diff --git a/custom-words.txt b/custom-words.txt index 7ef4cce4bc39..130173a67bbc 100644 --- a/custom-words.txt +++ b/custom-words.txt @@ -2736,6 +2736,7 @@ smallrc Autotune Showmount autogrid +remediatable KubeProxyConfig IPVS TCPFIN diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/RoleManagementAlerts.json b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/RoleManagementAlerts.json new file mode 100644 index 000000000000..d69eefbee97d --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/RoleManagementAlerts.json @@ -0,0 +1,1380 @@ +{ + "swagger": "2.0", + "info": { + "title": "AuthorizationManagementClient", + "version": "2022-08-01-preview", + "description": "Role based access control provides you a way to apply granular level policy administration down to individual resources or resource groups. These operations enable you to manage role assignments. A role assignment grants access to Azure Active Directory users." + }, + "host": "management.azure.com", + "schemes": [ + "https" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "flow": "implicit", + "description": "Azure Active Directory OAuth2 Flow", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "paths": { + "/{scope}/providers/Microsoft.Authorization/roleManagementAlerts/alerts/{alertId}": { + "get": { + "tags": [ + "Alerts" + ], + "operationId": "Alerts_Get", + "description": "Get the specified alert.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the alert. The scope can be any REST resource instance. For example, use '/providers/Microsoft.Subscription/subscriptions/{subscription-id}/' for a subscription, '/providers/Microsoft.Subscription/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}' for a resource group, and '/providers/Microsoft.Subscription/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/{resource-provider}/{resource-type}/{resource-name}' for a resource.", + "x-ms-skip-url-encoding": true + }, + { + "name": "alertId", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the alert to get.", + "x-ms-skip-url-encoding": true + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the alert.", + "schema": { + "$ref": "#/definitions/Alert" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "GetAlertById": { + "$ref": "./examples/GetAlertById.json" + } + } + }, + "patch": { + "tags": [ + "Alerts" + ], + "operationId": "Alerts_Update", + "description": "Update an alert.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the alert.", + "x-ms-skip-url-encoding": true + }, + { + "name": "alertId", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the alert to dismiss.", + "x-ms-skip-url-encoding": true + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/Alert" + }, + "description": "Parameters for the alert." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the updated alert.", + "schema": { + "$ref": "#/definitions/Alert" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "DeactivateAlert": { + "$ref": "./examples/UpdateAlert.json" + } + } + } + }, + "/{scope}/providers/Microsoft.Authorization/roleManagementAlerts/alerts": { + "get": { + "tags": [ + "Alerts" + ], + "operationId": "Alerts_ListForScope", + "description": "Gets alerts for a resource scope.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the alert.", + "x-ms-skip-url-encoding": true + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of alerts.", + "schema": { + "$ref": "#/definitions/AlertListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "GetAlerts": { + "$ref": "./examples/GetAlerts.json" + } + } + } + }, + "/{scope}/providers/Microsoft.Authorization/roleManagementAlerts/alerts/{alertId}/refresh": { + "post": { + "tags": [ + "Alerts" + ], + "operationId": "Alerts_Refresh", + "description": "Refresh an alert.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the alert.", + "x-ms-skip-url-encoding": true + }, + { + "name": "alertId", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the alert to refresh.", + "x-ms-skip-url-encoding": true + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "202": { + "description": "Accepted. The response indicates the alert is refreshing.", + "headers": { + "Location": { + "type": "string" + } + }, + "schema": { + "$ref": "#/definitions/AlertOperationResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-long-running-operation": true, + "x-ms-long-running-operation-options": { + "final-state-via": "location" + }, + "x-ms-examples": { + "RefreshAlert": { + "$ref": "./examples/RefreshAlert.json" + } + } + } + }, + "/{scope}/providers/Microsoft.Authorization/roleManagementAlerts/alerts/refresh": { + "post": { + "tags": [ + "Alerts" + ], + "operationId": "Alerts_RefreshAll", + "description": "Refresh all alerts for a resource scope.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the alert.", + "x-ms-skip-url-encoding": true + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "202": { + "description": "Accepted. The response indicates the alerts are refreshing.", + "headers": { + "Location": { + "type": "string" + } + }, + "schema": { + "$ref": "#/definitions/AlertOperationResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-long-running-operation": true, + "x-ms-long-running-operation-options": { + "final-state-via": "location" + }, + "x-ms-examples": { + "RefreshAllAlerts": { + "$ref": "./examples/RefreshAllAlerts.json" + } + } + } + }, + "/{scope}/providers/Microsoft.Authorization/roleManagementAlerts/alertConfigurations/{alertId}": { + "get": { + "tags": [ + "AlertConfigurations" + ], + "operationId": "AlertConfigurations_Get", + "description": "Get the specified alert configuration.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the alert configuration. The scope can be any REST resource instance. For example, use '/providers/Microsoft.Subscription/subscriptions/{subscription-id}/' for a subscription, '/providers/Microsoft.Subscription/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}' for a resource group, and '/providers/Microsoft.Subscription/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/{resource-provider}/{resource-type}/{resource-name}' for a resource.", + "x-ms-skip-url-encoding": true + }, + { + "name": "alertId", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the alert configuration to get.", + "x-ms-skip-url-encoding": true + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the alert configuration.", + "schema": { + "$ref": "#/definitions/AlertConfiguration" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "GetAlertConfigurationById": { + "$ref": "./examples/GetAlertConfigurationById.json" + } + } + }, + "patch": { + "tags": [ + "AlertConfigurations" + ], + "operationId": "AlertConfigurations_Update", + "description": "Update an alert configuration.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the alert configuration.", + "x-ms-skip-url-encoding": true + }, + { + "name": "alertId", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the alert configuration to update.", + "x-ms-skip-url-encoding": true + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/AlertConfiguration" + }, + "description": "Parameters for the alert configuration." + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the updated alert configuration.", + "schema": { + "$ref": "#/definitions/AlertConfiguration" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "UpdateAlertConfiguration": { + "$ref": "./examples/UpdateAlertConfiguration.json" + } + } + } + }, + "/{scope}/providers/Microsoft.Authorization/roleManagementAlerts/alertConfigurations": { + "get": { + "tags": [ + "AlertConfigurations" + ], + "operationId": "AlertConfigurations_ListForScope", + "description": "Gets alert configurations for a resource scope.