diff --git a/specification/graphrbac/data-plane/stable/1.6/graphrbac.json b/specification/graphrbac/data-plane/stable/1.6/graphrbac.json index ff351a2414dc..1108836ec54e 100644 --- a/specification/graphrbac/data-plane/stable/1.6/graphrbac.json +++ b/specification/graphrbac/data-plane/stable/1.6/graphrbac.json @@ -39,9 +39,9 @@ "/{tenantID}/me": { "get": { "tags": [ - "Objects" + "SignedInUser" ], - "operationId": "Objects_GetCurrentUser", + "operationId": "SignedInUser_Get", "description": "Gets the details for the currently logged-in user.", "parameters": [ { @@ -55,7 +55,38 @@ "200": { "description": "OK. The operation was successful.", "schema": { - "$ref": "#/definitions/AADObject" + "$ref": "#/definitions/User" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/GraphError" + } + } + } + } + }, + "/{tenantID}/me/ownedObjects": { + "get": { + "tags": [ + "SignedInUser" + ], + "operationId": "SignedInUser_ListOwnedObjects", + "description": "Get the list of directory objects that are owned by the user.", + "parameters": [ + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/tenantIDInPath" + } + ], + "responses": { + "200": { + "description": "OK. The operation was successful.", + "schema": { + "$ref": "#/definitions/DirectoryObjectListResult" } }, "default": { @@ -64,6 +95,10 @@ "$ref": "#/definitions/GraphError" } } + }, + "x-ms-pageable": { + "nextLinkName": "odata.nextLink", + "operationName": "SignedInUser_ListOwnedObjectsNext" } } }, @@ -148,6 +183,121 @@ } } }, + "/{tenantID}/deletedApplications/{objectId}/restore": { + "post": { + "tags": [ + "deletedApplications" + ], + "operationId": "DeletedApplications_Restore", + "description": "Restores the deleted application in the directory.", + "parameters": [ + { + "name": "objectId", + "in": "path", + "required": true, + "type": "string", + "description": "Application object ID." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/tenantIDInPath" + } + ], + "responses": { + "200": { + "description": "The application was restored successfully.", + "schema": { + "$ref": "#/definitions/Application" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/GraphError" + } + } + } + } + }, + "/{tenantID}/deletedApplications": { + "get": { + "tags": [ + "deletedApplications" + ], + "operationId": "DeletedApplications_List", + "description": "Gets a list of deleted applications in the directory.", + "parameters": [ + { + "name": "$filter", + "in": "query", + "required": false, + "type": "string", + "description": "The filter to apply to the operation." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/tenantIDInPath" + } + ], + "responses": { + "200": { + "description": "The applications were retrieved successfully.", + "schema": { + "$ref": "#/definitions/ApplicationListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/GraphError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "odata.nextLink", + "operationName": "DeletedApplications_ListNext" + } + } + }, + "/{tenantID}/deletedApplications/{applicationObjectId}": { + "delete": { + "tags": [ + "Application" + ], + "operationId": "DeletedApplications_HardDelete", + "description": "Hard-delete an application.", + "parameters": [ + { + "name": "applicationObjectId", + "in": "path", + "required": true, + "type": "string", + "description": "Application object ID." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/tenantIDInPath" + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/GraphError" + } + } + } + } + }, "/{tenantID}/applications/{applicationObjectId}": { "delete": { "tags": [ @@ -299,7 +449,7 @@ } }, "x-ms-pageable": { - "nextLinkName": null + "nextLinkName": "odata.nextLink" } } }, @@ -323,7 +473,7 @@ "in": "body", "required": true, "schema": { - "$ref": "#/definitions/ApplicationAddOwnerParameters" + "$ref": "#/definitions/AddOwnerParameters" }, "description": "The URL of the owner object, such as https://graph.windows.net/0b1f9851-1bf0-433f-aec3-cb9272f093dc/directoryObjects/f260bbc4-c254-447b-94cf-293b5ec434dd." }, @@ -346,7 +496,7 @@ } } } - }, + }, "/{tenantID}/applications/{applicationObjectId}/keyCredentials": { "get": { "tags": [ @@ -746,7 +896,7 @@ "200": { "description": "OK. The operation was successful.", "schema": { - "$ref": "#/definitions/GetObjectsResult" + "$ref": "#/definitions/DirectoryObjectListResult" } }, "default": { @@ -831,7 +981,7 @@ } } } - } + } }, "/{tenantID}/groups/{objectId}/getMemberGroups": { "post": { @@ -883,6 +1033,92 @@ } } }, + "/{tenantID}/groups/{objectId}/owners": { + "get": { + "tags": [ + "GroupOwners" + ], + "operationId": "Groups_ListOwners", + "summary": "Directory objects that are owners of the group.", + "description": "The owners are a set of non-admin users who are allowed to modify this object.", + "parameters": [ + { + "name": "objectId", + "in": "path", + "required": true, + "type": "string", + "description": "The object ID of the group for which to get owners." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/tenantIDInPath" + } + ], + "responses": { + "200": { + "description": "OK. The operation was successful.", + "schema": { + "$ref": "#/definitions/DirectoryObjectListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/GraphError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "odata.nextLink" + } + } + }, + "/{tenantID}/groups/{objectId}/$links/owners": { + "post": { + "tags": [ + "GroupsOwners" + ], + "operationId": "Groups_AddOwner", + "description": "Add an owner to a group.", + "parameters": [ + { + "name": "objectId", + "in": "path", + "required": true, + "type": "string", + "description": "The object ID of the application to which to add the owner." + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/AddOwnerParameters" + }, + "description": "The URL of the owner object, such as https://graph.windows.net/0b1f9851-1bf0-433f-aec3-cb9272f093dc/directoryObjects/f260bbc4-c254-447b-94cf-293b5ec434dd." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/tenantIDInPath" + } + ], + "responses": { + "204": { + "description": "No Content. Indicates success. No response body is returned." + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/GraphError" + } + } + } + } + }, "/{tenantID}/servicePrincipals": { "post": { "tags": [ @@ -965,6 +1201,48 @@ } }, "/{tenantID}/servicePrincipals/{objectId}": { + "patch": { + "tags": [ + "ServicePrincipal" + ], + "operationId": "ServicePrincipals_Update", + "description": "Updates a service principal in the directory.", + "parameters": [ + { + "name": "objectId", + "in": "path", + "required": true, + "type": "string", + "description": "The object ID of the service principal to delete." + }, + { + "name": "parameters", + "in": "body", + "required": true, + "schema": { + "$ref": "#/definitions/ServicePrincipalUpdateParameters" + }, + "description": "Parameters to update a service principal." + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/tenantIDInPath" + } + ], + "responses": { + "204": { + "description": "No Content" + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/GraphError" + } + } + } + }, "delete": { "tags": [ "ServicePrincipal" @@ -1073,7 +1351,7 @@ } }, "x-ms-pageable": { - "nextLinkName": null + "nextLinkName": "odata.nextLink" } } }, @@ -1493,7 +1771,7 @@ "Objects" ], "operationId": "Objects_GetObjectsByObjectIds", - "description": "Gets AD group membership for the specified AD object IDs.", + "description": "Gets the directory objects specified in a list of object IDs. You can also specify which resource collections (users, groups, etc.) should be searched by specifying the optional types parameter.", "parameters": [ { "name": "parameters", @@ -1515,7 +1793,7 @@ "200": { "description": "OK. The operation was successful.", "schema": { - "$ref": "#/definitions/GetObjectsResult" + "$ref": "#/definitions/DirectoryObjectListResult" } } }, @@ -1634,7 +1912,7 @@ "operationId": "OAuth2_Post", "description": "Grants OAuth2 permissions for the relevant resource Ids of an app.", "produces" : [ "application/json" ], - "parameters" : [ + "parameters" : [ { "in" : "body", "name" : "body", @@ -1667,12 +1945,55 @@ } }, "x-ms-paths": { - "/{tenantID}/{nextLink}?Groups_ListNext": { + "/{tenantID}/{nextLink}?SignedInUser_ListOwnedObjectsNext": { "get": { "tags": [ - "Group" + "SignedInUser" ], - "operationId": "Groups_ListNext", + "operationId": "SignedInUser_ListOwnedObjectsNext", + "description": "Get the list of directory objects that are owned by the user.", + "parameters": [ + { + "name": "nextLink", + "in": "path", + "required": true, + "type": "string", + "description": "Next link for the list operation.", + "x-ms-skip-url-encoding": true + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/tenantIDInPath" + } + ], + "responses": { + "200": { + "description": "OK. The