From 906daeeaa55270242376230f175ef78dcf307f10 Mon Sep 17 00:00:00 2001 From: SDKAuto Date: Mon, 5 Apr 2021 20:27:33 +0000 Subject: [PATCH] CodeGen from PR 13786 in Azure/azure-rest-api-specs Merge 87e73ffee70b692851a36c9a21134d6f3be87f3e into 0461eb89cb81ff7c883f80481601d8da09249f42 --- .../2015-07-01/Microsoft.Authorization.json | 187 +++++++ .../Microsoft.Authorization.json | 75 +++ .../Microsoft.Authorization.json | 226 ++++++++ .../Microsoft.Authorization.json | 478 +++++++++++++++++ .../Microsoft.Authorization.json | 102 ++++ .../Microsoft.Authorization.json | 412 +++++++++++++++ .../Microsoft.Authorization.json | 118 +++++ .../Microsoft.Authorization.json | 450 ++++++++++++++++ .../Microsoft.Authorization.json | 114 ++++ .../Microsoft.Authorization.json | 492 ++++++++++++++++++ 10 files changed, 2654 insertions(+) create mode 100644 schemas/2015-07-01/Microsoft.Authorization.json create mode 100644 schemas/2017-10-01-preview/Microsoft.Authorization.json create mode 100644 schemas/2018-01-01-preview/Microsoft.Authorization.json create mode 100644 schemas/2018-05-01-preview/Microsoft.Authorization.json create mode 100644 schemas/2018-09-01-preview/Microsoft.Authorization.json create mode 100644 schemas/2020-03-01-preview/Microsoft.Authorization.json create mode 100644 schemas/2020-04-01-preview/Microsoft.Authorization.json create mode 100644 schemas/2020-10-01-preview/Microsoft.Authorization.json create mode 100644 schemas/2021-01-01-preview/Microsoft.Authorization.json create mode 100644 schemas/2021-03-01-preview/Microsoft.Authorization.json diff --git a/schemas/2015-07-01/Microsoft.Authorization.json b/schemas/2015-07-01/Microsoft.Authorization.json new file mode 100644 index 0000000000..a032d9400b --- /dev/null +++ b/schemas/2015-07-01/Microsoft.Authorization.json @@ -0,0 +1,187 @@ +{ + "id": "https://schema.management.azure.com/schemas/2015-07-01/Microsoft.Authorization.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.Authorization", + "description": "Microsoft Authorization Resource Types", + "resourceDefinitions": {}, + "unknown_resourceDefinitions": { + "roleAssignments": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2015-07-01" + ] + }, + "name": { + "type": "string", + "description": "The name of the role assignment to create. It can be any valid GUID." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/RoleAssignmentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role assignment properties." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/roleAssignments" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Authorization/roleAssignments" + }, + "roleDefinitions": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2015-07-01" + ] + }, + "name": { + "type": "string", + "description": "The ID of the role definition." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/RoleDefinitionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role definition properties." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/roleDefinitions" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Authorization/roleDefinitions" + } + }, + "definitions": { + "Permission": { + "type": "object", + "properties": { + "actions": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Allowed actions." + }, + "notActions": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Denied actions." + } + }, + "description": "Role definition permissions." + }, + "RoleAssignmentProperties": { + "type": "object", + "properties": { + "principalId": { + "type": "string", + "description": "The principal ID assigned to the role. This maps to the ID inside the Active Directory. It can point to a user, service principal, or security group." + }, + "roleDefinitionId": { + "type": "string", + "description": "The role definition ID used in the role assignment." + } + }, + "required": [ + "principalId", + "roleDefinitionId" + ], + "description": "Role assignment properties." + }, + "RoleDefinitionProperties": { + "type": "object", + "properties": { + "assignableScopes": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role definition assignable scopes." + }, + "description": { + "type": "string", + "description": "The role definition description." + }, + "permissions": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/Permission" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role definition permissions." + }, + "roleName": { + "type": "string", + "description": "The role name." + }, + "type": { + "type": "string", + "description": "The role type." + } + }, + "description": "Role definition properties." + } + } +} diff --git a/schemas/2017-10-01-preview/Microsoft.Authorization.json b/schemas/2017-10-01-preview/Microsoft.Authorization.json new file mode 100644 index 0000000000..4403356cb0 --- /dev/null +++ b/schemas/2017-10-01-preview/Microsoft.Authorization.json @@ -0,0 +1,75 @@ +{ + "id": "https://schema.management.azure.com/schemas/2017-10-01-preview/Microsoft.Authorization.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.Authorization", + "description": "Microsoft Authorization Resource Types", + "resourceDefinitions": {}, + "unknown_resourceDefinitions": { + "roleAssignments": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2017-10-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the role assignment to create. It can be any valid GUID." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/RoleAssignmentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role assignment properties." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/roleAssignments" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Authorization/roleAssignments" + } + }, + "definitions": { + "RoleAssignmentProperties": { + "type": "object", + "properties": { + "canDelegate": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The delegation flag used for creating a role assignment" + }, + "principalId": { + "type": "string", + "description": "The principal ID assigned to the role. This maps to the ID inside the Active Directory. It can point to a user, service principal, or security group." + }, + "roleDefinitionId": { + "type": "string", + "description": "The role definition ID used in the role assignment." + } + }, + "description": "Role assignment properties." + } + } +} diff --git a/schemas/2018-01-01-preview/Microsoft.Authorization.json b/schemas/2018-01-01-preview/Microsoft.Authorization.json new file mode 100644 index 0000000000..1891f79c0c --- /dev/null +++ b/schemas/2018-01-01-preview/Microsoft.Authorization.json @@ -0,0 +1,226 @@ +{ + "id": "https://schema.management.azure.com/schemas/2018-01-01-preview/Microsoft.Authorization.