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the alert configuration.", + "x-ms-skip-url-encoding": true + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of alert configurations.", + "schema": { + "$ref": "#/definitions/AlertConfigurationListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "GetAlertConfigurations": { + "$ref": "./examples/GetAlertConfigurations.json" + } + } + } + }, + "/{scope}/providers/Microsoft.Authorization/roleManagementAlerts/alertDefinitions/{alertDefinitionId}": { + "get": { + "tags": [ + "AlertDefinitions" + ], + "operationId": "AlertDefinitions_Get", + "description": "Get the specified alert definition.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the alert definition. The scope can be any REST resource instance. For example, use '/providers/Microsoft.Subscription/subscriptions/{subscription-id}/' for a subscription, '/providers/Microsoft.Subscription/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}' for a resource group, and '/providers/Microsoft.Subscription/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/{resource-provider}/{resource-type}/{resource-name}' for a resource.", + "x-ms-skip-url-encoding": true + }, + { + "name": "alertDefinitionId", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the alert definition to get.", + "x-ms-skip-url-encoding": true + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the alert definition.", + "schema": { + "$ref": "#/definitions/AlertDefinition" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "GetAlertDefinitionById": { + "$ref": "./examples/GetAlertDefinitionById.json" + } + } + } + }, + "/{scope}/providers/Microsoft.Authorization/roleManagementAlerts/alertDefinitions": { + "get": { + "tags": [ + "AlertDefinitions" + ], + "operationId": "AlertDefinitions_ListForScope", + "description": "Gets alert definitions for a resource scope.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the alert definition.", + "x-ms-skip-url-encoding": true + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of alert definitions.", + "schema": { + "$ref": "#/definitions/AlertDefinitionListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "GetAlertDefinitions": { + "$ref": "./examples/GetAlertDefinitions.json" + } + } + } + }, + "/{scope}/providers/Microsoft.Authorization/roleManagementAlerts/alerts/{alertId}/alertIncidents/{alertIncidentId}": { + "get": { + "tags": [ + "AlertIncidents" + ], + "operationId": "AlertIncidents_Get", + "description": "Get the specified alert incident.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the alert incident. The scope can be any REST resource instance. For example, use '/providers/Microsoft.Subscription/subscriptions/{subscription-id}/' for a subscription, '/providers/Microsoft.Subscription/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}' for a resource group, and '/providers/Microsoft.Subscription/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/{resource-provider}/{resource-type}/{resource-name}' for a resource.", + "x-ms-skip-url-encoding": true + }, + { + "name": "alertId", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the alert.", + "x-ms-skip-url-encoding": true + }, + { + "name": "alertIncidentId", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the alert incident to get.", + "x-ms-skip-url-encoding": true + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the alert incident.", + "schema": { + "$ref": "#/definitions/AlertIncident" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "GetAlertIncidentById": { + "$ref": "./examples/GetAlertIncidentById.json" + } + } + } + }, + "/{scope}/providers/Microsoft.Authorization/roleManagementAlerts/alerts/{alertId}/alertIncidents": { + "get": { + "tags": [ + "AlertIncidents" + ], + "operationId": "AlertIncidents_ListForScope", + "description": "Gets alert incidents for a resource scope.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the alert incident.", + "x-ms-skip-url-encoding": true + }, + { + "name": "alertId", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the alert.", + "x-ms-skip-url-encoding": true + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of alert incidents.", + "schema": { + "$ref": "#/definitions/AlertIncidentListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + }, + "x-ms-examples": { + "GetAlertIncidents": { + "$ref": "./examples/GetAlertIncidents.json" + } + } + } + }, + "/{scope}/providers/Microsoft.Authorization/roleManagementAlerts/alerts/{alertId}/alertIncidents/{alertIncidentId}/remediate": { + "post": { + "tags": [ + "AlertIncidents" + ], + "operationId": "AlertIncidents_Remediate", + "description": "Remediate an alert incident.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the alert incident.", + "x-ms-skip-url-encoding": true + }, + { + "name": "alertId", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the alert.", + "x-ms-skip-url-encoding": true + }, + { + "name": "alertIncidentId", + "in": "path", + "required": true, + "type": "string", + "description": "The name of the alert incident to remediate.", + "x-ms-skip-url-encoding": true + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "204": { + "description": "OK - Returns success." + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "RemediateAlertIncident": { + "$ref": "./examples/RemediateAlertIncident.json" + } + } + } + }, + "/{scope}/providers/Microsoft.Authorization/roleManagementAlerts/operations/{operationId}": { + "get": { + "tags": [ + "AlertOperations" + ], + "operationId": "AlertOperation_Get", + "description": "Get the specified alert operation.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the alert operation.", + "x-ms-skip-url-encoding": true + }, + { + "name": "operationId", + "in": "path", + "required": true, + "type": "string", + "description": "The id of the alert operation.", + "x-ms-skip-url-encoding": true + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns information about the status of the operation.", + "schema": { + "$ref": "#/definitions/AlertOperationResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "GetAlertOperation": { + "$ref": "./examples/GetAlertOperationById.json" + } + } + } + }, + "/{scope}/providers/Microsoft.Authorization/roleManagementAlerts/operations": { + "get": { + "tags": [ + "AlertOperations" + ], + "operationId": "AlertOperation_ListForScope", + "description": "Gets alert operations for a resource scope.", + "parameters": [ + { + "name": "scope", + "in": "path", + "required": true, + "type": "string", + "description": "The scope of the alert operation.", + "x-ms-skip-url-encoding": true + }, + { + "$ref": "../../../../../common-types/resource-management/v2/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "OK - Returns an array of the operations.", + "schema": { + "$ref": "#/definitions/AlertOperationListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/CloudError" + } + } + }, + "x-ms-examples": { + "GetAlertOperations": { + "$ref": "./examples/GetAlertOperations.json" + } + } + } + } + }, + "definitions": { + "Alert": { + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "The alert ID." + }, + "name": { + "type": "string", + "readOnly": true, + "description": "The alert name." + }, + "type": { + "type": "string", + "readOnly": true, + "description": "The alert type." + }, + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/AlertProperties", + "description": "Alert properties." + } + }, + "type": "object", + "description": "The alert." + }, + "AlertProperties": { + "properties": { + "scope": { + "type": "string", + "readOnly": true, + "description": "The alert scope." + }, + "isActive": { + "type": "boolean", + "description": "False by default; true if the alert is active." + }, + "incidentCount": { + "type": "integer", + "format": "int32", + "readOnly": true, + "description": "The number of generated incidents of the alert." + }, + "lastModifiedDateTime": { + "type": "string", + "format": "date-time", + "readOnly": true, + "description": "The date time when the alert configuration was updated or new incidents were generated." + }, + "lastScannedDateTime": { + "type": "string", + "format": "date-time", + "readOnly": true, + "description": "The date time when the alert was last scanned." + }, + "alertDefinition": { + "$ref": "#/definitions/AlertDefinition", + "readOnly": true, + "description": "The alert definition." + }, + "alertIncidents": { + "type": "array", + "items": { + "$ref": "#/definitions/AlertIncident" + }, + "readOnly": true, + "description": "The alert incidents." + }, + "alertConfiguration": { + "$ref": "#/definitions/AlertConfiguration", + "readOnly": true, + "description": "The alert configuration." + } + }, + "type": "object", + "description": "Alert properties." + }, + "AlertListResult": { + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/Alert" + }, + "description": "Alert list" + }, + "nextLink": { + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "type": "object", + "description": "Alert list operation result." + }, + "AlertConfiguration": { + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "The alert configuration ID." + }, + "name": { + "type": "string", + "readOnly": true, + "description": "The alert configuration name." + }, + "type": { + "type": "string", + "readOnly": true, + "description": "The alert configuration type." + }, + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/AlertConfigurationProperties", + "description": "Alert configuration properties." + } + }, + "type": "object", + "description": "Alert configuration." + }, + "AlertConfigurationProperties": { + "properties": { + "alertDefinitionId": { + "type": "string", + "readOnly": true, + "description": "The alert definition ID." + }, + "scope": { + "type": "string", + "readOnly": true, + "description": "The alert scope." + }, + "isEnabled": { + "type": "boolean", + "readOnly": false, + "description": "True if the alert is enabled, false will disable the scanning for the specific alert." + }, + "alertConfigurationType": { + "type": "string", + "readOnly": false, + "description": "The alert configuration type." + } + }, + "required": [ + "alertConfigurationType" + ], + "type": "object", + "description": "Alert configuration properties.", + "discriminator": "alertConfigurationType" + }, + "AzureRolesAssignedOutsidePimAlertConfigurationProperties": { + "allOf": [ + { + "$ref": "#/definitions/AlertConfigurationProperties" + } + ], + "x-ms-discriminator-value": "AzureRolesAssignedOutsidePimAlertConfiguration", + "type": "object", + "description": "The Azure roles assigned outside PIM alert configuration properties." + }, + "DuplicateRoleCreatedAlertConfigurationProperties": { + "allOf": [ + { + "$ref": "#/definitions/AlertConfigurationProperties" + } + ], + "x-ms-discriminator-value": "DuplicateRoleCreatedAlertConfiguration", + "type": "object", + "description": "The duplicate role created alert configuration." + }, + "TooManyOwnersAssignedToResourceAlertConfigurationProperties": { + "allOf": [ + { + "$ref": "#/definitions/AlertConfigurationProperties" + } + ], + "properties": { + "thresholdNumberOfOwners": { + "type": "integer", + "format": "int32", + "readOnly": false, + "description": "The threshold number of owners." + }, + "thresholdPercentageOfOwnersOutOfAllRoleMembers": { + "type": "integer", + "format": "int32", + "readOnly": false, + "description": "The threshold percentage of owners out of all role members." + } + }, + "x-ms-discriminator-value": "TooManyOwnersAssignedToResourceAlertConfiguration", + "type": "object", + "description": "Too many owners assigned to resource alert configuration properties." + }, + "TooManyPermanentOwnersAssignedToResourceAlertConfigurationProperties": { + "allOf": [ + { + "$ref": "#/definitions/AlertConfigurationProperties" + } + ], + "properties": { + "thresholdNumberOfPermanentOwners": { + "type": "integer", + "format": "int32", + "readOnly": false, + "description": "The threshold number of permanent owners." + }, + "thresholdPercentageOfPermanentOwnersOutOfAllOwners": { + "type": "integer", + "format": "int32", + "readOnly": false, + "description": "The threshold percentage of permanent owners out of all owners." + } + }, + "x-ms-discriminator-value": "TooManyPermanentOwnersAssignedToResourceAlertConfiguration", + "type": "object", + "description": "Too many permanent owners assigned to resource alert configuration properties." + }, + "AlertDefinition": { + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "The alert definition ID." + }, + "name": { + "type": "string", + "readOnly": true, + "description": "The alert definition name." + }, + "type": { + "type": "string", + "readOnly": true, + "description": "The alert definition type." + }, + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/AlertDefinitionProperties", + "description": "Alert definition properties." + } + }, + "type": "object", + "description": "Alert definition" + }, + "AlertDefinitionProperties": { + "properties": { + "displayName": { + "type": "string", + "readOnly": true, + "description": "The alert display name." + }, + "scope": { + "type": "string", + "readOnly": true, + "description": "The alert scope." + }, + "description": { + "type": "string", + "readOnly": true, + "description": "The alert description." + }, + "severityLevel": { + "type": "string", + "readOnly": true, + "description": "Severity level of the alert.", + "enum": [ + "Low", + "Medium", + "High" + ], + "x-ms-enum": { + "name": "SeverityLevel", + "modelAsString": true + } + }, + "securityImpact": { + "type": "string", + "readOnly": true, + "description": "Security impact of the alert." + }, + "mitigationSteps": { + "type": "string", + "readOnly": true, + "description": "The methods to mitigate the alert." + }, + "howToPrevent": { + "type": "string", + "readOnly": true, + "description": "The ways to prevent the alert." + }, + "isRemediatable": { + "type": "boolean", + "readOnly": true, + "description": "True if the alert can be remediated; false, otherwise." + }, + "isConfigurable": { + "type": "boolean", + "readOnly": true, + "description": "True if the alert configuration can be configured; false, otherwise." + } + }, + "type": "object", + "description": "Alert definition properties." + }, + "AlertDefinitionListResult": { + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/AlertDefinition" + }, + "description": "Alert definition list" + }, + "nextLink": { + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "type": "object", + "description": "Alert