diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/PolicyAssignment.tsp b/specification/resources/resource-manager/Microsoft.Authorization/policy/PolicyAssignment.tsp new file mode 100644 index 000000000000..da13e0195645 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/PolicyAssignment.tsp @@ -0,0 +1,197 @@ +import "@azure-tools/typespec-azure-core"; +import "@azure-tools/typespec-azure-resource-manager"; +import "@typespec/openapi"; +import "@typespec/rest"; +import "./models.tsp"; + +using TypeSpec.Rest; +using Azure.ResourceManager; +using TypeSpec.Http; +using TypeSpec.OpenAPI; + +namespace Microsoft.Authorization; +/** + * The policy assignment. + */ +model PolicyAssignment + is Azure.ResourceManager.ExtensionResource { + ...ResourceNameParameter< + Resource = PolicyAssignment, + KeyName = "policyAssignmentName", + SegmentName = "policyAssignments", + NamePattern = "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + >; + + /** + * The location of the policy assignment. Only required when utilizing managed identity. + */ + #suppress "@azure-tools/typespec-azure-resource-manager/arm-resource-invalid-envelope-property" "For backward compatibility" + location?: string; + + /** + * The managed identity associated with the policy assignment. + */ + #suppress "@azure-tools/typespec-azure-resource-manager/arm-resource-invalid-envelope-property" "For backward compatibility" + identity?: Identity; +} + +alias PolicyAssignmentListParameters = { + /** + * The filter to apply on the operation. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atScope() is provided, the returned list only includes all policy assignments that apply to the scope, which is everything in the unfiltered list except those applied to sub scopes contained within the given scope. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the given scope. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value}. + */ + @query("$filter") + $filter?: string; + + /** + * Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'. + */ + @query("$expand") + $expand?: string; + + /** + * Maximum number of records to return. When the $top filter is not provided, it will return 500 records. + */ + @maxValue(1000) + @minValue(1) + @query("$top") + $top?: int32; +}; + +#suppress "@azure-tools/typespec-azure-resource-manager/arm-resource-interface-requires-decorator" +interface PolicyAssignmentGenericOps + extends Azure.ResourceManager.Legacy.ExtensionOperations< + { + ...SubscriptionIdParameter, + ...ResourceGroupParameter, + + /** + * The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines) + */ + @path + @segment("providers") + resourceProviderNamespace: string, + + /** + * The parent resource path. Use empty string if there is none. + */ + @path(#{ allowReserved: true }) + parentResourcePath: string, + + /** + * The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites). + */ + @path(#{ allowReserved: true }) + resourceType: string, + + /** + * The name of the resource. + */ + @path + @pattern("^.+$") + resourceName: string, + + ...ApiVersionParameter, + }, + { + ...Extension.ExtensionProviderNamespace, + }, + { + ...Extension.ExtensionProviderNamespace, + ...KeysOf, + } + > {} + +@armResourceOperations +interface PolicyAssignments { + /** + * This operation retrieves a single policy assignment, given its name and the scope it was created at. + */ + get is Extension.Read< + Extension.ScopeParameter, + PolicyAssignment, + Parameters = { + /** + * Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'. + */ + @query("$expand") + $expand?: string; + } + >; + + /** + * This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group. + */ + #suppress "@azure-tools/typespec-azure-resource-manager/arm-put-operation-response-codes" "For backward compatibility" + create is Extension.CreateOrReplaceSync< + Extension.ScopeParameter, + PolicyAssignment, + Response = ArmResourceCreatedSyncResponse + >; + + /** + * This operation updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group. + */ + @patch(#{ implicitOptionality: false }) + update is Extension.CustomPatchSync< + Extension.ScopeParameter, + PolicyAssignment, + PatchModel = PolicyAssignmentUpdate + >; + + /** + * This operation deletes a policy assignment, given its name and the scope it was created in. The scope of a policy assignment is the part of its ID preceding '/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. + */ + delete is Extension.DeleteSync< + Extension.ScopeParameter, + PolicyAssignment, + Response = ArmResponse | ArmDeletedNoContentResponse + >; + + /** + * This operation retrieves the list of all policy assignments associated with the given resource group in the given subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy assignments associated with the resource group, including those that apply directly or apply from containing scopes, as well as any applied to resources contained within the resource group. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the resource group, which is everything in the unfiltered list except those applied to resources contained within the resource group. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the resource group. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value} that apply to the resource group. + */ + listForResourceGroup is Extension.ListByTarget< + Extension.ResourceGroup, + PolicyAssignment, + Parameters = PolicyAssignmentListParameters + >; + + /** + * This operation retrieves the list of all policy assignments applicable to the management group that match the given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter=atScope() is provided, the returned list includes all policy assignments that are assigned to the management group or the management group's ancestors. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the management group. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value} that apply to the management group. + */ + @summary("Retrieves all policy assignments that apply to a management group.") + listForManagementGroup is Extension.ListByTarget< + Extension.ManagementGroup<"managementGroupId">, + PolicyAssignment, + Parameters = PolicyAssignmentListParameters + >; + + /** + * This operation retrieves the list of all policy assignments associated with the given subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy assignments associated with the subscription, including those that apply directly or from management groups that contain the given subscription, as well as any applied to objects contained within the subscription. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the subscription, which is everything in the unfiltered list except those applied to objects contained within the subscription. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the subscription. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value}. + */ + @summary("Retrieves all policy assignments that apply to a subscription.") + list is Extension.ListByTarget< + Extension.Subscription, + PolicyAssignment, + Parameters = PolicyAssignmentListParameters + >; + + /** + * This operation retrieves the list of all policy assignments associated with the specified resource in the given resource group and subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy assignments associated with the resource, including those that apply directly or from all containing scopes, as well as any applied to resources contained within the resource. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the resource, which is everything in the unfiltered list except those applied to resources contained within the resource. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the resource level. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value} that apply to the resource. Three parameters plus the resource name are used to identify a specific resource. If the resource is not part of a parent resource (the more common case), the parent resource path should not be provided (or provided as ''). For example a web app could be specified as ({resourceProviderNamespace} == 'Microsoft.Web', {parentResourcePath} == '', {resourceType} == 'sites', {resourceName} == 'MyWebApp'). If the resource is part of a parent resource, then all parameters should be provided. For example a virtual machine DNS name could be specified as ({resourceProviderNamespace} == 'Microsoft.Compute', {parentResourcePath} == 'virtualMachines/MyVirtualMachine', {resourceType} == 'domainNames', {resourceName} == 'MyComputerName'). A convenient alternative to providing the namespace and type name separately is to provide both in the {resourceType} parameter, format: ({resourceProviderNamespace} == '', {parentResourcePath} == '', {resourceType} == 'Microsoft.Web/sites', {resourceName} == 'MyWebApp'). + */ + @summary("Retrieves all policy assignments that apply to a resource.") + @get + listForResource is PolicyAssignmentGenericOps.List< + PolicyAssignment, + PolicyAssignmentListParameters + >; +} + +@@doc(PolicyAssignment.name, "The name of the policy assignment to get."); +@@doc(PolicyAssignment.properties, "Properties for the policy assignment."); +@@doc(PolicyAssignments.create::parameters.resource, + "Parameters for the policy assignment." +); +@@doc(PolicyAssignments.update::parameters.properties, + "Parameters for policy assignment patch request." +); diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/PolicyDefinition.tsp b/specification/resources/resource-manager/Microsoft.Authorization/policy/PolicyDefinition.tsp new file mode 100644 index 000000000000..3282c263e828 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/PolicyDefinition.tsp @@ -0,0 +1,220 @@ +import "@azure-tools/typespec-azure-core"; +import "@azure-tools/typespec-azure-resource-manager"; +import "@typespec/openapi"; +import "@typespec/rest"; +import "./models.tsp"; + +using TypeSpec.Rest; +using Azure.ResourceManager; +using TypeSpec.Http; +using TypeSpec.OpenAPI; + +namespace Microsoft.Authorization; +/** + * The policy definition. + */ +@subscriptionResource +model PolicyDefinition + is Azure.ResourceManager.ProxyResource { + ...ResourceNameParameter< + Resource = PolicyDefinition, + KeyName = "policyDefinitionName", + SegmentName = "policyDefinitions", + NamePattern = "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + >; +} + +alias PolicyDefinitionOps = Azure.ResourceManager.Legacy.ExtensionOperations< + { + ...ApiVersionParameter; + ...SubscriptionIdParameter; + + /** the provider namespace */ + @path + @segment("providers") + @key + providerNamespace: "Microsoft.Authorization"; + }, + {}, + { + /** The name of the policy definition to get. */ + @path + @segment("policyDefinitions") + @key + @pattern("^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$") + policyDefinitionName: string; + } +>; + +alias PolicyDefinitionTenantOps = Azure.ResourceManager.Legacy.ExtensionOperations< + { + ...ApiVersionParameter; + + /** the provider namespace */ + @path + @segment("providers") + @key + providerNamespace: "Microsoft.Authorization"; + }, + {}, + { + /** The name of the built-in policy definition to get. */ + @path + @segment("policyDefinitions") + @key + @pattern("^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$") + policyDefinitionName: string; + } +>; + +alias PolicyDefinitionManagementGroupOps = Azure.ResourceManager.Legacy.ExtensionOperations< + { + ...ApiVersionParameter; + + /** the provider namespace */ + @path + @segment("providers") + @key + providerNamespace: "Microsoft.Management"; + + /** The ID of the management group. */ + @path + @segment("managementGroups") + @key + managementGroupId: string; + }, + { + ...Extension.ExtensionProviderNamespace; + }, + { + ...Extension.ExtensionProviderNamespace; + + /** The name of the policy definition to get. */ + @path + @segment("policyDefinitions") + @key + @pattern("^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$") + policyDefinitionName: string; + } +>; + +@armResourceOperations +interface PolicyDefinitions { + /** + * This operation retrieves the policy definition in the given subscription with the given name. + */ + get is PolicyDefinitionOps.Read; + + /** + * This operation creates or updates a policy definition in the given subscription with the given name. + */ + #suppress "@azure-tools/typespec-azure-resource-manager/arm-put-operation-response-codes" "For backward compatibility" + createOrUpdate is PolicyDefinitionOps.CreateOrUpdateSync< + PolicyDefinition, + Response = ArmResourceCreatedSyncResponse + >; + + /** + * This operation deletes the policy definition in the given subscription with the given name. + */ + delete is PolicyDefinitionOps.DeleteSync; + + /** + * This operation retrieves a list of all the policy definitions in a given subscription that match the optional given $filter. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, the unfiltered list includes all policy definitions associated with the subscription, including those that apply directly or from management groups that contain the given subscription. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given subscription. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}. + */ + list is PolicyDefinitionOps.List< + PolicyDefinition, + Parameters = { + /** + * The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}. + */ + @query("$filter") + $filter?: string; + + /** + * Maximum number of records to return. When the $top filter is not provided, it will return 500 records. + */ + @maxValue(1000) + @minValue(1) + @query("$top") + $top?: int32; + } + >; + + /** + * This operation retrieves the built-in policy definition with the given name. + */ + getBuiltIn is PolicyDefinitionTenantOps.Read; + + /** + * This operation retrieves a list of all the built-in policy definitions that match the optional given $filter. If $filter='policyType -eq {value}' is provided, the returned list only includes all built-in policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all built-in policy definitions whose category match the {value}. + */ + listBuiltIn is PolicyDefinitionTenantOps.List< + PolicyDefinition, + Parameters = { + /** + * The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}. + */ + @query("$filter") + $filter?: string; + + /** + * Maximum number of records to return. When the $top filter is not provided, it will return 500 records. + */ + @maxValue(1000) + @minValue(1) + @query("$top") + $top?: int32; + } + >; + + /** + * This operation retrieves the policy definition in the given management group with the given name. + */ + getAtManagementGroup is PolicyDefinitionManagementGroupOps.Read; + + /** + * This operation creates or updates a policy definition in the given management group with the given name. + */ + #suppress "@azure-tools/typespec-azure-resource-manager/arm-put-operation-response-codes" "For backward compatibility" + createOrUpdateAtManagementGroup is PolicyDefinitionManagementGroupOps.CreateOrUpdateSync< + PolicyDefinition, + Response = ArmResourceCreatedSyncResponse + >; + + /** + * This operation deletes the policy definition in the given management group with the given name. + */ + deleteAtManagementGroup is PolicyDefinitionManagementGroupOps.DeleteSync; + + /** + * This operation retrieves a list of all the policy definitions in a given management group that match the optional given $filter. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, the unfiltered list includes all policy definitions associated with the management group, including those that apply directly or from management groups that contain the given management group. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given management group. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}. + */ + listByManagementGroup is PolicyDefinitionManagementGroupOps.List< + PolicyDefinition, + Parameters = { + /** + * The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}. + */ + @query("$filter") + $filter?: string; + + /** + * Maximum number of records to return. When the $top filter is not provided, it will return 500 records. + */ + @maxValue(1000) + @minValue(1) + @query("$top") + $top?: int32; + } + >; +} + +@@doc(PolicyDefinition.name, "The name of the policy definition to get."); +@@doc(PolicyDefinition.properties, "The policy definition properties."); +@@doc(PolicyDefinitions.createOrUpdate::parameters.resource, + "The policy definition properties." +); +@@doc(PolicyDefinitions.createOrUpdateAtManagementGroup::parameters.resource, + "The policy definition properties." +); diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/PolicyDefinitionVersion.tsp b/specification/resources/resource-manager/Microsoft.Authorization/policy/PolicyDefinitionVersion.tsp new file mode 100644 index 000000000000..90a1df14af15 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/PolicyDefinitionVersion.tsp @@ -0,0 +1,224 @@ +import "@azure-tools/typespec-azure-core"; +import "@azure-tools/typespec-azure-resource-manager"; +import "@typespec/openapi"; +import "@typespec/rest"; +import "./models.tsp"; +import "./PolicyDefinition.tsp"; + +using TypeSpec.Rest; +using Azure.ResourceManager; +using TypeSpec.Http; +using TypeSpec.OpenAPI; + +namespace Microsoft.Authorization; +/** + * The ID of the policy definition version. + */ +@subscriptionResource +@parentResource(PolicyDefinition) +model PolicyDefinitionVersion + is Azure.ResourceManager.ProxyResource { + ...ResourceNameParameter< + Resource = PolicyDefinitionVersion, + KeyName = "policyDefinitionVersion", + SegmentName = "versions", + NamePattern = "^\\d+\\.\\d+\\.\\d+$" + >; +} + +alias PolicyDefinitionVersionOps = Azure.ResourceManager.Legacy.ExtensionOperations< + { + ...ApiVersionParameter; + ...SubscriptionIdParameter; + + /** the provider namespace */ + @path + @segment("providers") + @key + providerNamespace: "Microsoft.Authorization"; + + /** The name of the policy definition. */ + @path + @segment("policyDefinitions") + @key + @pattern("^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$") + policyDefinitionName: string; + }, + {}, + { + /** The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number */ + @path + @segment("versions") + @key + @pattern("^\\d+\\.\\d+\\.\\d+$") + policyDefinitionVersion: string; + } +>; + +alias PolicyDefinitionVersionTenantOps = Azure.ResourceManager.Legacy.ExtensionOperations< + { + ...ApiVersionParameter; + + /** the provider namespace */ + @path + @segment("providers") + @key + providerNamespace: "Microsoft.Authorization"; + + /** The name of the policy definition. */ + @path + @segment("policyDefinitions") + @key + @pattern("^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$") + policyDefinitionName: string; + }, + {}, + { + /** The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number */ + @path + @segment("versions") + @key + @pattern("^\\d+\\.\\d+\\.\\d+$") + policyDefinitionVersion: string; + } +>; + +alias PolicyDefinitionVersionManagementGroupOps = Azure.ResourceManager.Legacy.ExtensionOperations< + { + ...ApiVersionParameter; + + /** the provider namespace */ + @path + @segment("providers") + @key + providerNamespace: "Microsoft.Management"; + + ...CommonTypes.ManagementGroupNameParameter; + }, + { + ...Extension.ExtensionProviderNamespace; + + /** The name of the policy definition. */ + @path + @segment("policyDefinitions") + @key + @pattern("^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$") + policyDefinitionName: string; + }, + { + ...Extension.ExtensionProviderNamespace; + + /** The name of the policy definition. */ + @path + @segment("policyDefinitions") + @key + @pattern("^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$") + policyDefinitionName: string; + + /** The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number */ + @path + @segment("versions") + @key + @pattern("^\\d+\\.\\d+\\.\\d+$") + policyDefinitionVersion: string; + } +>; + +@armResourceOperations +interface PolicyDefinitionVersions { + /** + * This operation retrieves the policy definition version in the given subscription with the given name. + */ + get is PolicyDefinitionVersionOps.Read; + + /** + * This operation creates or updates a policy definition in the given subscription with the given name. + */ + createOrUpdate is PolicyDefinitionVersionOps.CreateOrUpdateSync; + + /** + * This operation deletes the policy definition version in the given subscription with the given name. + */ + delete is PolicyDefinitionVersionOps.DeleteSync; + + /** + * This operation retrieves a list of all the policy definition versions for the given policy definition. + */ + list is PolicyDefinitionVersionOps.List< + PolicyDefinitionVersion, + Parameters = { + /** + * Maximum number of records to return. When the $top filter is not provided, it will return 500 records. + */ + @maxValue(1000) + @minValue(1) + @query("$top") + $top?: int32; + } + >; + + /** + * This operation retrieves the built-in policy definition version with the given name. + */ + getBuiltIn is PolicyDefinitionVersionTenantOps.Read; + + /** + * This operation retrieves a list of all the built-in policy definition versions for the given policy definition. + */ + listBuiltIn is PolicyDefinitionVersionTenantOps.List< + PolicyDefinitionVersion, + Parameters = { + /** + * Maximum number of records to return. When the $top filter is not provided, it will return 500 records. + */ + @maxValue(1000) + @minValue(1) + @query("$top") + $top?: int32; + } + >; + + /** + * This operation retrieves the policy definition version in the given management group with the given name. + */ + getAtManagementGroup is PolicyDefinitionVersionManagementGroupOps.Read; + + /** + * This operation creates or updates a policy definition version in the given management group with the given name. + */ + createOrUpdateAtManagementGroup is PolicyDefinitionVersionManagementGroupOps.CreateOrUpdateSync; + + /** + * This operation deletes the policy definition in the given management group with the given name. + */ + deleteAtManagementGroup is PolicyDefinitionVersionManagementGroupOps.DeleteSync; + + /** + * This operation retrieves a list of all the policy definition versions for the given policy definition in the given management group. + */ + listByManagementGroup is PolicyDefinitionVersionManagementGroupOps.List< + PolicyDefinitionVersion, + Parameters = { + /** + * Maximum number of records to return. When the $top filter is not provided, it will return 500 records. + */ + @maxValue(1000) + @minValue(1) + @query("$top") + $top?: int32; + } + >; +} + +@@doc(PolicyDefinitionVersion.name, + "The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number" +); +@@doc(PolicyDefinitionVersion.properties, + "The policy definition version properties." +); +@@doc(PolicyDefinitionVersions.createOrUpdate::parameters.resource, + "The policy definition properties." +); +@@doc(PolicyDefinitionVersions.createOrUpdateAtManagementGroup::parameters.resource, + "The policy definition properties." +); diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/PolicySetDefinition.tsp b/specification/resources/resource-manager/Microsoft.Authorization/policy/PolicySetDefinition.tsp new file mode 100644 index 000000000000..d5dad6be1f49 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/PolicySetDefinition.tsp @@ -0,0 +1,259 @@ +import "@azure-tools/typespec-azure-core"; +import "@azure-tools/typespec-azure-resource-manager"; +import "@typespec/openapi"; +import "@typespec/rest"; +import "./models.tsp"; + +using TypeSpec.Rest; +using Azure.ResourceManager; +using TypeSpec.Http; +using TypeSpec.OpenAPI; + +namespace Microsoft.Authorization; +/** + * The policy set definition. + */ +@subscriptionResource +model PolicySetDefinition + is Azure.ResourceManager.ProxyResource { + ...ResourceNameParameter< + Resource = PolicySetDefinition, + KeyName = "policySetDefinitionName", + SegmentName = "policySetDefinitions", + NamePattern = "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + >; +} + +alias PolicySetDefinitionOps = Azure.ResourceManager.Legacy.ExtensionOperations< + { + ...ApiVersionParameter; + ...SubscriptionIdParameter; + + /** the provider namespace */ + @path + @segment("providers") + @key + providerNamespace: "Microsoft.Authorization"; + }, + {}, + { + /** The name of the policy set definition to get. */ + @path + @segment("policySetDefinitions") + @key + @pattern("^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$") + policySetDefinitionName: string; + } +>; + +alias PolicySetDefinitionTenantOps = Azure.ResourceManager.Legacy.ExtensionOperations< + { + ...ApiVersionParameter; + + /** the provider namespace */ + @path + @segment("providers") + @key + providerNamespace: "Microsoft.Authorization"; + }, + {}, + { + /** The name of the policy set definition to get. */ + @path + @segment("policySetDefinitions") + @key + @pattern("^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$") + policySetDefinitionName: string; + } +>; + +alias PolicySetDefinitionManagementGroupOps = Azure.ResourceManager.Legacy.ExtensionOperations< + { + ...ApiVersionParameter; + + /** the provider namespace */ + @path + @segment("providers") + @key + providerNamespace: "Microsoft.Management"; + + /** The ID of the management group. */ + @path + @segment("managementGroups") + @key + managementGroupId: string; + }, + { + ...Extension.ExtensionProviderNamespace; + }, + { + ...Extension.ExtensionProviderNamespace; + + /** The name of the policy set definition to get. */ + @path + @segment("policySetDefinitions") + @key + @pattern("^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$") + policySetDefinitionName: string; + } +>; + +@armResourceOperations +interface PolicySetDefinitions { + /** + * This operation retrieves the policy set definition in the given subscription with the given name. + */ + get is PolicySetDefinitionOps.Read< + PolicySetDefinition, + Parameters = { + /** + * Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'. + */ + @query("$expand") + $expand?: string; + } + >; + + /** + * This operation creates or updates a policy set definition in the given subscription with the given name. + */ + createOrUpdate is PolicySetDefinitionOps.CreateOrUpdateSync; + + /** + * This operation deletes the policy set definition in the given subscription with the given name. + */ + delete is PolicySetDefinitionOps.DeleteSync; + + /** + * This operation retrieves a list of all the policy set definitions in a given subscription that match the optional given $filter. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, the unfiltered list includes all policy set definitions associated with the subscription, including those that apply directly or from management groups that contain the given subscription. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given subscription. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn and Custom. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}. + */ + list is PolicySetDefinitionOps.List< + PolicySetDefinition, + Parameters = { + /** + * The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}. + */ + @query("$filter") + $filter?: string; + + /** + * Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'. + */ + @query("$expand") + $expand?: string; + + /** + * Maximum number of records to return. When the $top filter is not provided, it will return 500 records. + */ + @maxValue(1000) + @minValue(1) + @query("$top") + $top?: int32; + } + >; + + /** + * This operation retrieves the built-in policy set definition with the given name. + */ + getBuiltIn is PolicySetDefinitionTenantOps.Read< + PolicySetDefinition, + Parameters = { + /** + * Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'. + */ + @query("$expand") + $expand?: string; + } + >; + + /** + * This operation retrieves a list of all the built-in policy set definitions that match the optional given $filter. If $filter='category -eq {value}' is provided, the returned list only includes all built-in policy set definitions whose category match the {value}. + */ + listBuiltIn is PolicySetDefinitionTenantOps.List< + PolicySetDefinition, + Parameters = { + /** + * The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}. + */ + @query("$filter") + $filter?: string; + + /** + * Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'. + */ + @query("$expand") + $expand?: string; + + /** + * Maximum number of records to return. When the $top filter is not provided, it will return 500 records. + */ + @maxValue(1000) + @minValue(1) + @query("$top") + $top?: int32; + } + >; + + /** + * This operation retrieves the policy set definition in the given management group with the given name. + */ + getAtManagementGroup is PolicySetDefinitionManagementGroupOps.Read< + PolicySetDefinition, + Parameters = { + /** + * Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'. + */ + @query("$expand") + $expand?: string; + } + >; + + /** + * This operation creates or updates a policy set definition in the given management group with the given name. + */ + createOrUpdateAtManagementGroup is PolicySetDefinitionManagementGroupOps.CreateOrUpdateSync; + + /** + * This operation deletes the policy set definition in the given management group with the given name. + */ + deleteAtManagementGroup is PolicySetDefinitionManagementGroupOps.DeleteSync; + + /** + * This operation retrieves a list of all the policy set definitions in a given management group that match the optional given $filter. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, the unfiltered list includes all policy set definitions associated with the management group, including those that apply directly or from management groups that contain the given management group. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given management group. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn and Custom. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}. + */ + listByManagementGroup is PolicySetDefinitionManagementGroupOps.List< + PolicySetDefinition, + Parameters = { + /** + * The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}. + */ + @query("$filter") + $filter?: string; + + /** + * Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'. + */ + @query("$expand") + $expand?: string; + + /** + * Maximum number of records to return. When the $top filter is not provided, it will return 500 records. + */ + @maxValue(1000) + @minValue(1) + @query("$top") + $top?: int32; + } + >; +} + +@@doc(PolicySetDefinition.name, + "The name of the policy set definition to get." +); +@@doc(PolicySetDefinition.properties, "The policy set definition properties."); +@@doc(PolicySetDefinitions.createOrUpdate::parameters.resource, + "The policy set definition properties." +); +@@doc(PolicySetDefinitions.createOrUpdateAtManagementGroup::parameters.resource, + "The policy set definition properties." +); diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/PolicySetDefinitionVersion.tsp b/specification/resources/resource-manager/Microsoft.Authorization/policy/PolicySetDefinitionVersion.tsp new file mode 100644 index 000000000000..d0592ebdd356 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/PolicySetDefinitionVersion.tsp @@ -0,0 +1,269 @@ +import "@azure-tools/typespec-azure-core"; +import "@azure-tools/typespec-azure-resource-manager"; +import "@typespec/openapi"; +import "@typespec/rest"; +import "./models.tsp"; +import "./PolicySetDefinition.tsp"; + +using TypeSpec.Rest; +using Azure.ResourceManager; +using TypeSpec.Http; +using TypeSpec.OpenAPI; + +namespace Microsoft.Authorization; +/** + * The policy set definition version. + */ +@subscriptionResource +@parentResource(PolicySetDefinition) +model PolicySetDefinitionVersion + is Azure.ResourceManager.ProxyResource { + ...ResourceNameParameter< + Resource = PolicySetDefinitionVersion, + KeyName = "policyDefinitionVersion", + SegmentName = "versions", + NamePattern = "^\\d+\\.\\d+\\.\\d+$" + >; +} + +alias PolicySetDefinitionVersionOps = Azure.ResourceManager.Legacy.ExtensionOperations< + { + ...ApiVersionParameter; + ...SubscriptionIdParameter; + + /** the provider namespace */ + @path + @segment("providers") + @key + providerNamespace: "Microsoft.Authorization"; + + /** The name of the policy set definition. */ + @path + @segment("policySetDefinitions") + @key + @pattern("^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$") + policySetDefinitionName: string; + }, + {}, + { + /** The policy set definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number */ + @path + @segment("versions") + @key + @pattern("^\\d+\\.\\d+\\.\\d+$") + policyDefinitionVersion: string; + } +>; + +alias PolicySetDefinitionVersionTenantOps = Azure.ResourceManager.Legacy.ExtensionOperations< + { + ...ApiVersionParameter; + + /** the provider namespace */ + @path + @segment("providers") + @key + providerNamespace: "Microsoft.Authorization"; + + /** The name of the policy set definition. */ + @path + @segment("policySetDefinitions") + @key + @pattern("^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$") + policySetDefinitionName: string; + }, + {}, + { + /** The policy set definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number */ + @path + @segment("versions") + @key + @pattern("^\\d+\\.\\d+\\.\\d+$") + policyDefinitionVersion: string; + } +>; + +alias PolicySetDefinitionVersionManagementGroupOps = Azure.ResourceManager.Legacy.ExtensionOperations< + { + ...ApiVersionParameter; + + /** the provider namespace */ + @path + @segment("providers") + @key + providerNamespace: "Microsoft.Management"; + + ...CommonTypes.ManagementGroupNameParameter; + }, + { + ...Extension.ExtensionProviderNamespace; + + /** The name of the policy set definition. */ + @path + @segment("policySetDefinitions") + @key + @pattern("^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$") + policySetDefinitionName: string; + }, + { + ...Extension.ExtensionProviderNamespace; + + /** The name of the policy set definition. */ + @path + @segment("policySetDefinitions") + @key + @pattern("^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$") + policySetDefinitionName: string; + + /** The policy set definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number */ + @path + @segment("versions") + @key + @pattern("^\\d+\\.\\d+\\.\\d+$") + policyDefinitionVersion: string; + } +>; + +@armResourceOperations +interface PolicySetDefinitionVersions { + /** + * This operation retrieves the policy set definition version in the given subscription with the given name and version. + */ + get is PolicySetDefinitionVersionOps.Read< + PolicySetDefinitionVersion, + Parameters = { + /** + * Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'. + */ + @query("$expand") + $expand?: string; + } + >; + + /** + * This operation creates or updates a policy set definition version in the given subscription with the given name and version. + */ + createOrUpdate is PolicySetDefinitionVersionOps.CreateOrUpdateSync; + + /** + * This operation deletes the policy set definition version in the given subscription with the given name and version. + */ + delete is PolicySetDefinitionVersionOps.DeleteSync; + + /** + * This operation retrieves a list of all the policy set definition versions for the given policy set definition. + */ + list is PolicySetDefinitionVersionOps.List< + PolicySetDefinitionVersion, + Parameters = { + /** + * Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'. + */ + @query("$expand") + $expand?: string; + + /** + * Maximum number of records to return. When the $top filter is not provided, it will return 500 records. + */ + @maxValue(1000) + @minValue(1) + @query("$top") + $top?: int32; + } + >; + + /** + * This operation retrieves the built-in policy set definition version with the given name and version. + */ + getBuiltIn is PolicySetDefinitionVersionTenantOps.Read< + PolicySetDefinitionVersion, + Parameters = { + /** + * Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'. + */ + @query("$expand") + $expand?: string; + } + >; + + /** + * This operation retrieves a list of all the built-in policy set definition versions for the given built-in policy set definition. + */ + listBuiltIn is PolicySetDefinitionVersionTenantOps.List< + PolicySetDefinitionVersion, + Parameters = { + /** + * Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'. + */ + @query("$expand") + $expand?: string; + + /** + * Maximum number of records to return. When the $top filter is not provided, it will return 500 records. + */ + @maxValue(1000) + @minValue(1) + @query("$top") + $top?: int32; + } + >; + + /** + * This operation retrieves the policy set definition version in the given management group with the given name and version. + */ + getAtManagementGroup is PolicySetDefinitionVersionManagementGroupOps.Read< + PolicySetDefinitionVersion, + Parameters = { + /** + * Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'. + */ + @query("$expand") + $expand?: string; + } + >; + + /** + * This operation creates or updates a policy set definition version in the given management group with the given name and version. + */ + createOrUpdateAtManagementGroup is PolicySetDefinitionVersionManagementGroupOps.CreateOrUpdateSync; + + /** + * This operation deletes the policy set definition version in the given management group with the given name and version. + */ + deleteAtManagementGroup is PolicySetDefinitionVersionManagementGroupOps.DeleteSync; + + /** + * This operation retrieves a list of all the policy set definition versions for the given policy set definition in a given management group. + */ + listByManagementGroup is PolicySetDefinitionVersionManagementGroupOps.List< + PolicySetDefinitionVersion, + Parameters = { + /** + * Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'. + */ + @query("$expand") + $expand?: string; + + /** + * Maximum number of records to return. When the $top filter is not provided, it will return 500 records. + */ + @maxValue(1000) + @minValue(1) + @query("$top") + $top?: int32; + } + >; +} + +@@doc(PolicySetDefinitionVersion.name, + "The policy set definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number" +); +@@doc(PolicySetDefinitionVersion.properties, + "The policy set definition version properties." +); +@@doc(PolicySetDefinitionVersions.createOrUpdate::parameters.resource, + "The policy set definition properties." +); +@@doc(PolicySetDefinitionVersions.createOrUpdateAtManagementGroup::parameters.resource, + "The policy set definition version properties." +); diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/back-compatible.tsp b/specification/resources/resource-manager/Microsoft.Authorization/policy/back-compatible.tsp new file mode 100644 index 000000000000..771080ec25a7 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/back-compatible.tsp @@ -0,0 +1,74 @@ +import "@azure-tools/typespec-client-generator-core"; + +using Azure.ClientGenerator.Core; +using Microsoft.Authorization; + +#suppress "@azure-tools/typespec-azure-core/no-legacy-usage" "Property flatten for SDK backward compatibility." +@@Legacy.flattenProperty(PolicyAssignmentUpdate.properties); + +@@clientName(PolicyAssignments.create::parameters.resource, "parameters"); +@@clientName(PolicyAssignments.update::parameters.properties, "parameters"); +#suppress "@azure-tools/typespec-azure-core/no-legacy-usage" "Property flatten for SDK backward compatibility." +@@Legacy.flattenProperty(PolicyAssignment.properties); + +@@clientName(PolicyDefinitions.createOrUpdate::parameters.resource, + "parameters" +); +@@clientName(PolicyDefinitions.createOrUpdateAtManagementGroup::parameters.resource, + "parameters" +); +#suppress "@azure-tools/typespec-azure-core/no-legacy-usage" "Property flatten for SDK backward compatibility." +@@Legacy.flattenProperty(PolicyDefinition.properties); + +@@clientName(PolicyDefinitionVersions.createOrUpdate::parameters.resource, + "parameters" +); +@@clientName(PolicyDefinitionVersions.createOrUpdateAtManagementGroup::parameters.resource, + "parameters" +); +#suppress "@azure-tools/typespec-azure-core/no-legacy-usage" "Property flatten for SDK backward compatibility." +@@Legacy.flattenProperty(PolicyDefinitionVersion.properties); + +@@clientName(PolicySetDefinitions.createOrUpdate::parameters.resource, + "parameters" +); +@@clientName(PolicySetDefinitions.createOrUpdateAtManagementGroup::parameters.resource, + "parameters" +); +#suppress "@azure-tools/typespec-azure-core/no-legacy-usage" "Property flatten for SDK backward compatibility." +@@Legacy.flattenProperty(PolicySetDefinition.properties); + +@@clientName(PolicySetDefinitionVersions.createOrUpdate::parameters.resource, + "parameters" +); +@@clientName(PolicySetDefinitionVersions.createOrUpdateAtManagementGroup::parameters.resource, + "parameters" +); +#suppress "@azure-tools/typespec-azure-core/no-legacy-usage" "Property flatten for SDK backward compatibility." +@@Legacy.flattenProperty(PolicySetDefinitionVersion.properties); + +@@clientLocation(PolicyDefinitionVersionsOperationGroup.listAllBuiltins, + PolicyDefinitionVersions +); +@@clientLocation(PolicyDefinitionVersionsOperationGroup.listAllAtManagementGroup, + PolicyDefinitionVersions +); +@@clientLocation(PolicyDefinitionVersionsOperationGroup.listAll, + PolicyDefinitionVersions +); + +@@clientLocation(PolicySetDefinitionVersionsOperationGroup.listAllBuiltins, + PolicySetDefinitionVersions +); +@@clientLocation(PolicySetDefinitionVersionsOperationGroup.listAllAtManagementGroup, + PolicySetDefinitionVersions +); +@@clientLocation(PolicySetDefinitionVersionsOperationGroup.listAll, + PolicySetDefinitionVersions +); + +@@clientLocation(PolicyTokensOperationGroup.acquire, "PolicyTokens"); +@@clientLocation(PolicyTokensOperationGroup.acquireAtManagementGroup, + "PolicyTokens" +); +@@clientName(PolicyTokensOperationGroup.acquire::parameters.body, "parameters"); diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/client.tsp b/specification/resources/resource-manager/Microsoft.Authorization/policy/client.tsp new file mode 100644 index 000000000000..5d07196314ae --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/client.tsp @@ -0,0 +1,90 @@ +import "@azure-tools/typespec-azure-core"; +import "@azure-tools/typespec-client-generator-core"; +import "./main.tsp"; + +using Azure.ClientGenerator.Core; +using Azure.ResourceManager; +using TypeSpec.Http; + +/** + * To manage and control access to your resources, you can define customized policies and assign them at a scope. + */ +#suppress "@azure-tools/typespec-azure-resource-manager/missing-operations-endpoint" "For client" +namespace Microsoft.Authorization { + alias PolicyAssignmentIdParameter = { + /** + * The ID of the policy assignment to get. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. + */ + @path policyAssignmentId: string; + }; + + /** + * The operation retrieves the policy assignment with the given ID. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'. + */ + #suppress "@azure-tools/typespec-azure-resource-manager/arm-resource-operation" "For client" + @summary("Retrieves the policy assignment with the given ID.") + @scope("java") + @clientLocation(PolicyAssignments) + @get + @route("/{+policyAssignmentId}") + op getById( + ...PolicyAssignmentIdParameter, + ...Azure.Core.Foundations.ApiVersionParameter, + ): PolicyAssignment | ErrorResponse; + + /** + * This operation creates or updates the policy assignment with the given ID. Policy assignments made on a scope apply to all resources contained in that scope. For example, when you assign a policy to a resource group that policy applies to all resources in the group. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'. + */ + #suppress "@azure-tools/typespec-azure-resource-manager/arm-resource-operation" "For client" + @summary("Creates or updates a policy assignment.") + @scope("java") + @clientLocation(PolicyAssignments) + @put + @route("/{+policyAssignmentId}") + op createById( + ...PolicyAssignmentIdParameter, + + /** + * Parameters for policy assignment. + */ + @bodyRoot parameters: PolicyAssignment, + + ...Azure.Core.Foundations.ApiVersionParameter, + ): ArmResourceCreatedSyncResponse | ErrorResponse; + + /** + * This operation updates the policy assignment with the given ID. Policy assignments made on a scope apply to all resources contained in that scope. For example, when you assign a policy to a resource group that policy applies to all resources in the group. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'. + */ + #suppress "@azure-tools/typespec-azure-resource-manager/arm-resource-operation" "For client" + #suppress "@typespec/http/patch-implicit-optional" "For client" + @summary("Updates a policy assignment.") + @scope("java") + @clientLocation(PolicyAssignments) + @patch + @route("/{+policyAssignmentId}") + op updateById( + ...PolicyAssignmentIdParameter, + + /** + * Parameters for policy assignment patch request. + */ + @bodyRoot parameters: PolicyAssignmentUpdate, + + ...Azure.Core.Foundations.ApiVersionParameter, + ): PolicyAssignment | ErrorResponse; + + /** + * This operation deletes the policy with the given ID. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid formats for {scope} are: '/providers/Microsoft.Management/managementGroups/{managementGroup}' (management group), '/subscriptions/{subscriptionId}' (subscription), '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}' (resource group), or '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' (resource). + */ + #suppress "@azure-tools/typespec-azure-resource-manager/arm-resource-operation" "For client" + @summary("Deletes a policy assignment.") + @scope("java") + @clientLocation(PolicyAssignments) + @delete + @route("/{+policyAssignmentId}") + op deleteById( + ...PolicyAssignmentIdParameter, + ...Azure.Core.Foundations.ApiVersionParameter, + ): PolicyAssignment | ArmDeletedNoContentResponse | ErrorResponse; +} +@@clientName(Microsoft.Authorization, "PolicyClient", "javascript,python"); diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/acquirePolicyToken.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/acquirePolicyToken.json new file mode 100644 index 000000000000..b91d59b10de2 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/acquirePolicyToken.json @@ -0,0 +1,64 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "parameters": { + "operation": { + "httpMethod": "delete", + "uri": "https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testRG/providers/Microsoft.Compute/virtualMachines/testVM?api-version=2024-01-01" + } + }, + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "expiration": "2025-01-01T21:30:00.00Z", + "result": "Succeeded", + "results": [ + { + "claims": { + "date": "2025-01-01T19:30:00.00Z", + "double": 0.99, + "int": 2, + "isValid": false, + "string": "testString", + "testArray": [ + "Apple", + "Banana", + "Cherry" + ], + "testObject": { + "name": "Complex Object", + "id": 12345, + "details": { + "createdBy": "John Doe", + "createdDate": "2024-12-13T12:00:00Z", + "metadata": { + "isActive": true, + "tags": [ + "example", + "test", + "object" + ], + "version": "1.0.0" + } + } + } + }, + "expiration": "2025-01-01T21:30:00.00Z", + "message": "Coin flip successful (success probability: '1').", + "policyInfo": { + "policyAssignmentId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/3f2def86", + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/5ed64d02" + }, + "result": "Succeeded" + } + ], + "token": "PoP 7zmVse52pjMKPQd5m2uiNjz5UV2pZ.LPGtRiTeuCDBomEVbzj9kIaL9odEmlNv4D9VzyrQLTAyv4HHnUR7oNytWnL.AQrZ5bSGAQZzr8eySqvugzrD-ceRVL311SL3Nn6f-4c9kgPgU_u1ArXQKW25QCxMlsAuWmaE", + "tokenId": "0da8a969-c660-4de0-a6a4-b2034d4325e4" + } + } + }, + "operationId": "PolicyTokens_Acquire", + "title": "Acquire a policy token" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/acquirePolicyTokenAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/acquirePolicyTokenAtManagementGroup.json new file mode 100644 index 000000000000..b4d77d1c792d --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/acquirePolicyTokenAtManagementGroup.json @@ -0,0 +1,64 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "managementGroupName": "MyManagementGroup", + "parameters": { + "operation": { + "httpMethod": "delete", + "uri": "https://management.azure.com/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000?api-version=2022-04-01" + } + } + }, + "responses": { + "200": { + "body": { + "expiration": "2025-01-01T21:30:00.00Z", + "result": "Succeeded", + "results": [ + { + "claims": { + "date": "2025-01-01T19:30:00.00Z", + "double": 0.99, + "int": 2, + "isValid": false, + "string": "testString", + "testArray": [ + "Apple", + "Banana", + "Cherry" + ], + "testObject": { + "name": "Complex Object", + "id": 12345, + "details": { + "createdBy": "John Doe", + "createdDate": "2024-12-13T12:00:00Z", + "metadata": { + "isActive": true, + "tags": [ + "example", + "test", + "object" + ], + "version": "1.0.0" + } + } + } + }, + "expiration": "2025-01-01T21:30:00.00Z", + "message": "Coin flip successful (success probability: '1').", + "policyInfo": { + "policyAssignmentId": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/3f2def86", + "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/5ed64d02" + }, + "result": "Succeeded" + } + ], + "token": "PoP 7zmVse52pjMKPQd5m2uiNjz5UV2pZ.LPGtRiTeuCDBomEVbzj9kIaL9odEmlNv4D9VzyrQLTAyv4HHnUR7oNytWnL.AQrZ5bSGAQZzr8eySqvugzrD-ceRVL311SL3Nn6f-4c9kgPgU_u1ArXQKW25QCxMlsAuWmaE", + "tokenId": "0da8a969-c660-4de0-a6a4-b2034d4325e4" + } + } + }, + "operationId": "PolicyTokens_AcquireAtManagementGroup", + "title": "Acquire a policy token at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicyDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicyDefinition.json new file mode 100644 index 000000000000..91438d92bc62 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicyDefinition.json @@ -0,0 +1,97 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "parameters": { + "properties": { + "description": "Force resource names to begin with given 'prefix' and/or end with given 'suffix'", + "displayName": "Enforce resource naming convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + } + } + }, + "policyDefinitionName": "ResourceNaming", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitions_CreateOrUpdate", + "title": "Create or update a policy definition" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicyDefinitionAdvancedParams.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicyDefinitionAdvancedParams.json new file mode 100644 index 000000000000..58db388be568 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicyDefinitionAdvancedParams.json @@ -0,0 +1,124 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "parameters": { + "properties": { + "description": "Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised", + "displayName": "Event Hubs should have diagnostic logging enabled", + "metadata": { + "category": "Event Hub" + }, + "mode": "Indexed", + "parameters": { + "requiredRetentionDays": { + "type": "Integer", + "allowedValues": [ + 0, + 30, + 90, + 180, + 365 + ], + "defaultValue": 365, + "metadata": { + "description": "The required diagnostic logs retention in days", + "displayName": "Required retention (days)" + } + } + }, + "policyRule": { + "if": { + "equals": "Microsoft.EventHub/namespaces", + "field": "type" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "type": "Microsoft.Insights/diagnosticSettings", + "existenceCondition": { + "allOf": [ + { + "equals": "true", + "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled" + }, + { + "equals": "[parameters('requiredRetentionDays')]", + "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days" + } + ] + } + } + } + } + } + }, + "policyDefinitionName": "EventHubDiagnosticLogs", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "properties": { + "description": "Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised", + "displayName": "Event Hubs should have diagnostic logging enabled", + "metadata": { + "category": "Event Hub" + }, + "mode": "Indexed", + "parameters": { + "requiredRetentionDays": { + "type": "Integer", + "allowedValues": [ + 0, + 30, + 90, + 180, + 365 + ], + "defaultValue": 365, + "metadata": { + "description": "The required diagnostic logs retention in days", + "displayName": "Required retention (days)" + } + } + }, + "policyRule": { + "if": { + "equals": "Microsoft.EventHub/namespaces", + "field": "type" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "type": "Microsoft.Insights/diagnosticSettings", + "existenceCondition": { + "allOf": [ + { + "equals": "true", + "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled" + }, + { + "equals": "[parameters('requiredRetentionDays')]", + "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days" + } + ] + } + } + } + }, + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitions_CreateOrUpdate", + "title": "Create or update a policy definition with advanced parameters" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicyDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicyDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..140f26107013 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicyDefinitionAtManagementGroup.json @@ -0,0 +1,97 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "managementGroupId": "MyManagementGroup", + "parameters": { + "properties": { + "description": "Force resource names to begin with given 'prefix' and/or end with given 'suffix'", + "displayName": "Enforce resource naming convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + } + } + }, + "policyDefinitionName": "ResourceNaming" + }, + "responses": { + "201": { + "body": { + "name": "ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitions_CreateOrUpdateAtManagementGroup", + "title": "Create or update a policy definition at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicyDefinitionExternalEvaluationEnforcementSettings.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicyDefinitionExternalEvaluationEnforcementSettings.json new file mode 100644 index 000000000000..66a1862463c8 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicyDefinitionExternalEvaluationEnforcementSettings.json @@ -0,0 +1,109 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "parameters": { + "properties": { + "description": "Randomly disable VM allocation in eastus by having policy rule reference the outcome of invoking an external endpoint using the CoinFlip endpoint that returns random values.", + "displayName": "Randomize VM Allocation", + "externalEvaluationEnforcementSettings": { + "endpointSettings": { + "kind": "CoinFlip", + "details": { + "successProbability": 0.5 + } + }, + "missingTokenAction": "audit", + "roleDefinitionIds": [ + "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/roleDefinitions/f0cc2aea-b517-48f6-8f9e-0c01c687907b" + ] + }, + "metadata": { + "category": "VM" + }, + "mode": "Indexed", + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Compute/virtualMachines", + "field": "type" + }, + { + "equals": "eastus", + "field": "location" + }, + { + "equals": "false", + "value": "[claims().isValid]" + } + ] + }, + "then": { + "effect": "deny" + } + } + } + }, + "policyDefinitionName": "RandomizeVMAllocation", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "RandomizeVMAllocation", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/RandomizeVMAllocation", + "properties": { + "description": "Randomly disable VM allocation in eastus by having policy rule reference the outcome of invoking an external endpoint using the CoinFlip endpoint that returns random values.", + "displayName": "Randomize VM Allocation", + "externalEvaluationEnforcementSettings": { + "endpointSettings": { + "kind": "CoinFlip", + "details": { + "successProbability": 0.5 + } + }, + "missingTokenAction": "audit", + "roleDefinitionIds": [ + "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/roleDefinitions/f0cc2aea-b517-48f6-8f9e-0c01c687907b" + ] + }, + "metadata": { + "category": "VM" + }, + "mode": "Indexed", + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Compute/virtualMachines", + "field": "type" + }, + { + "equals": "eastus", + "field": "location" + }, + { + "equals": "false", + "value": "[claims().isValid]" + } + ] + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitions_CreateOrUpdate", + "title": "Create or update a policy definition with external evaluation enforcement settings" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicyDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicyDefinitionVersion.json new file mode 100644 index 000000000000..5bbb045374f8 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicyDefinitionVersion.json @@ -0,0 +1,140 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "parameters": { + "properties": { + "description": "Force resource names to begin with given 'prefix' and/or end with given 'suffix'", + "displayName": "Enforce resource naming convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "version": "1.2.1" + } + }, + "policyDefinitionName": "ResourceNaming", + "policyDefinitionVersion": "1.2.1", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + "headers": {} + }, + "201": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_CreateOrUpdate", + "title": "Create or update a policy definition version" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicyDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicyDefinitionVersionAtManagementGroup.json new file mode 100644 index 000000000000..ccc91d11b970 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicyDefinitionVersionAtManagementGroup.json @@ -0,0 +1,140 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "managementGroupName": "MyManagementGroup", + "parameters": { + "properties": { + "description": "Force resource names to begin with given 'prefix' and/or end with given 'suffix'", + "displayName": "Enforce resource naming convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "version": "1.2.1" + } + }, + "policyDefinitionName": "ResourceNaming", + "policyDefinitionVersion": "1.2.1" + }, + "responses": { + "200": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + "headers": {} + }, + "201": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_CreateOrUpdateAtManagementGroup", + "title": "Create or update a policy definition version at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicySetDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicySetDefinition.json new file mode 100644 index 000000000000..0dd02b6ce0ba --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicySetDefinition.json @@ -0,0 +1,162 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "parameters": { + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "parameters": { + "namePrefix": { + "type": "String", + "defaultValue": "myPrefix", + "metadata": { + "displayName": "Prefix to enforce on resource names" + } + } + }, + "policyDefinitions": [ + { + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "parameters": { + "prefix": { + "value": "[parameters('namePrefix')]" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ] + } + }, + "policySetDefinitionName": "CostManagement", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "parameters": { + "namePrefix": { + "type": "String", + "defaultValue": "myPrefix", + "metadata": { + "displayName": "Prefix to enforce on resource names" + } + } + }, + "policyDefinitions": [ + { + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "parameters": { + "prefix": { + "value": "[parameters('namePrefix')]" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ] + } + }, + "headers": {} + }, + "201": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "parameters": { + "namePrefix": { + "type": "String", + "defaultValue": "myPrefix", + "metadata": { + "displayName": "Prefix to enforce on resource names" + } + } + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "[parameters('namePrefix')]" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_CreateOrUpdate", + "title": "Create or update a policy set definition" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicySetDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicySetDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..adf5a31305ef --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicySetDefinitionAtManagementGroup.json @@ -0,0 +1,137 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "managementGroupId": "MyManagementGroup", + "parameters": { + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ] + } + }, + "policySetDefinitionName": "CostManagement" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ] + } + }, + "headers": {} + }, + "201": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_CreateOrUpdateAtManagementGroup", + "title": "Create or update a policy set definition at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicySetDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicySetDefinitionVersion.json new file mode 100644 index 000000000000..f1aa0608b1db --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicySetDefinitionVersion.json @@ -0,0 +1,163 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "parameters": { + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "parameters": { + "namePrefix": { + "type": "String", + "defaultValue": "myPrefix", + "metadata": { + "displayName": "Prefix to enforce on resource names" + } + } + }, + "policyDefinitions": [ + { + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "parameters": { + "prefix": { + "value": "[parameters('namePrefix')]" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1" + } + }, + "policyDefinitionVersion": "1.2.1", + "policySetDefinitionName": "CostManagement", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "parameters": { + "namePrefix": { + "type": "String", + "defaultValue": "myPrefix", + "metadata": { + "displayName": "Prefix to enforce on resource names" + } + } + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "[parameters('namePrefix')]" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1" + } + }, + "headers": {} + }, + "201": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "parameters": { + "namePrefix": { + "type": "String", + "defaultValue": "myPrefix", + "metadata": { + "displayName": "Prefix to enforce on resource names" + } + } + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "[parameters('namePrefix')]" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1" + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_CreateOrUpdate", + "title": "Create or update a policy set definition version" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicySetDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicySetDefinitionVersionAtManagementGroup.json new file mode 100644 index 000000000000..079604c3768d --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicySetDefinitionVersionAtManagementGroup.json @@ -0,0 +1,135 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "managementGroupName": "MyManagementGroup", + "parameters": { + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1" + } + }, + "policyDefinitionVersion": "1.2.1", + "policySetDefinitionName": "CostManagement" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ] + } + }, + "headers": {} + }, + "201": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1" + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_CreateOrUpdateAtManagementGroup", + "title": "Create or update a policy set definition version at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicySetDefinitionWithGroups.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicySetDefinitionWithGroups.json new file mode 100644 index 000000000000..4bc6d042bb4a --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicySetDefinitionWithGroups.json @@ -0,0 +1,198 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "parameters": { + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "description": "Policies designed to control spend within a subscription.", + "displayName": "Cost Management Policies" + }, + { + "name": "Organizational", + "description": "Policies that help enforce resource organization standards within a subscription.", + "displayName": "Organizational Policies" + } + ], + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ] + } + }, + "policySetDefinitionName": "CostManagement", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "description": "Policies designed to control spend within a subscription.", + "displayName": "Cost Management Policies" + }, + { + "name": "Organizational", + "description": "Policies that help enforce resource organization standards within a subscription.", + "displayName": "Organizational Policies" + } + ], + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + }, + "201": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "description": "Policies designed to control spend within a subscription.", + "displayName": "Cost Management Policies" + }, + { + "name": "Organizational", + "description": "Policies that help enforce resource organization standards within a subscription.", + "displayName": "Organizational Policies" + } + ], + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_CreateOrUpdate", + "title": "Create or update a policy set definition with groups" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicySetDefinitionWithGroupsAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicySetDefinitionWithGroupsAtManagementGroup.json new file mode 100644 index 000000000000..e5e142d22577 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createOrUpdatePolicySetDefinitionWithGroupsAtManagementGroup.json @@ -0,0 +1,196 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "managementGroupId": "MyManagementGroup", + "parameters": { + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "description": "Policies designed to control spend within a subscription.", + "displayName": "Cost Management Policies" + }, + { + "name": "Organizational", + "description": "Policies that help enforce resource organization standards within a subscription.", + "displayName": "Organizational Policies" + } + ], + "policyDefinitions": [ + { + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ] + } + }, + "policySetDefinitionName": "CostManagement" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "description": "Policies designed to control spend within a subscription.", + "displayName": "Cost Management Policies" + }, + { + "name": "Organizational", + "description": "Policies that help enforce resource organization standards within a subscription.", + "displayName": "Organizational Policies" + } + ], + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + }, + "201": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "description": "Policies designed to control spend within a subscription.", + "displayName": "Cost Management Policies" + }, + { + "name": "Organizational", + "description": "Policies that help enforce resource organization standards within a subscription.", + "displayName": "Organizational Policies" + } + ], + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_CreateOrUpdateAtManagementGroup", + "title": "Create or update a policy set definition with groups at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createPolicyAssignment.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createPolicyAssignment.json new file mode 100644 index 000000000000..0d8381c1a2e1 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createPolicyAssignment.json @@ -0,0 +1,68 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "parameters": { + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "displayName": "Enforce resource naming rules", + "metadata": { + "assignedBy": "Special Someone" + }, + "nonComplianceMessages": [ + { + "message": "Resource names must start with 'DeptA' and end with '-LC'." + } + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming" + } + }, + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Special Someone" + }, + "nonComplianceMessages": [ + { + "message": "Resource names must start with 'DeptA' and end with '-LC'." + } + ], + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Create", + "title": "Create or update a policy assignment" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createPolicyAssignmentNonComplianceMessages.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createPolicyAssignmentNonComplianceMessages.json new file mode 100644 index 000000000000..506a0db6ad8e --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createPolicyAssignmentNonComplianceMessages.json @@ -0,0 +1,63 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "parameters": { + "properties": { + "displayName": "Enforce security policies", + "nonComplianceMessages": [ + { + "message": "Resources must comply with all internal security policies. See for more info." + }, + { + "message": "Resource names must start with 'DeptA' and end with '-LC'.", + "policyDefinitionReferenceId": "10420126870854049575" + }, + { + "message": "Storage accounts must have firewall rules configured.", + "policyDefinitionReferenceId": "8572513655450389710" + } + ], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative" + } + }, + "policyAssignmentName": "securityInitAssignment", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "securityInitAssignment", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/securityInitAssignment", + "properties": { + "definitionVersion": "1.*.*", + "displayName": "Enforce security policies", + "enforcementMode": "Default", + "instanceId": "b7e0f8a9-1c2d-4e3f-8b4c-5d6e7f8a9b0c", + "metadata": { + "assignedBy": "User 1" + }, + "nonComplianceMessages": [ + { + "message": "Resources must comply with all internal security policies. See for more info." + }, + { + "message": "Resource names must start with 'DeptA' and end with '-LC'.", + "policyDefinitionReferenceId": "10420126870854049575" + }, + { + "message": "Storage accounts must have firewall rules configured.", + "policyDefinitionReferenceId": "8572513655450389710" + } + ], + "notScopes": [], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Create", + "title": "Create or update a policy assignment with multiple non-compliance messages" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createPolicyAssignmentWithEnrollEnforcement.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createPolicyAssignmentWithEnrollEnforcement.json new file mode 100644 index 000000000000..f14af10acda8 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createPolicyAssignmentWithEnrollEnforcement.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "parameters": { + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Enroll", + "metadata": { + "assignedBy": "Special Someone" + }, + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming" + } + }, + "policyAssignmentName": "EnforceNamingEnroll", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "EnforceNamingEnroll", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNamingEnroll", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Enroll", + "instanceId": "f2b3c4d5-e6f7-8a9b-0c1d-2e3f4a5b6c7d", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Create", + "title": "Create or update a policy assignment to enforce policy effect only on enrolled resources during resource creation or update." +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createPolicyAssignmentWithIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createPolicyAssignmentWithIdentity.json new file mode 100644 index 000000000000..1ff9945511b9 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createPolicyAssignmentWithIdentity.json @@ -0,0 +1,69 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "parameters": { + "identity": { + "type": "SystemAssigned" + }, + "location": "eastus", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "metadata": { + "assignedBy": "Foo Bar" + }, + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming" + } + }, + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "eastus", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Create", + "title": "Create or update a policy assignment with a system assigned identity" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createPolicyAssignmentWithOverrides.