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.Authorization", + "description": "Microsoft Authorization Resource Types", + "resourceDefinitions": {}, + "unknown_resourceDefinitions": { + "roleAssignments": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2018-01-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the role assignment to create. It can be any valid GUID." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/RoleAssignmentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role assignment properties." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/roleAssignments" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Authorization/roleAssignments" + }, + "roleDefinitions": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2018-01-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The ID of the role definition." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/RoleDefinitionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role definition properties." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/roleDefinitions" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Authorization/roleDefinitions" + } + }, + "definitions": { + "Permission": { + "type": "object", + "properties": { + "actions": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Allowed actions." + }, + "dataActions": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Allowed Data actions." + }, + "notActions": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Denied actions." + }, + "notDataActions": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Denied Data actions." + } + }, + "description": "Role definition permissions." + }, + "RoleAssignmentProperties": { + "type": "object", + "properties": { + "canDelegate": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The delegation flag used for creating a role assignment" + }, + "principalId": { + "type": "string", + "description": "The principal ID assigned to the role. This maps to the ID inside the Active Directory. It can point to a user, service principal, or security group." + }, + "roleDefinitionId": { + "type": "string", + "description": "The role definition ID used in the role assignment." + } + }, + "required": [ + "principalId", + "roleDefinitionId" + ], + "description": "Role assignment properties." + }, + "RoleDefinitionProperties": { + "type": "object", + "properties": { + "assignableScopes": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role definition assignable scopes." + }, + "description": { + "type": "string", + "description": "The role definition description." + }, + "permissions": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/Permission" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role definition permissions." + }, + "roleName": { + "type": "string", + "description": "The role name." + }, + "type": { + "type": "string", + "description": "The role type." + } + }, + "description": "Role definition properties." + } + } +} diff --git a/schemas/2018-05-01-preview/Microsoft.Authorization.json b/schemas/2018-05-01-preview/Microsoft.Authorization.json new file mode 100644 index 0000000000..c7514d9b89 --- /dev/null +++ b/schemas/2018-05-01-preview/Microsoft.Authorization.json @@ -0,0 +1,478 @@ +{ + "id": "https://schema.management.azure.com/schemas/2018-05-01-preview/Microsoft.Authorization.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.Authorization", + "description": "Microsoft Authorization Resource Types", + "resourceDefinitions": {}, + "subscription_resourceDefinitions": { + "accessReviewScheduleDefinitions": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2018-05-01-preview" + ] + }, + "descriptionForAdmins": { + "type": "string", + "description": "The description provided by the access review creator and visible to admins." + }, + "descriptionForReviewers": { + "type": "string", + "description": "The description provided by the access review creator to be shown to reviewers." + }, + "displayName": { + "type": "string", + "description": "The display name for the schedule definition." + }, + "instances": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/AccessReviewInstance" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "This is the collection of instances returned when one does an expand on it." + }, + "name": { + "type": "string", + "description": "The id of the access review schedule definition." + }, + "reviewers": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/AccessReviewReviewer" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "This is the collection of reviewers." + }, + "settings": { + "oneOf": [ + { + "$ref": "#/definitions/AccessReviewScheduleSettings" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Settings of an Access Review." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/accessReviewScheduleDefinitions" + ] + } + }, + "required": [ + "apiVersion", + "name", + "type" + ], + "description": "Microsoft.Authorization/accessReviewScheduleDefinitions" + }, + "accessReviewScheduleSettings": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2018-05-01-preview" + ] + }, + "autoApplyDecisionsEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether auto-apply capability, to automatically change the target object access resource, is enabled. If not enabled, a user must, after the review completes, apply the access review." + }, + "defaultDecision": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Approve", + "Deny", + "Recommendation" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "This specifies the behavior for the autoReview feature when an access review completes." + }, + "defaultDecisionEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether reviewers are required to provide a justification when reviewing access." + }, + "instanceDurationInDays": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The duration in days for an instance." + }, + "justificationRequiredOnApproval": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether the reviewer is required to pass justification when recording a decision." + }, + "mailNotificationsEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether sending mails to reviewers and the review creator is enabled." + }, + "name": { + "type": "string", + "enum": [ + "default" + ] + }, + "recommendationsEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether showing recommendations to reviewers is enabled." + }, + "recurrence": { + "oneOf": [ + { + "$ref": "#/definitions/AccessReviewRecurrenceSettings" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Recurrence Settings of an Access Review Schedule Definition." + }, + "reminderNotificationsEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether sending reminder emails to reviewers are enabled." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/accessReviewScheduleSettings" + ] + } + }, + "required": [ + "apiVersion", + "name", + "type" + ], + "description": "Microsoft.Authorization/accessReviewScheduleSettings" + } + }, + "definitions": { + "AccessReviewInstance": { + "type": "object", + "properties": { + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/AccessReviewInstanceProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Access Review Instance properties." + } + }, + "description": "Access Review Instance." + }, + "AccessReviewInstanceProperties": { + "type": "object", + "properties": { + "endDateTime": { + "type": "string", + "format": "date-time", + "description": "The DateTime when the review instance is scheduled to end." + }, + "startDateTime": { + "type": "string", + "format": "date-time", + "description": "The DateTime when the review instance is scheduled to be start." + } + }, + "description": "Access Review Instance properties." + }, + "AccessReviewRecurrencePattern": { + "type": "object", + "properties": { + "interval": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The interval for recurrence. For a quarterly review, the interval is 3 for type : absoluteMonthly." + }, + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "weekly", + "absoluteMonthly" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The recurrence type : weekly, monthly, etc." + } + }, + "description": "Recurrence Pattern of an Access Review Schedule Definition." + }, + "AccessReviewRecurrenceRange": { + "type": "object", + "properties": { + "endDate": { + "type": "string", + "format": "date-time", + "description": "The DateTime when the review is scheduled to end. Required if type is endDate" + }, + "numberOfOccurrences": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The number of times to repeat the access review. Required and must be positive if type is numbered." + }, + "startDate": { + "type": "string", + "format": "date-time", + "description": "The DateTime when the review is scheduled to be start. This could be a date in the future. Required on create." + }, + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "endDate", + "noEnd", + "numbered" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The recurrence range type. The possible values are: endDate, noEnd, numbered." + } + }, + "description": "Recurrence Range of an Access Review Schedule Definition." + }, + "AccessReviewRecurrenceSettings": { + "type": "object", + "properties": { + "pattern": { + "oneOf": [ + { + "$ref": "#/definitions/AccessReviewRecurrencePattern" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Recurrence Pattern of an Access Review Schedule Definition." + }, + "range": { + "oneOf": [ + { + "$ref": "#/definitions/AccessReviewRecurrenceRange" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Recurrence Range of an Access Review Schedule Definition." + } + }, + "description": "Recurrence Settings of an Access Review Schedule Definition." + }, + "AccessReviewReviewer": { + "type": "object", + "properties": { + "principalId": { + "type": "string", + "description": "The id of the reviewer(user/servicePrincipal)" + } + }, + "description": "Descriptor for what needs to be reviewed" + }, + "AccessReviewScheduleSettings": { + "type": "object", + "properties": { + "autoApplyDecisionsEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether auto-apply capability, to automatically change the target object access resource, is enabled. If not enabled, a user must, after the review completes, apply the access review." + }, + "defaultDecision": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Approve", + "Deny", + "Recommendation" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "This specifies the behavior for the autoReview feature when an access review completes." + }, + "defaultDecisionEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether reviewers are required to provide a justification when reviewing access." + }, + "instanceDurationInDays": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The duration in days for an instance." + }, + "justificationRequiredOnApproval": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether the reviewer is required to pass justification when recording a decision." + }, + "mailNotificationsEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether sending mails to reviewers and the review creator is enabled." + }, + "recommendationsEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether showing recommendations to reviewers is enabled." + }, + "recurrence": { + "oneOf": [ + { + "$ref": "#/definitions/AccessReviewRecurrenceSettings" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Recurrence Settings of an Access Review Schedule Definition." + }, + "reminderNotificationsEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether sending reminder emails to reviewers are enabled." + } + }, + "description": "Settings of an Access Review." + } + } +} diff --git a/schemas/2018-09-01-preview/Microsoft.Authorization.json b/schemas/2018-09-01-preview/Microsoft.Authorization.json new file mode 100644 index 0000000000..1c9ddd7682 --- /dev/null +++ b/schemas/2018-09-01-preview/Microsoft.Authorization.json @@ -0,0 +1,102 @@ +{ + "id": "https://schema.management.azure.com/schemas/2018-09-01-preview/Microsoft.Authorization.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.Authorization", + "description": "Microsoft Authorization Resource Types", + "resourceDefinitions": {}, + "unknown_resourceDefinitions": { + "roleAssignments": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2018-09-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the role assignment to create. It can be any valid GUID." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/RoleAssignmentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role assignment properties." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/roleAssignments" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Authorization/roleAssignments" + } + }, + "definitions": { + "RoleAssignmentProperties": { + "type": "object", + "properties": { + "canDelegate": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The delegation flag used for creating a role assignment" + }, + "principalId": { + "type": "string", + "description": "The principal ID assigned to the role. This maps to the ID inside the Active Directory. It can point to a user, service principal, or security group." + }, + "principalType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "User", + "Group", + "ServicePrincipal", + "Unknown", + "DirectoryRoleTemplate", + "ForeignGroup", + "Application", + "MSI", + "DirectoryObjectOrGroup", + "Everyone" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The principal type of the assigned principal ID." + }, + "roleDefinitionId": { + "type": "string", + "description": "The role definition ID used in the role assignment." + } + }, + "required": [ + "principalId", + "roleDefinitionId" + ], + "description": "Role assignment properties." + } + } +} diff --git a/schemas/2020-03-01-preview/Microsoft.Authorization.json b/schemas/2020-03-01-preview/Microsoft.Authorization.json new file mode 100644 index 0000000000..efe80f762a --- /dev/null +++ b/schemas/2020-03-01-preview/Microsoft.Authorization.json @@ -0,0 +1,412 @@ +{ + "id": "https://schema.management.azure.com/schemas/2020-03-01-preview/Microsoft.Authorization.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.Authorization", + "description": "Microsoft Authorization Resource Types", + "resourceDefinitions": {}, + "unknown_resourceDefinitions": { + "denyAssignments": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2020-03-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the deny assignment. It can be any valid GUID." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/DenyAssignmentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Deny assignment properties." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/denyAssignments" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Authorization/denyAssignments" + }, + "roleAssignments": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2020-03-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the role assignment. It can be any valid GUID." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/RoleAssignmentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role assignment properties." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/roleAssignments" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Authorization/roleAssignments" + }, + "roleDefinitions": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2020-03-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the role definition to delete." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/RoleDefinitionProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role definition properties." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/roleDefinitions" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Authorization/roleDefinitions" + } + }, + "definitions": { + "DenyAssignmentProperties": { + "type": "object", + "properties": { + "condition": { + "type": "string", + "description": "The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'" + }, + "conditionVersion": { + "type": "string", + "description": "Version of the condition. Currently accepted value is '2.0'" + }, + "denyAssignmentName": { + "type": "string", + "description": "The display name of the deny assignment." + }, + "description": { + "type": "string", + "description": "The description of the deny assignment." + }, + "doNotApplyToChildScopes": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Determines if the deny assignment applies to child scopes. Default value is false." + }, + "excludePrincipals": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/Principal" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Array of principals to which the deny assignment does not apply." + }, + "isSystemProtected": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Specifies whether this deny assignment was created by Azure and cannot be edited or deleted." + }, + "permissions": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/Permission" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "An array of permissions that are denied by the deny assignment." + }, + "principals": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/Principal" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Array of principals to which the deny assignment applies." + }, + "scope": { + "type": "string", + "description": "The deny assignment scope." + } + }, + "required": [ + "permissions", + "principals" + ], + "description": "Deny assignment properties." + }, + "Permission": { + "type": "object", + "properties": { + "actions": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Allowed actions." + }, + "dataActions": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Allowed Data actions." + }, + "notActions": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Denied actions." + }, + "notDataActions": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Denied Data actions." + } + }, + "description": "Role definition permissions." + }, + "Principal": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Object ID of the Azure AD principal (user, group, or service principal) to which the deny assignment applies. An empty guid '00000000-0000-0000-0000-000000000000' as principal id and principal type as 'Everyone' represents all users, groups and service principals." + }, + "type": { + "type": "string", + "description": "Type of object represented by principal id (user, group, or service principal). An empty guid '00000000-0000-0000-0000-000000000000' as principal id and principal type as 'Everyone' represents all users, groups and service principals." + } + }, + "description": "Deny assignment principal." + }, + "RoleAssignmentProperties": { + "type": "object", + "properties": { + "canDelegate": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The delegation flag used for creating a role assignment" + }, + "condition": { + "type": "string", + "description": "The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'" + }, + "conditionVersion": { + "type": "string", + "description": "Version of the condition. Currently accepted value is '2.0'" + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "description": "Id