operation was successful.", + "schema": { + "$ref": "#/definitions/DirectoryObjectListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/GraphError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "odata.nextLink", + "operationName": "SignedInUser_ListOwnedObjectsNext" + } + } + }, + "/{tenantID}/{nextLink}?Groups_ListNext": { + "get": { + "tags": [ + "Group" + ], + "operationId": "Groups_ListNext", "description": "Gets a list of groups for the current tenant.", "parameters": [ { @@ -1737,7 +2058,7 @@ "200": { "description": "OK. The operation was successful.", "schema": { - "$ref": "#/definitions/GetObjectsResult" + "$ref": "#/definitions/DirectoryObjectListResult" } }, "default": { @@ -1796,6 +2117,49 @@ } } }, + "/{tenantID}/{nextLink}?DeletedApplications_ListNext": { + "get": { + "tags": [ + "deletedApplications" + ], + "operationId": "DeletedApplications_ListNext", + "description": "Gets a list of deleted applications in the directory.", + "parameters": [ + { + "name": "nextLink", + "in": "path", + "required": true, + "type": "string", + "description": "Next link for the list operation.", + "x-ms-skip-url-encoding": true + }, + { + "$ref": "#/parameters/ApiVersionParameter" + }, + { + "$ref": "#/parameters/tenantIDInPath" + } + ], + "responses": { + "200": { + "description": "OK. The operation was successful.", + "schema": { + "$ref": "#/definitions/ApplicationListResult" + } + }, + "default": { + "description": "Error response describing why the operation failed.", + "schema": { + "$ref": "#/definitions/GraphError" + } + } + }, + "x-ms-pageable": { + "nextLinkName": "odata.nextLink", + "operationName": "DeletedApplications_ListNext" + } + } + }, "/{tenantID}/{nextLink}?ServicePrincipals_ListNext": { "get": { "tags": [ @@ -1909,7 +2273,7 @@ "200": { "description": "OK. The operation was successful.", "schema": { - "$ref": "#/definitions/GetObjectsResult" + "$ref": "#/definitions/DirectoryObjectListResult" } } }, @@ -2099,6 +2463,13 @@ "ApplicationCreateParameters": { "type": "object", "properties": { + "appRoles": { + "type": "array", + "items": { + "$ref": "#/definitions/AppRole" + }, + "description": "The collection of application roles that an application may declare. These roles can be assigned to users, groups or service principals." + }, "availableToOtherTenants": { "type": "boolean", "description": "Whether the application is available to other tenants." @@ -2164,6 +2535,13 @@ "ApplicationUpdateParameters": { "type": "object", "properties": { + "appRoles": { + "type": "array", + "items": { + "$ref": "#/definitions/AppRole" + }, + "description": "The collection of application roles that an application may declare. These roles can be assigned to users, groups or service principals." + }, "availableToOtherTenants": { "type": "boolean", "description": "Whether the application is available to other tenants" @@ -2227,12 +2605,19 @@ { "$ref": "#/definitions/DirectoryObject" } - ], + ], "properties": { "appId": { "type": "string", "description": "The application ID." }, + "appRoles": { + "type": "array", + "items": { + "$ref": "#/definitions/AppRole" + }, + "description": "The collection of application roles that an application may declare. These roles can be assigned to users, groups or service principals." + }, "appPermissions": { "type": "array", "items": { @@ -2290,7 +2675,39 @@ }, "description": "Application list operation result." }, - "ApplicationAddOwnerParameters": { + "AppRole": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Unique role identifier inside the appRoles collection." + }, + "allowedMemberTypes":{ + "type": "array", + "items": { + "type": "string" + }, + "description": "Specifies whether this app role definition can be assigned to users and groups by setting to 'User', or to other applications (that are accessing this application in daemon service scenarios) by setting to 'Application', or to both. " + }, + "description" : { + "type": "string", + "description": "Permission help text that appears in the admin app assignment and consent experiences." + }, + "displayName": { + "type": "string", + "description": "Display name for the permission that appears in the admin consent and app assignment experiences." + }, + "isEnabled": { + "type": "boolean", + "description": "When creating or updating a role definition, this must