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createPolicyAssignmentWithOverrides.json new file mode 100644 index 000000000000..7ef5947130af --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createPolicyAssignmentWithOverrides.json @@ -0,0 +1,86 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "parameters": { + "properties": { + "description": "Limit the resource location and resource SKU", + "definitionVersion": "1.*.*", + "displayName": "Limit the resource location and resource SKU", + "metadata": { + "assignedBy": "Special Someone" + }, + "overrides": [ + { + "kind": "policyEffect", + "selectors": [ + { + "in": [ + "Limit_Skus", + "Limit_Locations" + ], + "kind": "policyDefinitionReferenceId" + } + ], + "value": "Audit" + }, + { + "kind": "definitionVersion", + "selectors": [ + { + "in": [ + "eastUSEuap", + "centralUSEuap" + ], + "kind": "resourceLocation" + } + ], + "value": "2.*.*" + } + ], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement" + } + }, + "policyAssignmentName": "CostManagement", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "properties": { + "description": "Limit the resource location and resource SKU", + "definitionVersion": "1.*.*", + "displayName": "Limit the resource location and resource SKU", + "enforcementMode": "Default", + "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "overrides": [ + { + "kind": "policyEffect", + "selectors": [ + { + "in": [ + "Limit_Skus", + "Limit_Locations" + ], + "kind": "policyDefinitionReferenceId" + } + ], + "value": "Audit" + } + ], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Create", + "title": "Create or update a policy assignment with overrides" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createPolicyAssignmentWithResourceSelectors.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createPolicyAssignmentWithResourceSelectors.json new file mode 100644 index 000000000000..3bfb7303f6ec --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createPolicyAssignmentWithResourceSelectors.json @@ -0,0 +1,70 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "parameters": { + "properties": { + "description": "Limit the resource location and resource SKU", + "displayName": "Limit the resource location and resource SKU", + "metadata": { + "assignedBy": "Special Someone" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "in": [ + "eastus2euap", + "centraluseuap" + ], + "kind": "resourceLocation" + } + ] + } + ] + } + }, + "policyAssignmentName": "CostManagement", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "properties": { + "description": "Limit the resource location and resource SKU", + "definitionVersion": "1.*.*", + "displayName": "Limit the resource location and resource SKU", + "enforcementMode": "Default", + "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "in": [ + "eastus2euap", + "centraluseuap" + ], + "kind": "resourceLocation" + } + ] + } + ], + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Create", + "title": "Create or update a policy assignment with resource selectors" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createPolicyAssignmentWithUserAssignedIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createPolicyAssignmentWithUserAssignedIdentity.json new file mode 100644 index 000000000000..765add88100a --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createPolicyAssignmentWithUserAssignedIdentity.json @@ -0,0 +1,76 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "parameters": { + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": {} + } + }, + "location": "eastus", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "metadata": { + "assignedBy": "Foo Bar" + }, + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming" + } + }, + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": { + "clientId": "4bee2b8a-1bee-47c2-90e9-404241551135", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a" + } + } + }, + "location": "eastus", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Create", + "title": "Create or update a policy assignment with a user assigned identity" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createPolicyAssignmentWithoutEnforcement.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createPolicyAssignmentWithoutEnforcement.json new file mode 100644 index 000000000000..61d6cd45f59d --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/createPolicyAssignmentWithoutEnforcement.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "parameters": { + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "displayName": "Enforce resource naming rules", + "enforcementMode": "DoNotEnforce", + "metadata": { + "assignedBy": "Special Someone" + }, + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming" + } + }, + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "201": { + "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "DoNotEnforce", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Create", + "title": "Create or update a policy assignment without enforcing policy effect during resource creation or update." +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/deletePolicyAssignment.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/deletePolicyAssignment.json new file mode 100644 index 000000000000..e03b67b96c17 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/deletePolicyAssignment.json @@ -0,0 +1,42 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + }, + "204": { + "headers": {} + } + }, + "operationId": "PolicyAssignments_Delete", + "title": "Delete a policy assignment" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/deletePolicyDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/deletePolicyDefinition.json new file mode 100644 index 000000000000..7576285efdb7 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/deletePolicyDefinition.json @@ -0,0 +1,17 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "policyDefinitionName": "ResourceNaming", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + }, + "operationId": "PolicyDefinitions_Delete", + "title": "Delete a policy definition" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/deletePolicyDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/deletePolicyDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..228df971b91a --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/deletePolicyDefinitionAtManagementGroup.json @@ -0,0 +1,17 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "managementGroupId": "MyManagementGroup", + "policyDefinitionName": "ResourceNaming" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + }, + "operationId": "PolicyDefinitions_DeleteAtManagementGroup", + "title": "Delete a policy definition at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/deletePolicyDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/deletePolicyDefinitionVersion.json new file mode 100644 index 000000000000..d41ae43ef4ce --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/deletePolicyDefinitionVersion.json @@ -0,0 +1,18 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "policyDefinitionName": "ResourceNaming", + "policyDefinitionVersion": "1.2.1", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_Delete", + "title": "Delete a policy definition version" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/deletePolicyDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/deletePolicyDefinitionVersionAtManagementGroup.json new file mode 100644 index 000000000000..b841e31494c2 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/deletePolicyDefinitionVersionAtManagementGroup.json @@ -0,0 +1,18 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "managementGroupName": "MyManagementGroup", + "policyDefinitionName": "ResourceNaming", + "policyDefinitionVersion": "1.2.1" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_DeleteAtManagementGroup", + "title": "Delete a policy definition version at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/deletePolicySetDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/deletePolicySetDefinition.json new file mode 100644 index 000000000000..93388f84fcd0 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/deletePolicySetDefinition.json @@ -0,0 +1,17 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "policySetDefinitionName": "CostManagement", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_Delete", + "title": "Delete a policy set definition" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/deletePolicySetDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/deletePolicySetDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..18888ec78cf8 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/deletePolicySetDefinitionAtManagementGroup.json @@ -0,0 +1,17 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "managementGroupId": "MyManagementGroup", + "policySetDefinitionName": "CostManagement" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_DeleteAtManagementGroup", + "title": "Delete a policy set definition at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/deletePolicySetDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/deletePolicySetDefinitionVersion.json new file mode 100644 index 000000000000..29dc54f08816 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/deletePolicySetDefinitionVersion.json @@ -0,0 +1,18 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "policyDefinitionVersion": "1.2.1", + "policySetDefinitionName": "CostManagement", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_Delete", + "title": "Delete a policy set definition version" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/deletePolicySetDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/deletePolicySetDefinitionVersionAtManagementGroup.json new file mode 100644 index 000000000000..cc00c62a0f06 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/deletePolicySetDefinitionVersionAtManagementGroup.json @@ -0,0 +1,18 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "managementGroupName": "MyManagementGroup", + "policyDefinitionVersion": "1.2.1", + "policySetDefinitionName": "CostManagement" + }, + "responses": { + "200": { + "headers": {} + }, + "204": { + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_DeleteAtManagementGroup", + "title": "Delete a policy set definition version at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getBuiltInPolicySetDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getBuiltInPolicySetDefinition.json new file mode 100644 index 000000000000..e003a337577d --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getBuiltInPolicySetDefinition.json @@ -0,0 +1,84 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "policySetDefinitionName": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + }, + "responses": { + "200": { + "body": { + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "properties": { + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "metadata": { + "category": "Security Center" + }, + "parameters": {}, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "policyDefinitionReferenceId": "RefId1" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "policyDefinitionReferenceId": "RefId2" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "policyDefinitionReferenceId": "RefId3" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "policyDefinitionReferenceId": "RefId4" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "policyDefinitionReferenceId": "RefId5" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "policyDefinitionReferenceId": "RefId6" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "policyDefinitionReferenceId": "RefId7" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "policyDefinitionReferenceId": "RefId8" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "policyDefinitionReferenceId": "RefId9" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "policyDefinitionReferenceId": "RefId10" + } + ], + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_GetBuiltIn", + "title": "Retrieve a built-in policy set definition" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getBuiltInPolicySetDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getBuiltInPolicySetDefinitionVersion.json new file mode 100644 index 000000000000..1d9c1862f115 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getBuiltInPolicySetDefinitionVersion.json @@ -0,0 +1,81 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "policyDefinitionVersion": "1.2.1", + "policySetDefinitionName": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + }, + "responses": { + "200": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8/versions/1.2.1", + "properties": { + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "metadata": { + "category": "Security Center" + }, + "parameters": {}, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "policyDefinitionReferenceId": "RefId1" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "policyDefinitionReferenceId": "RefId2" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "policyDefinitionReferenceId": "RefId3" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "policyDefinitionReferenceId": "RefId4" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "policyDefinitionReferenceId": "RefId5" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "policyDefinitionReferenceId": "RefId6" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "policyDefinitionReferenceId": "RefId7" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "policyDefinitionReferenceId": "RefId8" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "policyDefinitionReferenceId": "RefId9" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "policyDefinitionReferenceId": "RefId10" + } + ], + "policyType": "BuiltIn", + "version": "1.2.1" + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_GetBuiltIn", + "title": "Retrieve a built-in policy set definition version" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getBuiltinPolicyDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getBuiltinPolicyDefinition.json new file mode 100644 index 000000000000..f15fa3d43eb8 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getBuiltinPolicyDefinition.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "policyDefinitionName": "7433c107-6db4-4ad1-b57a-a76dce0154a1", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "properties": { + "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.", + "displayName": "Allowed storage account SKUs", + "mode": "All", + "parameters": { + "listOfAllowedSKUs": { + "type": "Array", + "metadata": { + "description": "The list of SKUs that can be specified for storage accounts.", + "displayName": "Allowed SKUs", + "strongType": "StorageSKUs" + } + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Storage/storageAccounts", + "field": "type" + }, + { + "not": { + "field": "Microsoft.Storage/storageAccounts/sku.name", + "in": "[parameters('listOfAllowedSKUs')]" + } + } + ] + }, + "then": { + "effect": "Deny" + } + }, + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitions_GetBuiltIn", + "title": "Retrieve a built-in policy definition" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getBuiltinPolicyDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getBuiltinPolicyDefinitionVersion.json new file mode 100644 index 000000000000..d45119a673f5 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getBuiltinPolicyDefinitionVersion.json @@ -0,0 +1,56 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "policyDefinitionName": "7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionVersion": "1.2.1", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1/versions/1.2.1", + "properties": { + "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.", + "displayName": "Allowed storage account SKUs", + "mode": "All", + "parameters": { + "listOfAllowedSKUs": { + "type": "Array", + "metadata": { + "description": "The list of SKUs that can be specified for storage accounts.", + "displayName": "Allowed SKUs", + "strongType": "StorageSKUs" + } + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Storage/storageAccounts", + "field": "type" + }, + { + "not": { + "field": "Microsoft.Storage/storageAccounts/sku.name", + "in": "[parameters('listOfAllowedSKUs')]" + } + } + ] + }, + "then": { + "effect": "Deny" + } + }, + "policyType": "BuiltIn", + "version": "1.2.1" + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_GetBuiltIn", + "title": "Retrieve a built-in policy definition version" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicyAssignment.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicyAssignment.json new file mode 100644 index 000000000000..4936ef94da0e --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicyAssignment.json @@ -0,0 +1,40 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Get", + "title": "Retrieve a policy assignment" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicyAssignmentWithIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicyAssignmentWithIdentity.json new file mode 100644 index 000000000000..70922a369ae3 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicyAssignmentWithIdentity.json @@ -0,0 +1,46 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "westus", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Get", + "title": "Retrieve a policy assignment with a system assigned identity" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicyAssignmentWithOverrides.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicyAssignmentWithOverrides.json new file mode 100644 index 000000000000..6bc9269cc071 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicyAssignmentWithOverrides.json @@ -0,0 +1,47 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "policyAssignmentName": "CostManagement", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "properties": { + "description": "Limit the resource location and resource SKU", + "definitionVersion": "1.*.*", + "displayName": "Limit the resource location and resource SKU", + "enforcementMode": "Default", + "instanceId": "d2f3a4b5-c6d7-8e9f-0a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "overrides": [ + { + "kind": "policyEffect", + "selectors": [ + { + "in": [ + "Limit_Skus", + "Limit_Locations" + ], + "kind": "policyDefinitionReferenceId" + } + ], + "value": "Audit" + } + ], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Get", + "title": "Retrieve a policy assignment with overrides" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicyAssignmentWithResourceSelectors.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicyAssignmentWithResourceSelectors.json new file mode 100644 index 000000000000..beb9b1450275 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicyAssignmentWithResourceSelectors.json @@ -0,0 +1,46 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "policyAssignmentName": "CostManagement", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "properties": { + "description": "Limit the resource location and resource SKU", + "definitionVersion": "1.*.*", + "displayName": "Limit the resource location and resource SKU", + "enforcementMode": "Default", + "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "in": [ + "eastus2euap", + "centraluseuap" + ], + "kind": "resourceLocation" + } + ] + } + ], + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Get", + "title": "Retrieve a policy assignment with resource selectors" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicyAssignmentWithUserAssignedIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicyAssignmentWithUserAssignedIdentity.json new file mode 100644 index 000000000000..5def53d8ec6e --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicyAssignmentWithUserAssignedIdentity.json @@ -0,0 +1,50 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": { + "clientId": "4bee2b8a-1bee-47c2-90e9-404241551135", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a" + } + } + }, + "location": "westus", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Get", + "title": "Retrieve a policy assignment with a user assigned identity" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicyDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicyDefinition.json new file mode 100644 index 000000000000..667bd3d6c51e --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicyDefinition.json @@ -0,0 +1,60 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "policyDefinitionName": "ResourceNaming", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitions_Get", + "title": "Retrieve a policy definition" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicyDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicyDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..50d0ba4bc872 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicyDefinitionAtManagementGroup.json @@ -0,0 +1,60 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "managementGroupId": "MyManagementGroup", + "policyDefinitionName": "ResourceNaming" + }, + "responses": { + "200": { + "body": { + "name": "ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitions_GetAtManagementGroup", + "title": "Retrieve a policy definition at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicyDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicyDefinitionVersion.json new file mode 100644 index 000000000000..e0daec7cb078 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicyDefinitionVersion.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "policyDefinitionName": "ResourceNaming", + "policyDefinitionVersion": "1.2.1", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_Get", + "title": "Retrieve a policy definition version" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicyDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicyDefinitionVersionAtManagementGroup.json new file mode 100644 index 000000000000..1c1ec84270d5 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicyDefinitionVersionAtManagementGroup.json @@ -0,0 +1,57 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "managementGroupName": "MyManagementGroup", + "policyDefinitionName": "ResourceNaming", + "policyDefinitionVersion": "1.2.1" + }, + "responses": { + "200": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_GetAtManagementGroup", + "title": "Retrieve a policy definition version at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicySetDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicySetDefinition.json new file mode 100644 index 000000000000..409a2fbc2e9f --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicySetDefinition.json @@ -0,0 +1,77 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "policySetDefinitionName": "CostManagement", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "description": "Policies designed to control spend within a subscription.", + "displayName": "Cost Management Policies" + }, + { + "name": "Organizational", + "description": "Policies that help enforce resource organization standards within a subscription.", + "displayName": "Organizational Policies" + } + ], + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_Get", + "title": "Retrieve a policy set definition" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicySetDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicySetDefinitionAtManagementGroup.json new file mode 100644 index 000000000000..d6ecde4512b0 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicySetDefinitionAtManagementGroup.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "managementGroupId": "MyManagementGroup", + "policySetDefinitionName": "CostManagement" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_GetAtManagementGroup", + "title": "Retrieve a policy set definition at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicySetDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicySetDefinitionVersion.json new file mode 100644 index 000000000000..eefdf88946a5 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicySetDefinitionVersion.json @@ -0,0 +1,74 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "policyDefinitionVersion": "1.2.1", + "policySetDefinitionName": "CostManagement", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionGroups": [ + { + "name": "CostSaving", + "description": "Policies designed to control spend within a subscription.", + "displayName": "Cost Management Policies" + }, + { + "name": "Organizational", + "description": "Policies that help enforce resource organization standards within a subscription.", + "displayName": "Organizational Policies" + } + ], + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "groupNames": [ + "CostSaving" + ], + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "groupNames": [ + "Organizational" + ], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1" + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_Get", + "title": "Retrieve a policy set definition version" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicySetDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicySetDefinitionVersionAtManagementGroup.json new file mode 100644 index 000000000000..fb68c04d970b --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/getPolicySetDefinitionVersionAtManagementGroup.json @@ -0,0 +1,56 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "managementGroupName": "MyManagementGroup", + "policyDefinitionVersion": "1.2.1", + "policySetDefinitionName": "CostManagement" + }, + "responses": { + "200": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1" + } + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_GetAtManagementGroup", + "title": "Retrieve a policy set definition version at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listAllBuiltInPolicyDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listAllBuiltInPolicyDefinitionVersions.json new file mode 100644 index 000000000000..d2403a682723 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listAllBuiltInPolicyDefinitionVersions.json @@ -0,0 +1,107 @@ +{ + "parameters": { + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12/versions/1.2.1", + "properties": { + "description": "Audit DB level audit setting for SQL databases", + "displayName": "Audit SQL DB Level Audit Setting", + "mode": "All", + "parameters": { + "setting": { + "type": "String", + "allowedValues": [ + "enabled", + "disabled" + ], + "metadata": { + "displayName": "Audit Setting" + } + } + }, + "policyRule": { + "if": { + "equals": "Microsoft.Sql/servers/databases", + "field": "type" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "name": "default", + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "existenceCondition": { + "allOf": [ + { + "equals": "[parameters('setting')]", + "field": "Microsoft.Sql/auditingSettings.state" + } + ] + } + } + } + }, + "policyType": "BuiltIn", + "version": "1.2.1" + } + }, + { + "name": "1.0.0", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12/versions/1.0.0", + "properties": { + "description": "Audit DB level audit setting for SQL databases", + "displayName": "Audit SQL DB Level Audit Setting", + "mode": "All", + "parameters": { + "setting": { + "type": "String", + "allowedValues": [ + "enabled", + "disabled", + "default" + ], + "metadata": { + "displayName": "Audit Setting" + } + } + }, + "policyRule": { + "if": { + "equals": "Microsoft.Sql/servers/databases", + "field": "type" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "name": "default", + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "existenceCondition": { + "allOf": [ + { + "equals": "[parameters('setting')]", + "field": "Microsoft.Sql/auditingSettings.state" + } + ] + } + } + } + }, + "policyType": "BuiltIn", + "version": "1.0.0" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_ListAllBuiltins", + "title": "List all built-in policy definition versions" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listAllBuiltInPolicySetDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listAllBuiltInPolicySetDefinitionVersions.json new file mode 100644 index 000000000000..cff066682229 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listAllBuiltInPolicySetDefinitionVersions.json @@ -0,0 +1,83 @@ +{ + "parameters": { + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8/versions/1.2.1", + "properties": { + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "metadata": { + "category": "Security Center" + }, + "parameters": {}, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "policyDefinitionReferenceId": "RefId1" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "policyDefinitionReferenceId": "RefId2" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "policyDefinitionReferenceId": "RefId3" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "policyDefinitionReferenceId": "RefId4" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "policyDefinitionReferenceId": "RefId5" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "policyDefinitionReferenceId": "RefId6" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "policyDefinitionReferenceId": "RefId7" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "policyDefinitionReferenceId": "RefId8" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "policyDefinitionReferenceId": "RefId9" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "policyDefinitionReferenceId": "RefId10" + } + ], + "policyType": "BuiltIn", + "version": "1.2.1" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_ListAllBuiltins", + "title": "List all built-in policy definition versions" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listAllPolicyDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listAllPolicyDefinitionVersions.json new file mode 100644 index 000000000000..40c4c8a59de4 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listAllPolicyDefinitionVersions.json @@ -0,0 +1,101 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + { + "name": "1.0.0", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.0.0", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '-*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.0.0" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_ListAll", + "title": "List all policy definition versions at subscription" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listAllPolicyDefinitionVersionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listAllPolicyDefinitionVersionsByManagementGroup.json new file mode 100644 index 000000000000..bd600f72687b --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listAllPolicyDefinitionVersionsByManagementGroup.json @@ -0,0 +1,101 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "managementGroupName": "MyManagementGroup" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + { + "name": "1.0.0", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.0.0", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '-*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_ListAllAtManagementGroup", + "title": "List all policy definition versions at management group" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listAllPolicySetDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listAllPolicySetDefinitionVersions.json new file mode 100644 index 000000000000..9f3b6356db16 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listAllPolicySetDefinitionVersions.json @@ -0,0 +1,58 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_ListAll", + "title": "List all policy definition versions at subscription" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listAllPolicySetDefinitionVersionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listAllPolicySetDefinitionVersionsByManagementGroup.json new file mode 100644 index 000000000000..78a5b395bd2e --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listAllPolicySetDefinitionVersionsByManagementGroup.json @@ -0,0 +1,125 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "managementGroupName": "MyManagementGroup" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8/versoins/1.2.1", + "properties": { + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "metadata": { + "category": "Security Center" + }, + "parameters": {}, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "policyDefinitionReferenceId": "RefId1" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "policyDefinitionReferenceId": "RefId2" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "policyDefinitionReferenceId": "RefId3" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "policyDefinitionReferenceId": "RefId4" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "policyDefinitionReferenceId": "RefId5" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "policyDefinitionReferenceId": "RefId6" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "policyDefinitionReferenceId": "RefId7" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "policyDefinitionReferenceId": "RefId8" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "policyDefinitionReferenceId": "RefId9" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "policyDefinitionReferenceId": "RefId10" + } + ], + "policyType": "BuiltIn", + "version": "1.2.1" + } + }, + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_ListAllAtManagementGroup", + "title": "List all policy definition versions at management group" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listBuiltInPolicyDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listBuiltInPolicyDefinitionVersions.json new file mode 100644 index 000000000000..0aac2071f496 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listBuiltInPolicyDefinitionVersions.json @@ -0,0 +1,108 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "policyDefinitionName": "06a78e20-9358-41c9-923c-fb736d382a12" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12/versions/1.2.1", + "properties": { + "description": "Audit DB level audit setting for SQL databases", + "displayName": "Audit SQL DB Level Audit Setting", + "mode": "All", + "parameters": { + "setting": { + "type": "String", + "allowedValues": [ + "enabled", + "disabled" + ], + "metadata": { + "displayName": "Audit Setting" + } + } + }, + "policyRule": { + "if": { + "equals": "Microsoft.Sql/servers/databases", + "field": "type" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "name": "default", + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "existenceCondition": { + "allOf": [ + { + "equals": "[parameters('setting')]", + "field": "Microsoft.Sql/auditingSettings.state" + } + ] + } + } + } + }, + "policyType": "BuiltIn", + "version": "1.2.1" + } + }, + { + "name": "1.0.0", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12/versions/1.0.0", + "properties": { + "description": "Audit DB level audit setting for SQL databases", + "displayName": "Audit SQL DB Level Audit Setting", + "mode": "All", + "parameters": { + "setting": { + "type": "String", + "allowedValues": [ + "enabled", + "disabled", + "default" + ], + "metadata": { + "displayName": "Audit Setting" + } + } + }, + "policyRule": { + "if": { + "equals": "Microsoft.Sql/servers/databases", + "field": "type" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "name": "default", + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "existenceCondition": { + "allOf": [ + { + "equals": "[parameters('setting')]", + "field": "Microsoft.Sql/auditingSettings.state" + } + ] + } + } + } + }, + "policyType": "BuiltIn", + "version": "1.0.0" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_ListBuiltIn", + "title": "List built-in policy definition versions" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listBuiltInPolicyDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listBuiltInPolicyDefinitions.json new file mode 100644 index 000000000000..1b4c23e59536 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listBuiltInPolicyDefinitions.json @@ -0,0 +1,147 @@ +{ + "parameters": { + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "06a78e20-9358-41c9-923c-fb736d382a12", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12", + "properties": { + "description": "Audit DB level audit setting for SQL databases", + "displayName": "Audit SQL DB Level Audit Setting", + "mode": "All", + "parameters": { + "setting": { + "type": "String", + "allowedValues": [ + "enabled", + "disabled" + ], + "metadata": { + "displayName": "Audit Setting" + } + } + }, + "policyRule": { + "if": { + "equals": "Microsoft.Sql/servers/databases", + "field": "type" + }, + "then": { + "effect": "AuditIfNotExists", + "details": { + "name": "default", + "type": "Microsoft.Sql/servers/databases/auditingSettings", + "existenceCondition": { + "allOf": [ + { + "equals": "[parameters('setting')]", + "field": "Microsoft.Sql/auditingSettings.state" + } + ] + } + } + } + }, + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + { + "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "properties": { + "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.", + "displayName": "Allowed storage account SKUs", + "mode": "All", + "parameters": { + "listOfAllowedSKUs": { + "type": "Array", + "metadata": { + "description": "The list of SKUs that can be specified for storage accounts.", + "displayName": "Allowed SKUs", + "strongType": "StorageSKUs" + } + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Storage/storageAccounts", + "field": "type" + }, + { + "not": { + "field": "Microsoft.Storage/storageAccounts/sku.name", + "in": "[parameters('listOfAllowedSKUs')]" + } + } + ] + }, + "then": { + "effect": "Deny" + } + }, + "policyType": "Static", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + { + "name": "abeed54a-73c5-441d-8a8c-6b5e7a0c299e", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/abeed54a-73c5-441d-8a8c-6b5e7a0c299e", + "properties": { + "description": "Audit certificates that are stored in Azure Key Vault, that expire within 'X' number of days.", + "displayName": "Audit KeyVault certificates that expire within specified number of days", + "metadata": { + "category": "KeyVault DataPlane" + }, + "mode": "Microsoft.KeyVault.Data", + "parameters": { + "daysToExpire": { + "type": "Integer", + "metadata": { + "description": "The number of days for a certificate to expire.", + "displayName": "Days to expire" + } + } + }, + "policyRule": { + "if": { + "field": "Microsoft.KeyVault.Data/vaults/certificates/attributes/expiresOn", + "lessOrEquals": "[addDays(utcNow(), parameters('daysToExpire'))]" + }, + "then": { + "effect": "audit" + } + }, + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitions_ListBuiltIn", + "title": "List built-in policy definitions" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listBuiltInPolicySetDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listBuiltInPolicySetDefinitionVersions.json new file mode 100644 index 000000000000..4f475cdaade9 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listBuiltInPolicySetDefinitionVersions.json @@ -0,0 +1,84 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "policySetDefinitionName": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8/versions/1.2.1", + "properties": { + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "metadata": { + "category": "Security Center" + }, + "parameters": {}, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "policyDefinitionReferenceId": "RefId1" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "policyDefinitionReferenceId": "RefId2" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "policyDefinitionReferenceId": "RefId3" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "policyDefinitionReferenceId": "RefId4" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "policyDefinitionReferenceId": "RefId5" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "policyDefinitionReferenceId": "RefId6" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "policyDefinitionReferenceId": "RefId7" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "policyDefinitionReferenceId": "RefId8" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "policyDefinitionReferenceId": "RefId9" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "policyDefinitionReferenceId": "RefId10" + } + ], + "policyType": "BuiltIn", + "version": "1.2.1" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_ListBuiltIn", + "title": "List built-in policy set definitions" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listBuiltInPolicySetDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listBuiltInPolicySetDefinitions.json new file mode 100644 index 000000000000..ed5ee47c8bc4 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listBuiltInPolicySetDefinitions.json @@ -0,0 +1,87 @@ +{ + "parameters": { + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "properties": { + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "metadata": { + "category": "Security Center" + }, + "parameters": {}, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "policyDefinitionReferenceId": "RefId1" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "policyDefinitionReferenceId": "RefId2" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "policyDefinitionReferenceId": "RefId3" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "policyDefinitionReferenceId": "RefId4" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "policyDefinitionReferenceId": "RefId5" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "policyDefinitionReferenceId": "RefId6" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "policyDefinitionReferenceId": "RefId7" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "policyDefinitionReferenceId": "RefId8" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "policyDefinitionReferenceId": "RefId9" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "policyDefinitionReferenceId": "RefId10" + } + ], + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_ListBuiltIn", + "title": "List built-in policy set definitions" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicyAssignments.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicyAssignments.json new file mode 100644 index 000000000000..f2d9c3c189ac --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicyAssignments.json @@ -0,0 +1,65 @@ +{ + "operationId": "PolicyAssignments_List", + "title": "List policy assignments that apply to a subscription", + "parameters": { + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2025-03-01", + "$filter": "atScope()", + "$expand": "LatestDefinitionVersion, EffectiveDefinitionVersion" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "CostManagement", + "location": "eastus", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "properties": { + "displayName": "Storage Cost Management", + "description": "Minimize the risk of accidental cost overruns", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/storageSkus", + "definitionVersion": "1.*.*", + "latestDefinitionVersion": "1.0.0", + "effectiveDefinitionVersion": "1.0.0", + "parameters": { + "allowedSkus": { + "value": "Standard_A1" + } + }, + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "notScopes": [], + "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e" + } + }, + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/TagEnforcement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TagEnforcement", + "properties": { + "displayName": "Enforces a tag key and value", + "description": "Ensure a given tag key and value are present on all resources", + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue", + "definitionVersion": "1.*.*", + "latestDefinitionVersion": "1.0.0", + "effectiveDefinitionVersion": "1.0.0", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "notScopes": [], + "instanceId": "b6d7e8f9-a0b1-2c3d-4e5f-6a7b8c9d0e1f" + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicyAssignmentsForManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicyAssignmentsForManagementGroup.json new file mode 100644 index 000000000000..024b8b286e49 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicyAssignmentsForManagementGroup.json @@ -0,0 +1,65 @@ +{ + "operationId": "PolicyAssignments_ListForManagementGroup", + "title": "List policy assignments that apply to a management group", + "parameters": { + "managementGroupId": "TestManagementGroup", + "api-version": "2025-03-01", + "$filter": "atScope()", + "$expand": "LatestDefinitionVersion, EffectiveDefinitionVersion" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/providers/Microsoft.Management/managementGroups/TestManagementGroup/providers/Microsoft.Authorization/policyAssignments/TestCostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TestCostManagement", + "location": "eastus", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "properties": { + "displayName": "Storage Cost Management", + "description": "Minimize the risk of accidental cost overruns", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/TestManagementGroup/providers/Microsoft.Authorization/policyDefinitions/storageSkus", + "definitionVersion": "1.*.*", + "latestDefinitionVersion": "1.0.0", + "effectiveDefinitionVersion": "1.0.0", + "parameters": { + "allowedSkus": { + "value": "Standard_A1" + } + }, + "scope": "/providers/Microsoft.Management/managementGroups/TestManagementGroup", + "notScopes": [], + "instanceId": "c7e8f9a0-b1c2-3d4e-5f6a-7b8c9d0e1f2a" + } + }, + { + "id": "/providers/Microsoft.Management/managementGroups/TestManagementGroup/providers/Microsoft.Authorization/policyAssignments/TestTagEnforcement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TestTagEnforcement", + "properties": { + "displayName": "Enforces a tag key and value", + "description": "Ensure a given tag key and value are present on all resources", + "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/TestManagementGroup/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue", + "definitionVersion": "1.*.*", + "latestDefinitionVersion": "1.0.0", + "effectiveDefinitionVersion": "1.0.0", + "scope": "/providers/Microsoft.Management/managementGroups/TestManagementGroup", + "notScopes": [], + "instanceId": "d8f9a0b1-c2d3-4e5f-6a7b-8c9d0e1f2a3b" + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicyAssignmentsForResource.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicyAssignmentsForResource.json new file mode 100644 index 000000000000..226a1b016837 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicyAssignmentsForResource.json @@ -0,0 +1,64 @@ +{ + "operationId": "PolicyAssignments_ListForResource", + "title": "List policy assignments that apply to a resource group", + "parameters": { + "resourceGroupName": "TestResourceGroup", + "resourceProviderNamespace": "Microsoft.Compute", + "parentResourcePath": "virtualMachines/MyTestVm", + "resourceType": "domainNames", + "resourceName": "MyTestComputer.cloudapp.net", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2025-03-01" + }, + "responses": { + "200": { + "headers": {}, + "body": { + "value": [ + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestCostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TestCostManagement", + "location": "eastus", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "properties": { + "displayName": "VM Cost Management", + "description": "Minimize the risk of accidental cost overruns", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/vmSkus", + "definitionVersion": "1.*.*", + "parameters": { + "allowedSkus": { + "value": "Standard_A1" + } + }, + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup", + "notScopes": [], + "instanceId": "e9a0b1c2-d3e4-5f6a-7b8c-9d0e1f2a3b4c" + } + }, + { + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestTagEnforcement", + "type": "Microsoft.Authorization/policyAssignments", + "name": "TestTagEnforcement", + "properties": { + "displayName": "Enforces a tag key and value", + "description": "Ensure a given tag key and value are present on all resources", + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue", + "definitionVersion": "1.*.*", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup", + "notScopes": [], + "instanceId": "f0b1c2d3-e4f5-6a7b-8c9d-0e1f2a3b4c5d" + } + } + ] + } + } + } +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicyAssignmentsForResourceGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicyAssignmentsForResourceGroup.json new file mode 100644 index 000000000000..0f76fed8aea7 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicyAssignmentsForResourceGroup.json @@ -0,0 +1,66 @@ +{ + "parameters": { + "$expand": "LatestDefinitionVersion, EffectiveDefinitionVersion", + "$filter": "atScope()", + "api-version": "2025-03-01", + "resourceGroupName": "TestResourceGroup", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "TestCostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestCostManagement", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "eastus", + "properties": { + "description": "Minimize the risk of accidental cost overruns", + "definitionVersion": "1.*.*", + "displayName": "Storage Cost Management", + "effectiveDefinitionVersion": "1.0.0", + "instanceId": "a1b2c3d4-e5f6-7a8b-9c0d-1e2f3a4b5c6d", + "latestDefinitionVersion": "1.0.0", + "metadata": { + "category": "Cost Management" + }, + "notScopes": [], + "parameters": { + "allowedSkus": { + "value": "Standard_A1" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/storageSkus", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup" + } + }, + { + "name": "TestTagEnforcement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestTagEnforcement", + "properties": { + "description": "Ensure a given tag key and value are present on all resources", + "definitionVersion": "1.*.*", + "displayName": "Enforces a tag key and value", + "effectiveDefinitionVersion": "1.0.0", + "instanceId": "f0b1c2d3-e4f5-6a7b-8c9d-0e1f2a3b4c5d", + "latestDefinitionVersion": "1.0.0", + "notScopes": [], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_ListForResourceGroup", + "title": "List policy assignments that apply to a resource group" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicyDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicyDefinitionVersions.json new file mode 100644 index 000000000000..e9b75f33f184 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicyDefinitionVersions.json @@ -0,0 +1,102 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "policyDefinitionName": "ResourceNaming", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + { + "name": "1.0.0", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.0.0", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '-*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.0.0" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_List", + "title": "List policy definition versions by subscription" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicyDefinitionVersionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicyDefinitionVersionsByManagementGroup.json new file mode 100644 index 000000000000..87ef147d5c7c --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicyDefinitionVersionsByManagementGroup.json @@ -0,0 +1,102 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "managementGroupName": "MyManagementGroup", + "policyDefinitionName": "ResourceNaming" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + { + "name": "1.0.0", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.0.0", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '-*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitionVersions_ListByManagementGroup", + "title": "List policy definition versions by management group" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicyDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicyDefinitions.json new file mode 100644 index 000000000000..9eafcde5e7b7 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicyDefinitions.json @@ -0,0 +1,145 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "properties": { + "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.", + "displayName": "Allowed storage account SKUs", + "mode": "All", + "parameters": { + "listOfAllowedSKUs": { + "type": "Array", + "metadata": { + "description": "The list of SKUs that can be specified for storage accounts.", + "displayName": "Allowed SKUs", + "strongType": "StorageSKUs" + } + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Storage/storageAccounts", + "field": "type" + }, + { + "not": { + "field": "Microsoft.Storage/storageAccounts/sku.name", + "in": "[parameters('listOfAllowedSKUs')]" + } + } + ] + }, + "then": { + "effect": "Deny" + } + }, + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + { + "name": "ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + { + "name": "AuditSoonToExpireCerts", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/AuditSoonToExpireCerts", + "properties": { + "description": "Audit certificates that are stored in Azure Key Vault, that expire within 'X' number of days.", + "displayName": "Audit KeyVault certificates that expire within specified number of days", + "metadata": { + "category": "KeyVault DataPlane" + }, + "mode": "Microsoft.KeyVault.Data", + "parameters": { + "daysToExpire": { + "type": "Integer", + "metadata": { + "description": "The number of days for a certificate to expire.", + "displayName": "Days to expire" + } + } + }, + "policyRule": { + "if": { + "field": "Microsoft.KeyVault.Data/vaults/certificates/attributes/expiresOn", + "lessOrEquals": "[addDays(utcNow(), parameters('daysToExpire'))]" + }, + "then": { + "effect": "audit" + } + }, + "policyType": "Custom", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitions_List", + "title": "List policy definitions by subscription" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicyDefinitionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicyDefinitionsByManagementGroup.json new file mode 100644 index 000000000000..3367ff8c2f67 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicyDefinitionsByManagementGroup.json @@ -0,0 +1,108 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "managementGroupId": "MyManagementGroup" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "properties": { + "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.", + "displayName": "Allowed storage account SKUs", + "mode": "All", + "parameters": { + "listOfAllowedSKUs": { + "type": "Array", + "metadata": { + "description": "The list of SKUs that can be specified for storage accounts.", + "displayName": "Allowed SKUs", + "strongType": "StorageSKUs" + } + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "equals": "Microsoft.Storage/storageAccounts", + "field": "type" + }, + { + "not": { + "field": "Microsoft.Storage/storageAccounts/sku.name", + "in": "[parameters('listOfAllowedSKUs')]" + } + } + ] + }, + "then": { + "effect": "Deny" + } + }, + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + { + "name": "ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", + "parameters": { + "prefix": { + "type": "String", + "metadata": { + "description": "Resource name prefix", + "displayName": "Prefix" + } + }, + "suffix": { + "type": "String", + "metadata": { + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicyDefinitions_ListByManagementGroup", + "title": "List policy definitions by management group" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicySetDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicySetDefinitionVersions.json new file mode 100644 index 000000000000..66d61cb56c09 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicySetDefinitionVersions.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "policySetDefinitionName": "CostManagement", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_List", + "title": "List policy set definitions" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicySetDefinitionVersionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicySetDefinitionVersionsByManagementGroup.json new file mode 100644 index 000000000000..2d887eb2cbd0 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicySetDefinitionVersionsByManagementGroup.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "managementGroupName": "MyManagementGroup", + "policySetDefinitionName": "CostManagement" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1" + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitionVersions_ListByManagementGroup", + "title": "List policy set definitions at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicySetDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicySetDefinitions.json new file mode 100644 index 000000000000..d330a3004a84 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicySetDefinitions.json @@ -0,0 +1,133 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "properties": { + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "metadata": { + "category": "Security Center" + }, + "parameters": {}, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "policyDefinitionReferenceId": "RefId1" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "policyDefinitionReferenceId": "RefId2" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "policyDefinitionReferenceId": "RefId3" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "policyDefinitionReferenceId": "RefId4" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "policyDefinitionReferenceId": "RefId5" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "policyDefinitionReferenceId": "RefId6" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "policyDefinitionReferenceId": "RefId7" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "policyDefinitionReferenceId": "RefId8" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "policyDefinitionReferenceId": "RefId9" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "policyDefinitionReferenceId": "RefId10" + } + ], + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_List", + "title": "List policy set definitions" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicySetDefinitionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicySetDefinitionsByManagementGroup.json new file mode 100644 index 000000000000..c13d482435c4 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/listPolicySetDefinitionsByManagementGroup.json @@ -0,0 +1,131 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "managementGroupId": "MyManagementGroup" + }, + "responses": { + "200": { + "body": { + "value": [ + { + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "properties": { + "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", + "metadata": { + "category": "Security Center" + }, + "parameters": {}, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", + "policyDefinitionReferenceId": "RefId1" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", + "policyDefinitionReferenceId": "RefId2" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "policyDefinitionReferenceId": "RefId3" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", + "policyDefinitionReferenceId": "RefId4" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", + "policyDefinitionReferenceId": "RefId5" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "policyDefinitionReferenceId": "RefId6" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", + "policyDefinitionReferenceId": "RefId7" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", + "policyDefinitionReferenceId": "RefId8" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "policyDefinitionReferenceId": "RefId9" + }, + { + "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "policyDefinitionReferenceId": "RefId10" + } + ], + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + { + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "properties": { + "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", + "metadata": { + "category": "Cost Management" + }, + "policyDefinitions": [ + { + "definitionVersion": "1.*.*", + "parameters": { + "listOfAllowedSKUs": { + "value": [ + "Standard_GRS", + "Standard_LRS" + ] + } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" + }, + { + "definitionVersion": "1.*.*", + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" + } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + } + ] + }, + "headers": {} + } + }, + "operationId": "PolicySetDefinitions_ListByManagementGroup", + "title": "List policy set definitions at management group level" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/updatePolicyAssignmentWithIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/updatePolicyAssignmentWithIdentity.json new file mode 100644 index 000000000000..116b5227d41c --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/updatePolicyAssignmentWithIdentity.json @@ -0,0 +1,52 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "parameters": { + "identity": { + "type": "SystemAssigned" + }, + "location": "eastus" + }, + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "eastus", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Update", + "title": "Update a policy assignment with a system assigned identity" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/updatePolicyAssignmentWithOverrides.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/updatePolicyAssignmentWithOverrides.json new file mode 100644 index 000000000000..84030547bf7e --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/updatePolicyAssignmentWithOverrides.json @@ -0,0 +1,66 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "parameters": { + "properties": { + "overrides": [ + { + "kind": "policyEffect", + "selectors": [ + { + "in": [ + "Limit_Skus", + "Limit_Locations" + ], + "kind": "policyDefinitionReferenceId" + } + ], + "value": "Audit" + } + ] + } + }, + "policyAssignmentName": "CostManagement", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "properties": { + "description": "Limit the resource location and resource SKU", + "definitionVersion": "1.*.*", + "displayName": "Limit the resource location and resource SKU", + "enforcementMode": "Default", + "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "overrides": [ + { + "kind": "policyEffect", + "selectors": [ + { + "in": [ + "Limit_Skus", + "Limit_Locations" + ], + "kind": "policyDefinitionReferenceId" + } + ], + "value": "Audit" + } + ], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Update", + "title": "Update a policy assignment with overrides" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/updatePolicyAssignmentWithResourceSelectors.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/updatePolicyAssignmentWithResourceSelectors.json new file mode 100644 index 000000000000..4c6967ba9aec --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/updatePolicyAssignmentWithResourceSelectors.json @@ -0,0 +1,64 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "parameters": { + "properties": { + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "in": [ + "eastus2euap", + "centraluseuap" + ], + "kind": "resourceLocation" + } + ] + } + ] + } + }, + "policyAssignmentName": "CostManagement", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", + "properties": { + "description": "Limit the resource location and resource SKU", + "definitionVersion": "1.*.*", + "displayName": "Limit the resource location and resource SKU", + "enforcementMode": "Default", + "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "resourceSelectors": [ + { + "name": "SDPRegions", + "selectors": [ + { + "in": [ + "eastus2euap", + "centraluseuap" + ], + "kind": "resourceLocation" + } + ] + } + ], + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Update", + "title": "Update a policy assignment with resource selectors" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/updatePolicyAssignmentWithUserAssignedIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/updatePolicyAssignmentWithUserAssignedIdentity.json new file mode 100644 index 000000000000..1b4d76996cb7 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/examples/2025-03-01/updatePolicyAssignmentWithUserAssignedIdentity.json @@ -0,0 +1,59 @@ +{ + "parameters": { + "api-version": "2025-03-01", + "parameters": { + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": {} + } + }, + "location": "eastus" + }, + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + }, + "responses": { + "200": { + "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": { + "clientId": "4bee2b8a-1bee-47c2-90e9-404241551135", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a" + } + } + }, + "location": "eastus", + "properties": { + "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", + "metadata": { + "assignedBy": "Special Someone" + }, + "notScopes": [], + "parameters": { + "prefix": { + "value": "DeptA" + }, + "suffix": { + "value": "-LC" + } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} + } + }, + "operationId": "PolicyAssignments_Update", + "title": "Update a policy assignment with a user assigned identity" +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/main.tsp b/specification/resources/resource-manager/Microsoft.Authorization/policy/main.tsp new file mode 100644 index 000000000000..a77bcb30e725 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/main.tsp @@ -0,0 +1,48 @@ +/** + * PLEASE DO NOT REMOVE - USED FOR CONVERTER METRICS + * Generated by package: @autorest/openapi-to-typespec + * Parameters used: + * isFullCompatible: true + * guessResourceKey: false + * Version: 0.11.12 + * Date: 2025-10-27T02:40:16.533Z + */ +import "@typespec/rest"; +import "@typespec/versioning"; +import "@azure-tools/typespec-azure-core"; +import "@azure-tools/typespec-azure-resource-manager"; +import "./models.tsp"; +import "./back-compatible.tsp"; +import "./PolicyAssignment.tsp"; +import "./PolicyDefinition.tsp"; +import "./PolicyDefinitionVersion.tsp"; +import "./PolicySetDefinition.tsp"; +import "./PolicySetDefinitionVersion.tsp"; +import "./routes.tsp"; + +using TypeSpec.Rest; +using TypeSpec.Http; +using Azure.ResourceManager.Foundations; +using Azure.Core; +using Azure.ResourceManager; +using TypeSpec.Versioning; + +/** + * To manage and control access to your resources, you can define customized policies and assign them at a scope. + */ +#suppress "@azure-tools/typespec-azure-resource-manager/missing-operations-endpoint" "For backward compatibility" +@armProviderNamespace +@service(#{ title: "PolicyClient" }) +@versioned(Versions) +@armCommonTypesVersion(Azure.ResourceManager.CommonTypes.Versions.v5) +namespace Microsoft.Authorization; + +/** + * The available API versions. + */ +enum Versions { + /** + * The 2025-03-01 API version. + */ + v2025_03_01: "2025-03-01", +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/models.tsp b/specification/resources/resource-manager/Microsoft.Authorization/policy/models.tsp new file mode 100644 index 000000000000..d3c68971f29d --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/models.tsp @@ -0,0 +1,1136 @@ +import "@typespec/rest"; +import "@typespec/http"; +import "@azure-tools/typespec-azure-resource-manager"; + +using TypeSpec.Rest; +using TypeSpec.Http; +using Azure.ResourceManager; +using Azure.ResourceManager.Foundations; + +namespace Microsoft.Authorization; + +/** + * The policy assignment enforcement mode. Possible values are Default, DoNotEnforce, and Enroll + */ +union EnforcementMode { + string, + + /** + * The policy effect is enforced during resource creation or update. + */ + Default: "Default", + + /** + * The policy effect is not enforced during resource creation or update. + */ + DoNotEnforce: "DoNotEnforce", + + /** + * The policy effect is not enforced during resource creation or update until the resource or scope of the resource is enrolled to the assignment instance. Enrollment occurs upon deployment of the policy enrollment resource. + */ + Enroll: "Enroll", +} + +/** + * The selector kind. + */ +union SelectorKind { + string, + + /** + * The selector kind to filter policies by the resource location. + */ + resourceLocation: "resourceLocation", + + /** + * The selector kind to filter policies by the resource type. + */ + resourceType: "resourceType", + + /** + * The selector kind to filter policies by the resource without location. + */ + resourceWithoutLocation: "resourceWithoutLocation", + + /** + * The selector kind to filter policies by the policy definition reference ID. + */ + policyDefinitionReferenceId: "policyDefinitionReferenceId", +} + +/** + * The override kind. + */ +union OverrideKind { + string, + + /** + * It will override the policy effect type. + */ + policyEffect: "policyEffect", + + /** + * It will override the definition version property value of the policy assignment. + */ + definitionVersion: "definitionVersion", +} + +/** + * The type of policy assignment. Possible values are NotSpecified, System, SystemHidden, and Custom. Immutable. + */ +union AssignmentType { + string, + + /** + * NotSpecified + */ + NotSpecified: "NotSpecified", + + /** + * System + */ + System: "System", + + /** + * SystemHidden + */ + SystemHidden: "SystemHidden", + + /** + * Custom + */ + Custom: "Custom", +} + +/** + * The type of identity that created the resource. + */ +union CreatedByType { + string, + + /** + * User + */ + User: "User", + + /** + * Application + */ + Application: "Application", + + /** + * ManagedIdentity + */ + ManagedIdentity: "ManagedIdentity", + + /** + * Key + */ + Key: "Key", +} + +/** + * The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. + */ +union PolicyType { + string, + + /** + * NotSpecified + */ + NotSpecified: "NotSpecified", + + /** + * BuiltIn + */ + BuiltIn: "BuiltIn", + + /** + * Custom + */ + Custom: "Custom", + + /** + * Static + */ + Static: "Static", +} + +/** + * The data type of the parameter. + */ +union ParameterType { + string, + + /** + * String + */ + String: "String", + + /** + * Array + */ + Array: "Array", + + /** + * Object + */ + Object: "Object", + + /** + * Boolean + */ + Boolean: "Boolean", + + /** + * Integer + */ + Integer: "Integer", + + /** + * Float + */ + Float: "Float", + + /** + * DateTime + */ + DateTime: "DateTime", +} + +/** + * The result of the completed token acquisition operation. Possible values are Succeeded and Failed. + */ +union PolicyTokenResult { + string, + + /** + * Succeeded + */ + Succeeded: "Succeeded", + + /** + * Failed + */ + Failed: "Failed", +} + +/** + * The result of the external endpoint. Possible values are Succeeded and Failed. + */ +union ExternalEndpointResult { + string, + + /** + * Succeeded + */ + Succeeded: "Succeeded", + + /** + * Failed + */ + Failed: "Failed", +} + +/** + * The identity type. This is the only required field when adding a system or user assigned identity to a resource. + */ +#suppress "@azure-tools/typespec-azure-core/no-enum" "For backward compatibility" +enum ResourceIdentityType { + /** + * Indicates that a system assigned identity is associated with the resource. + */ + SystemAssigned, + + /** + * Indicates that a system assigned identity is associated with the resource. + */ + UserAssigned, + + /** + * Indicates that no identity is associated with the resource or that the existing identity should be removed. + */ + None, +} + +/** + * The policy assignment properties. + */ +#suppress "@azure-tools/typespec-azure-resource-manager/arm-resource-provisioning-state" "For backward compatibility" +model PolicyAssignmentProperties { + /** + * The display name of the policy assignment. + */ + displayName?: string; + + /** + * The ID of the policy definition or policy set definition being assigned. + */ + policyDefinitionId?: string; + + /** + * The version of the policy definition to use. + */ + definitionVersion?: string; + + /** + * The latest version of the policy definition available. This is only present if requested via the $expand query parameter. + */ + @visibility(Lifecycle.Read) + latestDefinitionVersion?: string; + + /** + * The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. + */ + @visibility(Lifecycle.Read) + effectiveDefinitionVersion?: string; + + /** + * The scope for the policy assignment. + */ + @visibility(Lifecycle.Read) + scope?: string; + + /** + * The policy's excluded scopes. + */ + notScopes?: string[]; + + /** + * The parameter values for the assigned policy rule. The keys are the parameter names. + */ + #suppress "@azure-tools/typespec-azure-resource-manager/arm-no-record" "For backward compatibility" + parameters?: Record; + + /** + * This message will be part of response in case of policy violation. + */ + description?: string; + + /** + * The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs. + */ + #suppress "@azure-tools/typespec-azure-core/no-unknown" "For backward compatibility" + metadata?: unknown; + + /** + * The policy assignment enforcement mode. Possible values are Default, DoNotEnforce, and Enroll + */ + enforcementMode?: EnforcementMode = EnforcementMode.Default; + + /** + * The messages that describe why a resource is non-compliant with the policy. + */ + @identifiers(#["message", "policyDefinitionReferenceId"]) + nonComplianceMessages?: NonComplianceMessage[]; + + /** + * The resource selector list to filter policies by resource properties. + */ + @identifiers(#[]) + resourceSelectors?: ResourceSelector[]; + + /** + * The policy property value override. + */ + @identifiers(#[]) + overrides?: Override[]; + + /** + * The type of policy assignment. Possible values are NotSpecified, System, SystemHidden, and Custom. Immutable. + */ + assignmentType?: AssignmentType; + + /** + * The instance ID of the policy assignment. This ID only and always changes when the assignment is deleted and recreated. + */ + @visibility(Lifecycle.Read) + instanceId?: string; +} + +/** + * The value of a parameter. + */ +model ParameterValuesValue { + /** + * The value of the parameter. + */ + #suppress "@azure-tools/typespec-azure-core/no-unknown" "For backward compatibility" + value?: unknown; +} + +/** + * A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results. + */ +model NonComplianceMessage { + /** + * A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results. + */ + message: string; + + /** + * The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment. + */ + policyDefinitionReferenceId?: string; +} + +/** + * The resource selector to filter policies by resource properties. + */ +model ResourceSelector { + /** + * The name of the resource selector. + */ + name?: string; + + /** + * The list of the selector expressions. + */ + @identifiers(#[]) + selectors?: Selector[]; +} + +/** + * The selector expression. + */ +model Selector { + /** + * The selector kind. + */ + kind?: SelectorKind; + + /** + * The list of values to filter in. + */ + in?: string[]; + + /** + * The list of values to filter out. + */ + notIn?: string[]; +} + +/** + * The policy property value override. + */ +model Override { + /** + * The override kind. + */ + kind?: OverrideKind; + + /** + * The value to override the policy property. + */ + value?: string; + + /** + * The list of the selector expressions. + */ + @identifiers(#[]) + selectors?: Selector[]; +} + +/** + * Identity for the resource. Policy assignments support a maximum of one identity. That is either a system assigned identity or a single user assigned identity. + */ +model Identity { + /** + * The principal ID of the resource identity. This property will only be provided for a system assigned identity + */ + @visibility(Lifecycle.Read) + principalId?: string; + + /** + * The tenant ID of the resource identity. This property will only be provided for a system assigned identity + */ + @visibility(Lifecycle.Read) + tenantId?: string; + + /** + * The identity type. This is the only required field when adding a system or user assigned identity to a resource. + */ + type?: ResourceIdentityType; + + /** + * The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. + */ + #suppress "@azure-tools/typespec-azure-resource-manager/arm-no-record" "For backward compatibility" + userAssignedIdentities?: Record; +} + +#suppress "@azure-tools/typespec-azure-core/documentation-required" "For backward compatibility" +model UserAssignedIdentitiesValue { + /** + * The principal id of user assigned identity. + */ + @visibility(Lifecycle.Read) + principalId?: string; + + /** + * The client id of user assigned identity. + */ + @visibility(Lifecycle.Read) + clientId?: string; +} + +/** + * The policy assignment for Patch request. + */ +model PolicyAssignmentUpdate { + /** + * The policy assignment properties for Patch request. + */ + properties?: PolicyAssignmentUpdateProperties; + + /** + * The location of the policy assignment. Only required when utilizing managed identity. + */ + location?: string; + + /** + * The managed identity associated with the policy assignment. + */ + identity?: Identity; +} + +/** + * The policy assignment properties for Patch request. + */ +model PolicyAssignmentUpdateProperties { + /** + * The resource selector list to filter policies by resource properties. + */ + @identifiers(#[]) + resourceSelectors?: ResourceSelector[]; + + /** + * The policy property value override. + */ + @identifiers(#[]) + overrides?: Override[]; +} + +/** + * The policy definition properties. + */ +#suppress "@azure-tools/typespec-azure-resource-manager/arm-resource-provisioning-state" "For backward compatibility" +model PolicyDefinitionProperties { + /** + * The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. + */ + policyType?: PolicyType; + + /** + * The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. + */ + mode?: string = "Indexed"; + + /** + * The display name of the policy definition. + */ + displayName?: string; + + /** + * The policy definition description. + */ + description?: string; + + /** + * The policy rule. + */ + #suppress "@azure-tools/typespec-azure-core/no-unknown" "For backward compatibility" + policyRule?: unknown; + + /** + * The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. + */ + #suppress "@azure-tools/typespec-azure-core/no-unknown" "For backward compatibility" + metadata?: unknown; + + /** + * The parameter definitions for parameters used in the policy rule. The keys are the parameter names. + */ + #suppress "@azure-tools/typespec-azure-resource-manager/arm-no-record" "For backward compatibility" + parameters?: Record; + + /** + * The policy definition version in #.