definition list operation result." + }, + "AlertConfigurationListResult": { + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/AlertConfiguration" + }, + "description": "Alert configuration list" + }, + "nextLink": { + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "type": "object", + "description": "Alert configuration list operation result." + }, + "AlertIncident": { + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "The alert incident ID." + }, + "name": { + "type": "string", + "readOnly": true, + "description": "The alert incident name." + }, + "type": { + "type": "string", + "readOnly": true, + "description": "The alert incident type." + }, + "properties": { + "x-ms-client-flatten": true, + "$ref": "#/definitions/AlertIncidentProperties", + "description": "Alert incident properties." + } + }, + "type": "object", + "description": "Alert incident" + }, + "AlertIncidentProperties": { + "properties": { + "alertIncidentType": { + "type": "string", + "readOnly": false, + "description": "The alert incident type." + } + }, + "required": [ + "alertIncidentType" + ], + "type": "object", + "description": "Alert incident properties", + "discriminator": "alertIncidentType" + }, + "AzureRolesAssignedOutsidePimAlertIncidentProperties": { + "allOf": [ + { + "$ref": "#/definitions/AlertIncidentProperties" + } + ], + "properties": { + "assigneeDisplayName": { + "type": "string", + "readOnly": true, + "description": "The assignee display name." + }, + "assigneeUserPrincipalName": { + "type": "string", + "readOnly": true, + "description": "The assignee user principal name." + }, + "assigneeId": { + "type": "string", + "readOnly": true, + "description": "The assignee ID." + }, + "roleDisplayName": { + "type": "string", + "readOnly": true, + "description": "The role display name." + }, + "roleTemplateId": { + "type": "string", + "readOnly": true, + "description": "The role template ID." + }, + "roleDefinitionId": { + "type": "string", + "readOnly": true, + "description": "The role definition ID." + }, + "assignmentActivatedDate": { + "type": "string", + "format": "date-time", + "readOnly": true, + "description": "The date the assignment was activated." + }, + "requestorId": { + "type": "string", + "readOnly": true, + "description": "The requestor ID." + }, + "requestorDisplayName": { + "type": "string", + "readOnly": true, + "description": "The requestor display name." + }, + "requestorUserPrincipalName": { + "type": "string", + "readOnly": true, + "description": "The requestor user principal name." + } + }, + "x-ms-discriminator-value": "AzureRolesAssignedOutsidePimAlertIncident", + "type": "object", + "description": "Azure roles assigned outside PIM alert incident properties." + }, + "DuplicateRoleCreatedAlertIncidentProperties": { + "allOf": [ + { + "$ref": "#/definitions/AlertIncidentProperties" + } + ], + "properties": { + "roleName": { + "type": "string", + "readOnly": true, + "description": "The role name." + }, + "duplicateRoles": { + "type": "string", + "readOnly": true, + "description": "The duplicate roles." + }, + "reason": { + "type": "string", + "readOnly": true, + "description": "The reason for the incident." + } + }, + "x-ms-discriminator-value": "DuplicateRoleCreatedAlertIncident", + "type": "object", + "description": "Duplicate role created alert incident properties." + }, + "TooManyOwnersAssignedToResourceAlertIncidentProperties": { + "allOf": [ + { + "$ref": "#/definitions/AlertIncidentProperties" + } + ], + "properties": { + "assigneeName": { + "type": "string", + "readOnly": true, + "description": "The assignee name." + }, + "assigneeType": { + "type": "string", + "readOnly": true, + "description": "The assignee type." + } + }, + "x-ms-discriminator-value": "TooManyOwnersAssignedToResourceAlertIncident", + "type": "object", + "description": "Too many owners assigned to resource alert incident properties." + }, + "TooManyPermanentOwnersAssignedToResourceAlertIncidentProperties": { + "allOf": [ + { + "$ref": "#/definitions/AlertIncidentProperties" + } + ], + "properties": { + "assigneeName": { + "type": "string", + "readOnly": true, + "description": "The assignee name." + }, + "assigneeType": { + "type": "string", + "readOnly": true, + "description": "The assignee type." + } + }, + "x-ms-discriminator-value": "TooManyPermanentOwnersAssignedToResourceAlertIncident", + "type": "object", + "description": "Too many permanent owners assigned to resource alert incident properties." + }, + "AlertIncidentListResult": { + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/AlertIncident" + }, + "description": "Alert incident list" + }, + "nextLink": { + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "type": "object", + "description": "Alert incident list operation result." + }, + "AlertOperationResult": { + "properties": { + "id": { + "type": "string", + "readOnly": true, + "description": "The id of the alert operation." + }, + "status": { + "type": "string", + "readOnly": true, + "description": "The status of the alert operation." + } + }, + "type": "object", + "description": "Alert operation result" + }, + "CloudError": { + "x-ms-external": true, + "properties": { + "error": { + "$ref": "#/definitions/CloudErrorBody" + } + }, + "type": "object", + "description": "An error response from the service." + }, + "AlertOperationListResult": { + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/definitions/AlertOperationResult" + }, + "description": "Alert operation list" + }, + "nextLink": { + "type": "string", + "description": "The URL to use for getting the next set of results." + } + }, + "type": "object", + "description": "Alert operation list operation result." + }, + "CloudErrorBody": { + "x-ms-external": true, + "properties": { + "code": { + "type": "string", + "description": "An identifier for the error. Codes are invariant and are intended to be consumed programmatically." + }, + "message": { + "type": "string", + "description": "A message describing the error, intended to be suitable for display in a user interface." + } + }, + "type": "object", + "description": "An error response from the service." + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/GetAlertById.json b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/GetAlertById.json new file mode 100644 index 000000000000..c039b8799fd9 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/GetAlertById.json @@ -0,0 +1,64 @@ +{ + "parameters": { + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "alertId": "TooManyOwnersAssignedToResource", + "api-version": "2022-08-01-preview" + }, + "responses": { + "200": { + "body": { + "properties": { + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "incidentCount": 1, + "lastModifiedDateTime": "2022-04-05T03:04:06.467+00:00", + "lastScannedDateTime": "2022-04-06T18:25:00.38+00:00", + "isActive": true, + "alertDefinition": { + "properties": { + "displayName": "Too many owners assigned to a resource", + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "description": "The number of users with the Owner role is too high. We recommend assigning these individuals to less privileged roles or roles more suitable to their daily needs. Take a moment to review the current assignments, and suggested changes here.", + "severityLevel": "Medium", + "securityImpact": "As the number of users with the owner role increases, so