be set to true (which is the default). To delete a role, this must first be set to false. At that point, in a subsequent call, this role may be removed." + }, + "value": { + "type": "string", + "description": "Specifies the value of the roles claim that the application should expect in the authentication and access tokens." + } + } + }, + "AddOwnerParameters": { "type": "object", "properties": { "url": { @@ -2305,7 +2722,7 @@ "type": "object" }, "description": "Request parameters for adding a owner to an application." - }, + }, "KeyCredentialListResult": { "type": "object", "properties": { @@ -2328,6 +2745,10 @@ "$ref": "#/definitions/DirectoryObject" }, "description": "A collection of DirectoryObject." + }, + "odata.nextLink": { + "type": "string", + "description": "The URL to get the next set of results." } }, "description": "DirectoryObject list operation result." @@ -2377,124 +2798,6 @@ ], "description": "Request parameters for a PasswordCredentials update operation." }, - "AADObject": { - "type": "object", - "properties": { - "objectId": { - "type": "string", - "description": "The ID of the object." - }, - "objectType": { - "type": "string", - "description": "The type of AAD object." - }, - "displayName": { - "type": "string", - "description": "The display name of the object." - }, - "userPrincipalName": { - "type": "string", - "description": "The principal name of the object." - }, - "mail": { - "type": "string", - "description": "The primary email address of the object." - }, - "mailEnabled": { - "type": "boolean", - "description": "Whether the AAD object is mail-enabled." - }, - "mailNickname": { - "type": "string", - "description": "The mail alias for the user.", - "readOnly": true - }, - "securityEnabled": { - "type": "boolean", - "description": "Whether the AAD object is security-enabled." - }, - "signInName": { - "type": "string", - "description": "The sign-in name of the object." - }, - "servicePrincipalNames": { - "type": "array", - "items": { - "type": "string" - }, - "description": "A collection of service principal names associated with the object." - }, - "userType": { - "type": "string", - "description": "The user type of the object." - }, - "usageLocation": { - "type": "string", - "description": "A two letter country code (ISO standard 3166). Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. Examples include: \"US\", \"JP\", and \"GB\".", - "readOnly": true - }, - "appId": { - "type": "string", - "description": "The application ID.", - "readOnly": true - }, - "appPermissions": { - "type": "array", - "items": { - "type": "string" - }, - "description": "The application permissions.", - "readOnly": true - }, - "availableToOtherTenants": { - "type": "boolean", - "description": "Whether the application is be available to other tenants.", - "readOnly": true - }, - "identifierUris": { - "type": "array", - "items": { - "type": "string" - }, - "description": "A collection of URIs for the application.", - "readOnly": true - }, - "replyUrls": { - "type": "array", - "items": { - "type": "string" - }, - "description": "A collection of reply URLs for the application.", - "readOnly": true - }, - "homepage": { - "type": "string", - "description": "The home page of the application.", - "readOnly": true - } - }, - "additionalProperties": { - "type": "object" - }, - "description": "The properties of an Active Directory object." - }, - "GetObjectsResult": { - "type": "object", - "properties": { - "value": { - "type": "array", - "items": { - "$ref": "#/definitions/AADObject" - }, - "description": "A collection of Active Directory objects." - }, - "odata.nextLink": { - "type": "string", - "description": "The URL to get the next set of results." - } - }, - "description": "The response to an Active Directory object inquiry API request." - }, "GroupAddMemberParameters": { "type": "object", "properties": { @@ -2550,12 +2853,20 @@ { "$ref": "#/definitions/DirectoryObject" } - ], + ], "properties": { "displayName": { "type": "string", "description": "The display name of the group." }, + "mailEnabled": { + "type": "boolean", + "description": "Whether the group is mail-enabled. Must be false. This is because only pure security groups can be created using the Graph API." + }, + "mailNickname": { + "type": "string", + "description": "The mail alias for the