#.# format. + */ + version?: string; + + /** + * A list of available versions for this policy definition. + */ + versions?: string[]; + + /** + * The details of the source of external evaluation results required by the policy during enforcement evaluation. + */ + externalEvaluationEnforcementSettings?: ExternalEvaluationEnforcementSettings; +} + +/** + * The definition of a parameter that can be provided to the policy. + */ +model ParameterDefinitionsValue { + /** + * The data type of the parameter. + */ + type?: ParameterType; + + /** + * The allowed values for the parameter. + */ + allowedValues?: unknown[]; + + /** + * The default value for the parameter if no value is provided. + */ + #suppress "@azure-tools/typespec-azure-core/no-unknown" "For backward compatibility" + defaultValue?: unknown; + + /** + * Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/. + */ + #suppress "@azure-tools/typespec-azure-core/no-unknown" "For backward compatibility" + schema?: unknown; + + /** + * General metadata for the parameter. + */ + metadata?: ParameterDefinitionsValueMetadata; +} + +/** + * General metadata for the parameter. + */ +model ParameterDefinitionsValueMetadata { + ...Record; + + /** + * The display name for the parameter. + */ + displayName?: string; + + /** + * The description of the parameter. + */ + description?: string; + + /** + * Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from. + */ + strongType?: string; + + /** + * Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope. + */ + assignPermissions?: boolean; +} + +/** + * The details of the source of external evaluation results required by the policy during enforcement evaluation. + */ +model ExternalEvaluationEnforcementSettings { + /** + * What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny and language expressions are supported. + */ + missingTokenAction?: string; + + /** + * The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported. + */ + resultLifespan?: string; + + /** + * The settings of an external endpoint providing evaluation results. + */ + endpointSettings?: ExternalEvaluationEndpointSettings; + + /** + * An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint. + */ + roleDefinitionIds?: string[]; +} + +/** + * The settings of an external endpoint providing evaluation results. + */ +model ExternalEvaluationEndpointSettings { + /** + * The kind of the endpoint. + */ + kind?: string; + + /** + * The details of the endpoint. + */ + #suppress "@azure-tools/typespec-azure-core/no-unknown" "For backward compatibility" + details?: unknown; +} + +/** + * The policy definition properties. + */ +#suppress "@azure-tools/typespec-azure-resource-manager/arm-resource-provisioning-state" "For backward compatibility" +model PolicyDefinitionVersionProperties { + /** + * The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. + */ + policyType?: PolicyType; + + /** + * The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data. + */ + mode?: string = "Indexed"; + + /** + * The display name of the policy definition. + */ + displayName?: string; + + /** + * The policy definition description. + */ + description?: string; + + /** + * The policy rule. + */ + #suppress "@azure-tools/typespec-azure-core/no-unknown" "For backward compatibility" + policyRule?: unknown; + + /** + * The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. + */ + #suppress "@azure-tools/typespec-azure-core/no-unknown" "For backward compatibility" + metadata?: unknown; + + /** + * The parameter definitions for parameters used in the policy rule. The keys are the parameter names. + */ + #suppress "@azure-tools/typespec-azure-resource-manager/arm-no-record" "For backward compatibility" + parameters?: Record; + + /** + * The policy definition version in #.#.# format. + */ + version?: string; + + /** + * The details of the source of external evaluation results required by the policy during enforcement evaluation. + */ + externalEvaluationEnforcementSettings?: ExternalEvaluationEnforcementSettings; +} + +/** + * The policy set definition properties. + */ +#suppress "@azure-tools/typespec-azure-resource-manager/arm-resource-provisioning-state" "For backward compatibility" +model PolicySetDefinitionProperties { + /** + * The type of policy set definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. + */ + policyType?: PolicyType; + + /** + * The display name of the policy set definition. + */ + displayName?: string; + + /** + * The policy set definition description. + */ + description?: string; + + /** + * The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. + */ + #suppress "@azure-tools/typespec-azure-core/no-unknown" "For backward compatibility" + metadata?: unknown; + + /** + * The policy set definition parameters that can be used in policy definition references. + */ + #suppress "@azure-tools/typespec-azure-resource-manager/arm-no-record" "For backward compatibility" + parameters?: Record; + + /** + * An array of policy definition references. + */ + @identifiers(#["policyDefinitionReferenceId"]) + policyDefinitions: PolicyDefinitionReference[]; + + /** + * The metadata describing groups of policy definition references within the policy set definition. + */ + @identifiers(#["name"]) + policyDefinitionGroups?: PolicyDefinitionGroup[]; + + /** + * The policy set definition version in #.#.# format. + */ + version?: string; + + /** + * A list of available versions for this policy set definition. + */ + versions?: string[]; +} + +/** + * The policy definition reference. + */ +model PolicyDefinitionReference { + /** + * The ID of the policy definition or policy set definition. + */ + policyDefinitionId: string; + + /** + * The version of the policy definition to use. + */ + definitionVersion?: string; + + /** + * The latest version of the policy definition available. This is only present if requested via the $expand query parameter. + */ + @visibility(Lifecycle.Read) + latestDefinitionVersion?: string; + + /** + * The effective version of the policy definition in use. This is only present if requested via the $expand query parameter. + */ + @visibility(Lifecycle.Read) + effectiveDefinitionVersion?: string; + + /** + * The parameter values for the referenced policy rule. The keys are the parameter names. + */ + #suppress "@azure-tools/typespec-azure-resource-manager/arm-no-record" "For backward compatibility" + parameters?: Record; + + /** + * A unique id (within the policy set definition) for this policy definition reference. + */ + policyDefinitionReferenceId?: string; + + /** + * The name of the groups that this policy definition reference belongs to. + */ + groupNames?: string[]; +} + +/** + * The policy definition group. + */ +model PolicyDefinitionGroup { + /** + * The name of the group. + */ + name: string; + + /** + * The group's display name. + */ + displayName?: string; + + /** + * The group's category. + */ + category?: string; + + /** + * The group's description. + */ + description?: string; + + /** + * A resource ID of a resource that contains additional metadata about the group. + */ + additionalMetadataId?: string; +} + +/** + * The policy set definition properties. + */ +#suppress "@azure-tools/typespec-azure-resource-manager/arm-resource-provisioning-state" "For backward compatibility" +model PolicySetDefinitionVersionProperties { + /** + * The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static. + */ + policyType?: PolicyType; + + /** + * The display name of the policy set definition. + */ + displayName?: string; + + /** + * The policy set definition description. + */ + description?: string; + + /** + * The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs. + */ + #suppress "@azure-tools/typespec-azure-core/no-unknown" "For backward compatibility" + metadata?: unknown; + + /** + * The policy set definition parameters that can be used in policy definition references. + */ + #suppress "@azure-tools/typespec-azure-resource-manager/arm-no-record" "For backward compatibility" + parameters?: Record; + + /** + * An array of policy definition references. + */ + @identifiers(#["policyDefinitionReferenceId"]) + policyDefinitions: PolicyDefinitionReference[]; + + /** + * The metadata describing groups of policy definition references within the policy set definition. + */ + @identifiers(#["name"]) + policyDefinitionGroups?: PolicyDefinitionGroup[]; + + /** + * The policy set definition version in #.#.# format. + */ + version?: string; +} + +/** + * The policy token request properties. + */ +model PolicyTokenRequest { + /** + * The resource operation to acquire a token for. + */ + operation: PolicyTokenOperation; + + /** + * The change reference. + */ + changeReference?: string; +} + +/** + * The resource operation to acquire a token for. + */ +model PolicyTokenOperation { + /** + * The request URI of the resource operation. + */ + uri: string; + + /** + * The http method of the resource operation. + */ + httpMethod: string; + + /** + * The payload of the resource operation. + */ + #suppress "@azure-tools/typespec-azure-core/no-unknown" "For backward compatibility" + content?: unknown; +} + +/** + * The policy token response properties. + */ +model PolicyTokenResponse { + /** + * The result of the completed token acquisition operation. Possible values are Succeeded and Failed. + */ + result?: PolicyTokenResult; + + /** + * Status message with additional details about the token acquisition operation result. + */ + message?: string; + + /** + * The date and time after which the client can try to acquire a token again in the case of retry-able failures. + */ + // FIXME: (utcDateTime) Please double check that this is the correct type for your scenario. + retryAfter?: utcDateTime; + + /** + * An array of external evaluation endpoint invocation results. + */ + @identifiers(#[]) + results?: ExternalEvaluationEndpointInvocationResult[]; + + /** + * The change reference associated with the operation for which the token is acquired. + */ + changeReference?: string; + + /** + * The issued policy token. + */ + #suppress "@azure-tools/typespec-azure-resource-manager/secret-prop" "TODO: Check if this is a secret and add @secret or update reason" + token?: string; + + /** + * The unique Id assigned to the policy token. + */ + tokenId?: string; + + /** + * The expiration of the policy token. + */ + // FIXME: (utcDateTime) Please double check that this is the correct type for your scenario. + expiration?: utcDateTime; +} + +/** + * The external evaluation endpoint invocation results. + */ +model ExternalEvaluationEndpointInvocationResult { + /** + * The details of the policy requiring the external endpoint invocation. + */ + policyInfo?: PolicyLogInfo; + + /** + * The result of the external endpoint. Possible values are Succeeded and Failed. + */ + result?: ExternalEndpointResult; + + /** + * The status message with additional details about the invocation result. + */ + message?: string; + + /** + * The date and time after which a failed endpoint invocation can be retried. + */ + // FIXME: (utcDateTime) Please double check that this is the correct type for your scenario. + retryAfter?: utcDateTime; + + /** + * The set of claims that will be attached to the policy token as an attestation for the result of the endpoint invocation. + */ + #suppress "@azure-tools/typespec-azure-core/no-unknown" "For backward compatibility" + claims?: unknown; + + /** + * The expiration of the results. + */ + // FIXME: (utcDateTime) Please double check that this is the correct type for your scenario. + expiration?: utcDateTime; +} + +/** + * The policy log info. + */ +model PolicyLogInfo { + /** + * The policy definition Id. + */ + policyDefinitionId?: string; + + /** + * The policy set definition Id. + */ + policySetDefinitionId?: string; + + /** + * The policy definition instance Id inside a policy set. + */ + policyDefinitionReferenceId?: string; + + /** + * The policy set definition name. + */ + policySetDefinitionName?: string; + + /** + * The policy set definition display name. + */ + policySetDefinitionDisplayName?: string; + + /** + * The policy set definition version. + */ + policySetDefinitionVersion?: string; + + /** + * The policy set definition category. + */ + policySetDefinitionCategory?: string; + + /** + * The policy definition name. + */ + policyDefinitionName?: string; + + /** + * The policy definition display name. + */ + policyDefinitionDisplayName?: string; + + /** + * The policy definition version. + */ + policyDefinitionVersion?: string; + + /** + * The policy definition action. + */ + policyDefinitionEffect?: string; + + /** + * An array of policy definition group names. + */ + policyDefinitionGroupNames?: string[]; + + /** + * The policy assignment Id. + */ + policyAssignmentId?: string; + + /** + * The policy assignment name. + */ + policyAssignmentName?: string; + + /** + * The policy assignment display name. + */ + policyAssignmentDisplayName?: string; + + /** + * The policy assignment version. + */ + policyAssignmentVersion?: string; + + /** + * The policy assignment scope. + */ + policyAssignmentScope?: string; + + /** + * The resource location. + */ + resourceLocation?: string; + + /** + * The management group ancestors. + */ + ancestors?: string; + + /** + * The policy compliance reason code. + */ + complianceReasonCode?: string; + + /** + * An array of policy exemption Ids. + */ + policyExemptionIds?: string[]; +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/readme.md b/specification/resources/resource-manager/Microsoft.Authorization/policy/readme.md index c1207d330447..6e0b35f106bf 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/readme.md +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/readme.md @@ -35,12 +35,7 @@ These settings apply only when `--tag=package-policy-2025-03-stable` is specifie ```yaml $(tag) == 'package-policy-2025-03-stable' input-file: - - stable/2025-03-01/policyAssignments.json - - stable/2025-03-01/policyDefinitions.json - - stable/2025-03-01/policyDefinitionVersions.json - - stable/2025-03-01/policySetDefinitions.json - - stable/2025-03-01/policySetDefinitionVersions.json - - stable/2025-03-01/policyTokens.json + - stable/2025-03-01/openapi.json # Needed when there is more than one input file override-info: @@ -456,12 +451,21 @@ directive: - suppress: UniqueResourcePaths from: policySetDefinitions.json reason: policy set definition under an extension resource with Microsoft.Management + - suppress: UniqueResourcePaths + from: openapi.json + reason: policy set definition under an extension resource with Microsoft.Management - suppress: UniqueResourcePaths from: policyDefinitions.json reason: policy definition under an extension resource with Microsoft.Management + - suppress: UniqueResourcePaths + from: openapi.json + reason: policy definition under an extension resource with Microsoft.Management - suppress: UniqueResourcePaths from: policyAssignments.json reason: policy assignment under an extension resource with Microsoft.Management + - suppress: UniqueResourcePaths + from: openapi.json + reason: policy assignment under an extension resource with Microsoft.Management - suppress: UniqueResourcePaths from: policyExemptions.json where: $.paths @@ -469,46 +473,89 @@ directive: - suppress: OperationsAPIImplementation from: policyAssignments.json reason: operation APIs for Microsoft.Authorization are to be defined in RBAC swagger + - suppress: OperationsAPIImplementation + from: openapi.json + reason: operation APIs for Microsoft.Authorization are to be defined in RBAC swagger - suppress: OperationsAPIImplementation from: policyDefinitions.json reason: operation APIs for Microsoft.Authorization are to be defined in RBAC swagger + - suppress: OperationsAPIImplementation + from: openapi.json + reason: operation APIs for Microsoft.Authorization are to be defined in RBAC swagger - suppress: OperationsAPIImplementation from: policyDefinitionVersions.json reason: operation APIs for Microsoft.Authorization are to be defined in RBAC swagger + - suppress: OperationsAPIImplementation + from: openapi.json + reason: operation APIs for Microsoft.Authorization are to be defined in RBAC swagger - suppress: OperationsAPIImplementation from: policySetDefinitions.json reason: operation APIs for Microsoft.Authorization are to be defined in RBAC swagger + - suppress: OperationsAPIImplementation + from: openapi.json + reason: operation APIs for Microsoft.Authorization are to be defined in RBAC swagger - suppress: OperationsAPIImplementation from: policySetDefinitionVersions.json reason: operation APIs for Microsoft.Authorization are to be defined in RBAC swagger + - suppress: OperationsAPIImplementation + from: openapi.json + reason: operation APIs for Microsoft.Authorization are to be defined in RBAC swagger - suppress: OperationsAPIImplementation from: policyExemptions.json reason: operation APIs for Microsoft.Authorization are to be defined in RBAC swagger + - suppress: OperationsAPIImplementation + from: openapi.json + reason: operation APIs for Microsoft.Authorization are to be defined in RBAC swagger - suppress: OperationsAPIImplementation from: policyVariables.json reason: operation APIs for Microsoft.Authorization are to be defined in RBAC swagger + - suppress: OperationsAPIImplementation + from: openapi.json + reason: operation APIs for Microsoft.Authorization are to be defined in RBAC swagger - suppress: OperationsAPIImplementation from: policyVariableValues.json reason: operation APIs for Microsoft.Authorization are to be defined in RBAC swagger + - suppress: OperationsAPIImplementation + from: openapi.json + reason: operation APIs for Microsoft.Authorization are to be defined in RBAC swagger - suppress: BodyTopLevelProperties from: policyAssignments.json reason: Currently systemData is not allowed. Lint bug - collection GET result contains value and nextLink properties. + - suppress: BodyTopLevelProperties + from: openapi.json + reason: Currently systemData is not allowed. Lint bug - collection GET result contains value and nextLink properties. - suppress: BodyTopLevelProperties from: policyDefinitions.json reason: Currently systemData is not allowed. Lint bug - collection GET result contains value and nextLink properties. + - suppress: BodyTopLevelProperties + from: openapi.json + reason: Currently systemData is not allowed. Lint bug - collection GET result contains value and nextLink properties. - suppress: BodyTopLevelProperties from: policyDefinitionVersions.json reason: Currently systemData is not allowed. Lint bug - collection GET result contains value and nextLink properties. + - suppress: BodyTopLevelProperties + from: openapi.json + reason: Currently systemData is not allowed. Lint bug - collection GET result contains value and nextLink properties. - suppress: BodyTopLevelProperties from: policySetDefinitions.json reason: Currently systemData is not allowed. Lint bug - collection GET result contains value and nextLink properties. + - suppress: BodyTopLevelProperties + from: openapi.json + reason: Currently systemData is not allowed. Lint bug - collection GET result contains value and nextLink properties. - suppress: BodyTopLevelProperties from: policySetDefinitionVersions.json reason: Currently systemData is not allowed. Lint bug - collection GET result contains value and nextLink properties. + - suppress: BodyTopLevelProperties + from: openapi.json + reason: Currently systemData is not allowed. Lint bug - collection GET result contains value and nextLink properties. - suppress: BodyTopLevelProperties from: policyExemptions.json where: $.definitions.PolicyExemption.properties reason: Currently systemData is not allowed + - suppress: BodyTopLevelProperties + from: openapi.json + where: $.definitions.PolicyExemption.properties + reason: Currently systemData is not allowed - suppress: OperationsAPIImplementation where: $.paths from: dataPolicyManifests.json @@ -528,15 +575,27 @@ directive: - suppress: TopLevelResourcesListByResourceGroup from: policyDefinitions.json reason: Policy definitions are a proxy resource that is only usable on subscriptions or management groups + - suppress: TopLevelResourcesListByResourceGroup + from: openapi.json + reason: Policy definitions are a proxy resource that is only usable on subscriptions or management groups - suppress: TopLevelResourcesListByResourceGroup from: policyVariables.json reason: Policy variables are a proxy resource that is only usable on subscriptions or management groups + - suppress: TopLevelResourcesListByResourceGroup + from: openapi.json + reason: Policy variables are a proxy resource that is only usable on subscriptions or management groups - suppress: TopLevelResourcesListByResourceGroup from: policyVariableValues.json reason: Policy variable values are a proxy resource that is only usable on subscriptions or management groups + - suppress: TopLevelResourcesListByResourceGroup + from: openapi.json + reason: Policy variable values are a proxy resource that is only usable on subscriptions or management groups - suppress: TopLevelResourcesListByResourceGroup from: policySetDefinitions.json reason: Policy set definitions are a proxy resource that is only usable on subscriptions or management groups + - suppress: TopLevelResourcesListByResourceGroup + from: openapi.json + reason: Policy set definitions are a proxy resource that is only usable on subscriptions or management groups - suppress: PathForTrackedResourceTypes from: policyAssignments.json reason: Not a tracked resource type. The API has never been changed since inception. Would be a breaking change. diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/routes.tsp b/specification/resources/resource-manager/Microsoft.Authorization/policy/routes.tsp new file mode 100644 index 000000000000..a9bb674826d9 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/routes.tsp @@ -0,0 +1,154 @@ +// FIXME: Operations in this file are not detected as a resource operation, please confirm the conversion result manually + +import "@azure-tools/typespec-azure-core"; +import "@typespec/rest"; +import "./models.tsp"; +import "@azure-tools/typespec-azure-resource-manager"; +import "@typespec/openapi"; + +using TypeSpec.Rest; +using TypeSpec.Http; +using Azure.ResourceManager; +using TypeSpec.OpenAPI; + +namespace Microsoft.Authorization; + +alias PolicyDefinitionListOps = Azure.ResourceManager.Legacy.ExtensionOperations< + { + ...ApiVersionParameter; + ...SubscriptionIdParameter; + + /** the provider namespace */ + @path + @segment("providers") + @key + providerNamespace: "Microsoft.Authorization"; + }, + {}, + {} +>; + +alias PolicyDefinitionTenantListOps = Azure.ResourceManager.Legacy.ExtensionOperations< + { + ...ApiVersionParameter; + + /** the provider namespace */ + @path + @segment("providers") + @key + providerNamespace: "Microsoft.Authorization"; + }, + {}, + {} +>; + +alias PolicyDefinitionManagementGroupListOps = Azure.ResourceManager.Legacy.ExtensionOperations< + { + /** the provider namespace */ + @path + @segment("providers") + @key + providerNamespace: "Microsoft.Management"; + + ...CommonTypes.ManagementGroupNameParameter; + ...ApiVersionParameter; + }, + { + ...Extension.ExtensionProviderNamespace; + }, + { + ...Extension.ExtensionProviderNamespace; + } +>; + +#suppress "@azure-tools/typespec-azure-resource-manager/arm-resource-interface-requires-decorator" "For backward compatibility" +interface PolicyDefinitionVersionsOperationGroup { + /** + * This operation lists all the built-in policy definition versions for all built-in policy definitions. + */ + @summary("Lists all built-in policy definition versions.") + @post + @segment("listPolicyDefinitionVersions") + listAllBuiltins is PolicyDefinitionTenantListOps.ListSinglePage; + + /** + * This operation lists all the policy definition versions for all policy definitions at the management group scope. + */ + @summary("Lists all policy definition versions at management group scope.") + @post + @segment("listPolicyDefinitionVersions") + listAllAtManagementGroup is PolicyDefinitionManagementGroupListOps.ListSinglePage; + + /** + * This operation lists all the policy definition versions for all policy definitions within a subscription. + */ + @summary("Lists all policy definition versions within a subscription.") + @post + @segment("listPolicyDefinitionVersions") + listAll is PolicyDefinitionListOps.ListSinglePage; +} + +#suppress "@azure-tools/typespec-azure-resource-manager/arm-resource-interface-requires-decorator" "For backward compatibility" +interface PolicySetDefinitionVersionsOperationGroup { + /** + * This operation lists all the built-in policy set definition versions for all built-in policy set definitions. + */ + @summary("Lists all built-in policy set definition versions.") + @post + @segment("listPolicySetDefinitionVersions") + listAllBuiltins is PolicyDefinitionTenantListOps.ListSinglePage; + + /** + * This operation lists all the policy set definition versions for all policy set definitions at the management group scope. + */ + @summary("Lists all policy set definition versions at management group scope.") + @post + @segment("listPolicySetDefinitionVersions") + listAllAtManagementGroup is PolicyDefinitionManagementGroupListOps.ListSinglePage; + + /** + * This operation lists all the policy set definition versions for all policy set definitions within a subscription. + */ + @summary("Lists all policy set definition versions within a subscription.") + @post + @segment("listPolicySetDefinitionVersions") + listAll is PolicyDefinitionListOps.ListSinglePage; +} + +#suppress "@azure-tools/typespec-azure-resource-manager/arm-resource-interface-requires-decorator" "For backward compatibility" +interface PolicyTokensOperationGroup { + /** + * This operation acquires a policy token in the given subscription for the given request body. + */ + @summary("Acquires a policy token.") + @autoRoute + @action("acquirePolicyToken") + acquire is ArmProviderActionSync< + Request = PolicyTokenRequest, + Response = PolicyTokenResponse, + Scope = SubscriptionActionScope + >; + + /** + * This operation acquires a policy token in the given management group for the given request body. + */ + @summary("Acquires a policy token at management group level.") + @autoRoute + @post + @action("acquirePolicyToken") + @armResourceCollectionAction + acquireAtManagementGroup( + /** the provider namespace */ + @path + @segment("providers") + @key + providerNamespace: "Microsoft.Management", + + ...CommonTypes.ManagementGroupNameParameter, + ...ProviderNamespace, + ...ApiVersionParameter, + + /** The policy token properties. */ + @body parameters: PolicyTokenRequest, + ): PolicyTokenResponse | ErrorResponse; +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/acquirePolicyToken.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/acquirePolicyToken.json index ab7aa1eeeb3f..b91d59b10de2 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/acquirePolicyToken.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/acquirePolicyToken.json @@ -1,62 +1,64 @@ { "parameters": { - "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "api-version": "2025-03-01", "parameters": { "operation": { - "uri": "https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testRG/providers/Microsoft.Compute/virtualMachines/testVM?api-version=2024-01-01", - "httpMethod": "delete" + "httpMethod": "delete", + "uri": "https://management.azure.com/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testRG/providers/Microsoft.Compute/virtualMachines/testVM?api-version=2024-01-01" } - } + }, + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "200": { "body": { + "expiration": "2025-01-01T21:30:00.00Z", "result": "Succeeded", "results": [ { - "policyInfo": { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/5ed64d02", - "policyAssignmentId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/3f2def86" - }, - "result": "Succeeded", - "message": "Coin flip successful (success probability: '1').", "claims": { + "date": "2025-01-01T19:30:00.00Z", + "double": 0.99, + "int": 2, "isValid": false, "string": "testString", - "int": 2, - "double": 0.99, - "date": "2025-01-01T19:30:00.00Z", + "testArray": [ + "Apple", + "Banana", + "Cherry" + ], "testObject": { - "id": 12345, "name": "Complex Object", + "id": 12345, "details": { "createdBy": "John Doe", "createdDate": "2024-12-13T12:00:00Z", "metadata": { - "version": "1.0.0", "isActive": true, "tags": [ "example", "test", "object" - ] + ], + "version": "1.0.0" } } - }, - "testArray": [ - "Apple", - "Banana", - "Cherry" - ] + } + }, + "expiration": "2025-01-01T21:30:00.00Z", + "message": "Coin flip successful (success probability: '1').", + "policyInfo": { + "policyAssignmentId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/3f2def86", + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/5ed64d02" }, - "expiration": "2025-01-01T21:30:00.00Z" + "result": "Succeeded" } ], "token": "PoP 7zmVse52pjMKPQd5m2uiNjz5UV2pZ.LPGtRiTeuCDBomEVbzj9kIaL9odEmlNv4D9VzyrQLTAyv4HHnUR7oNytWnL.AQrZ5bSGAQZzr8eySqvugzrD-ceRVL311SL3Nn6f-4c9kgPgU_u1ArXQKW25QCxMlsAuWmaE", - "tokenId": "0da8a969-c660-4de0-a6a4-b2034d4325e4", - "expiration": "2025-01-01T21:30:00.00Z" + "tokenId": "0da8a969-c660-4de0-a6a4-b2034d4325e4" } } - } + }, + "operationId": "PolicyTokens_Acquire", + "title": "Acquire a policy token" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/acquirePolicyTokenAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/acquirePolicyTokenAtManagementGroup.json index d5ce160843d1..b4d77d1c792d 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/acquirePolicyTokenAtManagementGroup.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/acquirePolicyTokenAtManagementGroup.json @@ -1,62 +1,64 @@ { "parameters": { - "managementGroupName": "MyManagementGroup", "api-version": "2025-03-01", + "managementGroupName": "MyManagementGroup", "parameters": { "operation": { - "uri": "https://management.azure.com/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000?api-version=2022-04-01", - "httpMethod": "delete" + "httpMethod": "delete", + "uri": "https://management.azure.com/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/roleAssignments/00000000-0000-0000-0000-000000000000?api-version=2022-04-01" } } }, "responses": { "200": { "body": { + "expiration": "2025-01-01T21:30:00.00Z", "result": "Succeeded", "results": [ { - "policyInfo": { - "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/5ed64d02", - "policyAssignmentId": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/3f2def86" - }, - "result": "Succeeded", - "message": "Coin flip successful (success probability: '1').", "claims": { + "date": "2025-01-01T19:30:00.00Z", + "double": 0.99, + "int": 2, "isValid": false, "string": "testString", - "int": 2, - "double": 0.99, - "date": "2025-01-01T19:30:00.00Z", + "testArray": [ + "Apple", + "Banana", + "Cherry" + ], "testObject": { - "id": 12345, "name": "Complex Object", + "id": 12345, "details": { "createdBy": "John Doe", "createdDate": "2024-12-13T12:00:00Z", "metadata": { - "version": "1.0.0", "isActive": true, "tags": [ "example", "test", "object" - ] + ], + "version": "1.0.0" } } - }, - "testArray": [ - "Apple", - "Banana", - "Cherry" - ] + } + }, + "expiration": "2025-01-01T21:30:00.00Z", + "message": "Coin flip successful (success probability: '1').", + "policyInfo": { + "policyAssignmentId": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyAssignments/3f2def86", + "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/5ed64d02" }, - "expiration": "2025-01-01T21:30:00.00Z" + "result": "Succeeded" } ], "token": "PoP 7zmVse52pjMKPQd5m2uiNjz5UV2pZ.LPGtRiTeuCDBomEVbzj9kIaL9odEmlNv4D9VzyrQLTAyv4HHnUR7oNytWnL.AQrZ5bSGAQZzr8eySqvugzrD-ceRVL311SL3Nn6f-4c9kgPgU_u1ArXQKW25QCxMlsAuWmaE", - "tokenId": "0da8a969-c660-4de0-a6a4-b2034d4325e4", - "expiration": "2025-01-01T21:30:00.00Z" + "tokenId": "0da8a969-c660-4de0-a6a4-b2034d4325e4" } } - } + }, + "operationId": "PolicyTokens_AcquireAtManagementGroup", + "title": "Acquire a policy token at management group level" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicyDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicyDefinition.json index 67c0bfce97f2..91438d92bc62 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicyDefinition.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicyDefinition.json @@ -1,95 +1,97 @@ { "parameters": { - "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "policyDefinitionName": "ResourceNaming", "api-version": "2025-03-01", "parameters": { "properties": { - "mode": "All", - "displayName": "Enforce resource naming convention", "description": "Force resource names to begin with given 'prefix' and/or end with given 'suffix'", + "displayName": "Enforce resource naming convention", "metadata": { "category": "Naming" }, - "policyRule": { - "if": { - "not": { - "field": "name", - "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" - } - }, - "then": { - "effect": "deny" - } - }, + "mode": "All", "parameters": { "prefix": { "type": "String", "metadata": { - "displayName": "Prefix", - "description": "Resource name prefix" + "description": "Resource name prefix", + "displayName": "Prefix" } }, "suffix": { "type": "String", "metadata": { - "displayName": "Suffix", - "description": "Resource name suffix" + "description": "Resource name suffix", + "displayName": "Suffix" } } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } } } - } + }, + "policyDefinitionName": "ResourceNaming", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "201": { - "headers": {}, "body": { - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", - "type": "Microsoft.Authorization/policyDefinitions", "name": "ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "properties": { - "mode": "All", - "displayName": "Naming Convention", "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", "metadata": { "category": "Naming" }, - "version": "1.2.1", - "versions": [ - "1.2.1", - "1.0.0" - ], - "policyRule": { - "if": { - "not": { - "field": "name", - "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" - } - }, - "then": { - "effect": "deny" - } - }, + "mode": "All", "parameters": { "prefix": { "type": "String", "metadata": { - "displayName": "Prefix", - "description": "Resource name prefix" + "description": "Resource name prefix", + "displayName": "Prefix" } }, "suffix": { "type": "String", "metadata": { - "displayName": "Suffix", - "description": "Resource name suffix" + "description": "Resource name suffix", + "displayName": "Suffix" } } }, - "policyType": "Custom" + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] } - } + }, + "headers": {} } - } + }, + "operationId": "PolicyDefinitions_CreateOrUpdate", + "title": "Create or update a policy definition" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionAdvancedParams.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionAdvancedParams.json index c0088f8a738d..58db388be568 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionAdvancedParams.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionAdvancedParams.json @@ -1,20 +1,35 @@ { "parameters": { - "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "policyDefinitionName": "EventHubDiagnosticLogs", "api-version": "2025-03-01", "parameters": { "properties": { - "mode": "Indexed", - "displayName": "Event Hubs should have diagnostic logging enabled", "description": "Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised", + "displayName": "Event Hubs should have diagnostic logging enabled", "metadata": { "category": "Event Hub" }, + "mode": "Indexed", + "parameters": { + "requiredRetentionDays": { + "type": "Integer", + "allowedValues": [ + 0, + 30, + 90, + 180, + 365 + ], + "defaultValue": 365, + "metadata": { + "description": "The required diagnostic logs retention in days", + "displayName": "Required retention (days)" + } + } + }, "policyRule": { "if": { - "field": "type", - "equals": "Microsoft.EventHub/namespaces" + "equals": "Microsoft.EventHub/namespaces", + "field": "type" }, "then": { "effect": "AuditIfNotExists", @@ -23,61 +38,57 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled", - "equals": "true" + "equals": "true", + "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled" }, { - "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days", - "equals": "[parameters('requiredRetentionDays')]" + "equals": "[parameters('requiredRetentionDays')]", + "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days" } ] } } } - }, - "parameters": { - "requiredRetentionDays": { - "type": "Integer", - "defaultValue": 365, - "allowedValues": [ - 0, - 30, - 90, - 180, - 365 - ], - "metadata": { - "displayName": "Required retention (days)", - "description": "The required diagnostic logs retention in days" - } - } } } - } + }, + "policyDefinitionName": "EventHubDiagnosticLogs", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "201": { - "headers": {}, "body": { - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", - "type": "Microsoft.Authorization/policyDefinitions", "name": "ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "properties": { - "mode": "Indexed", - "displayName": "Event Hubs should have diagnostic logging enabled", "description": "Audit enabling of logs and retain them up to a year. This enables recreation of activity trails for investigation purposes when a security incident occurs or your network is compromised", + "displayName": "Event Hubs should have diagnostic logging enabled", "metadata": { "category": "Event Hub" }, - "version": "1.2.1", - "versions": [ - "1.2.1", - "1.0.0" - ], + "mode": "Indexed", + "parameters": { + "requiredRetentionDays": { + "type": "Integer", + "allowedValues": [ + 0, + 30, + 90, + 180, + 365 + ], + "defaultValue": 365, + "metadata": { + "description": "The required diagnostic logs retention in days", + "displayName": "Required retention (days)" + } + } + }, "policyRule": { "if": { - "field": "type", - "equals": "Microsoft.EventHub/namespaces" + "equals": "Microsoft.EventHub/namespaces", + "field": "type" }, "then": { "effect": "AuditIfNotExists", @@ -86,37 +97,28 @@ "existenceCondition": { "allOf": [ { - "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled", - "equals": "true" + "equals": "true", + "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled" }, { - "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days", - "equals": "[parameters('requiredRetentionDays')]" + "equals": "[parameters('requiredRetentionDays')]", + "field": "Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days" } ] } } } }, - "parameters": { - "requiredRetentionDays": { - "type": "Integer", - "defaultValue": 365, - "allowedValues": [ - 0, - 30, - 90, - 180, - 365 - ], - "metadata": { - "displayName": "Required retention (days)", - "description": "The required diagnostic logs retention in days" - } - } - } + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] } - } + }, + "headers": {} } - } + }, + "operationId": "PolicyDefinitions_CreateOrUpdate", + "title": "Create or update a policy definition with advanced parameters" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionAtManagementGroup.json index dfad853cc2c8..140f26107013 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionAtManagementGroup.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionAtManagementGroup.json @@ -1,95 +1,97 @@ { "parameters": { - "managementGroupId": "MyManagementGroup", - "policyDefinitionName": "ResourceNaming", "api-version": "2025-03-01", + "managementGroupId": "MyManagementGroup", "parameters": { "properties": { - "mode": "All", - "displayName": "Enforce resource naming convention", "description": "Force resource names to begin with given 'prefix' and/or end with given 'suffix'", + "displayName": "Enforce resource naming convention", "metadata": { "category": "Naming" }, - "policyRule": { - "if": { - "not": { - "field": "name", - "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" - } - }, - "then": { - "effect": "deny" - } - }, + "mode": "All", "parameters": { "prefix": { "type": "String", "metadata": { - "displayName": "Prefix", - "description": "Resource name prefix" + "description": "Resource name prefix", + "displayName": "Prefix" } }, "suffix": { "type": "String", "metadata": { - "displayName": "Suffix", - "description": "Resource name suffix" + "description": "Resource name suffix", + "displayName": "Suffix" } } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } } } - } + }, + "policyDefinitionName": "ResourceNaming" }, "responses": { "201": { - "headers": {}, "body": { - "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", - "type": "Microsoft.Authorization/policyDefinitions", "name": "ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "properties": { - "mode": "All", - "displayName": "Naming Convention", "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", "metadata": { "category": "Naming" }, - "version": "1.2.1", - "versions": [ - "1.2.1", - "1.0.0" - ], - "policyRule": { - "if": { - "not": { - "field": "name", - "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" - } - }, - "then": { - "effect": "deny" - } - }, + "mode": "All", "parameters": { "prefix": { "type": "String", "metadata": { - "displayName": "Prefix", - "description": "Resource name prefix" + "description": "Resource name prefix", + "displayName": "Prefix" } }, "suffix": { "type": "String", "metadata": { - "displayName": "Suffix", - "description": "Resource name suffix" + "description": "Resource name suffix", + "displayName": "Suffix" } } }, - "policyType": "Custom" + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] } - } + }, + "headers": {} } - } + }, + "operationId": "PolicyDefinitions_CreateOrUpdateAtManagementGroup", + "title": "Create or update a policy definition at management group level" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionExternalEvaluationEnforcementSettings.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionExternalEvaluationEnforcementSettings.json index a629d1a47c0b..66a1862463c8 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionExternalEvaluationEnforcementSettings.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionExternalEvaluationEnforcementSettings.json @@ -1,85 +1,91 @@ { "parameters": { - "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "policyDefinitionName": "RandomizeVMAllocation", "api-version": "2025-03-01", "parameters": { "properties": { - "mode": "Indexed", - "displayName": "Randomize VM Allocation", "description": "Randomly disable VM allocation in eastus by having policy rule reference the outcome of invoking an external endpoint using the CoinFlip endpoint that returns random values.", + "displayName": "Randomize VM Allocation", + "externalEvaluationEnforcementSettings": { + "endpointSettings": { + "kind": "CoinFlip", + "details": { + "successProbability": 0.5 + } + }, + "missingTokenAction": "audit", + "roleDefinitionIds": [ + "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/roleDefinitions/f0cc2aea-b517-48f6-8f9e-0c01c687907b" + ] + }, "metadata": { "category": "VM" }, + "mode": "Indexed", "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Compute/virtualMachines" + "equals": "Microsoft.Compute/virtualMachines", + "field": "type" }, { - "field": "location", - "equals": "eastus" + "equals": "eastus", + "field": "location" }, { - "value": "[claims().isValid]", - "equals": "false" + "equals": "false", + "value": "[claims().isValid]" } ] }, "then": { "effect": "deny" } - }, - "externalEvaluationEnforcementSettings": { - "missingTokenAction": "audit", - "endpointSettings": { - "kind": "CoinFlip", - "details": { - "successProbability": 0.5 - } - }, - "roleDefinitionIds": [ - "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/roleDefinitions/f0cc2aea-b517-48f6-8f9e-0c01c687907b" - ] } } - } + }, + "policyDefinitionName": "RandomizeVMAllocation", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "201": { - "headers": {}, "body": { - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/RandomizeVMAllocation", - "type": "Microsoft.Authorization/policyDefinitions", "name": "RandomizeVMAllocation", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/RandomizeVMAllocation", "properties": { - "mode": "Indexed", - "displayName": "Randomize VM Allocation", "description": "Randomly disable VM allocation in eastus by having policy rule reference the outcome of invoking an external endpoint using the CoinFlip endpoint that returns random values.", + "displayName": "Randomize VM Allocation", + "externalEvaluationEnforcementSettings": { + "endpointSettings": { + "kind": "CoinFlip", + "details": { + "successProbability": 0.5 + } + }, + "missingTokenAction": "audit", + "roleDefinitionIds": [ + "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/roleDefinitions/f0cc2aea-b517-48f6-8f9e-0c01c687907b" + ] + }, "metadata": { "category": "VM" }, - "version": "1.2.1", - "versions": [ - "1.2.1", - "1.0.0" - ], + "mode": "Indexed", "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Compute/virtualMachines" + "equals": "Microsoft.Compute/virtualMachines", + "field": "type" }, { - "field": "location", - "equals": "eastus" + "equals": "eastus", + "field": "location" }, { - "value": "[claims().isValid]", - "equals": "false" + "equals": "false", + "value": "[claims().isValid]" } ] }, @@ -87,21 +93,17 @@ "effect": "deny" } }, - "externalEvaluationEnforcementSettings": { - "missingTokenAction": "audit", - "endpointSettings": { - "kind": "CoinFlip", - "details": { - "successProbability": 0.5 - } - }, - "roleDefinitionIds": [ - "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/roleDefinitions/f0cc2aea-b517-48f6-8f9e-0c01c687907b" - ] - }, - "policyType": "Custom" + "policyType": "Custom", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] } - } + }, + "headers": {} } - } + }, + "operationId": "PolicyDefinitions_CreateOrUpdate", + "title": "Create or update a policy definition with external evaluation enforcement settings" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionVersion.json index a91f163f900f..5bbb045374f8 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionVersion.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionVersion.json @@ -1,108 +1,77 @@ { "parameters": { - "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "policyDefinitionName": "ResourceNaming", - "policyDefinitionVersion": "1.2.1", "api-version": "2025-03-01", "parameters": { "properties": { - "mode": "All", - "displayName": "Enforce resource naming convention", "description": "Force resource names to begin with given 'prefix' and/or end with given 'suffix'", + "displayName": "Enforce resource naming convention", "metadata": { "category": "Naming" }, - "version": "1.2.1", - "policyRule": { - "if": { - "not": { - "field": "name", - "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" - } - }, - "then": { - "effect": "deny" - } - }, + "mode": "All", "parameters": { "prefix": { "type": "String", "metadata": { - "displayName": "Prefix", - "description": "Resource name prefix" + "description": "Resource name prefix", + "displayName": "Prefix" } }, "suffix": { "type": "String", "metadata": { - "displayName": "Suffix", - "description": "Resource name suffix" + "description": "Resource name suffix", + "displayName": "Suffix" } } - } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "version": "1.2.1" } - } + }, + "policyDefinitionName": "ResourceNaming", + "policyDefinitionVersion": "1.2.1", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "200": { - "headers": {}, "body": { - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", - "type": "Microsoft.Authorization/policyDefinitions/versions", "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", "properties": { - "mode": "All", - "displayName": "Naming Convention", "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", "metadata": { "category": "Naming" }, - "version": "1.2.1", - "policyRule": { - "if": { - "not": { - "field": "name", - "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" - } - }, - "then": { - "effect": "deny" - } - }, + "mode": "All", "parameters": { "prefix": { "type": "String", "metadata": { - "displayName": "Prefix", - "description": "Resource name prefix" + "description": "Resource name prefix", + "displayName": "Prefix" } }, "suffix": { "type": "String", "metadata": { - "displayName": "Suffix", - "description": "Resource name suffix" + "description": "Resource name suffix", + "displayName": "Suffix" } } }, - "policyType": "Custom" - } - } - }, - "201": { - "headers": {}, - "body": { - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", - "type": "Microsoft.Authorization/policyDefinitions/versions", - "name": "1.2.1", - "properties": { - "mode": "All", - "displayName": "Naming Convention", - "description": "Force resource names to begin with 'prefix' and end with 'suffix'", - "metadata": { - "category": "Naming" - }, - "version": "1.2.1", "policyRule": { "if": { "not": { @@ -114,25 +83,58 @@ "effect": "deny" } }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + "headers": {} + }, + "201": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", "parameters": { "prefix": { "type": "String", "metadata": { - "displayName": "Prefix", - "description": "Resource name prefix" + "description": "Resource name prefix", + "displayName": "Prefix" } }, "suffix": { "type": "String", "metadata": { - "displayName": "Suffix", - "description": "Resource name suffix" + "description": "Resource name suffix", + "displayName": "Suffix" } } }, - "policyType": "Custom" + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" } - } + }, + "headers": {} } - } + }, + "operationId": "PolicyDefinitionVersions_CreateOrUpdate", + "title": "Create or update a policy definition version" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionVersionAtManagementGroup.json index 00d18dd67ceb..ccc91d11b970 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionVersionAtManagementGroup.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicyDefinitionVersionAtManagementGroup.json @@ -1,108 +1,77 @@ { "parameters": { - "managementGroupName": "MyManagementGroup", - "policyDefinitionName": "ResourceNaming", - "policyDefinitionVersion": "1.2.1", "api-version": "2025-03-01", + "managementGroupName": "MyManagementGroup", "parameters": { "properties": { - "mode": "All", - "displayName": "Enforce resource naming convention", "description": "Force resource names to begin with given 'prefix' and/or end with given 'suffix'", + "displayName": "Enforce resource naming convention", "metadata": { "category": "Naming" }, - "version": "1.2.1", - "policyRule": { - "if": { - "not": { - "field": "name", - "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" - } - }, - "then": { - "effect": "deny" - } - }, + "mode": "All", "parameters": { "prefix": { "type": "String", "metadata": { - "displayName": "Prefix", - "description": "Resource name prefix" + "description": "Resource name prefix", + "displayName": "Prefix" } }, "suffix": { "type": "String", "metadata": { - "displayName": "Suffix", - "description": "Resource name suffix" + "description": "Resource name suffix", + "displayName": "Suffix" } } - } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "version": "1.2.1" } - } + }, + "policyDefinitionName": "ResourceNaming", + "policyDefinitionVersion": "1.2.1" }, "responses": { "200": { - "headers": {}, "body": { - "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", - "type": "Microsoft.Authorization/policyDefinitions/versions", "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", "properties": { - "mode": "All", - "displayName": "Naming Convention", "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", "metadata": { "category": "Naming" }, - "version": "1.2.1", - "policyRule": { - "if": { - "not": { - "field": "name", - "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" - } - }, - "then": { - "effect": "deny" - } - }, + "mode": "All", "parameters": { "prefix": { "type": "String", "metadata": { - "displayName": "Prefix", - "description": "Resource name prefix" + "description": "Resource name prefix", + "displayName": "Prefix" } }, "suffix": { "type": "String", "metadata": { - "displayName": "Suffix", - "description": "Resource name suffix" + "description": "Resource name suffix", + "displayName": "Suffix" } } }, - "policyType": "Custom" - } - } - }, - "201": { - "headers": {}, - "body": { - "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", - "type": "Microsoft.Authorization/policyDefinitions/versions", - "name": "1.2.1", - "properties": { - "mode": "All", - "displayName": "Naming Convention", - "description": "Force resource names to begin with 'prefix' and end with 'suffix'", - "metadata": { - "category": "Naming" - }, - "version": "1.2.1", "policyRule": { "if": { "not": { @@ -114,25 +83,58 @@ "effect": "deny" } }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + "headers": {} + }, + "201": { + "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", "parameters": { "prefix": { "type": "String", "metadata": { - "displayName": "Prefix", - "description": "Resource name prefix" + "description": "Resource name prefix", + "displayName": "Prefix" } }, "suffix": { "type": "String", "metadata": { - "displayName": "Suffix", - "description": "Resource name suffix" + "description": "Resource name suffix", + "displayName": "Suffix" } } }, - "policyType": "Custom" + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" } - } + }, + "headers": {} } - } + }, + "operationId": "PolicyDefinitionVersions_CreateOrUpdateAtManagementGroup", + "title": "Create or update a policy definition version at management group level" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicySetDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicySetDefinition.json index ef7e08b69614..0dd02b6ce0ba 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicySetDefinition.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicySetDefinition.json @@ -1,12 +1,10 @@ { "parameters": { - "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "policySetDefinitionName": "CostManagement", "api-version": "2025-03-01", "parameters": { "properties": { - "displayName": "Cost Management", "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", "metadata": { "category": "Cost Management" }, @@ -21,8 +19,6 @@ }, "policyDefinitions": [ { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", - "policyDefinitionReferenceId": "Limit_Skus", "parameters": { "listOfAllowedSKUs": { "value": [ @@ -30,11 +26,11 @@ "Standard_LRS" ] } - } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" }, { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", - "policyDefinitionReferenceId": "Resource_Naming", "parameters": { "prefix": { "value": "[parameters('namePrefix')]" @@ -42,30 +38,28 @@ "suffix": { "value": "-LC" } - } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" } ] } - } + }, + "policySetDefinitionName": "CostManagement", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { - "201": { - "headers": {}, + "200": { "body": { - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", - "type": "Microsoft.Authorization/policySetDefinitions", "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", "properties": { - "displayName": "Cost Management", "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", "metadata": { "category": "Cost Management" }, - "version": "1.2.1", - "versions": [ - "1.2.1", - "1.0.0" - ], "parameters": { "namePrefix": { "type": "String", @@ -77,9 +71,6 @@ }, "policyDefinitions": [ { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", - "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Limit_Skus", "parameters": { "listOfAllowedSKUs": { "value": [ @@ -87,12 +78,11 @@ "Standard_LRS" ] } - } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" }, { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", - "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Resource_Naming", "parameters": { "prefix": { "value": "[parameters('namePrefix')]" @@ -100,21 +90,23 @@ "suffix": { "value": "-LC" } - } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" } ] } - } + }, + "headers": {} }, - "200": { - "headers": {}, + "201": { "body": { - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", - "type": "Microsoft.Authorization/policySetDefinitions", "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", "properties": { - "displayName": "Cost Management", "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", "metadata": { "category": "Cost Management" }, @@ -129,8 +121,7 @@ }, "policyDefinitions": [ { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", - "policyDefinitionReferenceId": "Limit_Skus", + "definitionVersion": "1.*.*", "parameters": { "listOfAllowedSKUs": { "value": [ @@ -138,11 +129,12 @@ "Standard_LRS" ] } - } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" }, { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", - "policyDefinitionReferenceId": "Resource_Naming", + "definitionVersion": "1.*.*", "parameters": { "prefix": { "value": "[parameters('namePrefix')]" @@ -150,11 +142,21 @@ "suffix": { "value": "-LC" } - } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" ] } - } + }, + "headers": {} } - } + }, + "operationId": "PolicySetDefinitions_CreateOrUpdate", + "title": "Create or update a policy set definition" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionAtManagementGroup.json index 4127fe0bb59e..adf5a31305ef 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionAtManagementGroup.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionAtManagementGroup.json @@ -1,19 +1,16 @@ { "parameters": { - "managementGroupId": "MyManagementGroup", - "policySetDefinitionName": "CostManagement", "api-version": "2025-03-01", + "managementGroupId": "MyManagementGroup", "parameters": { "properties": { - "displayName": "Cost Management", "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", "metadata": { "category": "Cost Management" }, "policyDefinitions": [ { - "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", - "policyDefinitionReferenceId": "Limit_Skus", "parameters": { "listOfAllowedSKUs": { "value": [ @@ -21,11 +18,11 @@ "Standard_LRS" ] } - } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" }, { - "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", - "policyDefinitionReferenceId": "Resource_Naming", "parameters": { "prefix": { "value": "DeptA" @@ -33,35 +30,30 @@ "suffix": { "value": "-LC" } - } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" } ] } - } + }, + "policySetDefinitionName": "CostManagement" }, "responses": { - "201": { - "headers": {}, + "200": { "body": { - "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", - "type": "Microsoft.Authorization/policySetDefinitions", "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", "properties": { - "displayName": "Cost Management", "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", "metadata": { "category": "Cost Management" }, - "version": "1.2.1", - "versions": [ - "1.2.1", - "1.0.0" - ], "policyDefinitions": [ { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Limit_Skus", "parameters": { "listOfAllowedSKUs": { "value": [ @@ -69,12 +61,12 @@ "Standard_LRS" ] } - } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" }, { - "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Resource_Naming", "parameters": { "prefix": { "value": "DeptA" @@ -82,29 +74,29 @@ "suffix": { "value": "-LC" } - } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" } ] } - } + }, + "headers": {} }, - "200": { - "headers": {}, + "201": { "body": { - "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", - "type": "Microsoft.Authorization/policySetDefinitions", "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", "properties": { - "displayName": "Cost Management", "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", "metadata": { "category": "Cost Management" }, "policyDefinitions": [ { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Limit_Skus", "parameters": { "listOfAllowedSKUs": { "value": [ @@ -112,12 +104,12 @@ "Standard_LRS" ] } - } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" }, { - "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Resource_Naming", "parameters": { "prefix": { "value": "DeptA" @@ -125,11 +117,21 @@ "suffix": { "value": "-LC" } - } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" ] } - } + }, + "headers": {} } - } + }, + "operationId": "PolicySetDefinitions_CreateOrUpdateAtManagementGroup", + "title": "Create or update a policy set definition at management group level" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionVersion.json index 0a5b284e5a73..f1aa0608b1db 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionVersion.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionVersion.json @@ -1,17 +1,13 @@ { "parameters": { - "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "policySetDefinitionName": "CostManagement", - "policyDefinitionVersion": "1.2.1", "api-version": "2025-03-01", "parameters": { "properties": { - "displayName": "Cost Management", "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", "metadata": { "category": "Cost Management" }, - "version": "1.2.1", "parameters": { "namePrefix": { "type": "String", @@ -23,8 +19,6 @@ }, "policyDefinitions": [ { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", - "policyDefinitionReferenceId": "Limit_Skus", "parameters": { "listOfAllowedSKUs": { "value": [ @@ -32,11 +26,11 @@ "Standard_LRS" ] } - } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" }, { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", - "policyDefinitionReferenceId": "Resource_Naming", "parameters": { "prefix": { "value": "[parameters('namePrefix')]" @@ -44,26 +38,30 @@ "suffix": { "value": "-LC" } - } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" } - ] + ], + "version": "1.2.1" } - } + }, + "policyDefinitionVersion": "1.2.1", + "policySetDefinitionName": "CostManagement", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { - "201": { - "headers": {}, + "200": { "body": { - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", - "type": "Microsoft.Authorization/policySetDefinitions/versions", "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", "properties": { - "displayName": "Cost Management", "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", "metadata": { "category": "Cost Management" }, - "version": "1.2.1", "parameters": { "namePrefix": { "type": "String", @@ -75,9 +73,7 @@ }, "policyDefinitions": [ { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Limit_Skus", "parameters": { "listOfAllowedSKUs": { "value": [ @@ -85,12 +81,12 @@ "Standard_LRS" ] } - } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" }, { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Resource_Naming", "parameters": { "prefix": { "value": "[parameters('namePrefix')]" @@ -98,25 +94,27 @@ "suffix": { "value": "-LC" } - } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" } - ] + ], + "version": "1.2.1" } - } + }, + "headers": {} }, - "200": { - "headers": {}, + "201": { "body": { - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", - "type": "Microsoft.Authorization/policySetDefinitions/versions", "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", "properties": { - "displayName": "Cost Management", "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", "metadata": { "category": "Cost Management" }, - "version": "1.2.1", "parameters": { "namePrefix": { "type": "String", @@ -128,9 +126,7 @@ }, "policyDefinitions": [ { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Limit_Skus", "parameters": { "listOfAllowedSKUs": { "value": [ @@ -138,12 +134,12 @@ "Standard_LRS" ] } - } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" }, { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Resource_Naming", "parameters": { "prefix": { "value": "[parameters('namePrefix')]" @@ -151,11 +147,17 @@ "suffix": { "value": "-LC" } - } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" } - ] + ], + "version": "1.2.1" } - } + }, + "headers": {} } - } + }, + "operationId": "PolicySetDefinitionVersions_CreateOrUpdate", + "title": "Create or update a policy set definition version" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionVersionAtManagementGroup.json index 8acf8598ccec..079604c3768d 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionVersionAtManagementGroup.