.KeyVault/managedHsm/keys/sign/action", - "Microsoft.KeyVault/managedHsm/keys/verify/action", - "Microsoft.KeyVault/managedHsm/keys/create", - "Microsoft.KeyVault/managedHsm/keys/delete", - "Microsoft.KeyVault/managedHsm/keys/export/action", - "Microsoft.KeyVault/managedHsm/keys/import/action", - "Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete", - "Microsoft.KeyVault/managedHsm/securitydomain/download/action", - "Microsoft.KeyVault/managedHsm/securitydomain/upload/action", - "Microsoft.KeyVault/managedHsm/securitydomain/upload/read", - "Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read", - "Microsoft.KeyVault/managedHsm/backup/start/action", - "Microsoft.KeyVault/managedHsm/restore/start/action", - "Microsoft.KeyVault/managedHsm/backup/status/action", - "Microsoft.KeyVault/managedHsm/restore/status/action" - ], - "x-ms-enum": { - "name": "DeniedDataActions", - "modelAsString": true, - "values": [ - { - "name": "ReadHsmKey", - "value": "Microsoft.KeyVault/managedHsm/keys/read/action", - "description": "Read HSM key." - }, - { - "name": "WriteHsmKey", - "value": "Microsoft.KeyVault/managedHsm/keys/write/action", - "description": "Create or update HSM key." - }, - { - "name": "ReadDeleteHsmKey", - "value": "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action", - "description": "Read deleted HSM key." - }, - { - "name": "RecoverDeletedHsmKey", - "value": "Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action", - "description": "Recover deleted HSM key." - }, - { - "name": "BackupHsmKeys", - "value": "Microsoft.KeyVault/managedHsm/keys/backup/action", - "description": "Backup HSM keys." - }, - { - "name": "RestoreHsmKey", - "value": "Microsoft.KeyVault/managedHsm/keys/restore/action", - "description": "Restore HSM keys." - }, - { - "name": "DeleteRoleAssignment", - "value": "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action", - "description": "Delete role assignment." - }, - { - "name": "GetRoleRoleAssignment", - "value": "Microsoft.KeyVault/managedHsm/roleAssignments/read/action", - "description": "Get role assignment." - }, - { - "name": "WriteRoleAssignment", - "value": "Microsoft.KeyVault/managedHsm/roleAssignments/write/action", - "description": "Create or update role assignment." - }, - { - "name": "ReadRoleDefinition", - "value": "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action", - "description": "Get role definition." - }, - { - "name": "EncryptHsmKeys", - "value": "Microsoft.KeyVault/managedHsm/keys/encrypt/action", - "description": "Encrypt HSM keys." - }, - { - "name": "DecryptHsmKeys", - "value": "Microsoft.KeyVault/managedHsm/keys/decrypt/action", - "description": "Decrypt HSM keys." - }, - { - "name": "WrapHsmKeys", - "value": "Microsoft.KeyVault/managedHsm/keys/wrap/action", - "description": "Wrap HSM keys." - }, - { - "name": "UnwrapHsmKeys", - "value": "Microsoft.KeyVault/managedHsm/keys/unwrap/action", - "description": "Unwrap HSM keys." - }, - { - "name": "SignHsmKeys", - "value": "Microsoft.KeyVault/managedHsm/keys/sign/action", - "description": "Sign HSM keys." - }, - { - "name": "VerifyHsmKeys", - "value": "Microsoft.KeyVault/managedHsm/keys/verify/action", - "description": "Verify HSM keys." - }, - { - "name": "CreateHsmKey", - "value": "Microsoft.KeyVault/managedHsm/keys/create", - "description": "Create HSM key." - }, - { - "name": "DeleteHsmKey", - "value": "Microsoft.KeyVault/managedHsm/keys/delete", - "description": "Delete HSM key." - }, - { - "name": "ExportHsmKey", - "value": "Microsoft.KeyVault/managedHsm/keys/export/action", - "description": "Export HSM key." - }, - { - "name": "ImportHsmKey", - "value": "Microsoft.KeyVault/managedHsm/keys/import/action", - "description": "Import HSM key." - }, - { - "name": "PurgeDeletedHsmKey", - "value": "Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete", - "description": "Purge deleted HSM key." - }, - { - "name": "DownloadHsmSecurityDomain", - "value": "Microsoft.KeyVault/managedHsm/securitydomain/download/action", - "description": "Download HSM security domain." - }, - { - "name": "UploadHsmSecurityDomain", - "value": "Microsoft.KeyVault/managedHsm/securitydomain/upload/action", - "description": "Upload HSM security domain." - }, - { - "name": "ReadHsmSecurityDomainStatus", - "value": "Microsoft.KeyVault/managedHsm/securitydomain/upload/read", - "description": "Check the