does the potential for malicious or mistaken actions affecting your resource.", + "mitigationSteps": "To mitigate this issue, reduce the number of users in the Owner role. Review the list of users in the list, and reassign them to a less privileged role such as Contributor.", + "howToPrevent": "Choose a role that provides the fewest privileges necessary for a user or group to complete their tasks.", + "isRemediatable": true, + "isConfigurable": true + }, + "name": "TooManyOwnersAssignedToResource", + "id": "/subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleManagementAlerts/alertDefinitions/TooManyOwnersAssignedToResource", + "type": "Microsoft.Authorization/roleManagementAlerts/alertDefinitions" + }, + "alertIncidents": [ + { + "properties": { + "alertIncidentType": "TooManyOwnersAssignedToResourceAlertIncident", + "assigneeName": "testUser", + "assigneeType": "User" + }, + "name": "a9f38501-74ec-43ea-8663-6c538602150d", + "type": "Microsoft.Authorization/roleManagementAlerts/alertIncidents", + "id": "/subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleManagementAlerts/alerts/TooManyOwnersAssignedToResource/alertIncidents/a9f38501-74ec-43ea-8663-6c538602150d" + } + ], + "alertConfiguration": { + "properties": { + "alertConfigurationType": "TooManyOwnersAssignedToResourceAlertConfiguration", + "alertDefinitionId": "TooManyOwnersAssignedToResource", + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "isEnabled": true, + "thresholdNumberOfOwners": 2, + "thresholdPercentageOfOwnersOutOfAllRoleMembers": 3 + }, + "name": "TooManyOwnersAssignedToResource", + "id": "/subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleManagementAlerts/alertConfigurations/TooManyOwnersAssignedToResource", + "type": "Microsoft.Authorization/roleManagementAlerts/alertConfigurations" + } + }, + "name": "TooManyOwnersAssignedToResource", + "id": "/subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleManagementAlerts/alerts/TooManyOwnersAssignedToResource", + "type": "Microsoft.Authorization/roleManagementAlerts/alerts" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/GetAlertConfigurationById.json b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/GetAlertConfigurationById.json new file mode 100644 index 000000000000..7059ce6b9cdb --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/GetAlertConfigurationById.json @@ -0,0 +1,24 @@ +{ + "parameters": { + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "alertId": "TooManyOwnersAssignedToResource", + "api-version": "2022-08-01-preview" + }, + "responses": { + "200": { + "body": { + "properties": { + "alertConfigurationType": "TooManyOwnersAssignedToResourceAlertConfiguration", + "alertDefinitionId": "TooManyOwnersAssignedToResource", + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "isEnabled": true, + "thresholdNumberOfOwners": 3, + "thresholdPercentageOfOwnersOutOfAllRoleMembers": 40 + }, + "name": "TooManyOwnersAssignedToResource", + "id": "/subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleManagementAlerts/alertConfigurations/TooManyOwnersAssignedToResource", + "type": "Microsoft.Authorization/roleManagementAlerts/alertConfigurations" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/GetAlertConfigurations.json b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/GetAlertConfigurations.json new file mode 100644 index 000000000000..aca0d8403ae7 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/GetAlertConfigurations.json @@ -0,0 +1,62 @@ +{ + "parameters": { + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "api-version": "2022-08-01-preview" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "properties": { + "alertConfigurationType": "DuplicateRoleCreatedAlertConfiguration", + "alertDefinitionId": "DuplicateRoleCreated", + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "isEnabled": true + }, + "name": "DuplicateRoleCreated", + "id": "/subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleManagementAlerts/alertConfigurations/DuplicateRoleCreated", + "type": "Microsoft.Authorization/roleManagementAlerts/alertConfigurations" + }, + { + "properties": { + "alertConfigurationType": "TooManyOwnersAssignedToResourceAlertConfiguration", + "alertDefinitionId": "TooManyOwnersAssignedToResource", + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "isEnabled": true, + "thresholdNumberOfOwners": 2, + "thresholdPercentageOfOwnersOutOfAllRoleMembers": 3 + }, + "name": "TooManyOwnersAssignedToResource", + "id": "/subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleManagementAlerts/alertConfigurations/TooManyOwnersAssignedToResource", + "type": "Microsoft.Authorization/roleManagementAlerts/alertConfigurations" + }, + { + "properties": { + "alertConfigurationType": "TooManyPermanentOwnersAssignedToResourceAlertConfiguration", + "alertDefinitionId": "TooManyPermanentOwnersAssignedToResource", + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "isEnabled": true, + "thresholdNumberOfPermanentOwners": 10, + "thresholdPercentageOfPermanentOwnersOutOfAllOwners": 10 + }, + "name": "TooManyPermanentOwnersAssignedToResource", + "id": "/subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleManagementAlerts/alertConfigurations/TooManyPermanentOwnersAssignedToResource", + "type": "Microsoft.Authorization/roleManagementAlerts/alertConfigurations" + }, + { + "properties": { + "alertConfigurationType": "AzureRolesAssignedOutsidePimAlertConfiguration", + "alertDefinitionId": "AzureRolesAssignedOutsidePimAlert", + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "isEnabled": true + }, + "name": "AzureRolesAssignedOutsidePimAlert", + "id": "/subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleManagementAlerts/alertConfigurations/AzureRolesAssignedOutsidePimAlert", + "type": "Microsoft.Authorization/roleManagementAlerts/alertConfigurations" + } + ] + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/GetAlertDefinitionById.json b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/GetAlertDefinitionById.json new file mode 100644 index 000000000000..ab9a7dc9beb4 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/GetAlertDefinitionById.json @@ -0,0 +1,27 @@ +{ + "parameters": { + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "alertDefinitionId": "TooManyPermanentOwnersAssignedToResource", + "api-version": "2022-08-01-preview" + }, + "responses": { + "200": { + "body": { + "properties": { + "displayName": "Too many permanent owners assigned to a resource", + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "description": "The number of users set to never expire is too high. To enhance the security of your resources, we recommend requiring activation for role use. Take a moment to review the list of users, and suggested changes here.", + "severityLevel": "Medium", + "securityImpact": "Providing users permanent access in a role may leave resources vulnerable to accidental or malicious activity.", + "mitigationSteps": "To mitigate this issue, require the user to activate the role before use.", + "howToPrevent": "Enable “Activation Required” in the role settings menu. This will ensure newly added users must activate their role.", + "isRemediatable": true, + "isConfigurable": true + }, + "name": "TooManyPermanentOwnersAssignedToResource", + "id": "/subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleManagementAlerts/alertDefinitions/TooManyPermanentOwnersAssignedToResource", + "type": "Microsoft.Authorization/roleManagementAlerts/alertDefinitions" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/GetAlertDefinitions.json