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionVersionAtManagementGroup.json @@ -1,21 +1,16 @@ { "parameters": { - "managementGroupName": "MyManagementGroup", - "policySetDefinitionName": "CostManagement", - "policyDefinitionVersion": "1.2.1", "api-version": "2025-03-01", + "managementGroupName": "MyManagementGroup", "parameters": { "properties": { - "displayName": "Cost Management", "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", "metadata": { "category": "Cost Management" }, - "version": "1.2.1", "policyDefinitions": [ { - "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", - "policyDefinitionReferenceId": "Limit_Skus", "parameters": { "listOfAllowedSKUs": { "value": [ @@ -23,11 +18,11 @@ "Standard_LRS" ] } - } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" }, { - "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", - "policyDefinitionReferenceId": "Resource_Naming", "parameters": { "prefix": { "value": "DeptA" @@ -35,31 +30,32 @@ "suffix": { "value": "-LC" } - } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" } - ] + ], + "version": "1.2.1" } - } + }, + "policyDefinitionVersion": "1.2.1", + "policySetDefinitionName": "CostManagement" }, "responses": { - "201": { - "headers": {}, + "200": { "body": { - "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", - "type": "Microsoft.Authorization/policySetDefinitions/versions", - "name": "1.2.1", + "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", "properties": { - "displayName": "Cost Management", "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", "metadata": { "category": "Cost Management" }, - "version": "1.2.1", "policyDefinitions": [ { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Limit_Skus", "parameters": { "listOfAllowedSKUs": { "value": [ @@ -67,12 +63,12 @@ "Standard_LRS" ] } - } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" }, { - "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Resource_Naming", "parameters": { "prefix": { "value": "DeptA" @@ -80,29 +76,29 @@ "suffix": { "value": "-LC" } - } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" } ] } - } + }, + "headers": {} }, - "200": { - "headers": {}, + "201": { "body": { - "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", - "type": "Microsoft.Authorization/policySetDefinitions", - "name": "CostManagement", + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", "properties": { - "displayName": "Cost Management", "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", "metadata": { "category": "Cost Management" }, "policyDefinitions": [ { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Limit_Skus", "parameters": { "listOfAllowedSKUs": { "value": [ @@ -110,12 +106,12 @@ "Standard_LRS" ] } - } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" }, { - "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Resource_Naming", "parameters": { "prefix": { "value": "DeptA" @@ -123,11 +119,17 @@ "suffix": { "value": "-LC" } - } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" } - ] + ], + "version": "1.2.1" } - } + }, + "headers": {} } - } + }, + "operationId": "PolicySetDefinitionVersions_CreateOrUpdateAtManagementGroup", + "title": "Create or update a policy set definition version at management group level" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionWithGroups.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionWithGroups.json index fd6f4b9e25d9..4bc6d042bb4a 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionWithGroups.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionWithGroups.json @@ -1,32 +1,28 @@ { "parameters": { - "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "policySetDefinitionName": "CostManagement", "api-version": "2025-03-01", "parameters": { "properties": { - "displayName": "Cost Management", "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", "metadata": { "category": "Cost Management" }, "policyDefinitionGroups": [ { "name": "CostSaving", - "displayName": "Cost Management Policies", - "description": "Policies designed to control spend within a subscription." + "description": "Policies designed to control spend within a subscription.", + "displayName": "Cost Management Policies" }, { "name": "Organizational", - "displayName": "Organizational Policies", - "description": "Policies that help enforce resource organization standards within a subscription." + "description": "Policies that help enforce resource organization standards within a subscription.", + "displayName": "Organizational Policies" } ], "policyDefinitions": [ { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Limit_Skus", "groupNames": [ "CostSaving" ], @@ -37,12 +33,12 @@ "Standard_LRS" ] } - } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" }, { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Resource_Naming", "groupNames": [ "Organizational" ], @@ -53,47 +49,43 @@ "suffix": { "value": "-LC" } - } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" } ] } - } + }, + "policySetDefinitionName": "CostManagement", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { - "201": { - "headers": {}, + "200": { "body": { - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", - "type": "Microsoft.Authorization/policySetDefinitions", "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", "properties": { - "displayName": "Cost Management", "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", "metadata": { "category": "Cost Management" }, - "version": "1.2.1", - "versions": [ - "1.2.1", - "1.0.0" - ], "policyDefinitionGroups": [ { "name": "CostSaving", - "displayName": "Cost Management Policies", - "description": "Policies designed to control spend within a subscription." + "description": "Policies designed to control spend within a subscription.", + "displayName": "Cost Management Policies" }, { "name": "Organizational", - "displayName": "Organizational Policies", - "description": "Policies that help enforce resource organization standards within a subscription." + "description": "Policies that help enforce resource organization standards within a subscription.", + "displayName": "Organizational Policies" } ], "policyDefinitions": [ { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Limit_Skus", "groupNames": [ "CostSaving" ], @@ -104,12 +96,12 @@ "Standard_LRS" ] } - } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" }, { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Resource_Naming", "groupNames": [ "Organizational" ], @@ -120,46 +112,46 @@ "suffix": { "value": "-LC" } - } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" ] } - } + }, + "headers": {} }, - "200": { - "headers": {}, + "201": { "body": { - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", - "type": "Microsoft.Authorization/policySetDefinitions", "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", "properties": { - "displayName": "Cost Management", "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", "metadata": { "category": "Cost Management" }, - "version": "1.2.1", - "versions": [ - "1.2.1", - "1.0.0" - ], "policyDefinitionGroups": [ { "name": "CostSaving", - "displayName": "Cost Management Policies", - "description": "Policies designed to control spend within a subscription." + "description": "Policies designed to control spend within a subscription.", + "displayName": "Cost Management Policies" }, { "name": "Organizational", - "displayName": "Organizational Policies", - "description": "Policies that help enforce resource organization standards within a subscription." + "description": "Policies that help enforce resource organization standards within a subscription.", + "displayName": "Organizational Policies" } ], "policyDefinitions": [ { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Limit_Skus", "groupNames": [ "CostSaving" ], @@ -170,12 +162,12 @@ "Standard_LRS" ] } - } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" }, { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Resource_Naming", "groupNames": [ "Organizational" ], @@ -186,11 +178,21 @@ "suffix": { "value": "-LC" } - } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" ] } - } + }, + "headers": {} } - } + }, + "operationId": "PolicySetDefinitions_CreateOrUpdate", + "title": "Create or update a policy set definition with groups" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionWithGroupsAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionWithGroupsAtManagementGroup.json index 529e8355de04..e5e142d22577 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionWithGroupsAtManagementGroup.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createOrUpdatePolicySetDefinitionWithGroupsAtManagementGroup.json @@ -1,31 +1,28 @@ { "parameters": { - "managementGroupId": "MyManagementGroup", - "policySetDefinitionName": "CostManagement", "api-version": "2025-03-01", + "managementGroupId": "MyManagementGroup", "parameters": { "properties": { - "displayName": "Cost Management", "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", "metadata": { "category": "Cost Management" }, "policyDefinitionGroups": [ { "name": "CostSaving", - "displayName": "Cost Management Policies", - "description": "Policies designed to control spend within a subscription." + "description": "Policies designed to control spend within a subscription.", + "displayName": "Cost Management Policies" }, { "name": "Organizational", - "displayName": "Organizational Policies", - "description": "Policies that help enforce resource organization standards within a subscription." + "description": "Policies that help enforce resource organization standards within a subscription.", + "displayName": "Organizational Policies" } ], "policyDefinitions": [ { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", - "policyDefinitionReferenceId": "Limit_Skus", "groupNames": [ "CostSaving" ], @@ -36,11 +33,11 @@ "Standard_LRS" ] } - } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" }, { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", - "policyDefinitionReferenceId": "Resource_Naming", "groupNames": [ "Organizational" ], @@ -51,47 +48,42 @@ "suffix": { "value": "-LC" } - } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" } ] } - } + }, + "policySetDefinitionName": "CostManagement" }, "responses": { - "201": { - "headers": {}, + "200": { "body": { - "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", - "type": "Microsoft.Authorization/policySetDefinitions", "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", "properties": { - "displayName": "Cost Management", "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", "metadata": { "category": "Cost Management" }, - "version": "1.2.1", - "versions": [ - "1.2.1", - "1.0.0" - ], "policyDefinitionGroups": [ { "name": "CostSaving", - "displayName": "Cost Management Policies", - "description": "Policies designed to control spend within a subscription." + "description": "Policies designed to control spend within a subscription.", + "displayName": "Cost Management Policies" }, { "name": "Organizational", - "displayName": "Organizational Policies", - "description": "Policies that help enforce resource organization standards within a subscription." + "description": "Policies that help enforce resource organization standards within a subscription.", + "displayName": "Organizational Policies" } ], "policyDefinitions": [ { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Limit_Skus", "groupNames": [ "CostSaving" ], @@ -102,12 +94,12 @@ "Standard_LRS" ] } - } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" }, { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Resource_Naming", "groupNames": [ "Organizational" ], @@ -118,46 +110,46 @@ "suffix": { "value": "-LC" } - } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" ] } - } + }, + "headers": {} }, - "200": { - "headers": {}, + "201": { "body": { - "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", - "type": "Microsoft.Authorization/policySetDefinitions", "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", "properties": { - "displayName": "Cost Management", "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", "metadata": { "category": "Cost Management" }, - "version": "1.2.1", - "versions": [ - "1.2.1", - "1.0.0" - ], "policyDefinitionGroups": [ { "name": "CostSaving", - "displayName": "Cost Management Policies", - "description": "Policies designed to control spend within a subscription." + "description": "Policies designed to control spend within a subscription.", + "displayName": "Cost Management Policies" }, { "name": "Organizational", - "displayName": "Organizational Policies", - "description": "Policies that help enforce resource organization standards within a subscription." + "description": "Policies that help enforce resource organization standards within a subscription.", + "displayName": "Organizational Policies" } ], "policyDefinitions": [ { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Limit_Skus", "groupNames": [ "CostSaving" ], @@ -168,12 +160,12 @@ "Standard_LRS" ] } - } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" }, { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Resource_Naming", "groupNames": [ "Organizational" ], @@ -184,11 +176,21 @@ "suffix": { "value": "-LC" } - } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" ] } - } + }, + "headers": {} } - } + }, + "operationId": "PolicySetDefinitions_CreateOrUpdateAtManagementGroup", + "title": "Create or update a policy set definition with groups at management group level" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createPolicyAssignment.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createPolicyAssignment.json index 9df240827893..0d8381c1a2e1 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createPolicyAssignment.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createPolicyAssignment.json @@ -1,16 +1,18 @@ { "parameters": { - "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "policyAssignmentName": "EnforceNaming", "api-version": "2025-03-01", "parameters": { "properties": { - "displayName": "Enforce resource naming rules", "description": "Force resource names to begin with given DeptA and end with -LC", + "displayName": "Enforce resource naming rules", "metadata": { "assignedBy": "Special Someone" }, - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "nonComplianceMessages": [ + { + "message": "Resource names must start with 'DeptA' and end with '-LC'." + } + ], "parameters": { "prefix": { "value": "DeptA" @@ -19,26 +21,32 @@ "value": "-LC" } }, - "nonComplianceMessages": [ - { - "message": "Resource names must start with 'DeptA' and end with '-LC'." - } - ] + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming" } - } + }, + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "201": { - "headers": {}, "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", "properties": { - "displayName": "Enforce resource naming rules", "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", "metadata": { "assignedBy": "Special Someone" }, - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", - "definitionVersion": "1.*.*", + "nonComplianceMessages": [ + { + "message": "Resource names must start with 'DeptA' and end with '-LC'." + } + ], "notScopes": [], "parameters": { "prefix": { @@ -48,19 +56,13 @@ "value": "-LC" } }, - "enforcementMode": "Default", - "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "nonComplianceMessages": [ - { - "message": "Resource names must start with 'DeptA' and end with '-LC'." - } - ], - "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b" - }, - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", - "type": "Microsoft.Authorization/policyAssignments", - "name": "EnforceNaming" - } + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} } - } + }, + "operationId": "PolicyAssignments_Create", + "title": "Create or update a policy assignment" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createPolicyAssignmentNonComplianceMessages.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createPolicyAssignmentNonComplianceMessages.json index f31383871d17..506a0db6ad8e 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createPolicyAssignmentNonComplianceMessages.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createPolicyAssignmentNonComplianceMessages.json @@ -1,12 +1,9 @@ { "parameters": { - "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "policyAssignmentName": "securityInitAssignment", "api-version": "2025-03-01", "parameters": { "properties": { "displayName": "Enforce security policies", - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative", "nonComplianceMessages": [ { "message": "Resources must comply with all internal security policies. See for more info." @@ -19,24 +16,27 @@ "message": "Storage accounts must have firewall rules configured.", "policyDefinitionReferenceId": "8572513655450389710" } - ] + ], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative" } - } + }, + "policyAssignmentName": "securityInitAssignment", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "201": { - "headers": {}, "body": { + "name": "securityInitAssignment", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/securityInitAssignment", "properties": { + "definitionVersion": "1.*.*", "displayName": "Enforce security policies", + "enforcementMode": "Default", + "instanceId": "b7e0f8a9-1c2d-4e3f-8b4c-5d6e7f8a9b0c", "metadata": { "assignedBy": "User 1" }, - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative", - "definitionVersion": "1.*.*", - "notScopes": [], - "enforcementMode": "Default", - "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "nonComplianceMessages": [ { "message": "Resources must comply with all internal security policies. See for more info." @@ -50,12 +50,14 @@ "policyDefinitionReferenceId": "8572513655450389710" } ], - "instanceId": "b7e0f8a9-1c2d-4e3f-8b4c-5d6e7f8a9b0c" - }, - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/securityInitAssignment", - "type": "Microsoft.Authorization/policyAssignments", - "name": "securityInitAssignment" - } + "notScopes": [], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/securityInitiative", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} } - } + }, + "operationId": "PolicyAssignments_Create", + "title": "Create or update a policy assignment with multiple non-compliance messages" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createPolicyAssignmentWithEnrollEnforcement.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createPolicyAssignmentWithEnrollEnforcement.json index 12743358049d..f14af10acda8 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createPolicyAssignmentWithEnrollEnforcement.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createPolicyAssignmentWithEnrollEnforcement.json @@ -1,16 +1,14 @@ { "parameters": { - "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "policyAssignmentName": "EnforceNamingEnroll", "api-version": "2025-03-01", "parameters": { "properties": { - "displayName": "Enforce resource naming rules", "description": "Force resource names to begin with given DeptA and end with -LC", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Enroll", "metadata": { "assignedBy": "Special Someone" }, - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "parameters": { "prefix": { "value": "DeptA" @@ -19,22 +17,27 @@ "value": "-LC" } }, - "enforcementMode": "Enroll" + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming" } - } + }, + "policyAssignmentName": "EnforceNamingEnroll", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "201": { - "headers": {}, "body": { + "name": "EnforceNamingEnroll", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNamingEnroll", "properties": { - "displayName": "Enforce resource naming rules", "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Enroll", + "instanceId": "f2b3c4d5-e6f7-8a9b-0c1d-2e3f4a5b6c7d", "metadata": { "assignedBy": "Special Someone" }, - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", - "definitionVersion": "1.*.*", "notScopes": [], "parameters": { "prefix": { @@ -44,14 +47,13 @@ "value": "-LC" } }, - "enforcementMode": "Enroll", - "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "instanceId": "f2b3c4d5-e6f7-8a9b-0c1d-2e3f4a5b6c7d" - }, - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNamingEnroll", - "type": "Microsoft.Authorization/policyAssignments", - "name": "EnforceNamingEnroll" - } + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} } - } + }, + "operationId": "PolicyAssignments_Create", + "title": "Create or update a policy assignment to enforce policy effect only on enrolled resources during resource creation or update." } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createPolicyAssignmentWithIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createPolicyAssignmentWithIdentity.json index 68286fd11f2a..1ff9945511b9 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createPolicyAssignmentWithIdentity.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createPolicyAssignmentWithIdentity.json @@ -1,20 +1,18 @@ { "parameters": { - "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "policyAssignmentName": "EnforceNaming", "api-version": "2025-03-01", "parameters": { - "location": "eastus", "identity": { "type": "SystemAssigned" }, + "location": "eastus", "properties": { - "displayName": "Enforce resource naming rules", "description": "Force resource names to begin with given DeptA and end with -LC", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", "metadata": { "assignedBy": "Foo Bar" }, - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "parameters": { "prefix": { "value": "DeptA" @@ -23,22 +21,33 @@ "value": "-LC" } }, - "enforcementMode": "Default" + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming" } - } + }, + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "201": { - "headers": {}, "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "eastus", "properties": { - "displayName": "Enforce resource naming rules", "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", "metadata": { "assignedBy": "Special Someone" }, - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", - "definitionVersion": "1.*.*", "notScopes": [], "parameters": { "prefix": { @@ -48,20 +57,13 @@ "value": "-LC" } }, - "enforcementMode": "Default", - "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b" - }, - "identity": { - "type": "SystemAssigned", - "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", - "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" - }, - "location": "eastus", - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", - "type": "Microsoft.Authorization/policyAssignments", - "name": "EnforceNaming" - } + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} } - } + }, + "operationId": "PolicyAssignments_Create", + "title": "Create or update a policy assignment with a system assigned identity" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createPolicyAssignmentWithOverrides.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createPolicyAssignmentWithOverrides.json index 93b4de1a4387..7ef5947130af 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createPolicyAssignmentWithOverrides.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createPolicyAssignmentWithOverrides.json @@ -1,84 +1,86 @@ { "parameters": { - "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "policyAssignmentName": "CostManagement", "api-version": "2025-03-01", "parameters": { "properties": { - "displayName": "Limit the resource location and resource SKU", "description": "Limit the resource location and resource SKU", + "definitionVersion": "1.*.*", + "displayName": "Limit the resource location and resource SKU", "metadata": { "assignedBy": "Special Someone" }, - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", - "definitionVersion": "1.*.*", "overrides": [ { "kind": "policyEffect", - "value": "Audit", "selectors": [ { - "kind": "policyDefinitionReferenceId", "in": [ "Limit_Skus", "Limit_Locations" - ] + ], + "kind": "policyDefinitionReferenceId" } - ] + ], + "value": "Audit" }, { "kind": "definitionVersion", - "value": "2.*.*", "selectors": [ { - "kind": "resourceLocation", "in": [ "eastUSEuap", "centralUSEuap" - ] + ], + "kind": "resourceLocation" } - ] + ], + "value": "2.*.*" } - ] + ], + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement" } - } + }, + "policyAssignmentName": "CostManagement", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "201": { - "headers": {}, "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", "properties": { - "displayName": "Limit the resource location and resource SKU", "description": "Limit the resource location and resource SKU", + "definitionVersion": "1.*.*", + "displayName": "Limit the resource location and resource SKU", + "enforcementMode": "Default", + "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e", "metadata": { "assignedBy": "Special Someone" }, - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", - "definitionVersion": "1.*.*", "notScopes": [], - "enforcementMode": "Default", - "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "overrides": [ { "kind": "policyEffect", - "value": "Audit", "selectors": [ { - "kind": "policyDefinitionReferenceId", "in": [ "Limit_Skus", "Limit_Locations" - ] + ], + "kind": "policyDefinitionReferenceId" } - ] + ], + "value": "Audit" } ], - "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e" - }, - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", - "type": "Microsoft.Authorization/policyAssignments", - "name": "CostManagement" - } + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} } - } + }, + "operationId": "PolicyAssignments_Create", + "title": "Create or update a policy assignment with overrides" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createPolicyAssignmentWithResourceSelectors.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createPolicyAssignmentWithResourceSelectors.json index 30625c8405d4..3bfb7303f6ec 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createPolicyAssignmentWithResourceSelectors.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createPolicyAssignmentWithResourceSelectors.json @@ -1,12 +1,10 @@ { "parameters": { - "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "policyAssignmentName": "CostManagement", "api-version": "2025-03-01", "parameters": { "properties": { - "displayName": "Limit the resource location and resource SKU", "description": "Limit the resource location and resource SKU", + "displayName": "Limit the resource location and resource SKU", "metadata": { "assignedBy": "Special Someone" }, @@ -16,53 +14,57 @@ "name": "SDPRegions", "selectors": [ { - "kind": "resourceLocation", "in": [ "eastus2euap", "centraluseuap" - ] + ], + "kind": "resourceLocation" } ] } ] } - } + }, + "policyAssignmentName": "CostManagement", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "201": { - "headers": {}, "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", "properties": { - "displayName": "Limit the resource location and resource SKU", "description": "Limit the resource location and resource SKU", + "definitionVersion": "1.*.*", + "displayName": "Limit the resource location and resource SKU", + "enforcementMode": "Default", + "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e", "metadata": { "assignedBy": "Special Someone" }, - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", - "definitionVersion": "1.*.*", "notScopes": [], - "enforcementMode": "Default", - "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", "resourceSelectors": [ { "name": "SDPRegions", "selectors": [ { - "kind": "resourceLocation", "in": [ "eastus2euap", "centraluseuap" - ] + ], + "kind": "resourceLocation" } ] } ], - "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e" - }, - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", - "type": "Microsoft.Authorization/policyAssignments", - "name": "CostManagement" - } + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} } - } + }, + "operationId": "PolicyAssignments_Create", + "title": "Create or update a policy assignment with resource selectors" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createPolicyAssignmentWithUserAssignedIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createPolicyAssignmentWithUserAssignedIdentity.json index eb03da7619e8..765add88100a 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createPolicyAssignmentWithUserAssignedIdentity.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createPolicyAssignmentWithUserAssignedIdentity.json @@ -1,23 +1,21 @@ { "parameters": { - "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "policyAssignmentName": "EnforceNaming", "api-version": "2025-03-01", "parameters": { - "location": "eastus", "identity": { "type": "UserAssigned", "userAssignedIdentities": { "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": {} } }, + "location": "eastus", "properties": { - "displayName": "Enforce resource naming rules", "description": "Force resource names to begin with given DeptA and end with -LC", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", "metadata": { "assignedBy": "Foo Bar" }, - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "parameters": { "prefix": { "value": "DeptA" @@ -26,22 +24,37 @@ "value": "-LC" } }, - "enforcementMode": "Default" + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming" } - } + }, + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "201": { - "headers": {}, "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": { + "clientId": "4bee2b8a-1bee-47c2-90e9-404241551135", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a" + } + } + }, + "location": "eastus", "properties": { - "displayName": "Enforce resource naming rules", "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", "metadata": { "assignedBy": "Special Someone" }, - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", - "definitionVersion": "1.*.*", "notScopes": [], "parameters": { "prefix": { @@ -51,24 +64,13 @@ "value": "-LC" } }, - "enforcementMode": "Default", - "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b" - }, - "identity": { - "type": "UserAssigned", - "userAssignedIdentities": { - "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": { - "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", - "clientId": "4bee2b8a-1bee-47c2-90e9-404241551135" - } - } - }, - "location": "eastus", - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", - "type": "Microsoft.Authorization/policyAssignments", - "name": "EnforceNaming" - } + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} } - } + }, + "operationId": "PolicyAssignments_Create", + "title": "Create or update a policy assignment with a user assigned identity" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createPolicyAssignmentWithoutEnforcement.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createPolicyAssignmentWithoutEnforcement.json index 8a9d3d0c5137..61d6cd45f59d 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createPolicyAssignmentWithoutEnforcement.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/createPolicyAssignmentWithoutEnforcement.json @@ -1,16 +1,14 @@ { "parameters": { - "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "policyAssignmentName": "EnforceNaming", "api-version": "2025-03-01", "parameters": { "properties": { - "displayName": "Enforce resource naming rules", "description": "Force resource names to begin with given DeptA and end with -LC", + "displayName": "Enforce resource naming rules", + "enforcementMode": "DoNotEnforce", "metadata": { "assignedBy": "Special Someone" }, - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "parameters": { "prefix": { "value": "DeptA" @@ -19,22 +17,27 @@ "value": "-LC" } }, - "enforcementMode": "DoNotEnforce" + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming" } - } + }, + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "201": { - "headers": {}, "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", "properties": { - "displayName": "Enforce resource naming rules", "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "DoNotEnforce", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", "metadata": { "assignedBy": "Special Someone" }, - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", - "definitionVersion": "1.*.*", "notScopes": [], "parameters": { "prefix": { @@ -44,14 +47,13 @@ "value": "-LC" } }, - "enforcementMode": "DoNotEnforce", - "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b" - }, - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", - "type": "Microsoft.Authorization/policyAssignments", - "name": "EnforceNaming" - } + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} } - } + }, + "operationId": "PolicyAssignments_Create", + "title": "Create or update a policy assignment without enforcing policy effect during resource creation or update." } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicyAssignment.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicyAssignment.json index 28849c27c25f..e03b67b96c17 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicyAssignment.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicyAssignment.json @@ -1,21 +1,23 @@ { "parameters": { - "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2025-03-01", "policyAssignmentName": "EnforceNaming", - "api-version": "2025-03-01" + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "200": { - "headers": {}, "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", "properties": { - "displayName": "Enforce resource naming rules", "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", "metadata": { "assignedBy": "Special Someone" }, - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", - "definitionVersion": "1.*.*", "notScopes": [], "parameters": { "prefix": { @@ -25,16 +27,16 @@ "value": "-LC" } }, - "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b" - }, - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", - "type": "Microsoft.Authorization/policyAssignments", - "name": "EnforceNaming" - } + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} }, "204": { "headers": {} } - } + }, + "operationId": "PolicyAssignments_Delete", + "title": "Delete a policy assignment" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicyDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicyDefinition.json index 840f916a951e..7576285efdb7 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicyDefinition.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicyDefinition.json @@ -1,8 +1,8 @@ { "parameters": { - "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2025-03-01", "policyDefinitionName": "ResourceNaming", - "api-version": "2025-03-01" + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "200": { @@ -11,5 +11,7 @@ "204": { "headers": {} } - } + }, + "operationId": "PolicyDefinitions_Delete", + "title": "Delete a policy definition" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicyDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicyDefinitionAtManagementGroup.json index b80dd773ec0d..228df971b91a 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicyDefinitionAtManagementGroup.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicyDefinitionAtManagementGroup.json @@ -1,8 +1,8 @@ { "parameters": { + "api-version": "2025-03-01", "managementGroupId": "MyManagementGroup", - "policyDefinitionName": "ResourceNaming", - "api-version": "2025-03-01" + "policyDefinitionName": "ResourceNaming" }, "responses": { "200": { @@ -11,5 +11,7 @@ "204": { "headers": {} } - } + }, + "operationId": "PolicyDefinitions_DeleteAtManagementGroup", + "title": "Delete a policy definition at management group level" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicyDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicyDefinitionVersion.json index 0f654df7e16d..d41ae43ef4ce 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicyDefinitionVersion.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicyDefinitionVersion.json @@ -1,9 +1,9 @@ { "parameters": { - "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2025-03-01", "policyDefinitionName": "ResourceNaming", "policyDefinitionVersion": "1.2.1", - "api-version": "2025-03-01" + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "200": { @@ -12,5 +12,7 @@ "204": { "headers": {} } - } + }, + "operationId": "PolicyDefinitionVersions_Delete", + "title": "Delete a policy definition version" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicyDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicyDefinitionVersionAtManagementGroup.json index 3209fd673fec..b841e31494c2 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicyDefinitionVersionAtManagementGroup.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicyDefinitionVersionAtManagementGroup.json @@ -1,9 +1,9 @@ { "parameters": { + "api-version": "2025-03-01", "managementGroupName": "MyManagementGroup", "policyDefinitionName": "ResourceNaming", - "policyDefinitionVersion": "1.2.1", - "api-version": "2025-03-01" + "policyDefinitionVersion": "1.2.1" }, "responses": { "200": { @@ -12,5 +12,7 @@ "204": { "headers": {} } - } + }, + "operationId": "PolicyDefinitionVersions_DeleteAtManagementGroup", + "title": "Delete a policy definition version at management group level" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicySetDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicySetDefinition.json index a69af9a5d9cc..93388f84fcd0 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicySetDefinition.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicySetDefinition.json @@ -1,8 +1,8 @@ { "parameters": { - "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2025-03-01", "policySetDefinitionName": "CostManagement", - "api-version": "2025-03-01" + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "200": { @@ -11,5 +11,7 @@ "204": { "headers": {} } - } + }, + "operationId": "PolicySetDefinitions_Delete", + "title": "Delete a policy set definition" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicySetDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicySetDefinitionAtManagementGroup.json index 4e6b5a0e1a3b..18888ec78cf8 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicySetDefinitionAtManagementGroup.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicySetDefinitionAtManagementGroup.json @@ -1,8 +1,8 @@ { "parameters": { + "api-version": "2025-03-01", "managementGroupId": "MyManagementGroup", - "policySetDefinitionName": "CostManagement", - "api-version": "2025-03-01" + "policySetDefinitionName": "CostManagement" }, "responses": { "200": { @@ -11,5 +11,7 @@ "204": { "headers": {} } - } + }, + "operationId": "PolicySetDefinitions_DeleteAtManagementGroup", + "title": "Delete a policy set definition at management group level" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicySetDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicySetDefinitionVersion.json index 9c5b2f3db5bf..29dc54f08816 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicySetDefinitionVersion.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicySetDefinitionVersion.json @@ -1,9 +1,9 @@ { "parameters": { - "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "policySetDefinitionName": "CostManagement", + "api-version": "2025-03-01", "policyDefinitionVersion": "1.2.1", - "api-version": "2025-03-01" + "policySetDefinitionName": "CostManagement", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "200": { @@ -12,5 +12,7 @@ "204": { "headers": {} } - } + }, + "operationId": "PolicySetDefinitionVersions_Delete", + "title": "Delete a policy set definition version" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicySetDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicySetDefinitionVersionAtManagementGroup.json index d3cfdea83687..cc00c62a0f06 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicySetDefinitionVersionAtManagementGroup.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/deletePolicySetDefinitionVersionAtManagementGroup.json @@ -1,9 +1,9 @@ { "parameters": { + "api-version": "2025-03-01", "managementGroupName": "MyManagementGroup", - "policySetDefinitionName": "CostManagement", "policyDefinitionVersion": "1.2.1", - "api-version": "2025-03-01" + "policySetDefinitionName": "CostManagement" }, "responses": { "200": { @@ -12,5 +12,7 @@ "204": { "headers": {} } - } + }, + "operationId": "PolicySetDefinitionVersions_DeleteAtManagementGroup", + "title": "Delete a policy set definition version at management group level" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getBuiltInPolicySetDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getBuiltInPolicySetDefinition.json index d47320962b32..e003a337577d 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getBuiltInPolicySetDefinition.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getBuiltInPolicySetDefinition.json @@ -1,82 +1,84 @@ { "parameters": { - "policySetDefinitionName": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", - "api-version": "2025-03-01" + "api-version": "2025-03-01", + "policySetDefinitionName": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" }, "responses": { "200": { - "headers": {}, "body": { + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", "properties": { - "displayName": "[Preview]: Enable Monitoring in Azure Security Center", - "policyType": "BuiltIn", "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", "metadata": { "category": "Security Center" }, - "version": "1.2.1", - "versions": [ - "1.2.1", - "1.0.0" - ], "parameters": {}, "policyDefinitions": [ { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", "policyDefinitionReferenceId": "RefId1" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", "policyDefinitionReferenceId": "RefId2" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", "policyDefinitionReferenceId": "RefId3" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", "policyDefinitionReferenceId": "RefId4" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", "policyDefinitionReferenceId": "RefId5" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", "policyDefinitionReferenceId": "RefId6" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", "policyDefinitionReferenceId": "RefId7" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", "policyDefinitionReferenceId": "RefId8" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", "policyDefinitionReferenceId": "RefId9" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", "policyDefinitionReferenceId": "RefId10" } + ], + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" ] - }, - "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", - "type": "Microsoft.Authorization/policySetDefinitions", - "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" - } + } + }, + "headers": {} } - } + }, + "operationId": "PolicySetDefinitions_GetBuiltIn", + "title": "Retrieve a built-in policy set definition" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getBuiltInPolicySetDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getBuiltInPolicySetDefinitionVersion.json index 703092a8f55b..1d9c1862f115 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getBuiltInPolicySetDefinitionVersion.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getBuiltInPolicySetDefinitionVersion.json @@ -1,79 +1,81 @@ { "parameters": { - "policySetDefinitionName": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "api-version": "2025-03-01", "policyDefinitionVersion": "1.2.1", - "api-version": "2025-03-01" + "policySetDefinitionName": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" }, "responses": { "200": { - "headers": {}, "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8/versions/1.2.1", "properties": { - "displayName": "[Preview]: Enable Monitoring in Azure Security Center", - "policyType": "BuiltIn", "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", "metadata": { "category": "Security Center" }, - "version": "1.2.1", "parameters": {}, "policyDefinitions": [ { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", "policyDefinitionReferenceId": "RefId1" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", "policyDefinitionReferenceId": "RefId2" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", "policyDefinitionReferenceId": "RefId3" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", "policyDefinitionReferenceId": "RefId4" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", "policyDefinitionReferenceId": "RefId5" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", "policyDefinitionReferenceId": "RefId6" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", "policyDefinitionReferenceId": "RefId7" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", "policyDefinitionReferenceId": "RefId8" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", "policyDefinitionReferenceId": "RefId9" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", "policyDefinitionReferenceId": "RefId10" } - ] - }, - "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8/versions/1.2.1", - "type": "Microsoft.Authorization/policySetDefinitions/versions", - "name": "1.2.1" - } + ], + "policyType": "BuiltIn", + "version": "1.2.1" + } + }, + "headers": {} } - } + }, + "operationId": "PolicySetDefinitionVersions_GetBuiltIn", + "title": "Retrieve a built-in policy set definition version" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getBuiltinPolicyDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getBuiltinPolicyDefinition.json index 54655f98071c..f15fa3d43eb8 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getBuiltinPolicyDefinition.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getBuiltinPolicyDefinition.json @@ -1,18 +1,19 @@ { "parameters": { - "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2025-03-01", "policyDefinitionName": "7433c107-6db4-4ad1-b57a-a76dce0154a1", - "api-version": "2025-03-01" + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "200": { - "headers": {}, "body": { + "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", "properties": { - "mode": "All", - "displayName": "Allowed storage account SKUs", - "policyType": "BuiltIn", "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.", + "displayName": "Allowed storage account SKUs", + "mode": "All", "parameters": { "listOfAllowedSKUs": { "type": "Array", @@ -23,17 +24,12 @@ } } }, - "version": "1.2.1", - "versions": [ - "1.2.1", - "1.0.0" - ], "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Storage/storageAccounts" + "equals": "Microsoft.Storage/storageAccounts", + "field": "type" }, { "not": { @@ -46,12 +42,18 @@ "then": { "effect": "Deny" } - } - }, - "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", - "type": "Microsoft.Authorization/policyDefinitions", - "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1" - } + }, + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} } - } + }, + "operationId": "PolicyDefinitions_GetBuiltIn", + "title": "Retrieve a built-in policy definition" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getBuiltinPolicyDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getBuiltinPolicyDefinitionVersion.json index 000131b68354..d45119a673f5 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getBuiltinPolicyDefinitionVersion.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getBuiltinPolicyDefinitionVersion.json @@ -1,19 +1,20 @@ { "parameters": { - "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2025-03-01", "policyDefinitionName": "7433c107-6db4-4ad1-b57a-a76dce0154a1", "policyDefinitionVersion": "1.2.1", - "api-version": "2025-03-01" + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "200": { - "headers": {}, "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1/versions/1.2.1", "properties": { - "mode": "All", - "displayName": "Allowed storage account SKUs", - "policyType": "BuiltIn", "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.", + "displayName": "Allowed storage account SKUs", + "mode": "All", "parameters": { "listOfAllowedSKUs": { "type": "Array", @@ -24,13 +25,12 @@ } } }, - "version": "1.2.1", "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Storage/storageAccounts" + "equals": "Microsoft.Storage/storageAccounts", + "field": "type" }, { "not": { @@ -43,12 +43,14 @@ "then": { "effect": "Deny" } - } - }, - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1/versions/1.2.1", - "type": "Microsoft.Authorization/policyDefinitions/versions", - "name": "1.2.1" - } + }, + "policyType": "BuiltIn", + "version": "1.2.1" + } + }, + "headers": {} } - } + }, + "operationId": "PolicyDefinitionVersions_GetBuiltIn", + "title": "Retrieve a built-in policy definition version" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyAssignment.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyAssignment.json index b13348bfbe4c..4936ef94da0e 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyAssignment.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyAssignment.json @@ -1,21 +1,24 @@ { "parameters": { - "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2025-03-01", "policyAssignmentName": "EnforceNaming", - "api-version": "2025-03-01" + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "200": { - "headers": {}, "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", "properties": { - "displayName": "Enforce resource naming rules", "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", "metadata": { "assignedBy": "Special Someone" }, - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", - "definitionVersion": "1.*.*", "notScopes": [], "parameters": { "prefix": { @@ -25,14 +28,13 @@ "value": "-LC" } }, - "enforcementMode": "Default", - "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b" - }, - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", - "type": "Microsoft.Authorization/policyAssignments", - "name": "EnforceNaming" - } + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} } - } + }, + "operationId": "PolicyAssignments_Get", + "title": "Retrieve a policy assignment" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyAssignmentWithIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyAssignmentWithIdentity.json index 62bcd6d8a09d..70922a369ae3 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyAssignmentWithIdentity.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyAssignmentWithIdentity.json @@ -1,21 +1,30 @@ { "parameters": { - "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2025-03-01", "policyAssignmentName": "EnforceNaming", - "api-version": "2025-03-01" + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "200": { - "headers": {}, "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "westus", "properties": { - "displayName": "Enforce resource naming rules", "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", "metadata": { "assignedBy": "Special Someone" }, - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", - "definitionVersion": "1.*.*", "notScopes": [], "parameters": { "prefix": { @@ -25,20 +34,13 @@ "value": "-LC" } }, - "enforcementMode": "Default", - "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b" - }, - "identity": { - "type": "SystemAssigned", - "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", - "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" - }, - "location": "westus", - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", - "type": "Microsoft.Authorization/policyAssignments", - "name": "EnforceNaming" - } + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} } - } + }, + "operationId": "PolicyAssignments_Get", + "title": "Retrieve a policy assignment with a system assigned identity" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyAssignmentWithOverrides.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyAssignmentWithOverrides.json index d420f53da7cd..6bc9269cc071 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyAssignmentWithOverrides.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyAssignmentWithOverrides.json @@ -1,45 +1,47 @@ { "parameters": { - "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2025-03-01", "policyAssignmentName": "CostManagement", - "api-version": "2025-03-01" + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "200": { - "headers": {}, "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", "properties": { - "displayName": "Limit the resource location and resource SKU", "description": "Limit the resource location and resource SKU", + "definitionVersion": "1.*.*", + "displayName": "Limit the resource location and resource SKU", + "enforcementMode": "Default", + "instanceId": "d2f3a4b5-c6d7-8e9f-0a1b-2c3d4e5f6a7b", "metadata": { "assignedBy": "Special Someone" }, - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", - "definitionVersion": "1.*.*", "notScopes": [], - "enforcementMode": "Default", - "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "overrides": [ { "kind": "policyEffect", - "value": "Audit", "selectors": [ { - "kind": "policyDefinitionReferenceId", "in": [ "Limit_Skus", "Limit_Locations" - ] + ], + "kind": "policyDefinitionReferenceId" } - ] + ], + "value": "Audit" } ], - "instanceId": "d2f3a4b5-c6d7-8e9f-0a1b-2c3d4e5f6a7b" - }, - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", - "type": "Microsoft.Authorization/policyAssignments", - "name": "CostManagement" - } + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} } - } + }, + "operationId": "PolicyAssignments_Get", + "title": "Retrieve a policy assignment with overrides" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyAssignmentWithResourceSelectors.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyAssignmentWithResourceSelectors.json index 566863608c02..beb9b1450275 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyAssignmentWithResourceSelectors.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyAssignmentWithResourceSelectors.json @@ -1,44 +1,46 @@ { "parameters": { - "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2025-03-01", "policyAssignmentName": "CostManagement", - "api-version": "2025-03-01" + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "200": { - "headers": {}, "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", "properties": { - "displayName": "Limit the resource location and resource SKU", "description": "Limit the resource location and resource SKU", + "definitionVersion": "1.*.*", + "displayName": "Limit the resource location and resource SKU", + "enforcementMode": "Default", + "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e", "metadata": { "assignedBy": "Special Someone" }, - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", - "definitionVersion": "1.*.*", "notScopes": [], - "enforcementMode": "Default", - "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", "resourceSelectors": [ { "name": "SDPRegions", "selectors": [ { - "kind": "resourceLocation", "in": [ "eastus2euap", "centraluseuap" - ] + ], + "kind": "resourceLocation" } ] } ], - "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e" - }, - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", - "type": "Microsoft.Authorization/policyAssignments", - "name": "CostManagement" - } + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} } - } + }, + "operationId": "PolicyAssignments_Get", + "title": "Retrieve a policy assignment with resource selectors" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyAssignmentWithUserAssignedIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyAssignmentWithUserAssignedIdentity.json index e5b0add8f919..5def53d8ec6e 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyAssignmentWithUserAssignedIdentity.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyAssignmentWithUserAssignedIdentity.json @@ -1,21 +1,34 @@ { "parameters": { - "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2025-03-01", "policyAssignmentName": "EnforceNaming", - "api-version": "2025-03-01" + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "200": { - "headers": {}, "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": { + "clientId": "4bee2b8a-1bee-47c2-90e9-404241551135", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a" + } + } + }, + "location": "westus", "properties": { - "displayName": "Enforce resource naming rules", "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", "metadata": { "assignedBy": "Special Someone" }, - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", - "definitionVersion": "1.*.*", "notScopes": [], "parameters": { "prefix": { @@ -25,24 +38,13 @@ "value": "-LC" } }, - "enforcementMode": "Default", - "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b" - }, - "identity": { - "type": "UserAssigned", - "userAssignedIdentities": { - "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": { - "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", - "clientId": "4bee2b8a-1bee-47c2-90e9-404241551135" - } - } - }, - "location": "westus", - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", - "type": "Microsoft.Authorization/policyAssignments", - "name": "EnforceNaming" - } + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} } - } + }, + "operationId": "PolicyAssignments_Get", + "title": "Retrieve a policy assignment with a user assigned identity" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyDefinition.json index d788bd2519a1..667bd3d6c51e 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyDefinition.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyDefinition.json @@ -1,58 +1,60 @@ { "parameters": { - "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2025-03-01", "policyDefinitionName": "ResourceNaming", - "api-version": "2025-03-01" + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "200": { - "headers": {}, "body": { + "name": "ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "properties": { - "mode": "All", - "displayName": "Naming Convention", "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", "metadata": { "category": "Naming" }, - "version": "1.2.1", - "versions": [ - "1.2.1", - "1.0.0" - ], - "policyRule": { - "if": { - "not": { - "field": "name", - "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" - } - }, - "then": { - "effect": "deny" - } - }, + "mode": "All", "parameters": { "prefix": { "type": "String", "metadata": { - "displayName": "Prefix", - "description": "Resource name prefix" + "description": "Resource name prefix", + "displayName": "Prefix" } }, "suffix": { "type": "String", "metadata": { - "displayName": "Suffix", - "description": "Resource name suffix" + "description": "Resource name suffix", + "displayName": "Suffix" } } }, - "policyType": "Custom" - }, - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", - "type": "Microsoft.Authorization/policyDefinitions", - "name": "ResourceNaming" - } + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } + }, + "headers": {} } - } + }, + "operationId": "PolicyDefinitions_Get", + "title": "Retrieve a policy definition" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyDefinitionAtManagementGroup.json index 04176da89e1a..50d0ba4bc872 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyDefinitionAtManagementGroup.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyDefinitionAtManagementGroup.json @@ -1,58 +1,60 @@ { "parameters": { + "api-version": "2025-03-01", "managementGroupId": "MyManagementGroup", - "policyDefinitionName": "ResourceNaming", - "api-version": "2025-03-01" + "policyDefinitionName": "ResourceNaming" }, "responses": { "200": { - "headers": {}, "body": { - "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", - "type": "Microsoft.Authorization/policyDefinitions", "name": "ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "properties": { - "mode": "All", - "displayName": "Naming Convention", "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", "metadata": { "category": "Naming" }, - "version": "1.2.1", - "versions": [ - "1.2.1", - "1.0.0" - ], - "policyRule": { - "if": { - "not": { - "field": "name", - "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" - } - }, - "then": { - "effect": "deny" - } - }, + "mode": "All", "parameters": { "prefix": { "type": "String", "metadata": { - "displayName": "Prefix", - "description": "Resource name prefix" + "description": "Resource name prefix", + "displayName": "Prefix" } }, "suffix": { "type": "String", "metadata": { - "displayName": "Suffix", - "description": "Resource name suffix" + "description": "Resource name suffix", + "displayName": "Suffix" } } }, - "policyType": "Custom" + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] } - } + }, + "headers": {} } - } + }, + "operationId": "PolicyDefinitions_GetAtManagementGroup", + "title": "Retrieve a policy definition at management group level" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyDefinitionVersion.json index 7cdc4bdf4a82..e0daec7cb078 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyDefinitionVersion.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyDefinitionVersion.json @@ -1,55 +1,57 @@ { "parameters": { - "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2025-03-01", "policyDefinitionName": "ResourceNaming", "policyDefinitionVersion": "1.2.1", - "api-version": "2025-03-01" + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "200": { - "headers": {}, "body": { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", "properties": { - "mode": "All", - "displayName": "Naming Convention", "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", "metadata": { "category": "Naming" }, - "version": "1.2.1", - "policyRule": { - "if": { - "not": { - "field": "name", - "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" - } - }, - "then": { - "effect": "deny" - } - }, + "mode": "All", "parameters": { "prefix": { "type": "String", "metadata": { - "displayName": "Prefix", - "description": "Resource name prefix" + "description": "Resource name prefix", + "displayName": "Prefix" } }, "suffix": { "type": "String", "metadata": { - "displayName": "Suffix", - "description": "Resource name suffix" + "description": "Resource name suffix", + "displayName": "Suffix" } } }, - "policyType": "Custom" - }, - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", - "type": "Microsoft.Authorization/policyDefinitions/versions", - "name": "1.2.1" - } + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + "headers": {} } - } + }, + "operationId": "PolicyDefinitionVersions_Get", + "title": "Retrieve a policy definition version" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyDefinitionVersionAtManagementGroup.json index 0766eddc08ec..1c1ec84270d5 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyDefinitionVersionAtManagementGroup.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicyDefinitionVersionAtManagementGroup.json @@ -1,55 +1,57 @@ { "parameters": { + "api-version": "2025-03-01", "managementGroupName": "MyManagementGroup", "policyDefinitionName": "ResourceNaming", - "policyDefinitionVersion": "1.2.1", - "api-version": "2025-03-01" + "policyDefinitionVersion": "1.2.1" }, "responses": { "200": { - "headers": {}, "body": { - "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", - "type": "Microsoft.Authorization/policyDefinitions/versions", "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", "properties": { - "mode": "All", - "displayName": "Naming Convention", "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", "metadata": { "category": "Naming" }, - "version": "1.2.1", - "policyRule": { - "if": { - "not": { - "field": "name", - "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" - } - }, - "then": { - "effect": "deny" - } - }, + "mode": "All", "parameters": { "prefix": { "type": "String", "metadata": { - "displayName": "Prefix", - "description": "Resource name prefix" + "description": "Resource name prefix", + "displayName": "Prefix" } }, "suffix": { "type": "String", "metadata": { - "displayName": "Suffix", - "description": "Resource name suffix" + "description": "Resource name suffix", + "displayName": "Suffix" } } }, - "policyType": "Custom" + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1" } - } + }, + "headers": {} } - } + }, + "operationId": "PolicyDefinitionVersions_GetAtManagementGroup", + "title": "Retrieve a policy definition version at management group level" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicySetDefinition.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicySetDefinition.json index b484c4817f88..409a2fbc2e9f 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicySetDefinition.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicySetDefinition.json @@ -1,44 +1,36 @@ { "parameters": { - "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2025-03-01", "policySetDefinitionName": "CostManagement", - "api-version": "2025-03-01" + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "200": { - "headers": {}, "body": { - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", - "type": "Microsoft.Authorization/policySetDefinitions", "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", "properties": { - "displayName": "Cost Management", "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", "metadata": { "category": "Cost Management" }, - "version": "1.2.1", - "versions": [ - "1.2.1", - "1.0.0" - ], "policyDefinitionGroups": [ { "name": "CostSaving", - "displayName": "Cost Management Policies", - "description": "Policies designed to control spend within a subscription." + "description": "Policies designed to control spend within a subscription.", + "displayName": "Cost Management Policies" }, { "name": "Organizational", - "displayName": "Organizational Policies", - "description": "Policies that help enforce resource organization standards within a subscription." + "description": "Policies that help enforce resource organization standards within a subscription.", + "displayName": "Organizational Policies" } ], "policyDefinitions": [ { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Limit_Skus", "groupNames": [ "CostSaving" ], @@ -49,12 +41,12 @@ "Standard_LRS" ] } - } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" }, { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Resource_Naming", "groupNames": [ "Organizational" ], @@ -65,11 +57,21 @@ "suffix": { "value": "-LC" } - } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" ] } - } + }, + "headers": {} } - } + }, + "operationId": "PolicySetDefinitions_Get", + "title": "Retrieve a policy set definition" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicySetDefinitionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicySetDefinitionAtManagementGroup.json index e5833e082973..d6ecde4512b0 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicySetDefinitionAtManagementGroup.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicySetDefinitionAtManagementGroup.json @@ -1,32 +1,24 @@ { "parameters": { + "api-version": "2025-03-01", "managementGroupId": "MyManagementGroup", - "policySetDefinitionName": "CostManagement", - "api-version": "2025-03-01" + "policySetDefinitionName": "CostManagement" }, "responses": { "200": { - "headers": {}, "body": { - "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", - "type": "Microsoft.Authorization/policySetDefinitions", "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", "properties": { - "displayName": "Cost Management", "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", "metadata": { "category": "Cost Management" }, - "version": "1.2.1", - "versions": [ - "1.2.1", - "1.0.0" - ], "policyDefinitions": [ { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Limit_Skus", "parameters": { "listOfAllowedSKUs": { "value": [ @@ -34,12 +26,12 @@ "Standard_LRS" ] } - } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" }, { - "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Resource_Naming", "parameters": { "prefix": { "value": "DeptA" @@ -47,11 +39,21 @@ "suffix": { "value": "-LC" } - } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" ] } - } + }, + "headers": {} } - } + }, + "operationId": "PolicySetDefinitions_GetAtManagementGroup", + "title": "Retrieve a policy set definition at management group level" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicySetDefinitionVersion.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicySetDefinitionVersion.json index b7f664242381..eefdf88946a5 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicySetDefinitionVersion.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicySetDefinitionVersion.json @@ -1,41 +1,37 @@ { "parameters": { - "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "policySetDefinitionName": "CostManagement", + "api-version": "2025-03-01", "policyDefinitionVersion": "1.2.1", - "api-version": "2025-03-01" + "policySetDefinitionName": "CostManagement", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "200": { - "headers": {}, "body": { - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", - "type": "Microsoft.Authorization/policySetDefinitions/versions", "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", "properties": { - "displayName": "Cost Management", "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", "metadata": { "category": "Cost Management" }, - "version": "1.2.1", "policyDefinitionGroups": [ { "name": "CostSaving", - "displayName": "Cost Management Policies", - "description": "Policies designed to control spend within a subscription." + "description": "Policies designed to control spend within a subscription.", + "displayName": "Cost Management Policies" }, { "name": "Organizational", - "displayName": "Organizational Policies", - "description": "Policies that help enforce resource organization standards within a subscription." + "description": "Policies that help enforce resource organization standards within a subscription.", + "displayName": "Organizational Policies" } ], "policyDefinitions": [ { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Limit_Skus", "groupNames": [ "CostSaving" ], @@ -46,12 +42,12 @@ "Standard_LRS" ] } - } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" }, { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Resource_Naming", "groupNames": [ "Organizational" ], @@ -62,11 +58,17 @@ "suffix": { "value": "-LC" } - } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" } - ] + ], + "version": "1.2.1" } - } + }, + "headers": {} } - } + }, + "operationId": "PolicySetDefinitionVersions_Get", + "title": "Retrieve a policy set definition version" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicySetDefinitionVersionAtManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicySetDefinitionVersionAtManagementGroup.json index 0af50c6a463d..fb68c04d970b 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicySetDefinitionVersionAtManagementGroup.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/getPolicySetDefinitionVersionAtManagementGroup.json @@ -1,29 +1,25 @@ { "parameters": { + "api-version": "2025-03-01", "managementGroupName": "MyManagementGroup", - "policySetDefinitionName": "CostManagement", "policyDefinitionVersion": "1.2.1", - "api-version": "2025-03-01" + "policySetDefinitionName": "CostManagement" }, "responses": { "200": { - "headers": {}, "body": { - "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", - "type": "Microsoft.Authorization/policySetDefinitions/versions", "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", "properties": { - "displayName": "Cost Management", "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", "metadata": { "category": "Cost Management" }, - "version": "1.2.1", "policyDefinitions": [ { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Limit_Skus", "parameters": { "listOfAllowedSKUs": { "value": [ @@ -31,12 +27,12 @@ "Standard_LRS" ] } - } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" }, { - "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Resource_Naming", "parameters": { "prefix": { "value": "DeptA" @@ -44,11 +40,17 @@ "suffix": { "value": "-LC" } - } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" } - ] + ], + "version": "1.2.1" } - } + }, + "headers": {} } - } + }, + "operationId": "PolicySetDefinitionVersions_GetAtManagementGroup", + "title": "Retrieve a policy set definition version at management group level" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listAllBuiltInPolicyDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listAllBuiltInPolicyDefinitionVersions.json index 59e20cf76f02..d2403a682723 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listAllBuiltInPolicyDefinitionVersions.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listAllBuiltInPolicyDefinitionVersions.json @@ -4,102 +4,104 @@ }, "responses": { "200": { - "headers": {}, "body": { "value": [ { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12/versions/1.2.1", "properties": { - "mode": "All", - "displayName": "Audit SQL DB Level Audit Setting", - "policyType": "BuiltIn", "description": "Audit DB level audit setting for SQL databases", + "displayName": "Audit SQL DB Level Audit Setting", + "mode": "All", "parameters": { "setting": { "type": "String", - "metadata": { - "displayName": "Audit Setting" - }, "allowedValues": [ "enabled", "disabled" - ] + ], + "metadata": { + "displayName": "Audit Setting" + } } }, - "version": "1.2.1", "policyRule": { "if": { - "field": "type", - "equals": "Microsoft.Sql/servers/databases" + "equals": "Microsoft.Sql/servers/databases", + "field": "type" }, "then": { "effect": "AuditIfNotExists", "details": { - "type": "Microsoft.Sql/servers/databases/auditingSettings", "name": "default", + "type": "Microsoft.Sql/servers/databases/auditingSettings", "existenceCondition": { "allOf": [ { - "field": "Microsoft.Sql/auditingSettings.state", - "equals": "[parameters('setting')]" + "equals": "[parameters('setting')]", + "field": "Microsoft.Sql/auditingSettings.state" } ] } } } - } - }, - "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12/versions/1.2.1", - "type": "Microsoft.Authorization/policyDefinitions/versions", - "name": "1.2.1" + }, + "policyType": "BuiltIn", + "version": "1.2.1" + } }, { + "name": "1.0.0", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12/versions/1.0.0", "properties": { - "mode": "All", - "displayName": "Audit SQL DB Level Audit Setting", - "policyType": "BuiltIn", "description": "Audit DB level audit setting for SQL databases", + "displayName": "Audit SQL DB Level Audit Setting", + "mode": "All", "parameters": { "setting": { "type": "String", - "metadata": { - "displayName": "Audit Setting" - }, "allowedValues": [ "enabled", "disabled", "default" - ] + ], + "metadata": { + "displayName": "Audit Setting" + } } }, - "version": "1.0.0", "policyRule": { "if": { - "field": "type", - "equals": "Microsoft.Sql/servers/databases" + "equals": "Microsoft.Sql/servers/databases", + "field": "type" }, "then": { "effect": "AuditIfNotExists", "details": { - "type": "Microsoft.Sql/servers/databases/auditingSettings", "name": "default", + "type": "Microsoft.Sql/servers/databases/auditingSettings", "existenceCondition": { "allOf": [ { - "field": "Microsoft.Sql/auditingSettings.state", - "equals": "[parameters('setting')]" + "equals": "[parameters('setting')]", + "field": "Microsoft.Sql/auditingSettings.state" } ] } } } - } - }, - "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12/versions/1.0.0", - "type": "Microsoft.Authorization/policyDefinitions/versions", - "name": "1.0.0" + }, + "policyType": "BuiltIn", + "version": "1.0.0" + } } ] - } + }, + "headers": {} } - } + }, + "operationId": "PolicyDefinitionVersions_ListAllBuiltins", + "title": "List all built-in policy definition versions" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listAllBuiltInPolicySetDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listAllBuiltInPolicySetDefinitionVersions.json index fa58704e81c1..cff066682229 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listAllBuiltInPolicySetDefinitionVersions.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listAllBuiltInPolicySetDefinitionVersions.json @@ -4,78 +4,80 @@ }, "responses": { "200": { - "headers": {}, "body": { "value": [ { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8/versions/1.2.1", "properties": { - "displayName": "[Preview]: Enable Monitoring in Azure Security Center", - "policyType": "BuiltIn", "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", "metadata": { "category": "Security Center" }, - "version": "1.2.1", "parameters": {}, "policyDefinitions": [ { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", "policyDefinitionReferenceId": "RefId1" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", "policyDefinitionReferenceId": "RefId2" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", "policyDefinitionReferenceId": "RefId3" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", "policyDefinitionReferenceId": "RefId4" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", "policyDefinitionReferenceId": "RefId5" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", "policyDefinitionReferenceId": "RefId6" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", "policyDefinitionReferenceId": "RefId7" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", "policyDefinitionReferenceId": "RefId8" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", "policyDefinitionReferenceId": "RefId9" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", "policyDefinitionReferenceId": "RefId10" } - ] - }, - "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8/versions/1.2.1", - "type": "Microsoft.Authorization/policySetDefinitions/versions", - "name": "1.2.1" + ], + "policyType": "BuiltIn", + "version": "1.2.1" + } } ] - } + }, + "headers": {} } - } + }, + "operationId": "PolicySetDefinitionVersions_ListAllBuiltins", + "title": "List all built-in policy definition versions" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listAllPolicyDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listAllPolicyDefinitionVersions.json index fa26db1913a8..40c4c8a59de4 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listAllPolicyDefinitionVersions.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listAllPolicyDefinitionVersions.json @@ -1,38 +1,39 @@ { "parameters": { - "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "api-version": "2025-03-01" + "api-version": "2025-03-01", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "200": { - "headers": {}, "body": { "value": [ { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", "properties": { - "mode": "All", - "displayName": "Naming Convention", "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", "metadata": { "category": "Naming" }, + "mode": "All", "parameters": { "prefix": { "type": "String", "metadata": { - "displayName": "Prefix", - "description": "Resource name prefix" + "description": "Resource name prefix", + "displayName": "Prefix" } }, "suffix": { "type": "String", "metadata": { - "displayName": "Suffix", - "description": "Resource name suffix" + "description": "Resource name suffix", + "displayName": "Suffix" } } }, - "version": "1.2.1", "policyRule": { "if": { "not": { @@ -44,37 +45,37 @@ "effect": "deny" } }, - "policyType": "Custom" - }, - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", - "type": "Microsoft.Authorization/policyDefinitions/versions", - "name": "1.2.1" + "policyType": "Custom", + "version": "1.2.1" + } }, { + "name": "1.0.0", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.0.0", "properties": { - "mode": "All", - "displayName": "Naming Convention", "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", "metadata": { "category": "Naming" }, + "mode": "All", "parameters": { "prefix": { "type": "String", "metadata": { - "displayName": "Prefix", - "description": "Resource name prefix" + "description": "Resource name prefix", + "displayName": "Prefix" } }, "suffix": { "type": "String", "metadata": { - "displayName": "Suffix", - "description": "Resource name suffix" + "description": "Resource name suffix", + "displayName": "Suffix" } } }, - "version": "1.0.0", "policyRule": { "if": { "not": { @@ -86,14 +87,15 @@ "effect": "deny" } }, - "policyType": "Custom" - }, - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/versions/1.0.0", - "type": "Microsoft.Authorization/policyDefinitions", - "name": "1.0.0" + "policyType": "Custom", + "version": "1.0.0" + } } ] - } + }, + "headers": {} } - } + }, + "operationId": "PolicyDefinitionVersions_ListAll", + "title": "List all policy definition versions at subscription" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listAllPolicyDefinitionVersionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listAllPolicyDefinitionVersionsByManagementGroup.json index b90f835faf7f..bd600f72687b 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listAllPolicyDefinitionVersionsByManagementGroup.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listAllPolicyDefinitionVersionsByManagementGroup.json @@ -1,99 +1,101 @@ { "parameters": { - "managementGroupName": "MyManagementGroup", - "api-version": "2025-03-01" + "api-version": "2025-03-01", + "managementGroupName": "MyManagementGroup" }, "responses": { "200": { - "headers": {}, "body": { "value": [ { - "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", - "type": "Microsoft.Authorization/policyDefinitions/versions", "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", "properties": { - "mode": "All", - "displayName": "Naming Convention", "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", "metadata": { "category": "Naming" }, - "version": "1.2.1", - "policyRule": { - "if": { - "not": { - "field": "name", - "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" - } - }, - "then": { - "effect": "deny" - } - }, + "mode": "All", "parameters": { "prefix": { "type": "String", "metadata": { - "displayName": "Prefix", - "description": "Resource name prefix" + "description": "Resource name prefix", + "displayName": "Prefix" } }, "suffix": { "type": "String", "metadata": { - "displayName": "Suffix", - "description": "Resource name suffix" + "description": "Resource name suffix", + "displayName": "Suffix" } } }, - "policyType": "Custom" - } - }, - { - "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.0.0", - "type": "Microsoft.Authorization/policyDefinitions/versions", - "name": "1.0.0", - "properties": { - "mode": "All", - "displayName": "Naming Convention", - "description": "Force resource names to begin with 'prefix' and end with 'suffix'", - "metadata": { - "category": "Naming" - }, - "version": "1.2.1", "policyRule": { "if": { "not": { "field": "name", - "like": "[concat(parameters('prefix'), '-*', parameters('suffix'))]" + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" } }, "then": { "effect": "deny" } }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + { + "name": "1.0.0", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.0.0", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", "parameters": { "prefix": { "type": "String", "metadata": { - "displayName": "Prefix", - "description": "Resource name prefix" + "description": "Resource name prefix", + "displayName": "Prefix" } }, "suffix": { "type": "String", "metadata": { - "displayName": "Suffix", - "description": "Resource name suffix" + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '-*', parameters('suffix'))]" } + }, + "then": { + "effect": "deny" } }, - "policyType": "Custom" + "policyType": "Custom", + "version": "1.2.1" } } ] - } + }, + "headers": {} } - } + }, + "operationId": "PolicyDefinitionVersions_ListAllAtManagementGroup", + "title": "List all policy definition versions at management group" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listAllPolicySetDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listAllPolicySetDefinitionVersions.json index b6e838b5d50a..9f3b6356db16 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listAllPolicySetDefinitionVersions.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listAllPolicySetDefinitionVersions.json @@ -1,29 +1,25 @@ { "parameters": { - "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "api-version": "2025-03-01" + "api-version": "2025-03-01", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "200": { - "headers": {}, "body": { "value": [ { - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", - "type": "Microsoft.Authorization/policySetDefinitions/versions", "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", "properties": { - "displayName": "Cost Management", "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", "metadata": { "category": "Cost Management" }, - "version": "1.2.1", "policyDefinitions": [ { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Limit_Skus", "parameters": { "listOfAllowedSKUs": { "value": [ @@ -31,12 +27,12 @@ "Standard_LRS" ] } - } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" }, { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Resource_Naming", "parameters": { "prefix": { "value": "DeptA" @@ -44,13 +40,19 @@ "suffix": { "value": "-LC" } - } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" } - ] + ], + "version": "1.2.1" } } ] - } + }, + "headers": {} } - } + }, + "operationId": "PolicySetDefinitionVersions_ListAll", + "title": "List all policy definition versions at subscription" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listAllPolicySetDefinitionVersionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listAllPolicySetDefinitionVersionsByManagementGroup.json index d4dac0e763e9..78a5b395bd2e 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listAllPolicySetDefinitionVersionsByManagementGroup.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listAllPolicySetDefinitionVersionsByManagementGroup.json @@ -1,96 +1,92 @@ { "parameters": { - "managementGroupName": "MyManagementGroup", - "api-version": "2025-03-01" + "api-version": "2025-03-01", + "managementGroupName": "MyManagementGroup" }, "responses": { "200": { - "headers": {}, "body": { "value": [ { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8/versoins/1.2.1", "properties": { - "displayName": "[Preview]: Enable Monitoring in Azure Security Center", - "policyType": "BuiltIn", "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", "metadata": { "category": "Security Center" }, - "version": "1.2.1", "parameters": {}, "policyDefinitions": [ { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", "policyDefinitionReferenceId": "RefId1" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", "policyDefinitionReferenceId": "RefId2" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", "policyDefinitionReferenceId": "RefId3" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", "policyDefinitionReferenceId": "RefId4" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", "policyDefinitionReferenceId": "RefId5" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", "policyDefinitionReferenceId": "RefId6" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", "policyDefinitionReferenceId": "RefId7" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", "policyDefinitionReferenceId": "RefId8" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", "policyDefinitionReferenceId": "RefId9" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", "policyDefinitionReferenceId": "RefId10" } - ] - }, - "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8/versoins/1.2.1", - "type": "Microsoft.Authorization/policySetDefinitions/versions", - "name": "1.2.1" + ], + "policyType": "BuiltIn", + "version": "1.2.1" + } }, { - "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", - "type": "Microsoft.Authorization/policySetDefinitions/versions", "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", "properties": { - "displayName": "Cost Management", "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", "metadata": { "category": "Cost Management" }, - "version": "1.2.1", "policyDefinitions": [ { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Limit_Skus", "parameters": { "listOfAllowedSKUs": { "value": [ @@ -98,12 +94,12 @@ "Standard_LRS" ] } - } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" }, { - "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Resource_Naming", "parameters": { "prefix": { "value": "DeptA" @@ -111,13 +107,19 @@ "suffix": { "value": "-LC" } - } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" } - ] + ], + "version": "1.2.1" } } ] - } + }, + "headers": {} } - } + }, + "operationId": "PolicySetDefinitionVersions_ListAllAtManagementGroup", + "title": "List all policy definition versions at management group" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listBuiltInPolicyDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listBuiltInPolicyDefinitionVersions.json index 3578b8146312..0aac2071f496 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listBuiltInPolicyDefinitionVersions.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listBuiltInPolicyDefinitionVersions.json @@ -1,106 +1,108 @@ { "parameters": { - "policyDefinitionName": "06a78e20-9358-41c9-923c-fb736d382a12", - "api-version": "2025-03-01" + "api-version": "2025-03-01", + "policyDefinitionName": "06a78e20-9358-41c9-923c-fb736d382a12" }, "responses": { "200": { - "headers": {}, "body": { "value": [ { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12/versions/1.2.1", "properties": { - "mode": "All", - "displayName": "Audit SQL DB Level Audit Setting", - "policyType": "BuiltIn", "description": "Audit DB level audit setting for SQL databases", + "displayName": "Audit SQL DB Level Audit Setting", + "mode": "All", "parameters": { "setting": { "type": "String", - "metadata": { - "displayName": "Audit Setting" - }, "allowedValues": [ "enabled", "disabled" - ] + ], + "metadata": { + "displayName": "Audit Setting" + } } }, - "version": "1.2.1", "policyRule": { "if": { - "field": "type", - "equals": "Microsoft.Sql/servers/databases" + "equals": "Microsoft.Sql/servers/databases", + "field": "type" }, "then": { "effect": "AuditIfNotExists", "details": { - "type": "Microsoft.Sql/servers/databases/auditingSettings", "name": "default", + "type": "Microsoft.Sql/servers/databases/auditingSettings", "existenceCondition": { "allOf": [ { - "field": "Microsoft.Sql/auditingSettings.state", - "equals": "[parameters('setting')]" + "equals": "[parameters('setting')]", + "field": "Microsoft.Sql/auditingSettings.state" } ] } } } - } - }, - "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12/versions/1.2.1", - "type": "Microsoft.Authorization/policyDefinitions/versions", - "name": "1.2.1" + }, + "policyType": "BuiltIn", + "version": "1.2.1" + } }, { + "name": "1.0.0", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12/versions/1.0.0", "properties": { - "mode": "All", - "displayName": "Audit SQL DB Level Audit Setting", - "policyType": "BuiltIn", "description": "Audit DB level audit setting for SQL databases", + "displayName": "Audit SQL DB Level Audit Setting", + "mode": "All", "parameters": { "setting": { "type": "String", - "metadata": { - "displayName": "Audit Setting" - }, "allowedValues": [ "enabled", "disabled", "default" - ] + ], + "metadata": { + "displayName": "Audit Setting" + } } }, - "version": "1.0.0", "policyRule": { "if": { - "field": "type", - "equals": "Microsoft.Sql/servers/databases" + "equals": "Microsoft.Sql/servers/databases", + "field": "type" }, "then": { "effect": "AuditIfNotExists", "details": { - "type": "Microsoft.Sql/servers/databases/auditingSettings", "name": "default", + "type": "Microsoft.Sql/servers/databases/auditingSettings", "existenceCondition": { "allOf": [ { - "field": "Microsoft.Sql/auditingSettings.state", - "equals": "[parameters('setting')]" + "equals": "[parameters('setting')]", + "field": "Microsoft.Sql/auditingSettings.state" } ] } } } - } - }, - "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12/versions/1.0.0", - "type": "Microsoft.Authorization/policyDefinitions/versions", - "name": "1.0.0" + }, + "policyType": "BuiltIn", + "version": "1.0.0" + } } ] - } + }, + "headers": {} } - } + }, + "operationId": "PolicyDefinitionVersions_ListBuiltIn", + "title": "List built-in policy definition versions" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listBuiltInPolicyDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listBuiltInPolicyDefinitions.json index cbd5ec9a6c53..1b4c23e59536 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listBuiltInPolicyDefinitions.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listBuiltInPolicyDefinitions.json @@ -4,64 +4,65 @@ }, "responses": { "200": { - "headers": {}, "body": { "value": [ { + "name": "06a78e20-9358-41c9-923c-fb736d382a12", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12", "properties": { - "mode": "All", - "displayName": "Audit SQL DB Level Audit Setting", - "policyType": "BuiltIn", "description": "Audit DB level audit setting for SQL databases", + "displayName": "Audit SQL DB Level Audit Setting", + "mode": "All", "parameters": { "setting": { "type": "String", - "metadata": { - "displayName": "Audit Setting" - }, "allowedValues": [ "enabled", "disabled" - ] + ], + "metadata": { + "displayName": "Audit Setting" + } } }, - "version": "1.2.1", - "versions": [ - "1.2.1", - "1.0.0" - ], "policyRule": { "if": { - "field": "type", - "equals": "Microsoft.Sql/servers/databases" + "equals": "Microsoft.Sql/servers/databases", + "field": "type" }, "then": { "effect": "AuditIfNotExists", "details": { - "type": "Microsoft.Sql/servers/databases/auditingSettings", "name": "default", + "type": "Microsoft.Sql/servers/databases/auditingSettings", "existenceCondition": { "allOf": [ { - "field": "Microsoft.Sql/auditingSettings.state", - "equals": "[parameters('setting')]" + "equals": "[parameters('setting')]", + "field": "Microsoft.Sql/auditingSettings.state" } ] } } } - } - }, - "id": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12", - "type": "Microsoft.Authorization/policyDefinitions", - "name": "06a78e20-9358-41c9-923c-fb736d382a12" + }, + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } }, { + "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", "properties": { - "mode": "All", - "displayName": "Allowed storage account SKUs", - "policyType": "Static", "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.", + "displayName": "Allowed storage account SKUs", + "mode": "All", "parameters": { "listOfAllowedSKUs": { "type": "Array", @@ -72,17 +73,12 @@ } } }, - "version": "1.2.1", - "versions": [ - "1.2.1", - "1.0.0" - ], "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Storage/storageAccounts" + "equals": "Microsoft.Storage/storageAccounts", + "field": "type" }, { "not": { @@ -95,35 +91,35 @@ "then": { "effect": "Deny" } - } - }, - "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", - "type": "Microsoft.Authorization/policyDefinitions", - "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1" + }, + "policyType": "Static", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } }, { + "name": "abeed54a-73c5-441d-8a8c-6b5e7a0c299e", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/abeed54a-73c5-441d-8a8c-6b5e7a0c299e", "properties": { - "mode": "Microsoft.KeyVault.Data", - "displayName": "Audit KeyVault certificates that expire within specified number of days", - "policyType": "BuiltIn", "description": "Audit certificates that are stored in Azure Key Vault, that expire within 'X' number of days.", + "displayName": "Audit KeyVault certificates that expire within specified number of days", "metadata": { "category": "KeyVault DataPlane" }, + "mode": "Microsoft.KeyVault.Data", "parameters": { "daysToExpire": { "type": "Integer", "metadata": { - "displayName": "Days to expire", - "description": "The number of days for a certificate to expire." + "description": "The number of days for a certificate to expire.", + "displayName": "Days to expire" } } }, - "version": "1.2.1", - "versions": [ - "1.2.1", - "1.0.0" - ], "policyRule": { "if": { "field": "Microsoft.KeyVault.Data/vaults/certificates/attributes/expiresOn", @@ -132,14 +128,20 @@ "then": { "effect": "audit" } - } - }, - "id": "/providers/Microsoft.Authorization/policyDefinitions/abeed54a-73c5-441d-8a8c-6b5e7a0c299e", - "type": "Microsoft.Authorization/policyDefinitions", - "name": "abeed54a-73c5-441d-8a8c-6b5e7a0c299e" + }, + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } } ] - } + }, + "headers": {} } - } + }, + "operationId": "PolicyDefinitions_ListBuiltIn", + "title": "List built-in policy definitions" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listBuiltInPolicySetDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listBuiltInPolicySetDefinitionVersions.json index 71616e96bc4a..4f475cdaade9 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listBuiltInPolicySetDefinitionVersions.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listBuiltInPolicySetDefinitionVersions.json @@ -1,82 +1,84 @@ { "parameters": { - "policySetDefinitionName": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", - "api-version": "2025-03-01" + "api-version": "2025-03-01", + "policySetDefinitionName": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" }, "responses": { "200": { - "headers": {}, "body": { "value": [ { + "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8/versions/1.2.1", "properties": { - "displayName": "[Preview]: Enable Monitoring in Azure Security Center", - "policyType": "BuiltIn", "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", "metadata": { "category": "Security Center" }, - "version": "1.2.1", "parameters": {}, "policyDefinitions": [ { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", "policyDefinitionReferenceId": "RefId1" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", "policyDefinitionReferenceId": "RefId2" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", "policyDefinitionReferenceId": "RefId3" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", "policyDefinitionReferenceId": "RefId4" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", "policyDefinitionReferenceId": "RefId5" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", "policyDefinitionReferenceId": "RefId6" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", "policyDefinitionReferenceId": "RefId7" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", "policyDefinitionReferenceId": "RefId8" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", "policyDefinitionReferenceId": "RefId9" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", "policyDefinitionReferenceId": "RefId10" } - ] - }, - "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8/versions/1.2.1", - "type": "Microsoft.Authorization/policySetDefinitions/versions", - "name": "1.2.1" + ], + "policyType": "BuiltIn", + "version": "1.2.1" + } } ] - } + }, + "headers": {} } - } + }, + "operationId": "PolicySetDefinitionVersions_ListBuiltIn", + "title": "List built-in policy set definitions" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listBuiltInPolicySetDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listBuiltInPolicySetDefinitions.json index f237429c3d84..ed5ee47c8bc4 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listBuiltInPolicySetDefinitions.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listBuiltInPolicySetDefinitions.json @@ -4,82 +4,84 @@ }, "responses": { "200": { - "headers": {}, "body": { "value": [ { + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", "properties": { - "displayName": "[Preview]: Enable Monitoring in Azure Security Center", - "policyType": "BuiltIn", "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", "metadata": { "category": "Security Center" }, - "version": "1.2.1", - "versions": [ - "1.2.1", - "1.0.0" - ], "parameters": {}, "policyDefinitions": [ { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", "policyDefinitionReferenceId": "RefId1" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", "policyDefinitionReferenceId": "RefId2" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", "policyDefinitionReferenceId": "RefId3" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", "policyDefinitionReferenceId": "RefId4" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", "policyDefinitionReferenceId": "RefId5" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", "policyDefinitionReferenceId": "RefId6" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", "policyDefinitionReferenceId": "RefId7" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", "policyDefinitionReferenceId": "RefId8" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", "policyDefinitionReferenceId": "RefId9" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", "policyDefinitionReferenceId": "RefId10" } + ], + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" ] - }, - "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", - "type": "Microsoft.Authorization/policySetDefinitions", - "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + } } ] - } + }, + "headers": {} } - } + }, + "operationId": "PolicySetDefinitions_ListBuiltIn", + "title": "List built-in policy set definitions" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicyAssignments.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicyAssignments.json index 92062c71726d..f2d9c3c189ac 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicyAssignments.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicyAssignments.json @@ -1,4 +1,6 @@ { + "operationId": "PolicyAssignments_List", + "title": "List policy assignments that apply to a subscription", "parameters": { "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "api-version": "2025-03-01", diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicyAssignmentsForManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicyAssignmentsForManagementGroup.json index 0806c968fed0..024b8b286e49 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicyAssignmentsForManagementGroup.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicyAssignmentsForManagementGroup.json @@ -1,4 +1,6 @@ { + "operationId": "PolicyAssignments_ListForManagementGroup", + "title": "List policy assignments that apply to a management group", "parameters": { "managementGroupId": "TestManagementGroup", "api-version": "2025-03-01", diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicyAssignmentsForResource.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicyAssignmentsForResource.json index 85d210c3d825..226a1b016837 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicyAssignmentsForResource.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicyAssignmentsForResource.json @@ -1,4 +1,6 @@ { + "operationId": "PolicyAssignments_ListForResource", + "title": "List policy assignments that apply to a resource group", "parameters": { "resourceGroupName": "TestResourceGroup", "resourceProviderNamespace": "Microsoft.Compute", diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicyAssignmentsForResourceGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicyAssignmentsForResourceGroup.json index 76ad72cea4b6..0f76fed8aea7 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicyAssignmentsForResourceGroup.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicyAssignmentsForResourceGroup.json @@ -1,64 +1,66 @@ { "parameters": { - "resourceGroupName": "TestResourceGroup", - "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "api-version": "2025-03-01", + "$expand": "LatestDefinitionVersion, EffectiveDefinitionVersion", "$filter": "atScope()", - "$expand": "LatestDefinitionVersion, EffectiveDefinitionVersion" + "api-version": "2025-03-01", + "resourceGroupName": "TestResourceGroup", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "200": { - "headers": {}, "body": { "value": [ { - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestCostManagement", - "type": "Microsoft.Authorization/policyAssignments", "name": "TestCostManagement", - "location": "eastus", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestCostManagement", "identity": { "type": "SystemAssigned", "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" }, + "location": "eastus", "properties": { - "displayName": "Storage Cost Management", "description": "Minimize the risk of accidental cost overruns", + "definitionVersion": "1.*.*", + "displayName": "Storage Cost Management", + "effectiveDefinitionVersion": "1.0.0", + "instanceId": "a1b2c3d4-e5f6-7a8b-9c0d-1e2f3a4b5c6d", + "latestDefinitionVersion": "1.0.0", "metadata": { "category": "Cost Management" }, - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/storageSkus", - "definitionVersion": "1.*.*", - "latestDefinitionVersion": "1.0.0", - "effectiveDefinitionVersion": "1.0.0", + "notScopes": [], "parameters": { "allowedSkus": { "value": "Standard_A1" } }, - "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup", - "notScopes": [], - "instanceId": "a1b2c3d4-e5f6-7a8b-9c0d-1e2f3a4b5c6d" + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/storageSkus", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup" } }, { - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestTagEnforcement", - "type": "Microsoft.Authorization/policyAssignments", "name": "TestTagEnforcement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup/providers/Microsoft.Authorization/policyAssignments/TestTagEnforcement", "properties": { - "displayName": "Enforces a tag key and value", "description": "Ensure a given tag key and value are present on all resources", - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue", "definitionVersion": "1.*.*", - "latestDefinitionVersion": "1.0.0", + "displayName": "Enforces a tag key and value", "effectiveDefinitionVersion": "1.0.0", - "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup", + "instanceId": "f0b1c2d3-e4f5-6a7b-8c9d-0e1f2a3b4c5d", + "latestDefinitionVersion": "1.0.0", "notScopes": [], - "instanceId": "f0b1c2d3-e4f5-6a7b-8c9d-0e1f2a3b4c5d" + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/TagKeyValue", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/TestResourceGroup" } } ] - } + }, + "headers": {} } - } + }, + "operationId": "PolicyAssignments_ListForResourceGroup", + "title": "List policy assignments that apply to a resource group" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicyDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicyDefinitionVersions.json index bb2a72539039..e9b75f33f184 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicyDefinitionVersions.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicyDefinitionVersions.json @@ -1,39 +1,40 @@ { "parameters": { - "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2025-03-01", "policyDefinitionName": "ResourceNaming", - "api-version": "2025-03-01" + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "200": { - "headers": {}, "body": { "value": [ { + "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", "properties": { - "mode": "All", - "displayName": "Naming Convention", "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", "metadata": { "category": "Naming" }, + "mode": "All", "parameters": { "prefix": { "type": "String", "metadata": { - "displayName": "Prefix", - "description": "Resource name prefix" + "description": "Resource name prefix", + "displayName": "Prefix" } }, "suffix": { "type": "String", "metadata": { - "displayName": "Suffix", - "description": "Resource name suffix" + "description": "Resource name suffix", + "displayName": "Suffix" } } }, - "version": "1.2.1", "policyRule": { "if": { "not": { @@ -45,37 +46,37 @@ "effect": "deny" } }, - "policyType": "Custom" - }, - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", - "type": "Microsoft.Authorization/policyDefinitions/versions", - "name": "1.2.1" + "policyType": "Custom", + "version": "1.2.1" + } }, { + "name": "1.0.0", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.0.0", "properties": { - "mode": "All", - "displayName": "Naming Convention", "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", "metadata": { "category": "Naming" }, + "mode": "All", "parameters": { "prefix": { "type": "String", "metadata": { - "displayName": "Prefix", - "description": "Resource name prefix" + "description": "Resource name prefix", + "displayName": "Prefix" } }, "suffix": { "type": "String", "metadata": { - "displayName": "Suffix", - "description": "Resource name suffix" + "description": "Resource name suffix", + "displayName": "Suffix" } } }, - "version": "1.0.0", "policyRule": { "if": { "not": { @@ -87,14 +88,15 @@ "effect": "deny" } }, - "policyType": "Custom" - }, - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/versions/1.0.0", - "type": "Microsoft.Authorization/policyDefinitions", - "name": "1.0.0" + "policyType": "Custom", + "version": "1.0.0" + } } ] - } + }, + "headers": {} } - } + }, + "operationId": "PolicyDefinitionVersions_List", + "title": "List policy definition versions by subscription" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicyDefinitionVersionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicyDefinitionVersionsByManagementGroup.json index e38ade5e719c..87ef147d5c7c 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicyDefinitionVersionsByManagementGroup.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicyDefinitionVersionsByManagementGroup.json @@ -1,100 +1,102 @@ { "parameters": { + "api-version": "2025-03-01", "managementGroupName": "MyManagementGroup", - "policyDefinitionName": "ResourceNaming", - "api-version": "2025-03-01" + "policyDefinitionName": "ResourceNaming" }, "responses": { "200": { - "headers": {}, "body": { "value": [ { - "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", - "type": "Microsoft.Authorization/policyDefinitions/versions", "name": "1.2.1", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.2.1", "properties": { - "mode": "All", - "displayName": "Naming Convention", "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", "metadata": { "category": "Naming" }, - "version": "1.2.1", - "policyRule": { - "if": { - "not": { - "field": "name", - "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" - } - }, - "then": { - "effect": "deny" - } - }, + "mode": "All", "parameters": { "prefix": { "type": "String", "metadata": { - "displayName": "Prefix", - "description": "Resource name prefix" + "description": "Resource name prefix", + "displayName": "Prefix" } }, "suffix": { "type": "String", "metadata": { - "displayName": "Suffix", - "description": "Resource name suffix" + "description": "Resource name suffix", + "displayName": "Suffix" } } }, - "policyType": "Custom" - } - }, - { - "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.0.0", - "type": "Microsoft.Authorization/policyDefinitions/versions", - "name": "1.0.0", - "properties": { - "mode": "All", - "displayName": "Naming Convention", - "description": "Force resource names to begin with 'prefix' and end with 'suffix'", - "metadata": { - "category": "Naming" - }, - "version": "1.2.1", "policyRule": { "if": { "not": { "field": "name", - "like": "[concat(parameters('prefix'), '-*', parameters('suffix'))]" + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" } }, "then": { "effect": "deny" } }, + "policyType": "Custom", + "version": "1.2.1" + } + }, + { + "name": "1.0.0", + "type": "Microsoft.Authorization/policyDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming/versions/1.0.0", + "properties": { + "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", + "metadata": { + "category": "Naming" + }, + "mode": "All", "parameters": { "prefix": { "type": "String", "metadata": { - "displayName": "Prefix", - "description": "Resource name prefix" + "description": "Resource name prefix", + "displayName": "Prefix" } }, "suffix": { "type": "String", "metadata": { - "displayName": "Suffix", - "description": "Resource name suffix" + "description": "Resource name suffix", + "displayName": "Suffix" + } + } + }, + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '-*', parameters('suffix'))]" } + }, + "then": { + "effect": "deny" } }, - "policyType": "Custom" + "policyType": "Custom", + "version": "1.2.1" } } ] - } + }, + "headers": {} } - } + }, + "operationId": "PolicyDefinitionVersions_ListByManagementGroup", + "title": "List policy definition versions by management group" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicyDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicyDefinitions.json index 0300c5692247..9eafcde5e7b7 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicyDefinitions.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicyDefinitions.json @@ -1,19 +1,20 @@ { "parameters": { - "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "api-version": "2025-03-01" + "api-version": "2025-03-01", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "200": { - "headers": {}, "body": { "value": [ { + "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", "properties": { - "mode": "All", - "displayName": "Allowed storage account SKUs", - "policyType": "BuiltIn", "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.", + "displayName": "Allowed storage account SKUs", + "mode": "All", "parameters": { "listOfAllowedSKUs": { "type": "Array", @@ -24,17 +25,12 @@ } } }, - "version": "1.2.1", - "versions": [ - "1.2.1", - "1.0.0" - ], "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Storage/storageAccounts" + "equals": "Microsoft.Storage/storageAccounts", + "field": "type" }, { "not": { @@ -47,41 +43,42 @@ "then": { "effect": "Deny" } - } - }, - "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", - "type": "Microsoft.Authorization/policyDefinitions", - "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1" + }, + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } }, { + "name": "ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "properties": { - "mode": "All", - "displayName": "Naming Convention", "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", "metadata": { "category": "Naming" }, + "mode": "All", "parameters": { "prefix": { "type": "String", "metadata": { - "displayName": "Prefix", - "description": "Resource name prefix" + "description": "Resource name prefix", + "displayName": "Prefix" } }, "suffix": { "type": "String", "metadata": { - "displayName": "Suffix", - "description": "Resource name suffix" + "description": "Resource name suffix", + "displayName": "Suffix" } } }, - "version": "1.2.1", - "versions": [ - "1.2.1", - "1.0.0" - ], "policyRule": { "if": { "not": { @@ -93,34 +90,34 @@ "effect": "deny" } }, - "policyType": "Custom" - }, - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", - "type": "Microsoft.Authorization/policyDefinitions", - "name": "ResourceNaming" + "policyType": "Custom", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } }, { + "name": "AuditSoonToExpireCerts", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/AuditSoonToExpireCerts", "properties": { - "mode": "Microsoft.KeyVault.Data", - "displayName": "Audit KeyVault certificates that expire within specified number of days", "description": "Audit certificates that are stored in Azure Key Vault, that expire within 'X' number of days.", + "displayName": "Audit KeyVault certificates that expire within specified number of days", "metadata": { "category": "KeyVault DataPlane" }, + "mode": "Microsoft.KeyVault.Data", "parameters": { "daysToExpire": { "type": "Integer", "metadata": { - "displayName": "Days to expire", - "description": "The number of days for a certificate to expire." + "description": "The number of days for a certificate to expire.", + "displayName": "Days to expire" } } }, - "version": "1.2.1", - "versions": [ - "1.2.1", - "1.0.0" - ], "policyRule": { "if": { "field": "Microsoft.KeyVault.Data/vaults/certificates/attributes/expiresOn", @@ -130,14 +127,19 @@ "effect": "audit" } }, - "policyType": "Custom" - }, - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/AuditSoonToExpireCerts", - "type": "Microsoft.Authorization/policyDefinitions", - "name": "AuditSoonToExpireCerts" + "policyType": "Custom", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } } ] - } + }, + "headers": {} } - } + }, + "operationId": "PolicyDefinitions_List", + "title": "List policy definitions by subscription" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicyDefinitionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicyDefinitionsByManagementGroup.json index c6e21558a995..3367ff8c2f67 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicyDefinitionsByManagementGroup.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicyDefinitionsByManagementGroup.json @@ -1,19 +1,20 @@ { "parameters": { - "managementGroupId": "MyManagementGroup", - "api-version": "2025-03-01" + "api-version": "2025-03-01", + "managementGroupId": "MyManagementGroup" }, "responses": { "200": { - "headers": {}, "body": { "value": [ { + "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", "properties": { - "mode": "All", - "displayName": "Allowed storage account SKUs", - "policyType": "BuiltIn", "description": "This policy enables you to specify a set of storage account SKUs that your organization can deploy.", + "displayName": "Allowed storage account SKUs", + "mode": "All", "parameters": { "listOfAllowedSKUs": { "type": "Array", @@ -24,17 +25,12 @@ } } }, - "version": "1.2.1", - "versions": [ - "1.2.1", - "1.0.0" - ], "policyRule": { "if": { "allOf": [ { - "field": "type", - "equals": "Microsoft.Storage/storageAccounts" + "equals": "Microsoft.Storage/storageAccounts", + "field": "type" }, { "not": { @@ -47,60 +43,66 @@ "then": { "effect": "Deny" } - } - }, - "id": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", - "type": "Microsoft.Authorization/policyDefinitions", - "name": "7433c107-6db4-4ad1-b57a-a76dce0154a1" + }, + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] + } }, { - "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", - "type": "Microsoft.Authorization/policyDefinitions", "name": "ResourceNaming", + "type": "Microsoft.Authorization/policyDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "properties": { - "mode": "All", - "displayName": "Naming Convention", "description": "Force resource names to begin with 'prefix' and end with 'suffix'", + "displayName": "Naming Convention", "metadata": { "category": "Naming" }, - "version": "1.2.1", - "versions": [ - "1.2.1", - "1.0.0" - ], - "policyRule": { - "if": { - "not": { - "field": "name", - "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" - } - }, - "then": { - "effect": "deny" - } - }, + "mode": "All", "parameters": { "prefix": { "type": "String", "metadata": { - "displayName": "Prefix", - "description": "Resource name prefix" + "description": "Resource name prefix", + "displayName": "Prefix" } }, "suffix": { "type": "String", "metadata": { - "displayName": "Suffix", - "description": "Resource name suffix" + "description": "Resource name suffix", + "displayName": "Suffix" } } }, - "policyType": "Custom" + "policyRule": { + "if": { + "not": { + "field": "name", + "like": "[concat(parameters('prefix'), '*', parameters('suffix'))]" + } + }, + "then": { + "effect": "deny" + } + }, + "policyType": "Custom", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" + ] } } ] - } + }, + "headers": {} } - } + }, + "operationId": "PolicyDefinitions_ListByManagementGroup", + "title": "List policy definitions by management group" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicySetDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicySetDefinitionVersions.json index 030f3c29d7a4..66d61cb56c09 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicySetDefinitionVersions.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicySetDefinitionVersions.json @@ -1,30 +1,26 @@ { "parameters": { - "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "api-version": "2025-03-01", "policySetDefinitionName": "CostManagement", - "api-version": "2025-03-01" + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "200": { - "headers": {}, "body": { "value": [ { - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", - "type": "Microsoft.Authorization/policySetDefinitions/versions", "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", "properties": { - "displayName": "Cost Management", "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", "metadata": { "category": "Cost Management" }, - "version": "1.2.1", "policyDefinitions": [ { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Limit_Skus", "parameters": { "listOfAllowedSKUs": { "value": [ @@ -32,12 +28,12 @@ "Standard_LRS" ] } - } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" }, { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Resource_Naming", "parameters": { "prefix": { "value": "DeptA" @@ -45,13 +41,19 @@ "suffix": { "value": "-LC" } - } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" } - ] + ], + "version": "1.2.1" } } ] - } + }, + "headers": {} } - } + }, + "operationId": "PolicySetDefinitionVersions_List", + "title": "List policy set definitions" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicySetDefinitionVersionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicySetDefinitionVersionsByManagementGroup.json index 21b9eba9cd79..2d887eb2cbd0 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicySetDefinitionVersionsByManagementGroup.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicySetDefinitionVersionsByManagementGroup.json @@ -1,30 +1,26 @@ { "parameters": { + "api-version": "2025-03-01", "managementGroupName": "MyManagementGroup", - "policySetDefinitionName": "CostManagement", - "api-version": "2025-03-01" + "policySetDefinitionName": "CostManagement" }, "responses": { "200": { - "headers": {}, "body": { "value": [ { - "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", - "type": "Microsoft.Authorization/policySetDefinitions/versions", "name": "1.2.1", + "type": "Microsoft.Authorization/policySetDefinitions/versions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement/versions/1.2.1", "properties": { - "displayName": "Cost Management", "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", "metadata": { "category": "Cost Management" }, - "version": "1.2.1", "policyDefinitions": [ { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Limit_Skus", "parameters": { "listOfAllowedSKUs": { "value": [ @@ -32,12 +28,12 @@ "Standard_LRS" ] } - } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" }, { - "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Resource_Naming", "parameters": { "prefix": { "value": "DeptA" @@ -45,13 +41,19 @@ "suffix": { "value": "-LC" } - } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" } - ] + ], + "version": "1.2.1" } } ] - } + }, + "headers": {} } - } + }, + "operationId": "PolicySetDefinitionVersions_ListByManagementGroup", + "title": "List policy set definitions at management group level" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicySetDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicySetDefinitions.json index 7eb27af4f3e1..d330a3004a84 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicySetDefinitions.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicySetDefinitions.json @@ -1,104 +1,96 @@ { "parameters": { - "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "api-version": "2025-03-01" + "api-version": "2025-03-01", + "subscriptionId": "ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "200": { - "headers": {}, "body": { "value": [ { + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", "properties": { - "displayName": "[Preview]: Enable Monitoring in Azure Security Center", - "policyType": "BuiltIn", "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", "metadata": { "category": "Security Center" }, - "version": "1.2.1", - "versions": [ - "1.2.1", - "1.0.0" - ], "parameters": {}, "policyDefinitions": [ { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", "policyDefinitionReferenceId": "RefId1" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", "policyDefinitionReferenceId": "RefId2" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", "policyDefinitionReferenceId": "RefId3" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", "policyDefinitionReferenceId": "RefId4" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", "policyDefinitionReferenceId": "RefId5" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", "policyDefinitionReferenceId": "RefId6" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", "policyDefinitionReferenceId": "RefId7" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15", "policyDefinitionReferenceId": "RefId8" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", "policyDefinitionReferenceId": "RefId9" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", "policyDefinitionReferenceId": "RefId10" } + ], + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" ] - }, - "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", - "type": "Microsoft.Authorization/policySetDefinitions", - "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + } }, { - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", - "type": "Microsoft.Authorization/policySetDefinitions", "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", "properties": { - "displayName": "Cost Management", "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", "metadata": { "category": "Cost Management" }, - "version": "1.2.1", - "versions": [ - "1.2.1", - "1.0.0" - ], "policyDefinitions": [ { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Limit_Skus", "parameters": { "listOfAllowedSKUs": { "value": [ @@ -106,12 +98,12 @@ "Standard_LRS" ] } - } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" }, { - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Resource_Naming", "parameters": { "prefix": { "value": "DeptA" @@ -119,13 +111,23 @@ "suffix": { "value": "-LC" } - } + }, + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" ] } } ] - } + }, + "headers": {} } - } + }, + "operationId": "PolicySetDefinitions_List", + "title": "List policy set definitions" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicySetDefinitionsByManagementGroup.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicySetDefinitionsByManagementGroup.json index 22dc8d8b4b27..c13d482435c4 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicySetDefinitionsByManagementGroup.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/listPolicySetDefinitionsByManagementGroup.json @@ -1,46 +1,42 @@ { "parameters": { - "managementGroupId": "MyManagementGroup", - "api-version": "2025-03-01" + "api-version": "2025-03-01", + "managementGroupId": "MyManagementGroup" }, "responses": { "200": { - "headers": {}, "body": { "value": [ { + "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", "properties": { - "displayName": "[Preview]: Enable Monitoring in Azure Security Center", - "policyType": "BuiltIn", "description": "Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center.", + "displayName": "[Preview]: Enable Monitoring in Azure Security Center", "metadata": { "category": "Security Center" }, - "version": "1.2.1", - "versions": [ - "1.2.1", - "1.0.0" - ], "parameters": {}, "policyDefinitions": [ { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16", "policyDefinitionReferenceId": "RefId1" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d", "policyDefinitionReferenceId": "RefId2" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", "policyDefinitionReferenceId": "RefId3" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759", "policyDefinitionReferenceId": "RefId4" }, { @@ -48,13 +44,13 @@ "policyDefinitionReferenceId": "RefId5" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", "policyDefinitionReferenceId": "RefId6" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed", "policyDefinitionReferenceId": "RefId7" }, { @@ -62,41 +58,37 @@ "policyDefinitionReferenceId": "RefId8" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", "policyDefinitionReferenceId": "RefId9" }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", "definitionVersion": "1.*.*", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", "policyDefinitionReferenceId": "RefId10" } + ], + "policyType": "BuiltIn", + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" ] - }, - "id": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", - "type": "Microsoft.Authorization/policySetDefinitions", - "name": "1f3afdf9-d0c9-4c3d-847f-89da613e70a8" + } }, { - "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", - "type": "Microsoft.Authorization/policySetDefinitions", "name": "CostManagement", + "type": "Microsoft.Authorization/policySetDefinitions", + "id": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", "properties": { - "displayName": "Cost Management", "description": "Policies to enforce low cost storage SKUs", + "displayName": "Cost Management", "metadata": { "category": "Cost Management" }, - "version": "1.2.1", - "versions": [ - "1.2.1", - "1.0.0" - ], "policyDefinitions": [ { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Limit_Skus", "parameters": { "listOfAllowedSKUs": { "value": [ @@ -104,12 +96,12 @@ "Standard_LRS" ] } - } + }, + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1", + "policyDefinitionReferenceId": "Limit_Skus" }, { - "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "Resource_Naming", "parameters": { "prefix": { "value": "DeptA" @@ -117,13 +109,23 @@ "suffix": { "value": "-LC" } - } + }, + "policyDefinitionId": "/providers/Microsoft.Management/managementgroups/MyManagementGroup/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "policyDefinitionReferenceId": "Resource_Naming" } + ], + "version": "1.2.1", + "versions": [ + "1.2.1", + "1.0.0" ] } } ] - } + }, + "headers": {} } - } + }, + "operationId": "PolicySetDefinitions_ListByManagementGroup", + "title": "List policy set definitions at management group level" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/updatePolicyAssignmentWithIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/updatePolicyAssignmentWithIdentity.json index 60cd5093992b..116b5227d41c 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/updatePolicyAssignmentWithIdentity.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/updatePolicyAssignmentWithIdentity.json @@ -1,27 +1,36 @@ { "parameters": { - "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "policyAssignmentName": "EnforceNaming", "api-version": "2025-03-01", "parameters": { - "location": "eastus", "identity": { "type": "SystemAssigned" - } - } + }, + "location": "eastus" + }, + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "200": { - "headers": {}, "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "identity": { + "type": "SystemAssigned", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", + "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" + }, + "location": "eastus", "properties": { - "displayName": "Enforce resource naming rules", "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", "metadata": { "assignedBy": "Special Someone" }, - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", - "definitionVersion": "1.*.*", "notScopes": [], "parameters": { "prefix": { @@ -31,20 +40,13 @@ "value": "-LC" } }, - "enforcementMode": "Default", - "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b" - }, - "identity": { - "type": "SystemAssigned", - "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", - "tenantId": "4bee2b8a-1bee-47c2-90e9-404241551135" - }, - "location": "eastus", - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", - "type": "Microsoft.Authorization/policyAssignments", - "name": "EnforceNaming" - } + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} } - } + }, + "operationId": "PolicyAssignments_Update", + "title": "Update a policy assignment with a system assigned identity" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/updatePolicyAssignmentWithOverrides.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/updatePolicyAssignmentWithOverrides.json index 89fb00c11dcd..84030547bf7e 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/updatePolicyAssignmentWithOverrides.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/updatePolicyAssignmentWithOverrides.json @@ -1,64 +1,66 @@ { "parameters": { - "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "policyAssignmentName": "CostManagement", "api-version": "2025-03-01", "parameters": { "properties": { "overrides": [ { "kind": "policyEffect", - "value": "Audit", "selectors": [ { - "kind": "policyDefinitionReferenceId", "in": [ "Limit_Skus", "Limit_Locations" - ] + ], + "kind": "policyDefinitionReferenceId" } - ] + ], + "value": "Audit" } ] } - } + }, + "policyAssignmentName": "CostManagement", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "200": { - "headers": {}, "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", "properties": { - "displayName": "Limit the resource location and resource SKU", "description": "Limit the resource location and resource SKU", + "definitionVersion": "1.*.*", + "displayName": "Limit the resource location and resource SKU", + "enforcementMode": "Default", + "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e", "metadata": { "assignedBy": "Special Someone" }, - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", - "definitionVersion": "1.*.*", "notScopes": [], - "enforcementMode": "Default", - "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", "overrides": [ { "kind": "policyEffect", - "value": "Audit", "selectors": [ { - "kind": "policyDefinitionReferenceId", "in": [ "Limit_Skus", "Limit_Locations" - ] + ], + "kind": "policyDefinitionReferenceId" } - ] + ], + "value": "Audit" } ], - "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e" - }, - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", - "type": "Microsoft.Authorization/policyAssignments", - "name": "CostManagement" - } + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} } - } + }, + "operationId": "PolicyAssignments_Update", + "title": "Update a policy assignment with overrides" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/updatePolicyAssignmentWithResourceSelectors.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/updatePolicyAssignmentWithResourceSelectors.json index fa5606cea323..4c6967ba9aec 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/updatePolicyAssignmentWithResourceSelectors.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/updatePolicyAssignmentWithResourceSelectors.json @@ -1,7 +1,5 @@ { "parameters": { - "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "policyAssignmentName": "CostManagement", "api-version": "2025-03-01", "parameters": { "properties": { @@ -10,53 +8,57 @@ "name": "SDPRegions", "selectors": [ { - "kind": "resourceLocation", "in": [ "eastus2euap", "centraluseuap" - ] + ], + "kind": "resourceLocation" } ] } ] } - } + }, + "policyAssignmentName": "CostManagement", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "200": { - "headers": {}, "body": { + "name": "CostManagement", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", "properties": { - "displayName": "Limit the resource location and resource SKU", "description": "Limit the resource location and resource SKU", + "definitionVersion": "1.*.*", + "displayName": "Limit the resource location and resource SKU", + "enforcementMode": "Default", + "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e", "metadata": { "assignedBy": "Special Someone" }, - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", - "definitionVersion": "1.*.*", "notScopes": [], - "enforcementMode": "Default", - "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policySetDefinitions/CostManagement", "resourceSelectors": [ { "name": "SDPRegions", "selectors": [ { - "kind": "resourceLocation", "in": [ "eastus2euap", "centraluseuap" - ] + ], + "kind": "resourceLocation" } ] } ], - "instanceId": "a3c4d5e6-f7a8-9b0c-1d2e-3f4a5b6c7d8e" - }, - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/CostManagement", - "type": "Microsoft.Authorization/policyAssignments", - "name": "CostManagement" - } + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} } - } + }, + "operationId": "PolicyAssignments_Update", + "title": "Update a policy assignment with resource selectors" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/updatePolicyAssignmentWithUserAssignedIdentity.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/updatePolicyAssignmentWithUserAssignedIdentity.json index b9f912dcf623..1b4d76996cb7 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/updatePolicyAssignmentWithUserAssignedIdentity.json +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/examples/updatePolicyAssignmentWithUserAssignedIdentity.json @@ -1,30 +1,43 @@ { "parameters": { - "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "policyAssignmentName": "EnforceNaming", "api-version": "2025-03-01", "parameters": { - "location": "eastus", "identity": { "type": "UserAssigned", "userAssignedIdentities": { "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": {} } - } - } + }, + "location": "eastus" + }, + "policyAssignmentName": "EnforceNaming", + "scope": "subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" }, "responses": { "200": { - "headers": {}, "body": { + "name": "EnforceNaming", + "type": "Microsoft.Authorization/policyAssignments", + "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", + "identity": { + "type": "UserAssigned", + "userAssignedIdentities": { + "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": { + "clientId": "4bee2b8a-1bee-47c2-90e9-404241551135", + "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a" + } + } + }, + "location": "eastus", "properties": { - "displayName": "Enforce resource naming rules", "description": "Force resource names to begin with given DeptA and end with -LC", + "definitionVersion": "1.*.*", + "displayName": "Enforce resource naming rules", + "enforcementMode": "Default", + "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b", "metadata": { "assignedBy": "Special Someone" }, - "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", - "definitionVersion": "1.*.*", "notScopes": [], "parameters": { "prefix": { @@ -34,24 +47,13 @@ "value": "-LC" } }, - "enforcementMode": "Default", - "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2", - "instanceId": "e4b0f5a6-7c8d-4e9f-8a1b-2c3d4e5f6a7b" - }, - "identity": { - "type": "UserAssigned", - "userAssignedIdentities": { - "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/resourceGroups/testResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test-identity": { - "principalId": "e6d23f8d-af97-4fbc-bda6-00604e4e3d0a", - "clientId": "4bee2b8a-1bee-47c2-90e9-404241551135" - } - } - }, - "location": "eastus", - "id": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyAssignments/EnforceNaming", - "type": "Microsoft.Authorization/policyAssignments", - "name": "EnforceNaming" - } + "policyDefinitionId": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2/providers/Microsoft.Authorization/policyDefinitions/ResourceNaming", + "scope": "/subscriptions/ae640e6b-ba3e-4256-9d62-2993eecfa6f2" + } + }, + "headers": {} } - } + }, + "operationId": "PolicyAssignments_Update", + "title": "Update a policy assignment with a user assigned identity" } diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/openapi.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/openapi.json new file mode 100644 index 000000000000..6ce8aa44bd78 --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/openapi.json @@ -0,0 +1,4438 @@ +{ + "swagger": "2.0", + "info": { + "title": "PolicyClient", + "version": "2025-03-01", + "description": "To manage and control access to your resources, you can define customized policies and assign them at a scope.", + "x-typespec-generated": [ + { + "emitter": "@azure-tools/typespec-autorest" + } + ] + }, + "schemes": [ + "https" + ], + "host": "management.azure.com", + "produces": [ + "application/json" + ], + "consumes": [ + "application/json" + ], + "security": [ + { + "azure_auth": [ + "user_impersonation" + ] + } + ], + "securityDefinitions": { + "azure_auth": { + "type": "oauth2", + "description": "Azure Active Directory OAuth2 Flow.", + "flow": "implicit", + "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", + "scopes": { + "user_impersonation": "impersonate your user account" + } + } + }, + "tags": [ + { + "name": "PolicyAssignments" + }, + { + "name": "PolicyDefinitions" + }, + { + "name": "PolicyDefinitionVersions" + }, + { + "name": "PolicySetDefinitions" + }, + { + "name": "PolicySetDefinitionVersions" + } + ], + "paths": { + "/{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}": { + "get": { + "operationId": "PolicyAssignments_Get", + "tags": [ + "PolicyAssignments" + ], + "description": "This operation retrieves a single policy assignment, given its name and the scope it was created at.