group. " + }, "securityEnabled": { "type": "boolean", "description": "Whether the group is security-enable." @@ -2651,13 +2962,28 @@ "ServicePrincipalCreateParameters": { "type": "object", "properties": { + "accountEnabled": { + "type": "boolean", + "description": "Whether the account is enabled" + }, "appId": { "type": "string", "description": "application Id" }, - "accountEnabled": { + "appRoleAssignmentRequired": { "type": "boolean", - "description": "Whether the account is enabled" + "description": "Specifies whether an AppRoleAssignment to a user or group is required before Azure AD will issue a user or access token to the application." + }, + "displayName": { + "type": "string", + "description": "The display name for the service principal." + }, + "errorUrl": { + "type": "string" + }, + "homepage": { + "type": "string", + "description": "The URL to the homepage of the associated application." }, "keyCredentials": { "type": "array", @@ -2672,24 +2998,123 @@ "$ref": "#/definitions/PasswordCredential" }, "description": "A collection of PasswordCredential objects" + }, + "publisherName": { + "type": "string", + "description": "The display name of the tenant in which the associated application is specified." + }, + "replyUrls": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A collection of reply URLs for the service principal." + }, + "samlMetadataUrl": { + "type": "string" + }, + "servicePrincipalNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A collection of service principal names." + }, + "tags": { + "type": "array", + "items": { + "type": "string" + } } }, "additionalProperties": { "type": "object" }, "required": [ - "appId", - "accountEnabled" + "appId" ], "description": "Request parameters for creating a new service principal." }, + "ServicePrincipalUpdateParameters": { + "type": "object", + "properties": { + "accountEnabled": { + "type": "boolean", + "description": "Whether the account is enabled" + }, + "appId": { + "type": "string", + "description": "application Id" + }, + "appRoleAssignmentRequired": { + "type": "boolean", + "description": "Specifies whether an AppRoleAssignment to a user or group is required before Azure AD will issue a user or access token to the application." + }, + "displayName": { + "type": "string", + "description": "The display name for the service principal." + }, + "errorUrl": { + "type": "string" + }, + "homepage": { + "type": "string", + "description": "The URL to the homepage of the associated application." + }, + "keyCredentials": { + "type": "array", + "items": { + "$ref": "#/definitions/KeyCredential" + }, + "description": "A collection of KeyCredential objects." + }, + "passwordCredentials": { + "type": "array", + "items": { + "$ref": "#/definitions/PasswordCredential" + }, + "description": "A collection of PasswordCredential objects" + }, + "publisherName": { + "type": "string", + "description": "The display name of the tenant in which the associated application is specified." + }, + "replyUrls": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A collection of reply URLs for the service principal." + }, + "samlMetadataUrl": { + "type": "string" + }, + "servicePrincipalNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A collection of service principal names." + }, + "tags": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "additionalProperties": { + "type": "object" + }, + "description": "Request parameters for creating a new service principal." + }, "ServicePrincipal": { "allOf": [ { "$ref": "#/definitions/DirectoryObject" } ], - "type": "object", + "type": "object", "properties": { "displayName": { "type": "string", @@ -2699,6 +3124,13 @@ "type": "string", "description": "The application ID." }, + "appRoles": { + "type": "array", + "items": { + "$ref": "#/definitions/AppRole" + }, + "description": "The collection of application roles that an application may declare. These roles can be assigned to users, groups or service principals." + }, "servicePrincipalNames": { "type": "array", "items": { @@ -2890,7 +3322,7 @@ "name": "UserType", "modelAsString": true } - }, + }, "accountEnabled": { "type": "boolean", "description": "Whether the account is enabled." @@ -3009,9 +3441,6 @@ "additionalProperties": { "type": "object" }, - "required": [ - "includeDirectoryObjectReferences" - ], "description": "Request parameters for the GetObjectsByObjectIds API." }, "Domain": {