of the delegated managed identity resource" + }, + "principalId": { + "type": "string", + "description": "The principal ID." + }, + "principalType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "User", + "Group", + "ServicePrincipal", + "Unknown", + "DirectoryRoleTemplate", + "ForeignGroup", + "Application", + "MSI", + "DirectoryObjectOrGroup", + "Everyone" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The principal type of the assigned principal ID." + }, + "roleDefinitionId": { + "type": "string", + "description": "The role definition ID." + }, + "scope": { + "type": "string", + "description": "The role assignment scope." + } + }, + "required": [ + "principalId", + "roleDefinitionId" + ], + "description": "Role assignment properties." + }, + "RoleDefinitionProperties": { + "type": "object", + "properties": { + "assignableScopes": { + "oneOf": [ + { + "type": "array", + "items": { + "type": "string" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role definition assignable scopes." + }, + "description": { + "type": "string", + "description": "The role definition description." + }, + "permissions": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/Permission" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role definition permissions." + }, + "roleName": { + "type": "string", + "description": "The role name." + }, + "type": { + "type": "string", + "description": "The role type." + } + }, + "description": "Role definition properties." + } + } +} diff --git a/schemas/2020-04-01-preview/Microsoft.Authorization.json b/schemas/2020-04-01-preview/Microsoft.Authorization.json new file mode 100644 index 0000000000..0497f408ca --- /dev/null +++ b/schemas/2020-04-01-preview/Microsoft.Authorization.json @@ -0,0 +1,118 @@ +{ + "id": "https://schema.management.azure.com/schemas/2020-04-01-preview/Microsoft.Authorization.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.Authorization", + "description": "Microsoft Authorization Resource Types", + "resourceDefinitions": {}, + "unknown_resourceDefinitions": { + "roleAssignments": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2020-04-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the role assignment to create. It can be any valid GUID." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/RoleAssignmentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role assignment properties." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/roleAssignments" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Authorization/roleAssignments" + } + }, + "definitions": { + "RoleAssignmentProperties": { + "type": "object", + "properties": { + "canDelegate": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The delegation flag used for creating a role assignment" + }, + "condition": { + "type": "string", + "description": "The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'" + }, + "conditionVersion": { + "type": "string", + "description": "Version of the condition. Currently accepted value is '2.0'" + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "description": "Id of the delegated managed identity resource" + }, + "description": { + "type": "string", + "description": "Description of role assignment" + }, + "principalId": { + "type": "string", + "description": "The principal ID assigned to the role. This maps to the ID inside the Active Directory. It can point to a user, service principal, or security group." + }, + "principalType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "User", + "Group", + "ServicePrincipal", + "Unknown", + "DirectoryRoleTemplate", + "ForeignGroup", + "Application", + "MSI", + "DirectoryObjectOrGroup", + "Everyone" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The principal type of the assigned principal ID." + }, + "roleDefinitionId": { + "type": "string", + "description": "The role definition ID used in the role assignment." + } + }, + "required": [ + "principalId", + "roleDefinitionId" + ], + "description": "Role assignment properties." + } + } +} diff --git a/schemas/2020-10-01-preview/Microsoft.Authorization.json b/schemas/2020-10-01-preview/Microsoft.Authorization.json new file mode 100644 index 0000000000..c583698cf0 --- /dev/null +++ b/schemas/2020-10-01-preview/Microsoft.Authorization.json @@ -0,0 +1,450 @@ +{ + "id": "https://schema.management.azure.com/schemas/2020-10-01-preview/Microsoft.Authorization.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.Authorization", + "description": "Microsoft Authorization Resource Types", + "resourceDefinitions": {}, + "unknown_resourceDefinitions": { + "roleAssignmentScheduleRequests": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2020-10-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the role assignment to create. It can be any valid GUID." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/RoleAssignmentScheduleRequestProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role assignment schedule request properties with scope." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/roleAssignmentScheduleRequests" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Authorization/roleAssignmentScheduleRequests" + }, + "roleEligibilityScheduleRequests": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2020-10-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of the role eligibility to create. It can be any valid GUID." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/RoleEligibilityScheduleRequestProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role eligibility schedule request properties with scope." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/roleEligibilityScheduleRequests" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Authorization/roleEligibilityScheduleRequests" + }, + "roleManagementPolicyAssignments": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2020-10-01-preview" + ] + }, + "name": { + "type": "string", + "description": "The name of format {guid_guid} the role management policy assignment to upsert." + }, + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/RoleManagementPolicyAssignmentProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Role management policy assignment properties with scope." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/roleManagementPolicyAssignments" + ] + } + }, + "required": [ + "apiVersion", + "name", + "properties", + "type" + ], + "description": "Microsoft.Authorization/roleManagementPolicyAssignments" + } + }, + "definitions": { + "RoleAssignmentScheduleRequestProperties": { + "type": "object", + "properties": { + "condition": { + "type": "string", + "description": "The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'" + }, + "conditionVersion": { + "type": "string", + "description": "Version of the condition. Currently accepted value is '2.0'" + }, + "justification": { + "type": "string", + "description": "Justification for the role assignment" + }, + "linkedRoleEligibilityScheduleId": { + "type": "string", + "description": "The linked role eligibility schedule id - to activate an eligibility." + }, + "principalId": { + "type": "string", + "description": "The principal ID." + }, + "requestType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "AdminAssign", + "AdminRemove", + "AdminUpdate", + "AdminExtend", + "AdminRenew", + "SelfActivate", + "SelfDeactivate", + "SelfExtend", + "SelfRenew" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The type of the role assignment schedule request. Eg: SelfActivate, AdminAssign etc." + }, + "roleDefinitionId": { + "type": "string", + "description": "The role definition ID." + }, + "scheduleInfo": { + "oneOf": [ + { + "$ref": "#/definitions/RoleAssignmentScheduleRequestPropertiesScheduleInfo" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Schedule info of the role assignment schedule" + }, + "targetRoleAssignmentScheduleId": { + "type": "string", + "description": "The resultant role assignment schedule id or the role assignment schedule id being updated" + }, + "targetRoleAssignmentScheduleInstanceId": { + "type": "string", + "description": "The role assignment schedule instance id being updated" + }, + "ticketInfo": { + "oneOf": [ + { + "$ref": "#/definitions/RoleAssignmentScheduleRequestPropertiesTicketInfo" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Ticket Info of the role assignment" + } + }, + "required": [ + "principalId", + "requestType", + "roleDefinitionId" + ], + "description": "Role assignment schedule request properties with scope." + }, + "RoleAssignmentScheduleRequestPropertiesScheduleInfo": { + "type": "object", + "properties": { + "expiration": { + "oneOf": [ + { + "$ref": "#/definitions/RoleAssignmentScheduleRequestPropertiesScheduleInfoExpiration" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Expiration of the role assignment schedule" + }, + "startDateTime": { + "type": "string", + "format": "date-time", + "description": "Start DateTime of the role assignment schedule." + } + }, + "description": "Schedule info of the role assignment schedule" + }, + "RoleAssignmentScheduleRequestPropertiesScheduleInfoExpiration": { + "type": "object", + "properties": { + "duration": { + "type": "string", + "description": "Duration of the role assignment schedule in TimeSpan." + }, + "endDateTime": { + "type": "string", + "format": "date-time", + "description": "End DateTime of the role assignment schedule." + }, + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "AfterDuration", + "AfterDateTime", + "NoExpiration" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Type of the role assignment schedule expiration." + } + }, + "description": "Expiration of the role assignment schedule" + }, + "RoleAssignmentScheduleRequestPropertiesTicketInfo": { + "type": "object", + "properties": { + "ticketNumber": { + "type": "string", + "description": "Ticket number for the role assignment" + }, + "ticketSystem": { + "type": "string", + "description": "Ticket system name for the role assignment" + } + }, + "description": "Ticket Info of the role assignment" + }, + "RoleEligibilityScheduleRequestProperties": { + "type": "object", + "properties": { + "condition": { + "type": "string", + "description": "The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase 'foo_storage_container'" + }, + "conditionVersion": { + "type": "string", + "description": "Version of the condition. Currently accepted value is '2.0'" + }, + "justification": { + "type": "string", + "description": "Justification for the role eligibility" + }, + "principalId": { + "type": "string", + "description": "The principal ID." + }, + "requestType": { + "oneOf": [ + { + "type": "string", + "enum": [ + "AdminAssign", + "AdminRemove", + "AdminUpdate", + "AdminExtend", + "AdminRenew", + "SelfActivate", + "SelfDeactivate", + "SelfExtend", + "SelfRenew" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The type of the role assignment schedule request. Eg: SelfActivate, AdminAssign etc." + }, + "roleDefinitionId": { + "type": "string", + "description": "The role definition ID." + }, + "scheduleInfo": { + "oneOf": [ + { + "$ref": "#/definitions/RoleEligibilityScheduleRequestPropertiesScheduleInfo" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Schedule info of the role eligibility schedule" + }, + "targetRoleEligibilityScheduleId": { + "type": "string", + "description": "The resultant role eligibility schedule id or the role eligibility schedule id being updated" + }, + "targetRoleEligibilityScheduleInstanceId": { + "type": "string", + "description": "The role eligibility schedule instance id being updated" + }, + "ticketInfo": { + "oneOf": [ + { + "$ref": "#/definitions/RoleEligibilityScheduleRequestPropertiesTicketInfo" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Ticket Info of the role eligibility" + } + }, + "required": [ + "principalId", + "requestType", + "roleDefinitionId" + ], + "description": "Role eligibility schedule request properties with scope." + }, + "RoleEligibilityScheduleRequestPropertiesScheduleInfo": { + "type": "object", + "properties": { + "expiration": { + "oneOf": [ + { + "$ref": "#/definitions/RoleEligibilityScheduleRequestPropertiesScheduleInfoExpiration" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Expiration of the role eligibility schedule" + }, + "startDateTime": { + "type": "string", + "format": "date-time", + "description": "Start DateTime of the role eligibility schedule." + } + }, + "description": "Schedule info of the role eligibility schedule" + }, + "RoleEligibilityScheduleRequestPropertiesScheduleInfoExpiration": { + "type": "object", + "properties": { + "duration": { + "type": "string", + "description": "Duration of the role eligibility schedule in TimeSpan." + }, + "endDateTime": { + "type": "string", + "format": "date-time", + "description": "End DateTime of the role eligibility