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "scope", + "in": "path", + "description": "The fully qualified Azure Resource manager identifier of the resource.", + "required": true, + "type": "string", + "x-ms-skip-url-encoding": true + }, + { + "name": "policyAssignmentName", + "in": "path", + "description": "The name of the policy assignment to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "$expand", + "in": "query", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Retrieve a policy assignment": { + "$ref": "./examples/getPolicyAssignment.json" + }, + "Retrieve a policy assignment with a system assigned identity": { + "$ref": "./examples/getPolicyAssignmentWithIdentity.json" + }, + "Retrieve a policy assignment with a user assigned identity": { + "$ref": "./examples/getPolicyAssignmentWithUserAssignedIdentity.json" + }, + "Retrieve a policy assignment with overrides": { + "$ref": "./examples/getPolicyAssignmentWithOverrides.json" + }, + "Retrieve a policy assignment with resource selectors": { + "$ref": "./examples/getPolicyAssignmentWithResourceSelectors.json" + } + } + }, + "put": { + "operationId": "PolicyAssignments_Create", + "tags": [ + "PolicyAssignments" + ], + "description": "This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "scope", + "in": "path", + "description": "The fully qualified Azure Resource manager identifier of the resource.", + "required": true, + "type": "string", + "x-ms-skip-url-encoding": true + }, + { + "name": "policyAssignmentName", + "in": "path", + "description": "The name of the policy assignment to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "parameters", + "in": "body", + "description": "Parameters for the policy assignment.", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + } + ], + "responses": { + "201": { + "description": "Resource 'PolicyAssignment' create operation succeeded", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Create or update a policy assignment": { + "$ref": "./examples/createPolicyAssignment.json" + }, + "Create or update a policy assignment to enforce policy effect only on enrolled resources during resource creation or update.": { + "$ref": "./examples/createPolicyAssignmentWithEnrollEnforcement.json" + }, + "Create or update a policy assignment with a system assigned identity": { + "$ref": "./examples/createPolicyAssignmentWithIdentity.json" + }, + "Create or update a policy assignment with a user assigned identity": { + "$ref": "./examples/createPolicyAssignmentWithUserAssignedIdentity.json" + }, + "Create or update a policy assignment with multiple non-compliance messages": { + "$ref": "./examples/createPolicyAssignmentNonComplianceMessages.json" + }, + "Create or update a policy assignment with overrides": { + "$ref": "./examples/createPolicyAssignmentWithOverrides.json" + }, + "Create or update a policy assignment with resource selectors": { + "$ref": "./examples/createPolicyAssignmentWithResourceSelectors.json" + }, + "Create or update a policy assignment without enforcing policy effect during resource creation or update.": { + "$ref": "./examples/createPolicyAssignmentWithoutEnforcement.json" + } + } + }, + "patch": { + "operationId": "PolicyAssignments_Update", + "tags": [ + "PolicyAssignments" + ], + "description": "This operation updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "scope", + "in": "path", + "description": "The fully qualified Azure Resource manager identifier of the resource.", + "required": true, + "type": "string", + "x-ms-skip-url-encoding": true + }, + { + "name": "policyAssignmentName", + "in": "path", + "description": "The name of the policy assignment to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "parameters", + "in": "body", + "description": "Parameters for policy assignment patch request.", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyAssignmentUpdate" + } + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Update a policy assignment with a system assigned identity": { + "$ref": "./examples/updatePolicyAssignmentWithIdentity.json" + }, + "Update a policy assignment with a user assigned identity": { + "$ref": "./examples/updatePolicyAssignmentWithUserAssignedIdentity.json" + }, + "Update a policy assignment with overrides": { + "$ref": "./examples/updatePolicyAssignmentWithOverrides.json" + }, + "Update a policy assignment with resource selectors": { + "$ref": "./examples/updatePolicyAssignmentWithResourceSelectors.json" + } + } + }, + "delete": { + "operationId": "PolicyAssignments_Delete", + "tags": [ + "PolicyAssignments" + ], + "description": "This operation deletes a policy assignment, given its name and the scope it was created in. The scope of a policy assignment is the part of its ID preceding '/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "scope", + "in": "path", + "description": "The fully qualified Azure Resource manager identifier of the resource.", + "required": true, + "type": "string", + "x-ms-skip-url-encoding": true + }, + { + "name": "policyAssignmentName", + "in": "path", + "description": "The name of the policy assignment to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Delete a policy assignment": { + "$ref": "./examples/deletePolicyAssignment.json" + } + } + } + }, + "/providers/Microsoft.Authorization/listPolicyDefinitionVersions": { + "post": { + "operationId": "PolicyDefinitionVersions_ListAllBuiltins", + "summary": "Lists all built-in policy definition versions.", + "description": "This operation lists all the built-in policy definition versions for all built-in policy definitions.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List all built-in policy definition versions": { + "$ref": "./examples/listAllBuiltInPolicyDefinitionVersions.json" + } + } + } + }, + "/providers/Microsoft.Authorization/listPolicySetDefinitionVersions": { + "post": { + "operationId": "PolicySetDefinitionVersions_ListAllBuiltins", + "summary": "Lists all built-in policy set definition versions.", + "description": "This operation lists all the built-in policy set definition versions for all built-in policy set definitions.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List all built-in policy definition versions": { + "$ref": "./examples/listAllBuiltInPolicySetDefinitionVersions.json" + } + } + } + }, + "/providers/Microsoft.Authorization/policyDefinitions": { + "get": { + "operationId": "PolicyDefinitions_ListBuiltIn", + "tags": [ + "PolicyDefinitions" + ], + "description": "This operation retrieves a list of all the built-in policy definitions that match the optional given $filter. If $filter='policyType -eq {value}' is provided, the returned list only includes all built-in policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all built-in policy definitions whose category match the {value}.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "$filter", + "in": "query", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000 + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List built-in policy definitions": { + "$ref": "./examples/listBuiltInPolicyDefinitions.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}": { + "get": { + "operationId": "PolicyDefinitions_GetBuiltIn", + "tags": [ + "PolicyDefinitions" + ], + "description": "This operation retrieves the built-in policy definition with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "description": "The name of the built-in policy definition to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyDefinition" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Retrieve a built-in policy definition": { + "$ref": "./examples/getBuiltinPolicyDefinition.json" + } + } + } + }, + "/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions": { + "get": { + "operationId": "PolicyDefinitionVersions_ListBuiltIn", + "tags": [ + "PolicyDefinitionVersions" + ], + "description": "This operation retrieves a list of all the built-in policy definition versions for the given policy definition.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "description": "The name of the policy definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "$top", + "in": "query", + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000 + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List built-in policy definition versions": { + "$ref": "./examples/listBuiltInPolicyDefinitionVersions.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions/{policyDefinitionVersion}": { + "get": { + "operationId": "PolicyDefinitionVersions_GetBuiltIn", + "tags": [ + "PolicyDefinitionVersions" + ], + "description": "This operation retrieves the built-in policy definition version with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "description": "The name of the policy definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "policyDefinitionVersion", + "in": "path", + "description": "The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number", + "required": true, + "type": "string", + "pattern": "^\\d+\\.\\d+\\.\\d+$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Retrieve a built-in policy definition version": { + "$ref": "./examples/getBuiltinPolicyDefinitionVersion.json" + } + } + } + }, + "/providers/Microsoft.Authorization/policySetDefinitions": { + "get": { + "operationId": "PolicySetDefinitions_ListBuiltIn", + "tags": [ + "PolicySetDefinitions" + ], + "description": "This operation retrieves a list of all the built-in policy set definitions that match the optional given $filter. If $filter='category -eq {value}' is provided, the returned list only includes all built-in policy set definitions whose category match the {value}.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "$filter", + "in": "query", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}.", + "required": false, + "type": "string" + }, + { + "name": "$expand", + "in": "query", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000 + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List built-in policy set definitions": { + "$ref": "./examples/listBuiltInPolicySetDefinitions.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}": { + "get": { + "operationId": "PolicySetDefinitions_GetBuiltIn", + "tags": [ + "PolicySetDefinitions" + ], + "description": "This operation retrieves the built-in policy set definition with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "description": "The name of the policy set definition to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "$expand", + "in": "query", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Retrieve a built-in policy set definition": { + "$ref": "./examples/getBuiltInPolicySetDefinition.json" + } + } + } + }, + "/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions": { + "get": { + "operationId": "PolicySetDefinitionVersions_ListBuiltIn", + "tags": [ + "PolicySetDefinitionVersions" + ], + "description": "This operation retrieves a list of all the built-in policy set definition versions for the given built-in policy set definition.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "description": "The name of the policy set definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "$expand", + "in": "query", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000 + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List built-in policy set definitions": { + "$ref": "./examples/listBuiltInPolicySetDefinitionVersions.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions/{policyDefinitionVersion}": { + "get": { + "operationId": "PolicySetDefinitionVersions_GetBuiltIn", + "tags": [ + "PolicySetDefinitionVersions" + ], + "description": "This operation retrieves the built-in policy set definition version with the given name and version.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "description": "The name of the policy set definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "policyDefinitionVersion", + "in": "path", + "description": "The policy set definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number", + "required": true, + "type": "string", + "pattern": "^\\d+\\.\\d+\\.\\d+$" + }, + { + "name": "$expand", + "in": "query", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Retrieve a built-in policy set definition version": { + "$ref": "./examples/getBuiltInPolicySetDefinitionVersion.json" + } + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/acquirePolicyToken": { + "post": { + "operationId": "PolicyTokens_AcquireAtManagementGroup", + "summary": "Acquires a policy token at management group level.", + "description": "This operation acquires a policy token in the given management group for the given request body.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "parameters", + "in": "body", + "description": "The policy token properties.", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyTokenRequest" + } + } + ], + "responses": { + "200": { + "description": "The request has succeeded.", + "schema": { + "$ref": "#/definitions/PolicyTokenResponse" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Acquire a policy token at management group level": { + "$ref": "./examples/acquirePolicyTokenAtManagementGroup.json" + } + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/listPolicyDefinitionVersions": { + "post": { + "operationId": "PolicyDefinitionVersions_ListAllAtManagementGroup", + "summary": "Lists all policy definition versions at management group scope.", + "description": "This operation lists all the policy definition versions for all policy definitions at the management group scope.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List all policy definition versions at management group": { + "$ref": "./examples/listAllPolicyDefinitionVersionsByManagementGroup.json" + } + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/listPolicySetDefinitionVersions": { + "post": { + "operationId": "PolicySetDefinitionVersions_ListAllAtManagementGroup", + "summary": "Lists all policy set definition versions at management group scope.", + "description": "This operation lists all the policy set definition versions for all policy set definitions at the management group scope.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List all policy definition versions at management group": { + "$ref": "./examples/listAllPolicySetDefinitionVersionsByManagementGroup.json" + } + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policyAssignments": { + "get": { + "operationId": "PolicyAssignments_ListForManagementGroup", + "tags": [ + "PolicyAssignments" + ], + "summary": "Retrieves all policy assignments that apply to a management group.", + "description": "This operation retrieves the list of all policy assignments applicable to the management group that match the given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter=atScope() is provided, the returned list includes all policy assignments that are assigned to the management group or the management group's ancestors. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the management group. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value} that apply to the management group.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "managementGroupId", + "in": "path", + "description": "The management group ID.", + "required": true, + "type": "string", + "minLength": 1 + }, + { + "name": "$filter", + "in": "query", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atScope() is provided, the returned list only includes all policy assignments that apply to the scope, which is everything in the unfiltered list except those applied to sub scopes contained within the given scope. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the given scope. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value}.", + "required": false, + "type": "string" + }, + { + "name": "$expand", + "in": "query", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000 + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyAssignmentListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List policy assignments that apply to a management group": { + "$ref": "./examples/listPolicyAssignmentsForManagementGroup.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policyDefinitions": { + "get": { + "operationId": "PolicyDefinitions_ListByManagementGroup", + "tags": [ + "PolicyDefinitions" + ], + "description": "This operation retrieves a list of all the policy definitions in a given management group that match the optional given $filter. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, the unfiltered list includes all policy definitions associated with the management group, including those that apply directly or from management groups that contain the given management group. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given management group. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "managementGroupId", + "in": "path", + "description": "The ID of the management group.", + "required": true, + "type": "string" + }, + { + "name": "$filter", + "in": "query", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000 + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List policy definitions by management group": { + "$ref": "./examples/listPolicyDefinitionsByManagementGroup.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}": { + "get": { + "operationId": "PolicyDefinitions_GetAtManagementGroup", + "tags": [ + "PolicyDefinitions" + ], + "description": "This operation retrieves the policy definition in the given management group with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "managementGroupId", + "in": "path", + "description": "The ID of the management group.", + "required": true, + "type": "string" + }, + { + "name": "policyDefinitionName", + "in": "path", + "description": "The name of the policy definition to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyDefinition" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Retrieve a policy definition at management group level": { + "$ref": "./examples/getPolicyDefinitionAtManagementGroup.json" + } + } + }, + "put": { + "operationId": "PolicyDefinitions_CreateOrUpdateAtManagementGroup", + "tags": [ + "PolicyDefinitions" + ], + "description": "This operation creates or updates a policy definition in the given management group with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "managementGroupId", + "in": "path", + "description": "The ID of the management group.", + "required": true, + "type": "string" + }, + { + "name": "policyDefinitionName", + "in": "path", + "description": "The name of the policy definition to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "parameters", + "in": "body", + "description": "The policy definition properties.", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyDefinition" + } + } + ], + "responses": { + "201": { + "description": "Resource 'PolicyDefinition' create operation succeeded", + "schema": { + "$ref": "#/definitions/PolicyDefinition" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Create or update a policy definition at management group level": { + "$ref": "./examples/createOrUpdatePolicyDefinitionAtManagementGroup.json" + } + } + }, + "delete": { + "operationId": "PolicyDefinitions_DeleteAtManagementGroup", + "tags": [ + "PolicyDefinitions" + ], + "description": "This operation deletes the policy definition in the given management group with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "managementGroupId", + "in": "path", + "description": "The ID of the management group.", + "required": true, + "type": "string" + }, + { + "name": "policyDefinitionName", + "in": "path", + "description": "The name of the policy definition to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Delete a policy definition at management group level": { + "$ref": "./examples/deletePolicyDefinitionAtManagementGroup.json" + } + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions": { + "get": { + "operationId": "PolicyDefinitionVersions_ListByManagementGroup", + "tags": [ + "PolicyDefinitionVersions" + ], + "description": "This operation retrieves a list of all the policy definition versions for the given policy definition in the given management group.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "description": "The name of the policy definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "$top", + "in": "query", + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000 + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List policy definition versions by management group": { + "$ref": "./examples/listPolicyDefinitionVersionsByManagementGroup.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions/{policyDefinitionVersion}": { + "get": { + "operationId": "PolicyDefinitionVersions_GetAtManagementGroup", + "tags": [ + "PolicyDefinitionVersions" + ], + "description": "This operation retrieves the policy definition version in the given management group with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "description": "The name of the policy definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "policyDefinitionVersion", + "in": "path", + "description": "The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number", + "required": true, + "type": "string", + "pattern": "^\\d+\\.\\d+\\.\\d+$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Retrieve a policy definition version at management group level": { + "$ref": "./examples/getPolicyDefinitionVersionAtManagementGroup.json" + } + } + }, + "put": { + "operationId": "PolicyDefinitionVersions_CreateOrUpdateAtManagementGroup", + "tags": [ + "PolicyDefinitionVersions" + ], + "description": "This operation creates or updates a policy definition version in the given management group with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "description": "The name of the policy definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "policyDefinitionVersion", + "in": "path", + "description": "The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number", + "required": true, + "type": "string", + "pattern": "^\\d+\\.\\d+\\.\\d+$" + }, + { + "name": "parameters", + "in": "body", + "description": "The policy definition properties.", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + } + } + ], + "responses": { + "200": { + "description": "Resource 'PolicyDefinitionVersion' update operation succeeded", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + } + }, + "201": { + "description": "Resource 'PolicyDefinitionVersion' create operation succeeded", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Create or update a policy definition version at management group level": { + "$ref": "./examples/createOrUpdatePolicyDefinitionVersionAtManagementGroup.json" + } + } + }, + "delete": { + "operationId": "PolicyDefinitionVersions_DeleteAtManagementGroup", + "tags": [ + "PolicyDefinitionVersions" + ], + "description": "This operation deletes the policy definition in the given management group with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "description": "The name of the policy definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "policyDefinitionVersion", + "in": "path", + "description": "The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number", + "required": true, + "type": "string", + "pattern": "^\\d+\\.\\d+\\.\\d+$" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Delete a policy definition version at management group level": { + "$ref": "./examples/deletePolicyDefinitionVersionAtManagementGroup.json" + } + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policySetDefinitions": { + "get": { + "operationId": "PolicySetDefinitions_ListByManagementGroup", + "tags": [ + "PolicySetDefinitions" + ], + "description": "This operation retrieves a list of all the policy set definitions in a given management group that match the optional given $filter. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, the unfiltered list includes all policy set definitions associated with the management group, including those that apply directly or from management groups that contain the given management group. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given management group. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn and Custom. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "managementGroupId", + "in": "path", + "description": "The ID of the management group.", + "required": true, + "type": "string" + }, + { + "name": "$filter", + "in": "query", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}.", + "required": false, + "type": "string" + }, + { + "name": "$expand", + "in": "query", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000 + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List policy set definitions at management group level": { + "$ref": "./examples/listPolicySetDefinitionsByManagementGroup.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}": { + "get": { + "operationId": "PolicySetDefinitions_GetAtManagementGroup", + "tags": [ + "PolicySetDefinitions" + ], + "description": "This operation retrieves the policy set definition in the given management group with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "managementGroupId", + "in": "path", + "description": "The ID of the management group.", + "required": true, + "type": "string" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "description": "The name of the policy set definition to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "$expand", + "in": "query", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Retrieve a policy set definition at management group level": { + "$ref": "./examples/getPolicySetDefinitionAtManagementGroup.json" + } + } + }, + "put": { + "operationId": "PolicySetDefinitions_CreateOrUpdateAtManagementGroup", + "tags": [ + "PolicySetDefinitions" + ], + "description": "This operation creates or updates a policy set definition in the given management group with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "managementGroupId", + "in": "path", + "description": "The ID of the management group.", + "required": true, + "type": "string" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "description": "The name of the policy set definition to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "parameters", + "in": "body", + "description": "The policy set definition properties.", + "required": true, + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + } + ], + "responses": { + "200": { + "description": "Resource 'PolicySetDefinition' update operation succeeded", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "201": { + "description": "Resource 'PolicySetDefinition' create operation succeeded", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Create or update a policy set definition at management group level": { + "$ref": "./examples/createOrUpdatePolicySetDefinitionAtManagementGroup.json" + }, + "Create or update a policy set definition with groups at management group level": { + "$ref": "./examples/createOrUpdatePolicySetDefinitionWithGroupsAtManagementGroup.json" + } + } + }, + "delete": { + "operationId": "PolicySetDefinitions_DeleteAtManagementGroup", + "tags": [ + "PolicySetDefinitions" + ], + "description": "This operation deletes the policy set definition in the given management group with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "managementGroupId", + "in": "path", + "description": "The ID of the management group.", + "required": true, + "type": "string" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "description": "The name of the policy set definition to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Delete a policy set definition at management group level": { + "$ref": "./examples/deletePolicySetDefinitionAtManagementGroup.json" + } + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions": { + "get": { + "operationId": "PolicySetDefinitionVersions_ListByManagementGroup", + "tags": [ + "PolicySetDefinitionVersions" + ], + "description": "This operation retrieves a list of all the policy set definition versions for the given policy set definition in a given management group.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "description": "The name of the policy set definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "$expand", + "in": "query", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000 + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List policy set definitions at management group level": { + "$ref": "./examples/listPolicySetDefinitionVersionsByManagementGroup.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions/{policyDefinitionVersion}": { + "get": { + "operationId": "PolicySetDefinitionVersions_GetAtManagementGroup", + "tags": [ + "PolicySetDefinitionVersions" + ], + "description": "This operation retrieves the policy set definition version in the given management group with the given name and version.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "description": "The name of the policy set definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "policyDefinitionVersion", + "in": "path", + "description": "The policy set definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number", + "required": true, + "type": "string", + "pattern": "^\\d+\\.\\d+\\.\\d+$" + }, + { + "name": "$expand", + "in": "query", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Retrieve a policy set definition version at management group level": { + "$ref": "./examples/getPolicySetDefinitionVersionAtManagementGroup.json" + } + } + }, + "put": { + "operationId": "PolicySetDefinitionVersions_CreateOrUpdateAtManagementGroup", + "tags": [ + "PolicySetDefinitionVersions" + ], + "description": "This operation creates or updates a policy set definition version in the given management group with the given name and version.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "description": "The name of the policy set definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "policyDefinitionVersion", + "in": "path", + "description": "The policy set definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number", + "required": true, + "type": "string", + "pattern": "^\\d+\\.\\d+\\.\\d+$" + }, + { + "name": "parameters", + "in": "body", + "description": "The policy set definition version properties.", + "required": true, + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + } + } + ], + "responses": { + "200": { + "description": "Resource 'PolicySetDefinitionVersion' update operation succeeded", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + } + }, + "201": { + "description": "Resource 'PolicySetDefinitionVersion' create operation succeeded", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Create or update a policy set definition version at management group level": { + "$ref": "./examples/createOrUpdatePolicySetDefinitionVersionAtManagementGroup.json" + } + } + }, + "delete": { + "operationId": "PolicySetDefinitionVersions_DeleteAtManagementGroup", + "tags": [ + "PolicySetDefinitionVersions" + ], + "description": "This operation deletes the policy set definition version in the given management group with the given name and version.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "description": "The name of the policy set definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "policyDefinitionVersion", + "in": "path", + "description": "The policy set definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number", + "required": true, + "type": "string", + "pattern": "^\\d+\\.\\d+\\.\\d+$" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Delete a policy set definition version at management group level": { + "$ref": "./examples/deletePolicySetDefinitionVersionAtManagementGroup.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/acquirePolicyToken": { + "post": { + "operationId": "PolicyTokens_Acquire", + "summary": "Acquires a policy token.", + "description": "This operation acquires a policy token in the given subscription for the given request body.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "parameters", + "in": "body", + "description": "The request body", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyTokenRequest" + } + } + ], + "responses": { + "200": { + "description": "The request has succeeded.", + "schema": { + "$ref": "#/definitions/PolicyTokenResponse" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Acquire a policy token": { + "$ref": "./examples/acquirePolicyToken.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/listPolicyDefinitionVersions": { + "post": { + "operationId": "PolicyDefinitionVersions_ListAll", + "summary": "Lists all policy definition versions within a subscription.", + "description": "This operation lists all the policy definition versions for all policy definitions within a subscription.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List all policy definition versions at subscription": { + "$ref": "./examples/listAllPolicyDefinitionVersions.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/listPolicySetDefinitionVersions": { + "post": { + "operationId": "PolicySetDefinitionVersions_ListAll", + "summary": "Lists all policy set definition versions within a subscription.", + "description": "This operation lists all the policy set definition versions for all policy set definitions within a subscription.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List all policy definition versions at subscription": { + "$ref": "./examples/listAllPolicySetDefinitionVersions.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyAssignments": { + "get": { + "operationId": "PolicyAssignments_List", + "tags": [ + "PolicyAssignments" + ], + "summary": "Retrieves all policy assignments that apply to a subscription.", + "description": "This operation retrieves the list of all policy assignments associated with the given subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy assignments associated with the subscription, including those that apply directly or from management groups that contain the given subscription, as well as any applied to objects contained within the subscription. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the subscription, which is everything in the unfiltered list except those applied to objects contained within the subscription. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the subscription. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value}.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "$filter", + "in": "query", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atScope() is provided, the returned list only includes all policy assignments that apply to the scope, which is everything in the unfiltered list except those applied to sub scopes contained within the given scope. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the given scope. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value}.", + "required": false, + "type": "string" + }, + { + "name": "$expand", + "in": "query", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000 + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyAssignmentListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List policy assignments that apply to a subscription": { + "$ref": "./examples/listPolicyAssignments.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions": { + "get": { + "operationId": "PolicyDefinitions_List", + "tags": [ + "PolicyDefinitions" + ], + "description": "This operation retrieves a list of all the policy definitions in a given subscription that match the optional given $filter. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, the unfiltered list includes all policy definitions associated with the subscription, including those that apply directly or from management groups that contain the given subscription. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given subscription. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "$filter", + "in": "query", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000 + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List policy definitions by subscription": { + "$ref": "./examples/listPolicyDefinitions.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}": { + "get": { + "operationId": "PolicyDefinitions_Get", + "tags": [ + "PolicyDefinitions" + ], + "description": "This operation retrieves the policy definition in the given subscription with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "description": "The name of the policy definition to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyDefinition" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Retrieve a policy definition": { + "$ref": "./examples/getPolicyDefinition.json" + } + } + }, + "put": { + "operationId": "PolicyDefinitions_CreateOrUpdate", + "tags": [ + "PolicyDefinitions" + ], + "description": "This operation creates or updates a policy definition in the given subscription with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "description": "The name of the policy definition to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "parameters", + "in": "body", + "description": "The policy definition properties.", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyDefinition" + } + } + ], + "responses": { + "201": { + "description": "Resource 'PolicyDefinition' create operation succeeded", + "schema": { + "$ref": "#/definitions/PolicyDefinition" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Create or update a policy definition": { + "$ref": "./examples/createOrUpdatePolicyDefinition.json" + }, + "Create or update a policy definition with advanced parameters": { + "$ref": "./examples/createOrUpdatePolicyDefinitionAdvancedParams.json" + }, + "Create or update a policy definition with external evaluation enforcement settings": { + "$ref": "./examples/createOrUpdatePolicyDefinitionExternalEvaluationEnforcementSettings.json" + } + } + }, + "delete": { + "operationId": "PolicyDefinitions_Delete", + "tags": [ + "PolicyDefinitions" + ], + "description": "This operation deletes the policy definition in the given subscription with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "description": "The name of the policy definition to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Delete a policy definition": { + "$ref": "./examples/deletePolicyDefinition.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions": { + "get": { + "operationId": "PolicyDefinitionVersions_List", + "tags": [ + "PolicyDefinitionVersions" + ], + "description": "This operation retrieves a list of all the policy definition versions for the given policy definition.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "description": "The name of the policy definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "$top", + "in": "query", + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000 + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List policy definition versions by subscription": { + "$ref": "./examples/listPolicyDefinitionVersions.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions/{policyDefinitionVersion}": { + "get": { + "operationId": "PolicyDefinitionVersions_Get", + "tags": [ + "PolicyDefinitionVersions" + ], + "description": "This operation retrieves the policy definition version in the given subscription with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "description": "The name of the policy definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "policyDefinitionVersion", + "in": "path", + "description": "The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number", + "required": true, + "type": "string", + "pattern": "^\\d+\\.\\d+\\.\\d+$" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Retrieve a policy definition version": { + "$ref": "./examples/getPolicyDefinitionVersion.json" + } + } + }, + "put": { + "operationId": "PolicyDefinitionVersions_CreateOrUpdate", + "tags": [ + "PolicyDefinitionVersions" + ], + "description": "This operation creates or updates a policy definition in the given subscription with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "description": "The name of the policy definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "policyDefinitionVersion", + "in": "path", + "description": "The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number", + "required": true, + "type": "string", + "pattern": "^\\d+\\.\\d+\\.\\d+$" + }, + { + "name": "parameters", + "in": "body", + "description": "The policy definition properties.", + "required": true, + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + } + } + ], + "responses": { + "200": { + "description": "Resource 'PolicyDefinitionVersion' update operation succeeded", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + } + }, + "201": { + "description": "Resource 'PolicyDefinitionVersion' create operation succeeded", + "schema": { + "$ref": "#/definitions/PolicyDefinitionVersion" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Create or update a policy definition version": { + "$ref": "./examples/createOrUpdatePolicyDefinitionVersion.json" + } + } + }, + "delete": { + "operationId": "PolicyDefinitionVersions_Delete", + "tags": [ + "PolicyDefinitionVersions" + ], + "description": "This operation deletes the policy definition version in the given subscription with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policyDefinitionName", + "in": "path", + "description": "The name of the policy definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "policyDefinitionVersion", + "in": "path", + "description": "The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number", + "required": true, + "type": "string", + "pattern": "^\\d+\\.\\d+\\.\\d+$" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Delete a policy definition version": { + "$ref": "./examples/deletePolicyDefinitionVersion.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions": { + "get": { + "operationId": "PolicySetDefinitions_List", + "tags": [ + "PolicySetDefinitions" + ], + "description": "This operation retrieves a list of all the policy set definitions in a given subscription that match the optional given $filter. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, the unfiltered list includes all policy set definitions associated with the subscription, including those that apply directly or from management groups that contain the given subscription. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given subscription. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn and Custom. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "$filter", + "in": "query", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}.", + "required": false, + "type": "string" + }, + { + "name": "$expand", + "in": "query", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000 + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List policy set definitions": { + "$ref": "./examples/listPolicySetDefinitions.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}": { + "get": { + "operationId": "PolicySetDefinitions_Get", + "tags": [ + "PolicySetDefinitions" + ], + "description": "This operation retrieves the policy set definition in the given subscription with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "description": "The name of the policy set definition to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "$expand", + "in": "query", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Retrieve a policy set definition": { + "$ref": "./examples/getPolicySetDefinition.json" + } + } + }, + "put": { + "operationId": "PolicySetDefinitions_CreateOrUpdate", + "tags": [ + "PolicySetDefinitions" + ], + "description": "This operation creates or updates a policy set definition in the given subscription with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "description": "The name of the policy set definition to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "parameters", + "in": "body", + "description": "The policy set definition properties.", + "required": true, + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + } + ], + "responses": { + "200": { + "description": "Resource 'PolicySetDefinition' update operation succeeded", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "201": { + "description": "Resource 'PolicySetDefinition' create operation succeeded", + "schema": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Create or update a policy set definition": { + "$ref": "./examples/createOrUpdatePolicySetDefinition.json" + }, + "Create or update a policy set definition with groups": { + "$ref": "./examples/createOrUpdatePolicySetDefinitionWithGroups.json" + } + } + }, + "delete": { + "operationId": "PolicySetDefinitions_Delete", + "tags": [ + "PolicySetDefinitions" + ], + "description": "This operation deletes the policy set definition in the given subscription with the given name.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "description": "The name of the policy set definition to get.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Delete a policy set definition": { + "$ref": "./examples/deletePolicySetDefinition.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions": { + "get": { + "operationId": "PolicySetDefinitionVersions_List", + "tags": [ + "PolicySetDefinitionVersions" + ], + "description": "This operation retrieves a list of all the policy set definition versions for the given policy set definition.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "description": "The name of the policy set definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "$expand", + "in": "query", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000 + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersionListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List policy set definitions": { + "$ref": "./examples/listPolicySetDefinitionVersions.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions/{policyDefinitionVersion}": { + "get": { + "operationId": "PolicySetDefinitionVersions_Get", + "tags": [ + "PolicySetDefinitionVersions" + ], + "description": "This operation retrieves the policy set definition version in the given subscription with the given name and version.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "description": "The name of the policy set definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "policyDefinitionVersion", + "in": "path", + "description": "The policy set definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number", + "required": true, + "type": "string", + "pattern": "^\\d+\\.\\d+\\.\\d+$" + }, + { + "name": "$expand", + "in": "query", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "required": false, + "type": "string" + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Retrieve a policy set definition version": { + "$ref": "./examples/getPolicySetDefinitionVersion.json" + } + } + }, + "put": { + "operationId": "PolicySetDefinitionVersions_CreateOrUpdate", + "tags": [ + "PolicySetDefinitionVersions" + ], + "description": "This operation creates or updates a policy set definition version in the given subscription with the given name and version.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "description": "The name of the policy set definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "policyDefinitionVersion", + "in": "path", + "description": "The policy set definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number", + "required": true, + "type": "string", + "pattern": "^\\d+\\.\\d+\\.\\d+$" + }, + { + "name": "parameters", + "in": "body", + "description": "The policy set definition properties.", + "required": true, + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + } + } + ], + "responses": { + "200": { + "description": "Resource 'PolicySetDefinitionVersion' update operation succeeded", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + } + }, + "201": { + "description": "Resource 'PolicySetDefinitionVersion' create operation succeeded", + "schema": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Create or update a policy set definition version": { + "$ref": "./examples/createOrUpdatePolicySetDefinitionVersion.json" + } + } + }, + "delete": { + "operationId": "PolicySetDefinitionVersions_Delete", + "tags": [ + "PolicySetDefinitionVersions" + ], + "description": "This operation deletes the policy set definition version in the given subscription with the given name and version.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "name": "policySetDefinitionName", + "in": "path", + "description": "The name of the policy set definition.", + "required": true, + "type": "string", + "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$" + }, + { + "name": "policyDefinitionVersion", + "in": "path", + "description": "The policy set definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number", + "required": true, + "type": "string", + "pattern": "^\\d+\\.\\d+\\.\\d+$" + } + ], + "responses": { + "200": { + "description": "Resource deleted successfully." + }, + "204": { + "description": "Resource does not exist." + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "Delete a policy set definition version": { + "$ref": "./examples/deletePolicySetDefinitionVersion.json" + } + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePath}/{resourceType}/{resourceName}/providers/Microsoft.Authorization/policyAssignments": { + "get": { + "operationId": "PolicyAssignments_ListForResource", + "tags": [ + "PolicyAssignments" + ], + "summary": "Retrieves all policy assignments that apply to a resource.", + "description": "This operation retrieves the list of all policy assignments associated with the specified resource in the given resource group and subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy assignments associated with the resource, including those that apply directly or from all containing scopes, as well as any applied to resources contained within the resource. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the resource, which is everything in the unfiltered list except those applied to resources contained within the resource. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the resource level. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value} that apply to the resource. Three parameters plus the resource name are used to identify a specific resource. If the resource is not part of a parent resource (the more common case), the parent resource path should not be provided (or provided as ''). For example a web app could be specified as ({resourceProviderNamespace} == 'Microsoft.Web', {parentResourcePath} == '', {resourceType} == 'sites', {resourceName} == 'MyWebApp'). If the resource is part of a parent resource, then all parameters should be provided. For example a virtual machine DNS name could be specified as ({resourceProviderNamespace} == 'Microsoft.Compute', {parentResourcePath} == 'virtualMachines/MyVirtualMachine', {resourceType} == 'domainNames', {resourceName} == 'MyComputerName'). A convenient alternative to providing the namespace and type name separately is to provide both in the {resourceType} parameter, format: ({resourceProviderNamespace} == '', {parentResourcePath} == '', {resourceType} == 'Microsoft.Web/sites', {resourceName} == 'MyWebApp').", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "resourceProviderNamespace", + "in": "path", + "description": "The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines)", + "required": true, + "type": "string" + }, + { + "name": "parentResourcePath", + "in": "path", + "description": "The parent resource path. Use empty string if there is none.", + "required": true, + "type": "string", + "x-ms-skip-url-encoding": true + }, + { + "name": "resourceType", + "in": "path", + "description": "The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites).", + "required": true, + "type": "string", + "x-ms-skip-url-encoding": true + }, + { + "name": "resourceName", + "in": "path", + "description": "The name of the resource.", + "required": true, + "type": "string", + "pattern": "^.+$" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "name": "$filter", + "in": "query", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atScope() is provided, the returned list only includes all policy assignments that apply to the scope, which is everything in the unfiltered list except those applied to sub scopes contained within the given scope. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the given scope. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value}.", + "required": false, + "type": "string" + }, + { + "name": "$expand", + "in": "query", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000 + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyAssignmentListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List policy assignments that apply to a resource group": { + "$ref": "./examples/listPolicyAssignmentsForResource.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + }, + "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Authorization/policyAssignments": { + "get": { + "operationId": "PolicyAssignments_ListForResourceGroup", + "tags": [ + "PolicyAssignments" + ], + "description": "This operation retrieves the list of all policy assignments associated with the given resource group in the given subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy assignments associated with the resource group, including those that apply directly or apply from containing scopes, as well as any applied to resources contained within the resource group. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the resource group, which is everything in the unfiltered list except those applied to resources contained within the resource group. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the resource group. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value} that apply to the resource group.", + "parameters": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" + }, + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ResourceGroupNameParameter" + }, + { + "name": "$filter", + "in": "query", + "description": "The filter to apply on the operation. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atScope() is provided, the returned list only includes all policy assignments that apply to the scope, which is everything in the unfiltered list except those applied to sub scopes contained within the given scope. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the given scope. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value}.", + "required": false, + "type": "string" + }, + { + "name": "$expand", + "in": "query", + "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", + "required": false, + "type": "string" + }, + { + "name": "$top", + "in": "query", + "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", + "required": false, + "type": "integer", + "format": "int32", + "minimum": 1, + "maximum": 1000 + } + ], + "responses": { + "200": { + "description": "Azure operation completed successfully.", + "schema": { + "$ref": "#/definitions/PolicyAssignmentListResult" + } + }, + "default": { + "description": "An unexpected error response.", + "schema": { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ErrorResponse" + } + } + }, + "x-ms-examples": { + "List policy assignments that apply to a resource group": { + "$ref": "./examples/listPolicyAssignmentsForResourceGroup.json" + } + }, + "x-ms-pageable": { + "nextLinkName": "nextLink" + } + } + } + }, + "definitions": { + "AssignmentType": { + "type": "string", + "description": "The type of policy assignment. Possible values are NotSpecified, System, SystemHidden, and Custom. Immutable.", + "enum": [ + "NotSpecified", + "System", + "SystemHidden", + "Custom" + ], + "x-ms-enum": { + "name": "AssignmentType", + "modelAsString": true, + "values": [ + { + "name": "NotSpecified", + "value": "NotSpecified", + "description": "NotSpecified" + }, + { + "name": "System", + "value": "System", + "description": "System" + }, + { + "name": "SystemHidden", + "value": "SystemHidden", + "description": "SystemHidden" + }, + { + "name": "Custom", + "value": "Custom", + "description": "Custom" + } + ] + } + }, + "ExternalEndpointResult": { + "type": "string", + "description": "The result of the external endpoint. Possible values are Succeeded and Failed.", + "enum": [ + "Succeeded", + "Failed" + ], + "x-ms-enum": { + "name": "ExternalEndpointResult", + "modelAsString": true, + "values": [ + { + "name": "Succeeded", + "value": "Succeeded", + "description": "Succeeded" + }, + { + "name": "Failed", + "value": "Failed", + "description": "Failed" + } + ] + } + }, + "ExternalEvaluationEndpointInvocationResult": { + "type": "object", + "description": "The external evaluation endpoint invocation results.", + "properties": { + "policyInfo": { + "$ref": "#/definitions/PolicyLogInfo", + "description": "The details of the policy requiring the external endpoint invocation." + }, + "result": { + "$ref": "#/definitions/ExternalEndpointResult", + "description": "The result of the external endpoint. Possible values are Succeeded and Failed." + }, + "message": { + "type": "string", + "description": "The status message with additional details about the invocation result." + }, + "retryAfter": { + "type": "string", + "format": "date-time", + "description": "The date and time after which a failed endpoint invocation can be retried." + }, + "claims": { + "description": "The set of claims that will be attached to the policy token as an attestation for the result of the endpoint invocation." + }, + "expiration": { + "type": "string", + "format": "date-time", + "description": "The expiration of the results." + } + } + }, + "ExternalEvaluationEndpointSettings": { + "type": "object", + "description": "The settings of an external endpoint providing evaluation results.", + "properties": { + "kind": { + "type": "string", + "description": "The kind of the endpoint." + }, + "details": { + "description": "The details of the endpoint." + } + } + }, + "ExternalEvaluationEnforcementSettings": { + "type": "object", + "description": "The details of the source of external evaluation results required by the policy during enforcement evaluation.", + "properties": { + "missingTokenAction": { + "type": "string", + "description": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny and language expressions are supported." + }, + "resultLifespan": { + "type": "string", + "description": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported." + }, + "endpointSettings": { + "$ref": "#/definitions/ExternalEvaluationEndpointSettings", + "description": "The settings of an external endpoint providing evaluation results." + }, + "roleDefinitionIds": { + "type": "array", + "description": "An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint.", + "items": { + "type": "string" + } + } + } + }, + "Identity": { + "type": "object", + "description": "Identity for the resource. Policy assignments support a maximum of one identity. That is either a system assigned identity or a single user assigned identity.", + "properties": { + "principalId": { + "type": "string", + "description": "The principal ID of the resource identity. This property will only be provided for a system assigned identity", + "readOnly": true + }, + "tenantId": { + "type": "string", + "description": "The tenant ID of the resource identity. This property will only be provided for a system assigned identity", + "readOnly": true + }, + "type": { + "$ref": "#/definitions/ResourceIdentityType", + "description": "The identity type. This is the only required field when adding a system or user assigned identity to a resource." + }, + "userAssignedIdentities": { + "type": "object", + "description": "The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.", + "additionalProperties": { + "$ref": "#/definitions/UserAssignedIdentitiesValue" + } + } + } + }, + "NonComplianceMessage": { + "type": "object", + "description": "A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results.", + "properties": { + "message": { + "type": "string", + "description": "A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results." + }, + "policyDefinitionReferenceId": { + "type": "string", + "description": "The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment." + } + }, + "required": [ + "message" + ] + }, + "Override": { + "type": "object", + "description": "The policy property value override.", + "properties": { + "kind": { + "$ref": "#/definitions/OverrideKind", + "description": "The override kind." + }, + "value": { + "type": "string", + "description": "The value to override the policy property." + }, + "selectors": { + "type": "array", + "description": "The list of the selector expressions.", + "items": { + "$ref": "#/definitions/Selector" + }, + "x-ms-identifiers": [] + } + } + }, + "OverrideKind": { + "type": "string", + "description": "The override kind.", + "enum": [ + "policyEffect", + "definitionVersion" + ], + "x-ms-enum": { + "name": "OverrideKind", + "modelAsString": true, + "values": [ + { + "name": "policyEffect", + "value": "policyEffect", + "description": "It will override the policy effect type." + }, + { + "name": "definitionVersion", + "value": "definitionVersion", + "description": "It will override the definition version property value of the policy assignment." + } + ] + } + }, + "ParameterDefinitionsValue": { + "type": "object", + "description": "The definition of a parameter that can be provided to the policy.", + "properties": { + "type": { + "$ref": "#/definitions/ParameterType", + "description": "The data type of the parameter." + }, + "allowedValues": { + "type": "array", + "description": "The allowed values for the parameter.", + "items": {} + }, + "defaultValue": { + "description": "The default value for the parameter if no value is provided." + }, + "schema": { + "description": "Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/." + }, + "metadata": { + "$ref": "#/definitions/ParameterDefinitionsValueMetadata", + "description": "General metadata for the parameter." + } + } + }, + "ParameterDefinitionsValueMetadata": { + "type": "object", + "description": "General metadata for the parameter.", + "properties": { + "displayName": { + "type": "string", + "description": "The display name for the parameter." + }, + "description": { + "type": "string", + "description": "The description of the parameter." + }, + "strongType": { + "type": "string", + "description": "Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from." + }, + "assignPermissions": { + "type": "boolean", + "description": "Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope." + } + }, + "additionalProperties": {} + }, + "ParameterType": { + "type": "string", + "description": "The data type of the parameter.", + "enum": [ + "String", + "Array", + "Object", + "Boolean", + "Integer", + "Float", + "DateTime" + ], + "x-ms-enum": { + "name": "ParameterType", + "modelAsString": true, + "values": [ + { + "name": "String", + "value": "String", + "description": "String" + }, + { + "name": "Array", + "value": "Array", + "description": "Array" + }, + { + "name": "Object", + "value": "Object", + "description": "Object" + }, + { + "name": "Boolean", + "value": "Boolean", + "description": "Boolean" + }, + { + "name": "Integer", + "value": "Integer", + "description": "Integer" + }, + { + "name": "Float", + "value": "Float", + "description": "Float" + }, + { + "name": "DateTime", + "value": "DateTime", + "description": "DateTime" + } + ] + } + }, + "ParameterValuesValue": { + "type": "object", + "description": "The value of a parameter.", + "properties": { + "value": { + "description": "The value of the parameter." + } + } + }, + "PolicyAssignment": { + "type": "object", + "description": "The policy assignment.", + "properties": { + "properties": { + "$ref": "#/definitions/PolicyAssignmentProperties", + "description": "Properties for the policy assignment.", + "x-ms-client-flatten": true + }, + "location": { + "type": "string", + "description": "The location of the policy assignment. Only required when utilizing managed identity." + }, + "identity": { + "$ref": "#/definitions/Identity", + "description": "The managed identity associated with the policy assignment." + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "PolicyAssignmentListResult": { + "type": "object", + "description": "The response of a PolicyAssignment list operation.", + "properties": { + "value": { + "type": "array", + "description": "The PolicyAssignment items on this page", + "items": { + "$ref": "#/definitions/PolicyAssignment" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "PolicyAssignmentProperties": { + "type": "object", + "description": "The policy assignment properties.", + "properties": { + "displayName": { + "type": "string", + "description": "The display name of the policy assignment." + }, + "policyDefinitionId": { + "type": "string", + "description": "The ID of the policy definition or policy set definition being assigned." + }, + "definitionVersion": { + "type": "string", + "description": "The version of the policy definition to use." + }, + "latestDefinitionVersion": { + "type": "string", + "description": "The latest version of the policy definition available. This is only present if requested via the $expand query parameter.", + "readOnly": true + }, + "effectiveDefinitionVersion": { + "type": "string", + "description": "The effective version of the policy definition in use. This is only present if requested via the $expand query parameter.", + "readOnly": true + }, + "scope": { + "type": "string", + "description": "The scope for the policy assignment.", + "readOnly": true + }, + "notScopes": { + "type": "array", + "description": "The policy's excluded scopes.", + "items": { + "type": "string" + } + }, + "parameters": { + "type": "object", + "description": "The parameter values for the assigned policy rule. The keys are the parameter names.", + "additionalProperties": { + "$ref": "#/definitions/ParameterValuesValue" + } + }, + "description": { + "type": "string", + "description": "This message will be part of response in case of policy violation." + }, + "metadata": { + "description": "The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs." + }, + "enforcementMode": { + "type": "string", + "description": "The policy assignment enforcement mode. Possible values are Default, DoNotEnforce, and Enroll", + "default": "Default", + "enum": [ + "Default", + "DoNotEnforce", + "Enroll" + ], + "x-ms-enum": { + "name": "EnforcementMode", + "modelAsString": true, + "values": [ + { + "name": "Default", + "value": "Default", + "description": "The policy effect is enforced during resource creation or update." + }, + { + "name": "DoNotEnforce", + "value": "DoNotEnforce", + "description": "The policy effect is not enforced during resource creation or update." + }, + { + "name": "Enroll", + "value": "Enroll", + "description": "The policy effect is not enforced during resource creation or update until the resource or scope of the resource is enrolled to the assignment instance. Enrollment occurs upon deployment of the policy enrollment resource." + } + ] + } + }, + "nonComplianceMessages": { + "type": "array", + "description": "The messages that describe why a resource is non-compliant with the policy.", + "items": { + "$ref": "#/definitions/NonComplianceMessage" + }, + "x-ms-identifiers": [ + "message", + "policyDefinitionReferenceId" + ] + }, + "resourceSelectors": { + "type": "array", + "description": "The resource selector list to filter policies by resource properties.", + "items": { + "$ref": "#/definitions/ResourceSelector" + }, + "x-ms-identifiers": [] + }, + "overrides": { + "type": "array", + "description": "The policy property value override.", + "items": { + "$ref": "#/definitions/Override" + }, + "x-ms-identifiers": [] + }, + "assignmentType": { + "$ref": "#/definitions/AssignmentType", + "description": "The type of policy assignment. Possible values are NotSpecified, System, SystemHidden, and Custom. Immutable." + }, + "instanceId": { + "type": "string", + "description": "The instance ID of the policy assignment. This ID only and always changes when the assignment is deleted and recreated.", + "readOnly": true + } + } + }, + "PolicyAssignmentUpdate": { + "type": "object", + "description": "The policy assignment for Patch request.", + "properties": { + "properties": { + "$ref": "#/definitions/PolicyAssignmentUpdateProperties", + "description": "The policy assignment properties for Patch request.", + "x-ms-client-flatten": true + }, + "location": { + "type": "string", + "description": "The location of the policy assignment. Only required when utilizing managed identity." + }, + "identity": { + "$ref": "#/definitions/Identity", + "description": "The managed identity associated with the policy assignment." + } + } + }, + "PolicyAssignmentUpdateProperties": { + "type": "object", + "description": "The policy assignment properties for Patch request.", + "properties": { + "resourceSelectors": { + "type": "array", + "description": "The resource selector list to filter policies by resource properties.", + "items": { + "$ref": "#/definitions/ResourceSelector" + }, + "x-ms-identifiers": [] + }, + "overrides": { + "type": "array", + "description": "The policy property value override.", + "items": { + "$ref": "#/definitions/Override" + }, + "x-ms-identifiers": [] + } + } + }, + "PolicyDefinition": { + "type": "object", + "description": "The policy definition.", + "properties": { + "properties": { + "$ref": "#/definitions/PolicyDefinitionProperties", + "description": "The policy definition properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "PolicyDefinitionGroup": { + "type": "object", + "description": "The policy definition group.", + "properties": { + "name": { + "type": "string", + "description": "The name of the group." + }, + "displayName": { + "type": "string", + "description": "The group's display name." + }, + "category": { + "type": "string", + "description": "The group's category." + }, + "description": { + "type": "string", + "description": "The group's description." + }, + "additionalMetadataId": { + "type": "string", + "description": "A resource ID of a resource that contains additional metadata about the group." + } + }, + "required": [ + "name" + ] + }, + "PolicyDefinitionListResult": { + "type": "object", + "description": "The response of a PolicyDefinition list operation.", + "properties": { + "value": { + "type": "array", + "description": "The PolicyDefinition items on this page", + "items": { + "$ref": "#/definitions/PolicyDefinition" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "PolicyDefinitionProperties": { + "type": "object", + "description": "The policy definition properties.", + "properties": { + "policyType": { + "$ref": "#/definitions/PolicyType", + "description": "The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static." + }, + "mode": { + "type": "string", + "description": "The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.", + "default": "Indexed" + }, + "displayName": { + "type": "string", + "description": "The display name of the policy definition." + }, + "description": { + "type": "string", + "description": "The policy definition description." + }, + "policyRule": { + "description": "The policy rule." + }, + "metadata": { + "description": "The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs." + }, + "parameters": { + "type": "object", + "description": "The parameter definitions for parameters used in the policy rule. The keys are the parameter names.", + "additionalProperties": { + "$ref": "#/definitions/ParameterDefinitionsValue" + } + }, + "version": { + "type": "string", + "description": "The policy definition version in #.#.# format." + }, + "versions": { + "type": "array", + "description": "A list of available versions for this policy definition.", + "items": { + "type": "string" + } + }, + "externalEvaluationEnforcementSettings": { + "$ref": "#/definitions/ExternalEvaluationEnforcementSettings", + "description": "The details of the source of external evaluation results required by the policy during enforcement evaluation." + } + } + }, + "PolicyDefinitionReference": { + "type": "object", + "description": "The policy definition reference.", + "properties": { + "policyDefinitionId": { + "type": "string", + "description": "The ID of the policy definition or policy set definition." + }, + "definitionVersion": { + "type": "string", + "description": "The version of the policy definition to use." + }, + "latestDefinitionVersion": { + "type": "string", + "description": "The latest version of the policy definition available. This is only present if requested via the $expand query parameter.", + "readOnly": true + }, + "effectiveDefinitionVersion": { + "type": "string", + "description": "The effective version of the policy definition in use. This is only present if requested via the $expand query parameter.", + "readOnly": true + }, + "parameters": { + "type": "object", + "description": "The parameter values for the referenced policy rule. The keys are the parameter names.", + "additionalProperties": { + "$ref": "#/definitions/ParameterValuesValue" + } + }, + "policyDefinitionReferenceId": { + "type": "string", + "description": "A unique id (within the policy set definition) for this policy definition reference." + }, + "groupNames": { + "type": "array", + "description": "The name of the groups that this policy definition reference belongs to.", + "items": { + "type": "string" + } + } + }, + "required": [ + "policyDefinitionId" + ] + }, + "PolicyDefinitionVersion": { + "type": "object", + "description": "The ID of the policy definition version.", + "properties": { + "properties": { + "$ref": "#/definitions/PolicyDefinitionVersionProperties", + "description": "The policy definition version properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "PolicyDefinitionVersionListResult": { + "type": "object", + "description": "The response of a PolicyDefinitionVersion list operation.", + "properties": { + "value": { + "type": "array", + "description": "The PolicyDefinitionVersion items on this page", + "items": { + "$ref": "#/definitions/PolicyDefinitionVersion" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "PolicyDefinitionVersionProperties": { + "type": "object", + "description": "The policy definition properties.", + "properties": { + "policyType": { + "$ref": "#/definitions/PolicyType", + "description": "The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static." + }, + "mode": { + "type": "string", + "description": "The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.", + "default": "Indexed" + }, + "displayName": { + "type": "string", + "description": "The display name of the policy definition." + }, + "description": { + "type": "string", + "description": "The policy definition description." + }, + "policyRule": { + "description": "The policy rule." + }, + "metadata": { + "description": "The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs." + }, + "parameters": { + "type": "object", + "description": "The parameter definitions for parameters used in the policy rule. The keys are the parameter names.", + "additionalProperties": { + "$ref": "#/definitions/ParameterDefinitionsValue" + } + }, + "version": { + "type": "string", + "description": "The policy definition version in #.