status of the HSM security domain exchange file." - }, - { - "name": "ReadHsmSecurityDomainTransferKey", - "value": "Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read", - "description": "Download HSM security domain transfer key." - }, - { - "name": "StartHsmBackup", - "value": "Microsoft.KeyVault/managedHsm/backup/start/action", - "description": "Start HSM backup." - }, - { - "name": "StartHsmRestore", - "value": "Microsoft.KeyVault/managedHsm/restore/start/action", - "description": "Start HSM restore." - }, - { - "name": "ReadHsmBackupStatus", - "value": "Microsoft.KeyVault/managedHsm/backup/status/action", - "description": "Read HSM backup status." - }, - { - "name": "ReadHsmRestoreStatus", - "value": "Microsoft.KeyVault/managedHsm/restore/status/action", - "description": "Read HSM restore status." - } - ] - } + "$ref": "#/definitions/DataActionPermissions" } } }, @@ -1065,6 +702,192 @@ } ] } + }, + "DataActionPermissions": { + "type": "string", + "description": "Allowed Data actions.", + "enum": [ + "Microsoft.KeyVault/managedHsm/keys/read/action", + "Microsoft.KeyVault/managedHsm/keys/write/action", + "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action", + "Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action", + "Microsoft.KeyVault/managedHsm/keys/backup/action", + "Microsoft.KeyVault/managedHsm/keys/restore/action", + "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action", + "Microsoft.KeyVault/managedHsm/roleAssignments/read/action", + "Microsoft.KeyVault/managedHsm/roleAssignments/write/action", + "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action", + "Microsoft.KeyVault/managedHsm/keys/encrypt/action", + "Microsoft.KeyVault/managedHsm/keys/decrypt/action", + "Microsoft.KeyVault/managedHsm/keys/wrap/action", + "Microsoft.KeyVault/managedHsm/keys/unwrap/action", + "Microsoft.KeyVault/managedHsm/keys/sign/action", + "Microsoft.KeyVault/managedHsm/keys/verify/action", + "Microsoft.KeyVault/managedHsm/keys/create", + "Microsoft.KeyVault/managedHsm/keys/delete", + "Microsoft.KeyVault/managedHsm/keys/export/action", + "Microsoft.KeyVault/managedHsm/keys/import/action", + "Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete", + "Microsoft.KeyVault/managedHsm/securitydomain/download/action", + "Microsoft.KeyVault/managedHsm/securitydomain/upload/action", + "Microsoft.KeyVault/managedHsm/securitydomain/upload/read", + "Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read", + "Microsoft.KeyVault/managedHsm/backup/start/action", + "Microsoft.KeyVault/managedHsm/restore/start/action", + "Microsoft.KeyVault/managedHsm/backup/status/action", + "Microsoft.KeyVault/managedHsm/restore/status/action" + ], + "x-ms-enum": { + "name": "DataActions", + "modelAsString": true, + "values": [ + { + "name": "ReadHsmKey", + "value": "Microsoft.KeyVault/managedHsm/keys/read/action", + "description": "Read HSM key metadata." + }, + { + "name": "WriteHsmKey", + "value": "Microsoft.KeyVault/managedHsm/keys/write/action", + "description": "Update an HSM key." + }, + { + "name": "ReadDeletedHsmKey", + "value": "Microsoft.KeyVault/managedHsm/keys/deletedKeys/read/action", + "description": "Read deleted HSM key." + }, + { + "name": "RecoverDeletedHsmKey", + "value": "Microsoft.KeyVault/managedHsm/keys/deletedKeys/recover/action", + "description": "Recover deleted HSM key." + }, + { + "name": "BackupHsmKeys", + "value": "Microsoft.KeyVault/managedHsm/keys/backup/action", + "description": "Backup HSM keys." + }, + { + "name": "RestoreHsmKey", + "value": "Microsoft.KeyVault/managedHsm/keys/restore/action", + "description": "Restore HSM keys." + }, + { + "name": "DeleteRoleAssignment", + "value": "Microsoft.KeyVault/managedHsm/roleAssignments/delete/action", + "description": "Delete role assignment." + }, + { + "name": "GetRoleAssignment", + "value": "Microsoft.KeyVault/managedHsm/roleAssignments/read/action", + "description": "Get role assignment." + }, + { + "name": "WriteRoleAssignment", + "value": "Microsoft.KeyVault/managedHsm/roleAssignments/write/action", + "description": "Create or update role assignment." + }, + { + "name": "ReadRoleDefinition", + "value": "Microsoft.KeyVault/managedHsm/roleDefinitions/read/action", + "description": "Get role definition." + }, + { + "name": "KeyEncrypt", + "value": "Microsoft.KeyVault/managedHsm/keys/encrypt/action", + "description": "Encrypt