diff --git a/specification/containerservice/resource-manager/Microsoft.ContainerService/preview/2022-04-02-preview/examples/TrustedAccessRoleBindings_CreateOrUpdate.json b/specification/containerservice/resource-manager/Microsoft.ContainerService/preview/2022-04-02-preview/examples/TrustedAccessRoleBindings_CreateOrUpdate.json new file mode 100644 index 000000000000..b1e661f78e56 --- /dev/null +++ b/specification/containerservice/resource-manager/Microsoft.ContainerService/preview/2022-04-02-preview/examples/TrustedAccessRoleBindings_CreateOrUpdate.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2022-04-02-preview", + "subscriptionId": "subid1", + "resourceGroupName": "rg1", + "resourceName": "clustername1", + "trustedAccessRoleBindingName": "binding1", + "trustedAccessRoleBinding": { + "properties": { + "sourceResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/b/providers/Microsoft.MachineLearningServices/workspaces/c", + "roles": [ + "Microsoft.MachineLearningServices/workspaces/reader", + "Microsoft.MachineLearningServices/workspaces/writer" + ] + } + } + }, + "responses": { + "202": { + "body": { + "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1/trustedAccessRoleBindings/binding1", + "type": "Microsoft.ContainerService/managedClusters/trustedAccessRoleBindings", + "name": "binding1", + "properties": { + "sourceResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/b/providers/Microsoft.MachineLearningServices/workspaces/c", + "roles": [ + "Microsoft.MachineLearningServices/workspaces/reader", + "Microsoft.MachineLearningServices/workspaces/writer" + ] + } + } + } + } +} diff --git a/specification/containerservice/resource-manager/Microsoft.ContainerService/preview/2022-04-02-preview/examples/TrustedAccessRoleBindings_Delete.json b/specification/containerservice/resource-manager/Microsoft.ContainerService/preview/2022-04-02-preview/examples/TrustedAccessRoleBindings_Delete.json new file mode 100644 index 000000000000..0cde3dde2598 --- /dev/null +++ b/specification/containerservice/resource-manager/Microsoft.ContainerService/preview/2022-04-02-preview/examples/TrustedAccessRoleBindings_Delete.json @@ -0,0 +1,13 @@ +{ + "parameters": { + "api-version": "2022-04-02-preview", + "subscriptionId": "subid1", + "resourceGroupName": "rg1", + "resourceName": "clustername1", + "trustedAccessRoleBindingName": "binding1" + }, + "responses": { + "200": {}, + "204": {} + } +} diff --git a/specification/containerservice/resource-manager/Microsoft.ContainerService/preview/2022-04-02-preview/examples/TrustedAccessRoleBindings_Get.json b/specification/containerservice/resource-manager/Microsoft.ContainerService/preview/2022-04-02-preview/examples/TrustedAccessRoleBindings_Get.json new file mode 100644 index 000000000000..4ca0413424d7 --- /dev/null +++ b/specification/containerservice/resource-manager/Microsoft.ContainerService/preview/2022-04-02-preview/examples/TrustedAccessRoleBindings_Get.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "api-version": "2022-04-02-preview", + "subscriptionId": "subid1", + "resourceGroupName": "rg1", + "resourceName": "clustername1", + "trustedAccessRoleBindingName": "binding1" + }, + "responses": { + "200": { + "body": { + "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1/trustedAccessRoleBindings/binding1", + "type": "Microsoft.ContainerService/managedClusters/trustedAccessRoleBindings", + "name": "binding1", + "properties": { + "sourceResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/b/providers/Microsoft.MachineLearningServices/workspaces/c", + "roles": [ + "Microsoft.MachineLearningServices/workspaces/reader", + "Microsoft.MachineLearningServices/workspaces/writer" + ] + } + } + } + } +} diff --git a/specification/containerservice/resource-manager/Microsoft.ContainerService/preview/2022-04-02-preview/examples/TrustedAccessRoleBindings_List.json b/specification/containerservice/resource-manager/Microsoft.ContainerService/preview/2022-04-02-preview/examples/TrustedAccessRoleBindings_List.json new file mode 100644 index 000000000000..f54f6406661b --- /dev/null +++ b/specification/containerservice/resource-manager/Microsoft.ContainerService/preview/2022-04-02-preview/examples/TrustedAccessRoleBindings_List.json @@ -0,0 +1,28 @@ +{ + "parameters": { + "api-version": "2022-04-02-preview", + "subscriptionId": "subid1", + "resourceGroupName": "rg1", + "resourceName": "clustername1" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "/subscriptions/subid1/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/clustername1/trustedAccessRoleBindings/binding1", + "type": "Microsoft.ContainerService/managedClusters/trustedAccessRoleBindings", + "name": "binding1", + "properties": { + "sourceResourceId": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/b/providers/Microsoft.MachineLearningServices/workspaces/c", + "roles": [ + "Microsoft.MachineLearningServices/workspaces/reader", + "Microsoft.MachineLearningServices/workspaces/writer" + ] + } + } + ] + } + } + } +} diff --git a/specification/containerservice/resource-manager/Microsoft.ContainerService/preview/2022-04-02-preview/examples/TrustedAccessRoles_List.json b/specification/containerservice/resource-manager/Microsoft.ContainerService/preview/2022-04-02-preview/examples/TrustedAccessRoles_List.json new file mode 100644 index 000000000000..380e7dc41653 --- /dev/null +++ b/specification/containerservice/resource-manager/Microsoft.ContainerService/preview/2022-04-02-preview/examples/TrustedAccessRoles_List.json @@ -0,0 +1,34 @@ +{ + "parameters": { + "api-version": "2022-04-02-preview", + "subscriptionId": "subid1", + "location": "westus2" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "sourceResourceType": "Microsoft.MachineLearningServices/workspaces", + "name": "reader", + "rules": [ + { + "verbs": [ + "get" + ], + "apiGroups": [ + "" + ], + "resources": [ + "pods" + ], + "resourceNames": [], + "nonResourceURLs": [] + } + ] + } + ] + } + } + } +} diff --git a/specification/containerservice/resource-manager/Microsoft.ContainerService/preview/2022-04-02-preview/managedClusters.json b/specification/containerservice/resource-manager/Microsoft.ContainerService/preview/2022-04-02-preview/managedClusters.json index 5e481fb25018..eace92e9db7f 100644 --- a/specification/containerservice/resource-manager/Microsoft.ContainerService/preview/2022-04-02-preview/managedClusters.json +++ b/specification/containerservice/resource-manager/Microsoft.ContainerService/preview/2022-04-02-preview/managedClusters.json @@ -2559,6 +2559,227 @@ } } } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.ContainerService/locations/{location}/trustedAccessRoles": { + "get": { + "tags": [ + "TrustedAccess" + ], + "operationId": "TrustedAccessRoles_List", + "summary": "List supported trusted access roles.", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/LocationParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/TrustedAccessRoleListResult" + } + }, + "default": { + "description": "Error details", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "List trusted access roles": { + "$ref": "./examples/TrustedAccessRoles_List.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/trustedAccessRoleBindings": { + "get": { + "tags": [ + "TrustedAccess" + ], + "operationId": "TrustedAccessRoleBindings_List", + "summary": "List trusted access role bindings.", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "#/parameters/ResourceNameParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/TrustedAccessRoleBindingListResult" + } + }, + "default": { + "description": "Error details", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "List trusted access role bindings": { + "$ref": "./examples/TrustedAccessRoleBindings_List.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ContainerService/managedClusters/{resourceName}/trustedAccessRoleBindings/{trustedAccessRoleBindingName}": { + "get": { + "tags": [ + "TrustedAccess" + ], + "operationId": "TrustedAccessRoleBindings_Get", + "summary": "Get a trusted access role binding.", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "#/parameters/ResourceNameParameter" + }, + { + "$ref": "#/parameters/TrustedAccessRoleBindingNameParameter" + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/TrustedAccessRoleBinding" + } + }, + "default": { + "description": "Error details", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Get a trusted access role binding": { + "$ref": "./examples/TrustedAccessRoleBindings_Get.json" + } + } + }, + "put": { + "tags": [ + "TrustedAccess" + ], + "operationId": "TrustedAccessRoleBindings_CreateOrUpdate", + "summary": "Create or update a trusted access role binding", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "#/parameters/ResourceNameParameter" + }, + { + "$ref": "#/parameters/TrustedAccessRoleBindingNameParameter" + }, + { + "name": "trustedAccessRoleBinding", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/TrustedAccessRoleBinding" + }, + "description": "A trusted access role binding" + } + ], + "responses": { + "202": { + "description": "Accepted", + "schema": { + "$ref": "#/definitions/TrustedAccessRoleBinding" + } + }, + "default": { + "description": "Error details", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Create or update a trusted access role