schedule." + }, + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "AfterDuration", + "AfterDateTime", + "NoExpiration" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Type of the role eligibility schedule expiration." + } + }, + "description": "Expiration of the role eligibility schedule" + }, + "RoleEligibilityScheduleRequestPropertiesTicketInfo": { + "type": "object", + "properties": { + "ticketNumber": { + "type": "string", + "description": "Ticket number for the role eligibility" + }, + "ticketSystem": { + "type": "string", + "description": "Ticket system name for the role eligibility" + } + }, + "description": "Ticket Info of the role eligibility" + }, + "RoleManagementPolicyAssignmentProperties": { + "type": "object", + "properties": { + "policyId": { + "type": "string", + "description": "The policy id role management policy assignment." + }, + "roleDefinitionId": { + "type": "string", + "description": "The role definition of management policy assignment." + }, + "scope": { + "type": "string", + "description": "The role management policy scope." + } + }, + "description": "Role management policy assignment properties with scope." + } + } +} diff --git a/schemas/2021-01-01-preview/Microsoft.Authorization.json b/schemas/2021-01-01-preview/Microsoft.Authorization.json new file mode 100644 index 0000000000..69393d7138 --- /dev/null +++ b/schemas/2021-01-01-preview/Microsoft.Authorization.json @@ -0,0 +1,114 @@ +{ + "id": "https://schema.management.azure.com/schemas/2021-01-01-preview/Microsoft.Authorization.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.Authorization", + "description": "Microsoft Authorization Resource Types", + "resourceDefinitions": {}, + "tenant_resourceDefinitions": { + "roleAssignmentApprovals_stages": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-01-01-preview" + ] + }, + "displayName": { + "type": "string", + "description": "The display name for the approval stage." + }, + "justification": { + "type": "string", + "description": "Justification provided by approvers for their action" + }, + "name": { + "type": "string", + "description": "The id of the role assignment approval stage." + }, + "reviewResult": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Approve", + "Deny", + "NotReviewed" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The decision on the approval stage. This value is initially set to NotReviewed. Approvers can take action of Approve/Deny." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/roleAssignmentApprovals/stages" + ] + } + }, + "required": [ + "apiVersion", + "name", + "type" + ], + "description": "Microsoft.Authorization/roleAssignmentApprovals/stages" + } + }, + "unknown_resourceDefinitions": { + "roleAssignmentApprovals_stages": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-01-01-preview" + ] + }, + "displayName": { + "type": "string", + "description": "The display name for the approval stage." + }, + "justification": { + "type": "string", + "description": "Justification provided by approvers for their action" + }, + "name": { + "type": "string", + "description": "The id of the role assignment approval stage." + }, + "reviewResult": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Approve", + "Deny", + "NotReviewed" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The decision on the approval stage. This value is initially set to NotReviewed. Approvers can take action of Approve/Deny." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/roleAssignmentApprovals/stages" + ] + } + }, + "required": [ + "apiVersion", + "name", + "type" + ], + "description": "Microsoft.Authorization/roleAssignmentApprovals/stages" + } + }, + "definitions": {} +} diff --git a/schemas/2021-03-01-preview/Microsoft.Authorization.json b/schemas/2021-03-01-preview/Microsoft.Authorization.json new file mode 100644 index 0000000000..7f8e5690c4 --- /dev/null +++ b/schemas/2021-03-01-preview/Microsoft.Authorization.json @@ -0,0 +1,492 @@ +{ + "id": "https://schema.management.azure.com/schemas/2021-03-01-preview/Microsoft.Authorization.json#", + "$schema": "http://json-schema.org/draft-04/schema#", + "title": "Microsoft.Authorization", + "description": "Microsoft Authorization Resource Types", + "resourceDefinitions": {}, + "subscription_resourceDefinitions": { + "accessReviewScheduleDefinitions": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-03-01-preview" + ] + }, + "backupReviewers": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/AccessReviewReviewer" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "This is the collection of backup reviewers." + }, + "descriptionForAdmins": { + "type": "string", + "description": "The description provided by the access review creator and visible to admins." + }, + "descriptionForReviewers": { + "type": "string", + "description": "The description provided by the access review creator to be shown to reviewers." + }, + "displayName": { + "type": "string", + "description": "The display name for the schedule definition." + }, + "instances": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/AccessReviewInstance" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "This is the collection of instances returned when one does an expand on it." + }, + "name": { + "type": "string", + "description": "The id of the access review schedule definition." + }, + "reviewers": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/AccessReviewReviewer" + } + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "This is the collection of reviewers." + }, + "settings": { + "oneOf": [ + { + "$ref": "#/definitions/AccessReviewScheduleSettings" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Settings of an Access Review." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/accessReviewScheduleDefinitions" + ] + } + }, + "required": [ + "apiVersion", + "name", + "type" + ], + "description": "Microsoft.Authorization/accessReviewScheduleDefinitions" + }, + "accessReviewScheduleSettings": { + "type": "object", + "properties": { + "apiVersion": { + "type": "string", + "enum": [ + "2021-03-01-preview" + ] + }, + "autoApplyDecisionsEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether auto-apply capability, to automatically change the target object access resource, is enabled. If not enabled, a user must, after the review completes, apply the access review." + }, + "defaultDecision": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Approve", + "Deny", + "Recommendation" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "This specifies the behavior for the autoReview feature when an access review completes." + }, + "defaultDecisionEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether reviewers are required to provide a justification when reviewing access." + }, + "instanceDurationInDays": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The duration in days for an instance." + }, + "justificationRequiredOnApproval": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether the reviewer is required to pass justification when recording a decision." + }, + "mailNotificationsEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether sending mails to reviewers and the review creator is enabled." + }, + "name": { + "type": "string", + "enum": [ + "default" + ] + }, + "recommendationsEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether showing recommendations to reviewers is enabled." + }, + "recurrence": { + "oneOf": [ + { + "$ref": "#/definitions/AccessReviewRecurrenceSettings" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Recurrence Settings of an Access Review Schedule Definition." + }, + "reminderNotificationsEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether sending reminder emails to reviewers are enabled." + }, + "type": { + "type": "string", + "enum": [ + "Microsoft.Authorization/accessReviewScheduleSettings" + ] + } + }, + "required": [ + "apiVersion", + "name", + "type" + ], + "description": "Microsoft.Authorization/accessReviewScheduleSettings" + } + }, + "definitions": { + "AccessReviewInstance": { + "type": "object", + "properties": { + "properties": { + "oneOf": [ + { + "$ref": "#/definitions/AccessReviewInstanceProperties" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Access Review Instance properties." + } + }, + "description": "Access Review Instance." + }, + "AccessReviewInstanceProperties": { + "type": "object", + "properties": { + "endDateTime": { + "type": "string", + "format": "date-time", + "description": "The DateTime when the review instance is scheduled to end." + }, + "startDateTime": { + "type": "string", + "format": "date-time", + "description": "The DateTime when the review instance is scheduled to be start." + } + }, + "description": "Access Review Instance properties." + }, + "AccessReviewRecurrencePattern": { + "type": "object", + "properties": { + "interval": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The interval for recurrence. For a quarterly review, the interval is 3 for type : absoluteMonthly." + }, + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "weekly", + "absoluteMonthly" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The recurrence type : weekly, monthly, etc." + } + }, + "description": "Recurrence Pattern of an Access Review Schedule Definition." + }, + "AccessReviewRecurrenceRange": { + "type": "object", + "properties": { + "endDate": { + "type": "string", + "format": "date-time", + "description": "The DateTime when the review is scheduled to end. Required if type is endDate" + }, + "numberOfOccurrences": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The number of times to repeat the access review. Required and must be positive if type is numbered." + }, + "startDate": { + "type": "string", + "format": "date-time", + "description": "The DateTime when the review is scheduled to be start. This could be a date in the future. Required on create." + }, + "type": { + "oneOf": [ + { + "type": "string", + "enum": [ + "endDate", + "noEnd", + "numbered" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The recurrence range type. The possible values are: endDate, noEnd, numbered." + } + }, + "description": "Recurrence Range of an Access Review Schedule Definition." + }, + "AccessReviewRecurrenceSettings": { + "type": "object", + "properties": { + "pattern": { + "oneOf": [ + { + "$ref": "#/definitions/AccessReviewRecurrencePattern" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Recurrence Pattern of an Access Review Schedule Definition." + }, + "range": { + "oneOf": [ + { + "$ref": "#/definitions/AccessReviewRecurrenceRange" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Recurrence Range of an Access Review Schedule Definition." + } + }, + "description": "Recurrence Settings of an Access Review Schedule Definition." + }, + "AccessReviewReviewer": { + "type": "object", + "properties": { + "principalId": { + "type": "string", + "description": "The id of the reviewer(user/servicePrincipal)" + } + }, + "description": "Descriptor for what needs to be reviewed" + }, + "AccessReviewScheduleSettings": { + "type": "object", + "properties": { + "autoApplyDecisionsEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether auto-apply capability, to automatically change the target object access resource, is enabled. If not enabled, a user must, after the review completes, apply the access review." + }, + "defaultDecision": { + "oneOf": [ + { + "type": "string", + "enum": [ + "Approve", + "Deny", + "Recommendation" + ] + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "This specifies the behavior for the autoReview feature when an access review completes." + }, + "defaultDecisionEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether reviewers are required to provide a justification when reviewing access." + }, + "instanceDurationInDays": { + "oneOf": [ + { + "type": "integer" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "The duration in days for an instance." + }, + "justificationRequiredOnApproval": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether the reviewer is required to pass justification when recording a decision." + }, + "mailNotificationsEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether sending mails to reviewers and the review creator is enabled." + }, + "recommendationsEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether showing recommendations to reviewers is enabled." + }, + "recurrence": { + "oneOf": [ + { + "$ref": "#/definitions/AccessReviewRecurrenceSettings" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Recurrence Settings of an Access Review Schedule Definition." + }, + "reminderNotificationsEnabled": { + "oneOf": [ + { + "type": "boolean" + }, + { + "$ref": "https://schema.management.azure.com/schemas/common/definitions.json#/definitions/expression" + } + ], + "description": "Flag to indicate whether sending reminder emails to reviewers are enabled." + } + }, + "description": "Settings of an Access Review." + } + } +}