using an HSM key." + }, + { + "name": "KeyDecrypt", + "value": "Microsoft.KeyVault/managedHsm/keys/decrypt/action", + "description": "Decrypt using an HSM key." + }, + { + "name": "KeyWrap", + "value": "Microsoft.KeyVault/managedHsm/keys/wrap/action", + "description": "Wrap using an HSM key." + }, + { + "name": "KeyUnwrap", + "value": "Microsoft.KeyVault/managedHsm/keys/unwrap/action", + "description": "Unwrap using an HSM key." + }, + { + "name": "KeySign", + "value": "Microsoft.KeyVault/managedHsm/keys/sign/action", + "description": "Sign using an HSM key." + }, + { + "name": "KeyVerify", + "value": "Microsoft.KeyVault/managedHsm/keys/verify/action", + "description": "Verify using an HSM key." + }, + { + "name": "KeyCreate", + "value": "Microsoft.KeyVault/managedHsm/keys/create", + "description": "Create an HSM key." + }, + { + "name": "KeyDelete", + "value": "Microsoft.KeyVault/managedHsm/keys/delete", + "description": "Delete an HSM key." + }, + { + "name": "KeyExport", + "value": "Microsoft.KeyVault/managedHsm/keys/export/action", + "description": "Export an HSM key." + }, + { + "name": "KeyImport", + "value": "Microsoft.KeyVault/managedHsm/keys/import/action", + "description": "Import an HSM key." + }, + { + "name": "KeyPurgeDeleted", + "value": "Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete", + "description": "Purge a deleted HSM key." + }, + { + "name": "DownloadHsmSecurityDomain", + "value": "Microsoft.KeyVault/managedHsm/securitydomain/download/action", + "description": "Download an HSM security domain." + }, + { + "name": "UploadHsmSecurityDomain", + "value": "Microsoft.KeyVault/managedHsm/securitydomain/upload/action", + "description": "Upload an HSM security domain." + }, + { + "name": "ReadHsmSecurityDomainStatus", + "value": "Microsoft.KeyVault/managedHsm/securitydomain/upload/read", + "description": "Check the status of the HSM security domain exchange file." + }, + { + "name": "ReadHsmSecurityDomainTransferKey", + "value": "Microsoft.KeyVault/managedHsm/securitydomain/transferkey/read", + "description": "Download an HSM security domain transfer key." + }, + { + "name": "StartHsmBackup", + "value": "Microsoft.KeyVault/managedHsm/backup/start/action", + "description": "Start an HSM backup." + }, + { + "name": "StartHsmRestore", + "value": "Microsoft.KeyVault/managedHsm/restore/start/action", + "description": "Start an HSM restore." + }, + { + "name": "ReadHsmBackupStatus", + "value": "Microsoft.KeyVault/managedHsm/backup/status/action", + "description": "Read an HSM backup status." + }, + { + "name": "ReadHsmRestoreStatus", + "value": "Microsoft.KeyVault/managedHsm/restore/status/action", + "description": "Read an HSM restore status." + } + ] + } } }, "parameters": { From ad6dcfda83787bcdbafad0e02d5312e76a5414f4 Mon Sep 17 00:00:00 2001 From: Christopher Scott Date: Thu, 14 Jan 2021 15:51:31 -0600 Subject: [PATCH 15/17] renames and description changes --- .../preview/7.2-preview/rbac.json | 40 +++++++++---------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json index 92e7bad65e83..1ecd3d30237a 100644 --- a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json +++ b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json @@ -550,14 +550,14 @@ "properties": { "actions": { "type": "array", - "description": "Allowed actions.", + "description": "ACtion permissions that are granted.", "items": { "type": "string" } }, "notActions": { "type": "array", - "description": "Not actions.", + "description": "Action permissions that are excluded but not denied. They may be granted by other role definitions assigned to a principal.", "items": { "type": "string", "description": "Not actions." @@ -565,16 +565,16 @@ }, "dataActions": { "type": "array", - "description": "Allowed data actions.", + "description": "Data action permissions that are granted.", "items": { - "$ref": "#/definitions/DataActionPermissions" + "$ref": "#/definitions/DataActionPermission" } }, "notDataActions": { "type": "array", - "description": "Not data actions.", + "description": "Data action permissions that are excluded but not denied. They may be granted by other role definitions assigned to a principal.", "items": { - "$ref": "#/definitions/DataActionPermissions" + "$ref": "#/definitions/DataActionPermission" } } }, @@ -703,9 +703,9 @@ ] } }, - "DataActionPermissions": { + "DataActionPermission": { "type": "string", - "description": "Allowed