binding": { + "$ref": "./examples/TrustedAccessRoleBindings_CreateOrUpdate.json" + } + } + }, + "delete": { + "tags": [ + "TrustedAccess" + ], + "operationId": "TrustedAccessRoleBindings_Delete", + "summary": "Delete a trusted access role binding.", + "parameters": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "$ref": "#/parameters/ResourceNameParameter" + }, + { + "$ref": "#/parameters/TrustedAccessRoleBindingNameParameter" + } + ], + "responses": { + "200": { + "description": "OK" + }, + "204": { + "description": "NoContent" + }, + "default": { + "description": "Error details", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "Delete a trusted access role binding": { + "$ref": "./examples/TrustedAccessRoleBindings_Delete.json" + } + } + } } }, "definitions": { @@ -6177,6 +6398,152 @@ "CapacityReservationGroupID": { "description": "Capacity Reservation Group ID for AgentPool to associate", "type": "string" + }, + "TrustedAccessRoleRule": { + "type": "object", + "description": "Rule for trusted access role", + "properties": { + "verbs": { + "type": "array", + "readOnly": true, + "items": { + "type": "string" + }, + "description": "List of allowed verbs" + }, + "apiGroups": { + "type": "array", + "readOnly": true, + "items": { + "type": "string" + }, + "description": "List of allowed apiGroups" + }, + "resources": { + "type": "array", + "readOnly": true, + "items": { + "type": "string" + }, + "description": "List of allowed resources" + }, + "resourceNames": { + "type": "array", + "readOnly": true, + "items": { + "type": "string" + }, + "description": "List of allowed names" + }, + "nonResourceURLs": { + "type": "array", + "readOnly": true, + "items": { + "type": "string" + }, + "description": "List of allowed nonResourceURLs" + } + } + }, + "TrustedAccessRole": { + "type": "object", + "description": "Trusted access role definition.", + "properties": { + "sourceResourceType": { + "type": "string", + "readOnly": true, + "description": "Resource type of Azure resource" + }, + "name": { + "type": "string", + "readOnly": true, + "description": "Name of role, name is unique under a source resource type" + }, + "rules": { + "type": "array", + "readOnly": true, + "items": { + "$ref": "#/definitions/TrustedAccessRoleRule" + }, + "x-ms-identifiers": [], + "description": "List of rules for the role. This maps to 'rules' property of [Kubernetes Cluster Role](https://kubernetes.io/docs/reference/kubernetes-api/authorization-resources/cluster-role-v1/#ClusterRole)." + } + } + }, + "TrustedAccessRoleListResult": { + "type": "object", + "description": "List of trusted access roles", + "properties": { + "value": { + "type": "array", + "readOnly": true, + "items": { + "$ref": "#/definitions/TrustedAccessRole" + }, + "x-ms-identifiers": [ + "sourceResourceType", + "name" + ], + "description": "Role list" + } + } + }, + "TrustedAccessRoleBindingProperties": { + "type": "object", + "description": "Properties for trusted access role binding", + "required": [ + "sourceResourceId", + "roles" + ], + "properties": { + "provisioningState": { + "type": "string", + "readOnly": true, + "description": "The current provisioning state of trusted access role binding." + }, + "sourceResourceId": { + "type": "string", + "description": "The ARM resource ID of source resource that trusted access is configured for." + }, + "roles": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of roles to bind, each item is a resource type qualified role name. For example: 'Microsoft.MachineLearningServices/workspaces/reader'." + } + } + }, + "TrustedAccessRoleBinding": { + "type": "object", + "description": "Defines binding between a resource and role", + "required": [ + "properties" + ], + "allOf": [ + { + "$ref": "../../../../../common-types/resource-management/v3/types.json#/definitions/Resource" + } + ], + "properties": { + "properties": { + "$ref": "#/definitions/TrustedAccessRoleBindingProperties", + "x-ms-client-flatten": true + } + } + }, + "TrustedAccessRoleBindingListResult": { + "type": "object", + "description": "List of trusted access role bindings", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/TrustedAccessRoleBinding" + }, + "description": "Role binding list" + } + } } }, "parameters": { @@ -6240,6 +6607,16 @@ "type": "boolean", "description": "ignore-pod-disruption-budget=true to delete those pods on a node without considering Pod Disruption Budget", "x-ms-parameter-location": "method" + }, + "TrustedAccessRoleBindingNameParameter": { + "name": "trustedAccessRoleBindingName", + "in": "path", + "required": true, + "type": "string", + "description": "The name of trusted access role binding.", + "minLength": 1, + "maxLength": 36, + "x-ms-parameter-location": "method" } } }