b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/GetAlertDefinitions.json new file mode 100644 index 000000000000..de858b4cea61 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/GetAlertDefinitions.json @@ -0,0 +1,78 @@ +{ + "parameters": { + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "api-version": "2022-08-01-preview" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "properties": { + "displayName": "Too many permanent owners assigned to a resource", + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "description": "The number of users set to never expire is too high. To enhance the security of your resources, we recommend requiring activation for role use. Take a moment to review the list of users, and suggested changes here.", + "severityLevel": "Medium", + "securityImpact": "Providing users permanent access in a role may leave resources vulnerable to accidental or malicious activity.", + "mitigationSteps": "To mitigate this issue, require the user to activate the role before use.", + "howToPrevent": "Enable “Activation Required” in the role settings menu. This will ensure newly added users must activate their role.", + "isRemediatable": true, + "isConfigurable": true + }, + "name": "TooManyPermanentOwnersAssignedToResource", + "id": "/subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleManagementAlerts/alertDefinitions/TooManyPermanentOwnersAssignedToResource", + "type": "Microsoft.Authorization/roleManagementAlerts/alertDefinitions" + }, + { + "properties": { + "displayName": "Too many owners assigned to a resource", + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "description": "The number of users with the Owner role is too high. We recommend assigning these individuals to less privileged roles or roles more suitable to their daily needs. Take a moment to review the current assignments, and suggested changes here.", + "severityLevel": "Medium", + "securityImpact": "As the number of users with the owner role increases, so does the potential for malicious or mistaken actions affecting your resource.", + "mitigationSteps": "To mitigate this issue, reduce the number of users in the Owner role. Review the list of users in the list, and reassign them to a less privileged role such as Contributor.", + "howToPrevent": "Choose a role that provides the fewest privileges necessary for a user or group to complete their tasks.", + "isRemediatable": true, + "isConfigurable": true + }, + "name": "TooManyOwnersAssignedToResource", + "id": "/subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleManagementAlerts/alertDefinitions/TooManyOwnersAssignedToResource", + "type": "Microsoft.Authorization/roleManagementAlerts/alertDefinitions" + }, + { + "properties": { + "displayName": "Duplicate role created", + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "description": "One or more custom roles have the same display name and/or permissions as a built-in or preexisting custom role. Please review the newly created role membership assignments and determine the appropriate action.", + "severityLevel": "Medium", + "securityImpact": "Duplicate roles add confusion and increases the complexity of administration.", + "mitigationSteps": "To mitigate this issue, review the newly created role, and determine if a built-in role is suitable.", + "howToPrevent": "Prior to creating a custom role, determine if a built-in or preexisting custom role aligns to your security requirements.", + "isRemediatable": true, + "isConfigurable": false + }, + "name": "DuplicateRoleCreated", + "id": "/subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleManagementAlerts/alertDefinitions/DuplicateRoleCreated", + "type": "Microsoft.Authorization/roleManagementAlerts/alertDefinitions" + }, + { + "properties": { + "displayName": "Roles are being assigned outside of Privileged Identity Management", + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "description": "2 privileged assignment(s) were made outisde of Azure AD PIM", + "severityLevel": "High", + "securityImpact": "Privileged role assignments made outside of Privileged Identity Management are not properly monitored and may indicate an active attack.", + "mitigationSteps": "Review the users in the list and remove them from privileged roles assigned outside of Privileged Identity Management.", + "howToPrevent": "Investigate where users are being assigned privileged roles outside of Privileged Identity Management and prohibit future assignments from there.", + "isRemediatable": true, + "isConfigurable": false + }, + "name": "AzureRolesAssignedOutsidePimAlert", + "id": "/subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleManagementAlerts/alertDefinitions/AzureRolesAssignedOutsidePimAlert", + "type": "Microsoft.Authorization/roleManagementAlerts/alertDefinitions" + } + ] + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/GetAlertIncidentById.json b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/GetAlertIncidentById.json new file mode 100644 index 000000000000..2fa50d25cf39 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/GetAlertIncidentById.json @@ -0,0 +1,22 @@ +{ + "parameters": { + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "alertId": "TooManyOwnersAssignedToResource", + "alertIncidentId": "5cf9ee65-d22e-4784-8b17-3de1c3b7bdcc", + "api-version": "2022-08-01-preview" + }, + "responses": { + "200": { + "body": { + "properties": { + "alertIncidentType": "TooManyOwnersAssignedToResourceAlertIncident", + "assigneeName": "test-user", + "assigneeType": "User" + }, + "name": "5cf9ee65-d22e-4784-8b17-3de1c3b7bdcc", + "id": "/subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleManagementAlerts/alerts/TooManyOwnersAssignedToResource/alertIncidents/5cf9ee65-d22e-4784-8b17-3de1c3b7bdcc", + "type": "Microsoft.Authorization/roleManagementAlerts/alertIncidents" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/GetAlertIncidents.json b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/GetAlertIncidents.json new file mode 100644 index 000000000000..8ed06d75a624 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/GetAlertIncidents.json @@ -0,0 +1,25 @@ +{ + "parameters": { + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "alertId": "TooManyOwnersAssignedToResource", + "api-version": "2022-08-01-preview" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "properties": { + "alertIncidentType": "TooManyOwnersAssignedToResourceAlertIncident", + "assigneeName": "test-user", + "assigneeType": "User" + }, + "name": "5cf9ee65-d22e-4784-8b17-3de1c3b7bdcc", + "id": "/subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleManagementAlerts/alerts/TooManyOwnersAssignedToResource/alertIncidents/5cf9ee65-d22e-4784-8b17-3de1c3b7bdcc", + "type": "Microsoft.Authorization/roleManagementAlerts/alertIncidents" + } + ] + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/GetAlertOperationById.json b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/GetAlertOperationById.json new file mode 100644 index 000000000000..05ff8cc1e935 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/GetAlertOperationById.json @@ -0,0 +1,15 @@ +{ + "parameters": { + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "operationId": "{operationId}", + "api-version": "2022-08-01-preview" + }, + "responses": { + "200": { + "body": { + "id": "{operationId}", + "status": "Running" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/GetAlertOperations.json b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/GetAlertOperations.json new file mode 100644 index 000000000000..2ab7f27e7e97 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/GetAlertOperations.json @@ -0,0 +1,30 @@ +{ + "parameters": { + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "api-version": "2022-08-01-preview" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "id": "{operationId}", + "status": "Running" + }, + { + "id": "{operationId}", + "status": "NotStarted" + }, + { + "id": "{operationId}", + "status": "NotStarted" + }, + { + "id": "{operationId}", + "status": "Succeeded" + } + ] + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/GetAlerts.json b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/GetAlerts.json new file mode 100644 index 000000000000..7d6ae2add74d --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/GetAlerts.json @@ -0,0 +1,120 @@ +{ + "parameters": { + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "api-version": "2022-08-01-preview" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "properties": { + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "incidentCount": 1, + "lastModifiedDateTime": "2022-04-05T03:04:06.467+00:00", + "lastScannedDateTime": "2022-04-06T18:25:00.38+00:00", + "isActive": true, + "alertDefinition": { + "properties": { + "displayName": "Too many permanent owners assigned to a resource", + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "description": "The number of users set to never expire is too high. To enhance the security of your resources, we recommend requiring activation for role use. Take a moment to review the list of users, and suggested changes here.", + "severityLevel": "Medium", + "securityImpact": "Providing users permanent access in a role may leave resources vulnerable to accidental or malicious activity.", + "mitigationSteps": "To mitigate this issue, require the user to activate the role before use.", + "howToPrevent": "Enable “Activation Required” in the role settings menu. This will ensure newly added users must activate their role.", + "isRemediatable": true, + "isConfigurable": true + }, + "name": "TooManyPermanentOwnersAssignedToResource", + "id": "/subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleManagementAlerts/alertDefinitions/TooManyPermanentOwnersAssignedToResource", + "type": "Microsoft.Authorization/roleManagementAlerts/alertDefinitions" + }, + "alertIncidents": [ + { + "properties": { + "alertIncidentType": "TooManyPermanentOwnersAssignedToResourceAlertIncident", + "assigneeName": "testUser", + "assigneeType": "User" + }, + "name": "a9f38501-74ec-43ea-8663-6c538602150d", + "type": "Microsoft.Authorization/roleManagementAlerts/alertIncidents", + "id": "/subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleManagementAlerts/alerts/TooManyPermanentOwnersAssignedToResource/alertIncidents/a9f38501-74ec-43ea-8663-6c538602150d" + } + ], + "alertConfiguration": { + "properties": { + "alertConfigurationType": "TooManyPermanentOwnersAssignedToResourceAlertConfiguration", + "alertDefinitionId": "TooManyPermanentOwnersAssignedToResource", + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "isEnabled": true, + "thresholdNumberOfPermanentOwners": 10, + "thresholdPercentageOfPermanentOwnersOutOfAllOwners": 10 + }, + "name": "TooManyPermanentOwnersAssignedToResource", + "id": "/subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleManagementAlerts/alertConfigurations/TooManyPermanentOwnersAssignedToResource", + "type": "Microsoft.Authorization/roleManagementAlerts/alertConfigurations" + } + }, + "name": "TooManyPermanentOwnersAssignedToResource", + "id": "/subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleManagementAlerts/alerts/TooManyPermanentOwnersAssignedToResource", + "type": "Microsoft.Authorization/roleManagementAlerts/alerts" + }, + { + "properties": { + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "incidentCount": 1, + "lastModifiedDateTime": "2022-04-05T03:04:06.467+00:00", + "lastScannedDateTime": "2022-04-06T18:25:00.38+00:00", + "isActive": true, + "alertDefinition": { + "properties": { + "displayName": "Too many owners assigned to a resource", + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "description": "The number of users with the Owner role is too high. We recommend assigning these individuals to less privileged roles or roles more suitable to their daily needs. Take a moment to review the current assignments, and suggested changes here.", + "severityLevel": "Medium", + "securityImpact": "As the number of users with the owner role increases, so does the potential for malicious or mistaken actions affecting your resource.", + "mitigationSteps": "To mitigate this issue, reduce the number of users in the Owner role. Review the list of users in the list, and reassign them to a less privileged role such as Contributor.", + "howToPrevent": "Choose a role that provides the fewest privileges necessary for a user or group to complete their tasks.", + "isRemediatable": true, + "isConfigurable": true + }, + "name": "TooManyOwnersAssignedToResource", + "id": "/subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleManagementAlerts/alertDefinitions/TooManyOwnersAssignedToResource", + "type": "Microsoft.Authorization/roleManagementAlerts/alertDefinitions" + }, + "alertIncidents": [ + { + "properties": { + "alertIncidentType": "TooManyOwnersAssignedToResourceAlertIncident", + "assigneeName": "testUser", + "assigneeType": "User" + }, + "name": "a9f38501-74ec-43ea-8663-6c538602150d", + "type": "Microsoft.Authorization/roleManagementAlerts/alertIncidents", + "id": "/subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleManagementAlerts/alerts/TooManyOwnersAssignedToResource/alertIncidents/a9f38501-74ec-43ea-8663-6c538602150d" + } + ], + "alertConfiguration": { + "properties": { + "alertConfigurationType": "TooManyOwnersAssignedToResourceAlertConfiguration", + "alertDefinitionId": "TooManyOwnersAssignedToResource", + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "isEnabled": true, + "thresholdNumberOfOwners": 2, + "thresholdPercentageOfOwnersOutOfAllRoleMembers": 3 + }, + "name": "TooManyOwnersAssignedToResource", + "id": "/subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleManagementAlerts/alertConfigurations/TooManyOwnersAssignedToResource", + "type": "Microsoft.Authorization/roleManagementAlerts/alertConfigurations" + } + }, + "name": "TooManyOwnersAssignedToResource", + "id": "/subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleManagementAlerts/alerts/TooManyOwnersAssignedToResource", + "type": "Microsoft.Authorization/roleManagementAlerts/alerts" + } + ] + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/RefreshAlert.json b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/RefreshAlert.json new file mode 100644 index 000000000000..78243c6886ac --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/RefreshAlert.json @@ -0,0 +1,18 @@ +{ + "parameters": { + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "alertId": "AzureRolesAssignedOutsidePimAlert", + "api-version": "2022-08-01-preview" + }, + "responses": { + "202": { + "headers": { + "Location": "https://management.azure.com/subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleManagementAlerts/operations/{operationId}?api-version=2022-04-01-preview" + }, + "body": { + "id": "{operationId}", + "status": "NotStarted" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/RefreshAllAlerts.json b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/RefreshAllAlerts.json new file mode 100644 index 000000000000..c8d55d2349d6 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/RefreshAllAlerts.json @@ -0,0 +1,17 @@ +{ + "parameters": { + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "api-version": "2022-08-01-preview" + }, + "responses": { + "202": { + "headers": { + "Location": "https://management.azure.com/subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleManagementAlerts/operations/{operationId}?api-version=2022-04-01-preview" + }, + "body": { + "id": "{operationId}", + "status": "NotStarted" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/RemediateAlertIncident.json b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/RemediateAlertIncident.json new file mode 100644 index 000000000000..762f9ee5ea5f --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/RemediateAlertIncident.json @@ -0,0 +1,11 @@ +{ + "parameters": { + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "alertId": "DuplicateRoleCreated", + "alertIncidentId": "0645231d-16ba-4ebf-851a-0875df4052bd", + "api-version": "2022-08-01-preview" + }, + "responses": { + "204": {} + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/UpdateAlert.json b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/UpdateAlert.json new file mode 100644 index 000000000000..c146529e8837 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/UpdateAlert.json @@ -0,0 +1,69 @@ +{ + "parameters": { + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "alertId": "TooManyPermanentOwnersAssignedToResource", + "api-version": "2022-08-01-preview", + "parameters": { + "properties": { + "isActive": false + } + } + }, + "responses": { + "200": { + "body": { + "properties": { + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "incidentCount": 1, + "lastModifiedDateTime": "2022-04-05T03:04:06.467+00:00", + "lastScannedDateTime": "2022-04-06T18:25:00.38+00:00", + "isActive": false, + "alertDefinition": { + "properties": { + "displayName": "Too many permanent owners assigned to a resource", + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "description": "The number of users set to never expire is too high. To enhance the security of your resources, we recommend requiring activation for role use. Take a moment to review the list of users, and suggested changes here.", + "severityLevel": "Medium", + "securityImpact": "Providing users permanent access in a role may leave resources vulnerable to accidental or malicious activity.", + "mitigationSteps": "To mitigate this issue, require the user to activate the role before use.", + "howToPrevent": "Enable “Activation Required” in the role settings menu. This will ensure newly added users must activate their role.", + "isRemediatable": true, + "isConfigurable": true + }, + "name": "TooManyPermanentOwnersAssignedToResource", + "id": "/subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleManagementAlerts/alertDefinitions/TooManyPermanentOwnersAssignedToResource", + "type": "Microsoft.Authorization/roleManagementAlerts/alertDefinitions" + }, + "alertIncidents": [ + { + "properties": { + "alertIncidentType": "TooManyPermanentOwnersAssignedToResourceAlertIncident", + "assigneeName": "testUser", + "assigneeType": "User" + }, + "name": "a9f38501-74ec-43ea-8663-6c538602150d", + "type": "Microsoft.Authorization/roleManagementAlerts/alertIncidents", + "id": "/subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleManagementAlerts/alerts/TooManyPermanentOwnersAssignedToResource/alertIncidents/a9f38501-74ec-43ea-8663-6c538602150d" + } + ], + "alertConfiguration": { + "properties": { + "alertConfigurationType": "TooManyPermanentOwnersAssignedToResourceAlertConfiguration", + "alertDefinitionId": "TooManyPermanentOwnersAssignedToResource", + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "isEnabled": true, + "thresholdNumberOfPermanentOwners": 10, + "thresholdPercentageOfPermanentOwnersOutOfAllOwners": 10 + }, + "name": "TooManyPermanentOwnersAssignedToResource", + "id": "/subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleManagementAlerts/alertConfigurations/TooManyPermanentOwnersAssignedToResource", + "type": "Microsoft.Authorization/roleManagementAlerts/alertConfigurations" + } + }, + "name": "TooManyPermanentOwnersAssignedToResource", + "id": "/subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleManagementAlerts/alerts/TooManyPermanentOwnersAssignedToResource", + "type": "Microsoft.Authorization/roleManagementAlerts/alerts" + } + } + } +} diff --git a/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/UpdateAlertConfiguration.json b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/UpdateAlertConfiguration.json new file mode 100644 index 000000000000..d736f8ba8a26 --- /dev/null +++ b/specification/authorization/resource-manager/Microsoft.Authorization/preview/2022-08-01-preview/examples/UpdateAlertConfiguration.json @@ -0,0 +1,31 @@ +{ + "parameters": { + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "alertId": "TooManyOwnersAssignedToResource", + "api-version": "2022-08-01-preview", + "parameters": { + "properties": { + "isEnabled": true, + "thresholdNumberOfOwners": 2, + "alertConfigurationType": "TooManyOwnersAssignedToResourceAlertConfiguration" + } + } + }, + "responses": { + "200": { + "body": { + "properties": { + "alertConfigurationType": "TooManyOwnersAssignedToResourceAlertConfiguration", + "alertDefinitionId": "TooManyOwnersAssignedToResource", + "scope": "subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f", + "isEnabled": true, + "thresholdNumberOfOwners": 2, + "thresholdPercentageOfOwnersOutOfAllRoleMembers": 3 + }, + "name": "TooManyOwnersAssignedToResource", + "id": "/subscriptions/afa2a084-766f-4003-8ae1-c4aeb893a99f/providers/Microsoft.Authorization/roleManagementAlerts/alertConfigurations/TooManyOwnersAssignedToResource", + "type": "Microsoft.Authorization/roleManagementAlerts/alertConfigurations" + } + } + } +} diff --git a/specification/authorization/resource-manager/readme.md b/specification/authorization/resource-manager/readme.md index 03f06563789a..032efcd03573 100755 --- a/specification/authorization/resource-manager/readme.md +++ b/specification/authorization/resource-manager/readme.md @@ -89,6 +89,7 @@ These settings apply only when `--tag=package-2021-12-01-preview-only` is specif ``` yaml $(tag) == 'package-2021-12-01-preview-only' input-file: - Microsoft.Authorization/preview/2021-12-01-preview/authorization-AccessReviewCalls.json +- Microsoft.Authorization/preview/2022-08-01-preview/RoleManagementAlerts.json ``` ### Tag: package-2020-10-01 @@ -166,6 +167,15 @@ input-file: - Microsoft.Authorization/preview/2022-04-01-preview/RoleEligibilityScheduleRequest.json ``` +### Tag: package-2022-08-01-preview-only + +These settings apply only when `--tag=package-2022-08-01-preview-only` is specified on the command line. + +```yaml $(tag) == 'package-2022-08-01-preview-only' +input-file: +- Microsoft.Authorization/preview/2022-08-01-preview/RoleManagementAlerts.json +``` + ### Tag: package-preview-2021-11