#.# format." + }, + "externalEvaluationEnforcementSettings": { + "$ref": "#/definitions/ExternalEvaluationEnforcementSettings", + "description": "The details of the source of external evaluation results required by the policy during enforcement evaluation." + } + } + }, + "PolicyLogInfo": { + "type": "object", + "description": "The policy log info.", + "properties": { + "policyDefinitionId": { + "type": "string", + "description": "The policy definition Id." + }, + "policySetDefinitionId": { + "type": "string", + "description": "The policy set definition Id." + }, + "policyDefinitionReferenceId": { + "type": "string", + "description": "The policy definition instance Id inside a policy set." + }, + "policySetDefinitionName": { + "type": "string", + "description": "The policy set definition name." + }, + "policySetDefinitionDisplayName": { + "type": "string", + "description": "The policy set definition display name." + }, + "policySetDefinitionVersion": { + "type": "string", + "description": "The policy set definition version." + }, + "policySetDefinitionCategory": { + "type": "string", + "description": "The policy set definition category." + }, + "policyDefinitionName": { + "type": "string", + "description": "The policy definition name." + }, + "policyDefinitionDisplayName": { + "type": "string", + "description": "The policy definition display name." + }, + "policyDefinitionVersion": { + "type": "string", + "description": "The policy definition version." + }, + "policyDefinitionEffect": { + "type": "string", + "description": "The policy definition action." + }, + "policyDefinitionGroupNames": { + "type": "array", + "description": "An array of policy definition group names.", + "items": { + "type": "string" + } + }, + "policyAssignmentId": { + "type": "string", + "description": "The policy assignment Id." + }, + "policyAssignmentName": { + "type": "string", + "description": "The policy assignment name." + }, + "policyAssignmentDisplayName": { + "type": "string", + "description": "The policy assignment display name." + }, + "policyAssignmentVersion": { + "type": "string", + "description": "The policy assignment version." + }, + "policyAssignmentScope": { + "type": "string", + "description": "The policy assignment scope." + }, + "resourceLocation": { + "type": "string", + "description": "The resource location." + }, + "ancestors": { + "type": "string", + "description": "The management group ancestors." + }, + "complianceReasonCode": { + "type": "string", + "description": "The policy compliance reason code." + }, + "policyExemptionIds": { + "type": "array", + "description": "An array of policy exemption Ids.", + "items": { + "type": "string" + } + } + } + }, + "PolicySetDefinition": { + "type": "object", + "description": "The policy set definition.", + "properties": { + "properties": { + "$ref": "#/definitions/PolicySetDefinitionProperties", + "description": "The policy set definition properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "PolicySetDefinitionListResult": { + "type": "object", + "description": "The response of a PolicySetDefinition list operation.", + "properties": { + "value": { + "type": "array", + "description": "The PolicySetDefinition items on this page", + "items": { + "$ref": "#/definitions/PolicySetDefinition" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "PolicySetDefinitionProperties": { + "type": "object", + "description": "The policy set definition properties.", + "properties": { + "policyType": { + "$ref": "#/definitions/PolicyType", + "description": "The type of policy set definition. Possible values are NotSpecified, BuiltIn, Custom, and Static." + }, + "displayName": { + "type": "string", + "description": "The display name of the policy set definition." + }, + "description": { + "type": "string", + "description": "The policy set definition description." + }, + "metadata": { + "description": "The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs." + }, + "parameters": { + "type": "object", + "description": "The policy set definition parameters that can be used in policy definition references.", + "additionalProperties": { + "$ref": "#/definitions/ParameterDefinitionsValue" + } + }, + "policyDefinitions": { + "type": "array", + "description": "An array of policy definition references.", + "items": { + "$ref": "#/definitions/PolicyDefinitionReference" + }, + "x-ms-identifiers": [ + "policyDefinitionReferenceId" + ] + }, + "policyDefinitionGroups": { + "type": "array", + "description": "The metadata describing groups of policy definition references within the policy set definition.", + "items": { + "$ref": "#/definitions/PolicyDefinitionGroup" + }, + "x-ms-identifiers": [ + "name" + ] + }, + "version": { + "type": "string", + "description": "The policy set definition version in #.#.# format." + }, + "versions": { + "type": "array", + "description": "A list of available versions for this policy set definition.", + "items": { + "type": "string" + } + } + }, + "required": [ + "policyDefinitions" + ] + }, + "PolicySetDefinitionVersion": { + "type": "object", + "description": "The policy set definition version.", + "properties": { + "properties": { + "$ref": "#/definitions/PolicySetDefinitionVersionProperties", + "description": "The policy set definition version properties.", + "x-ms-client-flatten": true + } + }, + "allOf": [ + { + "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/ProxyResource" + } + ] + }, + "PolicySetDefinitionVersionListResult": { + "type": "object", + "description": "The response of a PolicySetDefinitionVersion list operation.", + "properties": { + "value": { + "type": "array", + "description": "The PolicySetDefinitionVersion items on this page", + "items": { + "$ref": "#/definitions/PolicySetDefinitionVersion" + } + }, + "nextLink": { + "type": "string", + "format": "uri", + "description": "The link to the next page of items" + } + }, + "required": [ + "value" + ] + }, + "PolicySetDefinitionVersionProperties": { + "type": "object", + "description": "The policy set definition properties.", + "properties": { + "policyType": { + "$ref": "#/definitions/PolicyType", + "description": "The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static." + }, + "displayName": { + "type": "string", + "description": "The display name of the policy set definition." + }, + "description": { + "type": "string", + "description": "The policy set definition description." + }, + "metadata": { + "description": "The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs." + }, + "parameters": { + "type": "object", + "description": "The policy set definition parameters that can be used in policy definition references.", + "additionalProperties": { + "$ref": "#/definitions/ParameterDefinitionsValue" + } + }, + "policyDefinitions": { + "type": "array", + "description": "An array of policy definition references.", + "items": { + "$ref": "#/definitions/PolicyDefinitionReference" + }, + "x-ms-identifiers": [ + "policyDefinitionReferenceId" + ] + }, + "policyDefinitionGroups": { + "type": "array", + "description": "The metadata describing groups of policy definition references within the policy set definition.", + "items": { + "$ref": "#/definitions/PolicyDefinitionGroup" + }, + "x-ms-identifiers": [ + "name" + ] + }, + "version": { + "type": "string", + "description": "The policy set definition version in #.#.# format." + } + }, + "required": [ + "policyDefinitions" + ] + }, + "PolicyTokenOperation": { + "type": "object", + "description": "The resource operation to acquire a token for.", + "properties": { + "uri": { + "type": "string", + "description": "The request URI of the resource operation." + }, + "httpMethod": { + "type": "string", + "description": "The http method of the resource operation." + }, + "content": { + "description": "The payload of the resource operation." + } + }, + "required": [ + "uri", + "httpMethod" + ] + }, + "PolicyTokenRequest": { + "type": "object", + "description": "The policy token request properties.", + "properties": { + "operation": { + "$ref": "#/definitions/PolicyTokenOperation", + "description": "The resource operation to acquire a token for." + }, + "changeReference": { + "type": "string", + "description": "The change reference." + } + }, + "required": [ + "operation" + ] + }, + "PolicyTokenResponse": { + "type": "object", + "description": "The policy token response properties.", + "properties": { + "result": { + "$ref": "#/definitions/PolicyTokenResult", + "description": "The result of the completed token acquisition operation. Possible values are Succeeded and Failed." + }, + "message": { + "type": "string", + "description": "Status message with additional details about the token acquisition operation result." + }, + "retryAfter": { + "type": "string", + "format": "date-time", + "description": "The date and time after which the client can try to acquire a token again in the case of retry-able failures." + }, + "results": { + "type": "array", + "description": "An array of external evaluation endpoint invocation results.", + "items": { + "$ref": "#/definitions/ExternalEvaluationEndpointInvocationResult" + }, + "x-ms-identifiers": [] + }, + "changeReference": { + "type": "string", + "description": "The change reference associated with the operation for which the token is acquired." + }, + "token": { + "type": "string", + "description": "The issued policy token." + }, + "tokenId": { + "type": "string", + "description": "The unique Id assigned to the policy token." + }, + "expiration": { + "type": "string", + "format": "date-time", + "description": "The expiration of the policy token." + } + } + }, + "PolicyTokenResult": { + "type": "string", + "description": "The result of the completed token acquisition operation. Possible values are Succeeded and Failed.", + "enum": [ + "Succeeded", + "Failed" + ], + "x-ms-enum": { + "name": "PolicyTokenResult", + "modelAsString": true, + "values": [ + { + "name": "Succeeded", + "value": "Succeeded", + "description": "Succeeded" + }, + { + "name": "Failed", + "value": "Failed", + "description": "Failed" + } + ] + } + }, + "PolicyType": { + "type": "string", + "description": "The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.", + "enum": [ + "NotSpecified", + "BuiltIn", + "Custom", + "Static" + ], + "x-ms-enum": { + "name": "PolicyType", + "modelAsString": true, + "values": [ + { + "name": "NotSpecified", + "value": "NotSpecified", + "description": "NotSpecified" + }, + { + "name": "BuiltIn", + "value": "BuiltIn", + "description": "BuiltIn" + }, + { + "name": "Custom", + "value": "Custom", + "description": "Custom" + }, + { + "name": "Static", + "value": "Static", + "description": "Static" + } + ] + } + }, + "ResourceIdentityType": { + "type": "string", + "description": "The identity type. This is the only required field when adding a system or user assigned identity to a resource.", + "enum": [ + "SystemAssigned", + "UserAssigned", + "None" + ], + "x-ms-enum": { + "name": "ResourceIdentityType", + "modelAsString": false, + "values": [ + { + "name": "SystemAssigned", + "value": "SystemAssigned", + "description": "Indicates that a system assigned identity is associated with the resource." + }, + { + "name": "UserAssigned", + "value": "UserAssigned", + "description": "Indicates that a system assigned identity is associated with the resource." + }, + { + "name": "None", + "value": "None", + "description": "Indicates that no identity is associated with the resource or that the existing identity should be removed." + } + ] + } + }, + "ResourceSelector": { + "type": "object", + "description": "The resource selector to filter policies by resource properties.", + "properties": { + "name": { + "type": "string", + "description": "The name of the resource selector." + }, + "selectors": { + "type": "array", + "description": "The list of the selector expressions.", + "items": { + "$ref": "#/definitions/Selector" + }, + "x-ms-identifiers": [] + } + } + }, + "Selector": { + "type": "object", + "description": "The selector expression.", + "properties": { + "kind": { + "$ref": "#/definitions/SelectorKind", + "description": "The selector kind." + }, + "in": { + "type": "array", + "description": "The list of values to filter in.", + "items": { + "type": "string" + } + }, + "notIn": { + "type": "array", + "description": "The list of values to filter out.", + "items": { + "type": "string" + } + } + } + }, + "SelectorKind": { + "type": "string", + "description": "The selector kind.", + "enum": [ + "resourceLocation", + "resourceType", + "resourceWithoutLocation", + "policyDefinitionReferenceId" + ], + "x-ms-enum": { + "name": "SelectorKind", + "modelAsString": true, + "values": [ + { + "name": "resourceLocation", + "value": "resourceLocation", + "description": "The selector kind to filter policies by the resource location." + }, + { + "name": "resourceType", + "value": "resourceType", + "description": "The selector kind to filter policies by the resource type." + }, + { + "name": "resourceWithoutLocation", + "value": "resourceWithoutLocation", + "description": "The selector kind to filter policies by the resource without location." + }, + { + "name": "policyDefinitionReferenceId", + "value": "policyDefinitionReferenceId", + "description": "The selector kind to filter policies by the policy definition reference ID." + } + ] + } + }, + "UserAssignedIdentitiesValue": { + "type": "object", + "properties": { + "principalId": { + "type": "string", + "description": "The principal id of user assigned identity.", + "readOnly": true + }, + "clientId": { + "type": "string", + "description": "The client id of user assigned identity.", + "readOnly": true + } + } + } + }, + "parameters": {} +} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/policyAssignments.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/policyAssignments.json deleted file mode 100644 index ff1433f2173f..000000000000 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/policyAssignments.json +++ /dev/null @@ -1,1098 +0,0 @@ -{ - "swagger": "2.0", - "info": { - "title": "PolicyClient", - "version": "2025-03-01", - "description": "To manage and control access to your resources, you can define customized policies and assign them at a scope." - }, - "host": "management.azure.com", - "schemes": [ - "https" - ], - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "security": [ - { - "azure_auth": [ - "user_impersonation" - ] - } - ], - "securityDefinitions": { - "azure_auth": { - "type": "oauth2", - "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", - "flow": "implicit", - "description": "Azure Active Directory OAuth2 Flow.", - "scopes": { - "user_impersonation": "impersonate your user account" - } - } - }, - "paths": { - "/{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}": { - "delete": { - "tags": [ - "PolicyAssignments" - ], - "operationId": "PolicyAssignments_Delete", - "summary": "Deletes a policy assignment.", - "description": "This operation deletes a policy assignment, given its name and the scope it was created in. The scope of a policy assignment is the part of its ID preceding '/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.", - "x-ms-examples": { - "Delete a policy assignment": { - "$ref": "./examples/deletePolicyAssignment.json" - } - }, - "parameters": [ - { - "name": "scope", - "in": "path", - "required": true, - "type": "string", - "description": "The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'", - "x-ms-skip-url-encoding": true - }, - { - "name": "policyAssignmentName", - "in": "path", - "required": true, - "type": "string", - "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", - "description": "The name of the policy assignment to delete." - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns information about the deleted assignment.", - "schema": { - "$ref": "#/definitions/PolicyAssignment" - } - }, - "204": { - "description": "No Content - the policy assignment doesn't exist." - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - }, - "put": { - "tags": [ - "PolicyAssignments" - ], - "operationId": "PolicyAssignments_Create", - "summary": "Creates or updates a policy assignment.", - "description": " This operation creates or updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.", - "x-ms-examples": { - "Create or update a policy assignment": { - "$ref": "./examples/createPolicyAssignment.json" - }, - "Create or update a policy assignment with multiple non-compliance messages": { - "$ref": "./examples/createPolicyAssignmentNonComplianceMessages.json" - }, - "Create or update a policy assignment with a system assigned identity": { - "$ref": "./examples/createPolicyAssignmentWithIdentity.json" - }, - "Create or update a policy assignment with a user assigned identity": { - "$ref": "./examples/createPolicyAssignmentWithUserAssignedIdentity.json" - }, - "Create or update a policy assignment without enforcing policy effect during resource creation or update.": { - "$ref": "./examples/createPolicyAssignmentWithoutEnforcement.json" - }, - "Create or update a policy assignment to enforce policy effect only on enrolled resources during resource creation or update.": { - "$ref": "./examples/createPolicyAssignmentWithEnrollEnforcement.json" - }, - "Create or update a policy assignment with resource selectors": { - "$ref": "./examples/createPolicyAssignmentWithResourceSelectors.json" - }, - "Create or update a policy assignment with overrides": { - "$ref": "./examples/createPolicyAssignmentWithOverrides.json" - } - }, - "parameters": [ - { - "name": "scope", - "in": "path", - "required": true, - "type": "string", - "description": "The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'", - "x-ms-skip-url-encoding": true - }, - { - "name": "policyAssignmentName", - "in": "path", - "required": true, - "type": "string", - "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", - "description": "The name of the policy assignment." - }, - { - "name": "parameters", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/PolicyAssignment" - }, - "description": "Parameters for the policy assignment." - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "201": { - "description": "Created - Returns information about the new policy assignment.", - "schema": { - "$ref": "#/definitions/PolicyAssignment" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - }, - "get": { - "tags": [ - "PolicyAssignments" - ], - "operationId": "PolicyAssignments_Get", - "summary": "Retrieves a policy assignment.", - "description": "This operation retrieves a single policy assignment, given its name and the scope it was created at.", - "x-ms-examples": { - "Retrieve a policy assignment": { - "$ref": "./examples/getPolicyAssignment.json" - }, - "Retrieve a policy assignment with a system assigned identity": { - "$ref": "./examples/getPolicyAssignmentWithIdentity.json" - }, - "Retrieve a policy assignment with a user assigned identity": { - "$ref": "./examples/getPolicyAssignmentWithUserAssignedIdentity.json" - }, - "Retrieve a policy assignment with resource selectors": { - "$ref": "./examples/getPolicyAssignmentWithResourceSelectors.json" - }, - "Retrieve a policy assignment with overrides": { - "$ref": "./examples/getPolicyAssignmentWithOverrides.json" - } - }, - "parameters": [ - { - "name": "scope", - "in": "path", - "required": true, - "type": "string", - "description": "The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'", - "x-ms-skip-url-encoding": true - }, - { - "name": "policyAssignmentName", - "in": "path", - "required": true, - "type": "string", - "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", - "description": "The name of the policy assignment to get." - }, - { - "$ref": "#/parameters/PolicyAssignmentExpandParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns information about the policy assignment.", - "schema": { - "$ref": "#/definitions/PolicyAssignment" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - }, - "patch": { - "tags": [ - "PolicyAssignments" - ], - "operationId": "PolicyAssignments_Update", - "summary": "Updates a policy assignment.", - "description": " This operation updates a policy assignment with the given scope and name. Policy assignments apply to all resources contained within their scope. For example, when you assign a policy at resource group scope, that policy applies to all resources in the group.", - "x-ms-examples": { - "Update a policy assignment with a system assigned identity": { - "$ref": "./examples/updatePolicyAssignmentWithIdentity.json" - }, - "Update a policy assignment with a user assigned identity": { - "$ref": "./examples/updatePolicyAssignmentWithUserAssignedIdentity.json" - }, - "Update a policy assignment with resource selectors": { - "$ref": "./examples/updatePolicyAssignmentWithResourceSelectors.json" - }, - "Update a policy assignment with overrides": { - "$ref": "./examples/updatePolicyAssignmentWithOverrides.json" - } - }, - "parameters": [ - { - "name": "scope", - "in": "path", - "required": true, - "type": "string", - "description": "The scope of the policy assignment. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'", - "x-ms-skip-url-encoding": true - }, - { - "name": "policyAssignmentName", - "in": "path", - "required": true, - "type": "string", - "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", - "description": "The name of the policy assignment." - }, - { - "name": "parameters", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/PolicyAssignmentUpdate" - }, - "description": "Parameters for policy assignment patch request." - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns information about the policy assignment.", - "schema": { - "$ref": "#/definitions/PolicyAssignment" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Authorization/policyAssignments": { - "get": { - "tags": [ - "PolicyAssignments" - ], - "operationId": "PolicyAssignments_ListForResourceGroup", - "summary": "Retrieves all policy assignments that apply to a resource group.", - "description": "This operation retrieves the list of all policy assignments associated with the given resource group in the given subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy assignments associated with the resource group, including those that apply directly or apply from containing scopes, as well as any applied to resources contained within the resource group. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the resource group, which is everything in the unfiltered list except those applied to resources contained within the resource group. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the resource group. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value} that apply to the resource group.", - "x-ms-examples": { - "List policy assignments that apply to a resource group": { - "$ref": "./examples/listPolicyAssignmentsForResourceGroup.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "name": "resourceGroupName", - "in": "path", - "required": true, - "type": "string", - "description": "The name of the resource group that contains policy assignments.", - "pattern": "^[-\\w\\._\\(\\)]+$", - "minLength": 1, - "maxLength": 90 - }, - { - "$ref": "#/parameters/PolicyAssignmentsFilterParameter" - }, - { - "$ref": "#/parameters/PolicyAssignmentExpandParameter" - }, - { - "$ref": "#/parameters/TopParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns an array of policy assignments.", - "schema": { - "$ref": "#/definitions/PolicyAssignmentListResult" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{parentResourcePath}/{resourceType}/{resourceName}/providers/Microsoft.Authorization/policyAssignments": { - "get": { - "tags": [ - "PolicyAssignments" - ], - "operationId": "PolicyAssignments_ListForResource", - "summary": "Retrieves all policy assignments that apply to a resource.", - "description": "This operation retrieves the list of all policy assignments associated with the specified resource in the given resource group and subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy assignments associated with the resource, including those that apply directly or from all containing scopes, as well as any applied to resources contained within the resource. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the resource, which is everything in the unfiltered list except those applied to resources contained within the resource. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the resource level. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value} that apply to the resource. Three parameters plus the resource name are used to identify a specific resource. If the resource is not part of a parent resource (the more common case), the parent resource path should not be provided (or provided as ''). For example a web app could be specified as ({resourceProviderNamespace} == 'Microsoft.Web', {parentResourcePath} == '', {resourceType} == 'sites', {resourceName} == 'MyWebApp'). If the resource is part of a parent resource, then all parameters should be provided. For example a virtual machine DNS name could be specified as ({resourceProviderNamespace} == 'Microsoft.Compute', {parentResourcePath} == 'virtualMachines/MyVirtualMachine', {resourceType} == 'domainNames', {resourceName} == 'MyComputerName'). A convenient alternative to providing the namespace and type name separately is to provide both in the {resourceType} parameter, format: ({resourceProviderNamespace} == '', {parentResourcePath} == '', {resourceType} == 'Microsoft.Web/sites', {resourceName} == 'MyWebApp').", - "deprecated": false, - "x-ms-examples": { - "List all policy assignments that apply to a resource": { - "$ref": "./examples/listPolicyAssignmentsForResource.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "name": "resourceGroupName", - "in": "path", - "required": true, - "type": "string", - "description": "The name of the resource group containing the resource.", - "pattern": "^[-\\w\\._\\(\\)]+$", - "minLength": 1, - "maxLength": 90 - }, - { - "name": "resourceProviderNamespace", - "in": "path", - "required": true, - "type": "string", - "description": "The namespace of the resource provider. For example, the namespace of a virtual machine is Microsoft.Compute (from Microsoft.Compute/virtualMachines)" - }, - { - "name": "parentResourcePath", - "in": "path", - "required": true, - "type": "string", - "description": "The parent resource path. Use empty string if there is none.", - "x-ms-skip-url-encoding": true - }, - { - "name": "resourceType", - "in": "path", - "required": true, - "type": "string", - "description": "The resource type name. For example the type name of a web app is 'sites' (from Microsoft.Web/sites).", - "x-ms-skip-url-encoding": true - }, - { - "name": "resourceName", - "in": "path", - "required": true, - "type": "string", - "pattern": "^.+$", - "description": "The name of the resource." - }, - { - "$ref": "#/parameters/PolicyAssignmentsFilterParameter" - }, - { - "$ref": "#/parameters/PolicyAssignmentExpandParameter" - }, - { - "$ref": "#/parameters/TopParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns an array of policy assignments.", - "schema": { - "$ref": "#/definitions/PolicyAssignmentListResult" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - }, - "x-ms-odata": "#/definitions/PolicyAssignment" - } - }, - "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policyAssignments": { - "get": { - "tags": [ - "PolicyAssignments" - ], - "operationId": "PolicyAssignments_ListForManagementGroup", - "summary": "Retrieves all policy assignments that apply to a management group.", - "description": "This operation retrieves the list of all policy assignments applicable to the management group that match the given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter=atScope() is provided, the returned list includes all policy assignments that are assigned to the management group or the management group's ancestors. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the management group. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value} that apply to the management group.", - "x-ms-examples": { - "List policy assignments that apply to a management group": { - "$ref": "./examples/listPolicyAssignmentsForManagementGroup.json" - } - }, - "parameters": [ - { - "$ref": "#/parameters/ManagementGroupIdParameter" - }, - { - "$ref": "#/parameters/PolicyAssignmentsFilterParameter" - }, - { - "$ref": "#/parameters/PolicyAssignmentExpandParameter" - }, - { - "$ref": "#/parameters/TopParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns an array of policy assignments.", - "schema": { - "$ref": "#/definitions/PolicyAssignmentListResult" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyAssignments": { - "get": { - "tags": [ - "PolicyAssignments" - ], - "operationId": "PolicyAssignments_List", - "summary": "Retrieves all policy assignments that apply to a subscription.", - "description": "This operation retrieves the list of all policy assignments associated with the given subscription that match the optional given $filter. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, the unfiltered list includes all policy assignments associated with the subscription, including those that apply directly or from management groups that contain the given subscription, as well as any applied to objects contained within the subscription. If $filter=atScope() is provided, the returned list includes all policy assignments that apply to the subscription, which is everything in the unfiltered list except those applied to objects contained within the subscription. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the subscription. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value}.", - "x-ms-examples": { - "List policy assignments that apply to a subscription": { - "$ref": "./examples/listPolicyAssignments.json" - } - }, - "parameters": [ - { - "$ref": "#/parameters/PolicyAssignmentsFilterParameter" - }, - { - "$ref": "#/parameters/PolicyAssignmentExpandParameter" - }, - { - "$ref": "#/parameters/TopParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns an array of policy assignments.", - "schema": { - "$ref": "#/definitions/PolicyAssignmentListResult" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - }, - "x-ms-odata": "#/definitions/PolicyAssignment" - } - }, - "/{policyAssignmentId}": { - "delete": { - "tags": [ - "PolicyAssignments" - ], - "operationId": "PolicyAssignments_DeleteById", - "summary": "Deletes a policy assignment.", - "description": "This operation deletes the policy with the given ID. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid formats for {scope} are: '/providers/Microsoft.Management/managementGroups/{managementGroup}' (management group), '/subscriptions/{subscriptionId}' (subscription), '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}' (resource group), or '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}' (resource).", - "x-ms-examples": { - "Delete a policy assignment by ID": { - "$ref": "./examples/deletePolicyAssignmentById.json" - } - }, - "parameters": [ - { - "name": "policyAssignmentId", - "in": "path", - "required": true, - "type": "string", - "description": "The ID of the policy assignment to delete. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.", - "x-ms-skip-url-encoding": true - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns information about the policy assignment.", - "schema": { - "$ref": "#/definitions/PolicyAssignment" - } - }, - "204": { - "description": "No Content - the policy assignment doesn't exist." - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - }, - "put": { - "tags": [ - "PolicyAssignments" - ], - "operationId": "PolicyAssignments_CreateById", - "summary": "Creates or updates a policy assignment.", - "description": "This operation creates or updates the policy assignment with the given ID. Policy assignments made on a scope apply to all resources contained in that scope. For example, when you assign a policy to a resource group that policy applies to all resources in the group. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'.", - "x-ms-examples": { - "Create or update policy assignment by ID": { - "$ref": "./examples/createPolicyAssignmentById.json" - }, - "Create or update policy assignment with a managed identity by ID": { - "$ref": "./examples/createPolicyAssignmentWithIdentityById.json" - } - }, - "parameters": [ - { - "name": "policyAssignmentId", - "in": "path", - "required": true, - "type": "string", - "description": "The ID of the policy assignment to create. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.", - "x-ms-skip-url-encoding": true - }, - { - "name": "parameters", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/PolicyAssignment" - }, - "description": "Parameters for policy assignment." - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "201": { - "description": "Created - Returns information about the policy assignment.", - "schema": { - "$ref": "#/definitions/PolicyAssignment" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - }, - "get": { - "tags": [ - "PolicyAssignments" - ], - "operationId": "PolicyAssignments_GetById", - "summary": "Retrieves the policy assignment with the given ID.", - "description": "The operation retrieves the policy assignment with the given ID. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'.", - "x-ms-examples": { - "Retrieve a policy assignment by ID": { - "$ref": "./examples/getPolicyAssignmentById.json" - }, - "Retrieve a policy assignment with a managed identity by ID": { - "$ref": "./examples/getPolicyAssignmentWithIdentityById.json" - } - }, - "parameters": [ - { - "name": "policyAssignmentId", - "in": "path", - "required": true, - "type": "string", - "description": "The ID of the policy assignment to get. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.", - "x-ms-skip-url-encoding": true - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns information about the policy assignment.", - "schema": { - "$ref": "#/definitions/PolicyAssignment" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - }, - "patch": { - "tags": [ - "PolicyAssignments" - ], - "operationId": "PolicyAssignments_UpdateById", - "summary": "Updates a policy assignment.", - "description": "This operation updates the policy assignment with the given ID. Policy assignments made on a scope apply to all resources contained in that scope. For example, when you assign a policy to a resource group that policy applies to all resources in the group. Policy assignment IDs have this format: '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'. Valid scopes are: management group (format: '/providers/Microsoft.Management/managementGroups/{managementGroup}'), subscription (format: '/subscriptions/{subscriptionId}'), resource group (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}', or resource (format: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]{resourceType}/{resourceName}'.", - "x-ms-examples": { - "Update policy assignment with a managed identity by ID": { - "$ref": "./examples/updatePolicyAssignmentWithIdentityById.json" - } - }, - "parameters": [ - { - "name": "policyAssignmentId", - "in": "path", - "required": true, - "type": "string", - "description": "The ID of the policy assignment to update. Use the format '{scope}/providers/Microsoft.Authorization/policyAssignments/{policyAssignmentName}'.", - "x-ms-skip-url-encoding": true - }, - { - "name": "parameters", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/PolicyAssignmentUpdate" - }, - "description": "Parameters for policy assignment patch request." - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns information about the policy assignment.", - "schema": { - "$ref": "#/definitions/PolicyAssignment" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - } - } - }, - "definitions": { - "PolicyAssignmentProperties": { - "type": "object", - "properties": { - "displayName": { - "type": "string", - "description": "The display name of the policy assignment." - }, - "policyDefinitionId": { - "type": "string", - "description": "The ID of the policy definition or policy set definition being assigned." - }, - "definitionVersion": { - "type": "string", - "description": "The version of the policy definition to use." - }, - "latestDefinitionVersion": { - "type": "string", - "description": "The latest version of the policy definition available. This is only present if requested via the $expand query parameter.", - "readOnly": true - }, - "effectiveDefinitionVersion": { - "type": "string", - "description": "The effective version of the policy definition in use. This is only present if requested via the $expand query parameter.", - "readOnly": true - }, - "scope": { - "type": "string", - "description": "The scope for the policy assignment.", - "readOnly": true - }, - "notScopes": { - "type": "array", - "items": { - "type": "string" - }, - "description": "The policy's excluded scopes." - }, - "parameters": { - "description": "The parameter values for the assigned policy rule. The keys are the parameter names.", - "$ref": "#/definitions/ParameterValues" - }, - "description": { - "type": "string", - "description": "This message will be part of response in case of policy violation." - }, - "metadata": { - "type": "object", - "description": "The policy assignment metadata. Metadata is an open ended object and is typically a collection of key value pairs." - }, - "enforcementMode": { - "type": "string", - "description": "The policy assignment enforcement mode. Possible values are Default, DoNotEnforce, and Enroll", - "enum": [ - "Default", - "DoNotEnforce", - "Enroll" - ], - "x-ms-enum": { - "name": "enforcementMode", - "modelAsString": true, - "values": [ - { - "value": "Default", - "description": "The policy effect is enforced during resource creation or update." - }, - { - "value": "DoNotEnforce", - "description": "The policy effect is not enforced during resource creation or update." - }, - { - "value": "Enroll", - "description": "The policy effect is not enforced during resource creation or update until the resource or scope of the resource is enrolled to the assignment instance. Enrollment occurs upon deployment of the policy enrollment resource." - } - ] - }, - "default": "Default" - }, - "nonComplianceMessages": { - "type": "array", - "items": { - "$ref": "#/definitions/NonComplianceMessage" - }, - "x-ms-identifiers": [ - "message", - "policyDefinitionReferenceId" - ], - "description": "The messages that describe why a resource is non-compliant with the policy." - }, - "resourceSelectors": { - "type": "array", - "items": { - "$ref": "./types.json#/definitions/ResourceSelector" - }, - "x-ms-identifiers": [], - "description": "The resource selector list to filter policies by resource properties." - }, - "overrides": { - "type": "array", - "items": { - "$ref": "./types.json#/definitions/Override" - }, - "x-ms-identifiers": [], - "description": "The policy property value override." - }, - "assignmentType": { - "type": "string", - "description": "The type of policy assignment. Possible values are NotSpecified, System, SystemHidden, and Custom. Immutable.", - "enum": [ - "NotSpecified", - "System", - "SystemHidden", - "Custom" - ], - "x-ms-enum": { - "name": "assignmentType", - "modelAsString": true - } - }, - "instanceId": { - "type": "string", - "description": "The instance ID of the policy assignment. This ID only and always changes when the assignment is deleted and recreated.", - "readOnly": true - } - }, - "description": "The policy assignment properties." - }, - "NonComplianceMessage": { - "type": "object", - "properties": { - "message": { - "type": "string", - "description": "A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results." - }, - "policyDefinitionReferenceId": { - "type": "string", - "description": "The policy definition reference ID within a policy set definition the message is intended for. This is only applicable if the policy assignment assigns a policy set definition. If this is not provided the message applies to all policies assigned by this policy assignment." - } - }, - "required": [ - "message" - ], - "description": "A message that describes why a resource is non-compliant with the policy. This is shown in 'deny' error messages and on resource's non-compliant compliance results." - }, - "ParameterValues": { - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/ParameterValuesValue" - }, - "description": "The parameter values for the policy rule. The keys are the parameter names." - }, - "ParameterValuesValue": { - "type": "object", - "properties": { - "value": { - "description": "The value of the parameter." - } - }, - "description": "The value of a parameter." - }, - "PolicyAssignment": { - "type": "object", - "properties": { - "properties": { - "x-ms-client-flatten": true, - "$ref": "#/definitions/PolicyAssignmentProperties", - "description": "Properties for the policy assignment." - }, - "id": { - "type": "string", - "description": "The ID of the policy assignment.", - "readOnly": true - }, - "type": { - "type": "string", - "description": "The type of the policy assignment.", - "readOnly": true - }, - "name": { - "type": "string", - "description": "The name of the policy assignment.", - "readOnly": true - }, - "location": { - "type": "string", - "description": "The location of the policy assignment. Only required when utilizing managed identity." - }, - "identity": { - "$ref": "#/definitions/Identity", - "description": "The managed identity associated with the policy assignment." - }, - "systemData": { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/systemData", - "readOnly": true, - "description": "The system metadata relating to this resource." - } - }, - "description": "The policy assignment.", - "x-ms-azure-resource": true - }, - "PolicyAssignmentListResult": { - "type": "object", - "properties": { - "value": { - "type": "array", - "items": { - "$ref": "#/definitions/PolicyAssignment" - }, - "x-ms-identifiers": [], - "description": "An array of policy assignments." - }, - "nextLink": { - "type": "string", - "description": "The URL to use for getting the next set of results." - } - }, - "description": "List of policy assignments." - }, - "Identity": { - "type": "object", - "properties": { - "principalId": { - "readOnly": true, - "type": "string", - "description": "The principal ID of the resource identity. This property will only be provided for a system assigned identity" - }, - "tenantId": { - "readOnly": true, - "type": "string", - "description": "The tenant ID of the resource identity. This property will only be provided for a system assigned identity" - }, - "type": { - "type": "string", - "description": "The identity type. This is the only required field when adding a system or user assigned identity to a resource.", - "enum": [ - "SystemAssigned", - "UserAssigned", - "None" - ], - "x-ms-enum": { - "name": "ResourceIdentityType", - "modelAsString": false, - "values": [ - { - "value": "SystemAssigned", - "description": "Indicates that a system assigned identity is associated with the resource." - }, - { - "value": "UserAssigned", - "description": "Indicates that a system assigned identity is associated with the resource." - }, - { - "value": "None", - "description": "Indicates that no identity is associated with the resource or that the existing identity should be removed." - } - ] - } - }, - "userAssignedIdentities": { - "type": "object", - "additionalProperties": { - "type": "object", - "x-ms-client-name": "userAssignedIdentitiesValue", - "properties": { - "principalId": { - "readOnly": true, - "type": "string", - "description": "The principal id of user assigned identity." - }, - "clientId": { - "readOnly": true, - "type": "string", - "description": "The client id of user assigned identity." - } - } - }, - "description": "The user identity associated with the policy. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'." - } - }, - "description": "Identity for the resource. Policy assignments support a maximum of one identity. That is either a system assigned identity or a single user assigned identity." - }, - "PolicyAssignmentUpdateProperties": { - "type": "object", - "properties": { - "resourceSelectors": { - "type": "array", - "items": { - "$ref": "./types.json#/definitions/ResourceSelector" - }, - "x-ms-identifiers": [], - "description": "The resource selector list to filter policies by resource properties." - }, - "overrides": { - "type": "array", - "items": { - "$ref": "./types.json#/definitions/Override" - }, - "x-ms-identifiers": [], - "description": "The policy property value override." - } - }, - "description": "The policy assignment properties for Patch request." - }, - "PolicyAssignmentUpdate": { - "type": "object", - "properties": { - "properties": { - "x-ms-client-flatten": true, - "$ref": "#/definitions/PolicyAssignmentUpdateProperties", - "description": "The policy assignment properties for Patch request." - }, - "location": { - "type": "string", - "description": "The location of the policy assignment. Only required when utilizing managed identity." - }, - "identity": { - "$ref": "#/definitions/Identity", - "description": "The managed identity associated with the policy assignment." - } - }, - "description": "The policy assignment for Patch request." - } - }, - "parameters": { - "ManagementGroupIdParameter": { - "name": "managementGroupId", - "in": "path", - "required": true, - "type": "string", - "description": "The ID of the management group.", - "x-ms-parameter-location": "method" - }, - "PolicyAssignmentsFilterParameter": { - "name": "$filter", - "in": "query", - "required": false, - "type": "string", - "description": "The filter to apply on the operation. Valid values for $filter are: 'atScope()', 'atExactScope()' or 'policyDefinitionId eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atScope() is provided, the returned list only includes all policy assignments that apply to the scope, which is everything in the unfiltered list except those applied to sub scopes contained within the given scope. If $filter=atExactScope() is provided, the returned list only includes all policy assignments that at the given scope. If $filter=policyDefinitionId eq '{value}' is provided, the returned list includes all policy assignments of the policy definition whose id is {value}.", - "x-ms-skip-url-encoding": true, - "x-ms-parameter-location": "method" - }, - "PolicyAssignmentExpandParameter": { - "name": "$expand", - "in": "query", - "required": false, - "type": "string", - "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", - "x-ms-parameter-location": "method" - }, - "TopParameter": { - "name": "$top", - "in": "query", - "required": false, - "type": "integer", - "format": "int32", - "minimum": 1, - "maximum": 1000, - "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", - "x-ms-parameter-location": "method" - } - } -} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/policyDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/policyDefinitionVersions.json deleted file mode 100644 index e2bcba95637c..000000000000 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/policyDefinitionVersions.json +++ /dev/null @@ -1,854 +0,0 @@ -{ - "swagger": "2.0", - "info": { - "title": "PolicyClient", - "version": "2025-03-01", - "description": "To manage and control access to your resources, you can define customized policies and assign them at a scope." - }, - "host": "management.azure.com", - "schemes": [ - "https" - ], - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "security": [ - { - "azure_auth": [ - "user_impersonation" - ] - } - ], - "securityDefinitions": { - "azure_auth": { - "type": "oauth2", - "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", - "flow": "implicit", - "description": "Azure Active Directory OAuth2 Flow.", - "scopes": { - "user_impersonation": "impersonate your user account" - } - } - }, - "paths": { - "/providers/Microsoft.Authorization/listPolicyDefinitionVersions": { - "post": { - "tags": [ - "PolicyDefinitionVersions" - ], - "operationId": "PolicyDefinitionVersions_ListAllBuiltins", - "summary": "Lists all built-in policy definition versions.", - "description": "This operation lists all the built-in policy definition versions for all built-in policy definitions.", - "x-ms-examples": { - "List all built-in policy definition versions": { - "$ref": "./examples/listAllBuiltInPolicyDefinitionVersions.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns an array of policy definition versions.", - "schema": { - "$ref": "#/definitions/PolicyDefinitionVersionListResult" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - } - }, - "/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/listPolicyDefinitionVersions": { - "post": { - "tags": [ - "PolicyDefinitionVersions" - ], - "operationId": "PolicyDefinitionVersions_ListAllAtManagementGroup", - "summary": "Lists all policy definition versions at management group scope.", - "description": "This operation lists all the policy definition versions for all policy definitions at the management group scope.", - "x-ms-examples": { - "List all policy definition versions at management group": { - "$ref": "./examples/listAllPolicyDefinitionVersionsByManagementGroup.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns an array of policy definition versions.", - "schema": { - "$ref": "#/definitions/PolicyDefinitionVersionListResult" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - } - }, - "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/listPolicyDefinitionVersions": { - "post": { - "tags": [ - "PolicyDefinitionVersions" - ], - "operationId": "PolicyDefinitionVersions_ListAll", - "summary": "Lists all policy definition versions within a subscription.", - "description": "This operation lists all the policy definition versions for all policy definitions within a subscription.", - "x-ms-examples": { - "List all policy definition versions at subscription": { - "$ref": "./examples/listAllPolicyDefinitionVersions.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns an array of policy definition versions.", - "schema": { - "$ref": "#/definitions/PolicyDefinitionVersionListResult" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - } - }, - "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions/{policyDefinitionVersion}": { - "put": { - "tags": [ - "PolicyDefinitionVersions" - ], - "operationId": "PolicyDefinitionVersions_CreateOrUpdate", - "summary": "Creates or updates a policy definition in a subscription.", - "description": "This operation creates or updates a policy definition in the given subscription with the given name.", - "x-ms-examples": { - "Create or update a policy definition version": { - "$ref": "./examples/createOrUpdatePolicyDefinitionVersion.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "#/parameters/PolicyDefinitionName" - }, - { - "$ref": "#/parameters/PolicyDefinitionVersion" - }, - { - "name": "parameters", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/PolicyDefinitionVersion" - }, - "description": "The policy definition properties." - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "201": { - "description": "Created - Returns information about the policy definition version.", - "schema": { - "$ref": "#/definitions/PolicyDefinitionVersion" - } - }, - "200": { - "description": "OK - Successfully updated policy definition version.", - "schema": { - "$ref": "#/definitions/PolicyDefinitionVersion" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - }, - "delete": { - "tags": [ - "PolicyDefinitionVersions" - ], - "operationId": "PolicyDefinitionVersions_Delete", - "summary": "Deletes a policy definition version in a subscription.", - "description": "This operation deletes the policy definition version in the given subscription with the given name.", - "x-ms-examples": { - "Delete a policy definition version": { - "$ref": "./examples/deletePolicyDefinitionVersion.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "#/parameters/PolicyDefinitionName" - }, - { - "$ref": "#/parameters/PolicyDefinitionVersion" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "204": { - "description": "No Content" - }, - "200": { - "description": "OK" - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - }, - "get": { - "tags": [ - "PolicyDefinitionVersions" - ], - "operationId": "PolicyDefinitionVersions_Get", - "summary": "Retrieves a policy definition version in a subscription.", - "description": "This operation retrieves the policy definition version in the given subscription with the given name.", - "x-ms-examples": { - "Retrieve a policy definition version": { - "$ref": "./examples/getPolicyDefinitionVersion.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "#/parameters/PolicyDefinitionName" - }, - { - "$ref": "#/parameters/PolicyDefinitionVersion" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns information about the policy definition.", - "schema": { - "$ref": "#/definitions/PolicyDefinitionVersion" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - } - }, - "/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions/{policyDefinitionVersion}": { - "get": { - "tags": [ - "PolicyDefinitionVersions" - ], - "operationId": "PolicyDefinitionVersions_GetBuiltIn", - "summary": "Retrieves a built-in policy definition version.", - "description": "This operation retrieves the built-in policy definition version with the given name.", - "x-ms-examples": { - "Retrieve a built-in policy definition version": { - "$ref": "./examples/getBuiltinPolicyDefinitionVersion.json" - } - }, - "parameters": [ - { - "$ref": "#/parameters/PolicyDefinitionName" - }, - { - "$ref": "#/parameters/PolicyDefinitionVersion" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns information about the built-in policy definition.", - "schema": { - "$ref": "#/definitions/PolicyDefinitionVersion" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - } - }, - "/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions/{policyDefinitionVersion}": { - "put": { - "tags": [ - "PolicyDefinitionVersions" - ], - "operationId": "PolicyDefinitionVersions_CreateOrUpdateAtManagementGroup", - "summary": "Creates or updates a policy definition version in a management group.", - "description": "This operation creates or updates a policy definition version in the given management group with the given name.", - "x-ms-examples": { - "Create or update a policy definition version at management group level": { - "$ref": "./examples/createOrUpdatePolicyDefinitionVersionAtManagementGroup.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" - }, - { - "$ref": "#/parameters/PolicyDefinitionName" - }, - { - "$ref": "#/parameters/PolicyDefinitionVersion" - }, - { - "name": "parameters", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/PolicyDefinitionVersion" - }, - "description": "The policy definition properties." - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "201": { - "description": "Created - Returns information about the policy definition version.", - "schema": { - "$ref": "#/definitions/PolicyDefinitionVersion" - } - }, - "200": { - "description": "OK - Successfully updated policy definition version.", - "schema": { - "$ref": "#/definitions/PolicyDefinitionVersion" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - }, - "delete": { - "tags": [ - "PolicyDefinitionVersions" - ], - "operationId": "PolicyDefinitionVersions_DeleteAtManagementGroup", - "summary": "Deletes a policy definition in a management group.", - "description": "This operation deletes the policy definition in the given management group with the given name.", - "x-ms-examples": { - "Delete a policy definition version at management group level": { - "$ref": "./examples/deletePolicyDefinitionVersionAtManagementGroup.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" - }, - { - "$ref": "#/parameters/PolicyDefinitionName" - }, - { - "$ref": "#/parameters/PolicyDefinitionVersion" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "204": { - "description": "No Content" - }, - "200": { - "description": "OK" - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - }, - "get": { - "tags": [ - "PolicyDefinitionVersions" - ], - "operationId": "PolicyDefinitionVersions_GetAtManagementGroup", - "summary": "Retrieve a policy definition version in a management group.", - "description": "This operation retrieves the policy definition version in the given management group with the given name.", - "x-ms-examples": { - "Retrieve a policy definition version at management group level": { - "$ref": "./examples/getPolicyDefinitionVersionAtManagementGroup.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" - }, - { - "$ref": "#/parameters/PolicyDefinitionName" - }, - { - "$ref": "#/parameters/PolicyDefinitionVersion" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns information about the policy definition.", - "schema": { - "$ref": "#/definitions/PolicyDefinitionVersion" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - } - }, - "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions": { - "get": { - "tags": [ - "PolicyDefinitionVersions" - ], - "operationId": "PolicyDefinitionVersions_List", - "summary": "Retrieves policy definition versions for a given policy definition in a subscription", - "description": "This operation retrieves a list of all the policy definition versions for the given policy definition.", - "x-ms-examples": { - "List policy definition versions by subscription": { - "$ref": "./examples/listPolicyDefinitionVersions.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "#/parameters/PolicyDefinitionName" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "#/parameters/TopParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns an array of policy definition versions.", - "schema": { - "$ref": "#/definitions/PolicyDefinitionVersionListResult" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions": { - "get": { - "tags": [ - "PolicyDefinitionVersions" - ], - "operationId": "PolicyDefinitionVersions_ListBuiltIn", - "summary": "Retrieve built-in policy definition versions", - "description": "This operation retrieves a list of all the built-in policy definition versions for the given policy definition.", - "x-ms-examples": { - "List built-in policy definition versions": { - "$ref": "./examples/listBuiltInPolicyDefinitionVersions.json" - } - }, - "parameters": [ - { - "$ref": "#/parameters/PolicyDefinitionName" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "#/parameters/TopParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns an array of built-in policy definition versions.", - "schema": { - "$ref": "#/definitions/PolicyDefinitionVersionListResult" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}/versions": { - "get": { - "tags": [ - "PolicyDefinitionVersions" - ], - "operationId": "PolicyDefinitionVersions_ListByManagementGroup", - "summary": "Retrieve policy definition versions in a management group policy definition.", - "description": "This operation retrieves a list of all the policy definition versions for the given policy definition in the given management group.", - "x-ms-examples": { - "List policy definition versions by management group": { - "$ref": "./examples/listPolicyDefinitionVersionsByManagementGroup.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" - }, - { - "$ref": "#/parameters/PolicyDefinitionName" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "#/parameters/TopParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns an array of policy definition versions.", - "schema": { - "$ref": "#/definitions/PolicyDefinitionVersionListResult" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - } - }, - "definitions": { - "PolicyDefinitionVersionProperties": { - "type": "object", - "properties": { - "policyType": { - "type": "string", - "description": "The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.", - "enum": [ - "NotSpecified", - "BuiltIn", - "Custom", - "Static" - ], - "x-ms-enum": { - "name": "policyType", - "modelAsString": true - } - }, - "mode": { - "type": "string", - "description": "The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.", - "default": "Indexed" - }, - "displayName": { - "type": "string", - "description": "The display name of the policy definition." - }, - "description": { - "type": "string", - "description": "The policy definition description." - }, - "policyRule": { - "type": "object", - "description": "The policy rule." - }, - "metadata": { - "type": "object", - "description": "The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs." - }, - "parameters": { - "description": "The parameter definitions for parameters used in the policy rule. The keys are the parameter names.", - "$ref": "#/definitions/ParameterDefinitions" - }, - "version": { - "type": "string", - "description": "The policy definition version in #.#.# format." - }, - "externalEvaluationEnforcementSettings": { - "description": "The details of the source of external evaluation results required by the policy during enforcement evaluation.", - "$ref": "#/definitions/ExternalEvaluationEnforcementSettings" - } - }, - "description": "The policy definition properties." - }, - "ParameterDefinitionsValue": { - "type": "object", - "properties": { - "type": { - "description": "The data type of the parameter.", - "type": "string", - "enum": [ - "String", - "Array", - "Object", - "Boolean", - "Integer", - "Float", - "DateTime" - ], - "x-ms-enum": { - "name": "parameterType", - "modelAsString": true - } - }, - "allowedValues": { - "type": "array", - "items": { - "description": "The collection of allowed values for the parameter." - }, - "x-ms-identifiers": [], - "description": "The allowed values for the parameter." - }, - "defaultValue": { - "description": "The default value for the parameter if no value is provided." - }, - "schema": { - "type": "object", - "description": "Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/." - }, - "metadata": { - "type": "object", - "properties": { - "displayName": { - "type": "string", - "description": "The display name for the parameter." - }, - "description": { - "type": "string", - "description": "The description of the parameter." - }, - "strongType": { - "type": "string", - "description": "Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from." - }, - "assignPermissions": { - "type": "boolean", - "description": "Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope." - } - }, - "additionalProperties": { - "type": "object" - }, - "description": "General metadata for the parameter." - } - }, - "description": "The definition of a parameter that can be provided to the policy." - }, - "ParameterDefinitions": { - "description": "The parameter definitions for parameters used in the policy. The keys are the parameter names.", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/ParameterDefinitionsValue" - } - }, - "PolicyDefinitionVersion": { - "type": "object", - "properties": { - "properties": { - "x-ms-client-flatten": true, - "$ref": "#/definitions/PolicyDefinitionVersionProperties", - "description": "The policy definition version properties." - }, - "id": { - "readOnly": true, - "type": "string", - "description": "The ID of the policy definition version." - }, - "name": { - "readOnly": true, - "type": "string", - "description": "The name of the policy definition version." - }, - "type": { - "readOnly": true, - "type": "string", - "description": "The type of the resource (Microsoft.Authorization/policyDefinitions/versions)." - }, - "systemData": { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/systemData", - "readOnly": true, - "description": "The system metadata relating to this resource." - } - }, - "description": "The ID of the policy definition version.", - "x-ms-azure-resource": true - }, - "PolicyDefinitionVersionListResult": { - "type": "object", - "properties": { - "value": { - "type": "array", - "items": { - "$ref": "#/definitions/PolicyDefinitionVersion" - }, - "description": "An array of policy definitions versions." - }, - "nextLink": { - "type": "string", - "description": "The URL to use for getting the next set of results." - } - }, - "description": "List of policy definition versions." - }, - "ExternalEvaluationEnforcementSettings": { - "type": "object", - "properties": { - "missingTokenAction": { - "type": "string", - "description": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny and language expressions are supported." - }, - "resultLifespan": { - "type": "string", - "description": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported." - }, - "endpointSettings": { - "description": "The settings of an external endpoint providing evaluation results.", - "$ref": "#/definitions/ExternalEvaluationEndpointSettings" - }, - "roleDefinitionIds": { - "type": "array", - "items": { - "type": "string" - }, - "description": "An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint." - } - }, - "description": "The details of the source of external evaluation results required by the policy during enforcement evaluation." - }, - "ExternalEvaluationEndpointSettings": { - "type": "object", - "properties": { - "kind": { - "type": "string", - "description": "The kind of the endpoint." - }, - "details": { - "type": "object", - "description": "The details of the endpoint." - } - }, - "description": "The settings of an external endpoint providing evaluation results." - } - }, - "parameters": { - "PolicyDefinitionName": { - "name": "policyDefinitionName", - "in": "path", - "required": true, - "type": "string", - "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", - "description": "The name of the policy definition.", - "x-ms-parameter-location": "method" - }, - "PolicyDefinitionVersion": { - "name": "policyDefinitionVersion", - "in": "path", - "required": true, - "type": "string", - "pattern": "^\\d+\\.\\d+\\.\\d+$", - "description": "The policy definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number", - "x-ms-parameter-location": "method" - }, - "PolicyDefinitionsFilterParameter": { - "name": "$filter", - "in": "query", - "required": false, - "type": "string", - "description": "The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}.", - "x-ms-skip-url-encoding": true, - "x-ms-parameter-location": "method" - }, - "TopParameter": { - "name": "$top", - "in": "query", - "required": false, - "type": "integer", - "format": "int32", - "minimum": 1, - "maximum": 1000, - "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", - "x-ms-parameter-location": "method" - } - } -} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/policyDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/policyDefinitions.json deleted file mode 100644 index 127c59b993e5..000000000000 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/policyDefinitions.json +++ /dev/null @@ -1,751 +0,0 @@ -{ - "swagger": "2.0", - "info": { - "title": "PolicyClient", - "version": "2025-03-01", - "description": "To manage and control access to your resources, you can define customized policies and assign them at a scope." - }, - "host": "management.azure.com", - "schemes": [ - "https" - ], - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "security": [ - { - "azure_auth": [ - "user_impersonation" - ] - } - ], - "securityDefinitions": { - "azure_auth": { - "type": "oauth2", - "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", - "flow": "implicit", - "description": "Azure Active Directory OAuth2 Flow.", - "scopes": { - "user_impersonation": "impersonate your user account" - } - } - }, - "paths": { - "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}": { - "put": { - "tags": [ - "PolicyDefinitions" - ], - "operationId": "PolicyDefinitions_CreateOrUpdate", - "summary": "Creates or updates a policy definition in a subscription.", - "description": "This operation creates or updates a policy definition in the given subscription with the given name.", - "x-ms-examples": { - "Create or update a policy definition": { - "$ref": "./examples/createOrUpdatePolicyDefinition.json" - }, - "Create or update a policy definition with advanced parameters": { - "$ref": "./examples/createOrUpdatePolicyDefinitionAdvancedParams.json" - }, - "Create or update a policy definition with external evaluation enforcement settings": { - "$ref": "./examples/createOrUpdatePolicyDefinitionExternalEvaluationEnforcementSettings.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "name": "policyDefinitionName", - "in": "path", - "required": true, - "type": "string", - "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", - "description": "The name of the policy definition to create." - }, - { - "name": "parameters", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/PolicyDefinition" - }, - "description": "The policy definition properties." - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "201": { - "description": "Created - Returns information about the policy definition.", - "schema": { - "$ref": "#/definitions/PolicyDefinition" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - }, - "delete": { - "tags": [ - "PolicyDefinitions" - ], - "operationId": "PolicyDefinitions_Delete", - "summary": "Deletes a policy definition in a subscription.", - "description": "This operation deletes the policy definition in the given subscription with the given name.", - "x-ms-examples": { - "Delete a policy definition": { - "$ref": "./examples/deletePolicyDefinition.