Data actions.", + "description": "Supported permissions for data actions.", "enum": [ "Microsoft.KeyVault/managedHsm/keys/read/action", "Microsoft.KeyVault/managedHsm/keys/write/action", @@ -738,7 +738,7 @@ "Microsoft.KeyVault/managedHsm/restore/status/action" ], "x-ms-enum": { - "name": "DataActions", + "name": "DataActionPermission", "modelAsString": true, "values": [ { @@ -792,57 +792,57 @@ "description": "Get role definition." }, { - "name": "KeyEncrypt", + "name": "EncryptHsmKey", "value": "Microsoft.KeyVault/managedHsm/keys/encrypt/action", "description": "Encrypt using an HSM key." }, { - "name": "KeyDecrypt", + "name": "DecryptHsmKey", "value": "Microsoft.KeyVault/managedHsm/keys/decrypt/action", "description": "Decrypt using an HSM key." }, { - "name": "KeyWrap", + "name": "WrapHsmKey", "value": "Microsoft.KeyVault/managedHsm/keys/wrap/action", "description": "Wrap using an HSM key." }, { - "name": "KeyUnwrap", + "name": "UnwrapHsmKey", "value": "Microsoft.KeyVault/managedHsm/keys/unwrap/action", "description": "Unwrap using an HSM key." }, { - "name": "KeySign", + "name": "SignHsmKey", "value": "Microsoft.KeyVault/managedHsm/keys/sign/action", "description": "Sign using an HSM key." }, { - "name": "KeyVerify", + "name": "VerifyHsmKey", "value": "Microsoft.KeyVault/managedHsm/keys/verify/action", "description": "Verify using an HSM key." }, { - "name": "KeyCreate", + "name": "CreateHsmKey", "value": "Microsoft.KeyVault/managedHsm/keys/create", "description": "Create an HSM key." }, { - "name": "KeyDelete", + "name": "DeleteHsmKey", "value": "Microsoft.KeyVault/managedHsm/keys/delete", "description": "Delete an HSM key." }, { - "name": "KeyExport", + "name": "ExportHsmKey", "value": "Microsoft.KeyVault/managedHsm/keys/export/action", "description": "Export an HSM key." }, { - "name": "KeyImport", + "name": "ImportHsmKey", "value": "Microsoft.KeyVault/managedHsm/keys/import/action", "description": "Import an HSM key." }, { - "name": "KeyPurgeDeleted", + "name": "PurgeDeletedHsmKey", "value": "Microsoft.KeyVault/managedHsm/keys/deletedKeys/delete", "description": "Purge a deleted HSM key." }, From 6d63c69ef54b38880e9b2fc4c6f6685df43bc2ac Mon Sep 17 00:00:00 2001 From: Christopher Scott Date: Thu, 14 Jan 2021 15:55:26 -0600 Subject: [PATCH 16/17] Update specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json Co-authored-by: David Desberg --- .../data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json index 1ecd3d30237a..e90735eda751 100644 --- a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json +++ b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json @@ -550,7 +550,7 @@ "properties": { "actions": { "type": "array", - "description": "ACtion permissions that are granted.", + "description": "Action permissions that are granted.", "items": { "type": "string" } From d5d9907929ab68084a0b1e8044fe9ed2ecf7271f Mon Sep 17 00:00:00 2001 From: Christopher Scott Date: Thu, 21 Jan 2021 16:06:32 -0600 Subject: [PATCH 17/17] renames --- .../Microsoft.KeyVault/preview/7.2-preview/rbac.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json index e90735eda751..6651c328c5fb 100644 --- a/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json +++ b/specification/keyvault/data-plane/Microsoft.KeyVault/preview/7.2-preview/rbac.json @@ -567,14 +567,14 @@ "type": "array", "description": "Data action permissions that are granted.", "items": { - "$ref": "#/definitions/DataActionPermission" + "$ref": "#/definitions/DataAction" } }, "notDataActions": { "type": "array", "description": "Data action permissions that are excluded but not denied. They may be granted by other role definitions assigned to a principal.", "items": { - "$ref": "#/definitions/DataActionPermission" + "$ref": "#/definitions/DataAction" } } }, @@ -703,7 +703,7 @@ ] } }, - "DataActionPermission": { + "DataAction": { "type": "string", "description": "Supported permissions for data actions.", "enum": [ @@ -738,7 +738,7 @@ "Microsoft.KeyVault/managedHsm/restore/status/action" ], "x-ms-enum": { - "name": "DataActionPermission", + "name": "DataAction", "modelAsString": true, "values": [ { @@ -767,7 +767,7 @@ "description": "Backup HSM keys." }, { - "name": "RestoreHsmKey", + "name": "RestoreHsmKeys", "value": "Microsoft.KeyVault/managedHsm/keys/restore/action", "description": "Restore HSM keys." },