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "name": "policyDefinitionName", - "in": "path", - "required": true, - "type": "string", - "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", - "description": "The name of the policy definition to delete." - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "204": { - "description": "No Content" - }, - "200": { - "description": "OK" - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - }, - "get": { - "tags": [ - "PolicyDefinitions" - ], - "operationId": "PolicyDefinitions_Get", - "summary": "Retrieves a policy definition in a subscription.", - "description": "This operation retrieves the policy definition in the given subscription with the given name.", - "x-ms-examples": { - "Retrieve a policy definition": { - "$ref": "./examples/getPolicyDefinition.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "name": "policyDefinitionName", - "in": "path", - "required": true, - "type": "string", - "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", - "description": "The name of the policy definition to get." - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns information about the policy definition.", - "schema": { - "$ref": "#/definitions/PolicyDefinition" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - } - }, - "/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}": { - "get": { - "tags": [ - "PolicyDefinitions" - ], - "operationId": "PolicyDefinitions_GetBuiltIn", - "summary": "Retrieves a built-in policy definition.", - "description": "This operation retrieves the built-in policy definition with the given name.", - "x-ms-examples": { - "Retrieve a built-in policy definition": { - "$ref": "./examples/getBuiltinPolicyDefinition.json" - } - }, - "parameters": [ - { - "name": "policyDefinitionName", - "in": "path", - "required": true, - "type": "string", - "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", - "description": "The name of the built-in policy definition to get." - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns information about the built-in policy definition.", - "schema": { - "$ref": "#/definitions/PolicyDefinition" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - } - }, - "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policyDefinitions/{policyDefinitionName}": { - "put": { - "tags": [ - "PolicyDefinitions" - ], - "operationId": "PolicyDefinitions_CreateOrUpdateAtManagementGroup", - "summary": "Creates or updates a policy definition in a management group.", - "description": "This operation creates or updates a policy definition in the given management group with the given name.", - "x-ms-examples": { - "Create or update a policy definition at management group level": { - "$ref": "./examples/createOrUpdatePolicyDefinitionAtManagementGroup.json" - } - }, - "parameters": [ - { - "$ref": "#/parameters/ManagementGroupIdParameter" - }, - { - "name": "policyDefinitionName", - "in": "path", - "required": true, - "type": "string", - "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", - "description": "The name of the policy definition to create." - }, - { - "name": "parameters", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/PolicyDefinition" - }, - "description": "The policy definition properties." - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "201": { - "description": "Created - Returns information about the policy definition.", - "schema": { - "$ref": "#/definitions/PolicyDefinition" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - }, - "delete": { - "tags": [ - "PolicyDefinitions" - ], - "operationId": "PolicyDefinitions_DeleteAtManagementGroup", - "summary": "Deletes a policy definition in a management group.", - "description": "This operation deletes the policy definition in the given management group with the given name.", - "x-ms-examples": { - "Delete a policy definition at management group level": { - "$ref": "./examples/deletePolicyDefinitionAtManagementGroup.json" - } - }, - "parameters": [ - { - "$ref": "#/parameters/ManagementGroupIdParameter" - }, - { - "name": "policyDefinitionName", - "in": "path", - "required": true, - "type": "string", - "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", - "description": "The name of the policy definition to delete." - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "204": { - "description": "No Content" - }, - "200": { - "description": "OK" - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - }, - "get": { - "tags": [ - "PolicyDefinitions" - ], - "operationId": "PolicyDefinitions_GetAtManagementGroup", - "summary": "Retrieve a policy definition in a management group.", - "description": "This operation retrieves the policy definition in the given management group with the given name.", - "x-ms-examples": { - "Retrieve a policy definition at management group level": { - "$ref": "./examples/getPolicyDefinitionAtManagementGroup.json" - } - }, - "parameters": [ - { - "$ref": "#/parameters/ManagementGroupIdParameter" - }, - { - "name": "policyDefinitionName", - "in": "path", - "required": true, - "type": "string", - "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", - "description": "The name of the policy definition to get." - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns information about the policy definition.", - "schema": { - "$ref": "#/definitions/PolicyDefinition" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - } - }, - "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policyDefinitions": { - "get": { - "tags": [ - "PolicyDefinitions" - ], - "operationId": "PolicyDefinitions_List", - "summary": "Retrieves policy definitions in a subscription", - "description": "This operation retrieves a list of all the policy definitions in a given subscription that match the optional given $filter. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, the unfiltered list includes all policy definitions associated with the subscription, including those that apply directly or from management groups that contain the given subscription. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given subscription. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}.", - "x-ms-examples": { - "List policy definitions by subscription": { - "$ref": "./examples/listPolicyDefinitions.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "#/parameters/PolicyDefinitionsFilterParameter" - }, - { - "$ref": "#/parameters/TopParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns an array of policy definitions.", - "schema": { - "$ref": "#/definitions/PolicyDefinitionListResult" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/providers/Microsoft.Authorization/policyDefinitions": { - "get": { - "tags": [ - "PolicyDefinitions" - ], - "operationId": "PolicyDefinitions_ListBuiltIn", - "summary": "Retrieve built-in policy definitions", - "description": "This operation retrieves a list of all the built-in policy definitions that match the optional given $filter. If $filter='policyType -eq {value}' is provided, the returned list only includes all built-in policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all built-in policy definitions whose category match the {value}.", - "x-ms-examples": { - "List built-in policy definitions": { - "$ref": "./examples/listBuiltInPolicyDefinitions.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "#/parameters/PolicyDefinitionsFilterParameter" - }, - { - "$ref": "#/parameters/TopParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns an array of built-in policy definitions.", - "schema": { - "$ref": "#/definitions/PolicyDefinitionListResult" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policyDefinitions": { - "get": { - "tags": [ - "PolicyDefinitions" - ], - "operationId": "PolicyDefinitions_ListByManagementGroup", - "summary": "Retrieve policy definitions in a management group", - "description": "This operation retrieves a list of all the policy definitions in a given management group that match the optional given $filter. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, the unfiltered list includes all policy definitions associated with the management group, including those that apply directly or from management groups that contain the given management group. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given management group. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}.", - "x-ms-examples": { - "List policy definitions by management group": { - "$ref": "./examples/listPolicyDefinitionsByManagementGroup.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "#/parameters/ManagementGroupIdParameter" - }, - { - "$ref": "#/parameters/PolicyDefinitionsFilterParameter" - }, - { - "$ref": "#/parameters/TopParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns an array of policy definitions.", - "schema": { - "$ref": "#/definitions/PolicyDefinitionListResult" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - } - }, - "definitions": { - "PolicyDefinitionProperties": { - "type": "object", - "properties": { - "policyType": { - "type": "string", - "description": "The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.", - "enum": [ - "NotSpecified", - "BuiltIn", - "Custom", - "Static" - ], - "x-ms-enum": { - "name": "policyType", - "modelAsString": true - } - }, - "mode": { - "type": "string", - "description": "The policy definition mode. Some examples are All, Indexed, Microsoft.KeyVault.Data.", - "default": "Indexed" - }, - "displayName": { - "type": "string", - "description": "The display name of the policy definition." - }, - "description": { - "type": "string", - "description": "The policy definition description." - }, - "policyRule": { - "type": "object", - "description": "The policy rule." - }, - "metadata": { - "type": "object", - "description": "The policy definition metadata. Metadata is an open ended object and is typically a collection of key value pairs." - }, - "parameters": { - "description": "The parameter definitions for parameters used in the policy rule. The keys are the parameter names.", - "$ref": "#/definitions/ParameterDefinitions" - }, - "version": { - "type": "string", - "description": "The policy definition version in #.#.# format." - }, - "versions": { - "type": "array", - "items": { - "type": "string" - }, - "description": "A list of available versions for this policy definition." - }, - "externalEvaluationEnforcementSettings": { - "description": "The details of the source of external evaluation results required by the policy during enforcement evaluation.", - "$ref": "#/definitions/ExternalEvaluationEnforcementSettings" - } - }, - "description": "The policy definition properties." - }, - "ParameterDefinitionsValue": { - "type": "object", - "properties": { - "type": { - "description": "The data type of the parameter.", - "type": "string", - "enum": [ - "String", - "Array", - "Object", - "Boolean", - "Integer", - "Float", - "DateTime" - ], - "x-ms-enum": { - "name": "parameterType", - "modelAsString": true - } - }, - "allowedValues": { - "type": "array", - "items": { - "description": "The collection of allowed values for the parameter." - }, - "x-ms-identifiers": [], - "description": "The allowed values for the parameter." - }, - "defaultValue": { - "description": "The default value for the parameter if no value is provided." - }, - "schema": { - "type": "object", - "description": "Provides validation of parameter inputs during assignment using a self-defined JSON schema. This property is only supported for object-type parameters and follows the Json.NET Schema 2019-09 implementation. You can learn more about using schemas at https://json-schema.org/ and test draft schemas at https://www.jsonschemavalidator.net/." - }, - "metadata": { - "type": "object", - "properties": { - "displayName": { - "type": "string", - "description": "The display name for the parameter." - }, - "description": { - "type": "string", - "description": "The description of the parameter." - }, - "strongType": { - "type": "string", - "description": "Used when assigning the policy definition through the portal. Provides a context aware list of values for the user to choose from." - }, - "assignPermissions": { - "type": "boolean", - "description": "Set to true to have Azure portal create role assignments on the resource ID or resource scope value of this parameter during policy assignment. This property is useful in case you wish to assign permissions outside the assignment scope." - } - }, - "additionalProperties": { - "type": "object" - }, - "description": "General metadata for the parameter." - } - }, - "description": "The definition of a parameter that can be provided to the policy." - }, - "ParameterDefinitions": { - "description": "The parameter definitions for parameters used in the policy. The keys are the parameter names.", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/ParameterDefinitionsValue" - } - }, - "PolicyDefinition": { - "type": "object", - "properties": { - "properties": { - "x-ms-client-flatten": true, - "$ref": "#/definitions/PolicyDefinitionProperties", - "description": "The policy definition properties." - }, - "id": { - "readOnly": true, - "type": "string", - "description": "The ID of the policy definition." - }, - "name": { - "readOnly": true, - "type": "string", - "description": "The name of the policy definition." - }, - "type": { - "readOnly": true, - "type": "string", - "description": "The type of the resource (Microsoft.Authorization/policyDefinitions)." - }, - "systemData": { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/systemData", - "readOnly": true, - "description": "The system metadata relating to this resource." - } - }, - "description": "The policy definition.", - "x-ms-azure-resource": true - }, - "PolicyDefinitionListResult": { - "type": "object", - "properties": { - "value": { - "type": "array", - "items": { - "$ref": "#/definitions/PolicyDefinition" - }, - "description": "An array of policy definitions." - }, - "nextLink": { - "type": "string", - "description": "The URL to use for getting the next set of results." - } - }, - "description": "List of policy definitions." - }, - "ExternalEvaluationEnforcementSettings": { - "type": "object", - "properties": { - "missingTokenAction": { - "type": "string", - "description": "What to do when evaluating an enforcement policy that requires an external evaluation and the token is missing. Possible values are Audit and Deny and language expressions are supported." - }, - "resultLifespan": { - "type": "string", - "description": "The lifespan of the endpoint invocation result after which it's no longer valid. Value is expected to follow the ISO 8601 duration format and language expressions are supported." - }, - "endpointSettings": { - "description": "The settings of an external endpoint providing evaluation results.", - "$ref": "#/definitions/ExternalEvaluationEndpointSettings" - }, - "roleDefinitionIds": { - "type": "array", - "items": { - "type": "string" - }, - "description": "An array of the role definition Ids the assignment's MSI will need in order to invoke the endpoint." - } - }, - "description": "The details of the source of external evaluation results required by the policy during enforcement evaluation." - }, - "ExternalEvaluationEndpointSettings": { - "type": "object", - "properties": { - "kind": { - "type": "string", - "description": "The kind of the endpoint." - }, - "details": { - "type": "object", - "description": "The details of the endpoint." - } - }, - "description": "The settings of an external endpoint providing evaluation results." - } - }, - "parameters": { - "ManagementGroupIdParameter": { - "name": "managementGroupId", - "in": "path", - "required": true, - "type": "string", - "description": "The ID of the management group.", - "x-ms-parameter-location": "method" - }, - "PolicyDefinitionsFilterParameter": { - "name": "$filter", - "in": "query", - "required": false, - "type": "string", - "description": "The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy definitions whose category match the {value}.", - "x-ms-skip-url-encoding": true, - "x-ms-parameter-location": "method" - }, - "TopParameter": { - "name": "$top", - "in": "query", - "required": false, - "type": "integer", - "format": "int32", - "minimum": 1, - "maximum": 1000, - "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", - "x-ms-parameter-location": "method" - } - } -} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/policySetDefinitionVersions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/policySetDefinitionVersions.json deleted file mode 100644 index a9e218c49c43..000000000000 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/policySetDefinitionVersions.json +++ /dev/null @@ -1,852 +0,0 @@ -{ - "swagger": "2.0", - "info": { - "title": "PolicyClient", - "version": "2025-03-01", - "description": "To manage and control access to your resources, you can define customized policies and assign them at a scope." - }, - "host": "management.azure.com", - "schemes": [ - "https" - ], - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "security": [ - { - "azure_auth": [ - "user_impersonation" - ] - } - ], - "securityDefinitions": { - "azure_auth": { - "type": "oauth2", - "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", - "flow": "implicit", - "description": "Azure Active Directory OAuth2 Flow.", - "scopes": { - "user_impersonation": "impersonate your user account" - } - } - }, - "paths": { - "/providers/Microsoft.Authorization/listPolicySetDefinitionVersions": { - "post": { - "tags": [ - "PolicySetDefinitionVersions" - ], - "operationId": "PolicySetDefinitionVersions_ListAllBuiltins", - "summary": "Lists all built-in policy set definition versions.", - "description": "This operation lists all the built-in policy set definition versions for all built-in policy set definitions.", - "x-ms-examples": { - "List all built-in policy definition versions": { - "$ref": "./examples/listAllBuiltInPolicySetDefinitionVersions.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns an array of policy set definition versions.", - "schema": { - "$ref": "#/definitions/PolicySetDefinitionVersionListResult" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - } - }, - "/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/listPolicySetDefinitionVersions": { - "post": { - "tags": [ - "PolicySetDefinitionVersions" - ], - "operationId": "PolicySetDefinitionVersions_ListAllAtManagementGroup", - "summary": "Lists all policy set definition versions at management group scope.", - "description": "This operation lists all the policy set definition versions for all policy set definitions at the management group scope.", - "x-ms-examples": { - "List all policy definition versions at management group": { - "$ref": "./examples/listAllPolicySetDefinitionVersionsByManagementGroup.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns an array of policy set definition versions.", - "schema": { - "$ref": "#/definitions/PolicySetDefinitionVersionListResult" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - } - }, - "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/listPolicySetDefinitionVersions": { - "post": { - "tags": [ - "PolicySetDefinitionVersions" - ], - "operationId": "PolicySetDefinitionVersions_ListAll", - "summary": "Lists all policy set definition versions within a subscription.", - "description": "This operation lists all the policy set definition versions for all policy set definitions within a subscription.", - "x-ms-examples": { - "List all policy definition versions at subscription": { - "$ref": "./examples/listAllPolicySetDefinitionVersions.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns an array of policy set definition versions.", - "schema": { - "$ref": "#/definitions/PolicySetDefinitionVersionListResult" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - } - }, - "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions/{policyDefinitionVersion}": { - "put": { - "tags": [ - "PolicySetDefinitionVersions" - ], - "operationId": "PolicySetDefinitionVersions_CreateOrUpdate", - "summary": "Creates or updates a policy set definition version.", - "description": "This operation creates or updates a policy set definition version in the given subscription with the given name and version.", - "x-ms-examples": { - "Create or update a policy set definition version": { - "$ref": "./examples/createOrUpdatePolicySetDefinitionVersion.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "#/parameters/PolicySetDefinitionName" - }, - { - "$ref": "#/parameters/PolicySetDefinitionVersion" - }, - { - "name": "parameters", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/PolicySetDefinitionVersion" - }, - "description": "The policy set definition properties." - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "201": { - "description": "Created - Returns information about the policy set definition version.", - "schema": { - "$ref": "#/definitions/PolicySetDefinitionVersion" - } - }, - "200": { - "description": "OK - Successfully updated policy set definition version.", - "schema": { - "$ref": "#/definitions/PolicySetDefinitionVersion" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - }, - "delete": { - "tags": [ - "PolicySetDefinitionVersions" - ], - "operationId": "PolicySetDefinitionVersions_Delete", - "summary": "Deletes a policy set definition version.", - "description": "This operation deletes the policy set definition version in the given subscription with the given name and version.", - "x-ms-examples": { - "Delete a policy set definition version": { - "$ref": "./examples/deletePolicySetDefinitionVersion.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "#/parameters/PolicySetDefinitionName" - }, - { - "$ref": "#/parameters/PolicySetDefinitionVersion" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "204": { - "description": "No Content - the policy set definition doesn't exist in the subscription." - }, - "200": { - "description": "OK" - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - }, - "get": { - "tags": [ - "PolicySetDefinitionVersions" - ], - "operationId": "PolicySetDefinitionVersions_Get", - "summary": "Retrieves a policy set definition version.", - "description": "This operation retrieves the policy set definition version in the given subscription with the given name and version.", - "x-ms-examples": { - "Retrieve a policy set definition version": { - "$ref": "./examples/getPolicySetDefinitionVersion.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "#/parameters/PolicySetDefinitionName" - }, - { - "$ref": "#/parameters/PolicySetDefinitionVersion" - }, - { - "$ref": "#/parameters/PolicySetDefinitionsExpandParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns information about the policy set definition version.", - "schema": { - "$ref": "#/definitions/PolicySetDefinitionVersion" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - } - }, - "/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions/{policyDefinitionVersion}": { - "get": { - "tags": [ - "PolicySetDefinitionVersions" - ], - "operationId": "PolicySetDefinitionVersions_GetBuiltIn", - "summary": "Retrieves a built in policy set definition version.", - "description": "This operation retrieves the built-in policy set definition version with the given name and version.", - "x-ms-examples": { - "Retrieve a built-in policy set definition version": { - "$ref": "./examples/getBuiltInPolicySetDefinitionVersion.json" - } - }, - "parameters": [ - { - "$ref": "#/parameters/PolicySetDefinitionName" - }, - { - "$ref": "#/parameters/PolicySetDefinitionVersion" - }, - { - "$ref": "#/parameters/PolicySetDefinitionsExpandParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns information about the built in policy set definition version.", - "schema": { - "$ref": "#/definitions/PolicySetDefinitionVersion" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - } - }, - "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions": { - "get": { - "tags": [ - "PolicySetDefinitionVersions" - ], - "operationId": "PolicySetDefinitionVersions_List", - "summary": "Retrieves the policy set definition versions for a given policy set definition in a subscription.", - "description": "This operation retrieves a list of all the policy set definition versions for the given policy set definition.", - "x-ms-examples": { - "List policy set definitions": { - "$ref": "./examples/listPolicySetDefinitionVersions.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "#/parameters/PolicySetDefinitionName" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "#/parameters/PolicySetDefinitionsExpandParameter" - }, - { - "$ref": "#/parameters/TopParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns an array of policy set definition versions.", - "schema": { - "$ref": "#/definitions/PolicySetDefinitionVersionListResult" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions": { - "get": { - "tags": [ - "PolicySetDefinitionVersions" - ], - "operationId": "PolicySetDefinitionVersions_ListBuiltIn", - "summary": "Retrieves built-in policy set definition versions.", - "description": "This operation retrieves a list of all the built-in policy set definition versions for the given built-in policy set definition.", - "x-ms-examples": { - "List built-in policy set definitions": { - "$ref": "./examples/listBuiltInPolicySetDefinitionVersions.json" - } - }, - "parameters": [ - { - "$ref": "#/parameters/PolicySetDefinitionName" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "#/parameters/PolicySetDefinitionsExpandParameter" - }, - { - "$ref": "#/parameters/TopParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns an array of built in policy set definition versions.", - "schema": { - "$ref": "#/definitions/PolicySetDefinitionVersionListResult" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions/{policyDefinitionVersion}": { - "put": { - "tags": [ - "PolicySetDefinitionVersions" - ], - "operationId": "PolicySetDefinitionVersions_CreateOrUpdateAtManagementGroup", - "summary": "Creates or updates a policy set definition version.", - "description": "This operation creates or updates a policy set definition version in the given management group with the given name and version.", - "x-ms-examples": { - "Create or update a policy set definition version at management group level": { - "$ref": "./examples/createOrUpdatePolicySetDefinitionVersionAtManagementGroup.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" - }, - { - "$ref": "#/parameters/PolicySetDefinitionName" - }, - { - "$ref": "#/parameters/PolicySetDefinitionVersion" - }, - { - "name": "parameters", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/PolicySetDefinitionVersion" - }, - "description": "The policy set definition version properties." - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "201": { - "description": "Created - Returns information about the policy set definition version.", - "schema": { - "$ref": "#/definitions/PolicySetDefinitionVersion" - } - }, - "200": { - "description": "OK - Successfully updated policy set definition version.", - "schema": { - "$ref": "#/definitions/PolicySetDefinitionVersion" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - }, - "delete": { - "tags": [ - "PolicySetDefinitionVersions" - ], - "operationId": "PolicySetDefinitionVersions_DeleteAtManagementGroup", - "summary": "Deletes a policy set definition version.", - "description": "This operation deletes the policy set definition version in the given management group with the given name and version.", - "x-ms-examples": { - "Delete a policy set definition version at management group level": { - "$ref": "./examples/deletePolicySetDefinitionVersionAtManagementGroup.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" - }, - { - "$ref": "#/parameters/PolicySetDefinitionName" - }, - { - "$ref": "#/parameters/PolicySetDefinitionVersion" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "204": { - "description": "No Content - the policy set definition doesn't exist in the subscription." - }, - "200": { - "description": "OK" - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - }, - "get": { - "tags": [ - "PolicySetDefinitionVersions" - ], - "operationId": "PolicySetDefinitionVersions_GetAtManagementGroup", - "summary": "Retrieves a policy set definition version.", - "description": "This operation retrieves the policy set definition version in the given management group with the given name and version.", - "x-ms-examples": { - "Retrieve a policy set definition version at management group level": { - "$ref": "./examples/getPolicySetDefinitionVersionAtManagementGroup.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" - }, - { - "$ref": "#/parameters/PolicySetDefinitionName" - }, - { - "$ref": "#/parameters/PolicySetDefinitionVersion" - }, - { - "$ref": "#/parameters/PolicySetDefinitionsExpandParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns information about the policy set definition version.", - "schema": { - "$ref": "#/definitions/PolicySetDefinitionVersion" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - } - }, - "/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}/versions": { - "get": { - "tags": [ - "PolicySetDefinitionVersions" - ], - "operationId": "PolicySetDefinitionVersions_ListByManagementGroup", - "summary": "Retrieves all policy set definition versions for a given policy set definition in a management group.", - "description": "This operation retrieves a list of all the policy set definition versions for the given policy set definition in a given management group.", - "x-ms-examples": { - "List policy set definitions at management group level": { - "$ref": "./examples/listPolicySetDefinitionVersionsByManagementGroup.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ManagementGroupNameParameter" - }, - { - "$ref": "#/parameters/PolicySetDefinitionName" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "#/parameters/PolicySetDefinitionsExpandParameter" - }, - { - "$ref": "#/parameters/TopParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns an array of policy set definition versions.", - "schema": { - "$ref": "#/definitions/PolicySetDefinitionVersionListResult" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - } - }, - "definitions": { - "PolicySetDefinitionVersionProperties": { - "type": "object", - "properties": { - "policyType": { - "type": "string", - "description": "The type of policy definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.", - "enum": [ - "NotSpecified", - "BuiltIn", - "Custom", - "Static" - ], - "x-ms-enum": { - "name": "policyType", - "modelAsString": true - } - }, - "displayName": { - "type": "string", - "description": "The display name of the policy set definition." - }, - "description": { - "type": "string", - "description": "The policy set definition description." - }, - "metadata": { - "type": "object", - "description": "The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs." - }, - "parameters": { - "description": "The policy set definition parameters that can be used in policy definition references.", - "$ref": "./policyDefinitions.json#/definitions/ParameterDefinitions" - }, - "policyDefinitions": { - "type": "array", - "items": { - "$ref": "#/definitions/PolicyDefinitionReference" - }, - "x-ms-identifiers": [ - "policyDefinitionReferenceId" - ], - "description": "An array of policy definition references." - }, - "policyDefinitionGroups": { - "type": "array", - "items": { - "$ref": "#/definitions/PolicyDefinitionGroup" - }, - "x-ms-identifiers": [ - "name" - ], - "description": "The metadata describing groups of policy definition references within the policy set definition." - }, - "version": { - "type": "string", - "description": "The policy set definition version in #.#.# format." - } - }, - "required": [ - "policyDefinitions" - ], - "description": "The policy set definition properties." - }, - "PolicyDefinitionReference": { - "type": "object", - "properties": { - "policyDefinitionId": { - "type": "string", - "description": "The ID of the policy definition or policy set definition." - }, - "definitionVersion": { - "type": "string", - "description": "The version of the policy definition to use." - }, - "latestDefinitionVersion": { - "type": "string", - "description": "The latest version of the policy definition available. This is only present if requested via the $expand query parameter.", - "readOnly": true - }, - "effectiveDefinitionVersion": { - "type": "string", - "description": "The effective version of the policy definition in use. This is only present if requested via the $expand query parameter.", - "readOnly": true - }, - "parameters": { - "description": "The parameter values for the referenced policy rule. The keys are the parameter names.", - "$ref": "./policyAssignments.json#/definitions/ParameterValues" - }, - "policyDefinitionReferenceId": { - "type": "string", - "description": "A unique id (within the policy set definition) for this policy definition reference." - }, - "groupNames": { - "type": "array", - "items": { - "type": "string" - }, - "description": "The name of the groups that this policy definition reference belongs to." - } - }, - "required": [ - "policyDefinitionId" - ], - "description": "The policy definition reference." - }, - "PolicyDefinitionGroup": { - "type": "object", - "properties": { - "name": { - "type": "string", - "description": "The name of the group." - }, - "displayName": { - "type": "string", - "description": "The group's display name." - }, - "category": { - "type": "string", - "description": "The group's category." - }, - "description": { - "type": "string", - "description": "The group's description." - }, - "additionalMetadataId": { - "type": "string", - "description": "A resource ID of a resource that contains additional metadata about the group." - } - }, - "required": [ - "name" - ], - "description": "The policy definition group." - }, - "PolicySetDefinitionVersion": { - "type": "object", - "properties": { - "properties": { - "x-ms-client-flatten": true, - "$ref": "#/definitions/PolicySetDefinitionVersionProperties", - "description": "The policy set definition version properties." - }, - "id": { - "readOnly": true, - "type": "string", - "description": "The ID of the policy set definition version." - }, - "name": { - "readOnly": true, - "type": "string", - "description": "The name of the policy set definition version." - }, - "type": { - "readOnly": true, - "type": "string", - "description": "The type of the resource (Microsoft.Authorization/policySetDefinitions/versions)." - }, - "systemData": { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/systemData", - "readOnly": true, - "description": "The system metadata relating to this resource." - } - }, - "description": "The policy set definition version.", - "x-ms-azure-resource": true - }, - "PolicySetDefinitionVersionListResult": { - "type": "object", - "properties": { - "value": { - "type": "array", - "items": { - "$ref": "#/definitions/PolicySetDefinitionVersion" - }, - "description": "An array of policy set definition versions." - }, - "nextLink": { - "type": "string", - "description": "The URL to use for getting the next set of results." - } - }, - "description": "List of policy set definition versions." - } - }, - "parameters": { - "PolicySetDefinitionName": { - "name": "policySetDefinitionName", - "in": "path", - "required": true, - "type": "string", - "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", - "description": "The name of the policy set definition.", - "x-ms-parameter-location": "method" - }, - "PolicySetDefinitionVersion": { - "name": "policyDefinitionVersion", - "in": "path", - "required": true, - "type": "string", - "pattern": "^\\d+\\.\\d+\\.\\d+$", - "description": "The policy set definition version. The format is x.y.z where x is the major version number, y is the minor version number, and z is the patch number", - "x-ms-parameter-location": "method" - }, - "PolicySetDefinitionsFilterParameter": { - "name": "$filter", - "in": "query", - "required": false, - "type": "string", - "description": "The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}.", - "x-ms-skip-url-encoding": true, - "x-ms-parameter-location": "method" - }, - "PolicySetDefinitionsExpandParameter": { - "name": "$expand", - "in": "query", - "required": false, - "type": "string", - "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", - "x-ms-parameter-location": "method" - }, - "TopParameter": { - "name": "$top", - "in": "query", - "required": false, - "type": "integer", - "format": "int32", - "minimum": 1, - "maximum": 1000, - "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", - "x-ms-parameter-location": "method" - } - } -} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/policySetDefinitions.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/policySetDefinitions.json deleted file mode 100644 index f0085a8d1828..000000000000 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/policySetDefinitions.json +++ /dev/null @@ -1,761 +0,0 @@ -{ - "swagger": "2.0", - "info": { - "title": "PolicyClient", - "version": "2025-03-01", - "description": "To manage and control access to your resources, you can define customized policies and assign them at a scope." - }, - "host": "management.azure.com", - "schemes": [ - "https" - ], - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "security": [ - { - "azure_auth": [ - "user_impersonation" - ] - } - ], - "securityDefinitions": { - "azure_auth": { - "type": "oauth2", - "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", - "flow": "implicit", - "description": "Azure Active Directory OAuth2 Flow.", - "scopes": { - "user_impersonation": "impersonate your user account" - } - } - }, - "paths": { - "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}": { - "put": { - "tags": [ - "PolicySetDefinitions" - ], - "operationId": "PolicySetDefinitions_CreateOrUpdate", - "summary": "Creates or updates a policy set definition.", - "description": "This operation creates or updates a policy set definition in the given subscription with the given name.", - "x-ms-examples": { - "Create or update a policy set definition": { - "$ref": "./examples/createOrUpdatePolicySetDefinition.json" - }, - "Create or update a policy set definition with groups": { - "$ref": "./examples/createOrUpdatePolicySetDefinitionWithGroups.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "name": "policySetDefinitionName", - "in": "path", - "required": true, - "type": "string", - "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", - "description": "The name of the policy set definition to create." - }, - { - "name": "parameters", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/PolicySetDefinition" - }, - "description": "The policy set definition properties." - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "201": { - "description": "Created - Returns information about the policy set definition.", - "schema": { - "$ref": "#/definitions/PolicySetDefinition" - } - }, - "200": { - "description": "OK - Returns information about the policy set definition.", - "schema": { - "$ref": "#/definitions/PolicySetDefinition" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - }, - "delete": { - "tags": [ - "PolicySetDefinitions" - ], - "operationId": "PolicySetDefinitions_Delete", - "summary": "Deletes a policy set definition.", - "description": "This operation deletes the policy set definition in the given subscription with the given name.", - "x-ms-examples": { - "Delete a policy set definition": { - "$ref": "./examples/deletePolicySetDefinition.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "name": "policySetDefinitionName", - "in": "path", - "required": true, - "type": "string", - "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", - "description": "The name of the policy set definition to delete." - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "204": { - "description": "No Content - the policy set definition doesn't exist in the subscription." - }, - "200": { - "description": "OK" - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - }, - "get": { - "tags": [ - "PolicySetDefinitions" - ], - "operationId": "PolicySetDefinitions_Get", - "summary": "Retrieves a policy set definition.", - "description": "This operation retrieves the policy set definition in the given subscription with the given name.", - "x-ms-examples": { - "Retrieve a policy set definition": { - "$ref": "./examples/getPolicySetDefinition.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "name": "policySetDefinitionName", - "in": "path", - "required": true, - "type": "string", - "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", - "description": "The name of the policy set definition to get." - }, - { - "$ref": "#/parameters/PolicySetDefinitionsExpandParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns information about the policy set definition.", - "schema": { - "$ref": "#/definitions/PolicySetDefinition" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - } - }, - "/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}": { - "get": { - "tags": [ - "PolicySetDefinitions" - ], - "operationId": "PolicySetDefinitions_GetBuiltIn", - "summary": "Retrieves a built in policy set definition.", - "description": "This operation retrieves the built-in policy set definition with the given name.", - "x-ms-examples": { - "Retrieve a built-in policy set definition": { - "$ref": "./examples/getBuiltInPolicySetDefinition.json" - } - }, - "parameters": [ - { - "name": "policySetDefinitionName", - "in": "path", - "required": true, - "type": "string", - "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", - "description": "The name of the policy set definition to get." - }, - { - "$ref": "#/parameters/PolicySetDefinitionsExpandParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns information about the built in policy set definition.", - "schema": { - "$ref": "#/definitions/PolicySetDefinition" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - } - }, - "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/policySetDefinitions": { - "get": { - "tags": [ - "PolicySetDefinitions" - ], - "operationId": "PolicySetDefinitions_List", - "summary": "Retrieves the policy set definitions for a subscription.", - "description": "This operation retrieves a list of all the policy set definitions in a given subscription that match the optional given $filter. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, the unfiltered list includes all policy set definitions associated with the subscription, including those that apply directly or from management groups that contain the given subscription. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given subscription. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn and Custom. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}.", - "x-ms-examples": { - "List policy set definitions": { - "$ref": "./examples/listPolicySetDefinitions.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/SubscriptionIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "#/parameters/PolicySetDefinitionsFilterParameter" - }, - { - "$ref": "#/parameters/PolicySetDefinitionsExpandParameter" - }, - { - "$ref": "#/parameters/TopParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns an array of policy set definitions.", - "schema": { - "$ref": "#/definitions/PolicySetDefinitionListResult" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/providers/Microsoft.Authorization/policySetDefinitions": { - "get": { - "tags": [ - "PolicySetDefinitions" - ], - "operationId": "PolicySetDefinitions_ListBuiltIn", - "summary": "Retrieves built-in policy set definitions.", - "description": "This operation retrieves a list of all the built-in policy set definitions that match the optional given $filter. If $filter='category -eq {value}' is provided, the returned list only includes all built-in policy set definitions whose category match the {value}.", - "x-ms-examples": { - "List built-in policy set definitions": { - "$ref": "./examples/listBuiltInPolicySetDefinitions.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "#/parameters/PolicySetDefinitionsFilterParameter" - }, - { - "$ref": "#/parameters/PolicySetDefinitionsExpandParameter" - }, - { - "$ref": "#/parameters/TopParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns an array of built in policy set definitions.", - "schema": { - "$ref": "#/definitions/PolicySetDefinitionListResult" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - }, - "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policySetDefinitions/{policySetDefinitionName}": { - "put": { - "tags": [ - "PolicySetDefinitions" - ], - "operationId": "PolicySetDefinitions_CreateOrUpdateAtManagementGroup", - "summary": "Creates or updates a policy set definition.", - "description": "This operation creates or updates a policy set definition in the given management group with the given name.", - "x-ms-examples": { - "Create or update a policy set definition at management group level": { - "$ref": "./examples/createOrUpdatePolicySetDefinitionAtManagementGroup.json" - }, - "Create or update a policy set definition with groups at management group level": { - "$ref": "./examples/createOrUpdatePolicySetDefinitionWithGroupsAtManagementGroup.json" - } - }, - "parameters": [ - { - "$ref": "#/parameters/ManagementGroupIdParameter" - }, - { - "name": "policySetDefinitionName", - "in": "path", - "required": true, - "type": "string", - "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", - "description": "The name of the policy set definition to create." - }, - { - "name": "parameters", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/PolicySetDefinition" - }, - "description": "The policy set definition properties." - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "201": { - "description": "Created - Returns information about the policy set definition.", - "schema": { - "$ref": "#/definitions/PolicySetDefinition" - } - }, - "200": { - "description": "OK - Returns information about the policy set definition.", - "schema": { - "$ref": "#/definitions/PolicySetDefinition" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - }, - "delete": { - "tags": [ - "PolicySetDefinitions" - ], - "operationId": "PolicySetDefinitions_DeleteAtManagementGroup", - "summary": "Deletes a policy set definition.", - "description": "This operation deletes the policy set definition in the given management group with the given name.", - "x-ms-examples": { - "Delete a policy set definition at management group level": { - "$ref": "./examples/deletePolicySetDefinitionAtManagementGroup.json" - } - }, - "parameters": [ - { - "$ref": "#/parameters/ManagementGroupIdParameter" - }, - { - "name": "policySetDefinitionName", - "in": "path", - "required": true, - "type": "string", - "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", - "description": "The name of the policy set definition to delete." - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "204": { - "description": "No Content - the policy set definition doesn't exist in the subscription." - }, - "200": { - "description": "OK" - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - }, - "get": { - "tags": [ - "PolicySetDefinitions" - ], - "operationId": "PolicySetDefinitions_GetAtManagementGroup", - "summary": "Retrieves a policy set definition.", - "description": "This operation retrieves the policy set definition in the given management group with the given name.", - "x-ms-examples": { - "Retrieve a policy set definition at management group level": { - "$ref": "./examples/getPolicySetDefinitionAtManagementGroup.json" - } - }, - "parameters": [ - { - "$ref": "#/parameters/ManagementGroupIdParameter" - }, - { - "name": "policySetDefinitionName", - "in": "path", - "required": true, - "type": "string", - "pattern": "^[^<>*%&:\\?.+/]*[^<>*%&:\\?.+/ ]+$", - "description": "The name of the policy set definition to get." - }, - { - "$ref": "#/parameters/PolicySetDefinitionsExpandParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns information about the policy set definition.", - "schema": { - "$ref": "#/definitions/PolicySetDefinition" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - } - }, - "/providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Authorization/policySetDefinitions": { - "get": { - "tags": [ - "PolicySetDefinitions" - ], - "operationId": "PolicySetDefinitions_ListByManagementGroup", - "summary": "Retrieves all policy set definitions in management group.", - "description": "This operation retrieves a list of all the policy set definitions in a given management group that match the optional given $filter. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, the unfiltered list includes all policy set definitions associated with the management group, including those that apply directly or from management groups that contain the given management group. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given management group. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn and Custom. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}.", - "x-ms-examples": { - "List policy set definitions at management group level": { - "$ref": "./examples/listPolicySetDefinitionsByManagementGroup.json" - } - }, - "parameters": [ - { - "$ref": "#/parameters/ManagementGroupIdParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "#/parameters/PolicySetDefinitionsFilterParameter" - }, - { - "$ref": "#/parameters/PolicySetDefinitionsExpandParameter" - }, - { - "$ref": "#/parameters/TopParameter" - } - ], - "responses": { - "200": { - "description": "OK - Returns an array of policy set definitions.", - "schema": { - "$ref": "#/definitions/PolicySetDefinitionListResult" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - }, - "x-ms-pageable": { - "nextLinkName": "nextLink" - } - } - } - }, - "definitions": { - "PolicySetDefinitionProperties": { - "type": "object", - "properties": { - "policyType": { - "type": "string", - "description": "The type of policy set definition. Possible values are NotSpecified, BuiltIn, Custom, and Static.", - "enum": [ - "NotSpecified", - "BuiltIn", - "Custom", - "Static" - ], - "x-ms-enum": { - "name": "policyType", - "modelAsString": true - } - }, - "displayName": { - "type": "string", - "description": "The display name of the policy set definition." - }, - "description": { - "type": "string", - "description": "The policy set definition description." - }, - "metadata": { - "type": "object", - "description": "The policy set definition metadata. Metadata is an open ended object and is typically a collection of key value pairs." - }, - "parameters": { - "description": "The policy set definition parameters that can be used in policy definition references.", - "$ref": "./policyDefinitions.json#/definitions/ParameterDefinitions" - }, - "policyDefinitions": { - "type": "array", - "items": { - "$ref": "#/definitions/PolicyDefinitionReference" - }, - "x-ms-identifiers": [ - "policyDefinitionReferenceId" - ], - "description": "An array of policy definition references." - }, - "policyDefinitionGroups": { - "type": "array", - "items": { - "$ref": "#/definitions/PolicyDefinitionGroup" - }, - "x-ms-identifiers": [ - "name" - ], - "description": "The metadata describing groups of policy definition references within the policy set definition." - }, - "version": { - "type": "string", - "description": "The policy set definition version in #.#.# format." - }, - "versions": { - "type": "array", - "items": { - "type": "string" - }, - "description": "A list of available versions for this policy set definition." - } - }, - "required": [ - "policyDefinitions" - ], - "description": "The policy set definition properties." - }, - "PolicyDefinitionReference": { - "type": "object", - "properties": { - "policyDefinitionId": { - "type": "string", - "description": "The ID of the policy definition or policy set definition." - }, - "definitionVersion": { - "type": "string", - "description": "The version of the policy definition to use." - }, - "latestDefinitionVersion": { - "type": "string", - "description": "The latest version of the policy definition available. This is only present if requested via the $expand query parameter.", - "readOnly": true - }, - "effectiveDefinitionVersion": { - "type": "string", - "description": "The effective version of the policy definition in use. This is only present if requested via the $expand query parameter.", - "readOnly": true - }, - "parameters": { - "description": "The parameter values for the referenced policy rule. The keys are the parameter names.", - "$ref": "./policyAssignments.json#/definitions/ParameterValues" - }, - "policyDefinitionReferenceId": { - "type": "string", - "description": "A unique id (within the policy set definition) for this policy definition reference." - }, - "groupNames": { - "type": "array", - "items": { - "type": "string" - }, - "description": "The name of the groups that this policy definition reference belongs to." - } - }, - "required": [ - "policyDefinitionId" - ], - "description": "The policy definition reference." - }, - "PolicyDefinitionGroup": { - "type": "object", - "properties": { - "name": { - "type": "string", - "description": "The name of the group." - }, - "displayName": { - "type": "string", - "description": "The group's display name." - }, - "category": { - "type": "string", - "description": "The group's category." - }, - "description": { - "type": "string", - "description": "The group's description." - }, - "additionalMetadataId": { - "type": "string", - "description": "A resource ID of a resource that contains additional metadata about the group." - } - }, - "required": [ - "name" - ], - "description": "The policy definition group." - }, - "PolicySetDefinition": { - "type": "object", - "properties": { - "properties": { - "x-ms-client-flatten": true, - "$ref": "#/definitions/PolicySetDefinitionProperties", - "description": "The policy set definition properties." - }, - "id": { - "readOnly": true, - "type": "string", - "description": "The ID of the policy set definition." - }, - "name": { - "readOnly": true, - "type": "string", - "description": "The name of the policy set definition." - }, - "type": { - "readOnly": true, - "type": "string", - "description": "The type of the resource (Microsoft.Authorization/policySetDefinitions)." - }, - "systemData": { - "$ref": "../../../../../../common-types/resource-management/v5/types.json#/definitions/systemData", - "readOnly": true, - "description": "The system metadata relating to this resource." - } - }, - "description": "The policy set definition.", - "x-ms-azure-resource": true - }, - "PolicySetDefinitionListResult": { - "type": "object", - "properties": { - "value": { - "type": "array", - "items": { - "$ref": "#/definitions/PolicySetDefinition" - }, - "description": "An array of policy set definitions." - }, - "nextLink": { - "type": "string", - "description": "The URL to use for getting the next set of results." - } - }, - "description": "List of policy set definitions." - } - }, - "parameters": { - "ManagementGroupIdParameter": { - "name": "managementGroupId", - "in": "path", - "required": true, - "type": "string", - "description": "The ID of the management group.", - "x-ms-parameter-location": "method" - }, - "PolicySetDefinitionsFilterParameter": { - "name": "$filter", - "in": "query", - "required": false, - "type": "string", - "description": "The filter to apply on the operation. Valid values for $filter are: 'atExactScope()', 'policyType -eq {value}' or 'category eq '{value}''. If $filter is not provided, no filtering is performed. If $filter=atExactScope() is provided, the returned list only includes all policy set definitions that at the given scope. If $filter='policyType -eq {value}' is provided, the returned list only includes all policy set definitions whose type match the {value}. Possible policyType values are NotSpecified, BuiltIn, Custom, and Static. If $filter='category -eq {value}' is provided, the returned list only includes all policy set definitions whose category match the {value}.", - "x-ms-skip-url-encoding": true, - "x-ms-parameter-location": "method" - }, - "PolicySetDefinitionsExpandParameter": { - "name": "$expand", - "in": "query", - "required": false, - "type": "string", - "description": "Comma-separated list of additional properties to be included in the response. Supported values are 'LatestDefinitionVersion, EffectiveDefinitionVersion'.", - "x-ms-parameter-location": "method" - }, - "TopParameter": { - "name": "$top", - "in": "query", - "required": false, - "type": "integer", - "format": "int32", - "minimum": 1, - "maximum": 1000, - "description": "Maximum number of records to return. When the $top filter is not provided, it will return 500 records.", - "x-ms-parameter-location": "method" - } - } -} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/policyTokens.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/policyTokens.json deleted file mode 100644 index 14c2a9922bd4..000000000000 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/policyTokens.json +++ /dev/null @@ -1,368 +0,0 @@ -{ - "swagger": "2.0", - "info": { - "title": "PolicyClient", - "version": "2025-03-01", - "description": "Allows resource operations to call external endpoints, issuing tokens upon validation." - }, - "host": "management.azure.com", - "schemes": [ - "https" - ], - "consumes": [ - "application/json" - ], - "produces": [ - "application/json" - ], - "security": [ - { - "azure_auth": [ - "user_impersonation" - ] - } - ], - "securityDefinitions": { - "azure_auth": { - "type": "oauth2", - "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize", - "flow": "implicit", - "description": "Azure Active Directory OAuth2 Flow.", - "scopes": { - "user_impersonation": "impersonate your user account" - } - } - }, - "paths": { - "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/acquirePolicyToken": { - "post": { - "tags": [ - "PolicyTokens" - ], - "operationId": "PolicyTokens_Acquire", - "summary": "Acquires a policy token.", - "description": "This operation acquires a policy token in the given subscription for the given request body.", - "x-ms-examples": { - "Acquire a policy token": { - "$ref": "./examples/acquirePolicyToken.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/parameters/SubscriptionIdParameter" - }, - { - "name": "parameters", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/PolicyTokenRequest" - }, - "description": "The policy token properties." - } - ], - "responses": { - "200": { - "description": "Successfully acquired the policy token.", - "schema": { - "$ref": "#/definitions/PolicyTokenResponse" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - } - }, - "/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/acquirePolicyToken": { - "post": { - "tags": [ - "PolicyTokens" - ], - "operationId": "PolicyTokens_AcquireAtManagementGroup", - "summary": "Acquires a policy token at management group level.", - "description": "This operation acquires a policy token in the given management group for the given request body.", - "x-ms-examples": { - "Acquire a policy token at management group level": { - "$ref": "./examples/acquirePolicyTokenAtManagementGroup.json" - } - }, - "parameters": [ - { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/parameters/ApiVersionParameter" - }, - { - "$ref": "#/parameters/ManagementGroupNameParameter" - }, - { - "name": "parameters", - "in": "body", - "required": true, - "schema": { - "$ref": "#/definitions/PolicyTokenRequest" - }, - "description": "The policy token properties." - } - ], - "responses": { - "200": { - "description": "Successfully acquired the policy token.", - "schema": { - "$ref": "#/definitions/PolicyTokenResponse" - } - }, - "default": { - "description": "Error response describing why the operation failed.", - "schema": { - "$ref": "../../../../../../common-types/resource-management/v6/types.json#/definitions/ErrorResponse" - } - } - } - } - } - }, - "definitions": { - "PolicyTokenRequest": { - "type": "object", - "properties": { - "operation": { - "description": "The resource operation to acquire a token for.", - "$ref": "#/definitions/PolicyTokenOperation" - }, - "changeReference": { - "type": "string", - "description": "The change reference." - } - }, - "required": [ - "operation" - ], - "description": "The policy token request properties." - }, - "PolicyTokenResponse": { - "type": "object", - "properties": { - "result": { - "type": "string", - "description": "The result of the completed token acquisition operation. Possible values are Succeeded and Failed.", - "enum": [ - "Succeeded", - "Failed" - ], - "x-ms-enum": { - "name": "policyTokenResult", - "modelAsString": true - } - }, - "message": { - "type": "string", - "description": "Status message with additional details about the token acquisition operation result." - }, - "retryAfter": { - "type": "string", - "format": "date-time", - "description": "The date and time after which the client can try to acquire a token again in the case of retry-able failures." - }, - "results": { - "type": "array", - "items": { - "$ref": "#/definitions/ExternalEvaluationEndpointInvocationResult" - }, - "description": "An array of external evaluation endpoint invocation results." - }, - "changeReference": { - "type": "string", - "description": "The change reference associated with the operation for which the token is acquired." - }, - "token": { - "type": "string", - "description": "The issued policy token." - }, - "tokenId": { - "type": "string", - "description": "The unique Id assigned to the policy token." - }, - "expiration": { - "type": "string", - "format": "date-time", - "description": "The expiration of the policy token." - } - }, - "description": "The policy token response properties." - }, - "PolicyTokenOperation": { - "type": "object", - "properties": { - "uri": { - "type": "string", - "description": "The request URI of the resource operation." - }, - "httpMethod": { - "type": "string", - "description": "The http method of the resource operation." - }, - "content": { - "type": "object", - "description": "The payload of the resource operation." - } - }, - "required": [ - "uri", - "httpMethod" - ], - "description": "The resource operation to acquire a token for." - }, - "ExternalEvaluationEndpointInvocationResult": { - "type": "object", - "properties": { - "policyInfo": { - "description": "The details of the policy requiring the external endpoint invocation.", - "$ref": "#/definitions/PolicyLogInfo" - }, - "result": { - "type": "string", - "description": "The result of the external endpoint. Possible values are Succeeded and Failed.", - "enum": [ - "Succeeded", - "Failed" - ], - "x-ms-enum": { - "name": "externalEndpointResult", - "modelAsString": true - } - }, - "message": { - "type": "string", - "description": "The status message with additional details about the invocation result." - }, - "retryAfter": { - "type": "string", - "format": "date-time", - "description": "The date and time after which a failed endpoint invocation can be retried." - }, - "claims": { - "type": "object", - "description": "The set of claims that will be attached to the policy token as an attestation for the result of the endpoint invocation." - }, - "expiration": { - "type": "string", - "format": "date-time", - "description": "The expiration of the results." - } - }, - "description": "The external evaluation endpoint invocation results." - }, - "PolicyLogInfo": { - "type": "object", - "properties": { - "policyDefinitionId": { - "type": "string", - "description": "The policy definition Id." - }, - "policySetDefinitionId": { - "type": "string", - "description": "The policy set definition Id." - }, - "policyDefinitionReferenceId": { - "type": "string", - "description": "The policy definition instance Id inside a policy set." - }, - "policySetDefinitionName": { - "type": "string", - "description": "The policy set definition name." - }, - "policySetDefinitionDisplayName": { - "type": "string", - "description": "The policy set definition display name." - }, - "policySetDefinitionVersion": { - "type": "string", - "description": "The policy set definition version." - }, - "policySetDefinitionCategory": { - "type": "string", - "description": "The policy set definition category." - }, - "policyDefinitionName": { - "type": "string", - "description": "The policy definition name." - }, - "policyDefinitionDisplayName": { - "type": "string", - "description": "The policy definition display name." - }, - "policyDefinitionVersion": { - "type": "string", - "description": "The policy definition version." - }, - "policyDefinitionEffect": { - "type": "string", - "description": "The policy definition action." - }, - "policyDefinitionGroupNames": { - "type": "array", - "items": { - "type": "string" - }, - "description": "An array of policy definition group names." - }, - "policyAssignmentId": { - "type": "string", - "description": "The policy assignment Id." - }, - "policyAssignmentName": { - "type": "string", - "description": "The policy assignment name." - }, - "policyAssignmentDisplayName": { - "type": "string", - "description": "The policy assignment display name." - }, - "policyAssignmentVersion": { - "type": "string", - "description": "The policy assignment version." - }, - "policyAssignmentScope": { - "type": "string", - "description": "The policy assignment scope." - }, - "resourceLocation": { - "type": "string", - "description": "The resource location." - }, - "ancestors": { - "type": "string", - "description": "The management group ancestors." - }, - "complianceReasonCode": { - "type": "string", - "description": "The policy compliance reason code." - }, - "policyExemptionIds": { - "type": "array", - "items": { - "type": "string" - }, - "description": "An array of policy exemption Ids." - } - }, - "description": "The policy log info." - } - }, - "parameters": { - "ManagementGroupNameParameter": { - "name": "managementGroupName", - "in": "path", - "required": true, - "type": "string", - "description": "The name of the management group.", - "x-ms-parameter-location": "method" - } - } -} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/types.json b/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/types.json deleted file mode 100644 index 39b87c744fac..000000000000 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/stable/2025-03-01/types.json +++ /dev/null @@ -1,120 +0,0 @@ -{ - "swagger": "2.0", - "info": { - "title": "PolicyClient", - "version": "v2" - }, - "paths": {}, - "definitions": { - "Selector": { - "description": "The selector expression.", - "type": "object", - "properties": { - "kind": { - "type": "string", - "description": "The selector kind.", - "enum": [ - "resourceLocation", - "resourceType", - "resourceWithoutLocation", - "policyDefinitionReferenceId" - ], - "x-ms-enum": { - "name": "SelectorKind", - "modelAsString": true, - "values": [ - { - "value": "resourceLocation", - "description": "The selector kind to filter policies by the resource location." - }, - { - "value": "resourceType", - "description": "The selector kind to filter policies by the resource type." - }, - { - "value": "resourceWithoutLocation", - "description": "The selector kind to filter policies by the resource without location." - }, - { - "value": "policyDefinitionReferenceId", - "description": "The selector kind to filter policies by the policy definition reference ID." - } - ] - } - }, - "in": { - "type": "array", - "items": { - "type": "string" - }, - "description": "The list of values to filter in." - }, - "notIn": { - "type": "array", - "items": { - "type": "string" - }, - "description": "The list of values to filter out." - } - } - }, - "ResourceSelector": { - "description": "The resource selector to filter policies by resource properties.", - "type": "object", - "properties": { - "name": { - "type": "string", - "description": "The name of the resource selector." - }, - "selectors": { - "type": "array", - "items": { - "$ref": "#/definitions/Selector" - }, - "x-ms-identifiers": [], - "description": "The list of the selector expressions." - } - } - }, - "Override": { - "description": "The policy property value override.", - "type": "object", - "properties": { - "kind": { - "type": "string", - "description": "The override kind.", - "enum": [ - "policyEffect", - "definitionVersion" - ], - "x-ms-enum": { - "name": "OverrideKind", - "modelAsString": true, - "values": [ - { - "value": "policyEffect", - "description": "It will override the policy effect type." - }, - { - "value": "definitionVersion", - "description": "It will override the definition version property value of the policy assignment." - } - ] - } - }, - "value": { - "type": "string", - "description": "The value to override the policy property." - }, - "selectors": { - "type": "array", - "items": { - "$ref": "#/definitions/Selector" - }, - "x-ms-identifiers": [], - "description": "The list of the selector expressions." - } - } - } - } -} diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/suppressions.yaml b/specification/resources/resource-manager/Microsoft.Authorization/policy/suppressions.yaml index 030d0db17201..9d2dccdec02b 100644 --- a/specification/resources/resource-manager/Microsoft.Authorization/policy/suppressions.yaml +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/suppressions.yaml @@ -60,7 +60,4 @@ reason: Brownfield service not ready to migrate - tool: TypeSpecRequirement path: ./stable/2025-01-01/*.json - reason: Brownfield service not ready to migrate -- tool: TypeSpecRequirement - path: ./stable/2025-03-01/*.json reason: Brownfield service not ready to migrate \ No newline at end of file diff --git a/specification/resources/resource-manager/Microsoft.Authorization/policy/tspconfig.yaml b/specification/resources/resource-manager/Microsoft.Authorization/policy/tspconfig.yaml new file mode 100644 index 000000000000..29dc7d17a72e --- /dev/null +++ b/specification/resources/resource-manager/Microsoft.Authorization/policy/tspconfig.yaml @@ -0,0 +1,51 @@ +parameters: + "service-dir": + default: "sdk/resources" +emit: + - "@azure-tools/typespec-autorest" +options: + "@azure-tools/typespec-autorest": + omit-unreachable-types: true + emitter-output-dir: "{project-root}" + azure-resource-provider-folder: "resource-manager" + output-file: "{version-status}/{version}/openapi.json" + arm-types-dir: "{project-root}/../../../../common-types/resource-management" + emit-lro-options: "all" + examples-dir: "{project-root}/examples" + "@azure-tools/typespec-csharp": + emitter-output-dir: "{output-dir}/{service-dir}/{namespace}" + flavor: azure + clear-output-folder: true + model-namespace: true + namespace: "Azure.ResourceManager.Resources.Policy" + "@azure-tools/typespec-python": + emitter-output-dir: "{output-dir}/{service-dir}/azure-mgmt-resource-policy" + namespace: "azure.mgmt.resource.policy" + generate-test: true + generate-sample: true + flavor: "azure" + "@azure-tools/typespec-java": + emitter-output-dir: "{output-dir}/{service-dir}/azure-resourcemanager-resources-policy" + namespace: "com.azure.resourcemanager.resources.policy" + service-name: "Policy" + flavor: azure + "@azure-tools/typespec-ts": + service-dir: "sdk/policy" + emitter-output-dir: "{output-dir}/{service-dir}/arm-policy" + flavor: azure + experimental-extensible-enums: true + package-details: + name: "@azure/arm-policy" + "@azure-tools/typespec-go": + service-dir: "sdk/resourcemanager/resources" + emitter-output-dir: "{output-dir}/{service-dir}/armpolicy" + module: "github.com/Azure/azure-sdk-for-go/{service-dir}/armpolicy" + fix-const-stuttering: false + flavor: "azure" + generate-samples: true + generate-fakes: true + head-as-boolean: true + inject-spans: true +linter: + extends: + - "@azure-tools/typespec-azure-rulesets/resource-manager"